DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[test suite] added backwards compatibility test for truncated keys longer > 16 chars

Browse Source
This commit is contained in:
Michael Rash 2013-06-02 21:19:19 -04:00
parent 2874205d05
commit 164888e075
3 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/conf/legacy_iv_long_key_access.conf Normal file
View File

@ -0,0 +1,4 @@
SOURCE ANY
KEY 1234567890123456
FW_ACCESS_TIMEOUT 3
ENCRYPTION_MODE legacy

1
test/test-fwknop.pl
View File

@ -80,6 +80,7 @@ our %cf = (
'gpg_access' => "$conf_dir/gpg_access.conf", 'gpg_access' => "$conf_dir/gpg_access.conf",
'gpg_hmac_access' => "$conf_dir/gpg_hmac_access.conf", 'gpg_hmac_access' => "$conf_dir/gpg_hmac_access.conf",
'legacy_iv_access' => "$conf_dir/legacy_iv_access.conf", 'legacy_iv_access' => "$conf_dir/legacy_iv_access.conf",
'legacy_iv_long_key_access' => "$conf_dir/legacy_iv_long_key_access.conf",
'gpg_no_pw_access' => "$conf_dir/gpg_no_pw_access.conf", 'gpg_no_pw_access' => "$conf_dir/gpg_no_pw_access.conf",
'gpg_no_pw_hmac_access' => "$conf_dir/gpg_no_pw_hmac_access.conf", 'gpg_no_pw_hmac_access' => "$conf_dir/gpg_no_pw_hmac_access.conf",
'tcp_server' => "$conf_dir/tcp_server_fwknopd.conf", 'tcp_server' => "$conf_dir/tcp_server_fwknopd.conf",

27
test/tests/rijndael_backwards_compatibility.pl
View File

@ -88,6 +88,33 @@
'fw_rule_removed' => $NEW_RULE_REMOVED, 'fw_rule_removed' => $NEW_RULE_REMOVED,
'fatal' => $NO 'fatal' => $NO
}, },
### This test helps with backwards compatibility for the corner
### case where an SPA client pre-2.5 uses a password longer than 16 chars
### which gets truncated to just 16 chars (this bug was fixed in the 2.5
### development series). The SPA packet itself was generated by fwknop
### 2.0.4 with a pass phrase of '12345678901234567890', and this can be
### decrypted with the legacy encryption mode setting in fwknop-2.5 as
### long as the key in the access.conf file has been truncated to 16
### chars.
{
'category' => 'Rijndael',
'subcategory' => 'client->server backwards compat.',
'detail' => 'v2.0.4 truncated key',
'function' => \&backwards_compatibility,
'pkt' =>
'8nypBDKbDQZ2w6mTAB5xqOmNcoCWfhkIfqb6Ybuc101TZ+VbT+QjtREn2F2ff' .
'bL7PclPqPaGOrDeUCyMERFAkO/InryQUYtNlwnjcQdo15+JewnPj8XMDEtmvM' .
'jBZ7GmmG3WabIHzHcIi1xsBvoAwYCtxOH+GivVA',
'server_positive_output_matches' => [qr/with expire time/],
'fwknopd_cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
"$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'legacy_iv_long_key_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'fatal' => $NO
},
{ {
'category' => 'Rijndael', 'category' => 'Rijndael',
'subcategory' => 'Android compatibility', 'subcategory' => 'Android compatibility',