openssh-portable/regress/integrity.sh

#	$OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $
#	Placed in the Public Domain.

tid="integrity"

# start at byte 2900 (i.e. after kex) and corrupt at different offsets
# XXX the test hangs if we modify the low bytes of the packet length
# XXX and ssh tries to read...
tries=10
startoffset=2900
macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
	hmac-sha1-96 hmac-md5-96 
	hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
	umac-64-etm@openssh.com umac-128-etm@openssh.com
	hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com"
config_defined HAVE_EVP_SHA256 &&
	macs="$macs hmac-sha2-256 hmac-sha2-512
		hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
# The following are not MACs, but ciphers with integrated integrity. They are
# handled specially below.
config_defined OPENSSL_HAVE_EVPGCM && \
	macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"

# sshd-command for proxy (see test-exec.sh)
cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy"

jot() {
	awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } }"
}

for m in $macs; do
	trace "test $tid: mac $m"
	elen=0
	epad=0
	emac=0
	ecnt=0
	skip=0
	for off in $(jot $tries $startoffset); do
		skip=$((skip - 1))
		if [ $skip -gt 0 ]; then
			# avoid modifying the high bytes of the length
			continue
		fi
		# modify output from sshd at offset $off
		pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
		case $m in
			aes*gcm*)	macopt="-c $m";;
			*)		macopt="-m $m";;
		esac
		output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
		    999.999.999.999 'printf "%4096s" " "' 2>&1)
		if [ $? -eq 0 ]; then
			fail "ssh -m $m succeeds with bit-flip at $off"
		fi
		ecnt=$((ecnt+1))
		output=$(echo $output | tr -s '\r\n' '.')
		verbose "test $tid: $m @$off $output"
		case "$output" in
		Bad?packet*)	elen=$((elen+1)); skip=3;;
		Corrupted?MAC* | Decryption?integrity?check?failed*)
				emac=$((emac+1)); skip=0;;
		padding*)	epad=$((epad+1)); skip=0;;
		*)		fail "unexpected error mac $m at $off";;
		esac
	done
	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
	if [ $emac -eq 0 ]; then
		fail "$m: no mac errors"
	fi
	expect=$((ecnt-epad-elen))
	if [ $emac -ne $expect ]; then
		fail "$m: expected $expect mac errors, got $emac"
	fi
done
- djm@cvs.openbsd.org 2013/02/20 08:27:50 [integrity.sh] Add an option to modpipe that warns if the modification offset it not reached in it's stream and turn it on for t-integrity. This should catch cases where the session is not fuzzed for being too short (cf. my last "oops" commit) 2013-02-26 08:58:06 +01:00			`# $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`# Placed in the Public Domain.`

			`tid="integrity"`

- djm@cvs.openbsd.org 2013/02/18 22:26:47 [integrity.sh] crank the offset yet again; it was still fuzzing KEX one of Darren's portable test hosts at 2800 2013-02-18 23:28:32 +01:00			`# start at byte 2900 (i.e. after kex) and corrupt at different offsets`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`# XXX the test hangs if we modify the low bytes of the packet length`
			`# XXX and ssh tries to read...`
			`tries=10`
- djm@cvs.openbsd.org 2013/02/18 22:26:47 [integrity.sh] crank the offset yet again; it was still fuzzing KEX one of Darren's portable test hosts at 2800 2013-02-18 23:28:32 +01:00			`startoffset=2900`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com`
- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that lack support for SHA2. 2013-02-19 04:27:44 +01:00			`hmac-sha1-96 hmac-md5-96`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com`
			`umac-64-etm@openssh.com umac-128-etm@openssh.com`
- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that lack support for SHA2. 2013-02-19 04:27:44 +01:00			`hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com"`
			`config_defined HAVE_EVP_SHA256 &&`
			`macs="$macs hmac-sha2-256 hmac-sha2-512`
			`hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"`
- djm@cvs.openbsd.org 2013/01/12 11:23:53 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@ 2013-01-12 12:46:26 +01:00			`# The following are not MACs, but ciphers with integrated integrity. They are`
			`# handled specially below.`
- (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] check for GCM support before testing GCM ciphers. 2013-01-17 04:31:57 +01:00			`config_defined OPENSSL_HAVE_EVPGCM && \`
- djm@cvs.openbsd.org 2013/01/12 11:23:53 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@ 2013-01-12 12:46:26 +01:00			`macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00
			`# sshd-command for proxy (see test-exec.sh)`
- (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage for UsePAM=yes configuration 2013-02-26 09:41:30 +01:00			`cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy"`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00
- (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test work on platforms without 'jot' 2012-12-12 02:10:10 +01:00			`jot() {`
- (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 02:37:32 +01:00			`awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } }"`
- (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test work on platforms without 'jot' 2012-12-12 02:10:10 +01:00			`}`
- (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 02:37:32 +01:00
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`for m in $macs; do`
			`trace "test $tid: mac $m"`
			`elen=0`
			`epad=0`
			`emac=0`
			`ecnt=0`
			`skip=0`
			`for off in $(jot $tries $startoffset); do`
- (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test work on platforms without 'jot' 2012-12-12 02:10:10 +01:00			`skip=$((skip - 1))`
			`if [ $skip -gt 0 ]; then`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`# avoid modifying the high bytes of the length`
			`continue`
			`fi`
			`# modify output from sshd at offset $off`
- djm@cvs.openbsd.org 2013/02/20 08:27:50 [integrity.sh] Add an option to modpipe that warns if the modification offset it not reached in it's stream and turn it on for t-integrity. This should catch cases where the session is not fuzzed for being too short (cf. my last "oops" commit) 2013-02-26 08:58:06 +01:00			`pxy="proxycommand=$cmd \| $OBJ/modpipe -wm xor:$off:1"`
- djm@cvs.openbsd.org 2013/01/12 11:23:53 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@ 2013-01-12 12:46:26 +01:00			`case $m in`
			`aesgcm) macopt="-c $m";;`
			`*) macopt="-m $m";;`
			`esac`
			`output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \`
- djm@cvs.openbsd.org 2013/02/19 02:14:09 [integrity.sh] oops, forgot to increase the output of the ssh command to ensure that we actually reach $offset 2013-02-19 03:15:01 +01:00			`999.999.999.999 'printf "%4096s" " "' 2>&1)`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`if [ $? -eq 0 ]; then`
			`fail "ssh -m $m succeeds with bit-flip at $off"`
			`fi`
			`ecnt=$((ecnt+1))`
			`output=$(echo $output \| tr -s '\r\n' '.')`
			`verbose "test $tid: $m @$off $output"`
			`case "$output" in`
- (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 02:37:32 +01:00			`Bad?packet*) elen=$((elen+1)); skip=3;;`
- djm@cvs.openbsd.org 2013/01/12 11:23:53 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] test AES-GCM modes; feedback markus@ 2013-01-12 12:46:26 +01:00			`Corrupted?MAC* \| Decryption?integrity?check?failed*)`
- (djm) [regress/integrity.sh] repair botched merge 2013-01-12 13:10:47 +01:00			`emac=$((emac+1)); skip=0;;`
- markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ 2012-12-12 00:54:37 +01:00			`padding*) epad=$((epad+1)); skip=0;;`
			`*) fail "unexpected error mac $m at $off";;`
			`esac`
			`done`
			`verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"`
			`if [ $emac -eq 0 ]; then`
			`fail "$m: no mac errors"`
			`fi`
			`expect=$((ecnt-epad-elen))`
			`if [ $emac -ne $expect ]; then`
			`fail "$m: expected $expect mac errors, got $emac"`
			`fi`
			`done`