From 9e7e4ab6617fef1d1681fc2d3e02554264ccc954 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 13:13:18 +0200 Subject: Adding upstream version 1:8.4p1. Signed-off-by: Daniel Baumann --- regress/misc/kexfuzz/README | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 regress/misc/kexfuzz/README (limited to 'regress/misc/kexfuzz/README') diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README new file mode 100644 index 0000000..504c26f --- /dev/null +++ b/regress/misc/kexfuzz/README @@ -0,0 +1,34 @@ +This is a harness to help with fuzzing KEX. + +To use it, you first set it to count packets in each direction: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c +S2C: 29 +C2S: 31 + +Then get it to record a particular packet (in this case the 4th +packet from client->server): + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -d -D C2S -i 3 -f packet_3 + +Fuzz the packet somehow: + +dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example + +Then re-run the key exchange substituting the modified packet in +its original sequence: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -r -D C2S -i 3 -f packet_3 + +A comprehensive KEX fuzz run would fuzz every packet in both +directions for each key exchange type and every hostkey type. +This will take some time. + +Limitations: kexfuzz can't change the ordering of packets at +present. It is limited to replacing individual packets with +fuzzed variants with the same type. It really should allow +insertion, deletion on replacement of packets too. + +$OpenBSD: README,v 1.3 2017/10/20 02:13:41 djm Exp $ -- cgit v1.2.3