diff options
author | Damien Miller <djm@mindrot.org> | 2013-11-21 14:26:18 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-11-21 14:26:18 +1100 |
commit | 8a073cf57940aabf85e49799f89f5d5e9b072c1b (patch) | |
tree | 2446191d561babc47ccbeda447c0223bd4803dcb /regress/integrity.sh | |
parent | ea61b2179f63d48968dd2c9617621002bb658bfe (diff) |
- djm@cvs.openbsd.org 2013/11/21 03:18:51
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
Diffstat (limited to 'regress/integrity.sh')
-rw-r--r-- | regress/integrity.sh | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index de2b8d05a..852d82690 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -11,7 +11,7 @@ startoffset=2900 | |||
11 | macs=`${SSH} -Q mac` | 11 | macs=`${SSH} -Q mac` |
12 | # The following are not MACs, but ciphers with integrated integrity. They are | 12 | # The following are not MACs, but ciphers with integrated integrity. They are |
13 | # handled specially below. | 13 | # handled specially below. |
14 | macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`" | 14 | macs="$macs `${SSH} -Q cipher-auth`" |
15 | 15 | ||
16 | # avoid DH group exchange as the extra traffic makes it harder to get the | 16 | # avoid DH group exchange as the extra traffic makes it harder to get the |
17 | # offset into the stream right. | 17 | # offset into the stream right. |
@@ -36,12 +36,14 @@ for m in $macs; do | |||
36 | fi | 36 | fi |
37 | # modify output from sshd at offset $off | 37 | # modify output from sshd at offset $off |
38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" | 38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" |
39 | case $m in | 39 | if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then |
40 | aes*gcm*) macopt="-c $m";; | 40 | macopt="-c $m" |
41 | *) macopt="-m $m";; | 41 | else |
42 | esac | 42 | macopt="-m $m -c aes128-ctr" |
43 | fi | ||
43 | verbose "test $tid: $m @$off" | 44 | verbose "test $tid: $m @$off" |
44 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 45 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
46 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ | ||
45 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | 47 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
46 | if [ $? -eq 0 ]; then | 48 | if [ $? -eq 0 ]; then |
47 | fail "ssh -m $m succeeds with bit-flip at $off" | 49 | fail "ssh -m $m succeeds with bit-flip at $off" |