aboutsummaryrefslogtreecommitdiff
path: root/tests/client/torture_algorithms.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/client/torture_algorithms.c')
-rw-r--r--tests/client/torture_algorithms.c79
1 files changed, 73 insertions, 6 deletions
diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c
index 729505ef..60354f9b 100644
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@@ -45,6 +45,16 @@ static int sshd_teardown(void **state) {
return 0;
}
+static int sshd_setup_hmac(void **state)
+{
+ torture_setup_sshd_server(state, false);
+ /* Set MAC to be something other than what the client will offer */
+ torture_update_sshd_config(state, "MACs hmac-sha2-512");
+
+ return 0;
+}
+
+
static int session_setup(void **state) {
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
@@ -412,6 +422,20 @@ static void torture_algorithms_aes256_gcm(void **state)
test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", NULL);
}
+static void torture_algorithms_aes128_gcm_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-gcm@openssh.com", "hmac-sha1");
+}
+
+static void torture_algorithms_aes256_gcm_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", "hmac-sha1");
+}
+
static void torture_algorithms_3des_cbc_hmac_sha1(void **state) {
struct torture_state *s = *state;
@@ -548,6 +572,19 @@ static void torture_algorithms_chacha20_poly1305(void **state)
"chacha20-poly1305@openssh.com",
NULL);
}
+static void torture_algorithms_chacha20_poly1305_mac(void **state)
+{
+ struct torture_state *s = *state;
+
+ if (ssh_fips_mode()) {
+ skip();
+ }
+
+ test_algorithm(s->ssh.session,
+ NULL, /*kex*/
+ "chacha20-poly1305@openssh.com",
+ "hmac-sha1"); /* different from the server */
+}
#endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */
static void torture_algorithms_zlib(void **state) {
@@ -557,24 +594,34 @@ static void torture_algorithms_zlib(void **state) {
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
#ifdef WITH_ZLIB
- assert_int_equal(rc, SSH_OK);
+ if (ssh_fips_mode()) {
+ assert_int_equal(rc, SSH_ERROR);
+ } else {
+ assert_int_equal(rc, SSH_OK);
+ }
#else
assert_int_equal(rc, SSH_ERROR);
#endif
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
#ifdef WITH_ZLIB
- assert_int_equal(rc, SSH_OK);
+ if (ssh_fips_mode()) {
+ assert_int_equal(rc, SSH_ERROR);
+ } else {
+ assert_int_equal(rc, SSH_OK);
+ }
#else
assert_int_equal(rc, SSH_ERROR);
#endif
rc = ssh_connect(session);
#ifdef WITH_ZLIB
- if (ssh_get_openssh_version(session)) {
- assert_false(rc == SSH_OK);
- ssh_disconnect(session);
- return;
+ if (!ssh_fips_mode()) {
+ if (ssh_get_openssh_version(session)) {
+ assert_false(rc == SSH_OK);
+ ssh_disconnect(session);
+ return;
+ }
}
#endif
assert_int_equal(rc, SSH_OK);
@@ -951,10 +998,30 @@ int torture_run_tests(void) {
#endif
};
+ struct CMUnitTest tests_hmac[] = {
+ cmocka_unit_test_setup_teardown(torture_algorithms_aes128_gcm_mac,
+ session_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_algorithms_aes256_gcm_mac,
+ session_setup,
+ session_teardown),
+#ifdef OPENSSH_CHACHA20_POLY1305_OPENSSH_COM
+ cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305_mac,
+ session_setup,
+ session_teardown),
+#endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */
+ };
+
ssh_init();
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+ if (rc != 0) {
+ return rc;
+ }
+
+ torture_filter_tests(tests);
+ rc = cmocka_run_group_tests(tests_hmac, sshd_setup_hmac, sshd_teardown);
ssh_finalize();