DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,111 Commits 15 Branches 0 Tags
0a279ccbfcb0be44e4e82f9ced28641a8d5cc3ef
Commit Graph

286 Commits

Author SHA1 Message Date
Michael Rash
15b1382160 [test suite] slurp openssl HMAC from file into single string (it may be binary data) 2013-05-18 16:39:08 -04:00
Michael Rash
23a354fced [client+server] ensure HMAC key and encryption passphrase are not the same 2013-05-18 12:10:18 -04:00
Michael Rash
c02ec41ca0 [test suite] minor bug fix to preserve the init file 2013-05-18 08:34:20 -04:00
Michael Rash
45244114f8 [client] --key-gen bug fix to print keys to stdout 2013-05-17 21:03:16 -04:00
Michael Rash
e73d13e140 minor write_test_file() path bug fix 2013-05-13 23:11:33 -04:00
Michael Rash
4e5fb77dd0 Merge remote-tracking branch 'fjoncourt/master' 
Merged update from Franck - closes issue #71.
 2013-05-13 23:10:26 -04:00
Michael Rash
3246c3c6b0 [test suite] added hmac_get_key_access.conf file 2013-05-12 22:30:28 -04:00
Michael Rash
838782f198 [test suite] added fko_destroy() calls to fko-wrapper 2013-05-12 20:57:19 -04:00
Michael Rash
38395b04c6 [test suite] add -x to run_valgrind.sh fko-wrapper script 2013-05-12 14:43:19 -04:00
Michael Rash
3302dd4220 [test suite] added -g to fko_wrapper Makefile for debugging symbols 2013-05-12 14:42:35 -04:00
Franck Joncourt
31d94d50b1 Added tests to validate the encryption mode for the client. 
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
 2013-05-12 17:35:19 +02:00
Michael Rash
a8410d8f2a [test suite] allow valgrind coverage test to run after --test-limit 2013-05-11 13:28:55 -04:00
Michael Rash
b92f892ae0 [test suite] minor bug fix for printing the number of test buckets to be executed 2013-05-09 21:11:45 -04:00
Michael Rash
8f423e8b89 [server] added --pcap-any-direction along with config file support 
From the config file comments:

This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface.  In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network.  If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them.  The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin

PCAP_ANY_DIRECTION         N;
 2013-05-06 22:23:59 -04:00
Michael Rash
5aac3d978c minor typo fix 2013-05-06 22:22:22 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
d4577ab697 Added new tests to the test suite to validate the --save-rc-stanza command line argument. 2013-05-06 11:49:16 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
9f43f7a6ff Merge remote-tracking branch 'upstream/master' 2013-05-04 15:34:34 +02:00
Michael Rash
d61d5b964e [test suite] added Cygwin client compatibility tests 2013-05-03 23:17:24 -04:00
Michael Rash
589a68b97b [test suite] additional iptables init/exit 'no flush' tests 2013-05-03 20:56:05 -04:00
Michael Rash
df5f2d3ac0 [test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported 2013-05-03 20:55:20 -04:00
Michael Rash
5f06cefb02 [test suite] added check for test script inclusion in Makefile.am 2013-05-03 08:35:24 -04:00
Michael Rash
c086105eb1 [server] added tests on Linux systems for the iptables FLUSH_IPT_* vars 2013-05-02 22:29:51 -04:00
Michael Rash
56ef34738e [test suite] add new test files to Makefile.am 2013-05-02 15:08:04 -04:00
Franck Joncourt
23de2d6b5f Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip). 2013-05-01 15:52:01 +02:00
Franck Joncourt
fca497f0d8 New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT). 
Added spa source port variable to dump_transmit_options() and renamed port
to destination port.
 2013-05-01 15:29:17 +02:00
Michael Rash
0f24877762 [test suite] minor comment addition so this isn't a zero-byte file 2013-05-01 08:21:11 -04:00
Franck Joncourt
2110790a30 Added new rc file processing tests for the SPA_SERVER_PORT. 2013-04-30 13:54:58 +02:00
Michael Rash
df5066447d Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode 2013-04-29 21:43:21 -04:00
Franck Joncourt
b53699ef92 Added tests for the SPA_SERVER_PROTO variable from an rc file. 2013-04-29 22:53:06 +02:00
Michael Rash
ea5bb6937a [test suite] add client rc file processing tests (digest only for now, more coming) 2013-04-28 21:52:14 -04:00
Michael Rash
486f0ea52f [test suite] restore gpg directories after test suite runs 2013-04-27 22:41:17 -04:00
Michael Rash
dd05975217 Merge remote-tracking branch 'fjoncourt/master' 
This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).
 2013-04-27 22:26:38 -04:00
Franck Joncourt
b04de687ce Fixed hostname resolution while spoof ip is used. 
mrash/fwknop#64
 2013-04-27 23:31:40 +02:00
Michael Rash
6b095d948d [test suite] minor openssl verification update to print base64 decode flag value 2013-04-27 12:56:50 -04:00
Michael Rash
5e82adbf3f [test suite] added GPG password required HMAC tests, added --disable-valgrind argument 2013-04-23 21:56:41 -04:00
Michael Rash
4ea683678b [test suite] added gpg_no_pw_hmac_access.conf file 2013-04-22 20:59:32 -04:00
Michael Rash
f02cc0ddd2 Added HMAC support to GPG encryption modes, closes #58 2013-04-22 20:45:59 -04:00
Michael Rash
2f72960e0f [test suite] clean command tmp files before and after each test 2013-04-21 21:13:15 -04:00
Michael Rash
6c1b755bea [test suite] removed unnecessary comment lines from test config files 2013-04-20 15:31:26 -04:00
Michael Rash
387b6e40d3 [test suite] updated non-based64 keys in non-base64 key files 2013-04-20 11:09:48 -04:00
Michael Rash
e447ef57c0 [test suite] bug fix to properly extract 'KEY' variable for Rijndael key information 2013-04-20 11:04:53 -04:00
Michael Rash
9a366c2d67 [test suite] consolidated client/server interaction result variables into client_server_interaction() 2013-04-19 19:43:15 -04:00
Michael Rash
f010d88016 removed trailing semicolon from KEY value 2013-04-19 19:42:06 -04:00
Michael Rash
a61939c005 [test suite] Reorganize client/server interactions to be more rigorous 
This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received.  This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output.  This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources.  Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).

The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.

Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.
 2013-04-18 09:35:23 -04:00
Michael Rash
cbf751e8dd [test suite] check for fwknopd ready to receive packets 
This commit was inspired through conversations with George Herlin.
 2013-04-12 21:50:47 -04:00
Michael Rash
c112cb4811 [test suite] get hmac iptables duplicated and sha512 long key tests to pass 2013-04-10 23:31:58 -04:00
Michael Rash
378305a8ab [test suite] added perl FKO Rijndael key test with embedded NULL char 2013-04-09 22:48:54 -04:00
Michael Rash
b45a1b07ad minor var naming/spacing update 2013-04-09 21:28:32 -04:00