[test suite] added HMAC dual usage test
authorMichael Rash <mbr@cipherdyne.org>
Sun, 3 Mar 2013 21:21:46 +0000 (16:21 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 3 Mar 2013 21:21:46 +0000 (16:21 -0500)
Makefile.am
test/conf/hmac_dual_key_usage_access.conf [new file with mode: 0644]
test/test-fwknop.pl

index 7932110..3ed0ea0 100644 (file)
@@ -134,6 +134,7 @@ EXTRA_DIST = \
     test/conf/disable_aging_fwknopd.conf \
     test/conf/disable_aging_nat_fwknopd.conf \
     test/conf/dual_key_usage_access.conf \
+    test/conf/hmac_dual_key_usage_access.conf \
     test/conf/ecb_mode_access.conf \
     test/conf/expired_epoch_stanza_access.conf \
     test/conf/expired_stanza_access.conf \
diff --git a/test/conf/hmac_dual_key_usage_access.conf b/test/conf/hmac_dual_key_usage_access.conf
new file mode 100644 (file)
index 0000000..ddf6190
--- /dev/null
@@ -0,0 +1,11 @@
+SOURCE: ANY;
+KEY_BASE64:         wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64:    Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+OPEN_PORTS: tcp/22;
+FW_ACCESS_TIMEOUT:  2;
+
+SOURCE: ANY;
+KEY_BASE64:         wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64:    Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+OPEN_PORTS: tcp/80;
+FW_ACCESS_TIMEOUT:  3;
index 632de01..f8d5f43 100755 (executable)
@@ -42,6 +42,7 @@ my %cf = (
     'android_access'          => "$conf_dir/android_access.conf",
     'android_legacy_iv_access' => "$conf_dir/android_legacy_iv_access.conf",
     'dual_key_access'         => "$conf_dir/dual_key_usage_access.conf",
+    'hmac_dual_key_access'    => "$conf_dir/hmac_dual_key_usage_access.conf",
     'gpg_access'              => "$conf_dir/gpg_access.conf",
     'legacy_iv_access'        => "$conf_dir/legacy_iv_access.conf",
     'gpg_no_pw_access'        => "$conf_dir/gpg_no_pw_access.conf",
@@ -1186,6 +1187,25 @@ my @tests = (
         'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
         'fatal'    => $NO
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'dual usage access key (tcp/80 http)',
+        'err_msg'  => 'could not complete SPA cycle',
+        'function' => \&spa_cycle,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopCmd -A tcp/80 -a $fake_ip -D $loopback_ip --rc-file " .
+            "$cf{'rc_file_hmac_b64_key'} --verbose --verbose",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_dual_key_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        ### check for the first stanza that does not allow tcp/80 - the
+        ### second stanza allows this
+        'server_positive_output_matches' => [qr/stanza #1\)\sOne\sor\smore\srequested\sprotocol\/ports\swas\sdenied/],
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'fatal'    => $NO
+    },
 
     {
         'category' => 'Rijndael+HMAC',