aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2020-10-02 11:43:23 +0200
committerJakub Jelen <jjelen@redhat.com>2020-10-14 11:07:18 +0200
commit22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9 (patch)
treeb0b320306a37511b01f6c2b966b74d8080221d6f /tests
parentf9bd1db8c3a936edd11fcfa97999d19fc1020600 (diff)
downloadlibssh-22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9.tar.gz
libssh-22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9.tar.xz
libssh-22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9.zip
tests: Test MAC algorithm mismatch when AEAD cipher is selected
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/client/torture_algorithms.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c
index 729505ef..ea3b647b 100644
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@@ -45,6 +45,16 @@ static int sshd_teardown(void **state) {
return 0;
}
+static int sshd_setup_hmac(void **state)
+{
+ torture_setup_sshd_server(state, false);
+ /* Set MAC to be something other than what the client will offer */
+ torture_update_sshd_config(state, "MACs hmac-sha2-512");
+
+ return 0;
+}
+
+
static int session_setup(void **state) {
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
@@ -412,6 +422,20 @@ static void torture_algorithms_aes256_gcm(void **state)
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", NULL);
}
+static void torture_algorithms_aes128_gcm_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-gcm@openssh.com", "hmac-sha1");
+}
+
+static void torture_algorithms_aes256_gcm_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", "hmac-sha1");
+}
+
static void torture_algorithms_3des_cbc_hmac_sha1(void **state) {
struct torture_state *s = *state;
@@ -548,6 +572,19 @@ static void torture_algorithms_chacha20_poly1305(void **state)
"chacha20-poly1305@openssh.com",
NULL);
}
+static void torture_algorithms_chacha20_poly1305_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ if (ssh_fips_mode()) {
+ skip();
+ }
+
+ test_algorithm(s->ssh.session,
+ NULL, /*kex*/
+ "chacha20-poly1305@openssh.com",
+ "hmac-sha1"); /* different from the server */
+}
#endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */
static void torture_algorithms_zlib(void **state) {
@@ -951,10 +988,30 @@ int torture_run_tests(void) {
#endif
};
+ struct CMUnitTest tests_hmac[] = {
+ cmocka_unit_test_setup_teardown(torture_algorithms_aes128_gcm_mac,
+ session_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_algorithms_aes256_gcm_mac,
+ session_setup,
+ session_teardown),
+#ifdef OPENSSH_CHACHA20_POLY1305_OPENSSH_COM
+ cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305_mac,
+ session_setup,
+ session_teardown),
+#endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */
+ };
+
ssh_init();
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+ if (rc != 0) {
+ return rc;
+ }
+
+ torture_filter_tests(tests);
+ rc = cmocka_run_group_tests(tests_hmac, sshd_setup_hmac, sshd_teardown);
ssh_finalize();