From fa51d8b6b2151c47c08ee54a0ece8173a4c465c3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Dec 2012 10:08:25 +1100 Subject: - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 [regress/cipher-speed.sh regress/try-ciphers.sh] Add umac-128@openssh.com to the list of MACs to be tested --- regress/cipher-speed.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'regress/cipher-speed.sh') diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 5800f4b09..4f26f7e96 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.5 2012/06/28 05:07:45 dtucker Exp $ +# $OpenBSD: cipher-speed.sh,v 1.6 2012/10/05 02:20:48 dtucker Exp $ # Placed in the Public Domain. tid="cipher speed" @@ -16,7 +16,8 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" -macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" +macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com + hmac-sha1-96 hmac-md5-96" config_defined HAVE_EVP_SHA256 && macs="$macs hmac-sha2-256 hmac-sha2-512" -- cgit v1.2.3 From 846dc7f21c0dd52bc8cc8f433d464a6561066d00 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 12 Jan 2013 22:46:26 +1100 Subject: - djm@cvs.openbsd.org 2013/01/12 11:23:53 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@ --- ChangeLog | 3 +++ regress/cipher-speed.sh | 11 +++++++++-- regress/integrity.sh | 14 +++++++++++--- regress/try-ciphers.sh | 11 +++++++++-- 4 files changed, 32 insertions(+), 7 deletions(-) (limited to 'regress/cipher-speed.sh') diff --git a/ChangeLog b/ChangeLog index 3be438c75..dd847610f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - djm@cvs.openbsd.org 2013/01/12 11:22:04 [cipher.c] improve error message for integrity failure in AES-GCM modes; ok markus@ + - djm@cvs.openbsd.org 2013/01/12 11:23:53 + [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] + test AES-GCM modes; feedback markus@ 20130109 - (djm) OpenBSD CVS Sync diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 4f26f7e96..ed7c6f320 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.6 2012/10/05 02:20:48 dtucker Exp $ +# $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $ # Placed in the Public Domain. tid="cipher speed" @@ -16,12 +16,14 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" +config_defined OPENSSL_HAVE_EVPGCM && + ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com" macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com hmac-sha1-96 hmac-md5-96" config_defined HAVE_EVP_SHA256 && macs="$macs hmac-sha2-256 hmac-sha2-512" -for c in $ciphers; do for m in $macs; do +for c in $ciphers; do n=0; for m in $macs; do trace "proto 2 cipher $c mac $m" for x in $tries; do echon "$c/$m:\t" @@ -34,6 +36,11 @@ for c in $ciphers; do for m in $macs; do fail "ssh -2 failed with mac $m cipher $c" fi done + # No point trying all MACs for GCM since they are ignored. + case $c in + aes*-gcm@openssh.com) test $n -gt 0 && break;; + esac + n=$(($n + 1)) done; done ciphers="3des blowfish" diff --git a/regress/integrity.sh b/regress/integrity.sh index 0185490c1..608cde0fe 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.1 2012/12/11 22:42:11 markus Exp $ +# $OpenBSD: integrity.sh,v 1.2 2013/01/12 11:23:53 djm Exp $ # Placed in the Public Domain. tid="integrity" @@ -14,6 +14,10 @@ macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" +# The following are not MACs, but ciphers with integrated integrity. They are +# handled specially below. +config_defined OPENSSL_HAVE_EVPGCM && + macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" # sshd-command for proxy (see test-exec.sh) cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" @@ -37,7 +41,11 @@ for m in $macs; do fi # modify output from sshd at offset $off pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1" - output=$(${SSH} -m $m -2F $OBJ/ssh_proxy -o "$pxy" \ + case $m in + aes*gcm*) macopt="-c $m";; + *) macopt="-m $m";; + esac + output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ 999.999.999.999 true 2>&1) if [ $? -eq 0 ]; then fail "ssh -m $m succeeds with bit-flip at $off" @@ -47,7 +55,7 @@ for m in $macs; do verbose "test $tid: $m @$off $output" case "$output" in Bad?packet*) elen=$((elen+1)); skip=3;; - Corrupted?MAC*) emac=$((emac+1)); skip=0;; + Corrupted?MAC* | Decryption?integrity?check?failed*) padding*) epad=$((epad+1)); skip=0;; *) fail "unexpected error mac $m at $off";; esac diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 2b11b59ea..ca2851713 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: try-ciphers.sh,v 1.17 2012/12/11 23:12:13 markus Exp $ +# $OpenBSD: try-ciphers.sh,v 1.18 2013/01/12 11:23:53 djm Exp $ # Placed in the Public Domain. tid="try ciphers" @@ -6,7 +6,8 @@ tid="try ciphers" ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se - aes128-ctr aes192-ctr aes256-ctr" + aes128-ctr aes192-ctr aes256-ctr + aes128-gcm@openssh.com aes256-gcm@openssh.com" macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com hmac-sha1-96 hmac-md5-96 hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com @@ -18,6 +19,7 @@ config_defined HAVE_EVP_SHA256 && hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" for c in $ciphers; do + n=0 for m in $macs; do trace "proto 2 cipher $c mac $m" verbose "test $tid: proto 2 cipher $c mac $m" @@ -25,6 +27,11 @@ for c in $ciphers; do if [ $? -ne 0 ]; then fail "ssh -2 failed with mac $m cipher $c" fi + # No point trying all MACs for GCM since they are ignored. + case $c in + aes*-gcm@openssh.com) test $n -gt 0 && break;; + esac + n=$(($n + 1)) done done -- cgit v1.2.3 From b26699bbadaffa1b1de2f6b0e175b77aba337de5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 17 Jan 2013 14:31:57 +1100 Subject: - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] check for GCM support before testing GCM ciphers. --- ChangeLog | 4 ++++ regress/cipher-speed.sh | 4 ++-- regress/integrity.sh | 2 +- regress/try-ciphers.sh | 5 +++-- 4 files changed, 10 insertions(+), 5 deletions(-) (limited to 'regress/cipher-speed.sh') diff --git a/ChangeLog b/ChangeLog index 92830553e..686fe8966 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20130117 + - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] + check for GCM support before testing GCM ciphers. + 20130112 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/01/12 11:22:04 diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index ed7c6f320..114191b89 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -16,11 +16,11 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" -config_defined OPENSSL_HAVE_EVPGCM && +config_defined OPENSSL_HAVE_EVPGCM && \ ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com" macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com hmac-sha1-96 hmac-md5-96" -config_defined HAVE_EVP_SHA256 && +config_defined HAVE_EVP_SHA256 && \ macs="$macs hmac-sha2-256 hmac-sha2-512" for c in $ciphers; do n=0; for m in $macs; do diff --git a/regress/integrity.sh b/regress/integrity.sh index 2b4bfeacc..91168fd2e 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -16,7 +16,7 @@ macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" # The following are not MACs, but ciphers with integrated integrity. They are # handled specially below. -config_defined OPENSSL_HAVE_EVPGCM && +config_defined OPENSSL_HAVE_EVPGCM && \ macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" # sshd-command for proxy (see test-exec.sh) diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index ca2851713..ef91085c5 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh @@ -6,8 +6,9 @@ tid="try ciphers" ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se - aes128-ctr aes192-ctr aes256-ctr - aes128-gcm@openssh.com aes256-gcm@openssh.com" + aes128-ctr aes192-ctr aes256-ctr" +config_defined OPENSSL_HAVE_EVPGCM && \ + ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com" macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com hmac-sha1-96 hmac-md5-96 hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com -- cgit v1.2.3 From c08b3ef6f435b64c3b7125f93e5b3e661e019f3e Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 19 Feb 2013 11:53:29 -0800 Subject: - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. --- ChangeLog | 3 +++ regress/cipher-speed.sh | 2 +- regress/try-ciphers.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'regress/cipher-speed.sh') diff --git a/ChangeLog b/ChangeLog index 09d5c1304..41d49f6b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20130220 + - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. + 20130219 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/02/18 22:26:47 diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 114191b89..21bf0f2e9 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -40,7 +40,7 @@ for c in $ciphers; do n=0; for m in $macs; do case $c in aes*-gcm@openssh.com) test $n -gt 0 && break;; esac - n=$(($n + 1)) + n=`expr $n + 1` done; done ciphers="3des blowfish" diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 87ec7497a..084a1457a 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh @@ -32,7 +32,7 @@ for c in $ciphers; do case $c in aes*-gcm@openssh.com) test $n -gt 0 && break;; esac - n=$(($n + 1)) + n=`expr $n + 1` done done -- cgit v1.2.3 From fe10a28e088751ec3a6ac96e73be21bae8b86d70 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 12 Mar 2013 11:19:40 +1100 Subject: - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] Improve portability of cipher-speed test, based mostly on a patch from Iain Morgan. --- ChangeLog | 5 +++++ regress/Makefile | 2 +- regress/cipher-speed.sh | 9 ++++----- regress/test-exec.sh | 4 ++++ 4 files changed, 14 insertions(+), 6 deletions(-) (limited to 'regress/cipher-speed.sh') diff --git a/ChangeLog b/ChangeLog index 3b5b5482f..859c01ad9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20120312 + - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] + Improve portability of cipher-speed test, based mostly on a patch from + Iain Morgan. + 20130307 - (dtucker) [INSTALL] Bump documented autoconf version to what we're currently using. diff --git a/regress/Makefile b/regress/Makefile index 779abf4fb..6ef5d9cce 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -71,7 +71,7 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers USER!= id -un CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ t8.out t8.out.pub t9.out t9.out.pub \ - authorized_keys_${USER} known_hosts pidfile \ + authorized_keys_${USER} known_hosts pidfile testdata \ ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 21bf0f2e9..65e5f35ec 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -5,12 +5,11 @@ tid="cipher speed" getbytes () { - sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' + sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \ + -e '/copied/s/.*s, \(.* MB.s\).*/\1/p' } tries="1 2" -DATA=/bin/ls -DATA=/bsd ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour @@ -26,7 +25,7 @@ config_defined HAVE_EVP_SHA256 && \ for c in $ciphers; do n=0; for m in $macs; do trace "proto 2 cipher $c mac $m" for x in $tries; do - echon "$c/$m:\t" + printf "%-60s" "$c/$m:" ( ${SSH} -o 'compression no' \ -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ exec sh -c \'"dd of=/dev/null obs=32k"\' \ @@ -47,7 +46,7 @@ ciphers="3des blowfish" for c in $ciphers; do trace "proto 1 cipher $c" for x in $tries; do - echon "$c:\t" + printf "%-60s" "$c:" ( ${SSH} -o 'compression no' \ -F $OBJ/ssh_proxy -1 -c $c somehost \ exec sh -c \'"dd of=/dev/null obs=32k"\' \ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index bdc2c1a49..aa4e6e5c0 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -140,6 +140,10 @@ if [ "x$TEST_SSH_LOGFILE" = "x" ]; then TEST_SSH_LOGFILE=/dev/null fi +# Some data for test copies +DATA=$OBJ/testdata +cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA + # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP -- cgit v1.2.3