summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--regress/rekey.sh74
2 files changed, 29 insertions, 48 deletions
diff --git a/ChangeLog b/ChangeLog
index 3aa955def..24f7f4591 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,9 @@
31 [regress/rekey.sh] 31 [regress/rekey.sh]
32 Test rekeying for every Cipher, MAC and KEX, plus test every KEX with 32 Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
33 the GCM ciphers. 33 the GCM ciphers.
34 - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
35 [regress/rekey.sh]
36 Factor out the data transfer rekey tests
34 37
3520131104 3820131104
36 - (djm) OpenBSD CVS Sync 39 - (djm) OpenBSD CVS Sync
diff --git a/regress/rekey.sh b/regress/rekey.sh
index 156179b38..7131a6f0a 100644
--- a/regress/rekey.sh
+++ b/regress/rekey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: rekey.sh,v 1.10 2013/11/07 00:12:05 dtucker Exp $ 1# $OpenBSD: rekey.sh,v 1.11 2013/11/07 01:12:51 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="rekey" 4tid="rekey"
@@ -7,6 +7,25 @@ LOG=${TEST_SSH_LOGFILE}
7 7
8rm -f ${LOG} 8rm -f ${LOG}
9 9
10# Test rekeying based on data volume only.
11# Arguments will be passed to ssh.
12ssh_data_rekeying()
13{
14 rm -f ${COPY} ${LOG}
15 ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \
16 "cat > ${COPY}"
17 if [ $? -ne 0 ]; then
18 fail "ssh failed ($@)"
19 fi
20 cmp ${DATA} ${COPY} || fail "corrupted copy ($@)"
21 n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
22 n=`expr $n - 1`
23 trace "$n rekeying(s)"
24 if [ $n -lt 1 ]; then
25 fail "no rekeying occured ($@)"
26 fi
27}
28
10opts="" 29opts=""
11for i in `${SSH} -Q kex`; do 30for i in `${SSH} -Q kex`; do
12 opts="$opts KexAlgorithms=$i" 31 opts="$opts KexAlgorithms=$i"
@@ -20,20 +39,7 @@ done
20 39
21for opt in $opts; do 40for opt in $opts; do
22 verbose "client rekey $opt" 41 verbose "client rekey $opt"
23 rm -f ${COPY} ${LOG} 42 ssh_data_rekeying -oRekeyLimit=16 -o$opt
24 cat $DATA | \
25 ${SSH} -oCompression=no -oRekeyLimit=16 -o$opt \
26 -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
27 if [ $? -ne 0 ]; then
28 fail "ssh failed"
29 fi
30 cmp $DATA ${COPY} || fail "corrupted copy"
31 n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
32 n=`expr $n - 1`
33 trace "$n rekeying(s)"
34 if [ $n -lt 1 ]; then
35 fail "no rekeying occured"
36 fi
37done 43done
38 44
39# GCM is magical so test with all KexAlgorithms 45# GCM is magical so test with all KexAlgorithms
@@ -41,53 +47,25 @@ if ${SSH} -Q cipher | grep gcm@openssh.com >/dev/null ; then
41 for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do 47 for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do
42 for kex in `${SSH} -Q kex`; do 48 for kex in `${SSH} -Q kex`; do
43 verbose "client rekey $c $kex" 49 verbose "client rekey $c $kex"
44 rm -f ${COPY} ${LOG} 50 ssh_data_rekeying -oRekeyLimit=16 -oCiphers=$c -oKexAlgorithms=$kex
45 cat $DATA | \
46 ${SSH} -oCompression=no -oRekeyLimit=16 \
47 -oCiphers=$c -oKexAlgorithms=$kex \
48 -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
49 if [ $? -ne 0 ]; then
50 fail "ssh failed"
51 fi
52 cmp $DATA ${COPY} || fail "corrupted copy"
53 n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
54 n=`expr $n - 1`
55 trace "$n rekeying(s)"
56 if [ $n -lt 1 ]; then
57 fail "no rekeying occured"
58 fi
59 done 51 done
60 done 52 done
61fi 53fi
62 54
63for s in 16 1k 128k 256k; do 55for s in 16 1k 128k 256k; do
64 verbose "client rekeylimit ${s}" 56 verbose "client rekeylimit ${s}"
65 rm -f ${COPY} ${LOG} 57 ssh_data_rekeying -oCompression=no -oRekeyLimit=$s
66 cat $DATA | \
67 ${SSH} -oCompression=no -oRekeyLimit=$s \
68 -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
69 if [ $? -ne 0 ]; then
70 fail "ssh failed"
71 fi
72 cmp $DATA ${COPY} || fail "corrupted copy"
73 n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
74 n=`expr $n - 1`
75 trace "$n rekeying(s)"
76 if [ $n -lt 1 ]; then
77 fail "no rekeying occured"
78 fi
79done 58done
80 59
81for s in 5 10; do 60for s in 5 10; do
82 verbose "client rekeylimit default ${s}" 61 verbose "client rekeylimit default ${s}"
83 rm -f ${COPY} ${LOG} 62 rm -f ${COPY} ${LOG}
84 cat $DATA | \ 63 ${SSH} < ${DATA} -oCompression=no -oRekeyLimit="default $s" -F \
85 ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ 64 $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
86 $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
87 if [ $? -ne 0 ]; then 65 if [ $? -ne 0 ]; then
88 fail "ssh failed" 66 fail "ssh failed"
89 fi 67 fi
90 cmp $DATA ${COPY} || fail "corrupted copy" 68 cmp ${DATA} ${COPY} || fail "corrupted copy"
91 n=`grep 'NEWKEYS sent' ${LOG} | wc -l` 69 n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
92 n=`expr $n - 1` 70 n=`expr $n - 1`
93 trace "$n rekeying(s)" 71 trace "$n rekeying(s)"