fwknop.git
2 years agocredits and changelog updates hmac_support
Michael Rash [Fri, 19 Apr 2013 00:53:37 +0000]
credits and changelog updates

2 years ago[test suite] Reorganize client/server interactions to be more rigorous
Michael Rash [Thu, 18 Apr 2013 03:50:51 +0000]
[test suite] Reorganize client/server interactions to be more rigorous

This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received.  This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output.  This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources.  Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).

The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.

Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.

2 years agofixed two type mismatch compilation warnings for the perl FKO extension
Michael Rash [Thu, 18 Apr 2013 03:27:54 +0000]
fixed two type mismatch compilation warnings for the perl FKO extension

2 years ago[test suite] added tests/python_fko.pl for python tests
Michael Rash [Tue, 16 Apr 2013 02:02:19 +0000]
[test suite] added tests/python_fko.pl for python tests

2 years ago[test suite] check for fwknopd ready to receive packets
Michael Rash [Sat, 13 Apr 2013 01:50:47 +0000]
[test suite] check for fwknopd ready to receive packets

This commit was inspired through conversations with George Herlin.

2 years agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Sat, 13 Apr 2013 01:16:20 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

This commit from Franck Joncourt closes #43

2 years agoAdded some else statements and their comments.
Franck Joncourt [Fri, 12 Apr 2013 12:48:26 +0000]
Added some else statements and their comments.

2 years agoFixed test-fwknop.pl to remove any references to my test files.
Franck Joncourt [Thu, 11 Apr 2013 11:36:58 +0000]
Fixed test-fwknop.pl to remove any references to my test files.

2 years agoRemoved tests.
Franck Joncourt [Thu, 11 Apr 2013 11:08:36 +0000]
Removed tests.

2 years ago[test suite] get hmac iptables duplicated and sha512 long key tests to pass
Michael Rash [Thu, 11 Apr 2013 03:31:58 +0000]
[test suite] get hmac iptables duplicated and sha512 long key tests to pass

2 years agoResolve ip address in all of tha nat modes (mrash/fwknop#43).
Franck Joncourt [Wed, 10 Apr 2013 14:06:06 +0000]
Resolve ip address in all of tha nat modes (mrash/fwknop#43).

2 years agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Wed, 10 Apr 2013 13:12:54 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

2 years ago[test suite] added perl FKO Rijndael key test with embedded NULL char
Michael Rash [Wed, 10 Apr 2013 02:48:54 +0000]
[test suite] added perl FKO Rijndael key test with embedded NULL char

2 years agominor var naming/spacing update
Michael Rash [Wed, 10 Apr 2013 01:28:32 +0000]
minor var naming/spacing update

2 years agoadd HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64)
Michael Rash [Tue, 9 Apr 2013 02:14:06 +0000]
add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64)

2 years ago[test suite] added python->C HMAC test
Michael Rash [Tue, 9 Apr 2013 00:45:14 +0000]
[test suite] added python->C HMAC test

2 years ago[test suite] don't remove output/ directory in --list mode, closes #53
Michael Rash [Mon, 8 Apr 2013 00:57:35 +0000]
[test suite] don't remove output/ directory in --list mode, closes #53

2 years ago[test suite] restore --diff mode, fixes #52
Michael Rash [Sun, 7 Apr 2013 20:28:33 +0000]
[test suite] restore --diff mode, fixes #52

2 years agoMerge patch from Franck in support of issue #43
Michael Rash [Sun, 7 Apr 2013 19:11:09 +0000]
Merge patch from Franck in support of issue #43

2 years ago[test suite] NAT name resolution tests
Michael Rash [Sun, 7 Apr 2013 17:33:42 +0000]
[test suite] NAT name resolution tests

This commit adds tests for NAT name resolution in support of issue #43.

2 years agoAdded tests to the test suite in order to check the update.
Franck Joncourt [Sun, 7 Apr 2013 17:00:38 +0000]
Added tests to the test suite in order to check the update.

2 years agoFixed Nat mode not resolving hostname to IP's.
Franck Joncourt [Sat, 6 Apr 2013 20:59:59 +0000]
Fixed Nat mode not resolving hostname to IP's.

Linked mrash/fwknop#43

2 years ago[test suite] minor encryption key variable name update
Michael Rash [Tue, 2 Apr 2013 03:02:45 +0000]
[test suite] minor encryption key variable name update

2 years agoadded 'legacy' initialization vector text to man pages
Michael Rash [Tue, 2 Apr 2013 03:01:45 +0000]
added 'legacy' initialization vector text to man pages

2 years agoMerge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop...
Michael Rash [Sat, 30 Mar 2013 00:45:30 +0000]
Merge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop into hmac_support

2 years agoadded test/fko-python.py test script
Michael Rash [Sat, 30 Mar 2013 00:44:48 +0000]
added test/fko-python.py test script

2 years agoHMAC function rename for consistency
Michael Rash [Sat, 30 Mar 2013 00:42:44 +0000]
HMAC function rename for consistency

Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.

2 years agoadded fuzzing tests for long Rijndael and HMAC keys
Michael Rash [Fri, 29 Mar 2013 00:42:12 +0000]
added fuzzing tests for long Rijndael and HMAC keys

2 years agoEnforce Rijndael and HMAC key length maximum sizes
Michael Rash [Mon, 25 Mar 2013 01:04:18 +0000]
Enforce Rijndael and HMAC key length maximum sizes

This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums.  In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes.  HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.

2 years agoremove execute bit
Michael Rash [Sat, 23 Mar 2013 12:56:22 +0000]
remove execute bit

2 years agoremove execute bit
Michael Rash [Sat, 23 Mar 2013 12:53:48 +0000]
remove execute bit

2 years ago[test suite] minor spacing update
Michael Rash [Sat, 23 Mar 2013 02:34:10 +0000]
[test suite] minor spacing update

2 years agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Fri, 22 Mar 2013 01:58:05 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

2 years ago[perl FKO] add HMAC support along with test suite HMAC verification (closes #16)
Michael Rash [Fri, 22 Mar 2013 01:55:18 +0000]
[perl FKO] add HMAC support along with test suite HMAC verification (closes #16)

2 years agominor ChangeLog wording update for HMAC section
Michael Rash [Fri, 22 Mar 2013 01:48:38 +0000]
minor ChangeLog wording update for HMAC section

2 years agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Wed, 20 Mar 2013 21:33:45 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

2 years agoUpdated fwknop documentation.
Franck Joncourt [Wed, 20 Mar 2013 21:31:58 +0000]
Updated fwknop documentation.

2 years agoFixed issue when trying to save options for a new stanza.
Franck Joncourt [Wed, 20 Mar 2013 20:38:52 +0000]
Fixed issue when trying to save options for a new stanza.

2 years ago[test suite] added two basic tests for installation and operations of the python...
Michael Rash [Wed, 20 Mar 2013 01:23:36 +0000]
[test suite] added two basic tests for installation and operations of the python fko extension

2 years ago[python extension] minor function name updates
Michael Rash [Wed, 20 Mar 2013 01:22:32 +0000]
[python extension] minor function name updates

2 years ago[python extension] update key_gen() parse tuple format arg to handle hmac_type integer
Michael Rash [Wed, 20 Mar 2013 01:15:45 +0000]
[python extension] update key_gen() parse tuple format arg to handle hmac_type integer

2 years ago[client] minor http resolve update to include URL in error output
Michael Rash [Wed, 20 Mar 2013 01:09:11 +0000]
[client] minor http resolve update to include URL in error output

2 years agominor typo fix
Michael Rash [Tue, 19 Mar 2013 01:49:00 +0000]
minor typo fix

2 years agoAllowed an fwknoprc stanza (-n) to be overriden by arguments from the command line.
Franck Joncourt [Mon, 18 Mar 2013 21:06:31 +0000]
Allowed an fwknoprc stanza (-n) to be overriden by arguments from the command line.
Added a sanity check to make sure the -n option is used with the --save-rc-stanza option.

2 years ago[python module] update fko_new_with_data() call to include hmac_type
Michael Rash [Mon, 18 Mar 2013 03:03:48 +0000]
[python module] update fko_new_with_data() call to include hmac_type

2 years agoMerge remote-tracking branch 'fjoncourt/python_binding' into hmac_support
Michael Rash [Mon, 18 Mar 2013 03:02:57 +0000]
Merge remote-tracking branch 'fjoncourt/python_binding' into hmac_support

2 years agominor hmac prototype update to add const qualifier
Michael Rash [Mon, 18 Mar 2013 02:48:29 +0000]
minor hmac prototype update to add const qualifier

2 years ago[test suite] added hmac_force_nat_access.conf file to Makefile.am
Michael Rash [Mon, 18 Mar 2013 02:42:52 +0000]
[test suite] added hmac_force_nat_access.conf file to Makefile.am

2 years agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Mon, 18 Mar 2013 01:34:23 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas.  This merge is in support of #4.

Conflicts:
lib/fko_util.c
lib/fko_util.h

2 years agoAdd ne wdirective to setup.py in order to be able to build the python binding
Franck Joncourt [Sun, 17 Mar 2013 11:03:07 +0000]
Add ne wdirective to setup.py in order to be able to build the python binding
without having libfko installed on the system.

2 years ago[server] allow long Rijndael command messages
Michael Rash [Sat, 16 Mar 2013 18:43:15 +0000]
[server] allow long Rijndael command messages

This change allows SPA clients to include long messages in command mode and
generally allows decryption operations to dictate success/failure instead of
SPA packet length to gate decryption attempts.  Closes #40.

2 years ago[test suite] added 'server_conf' hash key verification
Michael Rash [Sat, 16 Mar 2013 18:40:08 +0000]
[test suite] added 'server_conf' hash key verification

2 years ago[client] --nat-rand-port bug fix
Michael Rash [Sat, 16 Mar 2013 18:38:20 +0000]
[client] --nat-rand-port bug fix

Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A.  This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).

2 years agoadded encryption type/mode and message type string representations for FKO context...
Michael Rash [Fri, 15 Mar 2013 02:26:44 +0000]
added encryption type/mode and message type string representations for FKO context diplay output

2 years agoRemove useless comment.
Franck Joncourt [Thu, 14 Mar 2013 21:39:36 +0000]
Remove useless comment.

2 years agoAdded the possibility to parse only sedction in a fwknoprc file and
Franck Joncourt [Thu, 14 Mar 2013 21:16:37 +0000]
Added the possibility to parse only sedction in a fwknoprc file and
not only the whole file - more.

2 years agoAdded the possibility to parse only sedction in a fwknoprc file and not only the...
Franck Joncourt [Wed, 13 Mar 2013 06:13:50 +0000]
Added the possibility to parse only sedction in a fwknoprc file and not only the whole file

2 years agobug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am
Michael Rash [Wed, 13 Mar 2013 03:25:53 +0000]
bug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am

2 years ago[test suite] 'key_file' hash key update for HMAC SHA384 test
Michael Rash [Wed, 13 Mar 2013 03:20:12 +0000]
[test suite] 'key_file' hash key update for HMAC SHA384 test

2 years ago[test suite] minor bug fix for HMAC SHA384 default key test rc file path
Michael Rash [Wed, 13 Mar 2013 03:10:09 +0000]
[test suite] minor bug fix for HMAC SHA384 default key test rc file path

2 years ago[test suite] added files to Makefile.am and added a test to verify this
Michael Rash [Wed, 13 Mar 2013 02:50:37 +0000]
[test suite] added files to Makefile.am and added a test to verify this

2 years ago[test suite] added HMAC key tests
Michael Rash [Wed, 13 Mar 2013 02:18:43 +0000]
[test suite] added HMAC key tests

2 years ago[libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associat...
Michael Rash [Wed, 13 Mar 2013 02:17:41 +0000]
[libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associated block size

2 years agoconvert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes
Michael Rash [Tue, 12 Mar 2013 03:12:56 +0000]
convert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes

2 years ago--key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated...
Michael Rash [Tue, 12 Mar 2013 03:02:07 +0000]
--key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated key lengths

2 years agoupdate base64 key char arrays to use MAX_B64_KEY_LEN macro
Michael Rash [Tue, 12 Mar 2013 02:55:00 +0000]
update base64 key char arrays to use MAX_B64_KEY_LEN macro

2 years agominor fix to remove extraneous memset() call
Michael Rash [Tue, 12 Mar 2013 02:54:10 +0000]
minor fix to remove extraneous memset() call

2 years agoadded MAX_B64_KEY_LEN for full length SHA512 keys
Michael Rash [Tue, 12 Mar 2013 02:50:02 +0000]
added MAX_B64_KEY_LEN for full length SHA512 keys

2 years agofix fko_new_with_data() call to include the hmac type
Michael Rash [Tue, 12 Mar 2013 02:41:08 +0000]
fix fko_new_with_data() call to include the hmac type

2 years ago[perl FKO module] add hmac_type to fko_new_with_data() calls
Michael Rash [Tue, 12 Mar 2013 01:13:20 +0000]
[perl FKO module] add hmac_type to fko_new_with_data() calls

2 years agoHMAC MD5 bug fix to ensure to set the MD5 block length to 64
Michael Rash [Mon, 11 Mar 2013 01:59:39 +0000]
HMAC MD5 bug fix to ensure to set the MD5 block length to 64

2 years ago[test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test
Michael Rash [Mon, 11 Mar 2013 01:58:52 +0000]
[test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test

2 years agoadded missing hmac_md5() function to hmac.h
Michael Rash [Sun, 10 Mar 2013 22:56:19 +0000]
added missing hmac_md5() function to hmac.h

2 years agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Michael Rash [Sun, 10 Mar 2013 22:12:41 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

2 years agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Damien Stuart [Sun, 10 Mar 2013 21:17:39 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

2 years agoRemoved tmp lib and include dirs from the python module setup.py file.
Damien Stuart [Sun, 10 Mar 2013 21:17:19 +0000]
Removed tmp lib and include dirs from the python module setup.py file.

2 years agobug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512)
Michael Rash [Sun, 10 Mar 2013 20:37:34 +0000]
bug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512)

2 years agoAdded HMAC MD5 support (need test suite validation still)
Michael Rash [Sun, 10 Mar 2013 20:30:06 +0000]
Added HMAC MD5 support (need test suite validation still)

2 years agoNew function bool_to_yesno.
Franck Joncourt [Sun, 10 Mar 2013 19:55:19 +0000]
New function bool_to_yesno.

2 years agoremove minor debugging statement
Michael Rash [Sun, 10 Mar 2013 19:13:34 +0000]
remove minor debugging statement

2 years agoadd HMAC-SHA1 support
Michael Rash [Sun, 10 Mar 2013 18:56:39 +0000]
add HMAC-SHA1 support

2 years agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Michael Rash [Sun, 10 Mar 2013 18:32:07 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

Conflicts:
client/fwknop.c
lib/fko_hmac.c

2 years agoSPA with HMAC SHA256 and SHA384 now works
Michael Rash [Sun, 10 Mar 2013 18:26:05 +0000]
SPA with HMAC SHA256 and SHA384 now works

This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server.  One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas.  The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.

2 years agoRenamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes...
Damien Stuart [Sun, 10 Mar 2013 17:21:24 +0000]
Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated  libfko changes and additions to the fko python module code.

2 years agoFixed data format for some arguments in fwknoprc when they are saved.
Franck Joncourt [Sun, 10 Mar 2013 17:17:08 +0000]
Fixed data format for some arguments in fwknoprc when they are saved.

2 years agoadded HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than...
Michael Rash [Sun, 10 Mar 2013 04:27:08 +0000]
added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size

2 years ago[test suite] derive HMAC digest type from client display context output
Michael Rash [Sun, 10 Mar 2013 04:25:59 +0000]
[test suite] derive HMAC digest type from client display context output

2 years agoconvert HMAC functions to static where possible
Michael Rash [Sat, 9 Mar 2013 21:47:42 +0000]
convert HMAC functions to static where possible

2 years ago[test suite] minor variable conversion to 'our' vars
Michael Rash [Sat, 9 Mar 2013 21:41:32 +0000]
[test suite] minor variable conversion to 'our' vars

2 years agoAdded new parameters HMAC_DIGEST_TYPE to the save capability.
Franck Joncourt [Sat, 9 Mar 2013 11:39:05 +0000]
Added new parameters HMAC_DIGEST_TYPE to the save capability.

2 years agoMoved static functions from the client to the fko_util.c file.
Franck Joncourt [Sat, 9 Mar 2013 11:17:17 +0000]
Moved static functions from the client to the fko_util.c file.

2 years agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Sat, 9 Mar 2013 10:54:45 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

Conflicts:
client/cmd_opts.h
client/config_init.c

2 years agoensure to close access.conf file ptr when an error condition is found and exit()...
Michael Rash [Sat, 9 Mar 2013 03:12:19 +0000]
ensure to close access.conf file ptr when an error condition is found and exit() is going to be called

2 years ago[test suite] minor bug fix for command line definition for invalid HMAC test
Michael Rash [Sat, 9 Mar 2013 03:05:11 +0000]
[test suite] minor bug fix for command line definition for invalid HMAC test

2 years ago[test suite] minor category/subcategory update for fuzzing tests
Michael Rash [Sat, 9 Mar 2013 02:48:19 +0000]
[test suite] minor category/subcategory update for fuzzing tests

2 years ago[test suite] added various hmac verification conf files
Michael Rash [Sat, 9 Mar 2013 02:10:45 +0000]
[test suite] added various hmac verification conf files

2 years ago[test suite] import test definitions from tests/*.pl files
Michael Rash [Sat, 9 Mar 2013 02:09:51 +0000]
[test suite] import test definitions from tests/*.pl files

2 years agointerim commit for supporting multiple HMAC digest types (# 45)
Michael Rash [Fri, 8 Mar 2013 04:14:48 +0000]
interim commit for supporting multiple HMAC digest types (# 45)

2 years ago[test suite] added OpenSSL HMAC verification (closes #39)
Michael Rash [Wed, 6 Mar 2013 04:29:46 +0000]
[test suite] added OpenSSL HMAC verification (closes #39)

2 years agoAdded more command line switches in order for the user to be able to specify the...
Franck Joncourt [Tue, 5 Mar 2013 20:01:38 +0000]
Added more command line switches in order for the user to be able to specify the Rijndael, Rijndael base64 and HMAC key.