Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
openssh.9495
openssh-6.6p1-cavstest-ctr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-6.6p1-cavstest-ctr.patch of Package openssh.9495
# HG changeset patch # Parent de5373e6a7f6105ff41f9e76d8f51f7efd4896ad CAVS test for OpenSSH's own CTR encryption mode implementation diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in --- a/openssh-6.6p1/Makefile.in +++ b/openssh-6.6p1/Makefile.in @@ -22,16 +22,17 @@ top_srcdir=@top_srcdir@ DESTDIR= VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper +CAVSTEST_CTR=$(libexecdir)/cavstest-ctr SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ STRIP_OPT=@STRIP_OPT@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ @@ -60,17 +61,17 @@ SED=@SED@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ MANFMT=@MANFMT@ INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@ -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) cavstest-ctr$(EXEEXT) LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-aes.o \ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o md-sha256.o moduli.o nchan.o packet.o \ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ @@ -172,16 +173,19 @@ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o + $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -278,16 +282,17 @@ install-files: $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \ $(INSTALL) -m 0755 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \ fi $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 diff --git a/openssh-6.6p1/cavstest-ctr.c b/openssh-6.6p1/cavstest-ctr.c new file mode 100644 --- /dev/null +++ b/openssh-6.6p1/cavstest-ctr.c @@ -0,0 +1,212 @@ +/* + * + * invocation (all of the following are equal): + * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 + * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000 + * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt + */ + +#include "includes.h" + +#include <sys/types.h> +#include <sys/param.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include "xmalloc.h" +#include "log.h" +#include "cipher.h" + +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" + +void +usage(void) +{ + fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n" + " --key <hexadecimal-key> --mode <encrypt|decrypt>\n" + " [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n" + "Hexadecimal output is printed to stdout.\n" + "Hexadecimal input data can be alternatively read from stdin.\n"); + exit(1); +} + +void * +fromhex(char *hex, size_t * len) +{ + unsigned char *bin; + char *p; + size_t n = 0; + int shift = 4; + unsigned char out = 0; + unsigned char *optr; + + bin = xmalloc(strlen(hex) / 2); + optr = bin; + + for (p = hex; *p != '\0'; ++p) { + unsigned char c; + + c = *p; + if (isspace(c)) + continue; + + if (c >= '0' && c <= '9') { + c = c - '0'; + } else if (c >= 'A' && c <= 'F') { + c = c - 'A' + 10; + } else if (c >= 'a' && c <= 'f') { + c = c - 'a' + 10; + } else { + /* truncate on nonhex cipher */ + break; + } + + out |= c << shift; + shift = (shift + 4) % 8; + + if (shift) { + *(optr++) = out; + out = 0; + ++n; + } + } + + *len = n; + return bin; +} + +#define READ_CHUNK 4096 +#define MAX_READ_SIZE 1024*1024*100 +char * +read_stdin(void) +{ + char *buf; + size_t n, total = 0; + + buf = xmalloc(READ_CHUNK); + + do { + n = fread(buf + total, 1, READ_CHUNK, stdin); + if (n < READ_CHUNK) /* terminate on short read */ + break; + + total += n; + buf = xrealloc(buf, total + READ_CHUNK, 1); + } while (total < MAX_READ_SIZE); + return buf; +} + +int +main(int argc, char *argv[]) +{ + + Cipher *c; + CipherContext cc; + char *algo = "aes128-ctr"; + char *hexkey = NULL; + char *hexiv = "00000000000000000000000000000000"; + char *hexdata = NULL; + char *p; + int i; + int encrypt = 1; + void *key; + size_t keylen; + void *iv; + size_t ivlen; + void *data; + size_t datalen; + void *outdata; + + for (i = 1; i < argc; ++i) { + if (strcmp(argv[i], "--algo") == 0) { + algo = argv[++i]; + } else if (strcmp(argv[i], "--key") == 0) { + hexkey = argv[++i]; + } else if (strcmp(argv[i], "--mode") == 0) { + ++i; + if (argv[i] == NULL) { + usage(); + } + if (strncmp(argv[i], "enc", 3) == 0) { + encrypt = 1; + } else if (strncmp(argv[i], "dec", 3) == 0) { + encrypt = 0; + } else { + usage(); + } + } else if (strcmp(argv[i], "--iv") == 0) { + hexiv = argv[++i]; + } else if (strcmp(argv[i], "--data") == 0) { + hexdata = argv[++i]; + } + } + + if (hexkey == NULL || algo == NULL) { + usage(); + } + + SSLeay_add_all_algorithms(); + + c = cipher_by_name(algo); + if (c == NULL) { + fprintf(stderr, "Error: unknown algorithm\n"); + return 2; + } + + if (hexdata == NULL) { + hexdata = read_stdin(); + } else { + hexdata = xstrdup(hexdata); + } + + key = fromhex(hexkey, &keylen); + + if (keylen != 16 && keylen != 24 && keylen == 32) { + fprintf(stderr, "Error: unsupported key length\n"); + return 2; + } + + iv = fromhex(hexiv, &ivlen); + + if (ivlen != 16) { + fprintf(stderr, "Error: unsupported iv length\n"); + return 2; + } + + data = fromhex(hexdata, &datalen); + + if (data == NULL || datalen == 0) { + fprintf(stderr, "Error: no data to encrypt/decrypt\n"); + return 2; + } + + cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt); + + free(key); + free(iv); + + outdata = malloc(datalen); + if (outdata == NULL) { + fprintf(stderr, "Error: memory allocation failure\n"); + return 2; + } + + cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0); + + free(data); + + cipher_cleanup(&cc); + + for (p = outdata; datalen > 0; ++p, --datalen) { + printf("%02X", (unsigned char) *p); + } + + free(outdata); + + printf("\n"); + return 0; +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor