diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-11-07 15:08:02 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-11-07 15:08:02 +1100 |
| commit | 06595d639577577bc15d359e037a31eb83563269 (patch) | |
| tree | 12321783db1cb174d92819b80126d7b45490d725 /regress/rekey.sh | |
| parent | 651dc8b2592202dac6b16ee3b82ce5b331be7da3 (diff) | |
- dtucker@cvs.openbsd.org 2013/11/07 01:12:51
[regress/rekey.sh]
Factor out the data transfer rekey tests
Diffstat (limited to 'regress/rekey.sh')
| -rw-r--r-- | regress/rekey.sh | 74 |
1 files changed, 26 insertions, 48 deletions
diff --git a/regress/rekey.sh b/regress/rekey.sh index 156179b38..7131a6f0a 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: rekey.sh,v 1.10 2013/11/07 00:12:05 dtucker Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.11 2013/11/07 01:12:51 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="rekey" | 4 | tid="rekey" |
| @@ -7,6 +7,25 @@ LOG=${TEST_SSH_LOGFILE} | |||
| 7 | 7 | ||
| 8 | rm -f ${LOG} | 8 | rm -f ${LOG} |
| 9 | 9 | ||
| 10 | # Test rekeying based on data volume only. | ||
| 11 | # Arguments will be passed to ssh. | ||
| 12 | ssh_data_rekeying() | ||
| 13 | { | ||
| 14 | rm -f ${COPY} ${LOG} | ||
| 15 | ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \ | ||
| 16 | "cat > ${COPY}" | ||
| 17 | if [ $? -ne 0 ]; then | ||
| 18 | fail "ssh failed ($@)" | ||
| 19 | fi | ||
| 20 | cmp ${DATA} ${COPY} || fail "corrupted copy ($@)" | ||
| 21 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
| 22 | n=`expr $n - 1` | ||
| 23 | trace "$n rekeying(s)" | ||
| 24 | if [ $n -lt 1 ]; then | ||
| 25 | fail "no rekeying occured ($@)" | ||
| 26 | fi | ||
| 27 | } | ||
| 28 | |||
| 10 | opts="" | 29 | opts="" |
| 11 | for i in `${SSH} -Q kex`; do | 30 | for i in `${SSH} -Q kex`; do |
| 12 | opts="$opts KexAlgorithms=$i" | 31 | opts="$opts KexAlgorithms=$i" |
| @@ -20,20 +39,7 @@ done | |||
| 20 | 39 | ||
| 21 | for opt in $opts; do | 40 | for opt in $opts; do |
| 22 | verbose "client rekey $opt" | 41 | verbose "client rekey $opt" |
| 23 | rm -f ${COPY} ${LOG} | 42 | ssh_data_rekeying -oRekeyLimit=16 -o$opt |
| 24 | cat $DATA | \ | ||
| 25 | ${SSH} -oCompression=no -oRekeyLimit=16 -o$opt \ | ||
| 26 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
| 27 | if [ $? -ne 0 ]; then | ||
| 28 | fail "ssh failed" | ||
| 29 | fi | ||
| 30 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
| 31 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
| 32 | n=`expr $n - 1` | ||
| 33 | trace "$n rekeying(s)" | ||
| 34 | if [ $n -lt 1 ]; then | ||
| 35 | fail "no rekeying occured" | ||
| 36 | fi | ||
| 37 | done | 43 | done |
| 38 | 44 | ||
| 39 | # GCM is magical so test with all KexAlgorithms | 45 | # GCM is magical so test with all KexAlgorithms |
| @@ -41,53 +47,25 @@ if ${SSH} -Q cipher | grep gcm@openssh.com >/dev/null ; then | |||
| 41 | for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do | 47 | for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do |
| 42 | for kex in `${SSH} -Q kex`; do | 48 | for kex in `${SSH} -Q kex`; do |
| 43 | verbose "client rekey $c $kex" | 49 | verbose "client rekey $c $kex" |
| 44 | rm -f ${COPY} ${LOG} | 50 | ssh_data_rekeying -oRekeyLimit=16 -oCiphers=$c -oKexAlgorithms=$kex |
| 45 | cat $DATA | \ | ||
| 46 | ${SSH} -oCompression=no -oRekeyLimit=16 \ | ||
| 47 | -oCiphers=$c -oKexAlgorithms=$kex \ | ||
| 48 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
| 49 | if [ $? -ne 0 ]; then | ||
| 50 | fail "ssh failed" | ||
| 51 | fi | ||
| 52 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
| 53 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
| 54 | n=`expr $n - 1` | ||
| 55 | trace "$n rekeying(s)" | ||
| 56 | if [ $n -lt 1 ]; then | ||
| 57 | fail "no rekeying occured" | ||
| 58 | fi | ||
| 59 | done | 51 | done |
| 60 | done | 52 | done |
| 61 | fi | 53 | fi |
| 62 | 54 | ||
| 63 | for s in 16 1k 128k 256k; do | 55 | for s in 16 1k 128k 256k; do |
| 64 | verbose "client rekeylimit ${s}" | 56 | verbose "client rekeylimit ${s}" |
| 65 | rm -f ${COPY} ${LOG} | 57 | ssh_data_rekeying -oCompression=no -oRekeyLimit=$s |
| 66 | cat $DATA | \ | ||
| 67 | ${SSH} -oCompression=no -oRekeyLimit=$s \ | ||
| 68 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
| 69 | if [ $? -ne 0 ]; then | ||
| 70 | fail "ssh failed" | ||
| 71 | fi | ||
| 72 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
| 73 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
| 74 | n=`expr $n - 1` | ||
| 75 | trace "$n rekeying(s)" | ||
| 76 | if [ $n -lt 1 ]; then | ||
| 77 | fail "no rekeying occured" | ||
| 78 | fi | ||
| 79 | done | 58 | done |
| 80 | 59 | ||
| 81 | for s in 5 10; do | 60 | for s in 5 10; do |
| 82 | verbose "client rekeylimit default ${s}" | 61 | verbose "client rekeylimit default ${s}" |
| 83 | rm -f ${COPY} ${LOG} | 62 | rm -f ${COPY} ${LOG} |
| 84 | cat $DATA | \ | 63 | ${SSH} < ${DATA} -oCompression=no -oRekeyLimit="default $s" -F \ |
| 85 | ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ | 64 | $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3" |
| 86 | $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3" | ||
| 87 | if [ $? -ne 0 ]; then | 65 | if [ $? -ne 0 ]; then |
| 88 | fail "ssh failed" | 66 | fail "ssh failed" |
| 89 | fi | 67 | fi |
| 90 | cmp $DATA ${COPY} || fail "corrupted copy" | 68 | cmp ${DATA} ${COPY} || fail "corrupted copy" |
| 91 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | 69 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` |
| 92 | n=`expr $n - 1` | 70 | n=`expr $n - 1` |
| 93 | trace "$n rekeying(s)" | 71 | trace "$n rekeying(s)" |