static void
sig_fuzz(struct sshkey *k, const char *sig_alg)
{
struct fuzz *fuzz;
u_char *sig, c[] = "some junk to be signed";
size_t l;
u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
if (test_is_fast())
fuzzers &= ~FUZZ_2_BYTE_FLIP;
if (test_is_slow())
fuzzers |= FUZZ_2_BIT_FLIP;
ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
ASSERT_SIZE_T_GT(l, 0);
fuzz = fuzz_begin(fuzzers, sig, l);
ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0);
free(sig);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
/* Ensure 1-bit difference at least */
if (fuzz_matches_original(fuzz))
continue;
ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
c, sizeof(c), NULL, 0), 0);
}
fuzz_cleanup(fuzz);
}
static void
signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l)
{
size_t len;
u_char *sig;
ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0);
ASSERT_SIZE_T_GT(len, 8);
ASSERT_PTR_NE(sig, NULL);
ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0);
ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, 0), 0);
/* Fuzz test is more comprehensive, this is just a smoke test */
sig[len - 5] ^= 0x10;
ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, 0), 0);
free(sig);
}
static void
sig_fuzz(struct sshkey *k)
{
struct fuzz *fuzz;
u_char *sig, c[] = "some junk to be signed";
size_t l;
ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0);
ASSERT_SIZE_T_GT(l, 0);
fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l);
ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), 0), 0);
free(sig);
TEST_ONERROR(onerror, fuzz);
for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
c, sizeof(c), 0);
}
fuzz_cleanup(fuzz);
}
void
sshbuf_tests(void)
{
struct sshbuf *p1;
const u_char *cdp;
u_char *dp;
size_t sz;
int r;
TEST_START("allocate sshbuf");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
TEST_DONE();
TEST_START("max size on fresh buffer");
ASSERT_SIZE_T_GT(sshbuf_max_size(p1), 0);
TEST_DONE();
TEST_START("available on fresh buffer");
ASSERT_SIZE_T_GT(sshbuf_avail(p1), 0);
TEST_DONE();
TEST_START("len = 0 on empty buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
TEST_DONE();
TEST_START("set valid max size");
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 65536), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 65536);
TEST_DONE();
TEST_START("available on limited buffer");
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 65536);
TEST_DONE();
TEST_START("free");
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume on empty buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_consume(p1, 0), 0);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume_end on empty buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 0), 0);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 1), SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("reserve space");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp = 0x11;
r = sshbuf_reserve(p1, 3, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp++ = 0x22;
*dp++ = 0x33;
*dp++ = 0x44;
TEST_DONE();
TEST_START("sshbuf_len on filled buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
TEST_DONE();
TEST_START("sshbuf_ptr on filled buffer");
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_U8_EQ(cdp[0], 0x11);
ASSERT_U8_EQ(cdp[1], 0x22);
ASSERT_U8_EQ(cdp[2], 0x33);
ASSERT_U8_EQ(cdp[3], 0x44);
TEST_DONE();
TEST_START("consume on filled buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume(p1, 0), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
r = sshbuf_consume(p1, 64);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 3);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(p1, NULL);
ASSERT_U8_EQ(cdp[0], 0x22);
ASSERT_INT_EQ(sshbuf_consume(p1, 2), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(p1, NULL);
ASSERT_U8_EQ(cdp[0], 0x44);
r = sshbuf_consume(p1, 2);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
r = sshbuf_consume(p1, 1);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume_end on filled buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
r = sshbuf_reserve(p1, 4, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp++ = 0x11;
*dp++ = 0x22;
*dp++ = 0x33;
*dp++ = 0x44;
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
r = sshbuf_consume_end(p1, 5);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 3), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_U8_EQ(*cdp, 0x11);
r = sshbuf_consume_end(p1, 2);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
sshbuf_free(p1);
TEST_DONE();
TEST_START("fill limited buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 1223), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 1223);
r = sshbuf_reserve(p1, 1223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0xd7, 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 0);
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
ASSERT_PTR_EQ(dp, NULL);
TEST_DONE();
TEST_START("consume and force compaction");
ASSERT_INT_EQ(sshbuf_consume(p1, 223), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1000);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 223);
r = sshbuf_reserve(p1, 224, &dp);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
ASSERT_PTR_EQ(dp, NULL);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1000);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 223);
r = sshbuf_reserve(p1, 223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0x7d, 223);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_MEM_FILLED_EQ(cdp, 0xd7, 1000);
ASSERT_MEM_FILLED_EQ(cdp + 1000, 0x7d, 223);
TEST_DONE();
TEST_START("resize full buffer");
r = sshbuf_set_max_size(p1, 1000);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
sz = roundup(1223 + SSHBUF_SIZE_INC * 3, SSHBUF_SIZE_INC);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, sz), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), sz);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), sz - 1223);
ASSERT_INT_EQ(sshbuf_len(p1), 1223);
TEST_DONE();
/* NB. uses sshbuf internals */
TEST_START("alloc chunking");
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp = 0xff;
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_MEM_FILLED_EQ(cdp, 0xd7, 1000);
ASSERT_MEM_FILLED_EQ(cdp + 1000, 0x7d, 223);
ASSERT_MEM_FILLED_EQ(cdp + 1223, 0xff, 1);
ASSERT_SIZE_T_EQ(sshbuf_alloc(p1) % SSHBUF_SIZE_INC, 0);
sshbuf_free(p1);
TEST_DONE();
TEST_START("reset buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 1223), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
r = sshbuf_reserve(p1, 1223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0xd7, 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1223);
sshbuf_reset(p1);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 1223);
sshbuf_free(p1);
TEST_DONE();
}
void
sshbuf_misc_tests(void)
{
struct sshbuf *p1;
char tmp[512], *p;
FILE *out;
size_t sz;
TEST_START("sshbuf_dump");
out = tmpfile();
ASSERT_PTR_NE(out, NULL);
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_put_u32(p1, 0x12345678), 0);
sshbuf_dump(p1, out);
fflush(out);
rewind(out);
sz = fread(tmp, 1, sizeof(tmp), out);
ASSERT_INT_EQ(ferror(out), 0);
ASSERT_INT_NE(feof(out), 0);
ASSERT_SIZE_T_GT(sz, 0);
tmp[sz] = '\0';
ASSERT_PTR_NE(strstr(tmp, "12 34 56 78"), NULL);
fclose(out);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_dtob16");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_put_u32(p1, 0x12345678), 0);
p = sshbuf_dtob16(p1);
ASSERT_PTR_NE(p, NULL);
ASSERT_STRING_EQ(p, "12345678");
free(p);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_dtob64 len 1");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
p = sshbuf_dtob64(p1);
ASSERT_PTR_NE(p, NULL);
ASSERT_STRING_EQ(p, "EQ==");
free(p);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_dtob64 len 2");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
p = sshbuf_dtob64(p1);
ASSERT_PTR_NE(p, NULL);
ASSERT_STRING_EQ(p, "ESI=");
free(p);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_dtob64 len 3");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x33), 0);
p = sshbuf_dtob64(p1);
ASSERT_PTR_NE(p, NULL);
ASSERT_STRING_EQ(p, "ESIz");
free(p);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_dtob64 len 8191");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_reserve(p1, 8192, NULL), 0);
bzero(sshbuf_mutable_ptr(p1), 8192);
p = sshbuf_dtob64(p1);
ASSERT_PTR_NE(p, NULL);
ASSERT_SIZE_T_EQ(strlen(p), ((8191 + 2) / 3) * 4);
free(p);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_b64tod len 1");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_b64tod(p1, "0A=="), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
ASSERT_U8_EQ(*sshbuf_ptr(p1), 0xd0);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_b64tod len 2");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_b64tod(p1, "0A8="), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);
ASSERT_U16_EQ(PEEK_U16(sshbuf_ptr(p1)), 0xd00f);
sshbuf_free(p1);
TEST_DONE();
TEST_START("sshbuf_b64tod len 4");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_b64tod(p1, "0A/QDw=="), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f);
sshbuf_free(p1);
TEST_DONE();
}
