activated INTEGRITY_TEST option in pluto

2 files changed, 23 insertions, 0 deletions

diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index 359a493a3..704819dc9 100644
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -114,6 +114,11 @@ if USE_SMARTCARD
   AM_CFLAGS += -DSMARTCARD
 endif
 
+# This compile option activates the integrity test of libstrongswan
+if USE_INTEGRITY_TEST
+  AM_CFLAGS += -DINTEGRITY_TEST
+endif
+
 # This compile option activates the crypto self-test
 if USE_SELF_TEST
   AM_CFLAGS += -DSELF_TEST
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index ebd020100..a53c777a8 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -43,6 +43,11 @@
 #include <utils/enumerator.h>
 #include <utils/optionsfrom.h>
 
+#ifdef INTEGRITY_TEST
+#include <fips/fips.h>
+#include <fips/fips_signature.h>
+#endif /* INTEGRITY_TEST */
+
 #include <pfkeyv2.h>
 #include <pfkey.h>
 
@@ -640,6 +645,19 @@ int main(int argc, char **argv)
 		lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
 	print_plugins();
 
+#ifdef INTEGRITY_TEST
+	DBG1("integrity test of libstrongswan code");
+	if (fips_verify_hmac_signature(hmac_key, hmac_signature))
+	{
+		DBG1("  integrity test passed");
+	}
+	else
+	{
+		DBG1("  integrity test failed");
+		abort();
+	}
+#endif /* INTEGRITY_TEST */
+
 	init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
 	init_virtual_ip(virtual_private);
 	scx_init(pkcs11_module_path, pkcs11_init_args);