Project

General

Profile

History

strongSwan User Documentation ยป

Crypto Tests

Starting with 4.3.2, libstrongswan supports self tests of crypto algorithms. Currently the crypto tester supports testing of encryption algorithms, integrity algorithms, hash functions, pseudo random functions and random number generators.

Test vectors

The self test framework is always built into the crypto factory. But to actually run the self tests, the framework requires test vectors. Any plugin can register test vectors with the crypto factory. strongSwan ships with a default set of test vectors in a separate test_vector plugin. To build and load the plugin, add

--enable-test-vectors

to your ./configure options.

Running tests

There are currently two ways to run crypto tests:

At startup

During daemon initialization, each plugin registers the crypto algorithms it provides. To accept an implementation, the algorithms can be tested by setting the following in strongswan.conf.

libstrongswan {
  crypto_test {
    on_add = yes
  }
}

Implementations failing a test vector are not accepted and can't be used. Adding

required = yes

to the crypto_test section above requires an algorithm to be tested at least against one vector. If no test vectors are available, the algorithm will not be available.

During operation

Besides, or in addition to, startup tests the crypto factory can run algorithm tests each time a crypto primitive is instantiated. This gives you some guarantee that an implementation is behaving correctly over a longer time period. But keep in mind: Some crypto primitives are instantiated only once at startup and are used over the whole runtime. These are not tested periodically.

Adding

on_create = yes

to the crypto_test section enables self testing during instantiation. You can also use the required option discussed above.

Benchmarking

The algorithms may optionally be benchmarked when they are loaded (on_add has to be enabled) by addding

bench = yes

to the crypto_test section. If multiple implementations of the same algorithm are loaded, they are sorted by their efficiency (DH implementations are currently not affected).

The buffer size and duration may optionally be configured via bench_size and bench_time settings (see strongswan.conf for details).

Entropy for RNG tests

Depending on your test vectors, testing random number generators needs some thousand bytes of input. This might be problematic for RNGs with high quality, as such implementations often block if not enough entropy is available.

Testing RNGs with RNG_TRUE quality is disabled by default, as you usually do not have enough entropy to complete the tests in reasonable time. If you have a hardware based source of randomness, you can enable the tests for high quality RNGs by adding

rng_true = yes

to the crypto_test section.