4 files changed, 32 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 3be438c75..dd847610f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - djm@cvs.openbsd.org 2013/01/12 11:22:04
      [cipher.c]
      improve error message for integrity failure in AES-GCM modes; ok markus@
+   - djm@cvs.openbsd.org 2013/01/12 11:23:53
+     [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
+     test AES-GCM modes; feedback markus@
 
 20130109
  - (djm) OpenBSD CVS Sync
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh
index 4f26f7e96..ed7c6f320 100644
--- a/regress/cipher-speed.sh
+++ b/regress/cipher-speed.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cipher-speed.sh,v 1.6 2012/10/05 02:20:48 dtucker Exp $
+#       $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $
 #       Placed in the Public Domain.
 
 tid="cipher speed"
@@ -16,12 +16,14 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
         arcfour128 arcfour256 arcfour 
         aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
         aes128-ctr aes192-ctr aes256-ctr"
+config_defined OPENSSL_HAVE_EVPGCM &&
+        ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
 macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
         hmac-sha1-96 hmac-md5-96"
 config_defined HAVE_EVP_SHA256 &&
     macs="$macs hmac-sha2-256 hmac-sha2-512"
 
-for c in $ciphers; do for m in $macs; do
+for c in $ciphers; do n=0; for m in $macs; do
         trace "proto 2 cipher $c mac $m"
         for x in $tries; do
                 echon "$c/$m:\t"
@@ -34,6 +36,11 @@ for c in $ciphers; do for m in $macs; do
                         fail "ssh -2 failed with mac $m cipher $c"
                 fi
         done
+        # No point trying all MACs for GCM since they are ignored.
+        case $c in
+        aes*-gcm@openssh.com)   test $n -gt 0 && break;;
+        esac
+        n=$(($n + 1))
 done; done
 
 ciphers="3des blowfish"
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 0185490c1..608cde0fe 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: integrity.sh,v 1.1 2012/12/11 22:42:11 markus Exp $
+#       $OpenBSD: integrity.sh,v 1.2 2013/01/12 11:23:53 djm Exp $
 #       Placed in the Public Domain.
 
 tid="integrity"
@@ -14,6 +14,10 @@ macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
         umac-64-etm@openssh.com umac-128-etm@openssh.com
         hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com
         hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+# The following are not MACs, but ciphers with integrated integrity. They are
+# handled specially below.
+config_defined OPENSSL_HAVE_EVPGCM &&
+        macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
 
 # sshd-command for proxy (see test-exec.sh)
 cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy"
@@ -37,7 +41,11 @@ for m in $macs; do
                 fi
                 # modify output from sshd at offset $off
                 pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1"
-                output=$(${SSH} -m $m -2F $OBJ/ssh_proxy -o "$pxy" \
+                case $m in
+                        aes*gcm*)       macopt="-c $m";;
+                        *)              macopt="-m $m";;
+                esac
+                output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
                     999.999.999.999 true 2>&1)
                 if [ $? -eq 0 ]; then
                         fail "ssh -m $m succeeds with bit-flip at $off"
@@ -47,7 +55,7 @@ for m in $macs; do
                 verbose "test $tid: $m @$off $output"
                 case "$output" in
                 Bad?packet*)    elen=$((elen+1)); skip=3;;
-                Corrupted?MAC*) emac=$((emac+1)); skip=0;;
+                Corrupted?MAC* | Decryption?integrity?check?failed*)
                 padding*)       epad=$((epad+1)); skip=0;;
                 *)              fail "unexpected error mac $m at $off";;
                 esac
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index 2b11b59ea..ca2851713 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: try-ciphers.sh,v 1.17 2012/12/11 23:12:13 markus Exp $
+#       $OpenBSD: try-ciphers.sh,v 1.18 2013/01/12 11:23:53 djm Exp $
 #       Placed in the Public Domain.
 
 tid="try ciphers"
@@ -6,7 +6,8 @@ tid="try ciphers"
 ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 
         arcfour128 arcfour256 arcfour 
         aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-        aes128-ctr aes192-ctr aes256-ctr"
+        aes128-ctr aes192-ctr aes256-ctr
+        aes128-gcm@openssh.com aes256-gcm@openssh.com"
 macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
         hmac-sha1-96 hmac-md5-96
         hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
@@ -18,6 +19,7 @@ config_defined HAVE_EVP_SHA256 &&
         hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
 
 for c in $ciphers; do
+        n=0
         for m in $macs; do
                 trace "proto 2 cipher $c mac $m"
                 verbose "test $tid: proto 2 cipher $c mac $m"
@@ -25,6 +27,11 @@ for c in $ciphers; do
                 if [ $? -ne 0 ]; then
                         fail "ssh -2 failed with mac $m cipher $c"
                 fi
+                # No point trying all MACs for GCM since they are ignored.
+                case $c in
+                aes*-gcm@openssh.com)   test $n -gt 0 && break;;
+                esac
+                n=$(($n + 1))
         done
 done