Mercurial > dropbear
changeset 1529:66a1a2547133 fuzz
The fuzzer has managed to generated DSS key/signature pairs that
verify. Avoid false positives from bogus keys that wouldn't be used
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 21 Feb 2018 21:49:24 +0800 |
| parents | b9e4fd5a0e72 |
| children | 63fa53d3b6c7 |
| files | fuzz-common.c fuzzer-verify.c |
| diffstat | 2 files changed, 24 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzz-common.c Wed Feb 21 21:03:42 2018 +0800 +++ b/fuzz-common.c Wed Feb 21 21:49:24 2018 +0800 @@ -22,6 +22,8 @@ fuzz.input = m_malloc(sizeof(buffer)); _dropbear_log = fuzz_dropbear_log; crypto_init(); + /* let any messages get flushed */ + setlinebuf(stdout); } int fuzz_set_input(const uint8_t *Data, size_t Size) {
--- a/fuzzer-verify.c Wed Feb 21 21:03:42 2018 +0800 +++ b/fuzzer-verify.c Wed Feb 21 21:49:24 2018 +0800 @@ -29,8 +29,28 @@ sign_key *key = new_sign_key(); enum signkey_type type = DROPBEAR_SIGNKEY_ANY; if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) { - /* Don't expect random fuzz input to verify */ - assert(buf_verify(fuzz.input, key, verifydata) == DROPBEAR_FAILURE); + if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) { + /* The fuzzer is capable of generating keys with a signature to match. + We don't want false positives if the key is bogus, since a client/server + wouldn't be trusting a bogus key anyway */ + int boguskey = 0; + + if (type == DROPBEAR_SIGNKEY_DSS) { + /* So far have seen dss keys with bad p/q/g domain parameters */ + int pprime, qprime; + assert(mp_prime_is_prime(key->dsskey->p, 5, &pprime) == MP_OKAY); + assert(mp_prime_is_prime(key->dsskey->q, 18, &qprime) == MP_OKAY); + boguskey = !(pprime && qprime); + /* Could also check g**q mod p == 1 */ + } + + if (!boguskey) { + printf("Random key/signature managed to verify!\n"); + abort(); + } + + + } } sign_key_free(key); m_malloc_free_epoch(1, 0);