Darren Tucker | 34035be | 2013-05-17 14:47:51 +1000 | [diff] [blame] | 1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 2 | # Placed in the Public Domain. |
| 3 | |
| 4 | tid="integrity" |
| 5 | |
Damien Miller | 0dc3bc9 | 2013-02-19 09:28:32 +1100 | [diff] [blame] | 6 | # start at byte 2900 (i.e. after kex) and corrupt at different offsets |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 7 | # XXX the test hangs if we modify the low bytes of the packet length |
| 8 | # XXX and ssh tries to read... |
| 9 | tries=10 |
Damien Miller | 0dc3bc9 | 2013-02-19 09:28:32 +1100 | [diff] [blame] | 10 | startoffset=2900 |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 11 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com |
Damien Miller | dae85cc | 2013-02-19 14:27:44 +1100 | [diff] [blame] | 12 | hmac-sha1-96 hmac-md5-96 |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 13 | hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com |
| 14 | umac-64-etm@openssh.com umac-128-etm@openssh.com |
Damien Miller | dae85cc | 2013-02-19 14:27:44 +1100 | [diff] [blame] | 15 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com" |
| 16 | config_defined HAVE_EVP_SHA256 && |
| 17 | macs="$macs hmac-sha2-256 hmac-sha2-512 |
| 18 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" |
Damien Miller | 846dc7f | 2013-01-12 22:46:26 +1100 | [diff] [blame] | 19 | # The following are not MACs, but ciphers with integrated integrity. They are |
| 20 | # handled specially below. |
Damien Miller | b26699b | 2013-01-17 14:31:57 +1100 | [diff] [blame] | 21 | config_defined OPENSSL_HAVE_EVPGCM && \ |
Damien Miller | 846dc7f | 2013-01-12 22:46:26 +1100 | [diff] [blame] | 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 23 | |
Darren Tucker | 91af05c | 2013-05-17 13:16:59 +1000 | [diff] [blame] | 24 | # avoid DH group exchange as the extra traffic makes it harder to get the |
| 25 | # offset into the stream right. |
| 26 | echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ |
| 27 | >> $OBJ/ssh_proxy |
| 28 | |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 29 | # sshd-command for proxy (see test-exec.sh) |
Darren Tucker | 7512902 | 2013-05-17 09:19:10 +1000 | [diff] [blame] | 30 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 31 | |
| 32 | for m in $macs; do |
| 33 | trace "test $tid: mac $m" |
| 34 | elen=0 |
| 35 | epad=0 |
| 36 | emac=0 |
| 37 | ecnt=0 |
| 38 | skip=0 |
Tim Rice | f9e2060 | 2013-02-26 20:27:29 -0800 | [diff] [blame] | 39 | for off in `jot $tries $startoffset`; do |
| 40 | skip=`expr $skip - 1` |
Damien Miller | 9fec296 | 2012-12-12 12:10:10 +1100 | [diff] [blame] | 41 | if [ $skip -gt 0 ]; then |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 42 | # avoid modifying the high bytes of the length |
| 43 | continue |
| 44 | fi |
| 45 | # modify output from sshd at offset $off |
Damien Miller | 1e657d5 | 2013-02-26 18:58:06 +1100 | [diff] [blame] | 46 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" |
Damien Miller | 846dc7f | 2013-01-12 22:46:26 +1100 | [diff] [blame] | 47 | case $m in |
| 48 | aes*gcm*) macopt="-c $m";; |
| 49 | *) macopt="-m $m";; |
| 50 | esac |
Darren Tucker | 34035be | 2013-05-17 14:47:51 +1000 | [diff] [blame] | 51 | verbose "test $tid: $m @$off" |
Darren Tucker | dfea3bc | 2013-05-17 09:31:39 +1000 | [diff] [blame] | 52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
| 53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 54 | if [ $? -eq 0 ]; then |
| 55 | fail "ssh -m $m succeeds with bit-flip at $off" |
| 56 | fi |
Tim Rice | f9e2060 | 2013-02-26 20:27:29 -0800 | [diff] [blame] | 57 | ecnt=`expr $ecnt + 1` |
Darren Tucker | dfea3bc | 2013-05-17 09:31:39 +1000 | [diff] [blame] | 58 | output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ |
| 59 | tr -s '\r\n' '.') |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 60 | case "$output" in |
Tim Rice | f9e2060 | 2013-02-26 20:27:29 -0800 | [diff] [blame] | 61 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; |
Damien Miller | 846dc7f | 2013-01-12 22:46:26 +1100 | [diff] [blame] | 62 | Corrupted?MAC* | Decryption?integrity?check?failed*) |
Tim Rice | f9e2060 | 2013-02-26 20:27:29 -0800 | [diff] [blame] | 63 | emac=`expr $emac + 1`; skip=0;; |
| 64 | padding*) epad=`expr $epad + 1`; skip=0;; |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 65 | *) fail "unexpected error mac $m at $off";; |
| 66 | esac |
| 67 | done |
| 68 | verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" |
| 69 | if [ $emac -eq 0 ]; then |
| 70 | fail "$m: no mac errors" |
| 71 | fi |
Tim Rice | f9e2060 | 2013-02-26 20:27:29 -0800 | [diff] [blame] | 72 | expect=`expr $ecnt - $epad - $elen` |
Damien Miller | 1fb593a | 2012-12-12 10:54:37 +1100 | [diff] [blame] | 73 | if [ $emac -ne $expect ]; then |
| 74 | fail "$m: expected $expect mac errors, got $emac" |
| 75 | fi |
| 76 | done |