[test suite] added backwards compatibility tests with a dual usage key in access...
authorMichael Rash <mbr@cipherdyne.org>
Tue, 11 Jun 2013 01:16:33 +0000 (21:16 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 11 Jun 2013 01:16:33 +0000 (21:16 -0400)
Makefile.am
test/conf/dual_key_legacy_iv_access.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_backwards_compatibility.pl

index 3c9d150..10bfdcc 100644 (file)
@@ -134,6 +134,7 @@ EXTRA_DIST = \
     test/conf/disable_aging_fwknopd.conf \
     test/conf/disable_aging_nat_fwknopd.conf \
     test/conf/dual_key_usage_access.conf \
+    test/conf/dual_key_legacy_iv_access.conf \
     test/conf/ecb_mode_access.conf \
     test/conf/expired_epoch_stanza_access.conf \
     test/conf/expired_stanza_access.conf \
diff --git a/test/conf/dual_key_legacy_iv_access.conf b/test/conf/dual_key_legacy_iv_access.conf
new file mode 100644 (file)
index 0000000..6d6024e
--- /dev/null
@@ -0,0 +1,10 @@
+SOURCE              ANY
+KEY                 fwknoptest
+OPEN_PORTS          tcp/22
+FW_ACCESS_TIMEOUT   2
+
+SOURCE              ANY
+KEY                 fwknoptest
+OPEN_PORTS          tcp/22
+FW_ACCESS_TIMEOUT   3
+ENCRYPTION_MODE     legacy
index 001bf83..86f0594 100755 (executable)
@@ -77,6 +77,7 @@ our %cf = (
     'android_access'               => "$conf_dir/android_access.conf",
     'android_legacy_iv_access'     => "$conf_dir/android_legacy_iv_access.conf",
     'dual_key_access'              => "$conf_dir/dual_key_usage_access.conf",
+    'dual_key_legacy_iv_access'    => "$conf_dir/dual_key_legacy_iv_access.conf",
     'hmac_dual_key_access'         => "$conf_dir/hmac_dual_key_usage_access.conf",
     'gpg_access'                   => "$conf_dir/gpg_access.conf",
     'gpg_hmac_access'              => "$conf_dir/gpg_hmac_access.conf",
@@ -674,6 +675,12 @@ sub run_test() {
 
     $test_hr->{'msg'} = $msg;
 
+    if ($test_hr->{'mv_and_restore_replay_cache'}) {
+        unlink "${default_digest_file}.mv"
+            if -e "${default_digest_file}.mv";
+        move $default_digest_file, "${default_digest_file}.mv";
+    }
+
     if (&{$test_hr->{'function'}}($test_hr)) {
         &logr("pass ($executed)\n");
         $passed++;
@@ -686,6 +693,11 @@ sub run_test() {
         }
     }
 
+    if ($test_hr->{'mv_and_restore_replay_cache'}) {
+        unlink $default_digest_file if -e $default_digest_file;
+        move "${default_digest_file}.mv", $default_digest_file;
+    }
+
     if ($enable_valgrind and &is_valgrind_running()) {
         if ($killall_path and $pgrep_path) {
             for my $cmd ('memcheck', 'valgrind') {
@@ -4996,6 +5008,7 @@ sub validate_test_hashes() {
         'insert_rule_before_exec'    => $OPTIONAL,
         'insert_rule_while_running'  => $OPTIONAL,
         'search_for_rule_after_exit' => $OPTIONAL,
+        'mv_and_restore_replay_cache'  => $OPTIONAL,
         'server_positive_output_matches' => $OPTIONAL,
         'server_negative_output_matches' => $OPTIONAL,
         'replay_positive_output_matches' => $OPTIONAL,
index 5031dda..57063fe 100644 (file)
     },
     {
         'category' => 'Rijndael',
+        'subcategory' => 'client->server backwards compat.',
+        'detail'   => 'v2.0.3 dual keys',
+        'function' => \&backwards_compatibility,
+        'pkt' =>
+            '+8OtxmTJPgQmrXZ7hAqTopLBC/thqHNuPHTfR234pFuQOCZUikPe0inHmjfnQFnP' .
+            'Sop/Iy6v+BCn9D+QD7eT7JI6BIoKp14K+8iNgKaNw1BdfgF1XDulpkNEdyG0fXz5' .
+            'M+GledHfz2d49aYThoQ2Cr8Iw1ycViawY',
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'mv_and_restore_replay_cache' => $YES,
+        'fatal'    => $NO
+    },
+
+    {
+        'category' => 'Rijndael',
         'subcategory' => 'client->server backwards compatibility',
         'detail'   => 'v2.0.4',
         'function' => \&backwards_compatibility,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
         'fatal'    => $NO
     },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'client->server backwards compat.',
+        'detail'   => 'v2.0.4 dual keys',
+        'function' => \&backwards_compatibility,
+        'pkt' =>
+            '8Xm8U5vQ03T88UTCWbwO3t/aL6euZ8IgVbNdDVz3Bn6HkTcBqxcME95U/G3bCH' .
+            'vQznpnGb05Md4ZgexHZGzZdSwsP8iVtcZdsgCBfeO4Eqs8OaSMjJVF8SQ+Jmhu' .
+            'XZMcWgMsIzhpprJ7JX41DrWd0OtBnE3rVwsN0',
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'dual_key_legacy_iv_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'mv_and_restore_replay_cache' => $YES,
+        'fatal'    => $NO
+    },
 
     ### This test helps with backwards compatibility for the corner
     ### case where an SPA client pre-2.5 uses a password longer than 16 chars