added test suite support for CBC mode Rijndael tcp/22 test

diff --git a/lib/cipher_funcs.c b/lib/cipher_funcs.c
index 872ab81..6621fcb 100644 (file)
--- a/lib/cipher_funcs.c
+++ b/lib/cipher_funcs.c
@@ -156,7 +156,7 @@ rij_salt_and_iv(RIJNDAEL_context *ctx, const char *pass, const unsigned char *da
     /* Now generate the key and initialization vector.
      * (again it is the perl Crypt::CBC way, with a touch of
      * fwknop).
-    */ 
+    */
     memcpy(tmp_buf+16, pw_buf, 16);
     memcpy(tmp_buf+32, ctx->salt, 8);
 
@@ -185,7 +185,8 @@ rijndael_init(RIJNDAEL_context *ctx, const char *pass,
     const unsigned char *data, int encryption_mode)
 {
 
-    /* Use ECB mode to be compatible with the Crypt::CBC perl module.
+    /* The default (set in fko.h) is ECB mode to be compatible with the
+     * Crypt::CBC perl module.
     */
     ctx->mode = encryption_mode;
 

diff --git a/lib/rijndael.h b/lib/rijndael.h
index 197c089..9dc8a2e 100644 (file)
--- a/lib/rijndael.h
+++ b/lib/rijndael.h
@@ -40,7 +40,7 @@
 #include "fko_common.h"
 
 /* Other block sizes and key lengths are possible, but in the context of
- * the ssh protocols, 256 bits is the default. 
+ * the ssh protocols, 256 bits is the default.
  */
 #define RIJNDAEL_BLOCKSIZE 16
 #define RIJNDAEL_KEYSIZE   32
@@ -74,7 +74,7 @@ typedef struct {
  * bits).  If a value other than these three is specified, the key will be
  * truncated to the closest value less than the key size specified, e.g.
  * specifying 7 will use only the first 6 bytes of the key given.  DO NOT
- * PASS A VALUE LESS THAN 16 TO KEYSIZE! 
+ * PASS A VALUE LESS THAN 16 TO KEYSIZE!
  */
 void
 rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const uint8_t *key);
@@ -103,7 +103,7 @@ rijndael_encrypt(RIJNDAEL_context *context,
  *
  * Before this function can be used, rijndael_setup() must be used in order
  * to set up the key schedule required for the decryption algorithm.
- * 
+ *
  * This function always decrypts 16 bytes of ciphertext to 16 bytes of
  * plaintext.  The memory areas of the plaintext and the ciphertext can
  * overlap.

diff --git a/test/conf/cbc_mode_access.conf b/test/conf/cbc_mode_access.conf
new file mode 100644 (file)
index 0000000..b93d30f
--- /dev/null
+++ b/test/conf/cbc_mode_access.conf
@@ -0,0 +1,4 @@
+SOURCE: ANY;
+KEY: fwknoptest;
+FW_ACCESS_TIMEOUT:  3;
+ENCRYPTION_MODE: CBC;

diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index ab3c4c9..6148774 100755 (executable)
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -22,6 +22,7 @@ my $gpg_client_home_dir = "$conf_dir/client-gpg";
 my $nat_conf            = "$conf_dir/nat_fwknopd.conf";
 my $default_conf        = "$conf_dir/default_fwknopd.conf";
 my $default_access_conf = "$conf_dir/default_access.conf";
+my $cbc_mode_access_conf = "$conf_dir/cbc_mode_access.conf";
 my $expired_access_conf = "$conf_dir/expired_stanza_access.conf";
 my $future_expired_access_conf = "$conf_dir/future_expired_stanza_access.conf";
 my $expired_epoch_access_conf = "$conf_dir/expired_epoch_stanza_access.conf";
@@ -922,6 +923,21 @@ my @tests = (
         'server_conf' => $nat_conf,
         'fatal'    => $NO
     },
+    {
+        'category' => 'Rijndael SPA',
+        'subcategory' => 'client+server',
+        'detail'   => 'CBC mode (tcp/22 ssh)',
+        'err_msg'  => 'could not complete SPA cycle',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args -M cbc",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $default_conf -a $cbc_mode_access_conf " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_negative_output_matches' => [qr/Decryption\sfailed/i],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'fatal'    => $NO
+    },
 
     {
         'category' => 'Rijndael SPA',