Tobias Brunner
6eb7dd11ec
appveyor: Run tests on AppVeyor Windows containers
...
We can't enable leak detective as it is so slow then that we run into a
timeout (60 minutes).
2017-07-28 11:18:17 +02:00
Tobias Brunner
157742be7d
fuzz: Add fuzzing boilerplate
2017-05-23 18:29:11 +02:00
Tobias Brunner
93700d93fa
travis: aikpub2 was removed, no need to disable it anymore
2017-03-23 18:29:18 +01:00
Tobias Brunner
23c05d86de
travis: Build Windows-specific plugins
...
The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04,
which we have to use for x86 due to another issue with MinGW, are too old.
2017-03-23 18:29:18 +01:00
Tobias Brunner
42f7c98980
travis: Create coverage report via codecov.io
2017-03-15 10:19:02 +01:00
Tobias Brunner
1da567734f
libipsec: Fix Windows build via MinGW
...
Fixes #2118 .
2017-01-25 17:12:30 +01:00
Martin Willi
2ac95123bb
dh-speed: Compare the shared secrets for equality after test
2016-11-14 16:20:51 +01:00
Martin Willi
0ab854789d
dh-speed: Include the get_my_public_value() call in public exponent timing
...
This fixes results where a DH backend does not generate the public value
in the constructor internally.
2016-11-14 16:20:51 +01:00
Martin Willi
053275150b
dh-speed: Add an identifier to test curve25519 performance
2016-11-14 16:20:51 +01:00
Tobias Brunner
8486b3b438
travis: Use a more recent OS X image
...
Using the xcode8 image does not work currently (libcurl is not found).
2016-09-27 09:19:34 +02:00
Tobias Brunner
39d544d56e
travis: Run 32-bit Windows build on precise (12.04) image
...
That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
2016-09-20 15:33:01 +02:00
Tobias Brunner
003fec52e0
travis: Properly pass back result of make
...
Fixes: 4e8f5a189c
("travis: Add apidoc check")
2016-09-20 15:32:28 +02:00
Tobias Brunner
44280a1901
travis: Don't disable connmark and forecast plugins anymore
...
They build fine on Ubuntu 14.04.
2016-09-20 15:32:28 +02:00
Tobias Brunner
d8f27ba679
maemo: Remove unused plugin
2016-09-15 18:33:52 +02:00
Tobias Brunner
4e8f5a189c
travis: Add apidoc check
...
This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some
issues with our Doxyfile and prints lots of warnings).
2016-09-05 16:58:29 +02:00
Tobias Brunner
94a6998608
travis: Use Trusty beta image
2016-09-05 16:58:29 +02:00
Tobias Brunner
1806ba0890
travis: Add a workaround for a bug regarding libtool installed via Homebrew
2016-08-25 17:21:02 +02:00
Tobias Brunner
e4fd163a5a
travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen
...
Ubuntu 12.04 does not provide libtss2-dev.
2016-06-28 11:30:25 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
e36b1e2edb
travis: Enable OS X build
2015-11-23 11:42:52 +01:00
Tobias Brunner
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
Tobias Brunner
18662e9694
scripts: Add script to extract the ASN.1 subject DN from a certificate
...
This can be useful if the subject DN has to be configured with the
asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be
created by strongSwan's string parser/encoder).
2015-08-17 11:29:11 +02:00
Andreas Steffen
9bb7307825
Fix timeattack script compilation under ARM
2015-06-05 12:09:38 +02:00
Martin Willi
b821575093
crypt-burn: free() associated data after test
2015-05-04 13:24:33 +02:00
Martin Willi
3aa785507d
travis: Run a gcrypt test with leak-detective
...
And also enable gcrypt in the all tests with leak-detective enabled.
2015-04-15 14:38:42 +02:00
Martin Willi
22d0c934cd
crypt-burn: Support burning signers
2015-04-15 11:35:26 +02:00
Martin Willi
3935d812b7
crypt-burn: Add a encryption buffer command line argument
2015-04-15 11:35:25 +02:00
Martin Willi
466d560a33
crypt-burn: Set a defined key, as some backends require that
2015-04-15 11:35:25 +02:00
Martin Willi
5da79478ff
crypt-burn: Refactor to separate burn methods
2015-04-15 11:35:25 +02:00
Martin Willi
d5ce572d99
crypt-burn: Accept a PLUGINS env var to configure plugins to load
2015-04-15 11:35:25 +02:00
Martin Willi
9d6e952201
utils: Add a constant time chunk_equals() variant for cryptographic purposes
2015-04-14 12:02:48 +02:00
Martin Willi
b833963270
utils: Add a constant time memeq() variant for cryptographic purposes
2015-04-14 11:51:54 +02:00
Martin Willi
39e1ddec2e
scripts: Add a tool that tries to guess MAC/ICV values using validation times
...
This tool shows that it is trivial to re-construct the value memcmp() compares
against by just measuring the time the non-time-constant memcmp() requires to
fail.
It also shows that even when running without any network latencies it gets
very difficult to reconstruct MAC/ICV values, as the time variances due to the
crypto routines are large enough that it gets difficult to measure the time
that memcmp() actually requires after computing the MAC.
However, the faster/time constant an algorithm is, the more likely is a
successful attack. When using AES-NI, it is possible to reconstruct (parts of)
a valid MAC with this tool, for example with AES-GCM.
While this is all theoretical, and way more difficult to exploit with network
jitter, it nonetheless shows that we should replace any use of memcmp/memeq()
with a constant-time alternative in all sensitive places.
2015-04-14 11:51:54 +02:00
Martin Willi
a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
75a8457922
travis: Install pip to install pytest in "all" tests
...
This allows ./configure to detect py.test, and execute python unit tests we
provide in the vici python egg.
2015-03-18 14:29:45 +01:00
Martin Willi
83f0c22afe
travis: Disable unwind backtraces regardless of LEAK_DETECTIVE option
...
While d0d85683
works around a crasher related to the use of libunwind, other
build hangs have been seen in the all test cases. Try to
--disable-unwind-backtraces to see if libunwind is really related to those
and if it fixes these issues.
2015-02-26 10:43:20 +01:00
Martin Willi
54d143ca37
travis: Disable forecast/connmark plugins in monolithic builds
...
Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc.
The monolithic build fails due to missing symbols, so disable it until we have
a newer Ubuntu release.
2015-02-24 12:25:23 +01:00
Martin Willi
2a8e351117
travis: Install iptables-dev for connmark plugin in "all" tests
2015-02-20 16:34:53 +01:00
Martin Willi
05a3f349a7
travis: Build-test updown and ext-auth plugins for Windows
2014-10-14 11:11:34 +02:00
Martin Willi
ab23a0f86a
travis: Disable soup in "all" test
...
On Ubuntu 12.04, there seems to be a resource leak related to pthread keys
when initializing glib or related libraries more than once. With our repeated
initialization for libstrongswan tests, we hit the following error:
Lib (gthread-posix.c): Unexpected error from C library during
'pthread_key_create': Resource temporarily unavailable.
The problem is not reproducible on a newer Gnome stack, hence we disable the
glib based soup plugin until we have a more recent Ubuntu on Travis.
2014-09-24 17:35:16 +02:00
Martin Willi
575d3ab19a
travis: Disable build of native systemd IKE daemon
...
Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip
systemd support on Travis until we have a more recent Ubuntu distribution.
2014-09-22 14:19:38 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Martin Willi
fd372e13a2
travis: Add a Windows 32-bit variant build test
2014-06-06 16:28:28 +02:00
Martin Willi
c572401b34
travis: Build "all" tests without Windows HTTP fetcher
...
We don't include it in the Windows build test either, as MinGW does not come
with -lwinhttp.
2014-06-04 16:34:16 +02:00
Martin Willi
4732e29a1d
travis: Build "all" tests without Windows kernel backends
2014-06-04 16:32:12 +02:00
Martin Willi
9b7a2188d9
travis: Include socket backend in Windows build test
2014-06-04 16:31:09 +02:00
Martin Willi
d62b2444bc
travis: Build "all" tests without Windows socket backend
2014-06-04 16:31:09 +02:00
Martin Willi
d930d18417
travis: Define a Windows build test using MinGW
2014-06-04 16:22:43 +02:00
Martin Willi
95e67e8d19
travis: Perform build tests with -Werror
2014-06-04 15:53:13 +02:00
Martin Willi
c2c2c639af
travis: Build "all" test without Windows specific charon-svc or dbghelp
2014-06-04 15:53:11 +02:00
Martin Willi
62dd8c3082
travis: Install libjson dependency for "all" tests
2014-06-03 10:16:33 +02:00
Tobias Brunner
e34905ce7b
scripts: Ignore settings-test script
2014-05-20 18:56:43 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Tobias Brunner
5b64c04046
scripts: Add test script for settings_t
2014-05-15 12:03:07 +02:00
Martin Willi
dba3c649da
travis: --disable-aikgen in "all" tests
...
aikgen has a hard dependency on TrouSerS, which we currently don't have in the
travis build.
2014-05-07 14:12:13 +02:00
Martin Willi
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
Martin Willi
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
Martin Willi
e5d73b0dfa
aead: Support custom AEAD salt sizes
...
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
2014-03-31 15:56:12 +02:00
Tobias Brunner
29b7377530
travis: Run the "all" test case with leak detective enabled
...
But disable the gcrypt plugin, as it causes leaks.
Also disable the backtraces by libunwind as they seem to cause
threads to get cleaned up after the leak detective already has been
disabled, which leads to invalid free()s.
2014-03-27 10:52:45 +01:00
Tobias Brunner
6548f50cf9
travis: Use parallel build
...
Not sure if 4 jobs is optimal, but according to the docs each build host
has 1.5 virtual cores available (although "getconf _NPROCESSORS_ONLN"
returns 32, which is probably the number of real cores underneath), so
more jobs might not actually reduce the build time much more.
2014-03-20 18:48:13 +01:00
Tobias Brunner
316aa4b43b
travis: Add tests for builtin printf hook implementation
...
We can't test Vstr as it does not properly handle negative int arguments
for custom format callbacks, so some of the enum tests would fail.
2014-03-20 15:49:05 +01:00
Tobias Brunner
60a0bb6767
travis: Install dependencies for each test dynamically
...
Since the installation of all packages alone takes several minutes this
should speed up some test cases.
2014-03-20 15:49:05 +01:00
Tobias Brunner
d151cd283e
Add Travis CI config and build script
2014-03-20 15:29:27 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
7c4629060a
aes-test: Fix compiler warnings from older versions of GCC
2013-12-19 11:02:23 +01:00
Tobias Brunner
0b47bb5377
pubkey_speed: Add missing plugins
...
The pkcs1 plugin is required to test the gmp/gcrypt plugins. Likewise,
the pem plugin is required when testing the openssl plugin.
Fixes #401 .
2013-09-04 10:01:46 +02:00
Tobias Brunner
f17322dccb
pubkey_speed: sudo is not required
...
Also, refer to pubkey_speed properly when not being called from the same
directory.
2013-09-04 09:53:36 +02:00
Tobias Brunner
f1d5d87619
pubkey_speed: Add header and fix usage
2013-09-04 09:53:36 +02:00
Tobias Brunner
2a7a9471dd
aes-test: Rename crypt() as it conflicts with a library function on Mac OS X
...
unistd.h on Linux defines this only if _XOPEN_SOURCE is defined.
2013-08-30 08:51:09 +02:00
Andreas Steffen
db4a072ca9
Added scripts/aes-test to .gitignore
2013-08-28 22:52:30 +02:00
Tobias Brunner
9455f8b386
aes-test: Support test vectors at the end of a file
2013-08-24 16:22:51 +02:00
Tobias Brunner
8972c72237
aes-test: Add script to test AES implementations according to AESAVS/GCMVS
2013-08-24 16:22:51 +02:00
Martin Willi
3b6d8855e8
scripts: link against librt only if required
...
With glibc, this seems to be the case for 2.17 and older versions only.
2013-08-08 09:12:52 +02:00
Martin Willi
62e1c80803
scripts: link malloc_speed against librt
2013-08-08 09:09:00 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Martin Willi
40f2a5306a
scripts: add a simple test utility to do some malloc() benchmarking/profiling
2013-05-06 15:15:24 +02:00
Andreas Steffen
676e862487
fixed another printf statement
2013-04-09 15:16:49 +02:00
Andreas Steffen
1a185ae14b
fixed printf statements
2013-04-08 22:21:14 +02:00
Martin Willi
3f4300ed1e
Accept a certificate/key pair to use client authentication in tls_test
2013-04-02 16:09:17 +02:00
Tobias Brunner
51caeeb161
crypt_burn: Proper cleanup
2013-03-25 18:40:32 +01:00
Tobias Brunner
d4f2f3dd7f
crypt_burn: Fix loop condition for regular crypters
2013-03-25 18:40:31 +01:00
Reto Guadagnini
d786cbda5c
Implemented the resolver test script "dnssec"
2013-02-19 11:57:21 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
4c57c63062
Added possibility to register custom proposal keywords
...
Keyword lookup and registration are handled via the new lib->proposal object.
2012-09-13 15:44:46 +02:00
Tobias Brunner
995875210a
Removed len argument from proposal_get_token()
...
Also use enumerators instead of lexparser.h to parse proposal strings.
2012-09-13 15:44:01 +02:00
Martin Willi
8217c099ce
Add a tool to burn hashers
2012-07-17 17:32:08 +02:00
Martin Willi
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
Martin Willi
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
Martin Willi
e2ed7bfd22
Add a return value to aead_t.encrypt()
2012-07-16 14:53:32 +02:00
Tobias Brunner
f3af4969a7
Added GPL header to scripts
2012-06-29 16:51:29 +02:00
Tobias Brunner
79d5c4f06b
Fixed return values of several functions (e.g. return FALSE for pointer types).
2012-05-31 17:39:04 +02:00
Martin Willi
f8b2906929
Use the TLS socket splicing in tls_test script
2011-12-31 13:14:49 +01:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Martin Willi
4ae7f7d13e
Use spaces in Makefile.am identation, autotools don't like tabs
2011-05-20 10:09:09 +02:00
Martin Willi
513701f41b
Fix some warnings triggered by gcc 4.6 -Wunused-but-set-variable
2011-05-19 15:47:40 +02:00
Martin Willi
4ceb31f941
Added alloc/stream options to fetcher test utility
2011-04-04 08:48:27 +02:00
Martin Willi
a8a7a31700
Added simple fetcher tool to test fetcher implementations
2011-01-17 18:19:59 +01:00