DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,284 Commits 15 Branches 0 Tags
694fb39a85e29128781c01bbdcb1faabfb0df8ec
Commit Graph

56 Commits

Author SHA1 Message Date
Michael Rash
694fb39a85 [test suite] Bug fix to not run an iptables Rijndael HMAC test on non-Linux systems 2013-07-25 20:33:19 -04:00
Michael Rash
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) 2013-07-14 15:37:24 -04:00
Michael Rash
44aefd1177 [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests 2013-07-13 23:22:58 -04:00
Michael Rash
13626a2a74 [test suite] added tests for KEY synonym GPG_SIGNING_PW 2013-06-19 23:41:37 -04:00
Michael Rash
13173343ee [client] add GPG_ALLOW_NO_SIGNING_PW and --gpg-no-signing-pw 
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file.  Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature.  The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
 2013-06-18 22:51:22 -04:00
Michael Rash
b0c9ed52ba [test suite] bug fix for proper replay attack regex searching of test output, added several replay attack tests 2013-06-15 21:20:39 -04:00
Michael Rash
fc8a74131b [test suite] minor OS compatibility test re-order 2013-06-12 23:10:19 -04:00
Michael Rash
12eab497c2 [test suite] added a few OS compatibility tests 2013-06-11 22:01:23 -04:00
Michael Rash
ef8aa2e471 [test suite] minor bug fix to add 'iptables' to custom chain test titles 2013-06-10 22:38:55 -04:00
Michael Rash
f9df2f6eca [test suite] additional --save-rc-stanza tests for vars not printed in fwknop client decode output 2013-06-10 21:18:37 -04:00
Michael Rash
0c19e5170a [test suite] added backwards compatibility tests with a dual usage key in access.conf 2013-06-10 21:16:33 -04:00
Michael Rash
88e1e0e099 [test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file 2013-06-09 15:27:19 -04:00
Michael Rash
7a1bdea514 [server] fix 'Use of untrusted string value' bug found by Coverity 
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output.  Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
 2013-06-09 14:28:17 -04:00
Michael Rash
66399fed1a Merge remote-tracking branch 'fjoncourt/master' 
Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
via --fd.
 2013-06-02 22:54:23 -04:00
Michael Rash
164888e075 [test suite] added backwards compatibility test for truncated keys longer > 16 chars 2013-06-02 21:19:19 -04:00
Franck Joncourt
583e1e02c7 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/config_init.c
 2013-06-02 21:54:25 +02:00
Franck Joncourt
9fce10abd8 Adding support for reading encryption/key password from a file descriptor. 
* Added tests to the test suite.
 * Updated the usage message.
 * Fixed the password functions.

reference : mrash/fwknop#74
 2013-06-02 21:36:17 +02:00
Michael Rash
b9bd984768 [test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test 2013-05-23 14:44:29 -04:00
Michael Rash
72ab0bf5d5 [test suite] added client -f firewall timeout tests 2013-05-19 15:29:20 -04:00
Michael Rash
23a354fced [client+server] ensure HMAC key and encryption passphrase are not the same 2013-05-18 12:10:18 -04:00
Michael Rash
45244114f8 [client] --key-gen bug fix to print keys to stdout 2013-05-17 21:03:16 -04:00
Franck Joncourt
31d94d50b1 Added tests to validate the encryption mode for the client. 
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
 2013-05-12 17:35:19 +02:00
Michael Rash
5aac3d978c minor typo fix 2013-05-06 22:22:22 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
d4577ab697 Added new tests to the test suite to validate the --save-rc-stanza command line argument. 2013-05-06 11:49:16 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
9f43f7a6ff Merge remote-tracking branch 'upstream/master' 2013-05-04 15:34:34 +02:00
Michael Rash
d61d5b964e [test suite] added Cygwin client compatibility tests 2013-05-03 23:17:24 -04:00
Michael Rash
589a68b97b [test suite] additional iptables init/exit 'no flush' tests 2013-05-03 20:56:05 -04:00
Michael Rash
c086105eb1 [server] added tests on Linux systems for the iptables FLUSH_IPT_* vars 2013-05-02 22:29:51 -04:00
Franck Joncourt
23de2d6b5f Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip). 2013-05-01 15:52:01 +02:00
Franck Joncourt
fca497f0d8 New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT). 
Added spa source port variable to dump_transmit_options() and renamed port
to destination port.
 2013-05-01 15:29:17 +02:00
Franck Joncourt
2110790a30 Added new rc file processing tests for the SPA_SERVER_PORT. 2013-04-30 13:54:58 +02:00
Michael Rash
df5066447d Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode 2013-04-29 21:43:21 -04:00
Franck Joncourt
b53699ef92 Added tests for the SPA_SERVER_PROTO variable from an rc file. 2013-04-29 22:53:06 +02:00
Michael Rash
ea5bb6937a [test suite] add client rc file processing tests (digest only for now, more coming) 2013-04-28 21:52:14 -04:00
Franck Joncourt
b04de687ce Fixed hostname resolution while spoof ip is used. 
mrash/fwknop#64
 2013-04-27 23:31:40 +02:00
Michael Rash
5e82adbf3f [test suite] added GPG password required HMAC tests, added --disable-valgrind argument 2013-04-23 21:56:41 -04:00
Michael Rash
f02cc0ddd2 Added HMAC support to GPG encryption modes, closes #58 2013-04-22 20:45:59 -04:00
Michael Rash
9a366c2d67 [test suite] consolidated client/server interaction result variables into client_server_interaction() 2013-04-19 19:43:15 -04:00
Michael Rash
c112cb4811 [test suite] get hmac iptables duplicated and sha512 long key tests to pass 2013-04-10 23:31:58 -04:00
Michael Rash
378305a8ab [test suite] added perl FKO Rijndael key test with embedded NULL char 2013-04-09 22:48:54 -04:00
Michael Rash
05ced0a514 add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64) 2013-04-08 22:14:06 -04:00
Michael Rash
748715acf8 [test suite] added python->C HMAC test 2013-04-08 20:45:14 -04:00
Michael Rash
4f9fbe4549 [test suite] NAT name resolution tests 
This commit adds tests for NAT name resolution in support of issue #43.
 2013-04-07 13:33:42 -04:00
Michael Rash
d6b4a2a1c3 added fuzzing tests for long Rijndael and HMAC keys 2013-03-28 20:42:12 -04:00
Michael Rash
42cfc58e20 [perl FKO] add HMAC support along with test suite HMAC verification (closes #16) 2013-03-21 21:55:18 -04:00
Michael Rash
49c956dafc [test suite] added two basic tests for installation and operations of the python fko extension 2013-03-19 21:23:36 -04:00
Michael Rash
4bdb71315a [client] --nat-rand-port bug fix 
Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A.  This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).
 2013-03-16 14:38:20 -04:00
Michael Rash
3ef3ab29c8 [test suite] 'key_file' hash key update for HMAC SHA384 test 2013-03-12 23:20:12 -04:00