File openssh-6.6p1-cavstest-ctr.patch of Package openssh.10219

# HG changeset patch
# Parent  de5373e6a7f6105ff41f9e76d8f51f7efd4896ad
CAVS test for OpenSSH's own CTR encryption mode implementation

diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in
--- a/openssh-6.6p1/Makefile.in
+++ b/openssh-6.6p1/Makefile.in
@@ -22,16 +22,17 @@ top_srcdir=@top_srcdir@
 DESTDIR=
 VPATH=@srcdir@
 SSH_PROGRAM=@bindir@/ssh
 ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 SFTP_SERVER=$(libexecdir)/sftp-server
 SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
 SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+CAVSTEST_CTR=$(libexecdir)/cavstest-ctr
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 STRIP_OPT=@STRIP_OPT@
 
 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
 	-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
 	-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
@@ -60,17 +61,17 @@ SED=@SED@
 ENT=@ENT@
 XAUTH_PATH=@XAUTH_PATH@
 LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
 
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) cavstest-ctr$(EXEEXT)
 
 LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
 	canohost.o channels.o cipher.o cipher-aes.o \
 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
 	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
 	log.o match.o md-sha256.o moduli.o nchan.o packet.o \
 	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
@@ -172,16 +173,19 @@ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh
 	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
 	$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
+cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
+	$(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
 	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -278,16 +282,17 @@ install-files:
 	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
 	$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+	$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
 	if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
 		$(INSTALL) -m 0755 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
 		$(INSTALL) -m 0755 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
 	fi
 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
 	$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
diff --git a/openssh-6.6p1/cavstest-ctr.c b/openssh-6.6p1/cavstest-ctr.c
new file mode 100644
--- /dev/null
+++ b/openssh-6.6p1/cavstest-ctr.c
@@ -0,0 +1,212 @@
+/*
+ *
+ * invocation (all of the following are equal):
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
+ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "xmalloc.h"
+#include "log.h"
+#include "cipher.h"
+
+/* compatibility with old or broken OpenSSL versions */
+#include "openbsd-compat/openssl-compat.h"
+
+void
+usage(void)
+{
+	fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
+	    "                    --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
+	    "                    [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
+	    "Hexadecimal output is printed to stdout.\n"
+	    "Hexadecimal input data can be alternatively read from stdin.\n");
+	exit(1);
+}
+
+void *
+fromhex(char *hex, size_t * len)
+{
+	unsigned char *bin;
+	char *p;
+	size_t n = 0;
+	int shift = 4;
+	unsigned char out = 0;
+	unsigned char *optr;
+
+	bin = xmalloc(strlen(hex) / 2);
+	optr = bin;
+
+	for (p = hex; *p != '\0'; ++p) {
+		unsigned char c;
+
+		c = *p;
+		if (isspace(c))
+			continue;
+
+		if (c >= '0' && c <= '9') {
+			c = c - '0';
+		} else if (c >= 'A' && c <= 'F') {
+			c = c - 'A' + 10;
+		} else if (c >= 'a' && c <= 'f') {
+			c = c - 'a' + 10;
+		} else {
+			/* truncate on nonhex cipher */
+			break;
+		}
+
+		out |= c << shift;
+		shift = (shift + 4) % 8;
+
+		if (shift) {
+			*(optr++) = out;
+			out = 0;
+			++n;
+		}
+	}
+
+	*len = n;
+	return bin;
+}
+
+#define READ_CHUNK 4096
+#define MAX_READ_SIZE 1024*1024*100
+char *
+read_stdin(void)
+{
+	char *buf;
+	size_t n, total = 0;
+
+	buf = xmalloc(READ_CHUNK);
+
+	do {
+		n = fread(buf + total, 1, READ_CHUNK, stdin);
+		if (n < READ_CHUNK)	/* terminate on short read */
+			break;
+
+		total += n;
+		buf = xrealloc(buf, total + READ_CHUNK, 1);
+	} while (total < MAX_READ_SIZE);
+	return buf;
+}
+
+int
+main(int argc, char *argv[])
+{
+
+	Cipher *c;
+	CipherContext cc;
+	char *algo = "aes128-ctr";
+	char *hexkey = NULL;
+	char *hexiv = "00000000000000000000000000000000";
+	char *hexdata = NULL;
+	char *p;
+	int i;
+	int encrypt = 1;
+	void *key;
+	size_t keylen;
+	void *iv;
+	size_t ivlen;
+	void *data;
+	size_t datalen;
+	void *outdata;
+
+	for (i = 1; i < argc; ++i) {
+		if (strcmp(argv[i], "--algo") == 0) {
+			algo = argv[++i];
+		} else if (strcmp(argv[i], "--key") == 0) {
+			hexkey = argv[++i];
+		} else if (strcmp(argv[i], "--mode") == 0) {
+			++i;
+			if (argv[i] == NULL) {
+				usage();
+			}
+			if (strncmp(argv[i], "enc", 3) == 0) {
+				encrypt = 1;
+			} else if (strncmp(argv[i], "dec", 3) == 0) {
+				encrypt = 0;
+			} else {
+				usage();
+			}
+		} else if (strcmp(argv[i], "--iv") == 0) {
+			hexiv = argv[++i];
+		} else if (strcmp(argv[i], "--data") == 0) {
+			hexdata = argv[++i];
+		}
+	}
+
+	if (hexkey == NULL || algo == NULL) {
+		usage();
+	}
+
+	SSLeay_add_all_algorithms();
+
+	c = cipher_by_name(algo);
+	if (c == NULL) {
+		fprintf(stderr, "Error: unknown algorithm\n");
+		return 2;
+	}
+
+	if (hexdata == NULL) {
+		hexdata = read_stdin();
+	} else {
+		hexdata = xstrdup(hexdata);
+	}
+
+	key = fromhex(hexkey, &keylen);
+
+	if (keylen != 16 && keylen != 24 && keylen == 32) {
+		fprintf(stderr, "Error: unsupported key length\n");
+		return 2;
+	}
+
+	iv = fromhex(hexiv, &ivlen);
+
+	if (ivlen != 16) {
+		fprintf(stderr, "Error: unsupported iv length\n");
+		return 2;
+	}
+
+	data = fromhex(hexdata, &datalen);
+
+	if (data == NULL || datalen == 0) {
+		fprintf(stderr, "Error: no data to encrypt/decrypt\n");
+		return 2;
+	}
+
+	cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);
+
+	free(key);
+	free(iv);
+
+	outdata = malloc(datalen);
+	if (outdata == NULL) {
+		fprintf(stderr, "Error: memory allocation failure\n");
+		return 2;
+	}
+
+	cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0);
+
+	free(data);
+
+	cipher_cleanup(&cc);
+
+	for (p = outdata; datalen > 0; ++p, --datalen) {
+		printf("%02X", (unsigned char) *p);
+	}
+
+	free(outdata);
+
+	printf("\n");
+	return 0;
+}
openSUSE Build Service is sponsored by