1 #ifndef DROPBEAR_FUZZ_H 2 #define DROPBEAR_FUZZ_H 3 4 #include "config.h" 5 6 #if DROPBEAR_FUZZ 7 8 #include "includes.h" 9 #include "buffer.h" 10 #include "algo.h" 11 #include "fuzz-wrapfd.h" 12 13 // once per process 14 void fuzz_common_setup(void); 15 void fuzz_svr_setup(void); 16 void fuzz_cli_setup(void); 17 18 // must be called once per fuzz iteration. 19 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE 20 int fuzz_set_input(const uint8_t *Data, size_t Size); 21 22 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths); 23 int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths); 24 const void* fuzz_get_algo(const algo_type *algos, const char* name); 25 26 // fuzzer functions that intrude into general code 27 void fuzz_kex_fakealgos(void); 28 int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename, 29 const char* algo, unsigned int algolen, 30 const unsigned char* keyblob, unsigned int keybloblen); 31 extern const char * const * fuzz_signkey_names; 32 void fuzz_seed(void); 33 34 // helpers 35 void fuzz_get_socket_address(int fd, char **local_host, char **local_port, 36 char **remote_host, char **remote_port, int host_lookup); 37 void fuzz_fake_send_kexdh_reply(void); 38 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid); 39 void fuzz_dump(const unsigned char* data, size_t len); 40 41 // fake IO wrappers 42 #ifndef FUZZ_SKIP_WRAP 43 #define select(nfds, readfds, writefds, exceptfds, timeout) \ 44 wrapfd_select(nfds, readfds, writefds, exceptfds, timeout) 45 #define write(fd, buf, count) wrapfd_write(fd, buf, count) 46 #define read(fd, buf, count) wrapfd_read(fd, buf, count) 47 #define close(fd) wrapfd_close(fd) 48 #endif // FUZZ_SKIP_WRAP 49 50 struct dropbear_fuzz_options { 51 int fuzzing; 52 53 // fuzzing input 54 buffer *input; 55 struct dropbear_cipher recv_cipher; 56 struct dropbear_hash recv_mac; 57 int wrapfds; 58 59 // whether to skip slow bignum maths 60 int skip_kexmaths; 61 62 // dropbear_exit() jumps back 63 int do_jmp; 64 sigjmp_buf jmp; 65 66 // write out decrypted session data to this FD if it's set 67 // flag - this needs to be set manually in cli-main.c etc 68 int dumping; 69 // the file descriptor 70 int recv_dumpfd; 71 }; 72 73 extern struct dropbear_fuzz_options fuzz; 74 75 #endif // DROPBEAR_FUZZ 76 77 #endif /* DROPBEAR_FUZZ_H */ 78