DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
Franck Joncourt 2013-04-29 22:21:18 +02:00
commit 36202d8c66
3 changed files with 178 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
client/config_init.c
View File

@ -742,6 +742,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
}
strlcpy(options->hmac_key_base64, val, sizeof(options->hmac_key_base64));
options->have_hmac_base64_key = 1;
options->use_hmac = 1;
}
/* HMAC key */
@ -749,6 +750,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
{
strlcpy(options->hmac_key, val, sizeof(options->hmac_key));
options->have_hmac_key = 1;
options->use_hmac = 1;
}
/* Key file */
@ -1267,6 +1269,11 @@ validate_options(fko_cli_options_t *options)
}
}
/* Validate HMAC digest type
*/
if(options->use_hmac && options->hmac_type == FKO_HMAC_UNKNOWN)
options->hmac_type = FKO_DEFAULT_HMAC_MODE;
return;
}
@ -1282,7 +1289,7 @@ set_defaults(fko_cli_options_t *options)
options->key_len = FKO_DEFAULT_KEY_LEN;
options->hmac_key_len = FKO_DEFAULT_HMAC_KEY_LEN;
options->hmac_type = FKO_DEFAULT_HMAC_MODE;
options->hmac_type = FKO_HMAC_UNKNOWN; /* updated when HMAC key is used */
options->spa_icmp_type = ICMP_ECHOREPLY; /* only used in '-P icmp' mode */
options->spa_icmp_code = 0; /* only used in '-P icmp' mode */

114
test/test-fwknop.pl
View File

@ -135,6 +135,7 @@ our %cf = (
our $default_digest_file = "$run_dir/digest.cache";
our $default_pid_file = "$run_dir/fwknopd.pid";
our $tmp_rc_file = "$run_dir/fwknoprc";
our $rewrite_rc_file = "$run_dir/rewrite_fwknoprc";
our $tmp_pkt_file = "$run_dir/tmp_spa.pkt";
our $tmp_args_file = "$run_dir/args.save";
@ -384,6 +385,9 @@ our $default_client_args_no_get_key = "LD_LIBRARY_PATH=$lib_dir " .
"$valgrind_str $fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip " .
"--no-save-args --verbose --verbose";
our $client_rewrite_rc_args = "$default_client_args_no_get_key " .
"--rc-file $rewrite_rc_file --test";
our $default_client_hmac_args = "$default_client_args_no_get_key " .
"--rc-file $cf{'rc_hmac_b64_key'}";
@ -502,6 +506,7 @@ my %test_keys = (
'pkt_prefix' => $OPTIONAL,
'no_ip_check' => $OPTIONAL,
'set_legacy_iv' => $OPTIONAL,
'write_rc_file' => $OPTIONAL,
'positive_output_matches' => $OPTIONAL,
'negative_output_matches' => $OPTIONAL,
'server_positive_output_matches' => $OPTIONAL,
@ -1024,6 +1029,114 @@ sub expected_code_version() {
return 0;
}
sub client_rc_file() {
my $test_hr = shift;
my $rv = 1;
if ($test_hr->{'write_rc_file'}) {
open RC, "> $rewrite_rc_file"
or die "[*] Could not open $rewrite_rc_file: $!";
for my $hr (@{$test_hr->{'write_rc_file'}}) {
print RC "[$hr->{'name'}]\n";
for my $var (keys %{$hr->{'vars'}}) {
print RC "$var $hr->{'vars'}->{$var}\n";
}
}
close RC;
}
$rv = 0 unless &run_cmd($test_hr->{'cmdline'},
$cmd_out_tmp, $curr_test_file);
$rv = 0 unless &file_find_regex([qr/final\spacked/i],
$MATCH_ALL, $NO_APPEND_RESULTS, $curr_test_file);
if ($test_hr->{'positive_output_matches'}) {
unless (&file_find_regex(
$test_hr->{'positive_output_matches'},
$MATCH_ALL, $APPEND_RESULTS, $curr_test_file)) {
&write_test_file(
"[-] positive_output_matches not met, setting rv=0\n",
$curr_test_file);
$rv = 0;
}
}
if ($test_hr->{'negative_output_matches'}) {
if (&file_find_regex(
$test_hr->{'negative_output_matches'},
$MATCH_ANY, $APPEND_RESULTS, $curr_test_file)) {
&write_test_file(
"[-] negative_output_matches not met, setting rv=0\n",
$curr_test_file);
$rv = 0;
}
}
unless (&validate_fko_decode()) {
$rv = 0;
}
return $rv;
}
sub validate_fko_decode() {
return 0 unless -e $curr_test_file;
### make sure that the before and after FKO decode
### sections are the same - this ensures that libfko
### encoding / decoding cycles match up
my @before_lines = ();
my @after_lines = ();
my $found_fko_field_values = 0;
my $finished_first_section = 0;
open F, "< $curr_test_file"
or die "[*] Could not open $curr_test_file: $!";
while (<F>) {
if (/^FKO\sField\sValues/) {
$found_fko_field_values = 1;
next;
}
next unless $found_fko_field_values;
if (/Generating\sSPA\spacket/) {
$found_fko_field_values = 0;
last if $finished_first_section;
$finished_first_section = 1;
}
if ($found_fko_field_values) {
if ($finished_first_section) {
push @after_lines, $_ if $_ =~ /\S/;
} else {
push @before_lines, $_ if $_ =~ /\S/;
}
}
}
close F;
my $found_difference = 0;
for (my $i=0; $i < $#before_lines; $i++) {
unless (defined $after_lines[$i]) {
$found_difference = 1;
last;
}
if ($before_lines[$i] ne $after_lines[$i]) {
chomp $before_lines[$i];
chomp $after_lines[$i];
&write_test_file(
"[-] Line mismatch, before '$before_lines[$i]', after '$after_lines[$i]'\n",
$curr_test_file);
$found_difference = 1;
}
}
if ($found_difference) {
return 0;
}
return 1;
}
sub client_send_spa_packet() {
my ($test_hr, $server_receive_check) = @_;
@ -5474,6 +5587,7 @@ sub file_find_regex() {
for my $re (@$re_ar) {
my $matched = 0;
for my $line (@file_lines) {
next if $line =~ /file_find_regex\(\)/;
if ($line =~ $re) {
push @write_lines, "[.] file_find_regex() " .
"Matched '$re' with line: $line";

56
test/tests/basic_operations.pl
View File

@ -99,6 +99,62 @@
'fatal' => $YES
},
{
'category' => 'basic operations',
'subcategory' => 'client rc file',
'detail' => 'digest MD5',
'function' => \&client_rc_file,
'cmdline' => $client_rewrite_rc_args,
'write_rc_file' => [{'name' => 'default',
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'MD5'}}],
'positive_output_matches' => [qr/Digest\sType\:\s.*MD5/],
'fatal' => $NO
},
{
'category' => 'basic operations',
'subcategory' => 'client rc file',
'detail' => 'digest SHA1',
'function' => \&client_rc_file,
'cmdline' => $client_rewrite_rc_args,
'write_rc_file' => [{'name' => 'default',
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA1'}}],
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA1/],
'fatal' => $NO
},
{
'category' => 'basic operations',
'subcategory' => 'client rc file',
'detail' => 'digest SHA256',
'function' => \&client_rc_file,
'cmdline' => $client_rewrite_rc_args,
'write_rc_file' => [{'name' => 'default',
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA256'}}],
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA256/],
'fatal' => $NO
},
{
'category' => 'basic operations',
'subcategory' => 'client rc file',
'detail' => 'digest SHA384',
'function' => \&client_rc_file,
'cmdline' => $client_rewrite_rc_args,
'write_rc_file' => [{'name' => 'default',
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA384'}}],
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA384/],
'fatal' => $NO
},
{
'category' => 'basic operations',
'subcategory' => 'client rc file',
'detail' => 'digest SHA512',
'function' => \&client_rc_file,
'cmdline' => $client_rewrite_rc_args,
'write_rc_file' => [{'name' => 'default',
'vars' => {'KEY' => 'testtest', 'DIGEST_TYPE' => 'SHA512'}}],
'positive_output_matches' => [qr/Digest\sType\:\s.*SHA512/],
'fatal' => $NO
},
{
'category' => 'basic operations',
'subcategory' => 'server',