DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
975 Commits 15 Branches 0 Tags
Commit Graph

975 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
77c876c110 credits and changelog updates 2013-04-18 20:53:37 -04:00
Michael Rash
a61939c005 [test suite] Reorganize client/server interactions to be more rigorous 
This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received.  This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output.  This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources.  Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).

The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.

Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.
 2013-04-18 09:35:23 -04:00
Michael Rash
b17cb08ddc fixed two type mismatch compilation warnings for the perl FKO extension 2013-04-17 23:27:54 -04:00
Michael Rash
d785dcbe62 [test suite] added tests/python_fko.pl for python tests 2013-04-15 22:02:19 -04:00
Michael Rash
cbf751e8dd [test suite] check for fwknopd ready to receive packets 
This commit was inspired through conversations with George Herlin.
 2013-04-12 21:50:47 -04:00
Michael Rash
87fc50bb31 Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support 
This commit from Franck Joncourt closes #43
 2013-04-12 21:16:20 -04:00
Franck Joncourt
fbd38d805b Added some else statements and their comments. 2013-04-12 14:48:26 +02:00
Franck Joncourt
d988f95a46 Fixed test-fwknop.pl to remove any references to my test files. 2013-04-11 13:36:58 +02:00
Franck Joncourt
9faa625d95 Removed tests. 2013-04-11 13:08:36 +02:00
Michael Rash
c112cb4811 [test suite] get hmac iptables duplicated and sha512 long key tests to pass 2013-04-10 23:31:58 -04:00
Franck Joncourt
fd767a1f47 Resolve ip address in all of tha nat modes (mrash/fwknop#43). 2013-04-10 16:06:06 +02:00
Franck Joncourt
8f3e6a4ed1 Merge remote-tracking branch 'upstream/hmac_support' into hmac_support 2013-04-10 15:12:54 +02:00
Michael Rash
378305a8ab [test suite] added perl FKO Rijndael key test with embedded NULL char 2013-04-09 22:48:54 -04:00
Michael Rash
b45a1b07ad minor var naming/spacing update 2013-04-09 21:28:32 -04:00
Michael Rash
05ced0a514 add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64) 2013-04-08 22:14:06 -04:00
Michael Rash
748715acf8 [test suite] added python->C HMAC test 2013-04-08 20:45:14 -04:00
Michael Rash
57773993e4 [test suite] don't remove output/ directory in --list mode, closes #53 2013-04-07 20:57:35 -04:00
Michael Rash
cccab3c22b [test suite] restore --diff mode, fixes #52 2013-04-07 16:28:33 -04:00
Michael Rash
a59b5acc99 Merge patch from Franck in support of issue #43 2013-04-07 15:11:09 -04:00
Michael Rash
4f9fbe4549 [test suite] NAT name resolution tests 
This commit adds tests for NAT name resolution in support of issue #43.
 2013-04-07 13:33:42 -04:00
Franck Joncourt
ed2d6ec8ea Added tests to the test suite in order to check the update. 2013-04-07 19:00:38 +02:00
Franck Joncourt
8f667c17ac Fixed Nat mode not resolving hostname to IP's. 
Linked mrash/fwknop#43
 2013-04-06 22:59:59 +02:00
Michael Rash
fcac5ca413 [test suite] minor encryption key variable name update 2013-04-02 07:48:17 -04:00
Michael Rash
98d5b6d8a0 added 'legacy' initialization vector text to man pages 2013-04-02 07:47:20 -04:00
Michael Rash
9ee21aae12 Merge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop into hmac_support 2013-03-29 20:45:30 -04:00
Michael Rash
fb18b778d1 added test/fko-python.py test script 2013-03-29 20:44:48 -04:00
Michael Rash
08c9cc0938 HMAC function rename for consistency 
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
 2013-03-29 20:42:44 -04:00
Michael Rash
d6b4a2a1c3 added fuzzing tests for long Rijndael and HMAC keys 2013-03-28 20:42:12 -04:00
Michael Rash
6ecf6514c9 Enforce Rijndael and HMAC key length maximum sizes 
This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums.  In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes.  HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.
 2013-03-24 21:04:18 -04:00
Michael Rash
08ab1cf8e1 remove execute bit 2013-03-23 08:56:22 -04:00
Michael Rash
6b845cce43 remove execute bit 2013-03-23 08:53:48 -04:00
Michael Rash
6ca996a173 [test suite] minor spacing update 2013-03-22 22:34:10 -04:00
Michael Rash
112dc6959e Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support 2013-03-21 21:58:05 -04:00
Michael Rash
42cfc58e20 [perl FKO] add HMAC support along with test suite HMAC verification (closes #16) 2013-03-21 21:55:18 -04:00
Michael Rash
d677e18e25 minor ChangeLog wording update for HMAC section 2013-03-21 21:48:38 -04:00
Franck Joncourt
11ba153832 Merge remote-tracking branch 'upstream/hmac_support' into hmac_support 2013-03-20 22:33:45 +01:00
Franck Joncourt
4b63181387 Updated fwknop documentation. 2013-03-20 22:31:58 +01:00
Franck Joncourt
b6bd8a8e8c Fixed issue when trying to save options for a new stanza. 2013-03-20 21:38:52 +01:00
Michael Rash
49c956dafc [test suite] added two basic tests for installation and operations of the python fko extension 2013-03-19 21:23:36 -04:00
Michael Rash
b92fcce648 [python extension] minor function name updates 2013-03-19 21:22:32 -04:00
Michael Rash
8c3cab0269 [python extension] update key_gen() parse tuple format arg to handle hmac_type integer 2013-03-19 21:15:45 -04:00
Michael Rash
e4689892ef [client] minor http resolve update to include URL in error output 2013-03-19 21:09:11 -04:00
Michael Rash
ab40e30022 minor typo fix 2013-03-18 21:49:00 -04:00
Franck Joncourt
d8090a8143 Allowed an fwknoprc stanza (-n) to be overriden by arguments from the command line. 
Added a sanity check to make sure the -n option is used with the --save-rc-stanza option.
 2013-03-18 22:06:31 +01:00
Michael Rash
817a719a9c [python module] update fko_new_with_data() call to include hmac_type 2013-03-17 23:03:48 -04:00
Michael Rash
92af5b53be Merge remote-tracking branch 'fjoncourt/python_binding' into hmac_support 2013-03-17 23:02:57 -04:00
Michael Rash
247edec004 minor hmac prototype update to add const qualifier 2013-03-17 22:48:29 -04:00
Michael Rash
066e90d955 [test suite] added hmac_force_nat_access.conf file to Makefile.am 2013-03-17 22:42:52 -04:00
Michael Rash
c7b5611fa4 Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support 
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas.  This merge is in support of #4.

Conflicts:
	lib/fko_util.c
	lib/fko_util.h
 2013-03-17 21:34:23 -04:00
Franck Joncourt
d299f1de66 Add ne wdirective to setup.py in order to be able to build the python binding 
without having libfko installed on the system.
 2013-03-17 12:03:07 +01:00