diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2019-02-12 08:56:37 +0000 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-22 15:31:08 +0100 |
commit | 4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8 (patch) | |
tree | cbeb0046ce2f7361f636a6217533ac5636a3caa1 /tests/client | |
parent | e4c7912b3531d7c7f0d5b354b20f44392be29c28 (diff) | |
download | libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.gz libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.xz libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.zip |
Add tests and implementation for Encrypt-then-MAC mode
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests/client')
-rw-r--r-- | tests/client/torture_algorithms.c | 216 |
1 files changed, 216 insertions, 0 deletions
diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index aa1bf524..3902d779 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -147,6 +147,24 @@ static void torture_algorithms_aes128_cbc_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-512"); } +static void torture_algorithms_aes128_cbc_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes128_cbc_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes128_cbc_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes192_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -165,6 +183,24 @@ static void torture_algorithms_aes192_cbc_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-512"); } +static void torture_algorithms_aes192_cbc_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes192_cbc_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes192_cbc_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes256_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -183,6 +219,24 @@ static void torture_algorithms_aes256_cbc_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-512"); } +static void torture_algorithms_aes256_cbc_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes256_cbc_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes256_cbc_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes128_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -201,6 +255,24 @@ static void torture_algorithms_aes128_ctr_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-512"); } +static void torture_algorithms_aes128_ctr_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes128_ctr_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes128_ctr_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes192_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -219,6 +291,24 @@ static void torture_algorithms_aes192_ctr_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-512"); } +static void torture_algorithms_aes192_ctr_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes192_ctr_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes192_ctr_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes256_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -237,6 +327,24 @@ static void torture_algorithms_aes256_ctr_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-512"); } +static void torture_algorithms_aes256_ctr_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_aes256_ctr_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_aes256_ctr_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-512-etm@openssh.com"); +} + static void torture_algorithms_aes128_gcm(void **state) { struct torture_state *s = *state; @@ -269,6 +377,24 @@ static void torture_algorithms_3des_cbc_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512"); } +static void torture_algorithms_3des_cbc_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_3des_cbc_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_3des_cbc_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512-etm@openssh.com"); +} + #ifdef WITH_BLOWFISH_CIPHER #if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) || OPENSSH_VERSION_MAJOR <= 6) static void torture_algorithms_blowfish_cbc_hmac_sha1(void **state) { @@ -288,6 +414,24 @@ static void torture_algorithms_blowfish_cbc_hmac_sha2_512(void **state) { test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512"); } + +static void torture_algorithms_blowfish_cbc_hmac_sha1_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha1-etm@openssh.com"); +} + +static void torture_algorithms_blowfish_cbc_hmac_sha2_256_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-256-etm@openssh.com"); +} + +static void torture_algorithms_blowfish_cbc_hmac_sha2_512_etm(void **state) { + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512-etm@openssh.com"); +} #endif #endif /* WITH_BLOWFISH_CIPHER */ @@ -472,6 +616,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha1, session_setup, session_teardown), @@ -481,6 +634,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha1, session_setup, session_teardown), @@ -490,6 +652,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha1, session_setup, session_teardown), @@ -499,6 +670,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha1, session_setup, session_teardown), @@ -508,6 +688,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha1, session_setup, session_teardown), @@ -517,6 +706,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_512_etm, + session_setup, + session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_aes128_gcm, session_setup, session_teardown), @@ -532,6 +730,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512_etm, + session_setup, + session_teardown), #ifdef WITH_BLOWFISH_CIPHER #if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) || OPENSSH_VERSION_MAJOR <= 6) cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1, @@ -543,6 +750,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_256_etm, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512_etm, + session_setup, + session_teardown), #endif #endif /* WITH_BLOWFISH_CIPHER */ cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305, |