1262566Sdes#	$OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
2248613Sdes#	Placed in the Public Domain.
3248613Sdes
4248613Sdestid="integrity"
5248613Sdes
6248613Sdes# start at byte 2900 (i.e. after kex) and corrupt at different offsets
7248613Sdes# XXX the test hangs if we modify the low bytes of the packet length
8248613Sdes# XXX and ssh tries to read...
9248613Sdestries=10
10248613Sdesstartoffset=2900
11262566Sdesmacs=`${SSH} -Q mac`
12248613Sdes# The following are not MACs, but ciphers with integrated integrity. They are
13248613Sdes# handled specially below.
14262566Sdesmacs="$macs `${SSH} -Q cipher-auth`"
15248613Sdes
16255670Sdes# avoid DH group exchange as the extra traffic makes it harder to get the
17255670Sdes# offset into the stream right.
18255670Sdesecho "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
19255670Sdes	>> $OBJ/ssh_proxy
20255670Sdes
21248613Sdes# sshd-command for proxy (see test-exec.sh)
22255670Sdescmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"
23248613Sdes
24248613Sdesfor m in $macs; do
25248613Sdes	trace "test $tid: mac $m"
26248613Sdes	elen=0
27248613Sdes	epad=0
28248613Sdes	emac=0
29248613Sdes	ecnt=0
30248613Sdes	skip=0
31248613Sdes	for off in `jot $tries $startoffset`; do
32248613Sdes		skip=`expr $skip - 1`
33248613Sdes		if [ $skip -gt 0 ]; then
34248613Sdes			# avoid modifying the high bytes of the length
35248613Sdes			continue
36248613Sdes		fi
37248613Sdes		# modify output from sshd at offset $off
38248613Sdes		pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
39262566Sdes		if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
40262566Sdes			macopt="-c $m"
41262566Sdes		else
42262566Sdes			macopt="-m $m -c aes128-ctr"
43262566Sdes		fi
44255670Sdes		verbose "test $tid: $m @$off"
45255670Sdes		${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
46262566Sdes		    -oServerAliveInterval=1 -oServerAliveCountMax=30 \
47255670Sdes		    999.999.999.999 'printf "%4096s" " "' >/dev/null
48248613Sdes		if [ $? -eq 0 ]; then
49248613Sdes			fail "ssh -m $m succeeds with bit-flip at $off"
50248613Sdes		fi
51248613Sdes		ecnt=`expr $ecnt + 1`
52255670Sdes		output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \
53255670Sdes		     tr -s '\r\n' '.')
54248613Sdes		case "$output" in
55248613Sdes		Bad?packet*)	elen=`expr $elen + 1`; skip=3;;
56248613Sdes		Corrupted?MAC* | Decryption?integrity?check?failed*)
57248613Sdes				emac=`expr $emac + 1`; skip=0;;
58248613Sdes		padding*)	epad=`expr $epad + 1`; skip=0;;
59248613Sdes		*)		fail "unexpected error mac $m at $off";;
60248613Sdes		esac
61248613Sdes	done
62248613Sdes	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
63248613Sdes	if [ $emac -eq 0 ]; then
64248613Sdes		fail "$m: no mac errors"
65248613Sdes	fi
66248613Sdes	expect=`expr $ecnt - $epad - $elen`
67248613Sdes	if [ $emac -ne $expect ]; then
68248613Sdes		fail "$m: expected $expect mac errors, got $emac"
69248613Sdes	fi
70248613Sdesdone
71