summaryrefslogtreecommitdiffstats
path: root/regress/misc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:26:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:26:58 +0000
commit999ae6be3243c7b4a815247199447b53c39a3d65 (patch)
tree1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /regress/misc
parentInitial commit. (diff)
downloadopenssh-upstream/1%7.9p1.tar.xz
openssh-upstream/1%7.9p1.zip
Adding upstream version 1:7.9p1.upstream/1%7.9p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'regress/misc')
-rw-r--r--regress/misc/Makefile3
-rw-r--r--regress/misc/fuzz-harness/Makefile25
-rw-r--r--regress/misc/fuzz-harness/README1
-rw-r--r--regress/misc/fuzz-harness/authopt_fuzz.cc33
-rw-r--r--regress/misc/fuzz-harness/pubkey_fuzz.cc18
-rw-r--r--regress/misc/fuzz-harness/sig_fuzz.cc50
-rw-r--r--regress/misc/kexfuzz/Makefile88
-rw-r--r--regress/misc/kexfuzz/README34
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c459
9 files changed, 711 insertions, 0 deletions
diff --git a/regress/misc/Makefile b/regress/misc/Makefile
new file mode 100644
index 0000000..14c0c27
--- /dev/null
+++ b/regress/misc/Makefile
@@ -0,0 +1,3 @@
+SUBDIR= kexfuzz
+
+.include <bsd.subdir.mk>
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
new file mode 100644
index 0000000..a2aa444
--- /dev/null
+++ b/regress/misc/fuzz-harness/Makefile
@@ -0,0 +1,25 @@
+# NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
+CXX=clang++-3.9
+FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
+FUZZ_LIBS=-lFuzzer
+
+CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
+LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
+LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
+
+all: pubkey_fuzz sig_fuzz authopt_fuzz
+
+.cc.o:
+ $(CXX) $(CXXFLAGS) -c $< -o $@
+
+pubkey_fuzz: pubkey_fuzz.o
+ $(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
+
+sig_fuzz: sig_fuzz.o
+ $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
+
+authopt_fuzz: authopt_fuzz.o
+ $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
+
+clean:
+ -rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README
new file mode 100644
index 0000000..ae6fbe7
--- /dev/null
+++ b/regress/misc/fuzz-harness/README
@@ -0,0 +1 @@
+This directory contains fuzzing harnesses for use with clang's libfuzzer.
diff --git a/regress/misc/fuzz-harness/authopt_fuzz.cc b/regress/misc/fuzz-harness/authopt_fuzz.cc
new file mode 100644
index 0000000..a76d5a3
--- /dev/null
+++ b/regress/misc/fuzz-harness/authopt_fuzz.cc
@@ -0,0 +1,33 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+extern "C" {
+
+#include "auth-options.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ char *cp = (char *)malloc(size + 1);
+ struct sshauthopt *opts = NULL, *merge = NULL, *add = sshauthopt_new();
+
+ if (cp == NULL || add == NULL)
+ goto out;
+ memcpy(cp, data, size);
+ cp[size] = '\0';
+ if ((opts = sshauthopt_parse(cp, NULL)) == NULL)
+ goto out;
+ if ((merge = sshauthopt_merge(opts, add, NULL)) == NULL)
+ goto out;
+
+ out:
+ free(cp);
+ sshauthopt_free(add);
+ sshauthopt_free(opts);
+ sshauthopt_free(merge);
+ return 0;
+}
+
+} // extern "C"
diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc
new file mode 100644
index 0000000..8bbc110
--- /dev/null
+++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc
@@ -0,0 +1,18 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+
+extern "C" {
+
+#include "sshkey.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ struct sshkey *k = NULL;
+ int r = sshkey_from_blob(data, size, &k);
+ if (r == 0) sshkey_free(k);
+ return 0;
+}
+
+} // extern
+
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
new file mode 100644
index 0000000..dd1fda0
--- /dev/null
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
+// cc_fuzz_target test for public key parsing.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+
+static struct sshkey *generate_or_die(int type, unsigned bits) {
+ int r;
+ struct sshkey *ret;
+ if ((r = sshkey_generate(type, bits, &ret)) != 0) {
+ fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
+ abort();
+ }
+ return ret;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+#ifdef WITH_OPENSSL
+ static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
+ static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
+ static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
+ static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
+ static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
+#endif
+ static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
+ static const char *data = "If everyone started announcing his nose had "
+ "run away, I don’t know how it would all end";
+ static const size_t dlen = strlen(data);
+
+#ifdef WITH_OPENSSL
+ sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+ sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+ sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0);
+ sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0);
+ sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0);
+#endif
+ sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0);
+ return 0;
+}
+
+} // extern
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
new file mode 100644
index 0000000..a7bb6b7
--- /dev/null
+++ b/regress/misc/kexfuzz/Makefile
@@ -0,0 +1,88 @@
+# $OpenBSD: Makefile,v 1.3 2017/12/21 05:46:35 djm Exp $
+
+.include <bsd.own.mk>
+.include <bsd.obj.mk>
+
+# XXX detect from ssh binary?
+SSH1?= no
+OPENSSL?= yes
+
+PROG= kexfuzz
+SRCS= kexfuzz.c
+
+SSHREL=../../../../../usr.bin/ssh
+.PATH: ${.CURDIR}/${SSHREL}
+# From usr.bin/ssh
+SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
+SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
+SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
+SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c
+SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c
+SRCS+=dh.c compat.c
+SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
+SRCS+=cipher-chachapoly.c chacha.c poly1305.c
+SRCS+=smult_curve25519_ref.c
+
+SRCS+=digest-openssl.c
+#SRCS+=digest-libc.c
+
+NOMAN= 1
+
+.if (${OPENSSL:L} == "yes")
+CFLAGS+= -DWITH_OPENSSL
+.else
+# SSH v.1 requires OpenSSL.
+SSH1= no
+.endif
+
+.if (${SSH1:L} == "yes")
+CFLAGS+= -DWITH_SSH1
+.endif
+
+# enable warnings
+WARNINGS=Yes
+
+DEBUG=-g
+CFLAGS+= -fstack-protector-all
+CDIAGFLAGS= -Wall
+CDIAGFLAGS+= -Wextra
+CDIAGFLAGS+= -Werror
+CDIAGFLAGS+= -Wchar-subscripts
+CDIAGFLAGS+= -Wcomment
+CDIAGFLAGS+= -Wformat
+CDIAGFLAGS+= -Wformat-security
+CDIAGFLAGS+= -Wimplicit
+CDIAGFLAGS+= -Winline
+CDIAGFLAGS+= -Wmissing-declarations
+CDIAGFLAGS+= -Wmissing-prototypes
+CDIAGFLAGS+= -Wparentheses
+CDIAGFLAGS+= -Wpointer-arith
+CDIAGFLAGS+= -Wreturn-type
+CDIAGFLAGS+= -Wshadow
+CDIAGFLAGS+= -Wsign-compare
+CDIAGFLAGS+= -Wstrict-aliasing
+CDIAGFLAGS+= -Wstrict-prototypes
+CDIAGFLAGS+= -Wswitch
+CDIAGFLAGS+= -Wtrigraphs
+CDIAGFLAGS+= -Wuninitialized
+CDIAGFLAGS+= -Wunused
+CDIAGFLAGS+= -Wno-unused-parameter
+.if ${COMPILER_VERSION:L} != "gcc3"
+CDIAGFLAGS+= -Wold-style-definition
+.endif
+
+
+CFLAGS+=-I${.CURDIR}/${SSHREL}
+
+LDADD+= -lutil -lz
+DPADD+= ${LIBUTIL} ${LIBZ}
+
+.if (${OPENSSL:L} == "yes")
+LDADD+= -lcrypto
+DPADD+= ${LIBCRYPTO}
+.endif
+
+.include <bsd.prog.mk>
+
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README
new file mode 100644
index 0000000..504c26f
--- /dev/null
+++ b/regress/misc/kexfuzz/README
@@ -0,0 +1,34 @@
+This is a harness to help with fuzzing KEX.
+
+To use it, you first set it to count packets in each direction:
+
+./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
+S2C: 29
+C2S: 31
+
+Then get it to record a particular packet (in this case the 4th
+packet from client->server):
+
+./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
+ -d -D C2S -i 3 -f packet_3
+
+Fuzz the packet somehow:
+
+dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
+
+Then re-run the key exchange substituting the modified packet in
+its original sequence:
+
+./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
+ -r -D C2S -i 3 -f packet_3
+
+A comprehensive KEX fuzz run would fuzz every packet in both
+directions for each key exchange type and every hostkey type.
+This will take some time.
+
+Limitations: kexfuzz can't change the ordering of packets at
+present. It is limited to replacing individual packets with
+fuzzed variants with the same type. It really should allow
+insertion, deletion on replacement of packets too.
+
+$OpenBSD: README,v 1.3 2017/10/20 02:13:41 djm Exp $
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
new file mode 100644
index 0000000..3e2c481
--- /dev/null
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -0,0 +1,459 @@
+/* $OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */
+/*
+ * Fuzz harness for KEX code
+ *
+ * Placed in the public domain
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#ifdef HAVE_ERR_H
+# include <err.h>
+#endif
+
+#include "ssherr.h"
+#include "ssh_api.h"
+#include "sshbuf.h"
+#include "packet.h"
+#include "myproposal.h"
+#include "authfile.h"
+#include "log.h"
+
+struct ssh *active_state = NULL; /* XXX - needed for linking */
+
+void kex_tests(void);
+static int do_debug = 0;
+
+enum direction { S2C, C2S };
+
+struct hook_ctx {
+ struct ssh *client, *server, *server2;
+ int *c2s, *s2c;
+ int trigger_direction, packet_index;
+ const char *dump_path;
+ struct sshbuf *replace_data;
+};
+
+static int
+packet_hook(struct ssh *ssh, struct sshbuf *packet, u_char *typep, void *_ctx)
+{
+ struct hook_ctx *ctx = (struct hook_ctx *)_ctx;
+ int mydirection = ssh == ctx->client ? S2C : C2S;
+ int *packet_count = mydirection == S2C ? ctx->s2c : ctx->c2s;
+ FILE *dumpfile;
+ int r;
+
+ if (do_debug) {
+ printf("%s packet %d type %u:\n",
+ mydirection == S2C ? "s2c" : "c2s",
+ *packet_count, *typep);
+ sshbuf_dump(packet, stdout);
+ }
+ if (mydirection == ctx->trigger_direction &&
+ ctx->packet_index == *packet_count) {
+ if (ctx->replace_data != NULL) {
+ sshbuf_reset(packet);
+ /* Type is first byte of packet */
+ if ((r = sshbuf_get_u8(ctx->replace_data,
+ typep)) != 0 ||
+ (r = sshbuf_putb(packet, ctx->replace_data)) != 0)
+ return r;
+ if (do_debug) {
+ printf("***** replaced packet type %u\n",
+ *typep);
+ sshbuf_dump(packet, stdout);
+ }
+ } else if (ctx->dump_path != NULL) {
+ if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL)
+ err(1, "fopen %s", ctx->dump_path);
+ /* Write { type, packet } */
+ if (fwrite(typep, 1, 1, dumpfile) != 1)
+ err(1, "fwrite type %s", ctx->dump_path);
+ if (sshbuf_len(packet) != 0 &&
+ fwrite(sshbuf_ptr(packet), sshbuf_len(packet),
+ 1, dumpfile) != 1)
+ err(1, "fwrite body %s", ctx->dump_path);
+ if (do_debug) {
+ printf("***** dumped packet type %u len %zu\n",
+ *typep, sshbuf_len(packet));
+ }
+ fclose(dumpfile);
+ /* No point in continuing */
+ exit(0);
+ }
+ }
+ (*packet_count)++;
+ return 0;
+}
+
+static int
+do_send_and_receive(struct ssh *from, struct ssh *to)
+{
+ u_char type;
+ size_t len;
+ const u_char *buf;
+ int r;
+
+ for (;;) {
+ if ((r = ssh_packet_next(from, &type)) != 0) {
+ fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r));
+ return r;
+ }
+
+ if (type != 0)
+ return 0;
+ buf = ssh_output_ptr(from, &len);
+ if (len == 0)
+ return 0;
+ if ((r = ssh_input_append(to, buf, len)) != 0) {
+ debug("ssh_input_append: %s", ssh_err(r));
+ return r;
+ }
+ if ((r = ssh_output_consume(from, len)) != 0) {
+ debug("ssh_output_consume: %s", ssh_err(r));
+ return r;
+ }
+ }
+}
+
+/* Minimal test_helper.c scaffholding to make this standalone */
+const char *in_test = NULL;
+#define TEST_START(a) \
+ do { \
+ in_test = (a); \
+ if (do_debug) \
+ fprintf(stderr, "test %s starting\n", in_test); \
+ } while (0)
+#define TEST_DONE() \
+ do { \
+ if (do_debug) \
+ fprintf(stderr, "test %s done\n", \
+ in_test ? in_test : "???"); \
+ in_test = NULL; \
+ } while(0)
+#define ASSERT_INT_EQ(a, b) \
+ do { \
+ if ((int)(a) != (int)(b)) { \
+ fprintf(stderr, "%s %s:%d " \
+ "%s (%d) != expected %s (%d)\n", \
+ in_test ? in_test : "(none)", \
+ __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
+ exit(2); \
+ } \
+ } while (0)
+#define ASSERT_INT_GE(a, b) \
+ do { \
+ if ((int)(a) < (int)(b)) { \
+ fprintf(stderr, "%s %s:%d " \
+ "%s (%d) < expected %s (%d)\n", \
+ in_test ? in_test : "(none)", \
+ __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
+ exit(2); \
+ } \
+ } while (0)
+#define ASSERT_PTR_NE(a, b) \
+ do { \
+ if ((a) == (b)) { \
+ fprintf(stderr, "%s %s:%d " \
+ "%s (%p) != expected %s (%p)\n", \
+ in_test ? in_test : "(none)", \
+ __func__, __LINE__, #a, (a), #b, (b)); \
+ exit(2); \
+ } \
+ } while (0)
+
+
+static void
+run_kex(struct ssh *client, struct ssh *server)
+{
+ int r = 0;
+
+ while (!server->kex->done || !client->kex->done) {
+ if ((r = do_send_and_receive(server, client)) != 0) {
+ debug("do_send_and_receive S2C: %s", ssh_err(r));
+ break;
+ }
+ if ((r = do_send_and_receive(client, server)) != 0) {
+ debug("do_send_and_receive C2S: %s", ssh_err(r));
+ break;
+ }
+ }
+ if (do_debug)
+ printf("done: %s\n", ssh_err(r));
+ ASSERT_INT_EQ(r, 0);
+ ASSERT_INT_EQ(server->kex->done, 1);
+ ASSERT_INT_EQ(client->kex->done, 1);
+}
+
+static void
+do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
+ int direction, int packet_index,
+ const char *dump_path, struct sshbuf *replace_data)
+{
+ struct ssh *client = NULL, *server = NULL, *server2 = NULL;
+ struct sshkey *pubkey = NULL;
+ struct sshbuf *state;
+ struct kex_params kex_params;
+ char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+ char *keyname = NULL;
+ struct hook_ctx hook_ctx;
+
+ TEST_START("sshkey_from_private");
+ ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0);
+ TEST_DONE();
+
+ TEST_START("ssh_init");
+ memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
+ if (kex != NULL)
+ kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex);
+ keyname = strdup(sshkey_ssh_name(prvkey));
+ ASSERT_PTR_NE(keyname, NULL);
+ kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
+ ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
+ ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
+ ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
+ ASSERT_PTR_NE(client, NULL);
+ ASSERT_PTR_NE(server, NULL);
+ ASSERT_PTR_NE(server2, NULL);
+ TEST_DONE();
+
+ hook_ctx.c2s = c2s;
+ hook_ctx.s2c = s2c;
+ hook_ctx.trigger_direction = direction;
+ hook_ctx.packet_index = packet_index;
+ hook_ctx.dump_path = dump_path;
+ hook_ctx.replace_data = replace_data;
+ hook_ctx.client = client;
+ hook_ctx.server = server;
+ hook_ctx.server2 = server2;
+ ssh_packet_set_input_hook(client, packet_hook, &hook_ctx);
+ ssh_packet_set_input_hook(server, packet_hook, &hook_ctx);
+ ssh_packet_set_input_hook(server2, packet_hook, &hook_ctx);
+
+ TEST_START("ssh_add_hostkey");
+ ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0);
+ ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0);
+ TEST_DONE();
+
+ TEST_START("kex");
+ run_kex(client, server);
+ TEST_DONE();
+
+ TEST_START("rekeying client");
+ ASSERT_INT_EQ(kex_send_kexinit(client), 0);
+ run_kex(client, server);
+ TEST_DONE();
+
+ TEST_START("rekeying server");
+ ASSERT_INT_EQ(kex_send_kexinit(server), 0);
+ run_kex(client, server);
+ TEST_DONE();
+
+ TEST_START("ssh_packet_get_state");
+ state = sshbuf_new();
+ ASSERT_PTR_NE(state, NULL);
+ ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
+ ASSERT_INT_GE(sshbuf_len(state), 1);
+ TEST_DONE();
+
+ TEST_START("ssh_packet_set_state");
+ ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0);
+ kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */
+ ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
+ ASSERT_INT_EQ(sshbuf_len(state), 0);
+ sshbuf_free(state);
+ ASSERT_PTR_NE(server2->kex, NULL);
+ /* XXX we need to set the callbacks */
+#ifdef WITH_OPENSSL
+ server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+ server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
+ server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
+ server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
+ server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+ server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+# ifdef OPENSSL_HAS_ECC
+ server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+# endif
+#endif
+ server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+ server2->kex->load_host_public_key = server->kex->load_host_public_key;
+ server2->kex->load_host_private_key = server->kex->load_host_private_key;
+ server2->kex->sign = server->kex->sign;
+ TEST_DONE();
+
+ TEST_START("rekeying server2");
+ ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
+ run_kex(client, server2);
+ ASSERT_INT_EQ(kex_send_kexinit(client), 0);
+ run_kex(client, server2);
+ TEST_DONE();
+
+ TEST_START("cleanup");
+ sshkey_free(pubkey);
+ ssh_free(client);
+ ssh_free(server);
+ ssh_free(server2);
+ free(keyname);
+ TEST_DONE();
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: kexfuzz [-hcdrv] [-D direction] [-f data_file]\n"
+ " [-K kex_alg] [-k private_key] [-i packet_index]\n"
+ "\n"
+ "Options:\n"
+ " -h Display this help\n"
+ " -c Count packets sent during KEX\n"
+ " -d Dump mode: record KEX packet to data file\n"
+ " -r Replace mode: replace packet with data file\n"
+ " -v Turn on verbose logging\n"
+ " -D S2C|C2S Packet direction for replacement or dump\n"
+ " -f data_file Path to data file for replacement or dump\n"
+ " -K kex_alg Name of KEX algorithm to test (see below)\n"
+ " -k private_key Path to private key file\n"
+ " -i packet_index Index of packet to replace or dump (from 0)\n"
+ "\n"
+ "Available KEX algorithms: %s\n", kex_alg_list(' '));
+}
+
+static void
+badusage(const char *bad)
+{
+ fprintf(stderr, "Invalid options\n");
+ fprintf(stderr, "%s\n", bad);
+ usage();
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ch, fd, r;
+ int count_flag = 0, dump_flag = 0, replace_flag = 0;
+ int packet_index = -1, direction = -1;
+ int s2c = 0, c2s = 0; /* packet counts */
+ const char *kex = NULL, *kpath = NULL, *data_path = NULL;
+ struct sshkey *key = NULL;
+ struct sshbuf *replace_data = NULL;
+
+ setvbuf(stdout, NULL, _IONBF, 0);
+ while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) {
+ switch (ch) {
+ case 'h':
+ usage();
+ return 0;
+ case 'c':
+ count_flag = 1;
+ break;
+ case 'd':
+ dump_flag = 1;
+ break;
+ case 'r':
+ replace_flag = 1;
+ break;
+ case 'v':
+ do_debug = 1;
+ break;
+
+ case 'D':
+ if (strcasecmp(optarg, "s2c") == 0)
+ direction = S2C;
+ else if (strcasecmp(optarg, "c2s") == 0)
+ direction = C2S;
+ else
+ badusage("Invalid direction (-D)");
+ break;
+ case 'f':
+ data_path = optarg;
+ break;
+ case 'K':
+ kex = optarg;
+ break;
+ case 'k':
+ kpath = optarg;
+ break;
+ case 'i':
+ packet_index = atoi(optarg);
+ if (packet_index < 0)
+ badusage("Invalid packet index");
+ break;
+ default:
+ badusage("unsupported flag");
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+ log_init(argv[0], do_debug ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
+ SYSLOG_FACILITY_USER, 1);
+
+ /* Must select a single mode */
+ if ((count_flag + dump_flag + replace_flag) != 1)
+ badusage("Must select one mode: -c, -d or -r");
+ /* KEX type is mandatory */
+ if (kex == NULL || !kex_names_valid(kex) || strchr(kex, ',') != NULL)
+ badusage("Missing or invalid kex type (-K flag)");
+ /* Valid key is mandatory */
+ if (kpath == NULL)
+ badusage("Missing private key (-k flag)");
+ if ((fd = open(kpath, O_RDONLY)) == -1)
+ err(1, "open %s", kpath);
+ if ((r = sshkey_load_private_type_fd(fd, KEY_UNSPEC, NULL,
+ &key, NULL)) != 0)
+ errx(1, "Unable to load key %s: %s", kpath, ssh_err(r));
+ close(fd);
+ /* XXX check that it is a private key */
+ /* XXX support certificates */
+ if (key == NULL || key->type == KEY_UNSPEC)
+ badusage("Invalid key file (-k flag)");
+
+ /* Replace (fuzz) mode */
+ if (replace_flag) {
+ if (packet_index == -1 || direction == -1 || data_path == NULL)
+ badusage("Replace (-r) mode must specify direction "
+ "(-D) packet index (-i) and data path (-f)");
+ if ((fd = open(data_path, O_RDONLY)) == -1)
+ err(1, "open %s", data_path);
+ replace_data = sshbuf_new();
+ if ((r = sshkey_load_file(fd, replace_data)) != 0)
+ errx(1, "read %s: %s", data_path, ssh_err(r));
+ close(fd);
+ }
+
+ /* Dump mode */
+ if (dump_flag) {
+ if (packet_index == -1 || direction == -1 || data_path == NULL)
+ badusage("Dump (-d) mode must specify direction "
+ "(-D), packet index (-i) and data path (-f)");
+ }
+
+ /* Count mode needs no further flags */
+
+ do_kex_with_key(kex, key, &c2s, &s2c,
+ direction, packet_index,
+ dump_flag ? data_path : NULL,
+ replace_flag ? replace_data : NULL);
+ sshkey_free(key);
+ sshbuf_free(replace_data);
+
+ if (count_flag) {
+ printf("S2C: %d\n", s2c);
+ printf("C2S: %d\n", c2s);
+ }
+
+ return 0;
+}