aboutsummaryrefslogtreecommitdiff
path: root/tests/unittests
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2018-02-28 10:24:57 -0600
committerAndreas Schneider <asn@cryptomilk.org>2018-06-28 09:06:30 +0200
commit321ec2cb1cd341bfac3c05fac25391dd098cc56f (patch)
tree92d8f3d279abda7534396b9690734098350d3ea4 /tests/unittests
parent27711f6a4c5c275a8782a29ebf818932832b96d7 (diff)
downloadlibssh-321ec2cb1cd341bfac3c05fac25391dd098cc56f.tar.gz
libssh-321ec2cb1cd341bfac3c05fac25391dd098cc56f.tar.xz
libssh-321ec2cb1cd341bfac3c05fac25391dd098cc56f.zip
tests: packet encryption unit testing
That code is really ugly, but it wasn't meant to be modular at all in the first place. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/unittests')
-rw-r--r--tests/unittests/CMakeLists.txt1
-rw-r--r--tests/unittests/torture_packet.c193
2 files changed, 194 insertions, 0 deletions
diff --git a/tests/unittests/CMakeLists.txt b/tests/unittests/CMakeLists.txt
index ee8db1d2..0afe11b4 100644
--- a/tests/unittests/CMakeLists.txt
+++ b/tests/unittests/CMakeLists.txt
@@ -12,6 +12,7 @@ add_cmocka_test(torture_config torture_config.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_options torture_options.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_isipaddr torture_isipaddr.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_knownhosts_parsing torture_knownhosts_parsing.c ${TORTURE_LIBRARY})
+add_cmocka_test(torture_packet torture_packet.c ${TORTURE_LIBRARY})
if (UNIX AND NOT WIN32)
# requires ssh-keygen
add_cmocka_test(torture_keyfiles torture_keyfiles.c ${TORTURE_LIBRARY})
diff --git a/tests/unittests/torture_packet.c b/tests/unittests/torture_packet.c
new file mode 100644
index 00000000..0e7d3f1e
--- /dev/null
+++ b/tests/unittests/torture_packet.c
@@ -0,0 +1,193 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "libssh/libssh.h"
+#include "libssh/session.h"
+#include "libssh/crypto.h"
+#include "libssh/buffer.h"
+#include "libssh/socket.h"
+#include "libssh/callbacks.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include "socket.c"
+
+uint8_t test_data[]="AThis is test data. Use it to check the validity of packet functions";
+uint8_t key[]="iekaeshoa7ooCie2shai8shahngee3ONsee3xoishooj0ojei6aeChieth1iraPh";
+uint8_t iv[]="eixaxughoomah4ui7Aew3ohxuolaifuu";
+uint8_t mac[]="thook2Jai0ahmahyae7ChuuruoPhee8Y";
+
+static uint8_t *copy_data(uint8_t *data, size_t len){
+ uint8_t *ret = malloc(len);
+ assert_non_null(ret);
+ memcpy(ret, data, len);
+ return ret;
+}
+
+static SSH_PACKET_CALLBACK(copy_packet_data){
+ uint8_t *response = user;
+ size_t len = ssh_buffer_get_len(packet);
+ (void)type;
+ (void)session;
+
+ if(len > 1024){
+ len = 1024;
+ }
+ ssh_buffer_get_data(packet, response, len);
+
+ return 0;
+}
+
+static void torture_packet(const char *cipher,
+ const char *mac_type, size_t payload_len) {
+
+ ssh_session session = ssh_new();
+ int verbosity = torture_libssh_verbosity();
+ struct ssh_crypto_struct *crypto;
+ int rc;
+ int sockets[2];
+ uint8_t buffer[1024];
+ uint8_t response[1024];
+ size_t encrypted_packet_len;
+ ssh_packet_callback callbacks[]={copy_packet_data};
+ struct ssh_packet_callbacks_struct cb = {
+ .start='A',
+ .n_callbacks=1,
+ .callbacks=callbacks,
+ .user=response
+ };
+
+ assert_non_null(session);
+ ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+ crypto = session->next_crypto;
+
+ rc = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ assert_int_equal(rc, 0);
+
+ session->version = 2;
+ crypto->kex_methods[SSH_KEX] = strdup("curve25519-sha256@libssh.org");
+ crypto->kex_methods[SSH_HOSTKEYS] = strdup("ssh-rsa");
+ crypto->kex_methods[SSH_CRYPT_C_S] = strdup(cipher);
+ crypto->kex_methods[SSH_CRYPT_S_C] = strdup(cipher);
+ crypto->kex_methods[SSH_MAC_C_S] = strdup(mac_type);
+ crypto->kex_methods[SSH_MAC_S_C] = strdup(mac_type);
+ crypto->kex_methods[SSH_COMP_C_S] = strdup("none");
+ crypto->kex_methods[SSH_COMP_S_C] = strdup("none");
+ crypto->kex_methods[SSH_LANG_C_S] = strdup("none");
+ crypto->kex_methods[SSH_LANG_S_C] = strdup("none");
+ rc = crypt_set_algorithms(session, 0);
+ assert_int_equal(rc, SSH_OK);
+ session->current_crypto = session->next_crypto;
+ session->next_crypto = crypto_new();
+ crypto->encryptkey = copy_data(key, sizeof(key));
+ crypto->decryptkey = copy_data(key, sizeof(key));
+ crypto->encryptIV = copy_data(iv, sizeof(iv));
+ crypto->decryptIV = copy_data(iv, sizeof(iv));
+ crypto->encryptMAC = copy_data(mac, sizeof(mac));
+ crypto->decryptMAC = copy_data(mac, sizeof(mac));
+
+ assert_non_null(session->out_buffer);
+ ssh_buffer_add_data(session->out_buffer, test_data, payload_len);
+ session->socket->fd_out = sockets[0];
+ session->socket->fd_in = -2;
+ session->socket->write_wontblock = 1;
+ rc = ssh_packet_send(session);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = recv(sockets[1], buffer, sizeof(buffer), 0);
+ assert_true(rc > 0);
+ encrypted_packet_len = rc;
+ assert_in_range(encrypted_packet_len, payload_len + 4, payload_len + (32 * 3));
+ rc = send(sockets[0], buffer, encrypted_packet_len, 0);
+ assert_int_equal(rc, encrypted_packet_len);
+
+ ssh_packet_set_callbacks(session, &cb);
+ explicit_bzero(response, sizeof(response));
+ rc = ssh_packet_socket_callback(buffer, encrypted_packet_len, session);
+ assert_int_not_equal(rc, SSH_ERROR);
+ if(payload_len > 0){
+ assert_memory_equal(response, test_data+1, payload_len-1);
+ }
+ close(sockets[0]);
+ close(sockets[1]);
+ session->socket->fd_in = SSH_INVALID_SOCKET;
+ session->socket->fd_out = SSH_INVALID_SOCKET;
+ ssh_free(session);
+}
+
+static void torture_packet_aes128_ctr() {
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes128-ctr","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_aes192_ctr(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes192-ctr","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_aes256_ctr(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes256-ctr","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_aes128_cbc() {
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes128-cbc","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_aes192_cbc(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes192-cbc","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_aes256_cbc(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("aes256-cbc","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_3des_cbc(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("3des-cbc","hmac-sha1",i);
+ }
+}
+
+static void torture_packet_chacha20(){
+ int i;
+ for (i=1;i<256;++i){
+ torture_packet("chacha20-poly1305@openssh.com","none",i);
+ }
+}
+
+int torture_run_tests(void) {
+ int rc;
+ struct CMUnitTest tests[] = {
+ cmocka_unit_test(torture_packet_aes128_ctr),
+ cmocka_unit_test(torture_packet_aes192_ctr),
+ cmocka_unit_test(torture_packet_aes256_ctr),
+ cmocka_unit_test(torture_packet_aes128_cbc),
+ cmocka_unit_test(torture_packet_aes192_cbc),
+ cmocka_unit_test(torture_packet_aes256_cbc),
+ cmocka_unit_test(torture_packet_3des_cbc),
+ cmocka_unit_test(torture_packet_chacha20)
+ };
+
+ ssh_init();
+ torture_filter_tests(tests);
+ rc = cmocka_run_group_tests(tests, NULL, NULL);
+ ssh_finalize();
+ return rc;
+}