1323136Sdes# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $ 2248613Sdes# Placed in the Public Domain. 3248613Sdes 4248613Sdestid="integrity" 5294328Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 6248613Sdes 7248613Sdes# start at byte 2900 (i.e. after kex) and corrupt at different offsets 8248613Sdestries=10 9248613Sdesstartoffset=2900 10261320Sdesmacs=`${SSH} -Q mac` 11248613Sdes# The following are not MACs, but ciphers with integrated integrity. They are 12248613Sdes# handled specially below. 13261320Sdesmacs="$macs `${SSH} -Q cipher-auth`" 14248613Sdes 15255670Sdes# avoid DH group exchange as the extra traffic makes it harder to get the 16255670Sdes# offset into the stream right. 17255670Sdesecho "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ 18255670Sdes >> $OBJ/ssh_proxy 19255670Sdes 20248613Sdes# sshd-command for proxy (see test-exec.sh) 21294332Sdescmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" 22248613Sdes 23248613Sdesfor m in $macs; do 24248613Sdes trace "test $tid: mac $m" 25248613Sdes elen=0 26248613Sdes epad=0 27248613Sdes emac=0 28323136Sdes etmo=0 29248613Sdes ecnt=0 30248613Sdes skip=0 31248613Sdes for off in `jot $tries $startoffset`; do 32248613Sdes skip=`expr $skip - 1` 33248613Sdes if [ $skip -gt 0 ]; then 34248613Sdes # avoid modifying the high bytes of the length 35248613Sdes continue 36248613Sdes fi 37294328Sdes cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 38248613Sdes # modify output from sshd at offset $off 39248613Sdes pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" 40294336Sdes if ${SSH} -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then 41294328Sdes echo "Ciphers=$m" >> $OBJ/sshd_proxy 42261320Sdes macopt="-c $m" 43261320Sdes else 44294328Sdes echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy 45294328Sdes echo "MACs=$m" >> $OBJ/sshd_proxy 46261320Sdes macopt="-m $m -c aes128-ctr" 47261320Sdes fi 48255670Sdes verbose "test $tid: $m @$off" 49255670Sdes ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ 50261320Sdes -oServerAliveInterval=1 -oServerAliveCountMax=30 \ 51255670Sdes 999.999.999.999 'printf "%4096s" " "' >/dev/null 52248613Sdes if [ $? -eq 0 ]; then 53248613Sdes fail "ssh -m $m succeeds with bit-flip at $off" 54248613Sdes fi 55248613Sdes ecnt=`expr $ecnt + 1` 56323129Sdes out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \ 57255670Sdes tr -s '\r\n' '.') 58294328Sdes case "$out" in 59248613Sdes Bad?packet*) elen=`expr $elen + 1`; skip=3;; 60294332Sdes Corrupted?MAC* | *message?authentication?code?incorrect*) 61248613Sdes emac=`expr $emac + 1`; skip=0;; 62248613Sdes padding*) epad=`expr $epad + 1`; skip=0;; 63294328Sdes *) fail "unexpected error mac $m at $off: $out";; 64248613Sdes esac 65248613Sdes done 66248613Sdes verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" 67248613Sdes if [ $emac -eq 0 ]; then 68248613Sdes fail "$m: no mac errors" 69248613Sdes fi 70248613Sdes expect=`expr $ecnt - $epad - $elen` 71248613Sdes if [ $emac -ne $expect ]; then 72248613Sdes fail "$m: expected $expect mac errors, got $emac" 73248613Sdes fi 74248613Sdesdone 75