1263635Sdes#	$OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
2263635Sdes#	Placed in the Public Domain.
3263635Sdes
4263635Sdestid="dhgex"
5263635Sdes
6263635SdesLOG=${TEST_SSH_LOGFILE}
7263635Sdesrm -f ${LOG}
8263635Sdes
9263635Sdeskexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
10263635Sdes
11263635Sdesssh_test_dhgex()
12263635Sdes{
13263635Sdes	bits="$1"; shift
14263635Sdes	cipher="$1"; shift
15263635Sdes	kex="$1"; shift
16263635Sdes
17263635Sdes	rm -f ${LOG}
18263635Sdes	opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
19263635Sdes	groupsz="1024<$bits<8192"
20263635Sdes	verbose "$tid bits $bits $kex $cipher"
21263635Sdes	${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true
22263635Sdes	if [ $? -ne 0 ]; then
23263635Sdes		fail "ssh failed ($@)"
24263635Sdes	fi
25263635Sdes	# check what we request
26263635Sdes	grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null
27263635Sdes	if [ $? != 0 ]; then
28263635Sdes		got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}`
29263635Sdes		fail "$tid unexpected GEX sizes, expected $groupsz, got $got"
30263635Sdes	fi
31263635Sdes	# check what we got (depends on contents of system moduli file)
32263635Sdes	gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`"
33263635Sdes	if [ "$gotbits" -lt "$bits" ]; then
34263635Sdes		fatal "$tid expected $bits bit group, got $gotbits"
35263635Sdes	fi
36263635Sdes}
37263635Sdes
38263635Sdescheck()
39263635Sdes{
40263635Sdes	bits="$1"; shift
41263635Sdes
42263635Sdes	for c in $@; do
43263635Sdes		for k in $kexs; do
44263635Sdes			ssh_test_dhgex $bits $c $k
45263635Sdes		done
46263635Sdes	done
47263635Sdes}
48263635Sdes
49263635Sdes#check 2048 3des-cbc
50263635Sdescheck 3072 `${SSH} -Q cipher | grep 128`
51263635Sdescheck 3072 arcfour blowfish-cbc
52263635Sdescheck 7680 `${SSH} -Q cipher | grep 192`
53263635Sdescheck 8192 `${SSH} -Q cipher | grep 256`
54263635Sdescheck 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com
55