From 22f89e043ba3fec51974dcfaaf0fcd469d2ab6a9 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 2 Oct 2020 11:43:23 +0200 Subject: tests: Test MAC algorithm mismatch when AEAD cipher is selected Signed-off-by: Jakub Jelen Reviewed-by: Anderson Toshiyuki Sasaki --- tests/client/torture_algorithms.c | 57 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'tests') diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index 729505ef..ea3b647b 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -45,6 +45,16 @@ static int sshd_teardown(void **state) { return 0; } +static int sshd_setup_hmac(void **state) +{ + torture_setup_sshd_server(state, false); + /* Set MAC to be something other than what the client will offer */ + torture_update_sshd_config(state, "MACs hmac-sha2-512"); + + return 0; +} + + static int session_setup(void **state) { struct torture_state *s = *state; int verbosity = torture_libssh_verbosity(); @@ -412,6 +422,20 @@ static void torture_algorithms_aes256_gcm(void **state) test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", NULL); } +static void torture_algorithms_aes128_gcm_mac(void **state) +{ + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-gcm@openssh.com", "hmac-sha1"); +} + +static void torture_algorithms_aes256_gcm_mac(void **state) +{ + struct torture_state *s = *state; + + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-gcm@openssh.com", "hmac-sha1"); +} + static void torture_algorithms_3des_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; @@ -548,6 +572,19 @@ static void torture_algorithms_chacha20_poly1305(void **state) "chacha20-poly1305@openssh.com", NULL); } +static void torture_algorithms_chacha20_poly1305_mac(void **state) +{ + struct torture_state *s = *state; + + if (ssh_fips_mode()) { + skip(); + } + + test_algorithm(s->ssh.session, + NULL, /*kex*/ + "chacha20-poly1305@openssh.com", + "hmac-sha1"); /* different from the server */ +} #endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */ static void torture_algorithms_zlib(void **state) { @@ -951,10 +988,30 @@ int torture_run_tests(void) { #endif }; + struct CMUnitTest tests_hmac[] = { + cmocka_unit_test_setup_teardown(torture_algorithms_aes128_gcm_mac, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_aes256_gcm_mac, + session_setup, + session_teardown), +#ifdef OPENSSH_CHACHA20_POLY1305_OPENSSH_COM + cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305_mac, + session_setup, + session_teardown), +#endif /* OPENSSH_CHACHA20_POLY1305_OPENSSH_COM */ + }; + ssh_init(); torture_filter_tests(tests); rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown); + if (rc != 0) { + return rc; + } + + torture_filter_tests(tests); + rc = cmocka_run_group_tests(tests_hmac, sshd_setup_hmac, sshd_teardown); ssh_finalize(); -- cgit v1.2.3