DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[test suite] added Rijndael+HMAC SPOOF_SRC fwknoprc file test

Browse Source
This commit is contained in:
Michael Rash 2014-03-13 00:10:22 -04:00
parent 4181b43f55
commit ad512ff6e7
5 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -196,6 +196,7 @@ EXTRA_DIST = \
test/conf/multi_pkts.pcap \
test/conf/fwknoprc_default_hmac_base64_key \
test/conf/fwknoprc_hmac_nat_rand_base64_key \
test/conf/fwknoprc_hmac_spoof_src_base64_key \
test/conf/fwknoprc_hmac_key2 \
test/conf/fwknoprc_gpg_hmac_key \
test/conf/fwknoprc_hmac_equal_keys \

8
client/config_init.c
View File

@ -1741,6 +1741,14 @@ validate_options(fko_cli_options_t *options)
log_msg(LOG_VERBOSITY_ERROR, "Invalid spoof IP");
exit(EXIT_FAILURE);
}
if(options->spa_proto != FKO_PROTO_TCP_RAW
&& options->spa_proto != FKO_PROTO_UDP_RAW
&& options->spa_proto != FKO_PROTO_ICMP)
{
log_msg(LOG_VERBOSITY_ERROR,
"Must set -Q <udpraw|tcpraw|icmp> with a spoofed source IP");
exit(EXIT_FAILURE);
}
}
if(options->resolve_ip_http || options->spa_proto == FKO_PROTO_HTTP)

6
test/conf/fwknoprc_hmac_spoof_src_base64_key Normal file
View File

@ -0,0 +1,6 @@
[default]
HMAC_DIGEST_TYPE sha256
KEY_BASE64 wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
HMAC_KEY_BASE64 Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
SPOOF_SOURCE_IP 3.3.3.3
SPA_SERVER_PROTO udpraw

1
test/test-fwknop.pl
View File

@ -136,6 +136,7 @@ our %cf = (
'rc_invalid_b64_key' => "$conf_dir/fwknoprc_invalid_base64_key",
'rc_hmac_b64_key' => "$conf_dir/fwknoprc_default_hmac_base64_key",
'rc_hmac_nat_rand_b64_key' => "$conf_dir/fwknoprc_hmac_nat_rand_base64_key",
'rc_hmac_spoof_src_b64_key' => "$conf_dir/fwknoprc_hmac_spoof_src_base64_key",
'rc_hmac_sha512_b64_key' => "$conf_dir/fwknoprc_hmac_sha512_base64_key",
'rc_hmac_b64_key2' => "$conf_dir/fwknoprc_hmac_key2",
'rc_rand_port_hmac_b64_key' => "$conf_dir/fwknoprc_rand_port_hmac_base64_key",

28
test/tests/rijndael_hmac.pl
View File

@ -412,6 +412,34 @@
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_b64_key'},
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
'detail' => 'spoof src IP 3.3.3.3 (tcp/22)',
'function' => \&spa_cycle,
'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
"$fwknopCmd -A tcp/22 -a $fake_ip -P udpraw -Q 3.3.3.3 -D $loopback_ip --rc-file " .
"$cf{'rc_hmac_b64_key'} $verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_b64_key'},
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
'detail' => 'rc file spoof src IP (tcp/22)',
'function' => \&spa_cycle,
'cmdline' => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
"$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " .
"$cf{'rc_hmac_spoof_src_b64_key'} $verbose_str",
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_spoof_src_b64_key'},
},
{
'category' => 'Rijndael+HMAC',