diff options
| author | Damien Miller <djm@mindrot.org> | 2013-11-21 14:26:18 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-11-21 14:26:18 +1100 |
| commit | 8a073cf57940aabf85e49799f89f5d5e9b072c1b (patch) | |
| tree | 2446191d561babc47ccbeda447c0223bd4803dcb /regress/integrity.sh | |
| parent | ea61b2179f63d48968dd2c9617621002bb658bfe (diff) | |
- djm@cvs.openbsd.org 2013/11/21 03:18:51
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
Diffstat (limited to 'regress/integrity.sh')
| -rw-r--r-- | regress/integrity.sh | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index de2b8d05a..852d82690 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="integrity" | 4 | tid="integrity" |
| @@ -11,7 +11,7 @@ startoffset=2900 | |||
| 11 | macs=`${SSH} -Q mac` | 11 | macs=`${SSH} -Q mac` |
| 12 | # The following are not MACs, but ciphers with integrated integrity. They are | 12 | # The following are not MACs, but ciphers with integrated integrity. They are |
| 13 | # handled specially below. | 13 | # handled specially below. |
| 14 | macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`" | 14 | macs="$macs `${SSH} -Q cipher-auth`" |
| 15 | 15 | ||
| 16 | # avoid DH group exchange as the extra traffic makes it harder to get the | 16 | # avoid DH group exchange as the extra traffic makes it harder to get the |
| 17 | # offset into the stream right. | 17 | # offset into the stream right. |
| @@ -36,12 +36,14 @@ for m in $macs; do | |||
| 36 | fi | 36 | fi |
| 37 | # modify output from sshd at offset $off | 37 | # modify output from sshd at offset $off |
| 38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" | 38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" |
| 39 | case $m in | 39 | if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then |
| 40 | aes*gcm*) macopt="-c $m";; | 40 | macopt="-c $m" |
| 41 | *) macopt="-m $m";; | 41 | else |
| 42 | esac | 42 | macopt="-m $m -c aes128-ctr" |
| 43 | fi | ||
| 43 | verbose "test $tid: $m @$off" | 44 | verbose "test $tid: $m @$off" |
| 44 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 45 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
| 46 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ | ||
| 45 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | 47 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
| 46 | if [ $? -eq 0 ]; then | 48 | if [ $? -eq 0 ]; then |
| 47 | fail "ssh -m $m succeeds with bit-flip at $off" | 49 | fail "ssh -m $m succeeds with bit-flip at $off" |