[Pkg-swan-devel] [strongswan] 09/12: Imported Upstream version 5.3.2
Yves-Alexis Perez
corsac at moszumanska.debian.org
Mon Jun 8 14:51:57 UTC 2015
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch master
in repository strongswan.
commit b238cf34df3fe4476ae6b7012e7cb3e9769d4d51
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Mon Jun 8 15:35:16 2015 +0200
Imported Upstream version 5.3.2
---
Android.common.mk | 2 +-
NEWS | 10 ++++
configure | 20 ++++----
configure.ac | 2 +-
scripts/Makefile.am | 2 +-
scripts/Makefile.in | 5 +-
src/libcharon/sa/child_sa.c | 4 +-
src/libcharon/sa/ikev2/tasks/ike_auth.c | 44 +++++++++++++++++
src/libimcv/tcg/tcg_attr.c | 10 ++--
src/libimcv/tcg/tcg_attr.h | 2 +
src/libstrongswan/crypto/iv/iv_gen_seq.c | 32 +++++++++---
src/libstrongswan/tests/Makefile.am | 1 +
src/libstrongswan/tests/Makefile.in | 19 ++++++++
src/libstrongswan/tests/suites/test_iv_gen.c | 73 ++++++++++++++++++++++++++++
src/libstrongswan/tests/tests.h | 1 +
15 files changed, 200 insertions(+), 27 deletions(-)
diff --git a/Android.common.mk b/Android.common.mk
index f75efed..3a7a043 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.3.1"
+strongswan_VERSION := "5.3.2"
diff --git a/NEWS b/NEWS
index b2e8cb2..e0cfb7e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+strongswan-5.3.2
+----------------
+
+- Fixed a vulnerability that allowed rogue servers with a valid certificate
+ accepted by the client to trick it into disclosing its username and even
+ password (if the client accepts EAP-GTC). This was caused because constraints
+ against the responder's authentication were enforced too late.
+ This vulnerability has been registered as CVE-2015-4171.
+
+
strongswan-5.3.1
----------------
diff --git a/configure b/configure
index a7e5faa..8aa47c9 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.3.1.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.3.2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.3.1'
-PACKAGE_STRING='strongSwan 5.3.1'
+PACKAGE_VERSION='5.3.2'
+PACKAGE_STRING='strongSwan 5.3.2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -2018,7 +2018,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.3.1 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.3.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2088,7 +2088,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.3.1:";;
+ short | recursive ) echo "Configuration of strongSwan 5.3.2:";;
esac
cat <<\_ACEOF
@@ -2526,7 +2526,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.3.1
+strongSwan configure 5.3.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3048,7 +3048,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.3.1, which was
+It was created by strongSwan $as_me 5.3.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3911,7 +3911,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.3.1'
+ VERSION='5.3.2'
cat >>confdefs.h <<_ACEOF
@@ -25663,7 +25663,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.3.1, which was
+This file was extended by strongSwan $as_me 5.3.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -25729,7 +25729,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.3.1
+strongSwan config.status 5.3.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index d8278db..65098d7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.3.1])
+AC_INIT([strongSwan],[5.3.2])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index c5155ef..a793800 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -42,7 +42,7 @@ fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
key2keyid.o : $(top_builddir)/config.status
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index b03ff9d..bdb8e5f 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -180,7 +180,8 @@ thread_analysis_LDADD = $(LDADD)
am_timeattack_OBJECTS = timeattack.$(OBJEXT)
timeattack_OBJECTS = $(am_timeattack_OBJECTS)
timeattack_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(am__DEPENDENCIES_1)
am__tls_test_SOURCES_DIST = tls_test.c
@USE_TLS_TRUE at am_tls_test_OBJECTS = tls_test.$(OBJEXT)
tls_test_OBJECTS = $(am_tls_test_OBJECTS)
@@ -523,7 +524,7 @@ fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
all: all-am
.SUFFIXES:
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index e0db2e6..94cf07c 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -698,7 +698,7 @@ METHOD(child_sa_t, install, status_t,
this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS,
&esn, NULL);
- if (!this->reqid_allocated)
+ if (!this->reqid_allocated && !this->reqid)
{
status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface,
my_ts, other_ts, this->mark_in, this->mark_out,
@@ -826,7 +826,7 @@ METHOD(child_sa_t, add_policies, status_t,
traffic_selector_t *my_ts, *other_ts;
status_t status = SUCCESS;
- if (!this->reqid_allocated)
+ if (!this->reqid_allocated && !this->reqid)
{
/* trap policy, get or confirm reqid */
status = hydra->kernel_interface->alloc_reqid(
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index bf747a4..2554496 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -112,6 +112,11 @@ struct private_ike_auth_t {
* received an INITIAL_CONTACT?
*/
bool initial_contact;
+
+ /**
+ * Is EAP acceptable, did we strictly authenticate peer?
+ */
+ bool eap_acceptable;
};
/**
@@ -879,6 +884,37 @@ static void send_auth_failed_informational(private_ike_auth_t *this,
message->destroy(message);
}
+/**
+ * Check if strict constraint fullfillment required to continue current auth
+ */
+static bool require_strict(private_ike_auth_t *this, bool mutual_eap)
+{
+ auth_cfg_t *cfg;
+
+ if (this->eap_acceptable)
+ {
+ return FALSE;
+ }
+
+ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
+ switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
+ {
+ case AUTH_CLASS_EAP:
+ if (mutual_eap && this->my_auth)
+ {
+ this->eap_acceptable = TRUE;
+ return !this->my_auth->is_mutual(this->my_auth);
+ }
+ return TRUE;
+ case AUTH_CLASS_PSK:
+ return TRUE;
+ case AUTH_CLASS_PUBKEY:
+ case AUTH_CLASS_ANY:
+ default:
+ return FALSE;
+ }
+}
+
METHOD(task_t, process_i, status_t,
private_ike_auth_t *this, message_t *message)
{
@@ -1014,6 +1050,14 @@ METHOD(task_t, process_i, status_t,
}
}
+ if (require_strict(this, mutual_eap))
+ {
+ if (!update_cfg_candidates(this, TRUE))
+ {
+ goto peer_auth_failed;
+ }
+ }
+
if (this->my_auth)
{
switch (this->my_auth->process(this->my_auth, message))
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index 7949291..3ed6e86 100644
--- a/src/libimcv/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -47,16 +47,18 @@ ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES,
"SCAP Results",
"SCAP Summary Results");
ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST,
- TCG_SWID_TAG_EVENTS,
+ TCG_SWID_SUBSCRIPTION_STATUS_RESP,
TCG_SCAP_SUMMARY_RESULTS,
"SWID Request",
"SWID Tag Identifier Inventory",
"SWID Tag Identifier Events",
"SWID Tag Inventory",
- "SWID Tag Events");
+ "SWID Tag Events",
+ "SWID Subscription Status Request",
+ "SWID Subscription Status Response");
ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ,
TCG_SEG_CANCEL_SEG_EXCH,
- TCG_SWID_TAG_EVENTS,
+ TCG_SWID_SUBSCRIPTION_STATUS_RESP,
"Max Attribute Size Request",
"Max Attribute Size Response",
"Attribute Segment Envelope",
@@ -253,6 +255,8 @@ pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t
/* unsupported TCG/SWID attributes */
case TCG_SWID_TAG_ID_EVENTS:
case TCG_SWID_TAG_EVENTS:
+ case TCG_SWID_SUBSCRIPTION_STATUS_REQ:
+ case TCG_SWID_SUBSCRIPTION_STATUS_RESP:
/* unsupported TCG/PTS attributes */
case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
case TCG_PTS_TEMPL_REF_MANI_SET_META:
diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h
index 9523f8e..3a9a7b2 100644
--- a/src/libimcv/tcg/tcg_attr.h
+++ b/src/libimcv/tcg/tcg_attr.h
@@ -45,6 +45,8 @@ enum tcg_attr_t {
TCG_SWID_TAG_ID_EVENTS = 0x00000013,
TCG_SWID_TAG_INVENTORY = 0x00000014,
TCG_SWID_TAG_EVENTS = 0x00000015,
+ TCG_SWID_SUBSCRIPTION_STATUS_REQ = 0x00000016,
+ TCG_SWID_SUBSCRIPTION_STATUS_RESP = 0x00000017,
/* IF-M Attribute Segmentation */
TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021,
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
index 4de1374..9f99c51 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -19,6 +19,7 @@
* Magic value for the initial IV state
*/
#define SEQ_IV_INIT_STATE (~(u_int64_t)0)
+#define SEQ_IV_HIGH_MASK (1ULL << 63)
typedef struct private_iv_gen_t private_iv_gen_t;
@@ -33,9 +34,14 @@ struct private_iv_gen_t {
iv_gen_t public;
/**
- * Previously passed sequence number to enforce uniqueness
+ * Previously passed sequence number in lower space to enforce uniqueness
*/
- u_int64_t prev;
+ u_int64_t prevl;
+
+ /**
+ * Previously passed sequence number in upper space to enforce uniqueness
+ */
+ u_int64_t prevh;
/**
* Salt to mask counter
@@ -57,15 +63,26 @@ METHOD(iv_gen_t, get_iv, bool,
{
return FALSE;
}
- if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev)
+ if (this->prevl != SEQ_IV_INIT_STATE && seq <= this->prevl)
{
- return FALSE;
+ seq |= SEQ_IV_HIGH_MASK;
+ if (this->prevh != SEQ_IV_INIT_STATE && seq <= this->prevh)
+ {
+ return FALSE;
+ }
}
- if (seq == SEQ_IV_INIT_STATE)
+ if ((seq | SEQ_IV_HIGH_MASK) == SEQ_IV_INIT_STATE)
{
return FALSE;
}
- this->prev = seq;
+ if (seq & SEQ_IV_HIGH_MASK)
+ {
+ this->prevh = seq;
+ }
+ else
+ {
+ this->prevl = seq;
+ }
if (len > sizeof(u_int64_t))
{
len = sizeof(u_int64_t);
@@ -107,7 +124,8 @@ iv_gen_t *iv_gen_seq_create()
.allocate_iv = _allocate_iv,
.destroy = _destroy,
},
- .prev = SEQ_IV_INIT_STATE,
+ .prevl = SEQ_IV_INIT_STATE,
+ .prevh = SEQ_IV_INIT_STATE,
);
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index 8c081c6..d86584a 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -47,6 +47,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hasher.c \
suites/test_crypter.c \
suites/test_crypto_factory.c \
+ suites/test_iv_gen.c \
suites/test_pen.c \
suites/test_asn1.c \
suites/test_asn1_parser.c \
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 97e24bd..13fd4cc 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -143,6 +143,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \
suites/tests-test_hasher.$(OBJEXT) \
suites/tests-test_crypter.$(OBJEXT) \
suites/tests-test_crypto_factory.$(OBJEXT) \
+ suites/tests-test_iv_gen.$(OBJEXT) \
suites/tests-test_pen.$(OBJEXT) \
suites/tests-test_asn1.$(OBJEXT) \
suites/tests-test_asn1_parser.$(OBJEXT) \
@@ -507,6 +508,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hasher.c \
suites/test_crypter.c \
suites/test_crypto_factory.c \
+ suites/test_iv_gen.c \
suites/test_pen.c \
suites/test_asn1.c \
suites/test_asn1_parser.c \
@@ -652,6 +654,8 @@ suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_crypto_factory.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_iv_gen.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \
@@ -701,6 +705,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_hashtable.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_host.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_identification.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_iv_gen.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_linked_list.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_mgf1.Po at am__quote@
@@ -1156,6 +1161,20 @@ suites/tests-test_crypto_factory.obj: suites/test_crypto_factory.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
+suites/tests-test_iv_gen.o: suites/test_iv_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+
+suites/tests-test_iv_gen.obj: suites/test_iv_gen.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+
suites/tests-test_pen.o: suites/test_pen.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c
new file mode 100644
index 0000000..4e45c85
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_iv_gen.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/iv/iv_gen_seq.h>
+#include <utils/test.h>
+
+START_TEST(test_iv_gen_seq)
+{
+ iv_gen_t *iv_gen;
+ u_int64_t iv0, iv1_1, iv1_2;
+
+ iv_gen = iv_gen_seq_create();
+ ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv0));
+ ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_1));
+ ck_assert(iv0 != iv1_1);
+ /* every sequence number may be used twice, but results in a different IV */
+ ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+ ck_assert(iv0 != iv1_2);
+ ck_assert(iv1_1 != iv1_2);
+ ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+ iv_gen->destroy(iv_gen);
+}
+END_TEST
+
+START_TEST(test_iv_gen_seq_len)
+{
+ iv_gen_t *iv_gen;
+ u_int64_t iv;
+ u_int8_t buf[9];
+
+ iv_gen = iv_gen_seq_create();
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (u_int8_t*)&iv));
+ ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (u_int8_t*)&iv));
+ ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv));
+ ck_assert(iv_gen->get_iv(iv_gen, 0, 9, buf));
+ iv_gen->destroy(iv_gen);
+}
+END_TEST
+
+Suite *iv_gen_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("iv-gen");
+
+ tc = tcase_create("iv-gen-seq");
+ tcase_add_test(tc, test_iv_gen_seq);
+ tcase_add_test(tc, test_iv_gen_seq_len);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index e1d8ca4..e1074b9 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -40,6 +40,7 @@ TEST_SUITE(printf_suite_create)
TEST_SUITE(hasher_suite_create)
TEST_SUITE(crypter_suite_create)
TEST_SUITE(crypto_factory_suite_create)
+TEST_SUITE(iv_gen_suite_create)
TEST_SUITE(pen_suite_create)
TEST_SUITE(asn1_suite_create)
TEST_SUITE(asn1_parser_suite_create)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list