[android] added HMAC test along with non-legacy Rijndael test
authorMichael Rash <mbr@cipherdyne.org>
Tue, 24 Dec 2013 04:15:11 +0000 (23:15 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 24 Dec 2013 04:15:11 +0000 (23:15 -0500)
ChangeLog
test/conf/android_access.conf
test/conf/hmac_android_access.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_backwards_compatibility.pl
test/tests/rijndael_hmac.pl

index 75ccd64..5c9757e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,8 +26,9 @@ fwknop-2.5.2 (//2013):
       recommended to use HMAC authenticated encryption whenever possible even
       for GPG modes since this also provides a work around even for libfko
       prior to this fix.
-    - [Android client] (Gerry Reno) Updated the Android client to be compatible
-      with Android-4.4.
+    - [Android] (Gerry Reno) Updated the Android client to be compatible with
+      Android-4.4.
+    - [Android] Added HMAC support (currently optional).
     - [server] Updated pcap_dispatch() default packet count from zero to 100.
       This change was made to ensure backwards compatibility with older
       versions of libpcap per the pcap_dispatch() man page, and also because
index 5b720d9..cd40bb8 100644 (file)
@@ -1,3 +1,3 @@
 SOURCE                   ANY
-KEY                      asdfasdf
+KEY                      fwknoptest
 FW_ACCESS_TIMEOUT        3
diff --git a/test/conf/hmac_android_access.conf b/test/conf/hmac_android_access.conf
new file mode 100644 (file)
index 0000000..f166eae
--- /dev/null
@@ -0,0 +1,4 @@
+SOURCE                   ANY
+KEY                      fwknoptest
+HMAC_KEY                 hmactest
+FW_ACCESS_TIMEOUT        3
index 4700563..9a7fcd0 100755 (executable)
@@ -88,6 +88,7 @@ our %cf = (
     'no_flush_exit'                => "$conf_dir/no_flush_exit_fwknopd.conf",
     'no_flush_init_or_exit'        => "$conf_dir/no_flush_init_or_exit_fwknopd.conf",
     'ipfw_active_expire'           => "$conf_dir/ipfw_active_expire_equal_fwknopd.conf",
+    'hmac_android_access'          => "$conf_dir/hmac_android_access.conf",
     'android_access'               => "$conf_dir/android_access.conf",
     'android_legacy_iv_access'     => "$conf_dir/android_legacy_iv_access.conf",
     'dual_key_access'              => "$conf_dir/dual_key_usage_access.conf",
index 92d9e40..780df46 100644 (file)
         'fw_rule_created' => $NEW_RULE_REQUIRED,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
+    {
+        'category' => 'Rijndael',
+        'subcategory' => 'Android compatibility',
+        'detail'   => 'v4.4',
+        'function' => \&backwards_compatibility,
+        'no_ip_check' => 1,
+        'pkt' =>
+            '/Nx+t6S6IDIFoYROp2V29yj9MmHVlrPKNQKuo3DTHa8/EJmu3fkp' .
+            'cv4xpiaQ82q2I2u9ia1L3SOrscltFhhNUkFdOguM+fMnd8koQL1a' .
+            '/gafXo83MiZzxzDmROiJ+qrmB4qnDgp8Vtd/E5ExEOoZggOkroak' .
+            '/PALo',
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'android_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+    },
+
 );
index 6571860..34d07bc 100644 (file)
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
     {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'Android compatibility',
+        'detail'   => 'v4.4',
+        'function' => \&backwards_compatibility,
+        'no_ip_check' => 1,
+        'pkt' =>
+            '+8fP34T9Vjs50Yke5tNTz7YnsDbQUcp6zaaJTzVOgRuNXyhiZKL5' .
+            'UpaC2neRkqgjSlG6/qJSKXIuXBKR4LFS3rX2ZwrOkfBGKJeXe8S2' .
+            'uZex9RjOr/8SwS45Q+Kt3J6QsShXU4cxz09Cv+bi7+08/bGCyVdh' .
+            'vYNwogIhEkcqS79+JNR3lSBEBrOY4hoOKRRAYw41yI5cBCdc',
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_android_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/with expire time/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+    },
+
+    {
 
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',