fuzz: Add key files fuzzers

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>

tests/fuzz/CMakeLists.txt

@@ -32,3 +32,5 @@ fuzzer(ssh_server_fuzzer)
 fuzzer(ssh_client_config_fuzzer)
 fuzzer(ssh_bind_config_fuzzer)
 fuzzer(ssh_known_hosts_fuzzer)
+fuzzer(ssh_privkey_fuzzer)
+fuzzer(ssh_pubkey_fuzzer)

tests/fuzz/ssh_privkey_fuzzer.c

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2023 Jakub Jelen <jjelen@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "config.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+#include "libssh/priv.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    ssh_key pkey = NULL;
+    uint8_t *input = NULL;
+    int rc;
+
+    input = bin_to_base64(data, size);
+    if (input == NULL) {
+        return 1;
+    }
+
+    ssh_init();
+
+    rc = ssh_pki_import_privkey_base64((char *)input, NULL, NULL, NULL, &pkey);
+    free(input);
+    if (rc != SSH_OK) {
+        return 1;
+    }
+    ssh_key_free(pkey);
+
+    ssh_finalize();
+
+    return 0;
+}
+

tests/fuzz/ssh_privkey_fuzzer_corpus/855ce609b52aec530bf631a78da7038bed99040a

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVgAAAKg+IRNSPiET
+UgAAAAtzc2gtZWQyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVg
+AAAED2zFg52qYItoZaSUnir4VKubTxJveL9D2oWK7Prg/O24ujq/HWVfplmh7TmVZOS7Cs
+lRk3RPyER6vlQX0o+E5WAAAAHmpqZWxlbkB0NDcwcy5qamVsZW4ucmVkaGF0LmNvbQECAw
+QFBgc=
+-----END OPENSSH PRIVATE KEY-----

tests/fuzz/ssh_pubkey_fuzzer.c

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2023 Jakub Jelen <jjelen@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    ssh_key pkey = NULL;
+    const char *template = "/tmp/libssh_pubkey_XXXXXX";
+    char *filename = strdup(template);
+    int fd;
+    int rc;
+    ssize_t sz;
+
+    ssh_init();
+
+    if (filename == NULL) {
+        return -1;
+    }
+    fd = mkstemp(filename);
+    if (fd  == -1) {
+        free(filename);
+        close(fd);
+        return -1;
+    }
+    sz = write(fd, data, size);
+    close(fd);
+    if ((size_t)sz != size) {
+        unlink(filename);
+        free(filename);
+        return -1;
+    }
+
+    rc = ssh_pki_import_pubkey_file(filename, &pkey);
+    if (rc != SSH_OK) {
+        unlink(filename);
+        free(filename);
+        return 1;
+    }
+    ssh_key_free(pkey);
+    unlink(filename);
+    free(filename);
+
+    ssh_finalize();
+
+    return 0;
+}
+

tests/fuzz/ssh_pubkey_fuzzer_corpus/b2c9f01394a2835b2cd7c520395a4977143e8d23

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujq/HWVfplmh7TmVZOS7CslRk3RPyER6vlQX0o+E5W jjelen@t470s.jjelen.redhat.com