integrity.sh revision 323136 
1170263Sdarrenr#	$OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
2255332Scy#	Placed in the Public Domain.
3255332Scy
4255332Scytid="integrity"
5255332Scycp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
6255332Scy
7255332Scy# start at byte 2900 (i.e. after kex) and corrupt at different offsets
8145510Sdarrenrtries=10
9145510Sdarrenrstartoffset=2900
10145510Sdarrenrmacs=`${SSH} -Q mac`
11145510Sdarrenr# The following are not MACs, but ciphers with integrated integrity. They are
12170263Sdarrenr# handled specially below.
13170263Sdarrenrmacs="$macs `${SSH} -Q cipher-auth`"
14255332Scy
15255332Scy# avoid DH group exchange as the extra traffic makes it harder to get the
16145510Sdarrenr# offset into the stream right.
17145510Sdarrenrecho "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
18145510Sdarrenr	>> $OBJ/ssh_proxy
19145510Sdarrenr
20255332Scy# sshd-command for proxy (see test-exec.sh)
21145510Sdarrenrcmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy"
22145510Sdarrenr
23145510Sdarrenrfor m in $macs; do
24255332Scy	trace "test $tid: mac $m"
25255332Scy	elen=0
26145510Sdarrenr	epad=0
27255332Scy	emac=0
28255332Scy	etmo=0
29145510Sdarrenr	ecnt=0
30255332Scy	skip=0
31255332Scy	for off in `jot $tries $startoffset`; do
32255332Scy		skip=`expr $skip - 1`
33145510Sdarrenr		if [ $skip -gt 0 ]; then
34255332Scy			# avoid modifying the high bytes of the length
35145510Sdarrenr			continue
36145510Sdarrenr		fi
37145510Sdarrenr		cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
38145510Sdarrenr		# modify output from sshd at offset $off
39145510Sdarrenr		pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
40145510Sdarrenr		if ${SSH} -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
41145510Sdarrenr			echo "Ciphers=$m" >> $OBJ/sshd_proxy
42145510Sdarrenr			macopt="-c $m"
43255332Scy		else
44255332Scy			echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
45145510Sdarrenr			echo "MACs=$m" >> $OBJ/sshd_proxy
46255332Scy			macopt="-m $m -c aes128-ctr"
47145510Sdarrenr		fi
48145510Sdarrenr		verbose "test $tid: $m @$off"
49255332Scy		${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
50145510Sdarrenr		    -oServerAliveInterval=1 -oServerAliveCountMax=30 \
51145510Sdarrenr		    999.999.999.999 'printf "%4096s" " "' >/dev/null
52145510Sdarrenr		if [ $? -eq 0 ]; then
53255332Scy			fail "ssh -m $m succeeds with bit-flip at $off"
54145510Sdarrenr		fi
55145510Sdarrenr		ecnt=`expr $ecnt + 1`
56145510Sdarrenr		out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \
57170263Sdarrenr		     tr -s '\r\n' '.')
58255332Scy		case "$out" in
59255332Scy		Bad?packet*)	elen=`expr $elen + 1`; skip=3;;
60145510Sdarrenr		Corrupted?MAC* | *message?authentication?code?incorrect*)
61145510Sdarrenr				emac=`expr $emac + 1`; skip=0;;
62170263Sdarrenr		padding*)	epad=`expr $epad + 1`; skip=0;;
63145510Sdarrenr		*)		fail "unexpected error mac $m at $off: $out";;
64145510Sdarrenr		esac
65170263Sdarrenr	done
66255332Scy	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
67145510Sdarrenr	if [ $emac -eq 0 ]; then
68145510Sdarrenr		fail "$m: no mac errors"
69145510Sdarrenr	fi
70145510Sdarrenr	expect=`expr $ecnt - $epad - $elen`
71145510Sdarrenr	if [ $emac -ne $expect ]; then
72145510Sdarrenr		fail "$m: expected $expect mac errors, got $emac"
73145510Sdarrenr	fi
74145510Sdarrenrdone
75255332Scy