1262566Sdes# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ 2248613Sdes# Placed in the Public Domain. 3248613Sdes 4248613Sdestid="integrity" 5248613Sdes 6248613Sdes# start at byte 2900 (i.e. after kex) and corrupt at different offsets 7248613Sdes# XXX the test hangs if we modify the low bytes of the packet length 8248613Sdes# XXX and ssh tries to read... 9248613Sdestries=10 10248613Sdesstartoffset=2900 11262566Sdesmacs=`${SSH} -Q mac` 12248613Sdes# The following are not MACs, but ciphers with integrated integrity. They are 13248613Sdes# handled specially below. 14262566Sdesmacs="$macs `${SSH} -Q cipher-auth`" 15248613Sdes 16255670Sdes# avoid DH group exchange as the extra traffic makes it harder to get the 17255670Sdes# offset into the stream right. 18255670Sdesecho "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ 19255670Sdes >> $OBJ/ssh_proxy 20255670Sdes 21248613Sdes# sshd-command for proxy (see test-exec.sh) 22255670Sdescmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" 23248613Sdes 24248613Sdesfor m in $macs; do 25248613Sdes trace "test $tid: mac $m" 26248613Sdes elen=0 27248613Sdes epad=0 28248613Sdes emac=0 29248613Sdes ecnt=0 30248613Sdes skip=0 31248613Sdes for off in `jot $tries $startoffset`; do 32248613Sdes skip=`expr $skip - 1` 33248613Sdes if [ $skip -gt 0 ]; then 34248613Sdes # avoid modifying the high bytes of the length 35248613Sdes continue 36248613Sdes fi 37248613Sdes # modify output from sshd at offset $off 38248613Sdes pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" 39262566Sdes if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then 40262566Sdes macopt="-c $m" 41262566Sdes else 42262566Sdes macopt="-m $m -c aes128-ctr" 43262566Sdes fi 44255670Sdes verbose "test $tid: $m @$off" 45255670Sdes ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ 46262566Sdes -oServerAliveInterval=1 -oServerAliveCountMax=30 \ 47255670Sdes 999.999.999.999 'printf "%4096s" " "' >/dev/null 48248613Sdes if [ $? -eq 0 ]; then 49248613Sdes fail "ssh -m $m succeeds with bit-flip at $off" 50248613Sdes fi 51248613Sdes ecnt=`expr $ecnt + 1` 52255670Sdes output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ 53255670Sdes tr -s '\r\n' '.') 54248613Sdes case "$output" in 55248613Sdes Bad?packet*) elen=`expr $elen + 1`; skip=3;; 56248613Sdes Corrupted?MAC* | Decryption?integrity?check?failed*) 57248613Sdes emac=`expr $emac + 1`; skip=0;; 58248613Sdes padding*) epad=`expr $epad + 1`; skip=0;; 59248613Sdes *) fail "unexpected error mac $m at $off";; 60248613Sdes esac 61248613Sdes done 62248613Sdes verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" 63248613Sdes if [ $emac -eq 0 ]; then 64248613Sdes fail "$m: no mac errors" 65248613Sdes fi 66248613Sdes expect=`expr $ecnt - $epad - $elen` 67248613Sdes if [ $emac -ne $expect ]; then 68248613Sdes fail "$m: expected $expect mac errors, got $emac" 69248613Sdes fi 70248613Sdesdone 71