summaryrefslogtreecommitdiff
path: root/regress/misc/kexfuzz/README
diff options
context:
space:
mode:
Diffstat (limited to 'regress/misc/kexfuzz/README')
-rw-r--r--regress/misc/kexfuzz/README28
1 files changed, 28 insertions, 0 deletions
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README
new file mode 100644
index 000000000..8b215b5bf
--- /dev/null
+++ b/regress/misc/kexfuzz/README
@@ -0,0 +1,28 @@
1This is a harness to help with fuzzing KEX.
2
3To use it, you first set it to count packets in each direction:
4
5./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
6S2C: 29
7C2S: 31
8
9Then get it to record a particular packet (in this case the 4th
10packet from client->server):
11
12./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
13 -d -D C2S -i 3 -f packet_3
14
15Fuzz the packet somehow:
16
17dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
18
19Then re-run the key exchange substituting the modified packet in
20its original sequence:
21
22./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
23 -r -D C2S -i 3 -f packet_3
24
25A comprehensive KEX fuzz run would fuzz every packet in both
26directions for each key exchange type and every hostkey type.
27This will take some time.
28