diff options
Diffstat (limited to 'regress/integrity.sh')
| -rw-r--r-- | regress/integrity.sh | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index 0185490c1..608cde0fe 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: integrity.sh,v 1.1 2012/12/11 22:42:11 markus Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.2 2013/01/12 11:23:53 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="integrity" | 4 | tid="integrity" |
| @@ -14,6 +14,10 @@ macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com | |||
| 14 | umac-64-etm@openssh.com umac-128-etm@openssh.com | 14 | umac-64-etm@openssh.com umac-128-etm@openssh.com |
| 15 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com | 15 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com |
| 16 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | 16 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" |
| 17 | # The following are not MACs, but ciphers with integrated integrity. They are | ||
| 18 | # handled specially below. | ||
| 19 | config_defined OPENSSL_HAVE_EVPGCM && | ||
| 20 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
| 17 | 21 | ||
| 18 | # sshd-command for proxy (see test-exec.sh) | 22 | # sshd-command for proxy (see test-exec.sh) |
| 19 | cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" | 23 | cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" |
| @@ -37,7 +41,11 @@ for m in $macs; do | |||
| 37 | fi | 41 | fi |
| 38 | # modify output from sshd at offset $off | 42 | # modify output from sshd at offset $off |
| 39 | pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1" | 43 | pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1" |
| 40 | output=$(${SSH} -m $m -2F $OBJ/ssh_proxy -o "$pxy" \ | 44 | case $m in |
| 45 | aes*gcm*) macopt="-c $m";; | ||
| 46 | *) macopt="-m $m";; | ||
| 47 | esac | ||
| 48 | output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | ||
| 41 | 999.999.999.999 true 2>&1) | 49 | 999.999.999.999 true 2>&1) |
| 42 | if [ $? -eq 0 ]; then | 50 | if [ $? -eq 0 ]; then |
| 43 | fail "ssh -m $m succeeds with bit-flip at $off" | 51 | fail "ssh -m $m succeeds with bit-flip at $off" |
| @@ -47,7 +55,7 @@ for m in $macs; do | |||
| 47 | verbose "test $tid: $m @$off $output" | 55 | verbose "test $tid: $m @$off $output" |
| 48 | case "$output" in | 56 | case "$output" in |
| 49 | Bad?packet*) elen=$((elen+1)); skip=3;; | 57 | Bad?packet*) elen=$((elen+1)); skip=3;; |
| 50 | Corrupted?MAC*) emac=$((emac+1)); skip=0;; | 58 | Corrupted?MAC* | Decryption?integrity?check?failed*) |
| 51 | padding*) epad=$((epad+1)); skip=0;; | 59 | padding*) epad=$((epad+1)); skip=0;; |
| 52 | *) fail "unexpected error mac $m at $off";; | 60 | *) fail "unexpected error mac $m at $off";; |
| 53 | esac | 61 | esac |