lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-31 00:03:07 +03:00
Code Activity

Add tests and implementation for Encrypt-then-MAC mode

Browse Source 
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Dirkjan Bussink
2019-02-12 08:56:37 +00:00
committed by Andreas Schneider
parent e4c7912b35
commit 4a67c19118
9 changed files with 465 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/kex.c
View File

@ -146,8 +146,8 @@ static const char *default_methods[] = {
PUBLIC_KEY_ALGORITHMS,
AES BLOWFISH DES,
AES BLOWFISH DES,
"hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"none",
"none",
"",
@ -161,8 +161,8 @@ static const char *supported_methods[] = {
PUBLIC_KEY_ALGORITHMS,
CHACHA20 AES BLOWFISH DES_SUPPORTED,
CHACHA20 AES BLOWFISH DES_SUPPORTED,
"hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
ZLIB,
ZLIB,
"",

75
src/packet.c
View File

@ -1045,6 +1045,8 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
size_t processed = 0; /* number of byte processed from the callback */
enum ssh_packet_filter_result_e filter_result;
struct ssh_crypto_struct *crypto = NULL;
bool etm = false;
int etm_packet_offset = 0;
bool ok;
crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
@ -1052,9 +1054,17 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
current_macsize = hmac_digest_len(crypto->in_hmac);
blocksize = crypto->in_cipher->blocksize;
lenfield_blocksize = crypto->in_cipher->lenfield_blocksize;
etm = crypto->in_hmac_etm;
}
if (lenfield_blocksize == 0) {
if (etm) {
/* In EtM mode packet size is unencrypted. This means
* we need to use this offset and set the block size
* that is part of the encrypted part to 0.
*/
etm_packet_offset = sizeof(uint32_t);
lenfield_blocksize = 0;
} else if (lenfield_blocksize == 0) {
lenfield_blocksize = blocksize;
}
if (data == NULL) {
@ -1077,10 +1087,10 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
#endif
switch(session->packet_state) {
case PACKET_STATE_INIT:
if (receivedlen < lenfield_blocksize) {
if (receivedlen < lenfield_blocksize + etm_packet_offset) {
/*
* We didn't receive enough data to read at least one
* block size, give up
* We didn't receive enough data to read either at least one
* block size or the unencrypted length in EtM mode.
*/
#ifdef DEBUG_PACKET
SSH_LOG(SSH_LOG_PACKET,
@ -1107,13 +1117,20 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
}
}
if (!etm) {
ptr = ssh_buffer_allocate(session->in_buffer, lenfield_blocksize);
if (ptr == NULL) {
goto error;
}
processed += lenfield_blocksize;
packet_len = ssh_packet_decrypt_len(session, ptr, (uint8_t *)data);
to_be_read = packet_len - lenfield_blocksize + sizeof(uint32_t);
} else {
/* Length is unencrypted in case of Encrypt-then-MAC */
packet_len = PULL_BE_U32(data, 0);
to_be_read = packet_len - etm_packet_offset;
}
processed += lenfield_blocksize + etm_packet_offset;
if (packet_len > MAX_PACKET_LEN) {
ssh_set_error(session,
SSH_FATAL,
@ -1121,7 +1138,6 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
packet_len, packet_len);
goto error;
}
to_be_read = packet_len - lenfield_blocksize + sizeof(uint32_t);
if (to_be_read < 0) {
/* remote sshd sends invalid sizes? */
ssh_set_error(session,
@ -1136,7 +1152,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
FALL_THROUGH;
case PACKET_STATE_SIZEREAD:
packet_len = session->in_packet.len;
processed = lenfield_blocksize;
processed = lenfield_blocksize + etm_packet_offset;
to_be_read = packet_len + sizeof(uint32_t) + current_macsize;
/* if to_be_read is zero, the whole packet was blocksize bytes. */
if (to_be_read != 0) {
@ -1151,13 +1167,13 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
return 0;
}
packet_second_block = (uint8_t*)data + lenfield_blocksize;
packet_second_block = (uint8_t*)data + lenfield_blocksize + etm_packet_offset;
processed = to_be_read - current_macsize;
}
/* remaining encrypted bytes from the packet, MAC not included */
packet_remaining =
packet_len - (lenfield_blocksize - sizeof(uint32_t));
packet_len - (lenfield_blocksize - sizeof(uint32_t) + etm_packet_offset);
cleartext_packet = ssh_buffer_allocate(session->in_buffer,
packet_remaining);
if (cleartext_packet == NULL) {
@ -1166,16 +1182,30 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
if (packet_second_block != NULL) {
if (crypto != NULL) {
mac = packet_second_block + packet_remaining;
if (etm) {
rc = ssh_packet_hmac_verify(session,
data,
processed,
mac,
crypto->in_hmac);
if (rc < 0) {
ssh_set_error(session, SSH_FATAL, "HMAC error");
goto error;
}
}
/*
* Decrypt the rest of the packet (lenfield_blocksize bytes
* already have been decrypted)
* Decrypt the packet. In case of EtM mode, the length is already
* known as it's unencrypted. In the other case, lenfield_blocksize bytes
* already have been decrypted.
*/
if (packet_remaining > 0) {
rc = ssh_packet_decrypt(session,
cleartext_packet,
(uint8_t *)data,
lenfield_blocksize,
processed - lenfield_blocksize);
lenfield_blocksize + etm_packet_offset,
processed - (lenfield_blocksize + etm_packet_offset));
if (rc < 0) {
ssh_set_error(session,
SSH_FATAL,
@ -1183,8 +1213,8 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
goto error;
}
}
mac = packet_second_block + packet_remaining;
if (!etm) {
rc = ssh_packet_hmac_verify(session,
ssh_buffer_get(session->in_buffer),
ssh_buffer_get_len(session->in_buffer),
@ -1194,6 +1224,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
ssh_set_error(session, SSH_FATAL, "HMAC error");
goto error;
}
}
processed += current_macsize;
} else {
memcpy(cleartext_packet,
@ -1212,8 +1243,10 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
}
#endif
if (!etm) {
/* skip the size field which has been processed before */
ssh_buffer_pass_bytes(session->in_buffer, sizeof(uint32_t));
}
rc = ssh_buffer_get_u8(session->in_buffer, &padding);
if (rc == 0) {
@ -1525,12 +1558,15 @@ static int packet_send2(ssh_session session)
uint8_t header[5] = {0};
uint8_t type, *payload;
int rc = SSH_ERROR;
bool etm = false;
int etm_packet_offset = 0;
crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
if (crypto) {
blocksize = crypto->out_cipher->blocksize;
lenfield_blocksize = crypto->out_cipher->lenfield_blocksize;
hmac_type = crypto->out_hmac;
etm = crypto->out_hmac_etm;
} else {
hmac_type = session->next_crypto->out_hmac;
}
@ -1539,6 +1575,11 @@ static int packet_send2(ssh_session session)
type = payload[0]; /* type is the first byte of the packet now */
payloadsize = currentlen;
if (etm) {
etm_packet_offset = sizeof(uint32_t);
lenfield_blocksize = 0;
}
#ifdef WITH_ZLIB
if (crypto != NULL && crypto->do_compress_out &&
ssh_buffer_get_len(session->out_buffer) > 0) {
@ -1551,8 +1592,8 @@ static int packet_send2(ssh_session session)
#endif /* WITH_ZLIB */
compsize = currentlen;
/* compressed payload + packet len (4) + padding_size len (1) */
/* totallen - lenfield_blocksize must be equal to 0 (mod blocksize) */
padding_size = (blocksize - ((blocksize - lenfield_blocksize + currentlen + 5) % blocksize));
/* totallen - lenfield_blocksize - etm_packet_offset must be equal to 0 (mod blocksize) */
padding_size = (blocksize - ((blocksize - lenfield_blocksize - etm_packet_offset + currentlen + 5) % blocksize));
if (padding_size < 4) {
padding_size += blocksize;
}
@ -1567,7 +1608,7 @@ static int packet_send2(ssh_session session)
}
}
finallen = currentlen + padding_size + 1;
finallen = currentlen - etm_packet_offset + padding_size + 1;
PUSH_BE_U32(header, 0, finallen);
PUSH_BE_U8(header, 4, padding_size);

35
src/packet_crypt.c
View File

@ -42,6 +42,7 @@
#include "libssh/wrapper.h"
#include "libssh/crypto.h"
#include "libssh/buffer.h"
#include "libssh/bytearray.h"
/** @internal
* @brief decrypt the packet length from a raw encrypted packet, and store the first decrypted
@ -132,9 +133,11 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
struct ssh_cipher_struct *cipher = NULL;
HMACCTX ctx = NULL;
char *out = NULL;
int etm_packet_offset = 0;
unsigned int finallen, blocksize;
uint32_t seq, lenfield_blocksize;
enum ssh_hmac_e type;
bool etm;
assert(len);
@ -145,7 +148,15 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
blocksize = crypto->out_cipher->blocksize;
lenfield_blocksize = crypto->out_cipher->lenfield_blocksize;
if ((len - lenfield_blocksize) % blocksize != 0) {
type = crypto->out_hmac;
etm = crypto->out_hmac_etm;
if (etm) {
etm_packet_offset = sizeof(uint32_t);
}
if ((len - lenfield_blocksize - etm_packet_offset) % blocksize != 0) {
ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set"
" on at least one blocksize (received %d)", len);
return NULL;
@ -155,23 +166,35 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
return NULL;
}
type = crypto->out_hmac;
seq = ntohl(session->send_seq);
cipher = crypto->out_cipher;
if (cipher->aead_encrypt != NULL) {
cipher->aead_encrypt(cipher, data, out, len,
crypto->hmacbuf, session->send_seq);
memcpy(data, out, len);
} else {
ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type);
if (ctx == NULL) {
SAFE_FREE(out);
return NULL;
}
hmac_update(ctx,(unsigned char *)&seq,sizeof(uint32_t));
hmac_update(ctx,data,len);
hmac_final(ctx, crypto->hmacbuf, &finallen);
if (!etm) {
hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
hmac_update(ctx, data, len);
hmac_final(ctx, crypto->hmacbuf, &finallen);
}
cipher->encrypt(cipher, (uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset);
memcpy((uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset);
if (etm) {
PUSH_BE_U32(data, 0, len - etm_packet_offset);
hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
hmac_update(ctx, data, len);
hmac_final(ctx, crypto->hmacbuf, &finallen);
}
#ifdef DEBUG_CRYPTO
ssh_print_hexa("mac: ",data,hmac_digest_len(type));
if (finallen != hmac_digest_len(type)) {
@ -179,9 +202,7 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
}
ssh_print_hexa("Packet hmac", crypto->hmacbuf, hmac_digest_len(type));
#endif
cipher->encrypt(cipher, data, out, len);
}
memcpy(data, out, len);
explicit_bzero(out, len);
SAFE_FREE(out);

4
src/wrapper.c
View File

@ -62,6 +62,10 @@ static struct ssh_hmac_struct ssh_hmac_tab[] = {
{ "hmac-md5", SSH_HMAC_MD5, false },
{ "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
{ "aead-gcm", SSH_HMAC_AEAD_GCM, false },
{ "hmac-sha1-etm@openssh.com", SSH_HMAC_SHA1, true },
{ "hmac-sha2-256-etm@openssh.com", SSH_HMAC_SHA256, true },
{ "hmac-sha2-512-etm@openssh.com", SSH_HMAC_SHA512, true },
{ "hmac-md5-etm@openssh.com", SSH_HMAC_MD5, true },
{ NULL, 0, false }
};

216
tests/client/torture_algorithms.c
View File

@ -147,6 +147,24 @@ static void torture_algorithms_aes128_cbc_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-512");
}
static void torture_algorithms_aes128_cbc_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes128_cbc_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes128_cbc_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes192_cbc_hmac_sha1(void **state) {
struct torture_state *s = *state;
@ -165,6 +183,24 @@ static void torture_algorithms_aes192_cbc_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-512");
}
static void torture_algorithms_aes192_cbc_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes192_cbc_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes192_cbc_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes256_cbc_hmac_sha1(void **state) {
struct torture_state *s = *state;
@ -183,6 +219,24 @@ static void torture_algorithms_aes256_cbc_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-512");
}
static void torture_algorithms_aes256_cbc_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes256_cbc_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes256_cbc_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes128_ctr_hmac_sha1(void **state) {
struct torture_state *s = *state;
@ -201,6 +255,24 @@ static void torture_algorithms_aes128_ctr_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-512");
}
static void torture_algorithms_aes128_ctr_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes128_ctr_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes128_ctr_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes192_ctr_hmac_sha1(void **state) {
struct torture_state *s = *state;
@ -219,6 +291,24 @@ static void torture_algorithms_aes192_ctr_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-512");
}
static void torture_algorithms_aes192_ctr_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes192_ctr_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes192_ctr_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes256_ctr_hmac_sha1(void **state) {
struct torture_state *s = *state;
@ -237,6 +327,24 @@ static void torture_algorithms_aes256_ctr_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-512");
}
static void torture_algorithms_aes256_ctr_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_aes256_ctr_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_aes256_ctr_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-512-etm@openssh.com");
}
static void torture_algorithms_aes128_gcm(void **state)
{
struct torture_state *s = *state;
@ -269,6 +377,24 @@ static void torture_algorithms_3des_cbc_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512");
}
static void torture_algorithms_3des_cbc_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_3des_cbc_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_3des_cbc_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512-etm@openssh.com");
}
#ifdef WITH_BLOWFISH_CIPHER
#if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) || OPENSSH_VERSION_MAJOR <= 6)
static void torture_algorithms_blowfish_cbc_hmac_sha1(void **state) {
@ -288,6 +414,24 @@ static void torture_algorithms_blowfish_cbc_hmac_sha2_512(void **state) {
test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512");
}
static void torture_algorithms_blowfish_cbc_hmac_sha1_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha1-etm@openssh.com");
}
static void torture_algorithms_blowfish_cbc_hmac_sha2_256_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-256-etm@openssh.com");
}
static void torture_algorithms_blowfish_cbc_hmac_sha2_512_etm(void **state) {
struct torture_state *s = *state;
test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512-etm@openssh.com");
}
#endif
#endif /* WITH_BLOWFISH_CIPHER */
@ -472,6 +616,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha1,
session_setup,
session_teardown),
@ -481,6 +634,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha1,
session_setup,
session_teardown),
@ -490,6 +652,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha1,
session_setup,
session_teardown),
@ -499,6 +670,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha1,
session_setup,
session_teardown),
@ -508,6 +688,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha1,
session_setup,
session_teardown),
@ -517,6 +706,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_512_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_gcm,
session_setup,
session_teardown),
@ -532,6 +730,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512_etm,
session_setup,
session_teardown),
#ifdef WITH_BLOWFISH_CIPHER
#if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) || OPENSSH_VERSION_MAJOR <= 6)
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1,
@ -543,6 +750,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_256_etm,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512_etm,
session_setup,
session_teardown),
#endif
#endif /* WITH_BLOWFISH_CIPHER */
cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305,

75
tests/pkd/pkd_hello.c
View File

@ -476,44 +476,77 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
#ifdef HAVE_DSA
#define PKDTESTS_MAC(f, client, maccmd) \
/* MACs. */ \
f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \
f(client, dsa_hmac_sha1, maccmd("hmac-sha1"), setup_dsa, teardown) \
f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \
f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown) \
f(client, dsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_dsa, teardown) \
f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown)
f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown) \
f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown)
#define PKDTESTS_MAC_OPENSSHONLY(f, client, maccmd) \
f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) \
f(client, rsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_rsa, teardown) \
f(client, dsa_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_dsa, teardown) \
f(client, dsa_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_dsa, teardown) \
f(client, dsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_dsa, teardown) \
f(client, ed25519_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ed25519, teardown) \
f(client, dsa_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_dsa, teardown) \
f(client, ecdsa_256_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown)
f(client, ecdsa_384_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ed25519, teardown) \
f(client, rsa_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_rsa, teardown)
#else
#define PKDTESTS_MAC(f, client, maccmd) \
/* MACs. */ \
f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \
f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \
f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown) \
f(client, ecdsa_256_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown)
f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown) \
f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown)
#define PKDTESTS_MAC_OPENSSHONLY(f, client, maccmd) \
f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) \
f(client, rsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_rsa, teardown) \
f(client, ed25519_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ed25519, teardown) \
f(client, ecdsa_256_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown)
f(client, ecdsa_384_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ecdsa_521, teardown) \
f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ed25519, teardown) \
f(client, ed25519_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ed25519, teardown) \
f(client, rsa_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_rsa, teardown) \
f(client, rsa_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_rsa, teardown)
#endif
#define PKDTESTS_HOSTKEY_OPENSSHONLY(f, client, hkcmd) \

2
tests/unittests/torture_config.c
View File

@ -28,7 +28,7 @@ extern LIBSSH_THREAD int ssh_log_level;
#define KEXALGORITHMS "ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"
#define HOSTKEYALGORITHMS "ssh-ed25519,ecdsa-sha2-nistp521,ssh-rsa"
#define PUBKEYACCEPTEDTYPES "rsa-sha2-512,ssh-rsa,ecdsa-sha2-nistp521"
#define MACS "hmac-sha1,hmac-sha2-256"
#define MACS "hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com"
#define USER_KNOWN_HOSTS "%d/my_known_hosts"
#define GLOBAL_KNOWN_HOSTS "/etc/ssh/my_ssh_known_hosts"
#define BIND_ADDRESS "::1"

8
tests/unittests/torture_options.c
View File

@ -184,15 +184,15 @@ static void torture_options_set_macs(void **state) {
/* Test multiple known MACs */
rc = ssh_options_set(session,
SSH_OPTIONS_HMAC_S_C,
"hmac-sha1,hmac-sha2-256");
"hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
assert_true(rc == 0);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
"hmac-sha1,hmac-sha2-256");
"hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
/* Test unknown MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1,unknown@example.com");
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com");
assert_true(rc == 0);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com");
/* Test all unknown MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com");

63
tests/unittests/torture_packet.c
View File

@ -137,6 +137,30 @@ torture_packet(const char *cipher, const char *mac_type,
ssh_free(session);
}
static void torture_packet_aes128_ctr_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes128-ctr", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_aes192_ctr_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes192-ctr", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_aes256_ctr_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes256-ctr", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_aes128_ctr(void **state)
{
int i;
@ -191,6 +215,30 @@ static void torture_packet_aes256_cbc(void **state)
}
}
static void torture_packet_aes128_cbc_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes128-cbc", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_aes192_cbc_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes192-cbc", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_aes256_cbc_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("aes256-cbc", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_3des_cbc(void **state)
{
int i;
@ -200,6 +248,14 @@ static void torture_packet_3des_cbc(void **state)
}
}
static void torture_packet_3des_cbc_etm(UNUSED_PARAM(void **state))
{
int i;
for (i = 1; i < 256; ++i) {
torture_packet("3des-cbc", "hmac-sha1-etm@openssh.com", "none", i);
}
}
static void torture_packet_chacha20(void **state)
{
int i;
@ -251,10 +307,17 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_packet_aes128_ctr),
cmocka_unit_test(torture_packet_aes192_ctr),
cmocka_unit_test(torture_packet_aes256_ctr),
cmocka_unit_test(torture_packet_aes128_ctr_etm),
cmocka_unit_test(torture_packet_aes192_ctr_etm),
cmocka_unit_test(torture_packet_aes256_ctr_etm),
cmocka_unit_test(torture_packet_aes128_cbc),
cmocka_unit_test(torture_packet_aes192_cbc),
cmocka_unit_test(torture_packet_aes256_cbc),
cmocka_unit_test(torture_packet_aes128_cbc_etm),
cmocka_unit_test(torture_packet_aes192_cbc_etm),
cmocka_unit_test(torture_packet_aes256_cbc_etm),
cmocka_unit_test(torture_packet_3des_cbc),
cmocka_unit_test(torture_packet_3des_cbc_etm),
cmocka_unit_test(torture_packet_chacha20),
cmocka_unit_test(torture_packet_aes128_gcm),
cmocka_unit_test(torture_packet_aes256_gcm),