fwknop.git
15 months agocredits and changelog updates hmac_support
Michael Rash [Fri, 19 Apr 2013 00:53:37 +0000]
credits and changelog updates

15 months ago[test suite] Reorganize client/server interactions to be more rigorous
Michael Rash [Thu, 18 Apr 2013 03:50:51 +0000]
[test suite] Reorganize client/server interactions to be more rigorous

This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received.  This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output.  This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources.  Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).

The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.

Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.

15 months agofixed two type mismatch compilation warnings for the perl FKO extension
Michael Rash [Thu, 18 Apr 2013 03:27:54 +0000]
fixed two type mismatch compilation warnings for the perl FKO extension

15 months ago[test suite] added tests/python_fko.pl for python tests
Michael Rash [Tue, 16 Apr 2013 02:02:19 +0000]
[test suite] added tests/python_fko.pl for python tests

15 months ago[test suite] check for fwknopd ready to receive packets
Michael Rash [Sat, 13 Apr 2013 01:50:47 +0000]
[test suite] check for fwknopd ready to receive packets

This commit was inspired through conversations with George Herlin.

15 months agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Sat, 13 Apr 2013 01:16:20 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

This commit from Franck Joncourt closes #43

15 months agoAdded some else statements and their comments.
Franck Joncourt [Fri, 12 Apr 2013 12:48:26 +0000]
Added some else statements and their comments.

15 months agoFixed test-fwknop.pl to remove any references to my test files.
Franck Joncourt [Thu, 11 Apr 2013 11:36:58 +0000]
Fixed test-fwknop.pl to remove any references to my test files.

15 months agoRemoved tests.
Franck Joncourt [Thu, 11 Apr 2013 11:08:36 +0000]
Removed tests.

15 months ago[test suite] get hmac iptables duplicated and sha512 long key tests to pass
Michael Rash [Thu, 11 Apr 2013 03:31:58 +0000]
[test suite] get hmac iptables duplicated and sha512 long key tests to pass

15 months agoResolve ip address in all of tha nat modes (mrash/fwknop#43).
Franck Joncourt [Wed, 10 Apr 2013 14:06:06 +0000]
Resolve ip address in all of tha nat modes (mrash/fwknop#43).

15 months agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Wed, 10 Apr 2013 13:12:54 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

15 months ago[test suite] added perl FKO Rijndael key test with embedded NULL char
Michael Rash [Wed, 10 Apr 2013 02:48:54 +0000]
[test suite] added perl FKO Rijndael key test with embedded NULL char

15 months agominor var naming/spacing update
Michael Rash [Wed, 10 Apr 2013 01:28:32 +0000]
minor var naming/spacing update

15 months agoadd HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64)
Michael Rash [Tue, 9 Apr 2013 02:14:06 +0000]
add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64)

15 months ago[test suite] added python->C HMAC test
Michael Rash [Tue, 9 Apr 2013 00:45:14 +0000]
[test suite] added python->C HMAC test

15 months ago[test suite] don't remove output/ directory in --list mode, closes #53
Michael Rash [Mon, 8 Apr 2013 00:57:35 +0000]
[test suite] don't remove output/ directory in --list mode, closes #53

15 months ago[test suite] restore --diff mode, fixes #52
Michael Rash [Sun, 7 Apr 2013 20:28:33 +0000]
[test suite] restore --diff mode, fixes #52

15 months agoMerge patch from Franck in support of issue #43
Michael Rash [Sun, 7 Apr 2013 19:11:09 +0000]
Merge patch from Franck in support of issue #43

15 months ago[test suite] NAT name resolution tests
Michael Rash [Sun, 7 Apr 2013 17:33:42 +0000]
[test suite] NAT name resolution tests

This commit adds tests for NAT name resolution in support of issue #43.

15 months agoAdded tests to the test suite in order to check the update.
Franck Joncourt [Sun, 7 Apr 2013 17:00:38 +0000]
Added tests to the test suite in order to check the update.

15 months agoFixed Nat mode not resolving hostname to IP's.
Franck Joncourt [Sat, 6 Apr 2013 20:59:59 +0000]
Fixed Nat mode not resolving hostname to IP's.

Linked mrash/fwknop#43

15 months ago[test suite] minor encryption key variable name update
Michael Rash [Tue, 2 Apr 2013 03:02:45 +0000]
[test suite] minor encryption key variable name update

15 months agoadded 'legacy' initialization vector text to man pages
Michael Rash [Tue, 2 Apr 2013 03:01:45 +0000]
added 'legacy' initialization vector text to man pages

16 months agoMerge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop...
Michael Rash [Sat, 30 Mar 2013 00:45:30 +0000]
Merge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop into hmac_support

16 months agoadded test/fko-python.py test script
Michael Rash [Sat, 30 Mar 2013 00:44:48 +0000]
added test/fko-python.py test script

16 months agoHMAC function rename for consistency
Michael Rash [Sat, 30 Mar 2013 00:42:44 +0000]
HMAC function rename for consistency

Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.

16 months agoadded fuzzing tests for long Rijndael and HMAC keys
Michael Rash [Fri, 29 Mar 2013 00:42:12 +0000]
added fuzzing tests for long Rijndael and HMAC keys

16 months agoEnforce Rijndael and HMAC key length maximum sizes
Michael Rash [Mon, 25 Mar 2013 01:04:18 +0000]
Enforce Rijndael and HMAC key length maximum sizes

This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums.  In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes.  HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.

16 months agoremove execute bit
Michael Rash [Sat, 23 Mar 2013 12:56:22 +0000]
remove execute bit

16 months agoremove execute bit
Michael Rash [Sat, 23 Mar 2013 12:53:48 +0000]
remove execute bit

16 months ago[test suite] minor spacing update
Michael Rash [Sat, 23 Mar 2013 02:34:10 +0000]
[test suite] minor spacing update

16 months agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Fri, 22 Mar 2013 01:58:05 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

16 months ago[perl FKO] add HMAC support along with test suite HMAC verification (closes #16)
Michael Rash [Fri, 22 Mar 2013 01:55:18 +0000]
[perl FKO] add HMAC support along with test suite HMAC verification (closes #16)

16 months agominor ChangeLog wording update for HMAC section
Michael Rash [Fri, 22 Mar 2013 01:48:38 +0000]
minor ChangeLog wording update for HMAC section

16 months agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Wed, 20 Mar 2013 21:33:45 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

16 months agoUpdated fwknop documentation.
Franck Joncourt [Wed, 20 Mar 2013 21:31:58 +0000]
Updated fwknop documentation.

16 months agoFixed issue when trying to save options for a new stanza.
Franck Joncourt [Wed, 20 Mar 2013 20:38:52 +0000]
Fixed issue when trying to save options for a new stanza.

16 months ago[test suite] added two basic tests for installation and operations of the python...
Michael Rash [Wed, 20 Mar 2013 01:23:36 +0000]
[test suite] added two basic tests for installation and operations of the python fko extension

16 months ago[python extension] minor function name updates
Michael Rash [Wed, 20 Mar 2013 01:22:32 +0000]
[python extension] minor function name updates

16 months ago[python extension] update key_gen() parse tuple format arg to handle hmac_type integer
Michael Rash [Wed, 20 Mar 2013 01:15:45 +0000]
[python extension] update key_gen() parse tuple format arg to handle hmac_type integer

16 months ago[client] minor http resolve update to include URL in error output
Michael Rash [Wed, 20 Mar 2013 01:09:11 +0000]
[client] minor http resolve update to include URL in error output

16 months agominor typo fix
Michael Rash [Tue, 19 Mar 2013 01:49:00 +0000]
minor typo fix

16 months agoAllowed an fwknoprc stanza (-n) to be overriden by arguments from the command line.
Franck Joncourt [Mon, 18 Mar 2013 21:06:31 +0000]
Allowed an fwknoprc stanza (-n) to be overriden by arguments from the command line.
Added a sanity check to make sure the -n option is used with the --save-rc-stanza option.

16 months ago[python module] update fko_new_with_data() call to include hmac_type
Michael Rash [Mon, 18 Mar 2013 03:03:48 +0000]
[python module] update fko_new_with_data() call to include hmac_type

16 months agoMerge remote-tracking branch 'fjoncourt/python_binding' into hmac_support
Michael Rash [Mon, 18 Mar 2013 03:02:57 +0000]
Merge remote-tracking branch 'fjoncourt/python_binding' into hmac_support

16 months agominor hmac prototype update to add const qualifier
Michael Rash [Mon, 18 Mar 2013 02:48:29 +0000]
minor hmac prototype update to add const qualifier

16 months ago[test suite] added hmac_force_nat_access.conf file to Makefile.am
Michael Rash [Mon, 18 Mar 2013 02:42:52 +0000]
[test suite] added hmac_force_nat_access.conf file to Makefile.am

16 months agoMerge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Michael Rash [Mon, 18 Mar 2013 01:34:23 +0000]
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas.  This merge is in support of #4.

Conflicts:
lib/fko_util.c
lib/fko_util.h

16 months agoAdd ne wdirective to setup.py in order to be able to build the python binding
Franck Joncourt [Sun, 17 Mar 2013 11:03:07 +0000]
Add ne wdirective to setup.py in order to be able to build the python binding
without having libfko installed on the system.

16 months ago[server] allow long Rijndael command messages
Michael Rash [Sat, 16 Mar 2013 18:43:15 +0000]
[server] allow long Rijndael command messages

This change allows SPA clients to include long messages in command mode and
generally allows decryption operations to dictate success/failure instead of
SPA packet length to gate decryption attempts.  Closes #40.

16 months ago[test suite] added 'server_conf' hash key verification
Michael Rash [Sat, 16 Mar 2013 18:40:08 +0000]
[test suite] added 'server_conf' hash key verification

16 months ago[client] --nat-rand-port bug fix
Michael Rash [Sat, 16 Mar 2013 18:38:20 +0000]
[client] --nat-rand-port bug fix

Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A.  This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).

16 months agoadded encryption type/mode and message type string representations for FKO context...
Michael Rash [Fri, 15 Mar 2013 02:26:44 +0000]
added encryption type/mode and message type string representations for FKO context diplay output

16 months agoRemove useless comment.
Franck Joncourt [Thu, 14 Mar 2013 21:39:36 +0000]
Remove useless comment.

16 months agoAdded the possibility to parse only sedction in a fwknoprc file and
Franck Joncourt [Thu, 14 Mar 2013 21:16:37 +0000]
Added the possibility to parse only sedction in a fwknoprc file and
not only the whole file - more.

16 months agoAdded the possibility to parse only sedction in a fwknoprc file and not only the...
Franck Joncourt [Wed, 13 Mar 2013 06:13:50 +0000]
Added the possibility to parse only sedction in a fwknoprc file and not only the whole file

16 months agobug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am
Michael Rash [Wed, 13 Mar 2013 03:25:53 +0000]
bug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am

16 months ago[test suite] 'key_file' hash key update for HMAC SHA384 test
Michael Rash [Wed, 13 Mar 2013 03:20:12 +0000]
[test suite] 'key_file' hash key update for HMAC SHA384 test

16 months ago[test suite] minor bug fix for HMAC SHA384 default key test rc file path
Michael Rash [Wed, 13 Mar 2013 03:10:09 +0000]
[test suite] minor bug fix for HMAC SHA384 default key test rc file path

16 months ago[test suite] added files to Makefile.am and added a test to verify this
Michael Rash [Wed, 13 Mar 2013 02:50:37 +0000]
[test suite] added files to Makefile.am and added a test to verify this

16 months ago[test suite] added HMAC key tests
Michael Rash [Wed, 13 Mar 2013 02:18:43 +0000]
[test suite] added HMAC key tests

16 months ago[libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associat...
Michael Rash [Wed, 13 Mar 2013 02:17:41 +0000]
[libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associated block size

16 months agoconvert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes
Michael Rash [Tue, 12 Mar 2013 03:12:56 +0000]
convert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes

16 months ago--key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated...
Michael Rash [Tue, 12 Mar 2013 03:02:07 +0000]
--key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated key lengths

16 months agoupdate base64 key char arrays to use MAX_B64_KEY_LEN macro
Michael Rash [Tue, 12 Mar 2013 02:55:00 +0000]
update base64 key char arrays to use MAX_B64_KEY_LEN macro

16 months agominor fix to remove extraneous memset() call
Michael Rash [Tue, 12 Mar 2013 02:54:10 +0000]
minor fix to remove extraneous memset() call

16 months agoadded MAX_B64_KEY_LEN for full length SHA512 keys
Michael Rash [Tue, 12 Mar 2013 02:50:02 +0000]
added MAX_B64_KEY_LEN for full length SHA512 keys

16 months agofix fko_new_with_data() call to include the hmac type
Michael Rash [Tue, 12 Mar 2013 02:41:08 +0000]
fix fko_new_with_data() call to include the hmac type

16 months ago[perl FKO module] add hmac_type to fko_new_with_data() calls
Michael Rash [Tue, 12 Mar 2013 01:13:20 +0000]
[perl FKO module] add hmac_type to fko_new_with_data() calls

16 months agoHMAC MD5 bug fix to ensure to set the MD5 block length to 64
Michael Rash [Mon, 11 Mar 2013 01:59:39 +0000]
HMAC MD5 bug fix to ensure to set the MD5 block length to 64

16 months ago[test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test
Michael Rash [Mon, 11 Mar 2013 01:58:52 +0000]
[test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test

16 months agoadded missing hmac_md5() function to hmac.h
Michael Rash [Sun, 10 Mar 2013 22:56:19 +0000]
added missing hmac_md5() function to hmac.h

16 months agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Michael Rash [Sun, 10 Mar 2013 22:12:41 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

16 months agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Damien Stuart [Sun, 10 Mar 2013 21:17:39 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

16 months agoRemoved tmp lib and include dirs from the python module setup.py file.
Damien Stuart [Sun, 10 Mar 2013 21:17:19 +0000]
Removed tmp lib and include dirs from the python module setup.py file.

16 months agobug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512)
Michael Rash [Sun, 10 Mar 2013 20:37:34 +0000]
bug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512)

16 months agoAdded HMAC MD5 support (need test suite validation still)
Michael Rash [Sun, 10 Mar 2013 20:30:06 +0000]
Added HMAC MD5 support (need test suite validation still)

16 months agoNew function bool_to_yesno.
Franck Joncourt [Sun, 10 Mar 2013 19:55:19 +0000]
New function bool_to_yesno.

16 months agoremove minor debugging statement
Michael Rash [Sun, 10 Mar 2013 19:13:34 +0000]
remove minor debugging statement

16 months agoadd HMAC-SHA1 support
Michael Rash [Sun, 10 Mar 2013 18:56:39 +0000]
add HMAC-SHA1 support

16 months agoMerge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Michael Rash [Sun, 10 Mar 2013 18:32:07 +0000]
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support

Conflicts:
client/fwknop.c
lib/fko_hmac.c

16 months agoSPA with HMAC SHA256 and SHA384 now works
Michael Rash [Sun, 10 Mar 2013 18:26:05 +0000]
SPA with HMAC SHA256 and SHA384 now works

This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server.  One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas.  The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.

16 months agoRenamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes...
Damien Stuart [Sun, 10 Mar 2013 17:21:24 +0000]
Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated  libfko changes and additions to the fko python module code.

16 months agoFixed data format for some arguments in fwknoprc when they are saved.
Franck Joncourt [Sun, 10 Mar 2013 17:17:08 +0000]
Fixed data format for some arguments in fwknoprc when they are saved.

16 months agoadded HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than...
Michael Rash [Sun, 10 Mar 2013 04:27:08 +0000]
added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size

16 months ago[test suite] derive HMAC digest type from client display context output
Michael Rash [Sun, 10 Mar 2013 04:25:59 +0000]
[test suite] derive HMAC digest type from client display context output

16 months agoconvert HMAC functions to static where possible
Michael Rash [Sat, 9 Mar 2013 21:47:42 +0000]
convert HMAC functions to static where possible

16 months ago[test suite] minor variable conversion to 'our' vars
Michael Rash [Sat, 9 Mar 2013 21:41:32 +0000]
[test suite] minor variable conversion to 'our' vars

16 months agoAdded new parameters HMAC_DIGEST_TYPE to the save capability.
Franck Joncourt [Sat, 9 Mar 2013 11:39:05 +0000]
Added new parameters HMAC_DIGEST_TYPE to the save capability.

16 months agoMoved static functions from the client to the fko_util.c file.
Franck Joncourt [Sat, 9 Mar 2013 11:17:17 +0000]
Moved static functions from the client to the fko_util.c file.

16 months agoMerge remote-tracking branch 'upstream/hmac_support' into hmac_support
Franck Joncourt [Sat, 9 Mar 2013 10:54:45 +0000]
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support

Conflicts:
client/cmd_opts.h
client/config_init.c

16 months agoensure to close access.conf file ptr when an error condition is found and exit()...
Michael Rash [Sat, 9 Mar 2013 03:12:19 +0000]
ensure to close access.conf file ptr when an error condition is found and exit() is going to be called

16 months ago[test suite] minor bug fix for command line definition for invalid HMAC test
Michael Rash [Sat, 9 Mar 2013 03:05:11 +0000]
[test suite] minor bug fix for command line definition for invalid HMAC test

16 months ago[test suite] minor category/subcategory update for fuzzing tests
Michael Rash [Sat, 9 Mar 2013 02:48:19 +0000]
[test suite] minor category/subcategory update for fuzzing tests

16 months ago[test suite] added various hmac verification conf files
Michael Rash [Sat, 9 Mar 2013 02:10:45 +0000]
[test suite] added various hmac verification conf files

16 months ago[test suite] import test definitions from tests/*.pl files
Michael Rash [Sat, 9 Mar 2013 02:09:51 +0000]
[test suite] import test definitions from tests/*.pl files

16 months agointerim commit for supporting multiple HMAC digest types (# 45)
Michael Rash [Fri, 8 Mar 2013 04:14:48 +0000]
interim commit for supporting multiple HMAC digest types (# 45)

16 months ago[test suite] added OpenSSL HMAC verification (closes #39)
Michael Rash [Wed, 6 Mar 2013 04:29:46 +0000]
[test suite] added OpenSSL HMAC verification (closes #39)

16 months agoAdded more command line switches in order for the user to be able to specify the...
Franck Joncourt [Tue, 5 Mar 2013 20:01:38 +0000]
Added more command line switches in order for the user to be able to specify the Rijndael, Rijndael base64 and HMAC key.