dhgex.sh revision 303975
118334Speter# $OpenBSD: dhgex.sh,v 1.3 2015/10/23 02:22:01 dtucker Exp $ 290075Sobrien# Placed in the Public Domain. 3169689Skan 418334Spetertid="dhgex" 590075Sobrien 618334SpeterLOG=${TEST_SSH_LOGFILE} 790075Sobrienrm -f ${LOG} 890075Sobriencp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 990075Sobrien 1090075Sobrienkexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange` 1118334Speter 1290075Sobrienssh_test_dhgex() 1390075Sobrien{ 1490075Sobrien bits="$1"; shift 1590075Sobrien cipher="$1"; shift 1618334Speter kex="$1"; shift 1718334Speter 1890075Sobrien cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 19169689Skan echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy 20169689Skan echo "Ciphers=$cipher" >> $OBJ/sshd_proxy 2118334Speter rm -f ${LOG} 22169689Skan opts="-oKexAlgorithms=$kex -oCiphers=$cipher" 23169689Skan min=2048 2418334Speter max=8192 2550397Sobrien groupsz="$min<$bits<$max" 26169689Skan verbose "$tid bits $bits $kex $cipher" 27117395Skan ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true 28117395Skan if [ $? -ne 0 ]; then 2918334Speter fail "ssh failed ($@)" 3018334Speter fi 3118334Speter # check what we request 3290075Sobrien grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null 3390075Sobrien if [ $? != 0 ]; then 3490075Sobrien got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` 3590075Sobrien fail "$tid unexpected GEX sizes, expected $groupsz, got $got" 3618334Speter fi 3790075Sobrien # check what we got (depends on contents of system moduli file) 3890075Sobrien gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`" 3990075Sobrien if [ "$gotbits" -lt "$bits" ]; then 4018334Speter fatal "$tid expected $bits bit group, got $gotbits" 4150397Sobrien fi 4250397Sobrien} 4350397Sobrien 4450397Sobriencheck() 4518334Speter{ 4618334Speter bits="$1"; shift 4718334Speter 4818334Speter for c in $@; do 4950397Sobrien for k in $kexs; do 5090075Sobrien ssh_test_dhgex $bits $c $k 5190075Sobrien done 5250397Sobrien done 5350397Sobrien} 5450397Sobrien 5590075Sobrien#check 2048 3des-cbc 5650397Sobriencheck 3072 `${SSH} -Q cipher | grep 128` 5750397Sobriencheck 3072 arcfour blowfish-cbc 5850397Sobriencheck 7680 `${SSH} -Q cipher | grep 192` 5950397Sobriencheck 8192 `${SSH} -Q cipher | grep 256` 6090075Sobriencheck 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com 6150397Sobrien