diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-11-21 03:18:52 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-11-21 03:18:52 +0000 |
| commit | a4a062d789fb482faf54d6e5bac52846a360257f (patch) | |
| tree | c8b6b83bcafba58a98c046fdc33d4834877e3c51 /regress/usr.bin | |
| parent | 1f515967b24fc8bf24240b21cccd97fd6ee106e5 (diff) | |
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
Diffstat (limited to 'regress/usr.bin')
| -rw-r--r-- | regress/usr.bin/ssh/cipher-speed.sh | 10 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/integrity.sh | 14 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/rekey.sh | 12 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/try-ciphers.sh | 11 |
4 files changed, 25 insertions, 22 deletions
diff --git a/regress/usr.bin/ssh/cipher-speed.sh b/regress/usr.bin/ssh/cipher-speed.sh index 7e8762a387d..3b464199539 100644 --- a/regress/usr.bin/ssh/cipher-speed.sh +++ b/regress/usr.bin/ssh/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.10 2013/11/07 02:48:38 dtucker Exp $ +# $OpenBSD: cipher-speed.sh,v 1.11 2013/11/21 03:18:51 djm Exp $ # Placed in the Public Domain. tid="cipher speed" @@ -23,10 +23,10 @@ for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do fail "ssh -2 failed with mac $m cipher $c" fi done - # No point trying all MACs for GCM since they are ignored. - case $c in - aes*-gcm@openssh.com) test $n -gt 0 && break;; - esac + # No point trying all MACs for AEAD ciphers since they are ignored. + if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then + break + fi n=$(($n + 1)) done; done diff --git a/regress/usr.bin/ssh/integrity.sh b/regress/usr.bin/ssh/integrity.sh index f2d3f65b1d8..32be98fad15 100644 --- a/regress/usr.bin/ssh/integrity.sh +++ b/regress/usr.bin/ssh/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ # Placed in the Public Domain. tid="integrity" @@ -11,7 +11,7 @@ startoffset=2900 macs=`${SSH} -Q mac` # The following are not MACs, but ciphers with integrated integrity. They are # handled specially below. -macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`" +macs="$macs `${SSH} -Q cipher-auth`" # sshd-command for proxy (see test-exec.sh) cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" @@ -30,12 +30,14 @@ for m in $macs; do fi # modify output from sshd at offset $off pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" - case $m in - aes*gcm*) macopt="-c $m";; - *) macopt="-m $m";; - esac + if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then + macopt="-c $m" + else + macopt="-m $m -c aes128-ctr" + fi verbose "test $tid: $m @$off" ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ + -oServerAliveInterval=1 -oServerAliveCountMax=30 \ 999.999.999.999 'printf "%4096s" " "' >/dev/null if [ $? -eq 0 ]; then fail "ssh -m $m succeeds with bit-flip at $off" diff --git a/regress/usr.bin/ssh/rekey.sh b/regress/usr.bin/ssh/rekey.sh index fe81f0c331d..cf9401ea014 100644 --- a/regress/usr.bin/ssh/rekey.sh +++ b/regress/usr.bin/ssh/rekey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: rekey.sh,v 1.13 2013/11/09 05:41:34 dtucker Exp $ +# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $ # Placed in the Public Domain. tid="rekey" @@ -44,9 +44,9 @@ for opt in $opts; do ssh_data_rekeying -oRekeyLimit=256k -o$opt done -# GCM is magical so test with all KexAlgorithms -if ${SSH} -Q cipher | grep gcm@openssh.com >/dev/null ; then - for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do +# AEAD ciphers are magical so test with all KexAlgorithms +if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then + for c in `${SSH} -Q cipher-auth`; do for kex in `${SSH} -Q kex`; do verbose "client rekey $c $kex" ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex @@ -131,10 +131,10 @@ for size in 16 1k 1K 1m 1M 1g 1G; do awk '/rekeylimit/{print $3}'` if [ "$bytes" != "$b" ]; then - fatal "rekeylimit size: expected $bytes got $b" + fatal "rekeylimit size: expected $bytes bytes got $b" fi if [ "$seconds" != "$s" ]; then - fatal "rekeylimit time: expected $time got $s" + fatal "rekeylimit time: expected $time seconds got $s" fi done done diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh index 48584329914..ac34cedbf91 100644 --- a/regress/usr.bin/ssh/try-ciphers.sh +++ b/regress/usr.bin/ssh/try-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: try-ciphers.sh,v 1.21 2013/11/07 02:48:38 dtucker Exp $ +# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $ # Placed in the Public Domain. tid="try ciphers" @@ -12,10 +12,11 @@ for c in `${SSH} -Q cipher`; do if [ $? -ne 0 ]; then fail "ssh -2 failed with mac $m cipher $c" fi - # No point trying all MACs for GCM since they are ignored. - case $c in - aes*-gcm@openssh.com) test $n -gt 0 && break;; - esac + # No point trying all MACs for AEAD ciphers since they + # are ignored. + if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then + break + fi n=`expr $n + 1` done done |