Tech/introduce gh ci workflow

.github/workflows/e2e_pr.yaml

@@ -0,0 +1,57 @@
+name: CI for ssh-mapper
+on: [push, pull_request]
+
+jobs:
+  ssh-mapper-dropbear-server:
+    if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
+    runs-on: ubuntu-latest
+    # strategy:
+    #   fail-fast: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Start learning DropbearSSH server
+        run: cd experiments/scripts/ && ./start_experiment.sh dropbear
+
+      - name: Verify Result
+        run: |
+          # wait for the learning to be over
+          while [ "$( docker container inspect -f '{{.State.Running}}' dropbear-learner )" = "true" ]; do date; echo "still learning"; sleep 5; done
+          experiments/scripts/diff_hyps.sh experiments/results/servers/dropbear experiments/orchestration/learner_output_dropbear 3
+
+  ssh-mapper-openssh7-server:
+    if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
+    runs-on: ubuntu-latest
+    # strategy:
+    #   fail-fast: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Start learning OpenSSH7 server
+        run: cd experiments/scripts/ && ./start_experiment.sh openssh7
+
+      - name: Verify Result
+        run: |
+          # wait for the learning to be over
+          while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner7 )" = "true" ]; do date; echo "still learning"; sleep 5; done
+          experiments/scripts/diff_hyps.sh experiments/results/servers/openssh7 experiments/orchestration/learner_output_openssh7 3
+
+  ssh-mapper-openssh8-server:
+    if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
+    runs-on: ubuntu-latest
+    # strategy:
+    #   fail-fast: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Start learning OpenSSH8 server
+        run: cd experiments/scripts/ && ./start_experiment.sh openssh8
+
+      - name: Verify Result
+        run: |
+          # wait for the learning to be over
+          while [ "$( docker container inspect -f '{{.State.Running}}' openssh-learner8 )" = "true" ]; do date; echo "still learning"; sleep 5; done
+          experiments/scripts/diff_hyps.sh experiments/results/servers/openssh8 experiments/orchestration/learner_output_openssh8 2

.gitignore

@@ -27,4 +27,5 @@ ssh-mapper/paramiko.egg-info/**
 ssh-mapper/build/**
 ssh-mapper/dist/**
 ssh-mapper/mapper/__pycache__/**
-ssh-learner/target/**
+ssh-learner/target/**
+__pycache__/

experiments/orchestration/docker-compose-dropbear.yaml

@@ -0,0 +1,52 @@
+version: "3.8"
+
+services:
+  dropbear-ssh:
+    build:
+      context: .
+      dockerfile: dockerfiles/Dockerfile.dropbear
+    container_name: dropbear-ssh
+    ports:
+      - "2222:22"
+    networks:
+      - dropbear_network
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/local/sbin/dropbear -F -E -j -k -s"]
+
+
+  dropbear-mapper:
+    build:
+      context: ../../ssh-mapper
+      dockerfile: Dockerfile
+    container_name: dropbear-mapper
+    # ports:
+    #   - "8080:8080"
+    depends_on:
+      - dropbear-ssh
+    networks:
+      - dropbear_network
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    command: -l 0.0.0.0:8080 -s dropbear-ssh:22 -f server
+
+  dropbear-learner:
+    build:
+      context: ../../ssh-learner
+      dockerfile: Dockerfile
+    container_name: dropbear-learner
+    networks:
+      - dropbear_network
+    depends_on:
+      - dropbear-ssh
+      - dropbear-mapper
+    volumes:
+      - ./learner_output_dropbear:/app/output_folder
+      - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/
+    command: ["state-fuzzer-server", "-connect", "dropbear-mapper:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "dropbear-mapper:8080", "-roundLimit", "3", "-debug"]
+
+networks:
+  dropbear_network:
+    driver: bridge

experiments/orchestration/docker-compose-openssh7.yaml

@@ -0,0 +1,52 @@
+version: "3.8"
+
+services:
+  openssh-server7:
+    build:
+      context: .
+      dockerfile: dockerfiles/Dockerfile.openssh7
+    container_name: openssh-server7
+    # ports:
+    #   - "2222:22"
+    networks:
+      - openssh_network7
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/sbin/sshd -D -e"]
+
+
+  openssh-mapper7:
+    build:
+      context: ../../ssh-mapper
+      dockerfile: Dockerfile
+    container_name: openssh-mapper7
+    # ports:
+    #   - "8080:8080"
+    depends_on:
+      - openssh-server7
+    networks:
+      - openssh_network7
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    command: -l 0.0.0.0:8080 -s openssh-server7:22  -c OpenSSH -f server
+
+  openssh-learner7:
+    build:
+      context: ../../ssh-learner
+      dockerfile: Dockerfile
+    container_name: openssh-learner7
+    networks:
+      - openssh_network7
+    depends_on:
+      - openssh-server7
+      - openssh-mapper7
+    volumes:
+      - ./learner_output_openssh7:/app/output_folder
+      - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/
+    command: ["state-fuzzer-server", "-connect", "openssh-mapper7:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper7:8080","-debug", "-roundLimit", "3"]
+
+networks:
+  openssh_network7:
+    driver: bridge

experiments/orchestration/docker-compose-openssh8.yaml

@@ -0,0 +1,52 @@
+version: "3.8"
+
+services:
+  openssh-server8:
+    build:
+      context: .
+      dockerfile: dockerfiles/Dockerfile.openssh8
+    container_name: openssh-server8
+    # ports:
+    #   - "2222:22"
+    networks:
+      - openssh_network8
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    entrypoint: ["sh", "-c", "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && /usr/sbin/sshd -D -e"]
+
+
+  openssh-mapper8:
+    build:
+      context: ../../ssh-mapper
+      dockerfile: Dockerfile
+    container_name: openssh-mapper8
+    # ports:
+    #   - "8080:8080"
+    depends_on:
+      - openssh-server8
+    networks:
+      - openssh_network8
+    volumes:
+      - ./ssh-keys/learner-ssh.pub:/root/.ssh/id_rsa.pub:ro
+      - ./ssh-keys/learner-ssh:/root/.ssh/id_rsa:ro
+    command: -l 0.0.0.0:8080 -s openssh-server8:22  -c OpenSSH -f server
+
+  openssh-learner8:
+    build:
+      context: ../../ssh-learner
+      dockerfile: Dockerfile
+    container_name: openssh-learner8
+    networks:
+      - openssh_network8
+    depends_on:
+      - openssh-server8
+      - openssh-mapper8
+    volumes:
+      - ./learner_output_openssh8:/app/output_folder
+      - ../../ssh-learner/inputs/alphabets/servers/:/app/inputs/alphabets/servers/
+    command: ["state-fuzzer-server", "-connect", "openssh-mapper8:8080", "-alphabet", "/app/inputs/alphabets/servers/trans_auth.xml", "-output", "/app/output_folder", "-sshMapperAddress", "openssh-mapper8:8080","-debug", "-roundLimit", "3"]
+
+networks:
+  openssh_network8:
+    driver: bridge

Dockerfile.dropbear → experiments/orchestration/dockerfiles/Dockerfile.dropbear

@@ -42,9 +42,7 @@ RUN dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key && \
 # Set Dropbear server to run on port 22 (override in `docker run -p`)
 EXPOSE 22
 
-COPY ssh-keys/learner-ssh.pub .
-
-RUN mkdir ~/.ssh; cat learner-ssh.pub >> ~/.ssh/authorized_keys
+RUN mkdir ~/.ssh; chmod 700 ~/.ssh
 
 # Command to run Dropbear SSH server
 CMD ["/usr/local/sbin/dropbear", "-F", "-E", "-j", "-k", "-s"]

experiments/orchestration/dockerfiles/Dockerfile.openssh7

@@ -0,0 +1,16 @@
+FROM ubuntu:bionic
+
+USER root
+
+RUN apt-get update && apt-get install -y systemd openssh-server sudo vim
+
+RUN mkdir /run/sshd
+
+RUN echo "LogLevel DEBUG3" >> /etc/ssh/sshd_config
+
+RUN echo "KexAlgorithms +curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config && \
+    echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
+
+RUN systemctl enable ssh
+
+CMD ["/usr/sbin/sshd", "-D", "-e"]

experiments/orchestration/dockerfiles/Dockerfile.openssh8

@@ -0,0 +1,16 @@
+FROM ubuntu:focal
+
+USER root
+
+RUN apt-get update && apt-get install -y systemd openssh-server sudo vim
+
+RUN mkdir /run/sshd
+
+RUN echo "LogLevel DEBUG3" >> /etc/ssh/sshd_config
+
+RUN echo "KexAlgorithms +curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config && \
+    echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> /etc/ssh/sshd_config
+
+RUN systemctl enable ssh
+
+CMD ["/usr/sbin/sshd", "-D", "-e"]

experiments/results/servers/dropbear/alphabet.xml

@@ -0,0 +1,10 @@
+<alphabet>
+    <!-- -->
+    <SshInput name="KEXINIT" />
+    <SshInput name="KEX30" />
+    <SshInput name="NEWKEYS" />
+    <SshInput name="SR_AUTH" />
+    <SshInput name="SR_CONN" />
+    <SshInput name="UA_PK_OK" />
+    <SshInput name="UA_PK_NOK" />
+</alphabet>

experiments/results/servers/dropbear/command.args

@@ -0,0 +1,11 @@
+state-fuzzer-server
+-connect
+ssh-mapper:8080
+-alphabet
+/app/inputs/alphabets/servers/trans_auth.xml
+-output
+/app/output_folder
+-sshMapperAddress
+ssh-mapper:8080
+-roundLimit
+3

experiments/results/servers/dropbear/hyp1.dot

@@ -0,0 +1,15 @@
+digraph g {
+
+	s0 [shape="circle" label="s0"];
+	s0 -> s0 [label="KEXINIT / KEXINIT"];
+	s0 -> s0 [label="KEX30 / KEXINIT+UNIMPL"];
+	s0 -> s0 [label="NEWKEYS / KEXINIT+UNIMPL"];
+	s0 -> s0 [label="SR_AUTH / KEXINIT"];
+	s0 -> s0 [label="SR_CONN / KEXINIT"];
+	s0 -> s0 [label="UA_PK_OK / KEXINIT"];
+	s0 -> s0 [label="UA_PK_NOK / KEXINIT"];
+
+__start0 [label="" shape="none" width="0" height="0"];
+__start0 -> s0;
+
+}