[test suite] added Rijndael+HMAC SPOOF_SRC fwknoprc file test
authorMichael Rash <mbr@cipherdyne.org>
Thu, 13 Mar 2014 04:10:22 +0000 (00:10 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 14 Mar 2014 01:43:51 +0000 (21:43 -0400)
Makefile.am
client/config_init.c
test/conf/fwknoprc_hmac_spoof_src_base64_key [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_hmac.pl

index 17d9b5f..098f612 100644 (file)
@@ -196,6 +196,7 @@ EXTRA_DIST = \
     test/conf/multi_pkts.pcap \
     test/conf/fwknoprc_default_hmac_base64_key \
     test/conf/fwknoprc_hmac_nat_rand_base64_key \
+    test/conf/fwknoprc_hmac_spoof_src_base64_key \
     test/conf/fwknoprc_hmac_key2 \
     test/conf/fwknoprc_gpg_hmac_key \
     test/conf/fwknoprc_hmac_equal_keys \
index f8b8695..de8682c 100644 (file)
@@ -1741,6 +1741,14 @@ validate_options(fko_cli_options_t *options)
             log_msg(LOG_VERBOSITY_ERROR, "Invalid spoof IP");
             exit(EXIT_FAILURE);
         }
+        if(options->spa_proto != FKO_PROTO_TCP_RAW
+                && options->spa_proto != FKO_PROTO_UDP_RAW
+                && options->spa_proto != FKO_PROTO_ICMP)
+        {
+            log_msg(LOG_VERBOSITY_ERROR,
+                    "Must set -Q <udpraw|tcpraw|icmp> with a spoofed source IP");
+            exit(EXIT_FAILURE);
+        }
     }
 
     if(options->resolve_ip_http || options->spa_proto == FKO_PROTO_HTTP)
diff --git a/test/conf/fwknoprc_hmac_spoof_src_base64_key b/test/conf/fwknoprc_hmac_spoof_src_base64_key
new file mode 100644 (file)
index 0000000..2480807
--- /dev/null
@@ -0,0 +1,6 @@
+[default]
+HMAC_DIGEST_TYPE    sha256
+KEY_BASE64          wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64     Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
+SPOOF_SOURCE_IP     3.3.3.3
+SPA_SERVER_PROTO    udpraw
index 20fa66f..4075019 100755 (executable)
@@ -136,6 +136,7 @@ our %cf = (
     'rc_invalid_b64_key'           => "$conf_dir/fwknoprc_invalid_base64_key",
     'rc_hmac_b64_key'              => "$conf_dir/fwknoprc_default_hmac_base64_key",
     'rc_hmac_nat_rand_b64_key'     => "$conf_dir/fwknoprc_hmac_nat_rand_base64_key",
+    'rc_hmac_spoof_src_b64_key'    => "$conf_dir/fwknoprc_hmac_spoof_src_base64_key",
     'rc_hmac_sha512_b64_key'       => "$conf_dir/fwknoprc_hmac_sha512_base64_key",
     'rc_hmac_b64_key2'             => "$conf_dir/fwknoprc_hmac_key2",
     'rc_rand_port_hmac_b64_key'    => "$conf_dir/fwknoprc_rand_port_hmac_base64_key",
index 5b3bd43..f7bd5ff 100644 (file)
         'fw_rule_removed' => $NEW_RULE_REMOVED,
         'key_file' => $cf{'rc_hmac_b64_key'},
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'spoof src IP 3.3.3.3 (tcp/22)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopCmd -A tcp/22 -a $fake_ip -P udpraw -Q 3.3.3.3 -D $loopback_ip --rc-file " .
+            "$cf{'rc_hmac_b64_key'} $verbose_str",
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'rc file spoof src IP (tcp/22)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopCmd -A tcp/22 -a $fake_ip -D $loopback_ip --rc-file " .
+            "$cf{'rc_hmac_spoof_src_b64_key'} $verbose_str",
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_spoof_src_b64_key'},
+    },
 
     {
         'category' => 'Rijndael+HMAC',