[test suite] added Rijndael HMAC digest mismatch tests
authorMichael Rash <mbr@cipherdyne.org>
Sat, 10 Aug 2013 19:45:51 +0000 (15:45 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 10 Aug 2013 19:45:51 +0000 (15:45 -0400)
Makefile.am
test/conf/hmac_sha256_digest1_mismatch_access.conf [new file with mode: 0644]
test/conf/hmac_sha256_digest2_mismatch_access.conf [new file with mode: 0644]
test/conf/hmac_sha256_digest3_mismatch_access.conf [new file with mode: 0644]
test/conf/hmac_sha256_digest4_mismatch_access.conf [new file with mode: 0644]
test/test-fwknop.pl
test/tests/rijndael_hmac.pl

index b6eaf50..d43a3b8 100644 (file)
@@ -204,6 +204,10 @@ EXTRA_DIST = \
     test/conf/fwknoprc_hmac_sha512_short_key \
     test/conf/fwknoprc_hmac_sha512_long_key \
     test/conf/fwknoprc_hmac_simple_keys \
+    test/conf/hmac_sha256_digest1_mismatch_access.conf \
+    test/conf/hmac_sha256_digest3_mismatch_access.conf \
+    test/conf/hmac_sha256_digest2_mismatch_access.conf \
+    test/conf/hmac_sha256_digest4_mismatch_access.conf \
     test/conf/fwknoprc_rand_port_hmac_base64_key \
     test/conf/fwknoprc_invalid_base64_key \
     test/conf/fwknoprc_named_key \
diff --git a/test/conf/hmac_sha256_digest1_mismatch_access.conf b/test/conf/hmac_sha256_digest1_mismatch_access.conf
new file mode 100644 (file)
index 0000000..2f41a4a
--- /dev/null
@@ -0,0 +1,5 @@
+SOURCE                      ANY
+KEY_BASE64                  wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64             d6F/uWTZmjqYorNkEKWl3TnVUiRNTCFijv3RclV+p8K0T5mU3co9Lz/hlDU/RxwFXLdDQGWEzRTk7O+8G59aVOEHUIME95KdrALQf2z4sLjsrNzOZdjfZVYRpcp1rYRsAdJmeT7K0G5B2WKmI8t6srwPVQJty9CDn6pAqqg6Oek=
+HMAC_DIGEST_TYPE            md5
+FW_ACCESS_TIMEOUT           3
diff --git a/test/conf/hmac_sha256_digest2_mismatch_access.conf b/test/conf/hmac_sha256_digest2_mismatch_access.conf
new file mode 100644 (file)
index 0000000..6d0874f
--- /dev/null
@@ -0,0 +1,5 @@
+SOURCE                      ANY
+KEY_BASE64                  wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64             d6F/uWTZmjqYorNkEKWl3TnVUiRNTCFijv3RclV+p8K0T5mU3co9Lz/hlDU/RxwFXLdDQGWEzRTk7O+8G59aVOEHUIME95KdrALQf2z4sLjsrNzOZdjfZVYRpcp1rYRsAdJmeT7K0G5B2WKmI8t6srwPVQJty9CDn6pAqqg6Oek=
+HMAC_DIGEST_TYPE            sha1
+FW_ACCESS_TIMEOUT           3
diff --git a/test/conf/hmac_sha256_digest3_mismatch_access.conf b/test/conf/hmac_sha256_digest3_mismatch_access.conf
new file mode 100644 (file)
index 0000000..5d1c081
--- /dev/null
@@ -0,0 +1,5 @@
+SOURCE                      ANY
+KEY_BASE64                  wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64             d6F/uWTZmjqYorNkEKWl3TnVUiRNTCFijv3RclV+p8K0T5mU3co9Lz/hlDU/RxwFXLdDQGWEzRTk7O+8G59aVOEHUIME95KdrALQf2z4sLjsrNzOZdjfZVYRpcp1rYRsAdJmeT7K0G5B2WKmI8t6srwPVQJty9CDn6pAqqg6Oek=
+HMAC_DIGEST_TYPE            sha384
+FW_ACCESS_TIMEOUT           3
diff --git a/test/conf/hmac_sha256_digest4_mismatch_access.conf b/test/conf/hmac_sha256_digest4_mismatch_access.conf
new file mode 100644 (file)
index 0000000..f996e15
--- /dev/null
@@ -0,0 +1,5 @@
+SOURCE                      ANY
+KEY_BASE64                  wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
+HMAC_KEY_BASE64             d6F/uWTZmjqYorNkEKWl3TnVUiRNTCFijv3RclV+p8K0T5mU3co9Lz/hlDU/RxwFXLdDQGWEzRTk7O+8G59aVOEHUIME95KdrALQf2z4sLjsrNzOZdjfZVYRpcp1rYRsAdJmeT7K0G5B2WKmI8t6srwPVQJty9CDn6pAqqg6Oek=
+HMAC_DIGEST_TYPE            sha512
+FW_ACCESS_TIMEOUT           3
index 40ce495..15ad18f 100755 (executable)
@@ -51,6 +51,10 @@ our %cf = (
     'hmac_sha1_short_key_access'   => "$conf_dir/hmac_sha1_short_key_access.conf",
     'hmac_sha1_long_key_access'    => "$conf_dir/hmac_sha1_long_key_access.conf",
     'hmac_sha256_access'           => "$conf_dir/hmac_sha256_access.conf",
+    'hmac_sha256_digest1_mismatch_access' => "$conf_dir/hmac_sha256_digest1_mismatch_access.conf",
+    'hmac_sha256_digest2_mismatch_access' => "$conf_dir/hmac_sha256_digest2_mismatch_access.conf",
+    'hmac_sha256_digest3_mismatch_access' => "$conf_dir/hmac_sha256_digest3_mismatch_access.conf",
+    'hmac_sha256_digest4_mismatch_access' => "$conf_dir/hmac_sha256_digest4_mismatch_access.conf",
     'hmac_sha256_short_key_access' => "$conf_dir/hmac_sha256_short_key_access.conf",
     'hmac_sha256_long_key_access'  => "$conf_dir/hmac_sha256_long_key_access.conf",
     'hmac_sha384_access'           => "$conf_dir/hmac_sha384_access.conf",
index edfc4ee..80af1ff 100644 (file)
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',
+        'detail'   => 'digest type mismatch (1)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_sha256_key'}",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest1_mismatch_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_sha256_key'},
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'digest type mismatch (2)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_sha256_key'}",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest2_mismatch_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_sha256_key'},
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'digest type mismatch (3)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_sha256_key'}",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest3_mismatch_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_sha256_key'},
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'digest type mismatch (4)',
+        'function' => \&spa_cycle,
+        'cmdline'  => "$default_client_args_no_get_key --rc-file " .
+            "$cf{'rc_hmac_sha256_key'}",
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_sha256_digest4_mismatch_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/stanza #1\).*\sArgs\scontain\sinvalid\sdata/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'key_file' => $cf{'rc_hmac_sha256_key'},
+        'fatal'    => $NO
+    },
+
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
         'detail'   => 'dual usage access key (tcp/80 http)',
         'function' => \&spa_cycle,
         'cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .