mirror/dropbear
1
0
Fork 0
mirror of https://github.com/mkj/dropbear.git synced 2025-12-20 02:17:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add fuzzers for mlkem hybrid.
Some checks are pending
Autoconf Up To Date / autoconf (push) Waiting to run
Details
BuildTest / build (#define DROPBEAR_CURVE25519 0 , pq, no plain x25519) (push) Waiting to run
Details
BuildTest / build (#define DROPBEAR_SHA1_HMAC 0 #define DROPBEAR_RSA_SHA1 0 #define DROPBEAR_DH_GROUP14_SHA1 0 #define DROPBEAR_ECDSA 0 #define DROPBEAR_ED25519 0 #define DROPBEAR_SK_KEYS 0 #define DROPBEAR_ENABLE_GCM_MODE 1 #define DROPBEAR_3DES 1 #define DROPBEA… (push) Waiting to run
Details
BuildTest / build (--disable-harden --disable-zlib --disable-openpty --disable-lastlog, #define DROPBEAR_RSA 0 #define INETD_MODE 0 #define DROPBEAR_REEXEC 0 #define DROPBEAR_SMALL_CODE 0 #define DROPBEAR_CLI_LOCALTCPFWD 0 #define DROPBEAR_CLI_REMOTETCPFWD 0 #defi… (push) Waiting to run
Details
BuildTest / build (--enable-bundled-libtom --enable-werror, bundled libtom, 22.04, no writev(), 1, ubuntu-22.04, no) (push) Waiting to run
Details
BuildTest / build (--enable-pam, #define DEBUG_TRACE 5 , DEBUG_TRACE, 1) (push) Waiting to run
Details
BuildTest / build (--enable-pam, -std=c89 -Wdeclaration-after-statement, #define DROPBEAR_SNTRUP761 0 #define DROPBEAR_MLKEM768 0 , c89, 1) (push) Waiting to run
Details
BuildTest / build (--enable-pam, nondefault options, 1) (push) Waiting to run
Details
BuildTest / build (1, 1, multi binary) (push) Waiting to run
Details
BuildTest / build (1, 1, multi binary, dropbearmulti argv0) (push) Waiting to run
Details
BuildTest / build (PROGRAMS=dbclient, client only, no) (push) Waiting to run
Details
BuildTest / build (PROGRAMS=dropbear, server only, no) (push) Waiting to run
Details
BuildTest / build (clang, linux clang) (push) Waiting to run
Details
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, macos 14, macos-14, ranlib -no_warning_for_no_symbols, no) (push) Waiting to run
Details
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, macos 15, macos-15, ranlib -no_warning_for_no_symbols, no) (push) Waiting to run
Details
BuildTest / build (plain linux, 1) (push) Waiting to run
Details
CIFuzz / Fuzzing (push) Waiting to run
Details
Out of tree build / outoftree (push) Waiting to run
Details
tarball sha256sum / tarball (push) Waiting to run
Details

Browse Source 
Signed-off-by: Loganaden Velvindron <logan@cyberstorm.mu>
Signed-off-by: Jaykishan Mutkawoa <jay@cyberstorm.mu>
Signed-off-by: Kavish Nadan <kn@cyberstorm.mu>
This commit is contained in:
Loganaden Velvindron
2025-02-22 16:24:58 +00:00
committed by Matt Johnston
parent 1748ccae50
commit bfeb8f3fdb
3 changed files with 111 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile.in
View File

@@ -298,7 +298,8 @@ check: lint
FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths \
fuzzer-postauth_nomaths fuzzer-cliconf \
fuzzer-kexsntrup-srv fuzzer-kexsntrup-cli
fuzzer-kexsntrup-srv fuzzer-kexsntrup-cli \
fuzzer-kexmlkem-srv fuzzer-kexmlkem-cli
FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
FUZZ_OBJS = $(addprefix fuzz/,$(addsuffix .o,$(FUZZ_TARGETS))) \

55
fuzz/fuzzer-kexmlkem-cli.c Normal file
View File

@@ -0,0 +1,55 @@
#include "fuzz.h"
#include "session.h"
#include "fuzz-wrapfd.h"
#include "debug.h"
#include "runopts.h"
#include "algo.h"
static struct key_context* keep_newkeys = NULL;
static void setup() __attribute__((constructor));
static void setup() {
fuzz_common_setup();
fuzz_cli_setup();
keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "mlkem768x25519-sha256");
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
return 0;
}
m_malloc_set_epoch(1);
if (setjmp(fuzz.jmp) == 0) {
/* Arbitrary key to write into a buffer */
sign_key *hostkey = cli_opts.privkeys->first->item;
ses.newkeys = keep_newkeys;
struct kex_pqhybrid_param *param = gen_kexpqhybrid_param();
buffer * q_s = buf_getstringbuf(fuzz.input);
ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
kexpqhybrid_comb_key(param, q_s, hostkey);
free_kexpqhybrid_param(param);
buf_free(ses.dh_K_bytes);
buf_free(q_s);
buf_free(ses.hash);
buf_free(ses.session_id);
/* kexhashbuf is freed in kexpqhybrid_comb_key */
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
TRACE(("dropbear_exit longjmped"))
/* dropbear_exit jumped here */
}
return 0;
}

54
fuzz/fuzzer-kexmlkem-srv.c Normal file
View File

@@ -0,0 +1,54 @@
#include "fuzz.h"
#include "session.h"
#include "fuzz-wrapfd.h"
#include "debug.h"
#include "runopts.h"
#include "algo.h"
static struct key_context* keep_newkeys = NULL;
static void setup() __attribute__((constructor));
static void setup() {
fuzz_common_setup();
fuzz_svr_setup();
keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "mlkem768x25519-sha256");
keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519;
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
return 0;
}
m_malloc_set_epoch(1);
if (setjmp(fuzz.jmp) == 0) {
ses.newkeys = keep_newkeys;
struct kex_pqhybrid_param *param = gen_kexpqhybrid_param();
buffer * q_c = buf_getstringbuf(fuzz.input);
ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
kexpqhybrid_comb_key(param, q_c, svr_opts.hostkey);
free_kexpqhybrid_param(param);
buf_free(ses.dh_K_bytes);
buf_free(q_c);
buf_free(ses.hash);
buf_free(ses.session_id);
/* kexhashbuf is freed in kexpqhybrid_comb_key */
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
TRACE(("dropbear_exit longjmped"))
/* dropbear_exit jumped here */
}
return 0;
}