activated INTEGRITY_TEST option in pluto
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 8 Jun 2009 14:55:54 +0000 (16:55 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 9 Jun 2009 09:03:35 +0000 (11:03 +0200)
src/pluto/Makefile.am
src/pluto/plutomain.c

index 359a493..704819d 100644 (file)
@@ -114,6 +114,11 @@ if USE_SMARTCARD
   AM_CFLAGS += -DSMARTCARD
 endif
 
+# This compile option activates the integrity test of libstrongswan
+if USE_INTEGRITY_TEST
+  AM_CFLAGS += -DINTEGRITY_TEST
+endif
+
 # This compile option activates the crypto self-test
 if USE_SELF_TEST
   AM_CFLAGS += -DSELF_TEST
index ebd0201..a53c777 100644 (file)
 #include <utils/enumerator.h>
 #include <utils/optionsfrom.h>
 
+#ifdef INTEGRITY_TEST
+#include <fips/fips.h>
+#include <fips/fips_signature.h>
+#endif /* INTEGRITY_TEST */
+
 #include <pfkeyv2.h>
 #include <pfkey.h>
 
@@ -640,6 +645,19 @@ int main(int argc, char **argv)
                lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
        print_plugins();
 
+#ifdef INTEGRITY_TEST
+       DBG1("integrity test of libstrongswan code");
+       if (fips_verify_hmac_signature(hmac_key, hmac_signature))
+       {
+               DBG1("  integrity test passed");
+       }
+       else
+       {
+               DBG1("  integrity test failed");
+               abort();
+       }
+#endif /* INTEGRITY_TEST */
+
        init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
        init_virtual_ip(virtual_private);
        scx_init(pkcs11_module_path, pkcs11_init_args);