summaryrefslogtreecommitdiff
path: root/regress/integrity.sh
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-11-21 14:26:18 +1100
committerDamien Miller <djm@mindrot.org>2013-11-21 14:26:18 +1100
commit8a073cf57940aabf85e49799f89f5d5e9b072c1b (patch)
tree2446191d561babc47ccbeda447c0223bd4803dcb /regress/integrity.sh
parentea61b2179f63d48968dd2c9617621002bb658bfe (diff)
- djm@cvs.openbsd.org 2013/11/21 03:18:51
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] [regress/try-ciphers.sh] use new "ssh -Q cipher-auth" query to obtain lists of authenticated encryption ciphers instead of specifying them manually; ensures that the new chacha20poly1305@openssh.com mode is tested; ok markus@ and naddy@ as part of the diff to add chacha20poly1305@openssh.com
Diffstat (limited to 'regress/integrity.sh')
-rw-r--r--regress/integrity.sh14
1 files changed, 8 insertions, 6 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh
index de2b8d05a..852d82690 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $ 1# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
@@ -11,7 +11,7 @@ startoffset=2900
11macs=`${SSH} -Q mac` 11macs=`${SSH} -Q mac`
12# The following are not MACs, but ciphers with integrated integrity. They are 12# The following are not MACs, but ciphers with integrated integrity. They are
13# handled specially below. 13# handled specially below.
14macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`" 14macs="$macs `${SSH} -Q cipher-auth`"
15 15
16# avoid DH group exchange as the extra traffic makes it harder to get the 16# avoid DH group exchange as the extra traffic makes it harder to get the
17# offset into the stream right. 17# offset into the stream right.
@@ -36,12 +36,14 @@ for m in $macs; do
36 fi 36 fi
37 # modify output from sshd at offset $off 37 # modify output from sshd at offset $off
38 pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" 38 pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
39 case $m in 39 if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
40 aes*gcm*) macopt="-c $m";; 40 macopt="-c $m"
41 *) macopt="-m $m";; 41 else
42 esac 42 macopt="-m $m -c aes128-ctr"
43 fi
43 verbose "test $tid: $m @$off" 44 verbose "test $tid: $m @$off"
44 ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ 45 ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
46 -oServerAliveInterval=1 -oServerAliveCountMax=30 \
45 999.999.999.999 'printf "%4096s" " "' >/dev/null 47 999.999.999.999 'printf "%4096s" " "' >/dev/null
46 if [ $? -eq 0 ]; then 48 if [ $? -eq 0 ]; then
47 fail "ssh -m $m succeeds with bit-flip at $off" 49 fail "ssh -m $m succeeds with bit-flip at $off"