1323136Sdes#	$OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
2248613Sdes#	Placed in the Public Domain.
3248613Sdes
4248613Sdestid="integrity"
5294328Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
6248613Sdes
7248613Sdes# start at byte 2900 (i.e. after kex) and corrupt at different offsets
8248613Sdestries=10
9248613Sdesstartoffset=2900
10261320Sdesmacs=`${SSH} -Q mac`
11248613Sdes# The following are not MACs, but ciphers with integrated integrity. They are
12248613Sdes# handled specially below.
13261320Sdesmacs="$macs `${SSH} -Q cipher-auth`"
14248613Sdes
15255670Sdes# avoid DH group exchange as the extra traffic makes it harder to get the
16255670Sdes# offset into the stream right.
17255670Sdesecho "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
18255670Sdes	>> $OBJ/ssh_proxy
19255670Sdes
20248613Sdes# sshd-command for proxy (see test-exec.sh)
21294332Sdescmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy"
22248613Sdes
23248613Sdesfor m in $macs; do
24248613Sdes	trace "test $tid: mac $m"
25248613Sdes	elen=0
26248613Sdes	epad=0
27248613Sdes	emac=0
28323136Sdes	etmo=0
29248613Sdes	ecnt=0
30248613Sdes	skip=0
31248613Sdes	for off in `jot $tries $startoffset`; do
32248613Sdes		skip=`expr $skip - 1`
33248613Sdes		if [ $skip -gt 0 ]; then
34248613Sdes			# avoid modifying the high bytes of the length
35248613Sdes			continue
36248613Sdes		fi
37294328Sdes		cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
38248613Sdes		# modify output from sshd at offset $off
39248613Sdes		pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
40294336Sdes		if ${SSH} -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
41294328Sdes			echo "Ciphers=$m" >> $OBJ/sshd_proxy
42261320Sdes			macopt="-c $m"
43261320Sdes		else
44294328Sdes			echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
45294328Sdes			echo "MACs=$m" >> $OBJ/sshd_proxy
46261320Sdes			macopt="-m $m -c aes128-ctr"
47261320Sdes		fi
48255670Sdes		verbose "test $tid: $m @$off"
49255670Sdes		${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
50261320Sdes		    -oServerAliveInterval=1 -oServerAliveCountMax=30 \
51255670Sdes		    999.999.999.999 'printf "%4096s" " "' >/dev/null
52248613Sdes		if [ $? -eq 0 ]; then
53248613Sdes			fail "ssh -m $m succeeds with bit-flip at $off"
54248613Sdes		fi
55248613Sdes		ecnt=`expr $ecnt + 1`
56323129Sdes		out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \
57255670Sdes		     tr -s '\r\n' '.')
58294328Sdes		case "$out" in
59248613Sdes		Bad?packet*)	elen=`expr $elen + 1`; skip=3;;
60294332Sdes		Corrupted?MAC* | *message?authentication?code?incorrect*)
61248613Sdes				emac=`expr $emac + 1`; skip=0;;
62248613Sdes		padding*)	epad=`expr $epad + 1`; skip=0;;
63294328Sdes		*)		fail "unexpected error mac $m at $off: $out";;
64248613Sdes		esac
65248613Sdes	done
66248613Sdes	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
67248613Sdes	if [ $emac -eq 0 ]; then
68248613Sdes		fail "$m: no mac errors"
69248613Sdes	fi
70248613Sdes	expect=`expr $ecnt - $epad - $elen`
71248613Sdes	if [ $emac -ne $expect ]; then
72248613Sdes		fail "$m: expected $expect mac errors, got $emac"
73248613Sdes	fi
74248613Sdesdone
75