[openssh-commits] [openssh] 01/04: add basic fuzzers for our import of sntrup761
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Sep 4 15:38:58 AEST 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f
Author: Damien Miller <djm at mindrot.org>
AuthorDate: Wed Sep 4 15:35:29 2024 +1000
add basic fuzzers for our import of sntrup761
---
regress/misc/fuzz-harness/Makefile | 44 ++++++++-----
regress/misc/fuzz-harness/mkcorpus_sntrup761.c | 82 +++++++++++++++++++++++++
regress/misc/fuzz-harness/sntrup761_dec_fuzz.cc | 74 ++++++++++++++++++++++
regress/misc/fuzz-harness/sntrup761_enc_fuzz.cc | 57 +++++++++++++++++
regress/misc/fuzz-harness/watch-sntrup761.sh | 20 ++++++
sntrup761.c | 4 +-
6 files changed, 265 insertions(+), 16 deletions(-)
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 10721302..55dcc171 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -4,52 +4,68 @@ CXX=clang++-16
FUZZ_FLAGS=-fsanitize=address,fuzzer -fno-omit-frame-pointer
FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer
-CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I ../../.. $(FUZZ_FLAGS)
-CFLAGS=$(CXXFLAGS)
-LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
+CFLAGS=-D_GNU_SOURCE=1 -O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -Wno-deprecated -I ../../..
+CXXFLAGS=$(CFLAGS) $(FUZZ_FLAGS)
+LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g
LIBS=-lssh -lopenbsd-compat -lmd -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
SK_NULL_OBJS=ssh-sk-null.o
COMMON_DEPS=../../../libssh.a
TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz authkeys_fuzz sshsig_fuzz \
- sshsigopt_fuzz privkey_fuzz kex_fuzz agent_fuzz
+ sshsigopt_fuzz privkey_fuzz kex_fuzz agent_fuzz \
+ mkcorpus_sntrup761 sntrup761_enc_fuzz sntrup761_dec_fuzz
all: $(TARGETS)
.cc.o:
$(CXX) $(CXXFLAGS) -c $< -o $@
+.c.o:
+ $(CC) $(CFLAGS) -c $< -o $@
+
pubkey_fuzz: pubkey_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ pubkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ pubkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
sig_fuzz: sig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ sig_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ sig_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
authopt_fuzz: authopt_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ authopt_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ authopt_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
authkeys_fuzz: authkeys_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ authkeys_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o ../../../auth2-pubkeyfile.o $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ authkeys_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o ../../../auth2-pubkeyfile.o $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
sshsig_fuzz: sshsig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ sshsig_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ sshsig_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
sshsigopt_fuzz: sshsigopt_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ sshsigopt_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ sshsigopt_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
privkey_fuzz: privkey_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ privkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
+ $(CXX) -o $@ privkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS)
kex_fuzz: kex_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
- $(CXX) -o $@ kex_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS) -lz
+ $(CXX) -o $@ kex_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS) -lz
agent_fuzz: agent_fuzz.o agent_fuzz_helper.o sk-dummy.o ../../../ssh-sk.o $(COMMON_DEPS)
- $(CXX) -o $@ agent_fuzz.o agent_fuzz_helper.o sk-dummy.o ../../../ssh-sk.o $(LDFLAGS) $(LIBS) -lz
+ $(CXX) -o $@ agent_fuzz.o agent_fuzz_helper.o sk-dummy.o ../../../ssh-sk.o $(LDFLAGS) $(FUZZ_FLAGS) $(LIBS) -lz
agent_fuzz_helper.o: agent_fuzz_helper.c ../../../ssh-agent.c
sk-dummy.o: ../sk-dummy/sk-dummy.c
- $(CC) $(CFLAGS) -c -o $@ ../sk-dummy/sk-dummy.c -DSK_DUMMY_INTEGRATE=1 $(LDFLAGS)
+ $(CC) $(CFLAGS) -c -o $@ ../sk-dummy/sk-dummy.c -DSK_DUMMY_INTEGRATE=1 $(LDFLAGS) $(FUZZ_FLAGS)
+
+mkcorpus_sntrup761: mkcorpus_sntrup761.o
+ $(CC) -o $@ mkcorpus_sntrup761.o $(LDFLAGS) -lcrypto
+
+sntrup761_dec_fuzz: sntrup761_dec_fuzz.o
+ $(CXX) -o $@ sntrup761_dec_fuzz.o $(LDFLAGS) $(FUZZ_FLAGS) $(FUZZ_LIBS) -lcrypto
+
+sntrup761_enc_fuzz: sntrup761_enc_fuzz.o
+ $(CXX) -o $@ sntrup761_enc_fuzz.o $(LDFLAGS) $(FUZZ_FLAGS) $(FUZZ_LIBS) -lcrypto
clean:
-rm -f *.o $(TARGETS)
+
+cleandir: clean
+
diff --git a/regress/misc/fuzz-harness/mkcorpus_sntrup761.c b/regress/misc/fuzz-harness/mkcorpus_sntrup761.c
new file mode 100644
index 00000000..86a8e02a
--- /dev/null
+++ b/regress/misc/fuzz-harness/mkcorpus_sntrup761.c
@@ -0,0 +1,82 @@
+// Makes basic seed corpora for other fuzzers
+//
+// Will write to ./sntrup761_pubkey_corpus (for sntrup761_enc_fuzz) and
+// to ./sntrup761_ciphertext_corpus (for sntrup761_dec_fuzz)
+
+#include <sys/stat.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <err.h>
+#include <errno.h>
+
+#include "crypto_api.h"
+#include "hash.c"
+
+#undef randombytes
+#define USE_SNTRUP761X25519 1
+void randombytes(unsigned char *ptr, size_t l);
+volatile crypto_int16 crypto_int16_optblocker = 0;
+volatile crypto_int32 crypto_int32_optblocker = 0;
+volatile crypto_int64 crypto_int64_optblocker = 0;
+#include "sntrup761.c"
+
+#define NSEEDS 1000
+
+static int real_random;
+
+void
+randombytes(unsigned char *ptr, size_t l)
+{
+ if (real_random)
+ arc4random_buf(ptr, l);
+ else
+ memset(ptr, 0, l);
+}
+
+void write_blob(const char *path, int n, const char *suffix,
+ const void *ptr, size_t l)
+{
+ char name[256];
+ FILE *f;
+
+ snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix);
+ if ((f = fopen(name, "wb+")) == NULL)
+ err(1, "fopen %s", name);
+ if (fwrite(ptr, l, 1, f) != 1)
+ err(1, "write %s", name);
+ fclose(f);
+}
+
+int main(void)
+{
+ int i;
+ unsigned char pk[crypto_kem_sntrup761_PUBLICKEYBYTES];
+ unsigned char sk[crypto_kem_sntrup761_SECRETKEYBYTES];
+ unsigned char ciphertext[crypto_kem_sntrup761_CIPHERTEXTBYTES];
+ unsigned char secret[crypto_kem_sntrup761_BYTES];
+
+ if (mkdir("sntrup761_pubkey_corpus", 0777) != 0 && errno != EEXIST)
+ err(1, "mkdir sntrup761_pubkey_corpus");
+ if (mkdir("sntrup761_ciphertext_corpus", 0777) != 0 && errno != EEXIST)
+ err(1, "mkdir sntrup761_ciphertext_corpus");
+
+ fprintf(stderr, "making: ");
+ for (i = 0; i < NSEEDS; i++) {
+ real_random = i != 0;
+ if (crypto_kem_sntrup761_keypair(pk, sk) != 0)
+ errx(1, "crypto_kem_sntrup761_keypair failed");
+ write_blob("sntrup761_pubkey_corpus", i, "pk", pk, sizeof(pk));
+ if (crypto_kem_sntrup761_enc(ciphertext, secret, pk) != 0)
+ errx(1, "crypto_kem_sntrup761_enc failed");
+ write_blob("sntrup761_ciphertext_corpus", i, "ct",
+ ciphertext, sizeof(ciphertext));
+ if (i % 20 == 0)
+ fprintf(stderr, ".");
+ }
+ fprintf(stderr, "\n");
+ return 0;
+}
diff --git a/regress/misc/fuzz-harness/sntrup761_dec_fuzz.cc b/regress/misc/fuzz-harness/sntrup761_dec_fuzz.cc
new file mode 100644
index 00000000..e508cb15
--- /dev/null
+++ b/regress/misc/fuzz-harness/sntrup761_dec_fuzz.cc
@@ -0,0 +1,74 @@
+// Basic fuzz test for depcapsulate operation,
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <err.h>
+
+extern "C" {
+
+#include "crypto_api.h"
+#include "hash.c"
+
+#undef randombytes
+#define USE_SNTRUP761X25519 1
+#ifdef SNTRUP761_NO_ASM
+# undef __GNUC__
+#endif
+void randombytes(unsigned char *ptr, size_t l);
+volatile crypto_int16 crypto_int16_optblocker = 0;
+volatile crypto_int32 crypto_int32_optblocker = 0;
+volatile crypto_int64 crypto_int64_optblocker = 0;
+#include "sntrup761.c"
+
+static int real_random;
+
+void
+randombytes(unsigned char *ptr, size_t l)
+{
+ if (real_random)
+ arc4random_buf(ptr, l);
+ else
+ memset(ptr, 0, l);
+}
+
+void privkeys(unsigned char *zero_sk, unsigned char *rnd_sk)
+{
+ unsigned char pk[crypto_kem_sntrup761_PUBLICKEYBYTES];
+
+ real_random = 0;
+ if (crypto_kem_sntrup761_keypair(pk, zero_sk) != 0)
+ errx(1, "crypto_kem_sntrup761_keypair failed");
+ real_random = 1;
+ if (crypto_kem_sntrup761_keypair(pk, rnd_sk) != 0)
+ errx(1, "crypto_kem_sntrup761_keypair failed");
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+{
+ static bool once;
+ unsigned char zero_sk[crypto_kem_sntrup761_SECRETKEYBYTES];
+ unsigned char rnd_sk[crypto_kem_sntrup761_SECRETKEYBYTES];
+ unsigned char ciphertext[crypto_kem_sntrup761_CIPHERTEXTBYTES];
+ unsigned char secret[crypto_kem_sntrup761_BYTES];
+
+ if (!once) {
+ privkeys(zero_sk, rnd_sk);
+ once = true;
+ }
+
+ memset(&ciphertext, 0, sizeof(ciphertext));
+ if (len > sizeof(ciphertext)) {
+ len = sizeof(ciphertext);
+ }
+ memcpy(ciphertext, input, len);
+
+ (void)crypto_kem_sntrup761_dec(secret, ciphertext, zero_sk);
+ (void)crypto_kem_sntrup761_dec(secret, ciphertext, rnd_sk);
+ return 0;
+}
+
+} // extern
diff --git a/regress/misc/fuzz-harness/sntrup761_enc_fuzz.cc b/regress/misc/fuzz-harness/sntrup761_enc_fuzz.cc
new file mode 100644
index 00000000..c4ebac41
--- /dev/null
+++ b/regress/misc/fuzz-harness/sntrup761_enc_fuzz.cc
@@ -0,0 +1,57 @@
+// Basic fuzz test for encapsulate operation.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <err.h>
+
+extern "C" {
+
+#include "crypto_api.h"
+#include "hash.c"
+
+#undef randombytes
+#define USE_SNTRUP761X25519 1
+#ifdef SNTRUP761_NO_ASM
+# undef __GNUC__
+#endif
+void randombytes(unsigned char *ptr, size_t l);
+volatile crypto_int16 crypto_int16_optblocker = 0;
+volatile crypto_int32 crypto_int32_optblocker = 0;
+volatile crypto_int64 crypto_int64_optblocker = 0;
+#include "sntrup761.c"
+
+static int real_random;
+
+void
+randombytes(unsigned char *ptr, size_t l)
+{
+ if (real_random)
+ arc4random_buf(ptr, l);
+ else
+ memset(ptr, 0, l);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+{
+ unsigned char pk[crypto_kem_sntrup761_PUBLICKEYBYTES];
+ unsigned char ciphertext[crypto_kem_sntrup761_CIPHERTEXTBYTES];
+ unsigned char secret[crypto_kem_sntrup761_BYTES];
+
+ memset(&pk, 0, sizeof(pk));
+ if (len > sizeof(pk)) {
+ len = sizeof(pk);
+ }
+ memcpy(pk, input, len);
+
+ real_random = 0;
+ (void)crypto_kem_sntrup761_enc(ciphertext, secret, pk);
+ real_random = 1;
+ (void)crypto_kem_sntrup761_enc(ciphertext, secret, pk);
+ return 0;
+}
+
+} // extern
diff --git a/regress/misc/fuzz-harness/watch-sntrup761.sh b/regress/misc/fuzz-harness/watch-sntrup761.sh
new file mode 100755
index 00000000..482f831c
--- /dev/null
+++ b/regress/misc/fuzz-harness/watch-sntrup761.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+mkdir -p sntrup761_dec_fuzzing sntrup761_enc_fuzzing
+(cd sntrup761_enc_fuzzing ;
+ ../sntrup761_enc_fuzz -jobs=48 ../sntrup761_pubkey_corpus &)
+(cd sntrup761_dec_fuzzing ;
+ ../sntrup761_dec_fuzz -jobs=48 ../sntrup761_ciphertext_corpus &)
+
+while true ; do
+ clear
+ uptime
+ echo
+ echo "Findings"
+ ls -1 sntrup761_dec_fuzzing sntrup761_enc_fuzzing | grep -v '^fuzz-.*log$'
+ printf "\n\n"
+ printf "ciphertext_corpus: " ; ls -1 sntrup761_ciphertext_corpus | wc -l
+ printf " pubkey_corpus: "; ls -1 sntrup761_pubkey_corpus | wc -l
+ sleep 10;
+done
diff --git a/sntrup761.c b/sntrup761.c
index 57368bd8..be888cb9 100644
--- a/sntrup761.c
+++ b/sntrup761.c
@@ -42,7 +42,7 @@ do { \
static void crypto_sort_int32(void *array,long long n)
{
long long top,p,q,r,i,j;
- int32 *x = array;
+ int32 *x = (int32*)array;
if (n < 2) return;
top = 1;
@@ -104,7 +104,7 @@ static void crypto_sort_int32(void *array,long long n)
static void crypto_sort_uint32(void *array,long long n)
{
- crypto_uint32 *x = array;
+ crypto_uint32 *x = (crypto_uint32 *)array;
long long j;
for (j = 0;j < n;++j) x[j] ^= 0x80000000;
crypto_sort_int32(array,n);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list