Mercurial > dropbear
comparison fuzz/fuzzer-verify.c @ 1756:d5680e12ac33
Move fuzzing code to fuzz/ subdirectory, improve Makefile.in
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 23 Oct 2020 23:10:20 +0800 |
| parents | fuzzer-verify.c@e01f9ec6d177 |
| children |
comparison
equal
deleted
inserted
replaced
| 1753:7c0fcd19e492 | 1756:d5680e12ac33 |
|---|---|
| 1 #include "fuzz.h" | |
| 2 #include "session.h" | |
| 3 #include "fuzz-wrapfd.h" | |
| 4 #include "debug.h" | |
| 5 #include "dss.h" | |
| 6 | |
| 7 static void setup_fuzzer(void) { | |
| 8 fuzz_common_setup(); | |
| 9 } | |
| 10 | |
| 11 static buffer *verifydata; | |
| 12 | |
| 13 /* Tests reading a public key and verifying a signature */ | |
| 14 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
| 15 static int once = 0; | |
| 16 if (!once) { | |
| 17 setup_fuzzer(); | |
| 18 verifydata = buf_new(30); | |
| 19 buf_putstring(verifydata, "x", 1); | |
| 20 once = 1; | |
| 21 } | |
| 22 | |
| 23 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { | |
| 24 return 0; | |
| 25 } | |
| 26 | |
| 27 m_malloc_set_epoch(1); | |
| 28 | |
| 29 if (setjmp(fuzz.jmp) == 0) { | |
| 30 sign_key *key = new_sign_key(); | |
| 31 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; | |
| 32 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { | |
| 33 enum signature_type sigtype; | |
| 34 if (keytype == DROPBEAR_SIGNKEY_RSA) { | |
| 35 /* Flip a coin to decide rsa signature type */ | |
| 36 int flag = buf_getbyte(fuzz.input); | |
| 37 if (flag & 0x01) { | |
| 38 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; | |
| 39 } else { | |
| 40 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; | |
| 41 } | |
| 42 } else { | |
| 43 sigtype = signature_type_from_signkey(keytype); | |
| 44 } | |
| 45 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { | |
| 46 /* The fuzzer is capable of generating keys with a signature to match. | |
| 47 We don't want false positives if the key is bogus, since a client/server | |
| 48 wouldn't be trusting a bogus key anyway */ | |
| 49 int boguskey = 0; | |
| 50 | |
| 51 if (keytype == DROPBEAR_SIGNKEY_DSS) { | |
| 52 /* So far have seen dss keys with bad p/q/g domain parameters */ | |
| 53 int pprime, qprime, trials; | |
| 54 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p)); | |
| 55 assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY); | |
| 56 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q)); | |
| 57 assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY); | |
| 58 boguskey = !(pprime && qprime); | |
| 59 /* Could also check g**q mod p == 1 */ | |
| 60 } | |
| 61 | |
| 62 if (!boguskey) { | |
| 63 printf("Random key/signature managed to verify!\n"); | |
| 64 abort(); | |
| 65 } | |
| 66 | |
| 67 | |
| 68 } | |
| 69 } | |
| 70 sign_key_free(key); | |
| 71 m_malloc_free_epoch(1, 0); | |
| 72 } else { | |
| 73 m_malloc_free_epoch(1, 1); | |
| 74 TRACE(("dropbear_exit longjmped")) | |
| 75 /* dropbear_exit jumped here */ | |
| 76 } | |
| 77 | |
| 78 return 0; | |
| 79 } |