Mercurial > dropbear
comparison fuzzer-verify.c @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 26 Jun 2020 21:07:34 +0800 |
| parents | e01f9ec6d177 |
| children |
comparison
equal
deleted
inserted
replaced
| 1643:b59623a64678 | 1733:d529a52b2f7c |
|---|---|
| 1 #include "fuzz.h" | 1 #include "fuzz.h" |
| 2 #include "session.h" | 2 #include "session.h" |
| 3 #include "fuzz-wrapfd.h" | 3 #include "fuzz-wrapfd.h" |
| 4 #include "debug.h" | 4 #include "debug.h" |
| 5 #include "dss.h" | |
| 5 | 6 |
| 6 static void setup_fuzzer(void) { | 7 static void setup_fuzzer(void) { |
| 7 fuzz_common_setup(); | 8 fuzz_common_setup(); |
| 8 } | 9 } |
| 9 | 10 |
| 25 | 26 |
| 26 m_malloc_set_epoch(1); | 27 m_malloc_set_epoch(1); |
| 27 | 28 |
| 28 if (setjmp(fuzz.jmp) == 0) { | 29 if (setjmp(fuzz.jmp) == 0) { |
| 29 sign_key *key = new_sign_key(); | 30 sign_key *key = new_sign_key(); |
| 30 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; | 31 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; |
| 31 if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) { | 32 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { |
| 32 if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) { | 33 enum signature_type sigtype; |
| 34 if (keytype == DROPBEAR_SIGNKEY_RSA) { | |
| 35 /* Flip a coin to decide rsa signature type */ | |
| 36 int flag = buf_getbyte(fuzz.input); | |
| 37 if (flag & 0x01) { | |
| 38 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; | |
| 39 } else { | |
| 40 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; | |
| 41 } | |
| 42 } else { | |
| 43 sigtype = signature_type_from_signkey(keytype); | |
| 44 } | |
| 45 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { | |
| 33 /* The fuzzer is capable of generating keys with a signature to match. | 46 /* The fuzzer is capable of generating keys with a signature to match. |
| 34 We don't want false positives if the key is bogus, since a client/server | 47 We don't want false positives if the key is bogus, since a client/server |
| 35 wouldn't be trusting a bogus key anyway */ | 48 wouldn't be trusting a bogus key anyway */ |
| 36 int boguskey = 0; | 49 int boguskey = 0; |
| 37 | 50 |
| 38 if (type == DROPBEAR_SIGNKEY_DSS) { | 51 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
| 39 /* So far have seen dss keys with bad p/q/g domain parameters */ | 52 /* So far have seen dss keys with bad p/q/g domain parameters */ |
| 40 int pprime, qprime; | 53 int pprime, qprime, trials; |
| 41 assert(mp_prime_is_prime(key->dsskey->p, 5, &pprime) == MP_OKAY); | 54 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p)); |
| 42 assert(mp_prime_is_prime(key->dsskey->q, 18, &qprime) == MP_OKAY); | 55 assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY); |
| 43 boguskey = !(pprime && qprime); | 56 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q)); |
| 44 /* Could also check g**q mod p == 1 */ | 57 assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY); |
| 58 boguskey = !(pprime && qprime); | |
| 59 /* Could also check g**q mod p == 1 */ | |
| 45 } | 60 } |
| 46 | 61 |
| 47 if (!boguskey) { | 62 if (!boguskey) { |
| 48 printf("Random key/signature managed to verify!\n"); | 63 printf("Random key/signature managed to verify!\n"); |
| 49 abort(); | 64 abort(); |