[test suite] Added Rijndael+HMAC NAT rand port via client rc file test
authorMichael Rash <mbr@cipherdyne.org>
Thu, 13 Mar 2014 03:59:01 +0000 (23:59 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 14 Mar 2014 00:10:26 +0000 (20:10 -0400)
ChangeLog
Makefile.am
test/conf/fwknoprc_hmac_nat_rand_base64_key [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_hmac.pl

index 64d4c51..3009d83 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ fwknop-2.6.1 (//2014):
       specific language in this header was created by the Debian legal team at
       the request of Franck Joncourt.
     - [test suite] Added Rijndael+HMAC command execution test.
+    - [test suite] Added Rijndael+HMAC NAT rand port via client rc file test.
 
 fwknop-2.6.0 (01/12/2014):
     - (Radostan Riedel) Added an AppArmor policy for fwknopd that is known to
index 24ebb3d..17d9b5f 100644 (file)
@@ -195,6 +195,7 @@ EXTRA_DIST = \
     test/conf/hmac_no_b64_cygwin_access.conf \
     test/conf/multi_pkts.pcap \
     test/conf/fwknoprc_default_hmac_base64_key \
+    test/conf/fwknoprc_hmac_nat_rand_base64_key \
     test/conf/fwknoprc_hmac_key2 \
     test/conf/fwknoprc_gpg_hmac_key \
     test/conf/fwknoprc_hmac_equal_keys \
diff --git a/test/conf/fwknoprc_hmac_nat_rand_base64_key b/test/conf/fwknoprc_hmac_nat_rand_base64_key
new file mode 100644 (file)
index 0000000..cdd51ea
--- /dev/null
@@ -0,0 +1,5 @@
+[default]
+HMAC_DIGEST_TYPE    sha256
+KEY_BASE64          wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64     Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+NAT_RAND_PORT       Y
index c0c4920..20fa66f 100755 (executable)
@@ -135,6 +135,7 @@ our %cf = (
     'rc_hmac_equal_keys'           => "$conf_dir/fwknoprc_hmac_equal_keys",
     'rc_invalid_b64_key'           => "$conf_dir/fwknoprc_invalid_base64_key",
     'rc_hmac_b64_key'              => "$conf_dir/fwknoprc_default_hmac_base64_key",
+    'rc_hmac_nat_rand_b64_key'     => "$conf_dir/fwknoprc_hmac_nat_rand_base64_key",
     'rc_hmac_sha512_b64_key'       => "$conf_dir/fwknoprc_hmac_sha512_base64_key",
     'rc_hmac_b64_key2'             => "$conf_dir/fwknoprc_hmac_key2",
     'rc_rand_port_hmac_b64_key'    => "$conf_dir/fwknoprc_rand_port_hmac_base64_key",
index df2919c..5b3bd43 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => "rc NAT rand port to tcp/22",
+        'function' => \&spa_cycle,
+        'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " .
+            "$cf{'rc_hmac_nat_rand_b64_key'} $verbose_str -N $internal_nat_host",
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'nat'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [
+            qr/FWKNOP_FORWARD.*dport\s22\s.*\sACCEPT/,
+            qr/FWKNOP_PREROUTING.*\sDNAT\s.*to\-destination\s$internal_nat_host\:22/,
+        ],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'server_conf' => $cf{'nat'},
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => "NAT rand port to -N <host>:40001",
         'function' => \&spa_cycle,
         'cmdline' => "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " .