#	$OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
#	Placed in the Public Domain.

setglobal tid = '"integrity'"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak

# start at byte 2900 (i.e. after kex) and corrupt at different offsets
setglobal tries = '10'
setglobal startoffset = '2900'
setglobal macs = $[$(SSH) -Q mac]
# The following are not MACs, but ciphers with integrated integrity. They are
# handled specially below.
setglobal macs = ""$macs $[$(SSH) -Q cipher-auth]""

# avoid DH group exchange as the extra traffic makes it harder to get the
# offset into the stream right.
echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
	>> $OBJ/ssh_proxy

# sshd-command for proxy (see test-exec.sh)
setglobal cmd = ""$SUDO sh $(SRC)/sshd-log-wrapper.sh $(TEST_SSHD_LOGFILE) $(SSHD) -i -f $OBJ/sshd_proxy""

for m in [$macs] {
	trace "test $tid: mac $m"
	setglobal elen = '0'
	setglobal epad = '0'
	setglobal emac = '0'
	setglobal etmo = '0'
	setglobal ecnt = '0'
	setglobal skip = '0'
	for off in [$[jot $tries $startoffset]] {
		setglobal skip = $[expr $skip - 1]
		if test $skip -gt 0 {
			# avoid modifying the high bytes of the length
			continue
		}
		cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
		# modify output from sshd at offset $off
		setglobal pxy = ""proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1""
		if $(SSH) -Q cipher-auth | grep "^$(m)\$" >/dev/null !2 > !1  {
			echo "Ciphers=$m" >> $OBJ/sshd_proxy
			setglobal macopt = ""-c $m""
		} else {
			echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
			echo "MACs=$m" >> $OBJ/sshd_proxy
			setglobal macopt = ""-m $m -c aes128-ctr""
		}
		verbose "test $tid: $m @$off"
		$(SSH) $macopt -2F $OBJ/ssh_proxy -o $pxy \
		    -oServerAliveInterval=1 -oServerAliveCountMax=30 \
		    999.999.999.999 'printf "%4096s" " "' >/dev/null
		if test $Status -eq 0 {
			fail "ssh -m $m succeeds with bit-flip at $off"
		}
		setglobal ecnt = $[expr $ecnt + 1]
		setglobal out = $[egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \
		     tr -s '\r\n' '.]
		match $out {
		with Bad?packet*	setglobal elen = $[expr $elen + 1]; setglobal skip = '3'
		with Corrupted?MAC* | *message?authentication?code?incorrect*
				setglobal emac = $[expr $emac + 1]; setglobal skip = '0'
		with padding*	setglobal epad = $[expr $epad + 1]; setglobal skip = '0'
		with *		fail "unexpected error mac $m at $off: $out"
		}
	}
	verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
	if test $emac -eq 0 {
		fail "$m: no mac errors"
	}
	setglobal expect = $[expr $ecnt - $epad - $elen]
	if test $emac -ne $expect {
		fail "$m: expected $expect mac errors, got $emac"
	}
}