-# $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
+# $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="dhgex"
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
cipher="$1"; shift
kex="$1"; shift
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy
+ echo "Ciphers=$cipher" >> $OBJ/sshd_proxy
rm -f ${LOG}
opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
groupsz="1024<$bits<8192"
-# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: integrity.sh,v 1.13 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="integrity"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# start at byte 2900 (i.e. after kex) and corrupt at different offsets
# XXX the test hangs if we modify the low bytes of the packet length
# avoid modifying the high bytes of the length
continue
fi
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
+ echo "Ciphers=$m" >> $OBJ/sshd_proxy
macopt="-c $m"
else
+ echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
macopt="-m $m -c aes128-ctr"
fi
verbose "test $tid: $m @$off"
-# $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $
+# $OpenBSD: kextype.sh,v 1.5 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="login with different key exchange algorithms"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+# Make server accept all key exchanges.
+ALLKEX=`ssh -Q kex`
+KEXOPT=`echo $ALLKEX | tr ' ' ,`
+echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy
+
tries="1 2 3 4"
for k in `${SSH} -Q kex`; do
verbose "kex $k"
-# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="rekey"
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# Test rekeying based on data volume only.
# Arguments will be passed to ssh.
ssh_data_rekeying()
{
+ _kexopt=$1 ; shift
+ _opts="$@"
+ if ! test -z "$_kexopts" ; then
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "$_kexopt" >> $OBJ/sshd_proxy
+ _opts="$_opts -o$_kexopt"
+ fi
rm -f ${COPY} ${LOG}
- ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \
- "cat > ${COPY}"
+ _opts="$_opts -oCompression=no"
+ ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
if [ $? -ne 0 ]; then
fail "ssh failed ($@)"
fi
for opt in $opts; do
verbose "client rekey $opt"
- ssh_data_rekeying -oRekeyLimit=256k -o$opt
+ ssh_data_rekeying "$opt" -oRekeyLimit=256k
done
# AEAD ciphers are magical so test with all KexAlgorithms
for c in `${SSH} -Q cipher-auth`; do
for kex in `${SSH} -Q kex`; do
verbose "client rekey $c $kex"
- ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
+ ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
done
done
fi
for s in 16 1k 128k 256k; do
verbose "client rekeylimit ${s}"
- ssh_data_rekeying -oCompression=no -oRekeyLimit=$s
+ ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s
done
for s in 5 10; do
-# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: try-ciphers.sh,v 1.23 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
for c in `${SSH} -Q cipher`; do
n=0
for m in `${SSH} -Q mac`; do
trace "proto 2 cipher $c mac $m"
verbose "test $tid: proto 2 cipher $c mac $m"
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "Ciphers=$c" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"
projects / openbsd / commitdiff