[test suite] added backwards compatibility tests with a dual usage key in access.conf

2013-06-10 21:16:33 -04:00 · 2013-06-10 21:16:33 -04:00 · 0c19e5170a
commit 0c19e5170a
parent a3e06966b5
4 changed files with 61 additions and 0 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -134,6 +134,7 @@ EXTRA_DIST = \
    test/conf/disable_aging_fwknopd.conf \
    test/conf/disable_aging_nat_fwknopd.conf \
    test/conf/dual_key_usage_access.conf \
+    test/conf/dual_key_legacy_iv_access.conf \
    test/conf/ecb_mode_access.conf \
    test/conf/expired_epoch_stanza_access.conf \
    test/conf/expired_stanza_access.conf \
--- a/test/conf/dual_key_legacy_iv_access.conf
+++ b/test/conf/dual_key_legacy_iv_access.conf
@ -0,0 +1,10 @@
+SOURCE              ANY
+KEY                 fwknoptest
+OPEN_PORTS          tcp/22
+FW_ACCESS_TIMEOUT   2
+
+SOURCE              ANY
+KEY                 fwknoptest
+OPEN_PORTS          tcp/22
+FW_ACCESS_TIMEOUT   3
+ENCRYPTION_MODE     legacy
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@ -77,6 +77,7 @@ our %cf = (
    'android_access'               => "$conf_dir/android_access.conf",
    'android_legacy_iv_access'     => "$conf_dir/android_legacy_iv_access.conf",
    'dual_key_access'              => "$conf_dir/dual_key_usage_access.conf",
+    'dual_key_legacy_iv_access'    => "$conf_dir/dual_key_legacy_iv_access.conf",
    'hmac_dual_key_access'         => "$conf_dir/hmac_dual_key_usage_access.conf",
    'gpg_access'                   => "$conf_dir/gpg_access.conf",
    'gpg_hmac_access'              => "$conf_dir/gpg_hmac_access.conf",
@ -674,6 +675,12 @@ sub run_test() {

    $test_hr->{'msg'} = $msg;

+    if ($test_hr->{'mv_and_restore_replay_cache'}) {
+        unlink "${default_digest_file}.mv"
+            if -e "${default_digest_file}.mv";
+        move $default_digest_file, "${default_digest_file}.mv";
+    }
+
    if (&{$test_hr->{'function'}}($test_hr)) {
        &logr("pass ($executed)\n");
        $passed++;
@ -686,6 +693,11 @@ sub run_test() {
        }
    }

+    if ($test_hr->{'mv_and_restore_replay_cache'}) {
+        unlink $default_digest_file if -e $default_digest_file;
+        move "${default_digest_file}.mv", $default_digest_file;
+    }
+
    if ($enable_valgrind and &is_valgrind_running()) {
        if ($killall_path and $pgrep_path) {
            for my $cmd ('memcheck', 'valgrind') {
@ -4996,6 +5008,7 @@ sub validate_test_hashes() {
        'insert_rule_before_exec'    => $OPTIONAL,
        'insert_rule_while_running'  => $OPTIONAL,
        'search_for_rule_after_exit' => $OPTIONAL,
+        'mv_and_restore_replay_cache'  => $OPTIONAL,
        'server_positive_output_matches' => $OPTIONAL,
        'server_negative_output_matches' => $OPTIONAL,
        'replay_positive_output_matches' => $OPTIONAL,
--- a/test/tests/rijndael_backwards_compatibility.pl
+++ b/test/tests/rijndael_backwards_compatibility.pl
@ -71,6 +71,25 @@
        'fw_rule_removed' => $NEW_RULE_REMOVED,
        'fatal'    => $NO
    },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'client->server backwards compat.',
+        'detail'   => 'v2.0.3 dual keys',
+        'function' => \&backwards_compatibility,
+        'pkt' =>
+            '+8OtxmTJPgQmrXZ7hAqTopLBC/thqHNuPHTfR234pFuQOCZUikPe0inHmjfnQFnP' .
+            'Sop/Iy6v+BCn9D+QD7eT7JI6BIoKp14K+8iNgKaNw1BdfgF1XDulpkNEdyG0fXz5' .
+            'M+GledHfz2d49aYThoQ2Cr8Iw1ycViawY',
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'mv_and_restore_replay_cache' => $YES,
+        'fatal'    => $NO
+    },
+
    {
        'category' => 'Rijndael',
        'subcategory' => 'client->server backwards compatibility',
@ -88,6 +107,24 @@
        'fw_rule_removed' => $NEW_RULE_REMOVED,
        'fatal'    => $NO
    },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'client->server backwards compat.',
+        'detail'   => 'v2.0.4 dual keys',
+        'function' => \&backwards_compatibility,
+        'pkt' =>
+            '8Xm8U5vQ03T88UTCWbwO3t/aL6euZ8IgVbNdDVz3Bn6HkTcBqxcME95U/G3bCH' .
+            'vQznpnGb05Md4ZgexHZGzZdSwsP8iVtcZdsgCBfeO4Eqs8OaSMjJVF8SQ+Jmhu' .
+            'XZMcWgMsIzhpprJ7JX41DrWd0OtBnE3rVwsN0',
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'mv_and_restore_replay_cache' => $YES,
+        'fatal'    => $NO
+    },

    ### This test helps with backwards compatibility for the corner
    ### case where an SPA client pre-2.5 uses a password longer than 16 chars