xref: /openbsd/regress/usr.bin/ssh/integrity.sh (revision a6445c1d) 
1#	$OpenBSD: integrity.sh,v 1.14 2014/05/21 07:04:21 djm Exp $
2#	Placed in the Public Domain.
3
4tid="integrity"
5cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
6
7# start at byte 2900 (i.e. after kex) and corrupt at different offsets
8# XXX the test hangs if we modify the low bytes of the packet length
9# XXX and ssh tries to read...
10tries=10
11startoffset=2900
12macs=`${SSH} -Q mac`
13# The following are not MACs, but ciphers with integrated integrity. They are
14# handled specially below.
15macs="$macs `${SSH} -Q cipher-auth`"
16
17# sshd-command for proxy (see test-exec.sh)
18cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"
19
20for m in $macs; do
21	trace "test $tid: mac $m"
22	elen=0
23	epad=0
24	emac=0
25	ecnt=0
26	skip=0
27	for off in $(jot $tries $startoffset); do
28		if [ $((skip--)) -gt 0 ]; then
29			# avoid modifying the high bytes of the length
30			continue
31		fi
32		cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
33		# modify output from sshd at offset $off
34		pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
35		if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
36			echo "Ciphers=$m" >> $OBJ/sshd_proxy
37			macopt="-c $m"
38		else
39			echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
40			echo "MACs=$m" >> $OBJ/sshd_proxy
41			macopt="-m $m -c aes128-ctr"
42		fi
43		verbose "test $tid: $m @$off"
44		${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
45		    -oServerAliveInterval=1 -oServerAliveCountMax=30 \
46		    999.999.999.999 'printf "%4096s" " "' >/dev/null
47		if [ $? -eq 0 ]; then
48			fail "ssh -m $m succeeds with bit-flip at $off"
49		fi
50		ecnt=$((ecnt+1))
51		out=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \
52		     tr -s '\r\n' '.')
53		case "$out" in
54		Bad?packet*)	elen=$((elen+1)); skip=2;;
55		Corrupted?MAC* | Decryption?integrity?check?failed*)
56				emac=$((emac+1)); skip=0;;
57		padding*)	epad=$((epad+1)); skip=0;;
58		*)		fail "unexpected error mac $m at $off: $out";;
59		esac
60	done
61	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
62	if [ $emac -eq 0 ]; then
63		fail "$m: no mac errors"
64	fi
65	expect=$((ecnt-epad-elen))
66	if [ $emac -ne $expect ]; then
67		fail "$m: expected $expect mac errors, got $emac"
68	fi
69done
70