From 321ec2cb1cd341bfac3c05fac25391dd098cc56f Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Wed, 28 Feb 2018 10:24:57 -0600
Subject: tests: packet encryption unit testing

That code is really ugly, but it wasn't meant to be modular at all in the
first place.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/unittests/CMakeLists.txt   |   1 +
 tests/unittests/torture_packet.c | 193 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)
 create mode 100644 tests/unittests/torture_packet.c

diff --git a/tests/unittests/CMakeLists.txt b/tests/unittests/CMakeLists.txt
index ee8db1d2..0afe11b4 100644
--- a/tests/unittests/CMakeLists.txt
+++ b/tests/unittests/CMakeLists.txt
@@ -12,6 +12,7 @@ add_cmocka_test(torture_config torture_config.c ${TORTURE_LIBRARY})
 add_cmocka_test(torture_options torture_options.c ${TORTURE_LIBRARY})
 add_cmocka_test(torture_isipaddr torture_isipaddr.c ${TORTURE_LIBRARY})
 add_cmocka_test(torture_knownhosts_parsing torture_knownhosts_parsing.c ${TORTURE_LIBRARY})
+add_cmocka_test(torture_packet torture_packet.c ${TORTURE_LIBRARY})
 if (UNIX AND NOT WIN32)
     # requires ssh-keygen
     add_cmocka_test(torture_keyfiles torture_keyfiles.c ${TORTURE_LIBRARY})
diff --git a/tests/unittests/torture_packet.c b/tests/unittests/torture_packet.c
new file mode 100644
index 00000000..0e7d3f1e
--- /dev/null
+++ b/tests/unittests/torture_packet.c
@@ -0,0 +1,193 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "libssh/libssh.h"
+#include "libssh/session.h"
+#include "libssh/crypto.h"
+#include "libssh/buffer.h"
+#include "libssh/socket.h"
+#include "libssh/callbacks.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include "socket.c"
+
+uint8_t test_data[]="AThis is test data. Use it to check the validity of packet functions";
+uint8_t key[]="iekaeshoa7ooCie2shai8shahngee3ONsee3xoishooj0ojei6aeChieth1iraPh";
+uint8_t iv[]="eixaxughoomah4ui7Aew3ohxuolaifuu";
+uint8_t mac[]="thook2Jai0ahmahyae7ChuuruoPhee8Y";
+
+static uint8_t *copy_data(uint8_t *data, size_t len){
+    uint8_t *ret = malloc(len);
+    assert_non_null(ret);
+    memcpy(ret, data, len);
+    return ret;
+}
+
+static SSH_PACKET_CALLBACK(copy_packet_data){
+    uint8_t *response = user;
+    size_t len = ssh_buffer_get_len(packet);
+    (void)type;
+    (void)session;
+
+    if(len > 1024){
+        len = 1024;
+    }
+    ssh_buffer_get_data(packet, response, len);
+
+    return 0;
+}
+
+static void torture_packet(const char *cipher,
+        const char *mac_type, size_t payload_len) {
+
+    ssh_session session = ssh_new();
+    int verbosity = torture_libssh_verbosity();
+    struct ssh_crypto_struct *crypto;
+    int rc;
+    int sockets[2];
+    uint8_t buffer[1024];
+    uint8_t response[1024];
+    size_t encrypted_packet_len;
+    ssh_packet_callback callbacks[]={copy_packet_data};
+    struct ssh_packet_callbacks_struct cb = {
+            .start='A',
+            .n_callbacks=1,
+            .callbacks=callbacks,
+            .user=response
+    };
+
+    assert_non_null(session);
+    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    crypto = session->next_crypto;
+
+    rc = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+    assert_int_equal(rc, 0);
+
+    session->version = 2;
+    crypto->kex_methods[SSH_KEX] = strdup("curve25519-sha256@libssh.org");
+    crypto->kex_methods[SSH_HOSTKEYS] = strdup("ssh-rsa");
+    crypto->kex_methods[SSH_CRYPT_C_S] = strdup(cipher);
+    crypto->kex_methods[SSH_CRYPT_S_C] = strdup(cipher);
+    crypto->kex_methods[SSH_MAC_C_S] = strdup(mac_type);
+    crypto->kex_methods[SSH_MAC_S_C] = strdup(mac_type);
+    crypto->kex_methods[SSH_COMP_C_S] = strdup("none");
+    crypto->kex_methods[SSH_COMP_S_C] = strdup("none");
+    crypto->kex_methods[SSH_LANG_C_S] = strdup("none");
+    crypto->kex_methods[SSH_LANG_S_C] = strdup("none");
+    rc = crypt_set_algorithms(session, 0);
+    assert_int_equal(rc, SSH_OK);
+    session->current_crypto = session->next_crypto;
+    session->next_crypto = crypto_new();
+    crypto->encryptkey = copy_data(key, sizeof(key));
+    crypto->decryptkey = copy_data(key, sizeof(key));
+    crypto->encryptIV = copy_data(iv, sizeof(iv));
+    crypto->decryptIV = copy_data(iv, sizeof(iv));
+    crypto->encryptMAC = copy_data(mac, sizeof(mac));
+    crypto->decryptMAC = copy_data(mac, sizeof(mac));
+
+    assert_non_null(session->out_buffer);
+    ssh_buffer_add_data(session->out_buffer, test_data, payload_len);
+    session->socket->fd_out = sockets[0];
+    session->socket->fd_in = -2;
+    session->socket->write_wontblock = 1;
+    rc = ssh_packet_send(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = recv(sockets[1], buffer, sizeof(buffer), 0);
+    assert_true(rc > 0);
+    encrypted_packet_len = rc;
+    assert_in_range(encrypted_packet_len, payload_len + 4, payload_len + (32 * 3));
+    rc = send(sockets[0], buffer, encrypted_packet_len, 0);
+    assert_int_equal(rc, encrypted_packet_len);
+
+    ssh_packet_set_callbacks(session, &cb);
+    explicit_bzero(response, sizeof(response));
+    rc = ssh_packet_socket_callback(buffer, encrypted_packet_len, session);
+    assert_int_not_equal(rc, SSH_ERROR);
+    if(payload_len > 0){
+        assert_memory_equal(response, test_data+1, payload_len-1);
+    }
+    close(sockets[0]);
+    close(sockets[1]);
+    session->socket->fd_in = SSH_INVALID_SOCKET;
+    session->socket->fd_out = SSH_INVALID_SOCKET;
+    ssh_free(session);
+}
+
+static void torture_packet_aes128_ctr() {
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes128-ctr","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_aes192_ctr(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes192-ctr","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_aes256_ctr(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes256-ctr","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_aes128_cbc() {
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes128-cbc","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_aes192_cbc(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes192-cbc","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_aes256_cbc(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("aes256-cbc","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_3des_cbc(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("3des-cbc","hmac-sha1",i);
+    }
+}
+
+static void torture_packet_chacha20(){
+    int i;
+    for (i=1;i<256;++i){
+        torture_packet("chacha20-poly1305@openssh.com","none",i);
+    }
+}
+
+int torture_run_tests(void) {
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test(torture_packet_aes128_ctr),
+        cmocka_unit_test(torture_packet_aes192_ctr),
+        cmocka_unit_test(torture_packet_aes256_ctr),
+        cmocka_unit_test(torture_packet_aes128_cbc),
+        cmocka_unit_test(torture_packet_aes192_cbc),
+        cmocka_unit_test(torture_packet_aes256_cbc),
+        cmocka_unit_test(torture_packet_3des_cbc),
+        cmocka_unit_test(torture_packet_chacha20)
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, NULL, NULL);
+    ssh_finalize();
+    return rc;
+}
-- 
cgit v1.2.3