Mercurial > dropbear
view fuzz/fuzzer-pubkey.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 97ad26e397a5 |
children |
line wrap: on
line source
#include "fuzz.h" #include "session.h" #include "fuzz-wrapfd.h" #include "debug.h" static void setup_fuzzer(void) { fuzz_common_setup(); } int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { static int once = 0; if (!once) { setup_fuzzer(); once = 1; } if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { return 0; } m_malloc_set_epoch(1); if (setjmp(fuzz.jmp) == 0) { buffer *line = buf_getstringbuf(fuzz.input); buffer *keyblob = buf_getstringbuf(fuzz.input); unsigned int algolen; char* algoname = buf_getstring(keyblob, &algolen); if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) { dropbear_exit("fuzzer imagined a bogus algorithm"); } int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys", algoname, algolen, keyblob->data, keyblob->len); if (ret == DROPBEAR_SUCCESS) { /* fuzz_checkpubkey_line() should have cleaned up for failure */ svr_pubkey_options_cleanup(); } buf_free(line); buf_free(keyblob); m_free(algoname); m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) /* dropbear_exit jumped here */ } return 0; }