[test suite] bug fix for proper replay attack regex searching of test output, added...
authorMichael Rash <mbr@cipherdyne.org>
Sun, 16 Jun 2013 01:20:39 +0000 (21:20 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 16 Jun 2013 01:20:39 +0000 (21:20 -0400)
test/test-fwknop.pl
test/tests/gpg.pl
test/tests/gpg_hmac.pl
test/tests/gpg_no_pw.pl
test/tests/gpg_no_pw_hmac.pl
test/tests/rijndael_hmac.pl
test/tests/rijndael_replay_attacks.pl

index a345ca9..c064c24 100755 (executable)
@@ -3393,7 +3393,7 @@ sub replay_detection() {
     ### do a complete SPA cycle and then parse the SPA packet out of the
     ### current test file and re-send
 
-    return 0 unless &spa_cycle($test_hr);
+    &spa_cycle($test_hr);
 
     my $spa_pkt = &get_spa_packet_from_file($curr_test_file);
 
@@ -5057,8 +5057,6 @@ sub validate_test_hashes() {
         'mv_and_restore_replay_cache' => $OPTIONAL,
         'server_positive_output_matches' => $OPTIONAL,
         'server_negative_output_matches' => $OPTIONAL,
-        'replay_positive_output_matches' => $OPTIONAL,
-        'replay_negative_output_matches' => $OPTIONAL,
     );
 
     ### validate test hashes
index 44f8bea..d976316 100644 (file)
         'function' => \&replay_detection,
         'cmdline'  => $default_client_gpg_args,
         'fwknopd_cmdline'  => $default_server_gpg_args,
-        'replay_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
+        'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
         'fatal'    => $NO
     },
     {
         'category' => 'GPG',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #2 (GnuPG prefix)',
+        'detail'   => 'detect replay (Rijndael prefix)',
         'function' => \&replay_detection,
-        'pkt_prefix' => 'hQ',
+        'pkt_prefix' => 'U2FsdGVkX1',
         'cmdline'  => $default_client_gpg_args,
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
-        'replay_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
     {
         'category' => 'GPG',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #3 (GnuPG prefix)',
+        'detail'   => 'detect replay (GnuPG prefix)',
         'function' => \&replay_detection,
         'pkt_prefix' => 'hQ',
-        'cmdline'  => $default_client_args,
+        'cmdline'  => $default_client_gpg_args,
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
 
-
     {
         'category' => 'GPG',
         'subcategory' => 'client+server',
index a673b28..8692c16 100644 (file)
     {
         'category' => 'GPG+HMAC',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #1 (GnuPG prefix)',
+        'detail'   => 'detect replay (Rijndael prefix)',
+        'function' => \&replay_detection,
+        'pkt_prefix' => 'U2FsdGVkX1',
+        'cmdline'  => "$default_client_gpg_args " .
+            "--gpg-home-dir $gpg_client_home_dir " .
+            "--rc-file $cf{'rc_gpg_hmac_b64_key'}",
+        'fwknopd_cmdline'  => $default_server_gpg_args_hmac,
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'GPG+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'detect replay (GnuPG prefix)',
         'function' => \&replay_detection,
         'pkt_prefix' => 'hQ',
         'cmdline'  => "$default_client_gpg_args " .
             "--gpg-home-dir $gpg_client_home_dir " .
             "--rc-file $cf{'rc_gpg_hmac_b64_key'}",
         'fwknopd_cmdline'  => $default_server_gpg_args_hmac,
-        'replay_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
+
 );
index 8c2ccd3..282467e 100644 (file)
         'cmdline'  => "$default_client_gpg_args_no_homedir "
             . "--gpg-home-dir $gpg_client_home_dir_no_pw",
         'fwknopd_cmdline'  => $default_server_gpg_args_no_pw,
-        'replay_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
+        'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
         'fatal'    => $NO
     },
     {
         'category' => 'GPG (no pw)',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #1 (GnuPG prefix)',
+        'detail'   => 'detect replay (Rijndael prefix)',
+        'function' => \&replay_detection,
+        'pkt_prefix' => 'U2FsdGVkX1',
+        'cmdline'  => "$default_client_gpg_args_no_homedir "
+            . "--gpg-home-dir $gpg_client_home_dir_no_pw",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd $default_server_conf_args $intf_str",
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'GPG (no pw)',
+        'subcategory' => 'client+server',
+        'detail'   => 'detect replay (GnuPG prefix)',
         'function' => \&replay_detection,
         'pkt_prefix' => 'hQ',
         'cmdline'  => "$default_client_gpg_args_no_homedir "
             . "--gpg-home-dir $gpg_client_home_dir_no_pw",
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
-        'replay_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
 
index 8587ebb..a66fa00 100644 (file)
     {
         'category' => 'GPG (no pw) HMAC',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #1 (GnuPG prefix)',
+        'detail'   => 'detect replay (Rijndael prefix)',
         'function' => \&replay_detection,
         'pkt_prefix' => 'hQ',
         'cmdline'  => "$default_client_gpg_args_no_homedir "
             . "--gpg-home-dir $gpg_client_home_dir_no_pw "
             . "--rc-file $cf{'rc_hmac_b64_key'}",
         'fwknopd_cmdline'  => $default_server_gpg_args_no_pw_hmac,
-        'replay_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'GPG (no pw) HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'detect replay (GnuPG prefix)',
+        'function' => \&replay_detection,
+        'pkt_prefix' => 'hQ',
+        'cmdline'  => "$default_client_gpg_args_no_homedir "
+            . "--gpg-home-dir $gpg_client_home_dir_no_pw "
+            . "--rc-file $cf{'rc_hmac_b64_key'}",
+        'fwknopd_cmdline'  => $default_server_gpg_args_no_pw_hmac,
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
-
 );
index 7f37ce6..90557b8 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => 'replay attack detection',
+        'function' => \&replay_detection,
+        'cmdline'  => $default_client_hmac_args,
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'detect replay (Rijndael prefix)',
+        'function' => \&replay_detection,
+        'cmdline'  => $default_client_hmac_args,
+        'pkt_prefix' => 'U2FsdGVkX1',
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'detect replay (GnuPG prefix)',
+        'function' => \&replay_detection,
+        'cmdline'  => $default_client_hmac_args,
+        'pkt_prefix' => 'hQ',
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/],
+        'fatal'    => $NO
+    },
+
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => 'iptables custom input chain',
         'function' => \&spa_cycle,
         'cmdline'  => $default_client_hmac_args,
index 813b430..f31a9b1 100644 (file)
@@ -7,31 +7,32 @@
         'cmdline'  => $default_client_args,
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
-        'replay_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
+        'server_positive_output_matches' => [qr/Replay\sdetected\sfrom\ssource\sIP/],
         'fatal'    => $NO
     },
     {
         'category' => 'Rijndael',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #1 (Rijndael prefix)',
+        'detail'   => 'detect replay (Rijndael prefix)',
         'function' => \&replay_detection,
         'pkt_prefix' => 'U2FsdGVkX1',
         'cmdline'  => $default_client_args,
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
-        'replay_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
+        'server_positive_output_matches' => [qr/Data\sis\snot\sa\svalid\sSPA\smessage\sformat/],
         'fatal'    => $NO
     },
 
     {
         'category' => 'Rijndael',
         'subcategory' => 'client+server',
-        'detail'   => 'detect replay #2 (Rijndael prefix)',
+        'detail'   => 'detect replay (GnuPG prefix)',
         'function' => \&replay_detection,
-        'pkt_prefix' => 'U2FsdGVkX1',
+        'pkt_prefix' => 'hQ',
         'cmdline'  => $default_client_args,
         'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
             "$fwknopdCmd $default_server_conf_args $intf_str",
+        'server_positive_output_matches' => [qr/Args\scontain\sinvalid\sdata/],
         'fatal'    => $NO
     },
 );