Merge tag 'upstream/5.3.2'

Upstream version 5.3.2

15 files changed, 200 insertions, 27 deletions

diff --git a/Android.common.mk b/Android.common.mk
index f75efedca..3a7a04320 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
               )
 
 # strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.3.1"
+strongswan_VERSION := "5.3.2"
 
diff --git a/NEWS b/NEWS
index b2e8cb2e6..e0cfb7e98 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+strongswan-5.3.2
+----------------
+
+- Fixed a vulnerability that allowed rogue servers with a valid certificate
+  accepted by the client to trick it into disclosing its username and even
+  password (if the client accepts EAP-GTC).  This was caused because constraints
+  against the responder's authentication were enforced too late.
+  This vulnerability has been registered as CVE-2015-4171.
+
+
 strongswan-5.3.1
 ----------------
 
diff --git a/configure b/configure
index a7e5faa97..8aa47c924 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.3.1.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.3.2.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='strongSwan'
 PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.3.1'
-PACKAGE_STRING='strongSwan 5.3.1'
+PACKAGE_VERSION='5.3.2'
+PACKAGE_STRING='strongSwan 5.3.2'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -2018,7 +2018,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures strongSwan 5.3.1 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.3.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -2088,7 +2088,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of strongSwan 5.3.1:";;
+     short | recursive ) echo "Configuration of strongSwan 5.3.2:";;
    esac
   cat <<\_ACEOF
 
@@ -2526,7 +2526,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-strongSwan configure 5.3.1
+strongSwan configure 5.3.2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3048,7 +3048,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by strongSwan $as_me 5.3.1, which was
+It was created by strongSwan $as_me 5.3.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3911,7 +3911,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='strongswan'
- VERSION='5.3.1'
+ VERSION='5.3.2'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -25663,7 +25663,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by strongSwan $as_me 5.3.1, which was
+This file was extended by strongSwan $as_me 5.3.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -25729,7 +25729,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-strongSwan config.status 5.3.1
+strongSwan config.status 5.3.2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index d8278db54..65098d7ee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.3.1])
+AC_INIT([strongSwan],[5.3.2])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index c5155efc2..a793800b7 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -42,7 +42,7 @@ fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
 
 key2keyid.o :	$(top_builddir)/config.status
 
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index b03ff9d4f..bdb8e5ffc 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -180,7 +180,8 @@ thread_analysis_LDADD = $(LDADD)
 am_timeattack_OBJECTS = timeattack.$(OBJEXT)
 timeattack_OBJECTS = $(am_timeattack_OBJECTS)
 timeattack_DEPENDENCIES =  \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(am__DEPENDENCIES_1)
 am__tls_test_SOURCES_DIST = tls_test.c
 @USE_TLS_TRUE@am_tls_test_OBJECTS = tls_test.$(OBJEXT)
 tls_test_OBJECTS = $(am_tls_test_OBJECTS)
@@ -523,7 +524,7 @@ fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
 all: all-am
 
 .SUFFIXES:
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index e0db2e655..94cf07c33 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -698,7 +698,7 @@ METHOD(child_sa_t, install, status_t,
 	this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS,
 								  &esn, NULL);
 
-	if (!this->reqid_allocated)
+	if (!this->reqid_allocated && !this->reqid)
 	{
 		status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface,
 							my_ts, other_ts, this->mark_in, this->mark_out,
@@ -826,7 +826,7 @@ METHOD(child_sa_t, add_policies, status_t,
 	traffic_selector_t *my_ts, *other_ts;
 	status_t status = SUCCESS;
 
-	if (!this->reqid_allocated)
+	if (!this->reqid_allocated && !this->reqid)
 	{
 		/* trap policy, get or confirm reqid */
 		status = hydra->kernel_interface->alloc_reqid(
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index bf747a49e..2554496c1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -112,6 +112,11 @@ struct private_ike_auth_t {
 	 * received an INITIAL_CONTACT?
 	 */
 	bool initial_contact;
+
+	/**
+	 * Is EAP acceptable, did we strictly authenticate peer?
+	 */
+	bool eap_acceptable;
 };
 
 /**
@@ -879,6 +884,37 @@ static void send_auth_failed_informational(private_ike_auth_t *this,
 	message->destroy(message);
 }
 
+/**
+ * Check if strict constraint fullfillment required to continue current auth
+ */
+static bool require_strict(private_ike_auth_t *this, bool mutual_eap)
+{
+	auth_cfg_t *cfg;
+
+	if (this->eap_acceptable)
+	{
+		return FALSE;
+	}
+
+	cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
+	switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
+	{
+		case AUTH_CLASS_EAP:
+			if (mutual_eap && this->my_auth)
+			{
+				this->eap_acceptable = TRUE;
+				return !this->my_auth->is_mutual(this->my_auth);
+			}
+			return TRUE;
+		case AUTH_CLASS_PSK:
+			return TRUE;
+		case AUTH_CLASS_PUBKEY:
+		case AUTH_CLASS_ANY:
+		default:
+			return FALSE;
+	}
+}
+
 METHOD(task_t, process_i, status_t,
 	private_ike_auth_t *this, message_t *message)
 {
@@ -1014,6 +1050,14 @@ METHOD(task_t, process_i, status_t,
 		}
 	}
 
+	if (require_strict(this, mutual_eap))
+	{
+		if (!update_cfg_candidates(this, TRUE))
+		{
+			goto peer_auth_failed;
+		}
+	}
+
 	if (this->my_auth)
 	{
 		switch (this->my_auth->process(this->my_auth, message))
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index 79492913b..3ed6e8699 100644
--- a/src/libimcv/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -47,16 +47,18 @@ ENUM_BEGIN(tcg_attr_names,	TCG_SCAP_REFERENCES,
 	"SCAP Results",
 	"SCAP Summary Results");
 ENUM_NEXT(tcg_attr_names,	TCG_SWID_REQUEST,
-							TCG_SWID_TAG_EVENTS,
+							TCG_SWID_SUBSCRIPTION_STATUS_RESP,
 							TCG_SCAP_SUMMARY_RESULTS,
 	"SWID Request",
 	"SWID Tag Identifier Inventory",
 	"SWID Tag Identifier Events",
 	"SWID Tag Inventory",
-	"SWID Tag Events");
+	"SWID Tag Events",
+	"SWID Subscription Status Request",
+	"SWID Subscription Status Response");
 ENUM_NEXT(tcg_attr_names,	TCG_SEG_MAX_ATTR_SIZE_REQ,
 							TCG_SEG_CANCEL_SEG_EXCH,
-							TCG_SWID_TAG_EVENTS,
+							TCG_SWID_SUBSCRIPTION_STATUS_RESP,
 	"Max Attribute Size Request",
 	"Max Attribute Size Response",
 	"Attribute Segment Envelope",
@@ -253,6 +255,8 @@ pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t
 		/* unsupported TCG/SWID attributes */
 		case TCG_SWID_TAG_ID_EVENTS:
 		case TCG_SWID_TAG_EVENTS:
+		case TCG_SWID_SUBSCRIPTION_STATUS_REQ:
+		case TCG_SWID_SUBSCRIPTION_STATUS_RESP:
 		/* unsupported TCG/PTS attributes */
 		case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
 		case TCG_PTS_TEMPL_REF_MANI_SET_META:
diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h
index 9523f8e18..3a9a7b2e7 100644
--- a/src/libimcv/tcg/tcg_attr.h
+++ b/src/libimcv/tcg/tcg_attr.h
@@ -45,6 +45,8 @@ enum tcg_attr_t {
 	TCG_SWID_TAG_ID_EVENTS =              0x00000013,
 	TCG_SWID_TAG_INVENTORY =              0x00000014,
 	TCG_SWID_TAG_EVENTS =                 0x00000015,
+	TCG_SWID_SUBSCRIPTION_STATUS_REQ =    0x00000016,
+	TCG_SWID_SUBSCRIPTION_STATUS_RESP =   0x00000017,
 
 	/* IF-M Attribute Segmentation */
 	TCG_SEG_MAX_ATTR_SIZE_REQ =           0x00000021,
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
index 4de13744d..9f99c5192 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -19,6 +19,7 @@
  * Magic value for the initial IV state
  */
 #define SEQ_IV_INIT_STATE (~(u_int64_t)0)
+#define SEQ_IV_HIGH_MASK (1ULL << 63)
 
 typedef struct private_iv_gen_t private_iv_gen_t;
 
@@ -33,9 +34,14 @@ struct private_iv_gen_t {
 	iv_gen_t public;
 
 	/**
-	 * Previously passed sequence number to enforce uniqueness
+	 * Previously passed sequence number in lower space to enforce uniqueness
 	 */
-	u_int64_t prev;
+	u_int64_t prevl;
+
+	/**
+	 * Previously passed sequence number in upper space to enforce uniqueness
+	 */
+	u_int64_t prevh;
 
 	/**
 	 * Salt to mask counter
@@ -57,15 +63,26 @@ METHOD(iv_gen_t, get_iv, bool,
 	{
 		return FALSE;
 	}
-	if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev)
+	if (this->prevl != SEQ_IV_INIT_STATE && seq <= this->prevl)
 	{
-		return FALSE;
+		seq |= SEQ_IV_HIGH_MASK;
+		if (this->prevh != SEQ_IV_INIT_STATE && seq <= this->prevh)
+		{
+			return FALSE;
+		}
 	}
-	if (seq == SEQ_IV_INIT_STATE)
+	if ((seq | SEQ_IV_HIGH_MASK) == SEQ_IV_INIT_STATE)
 	{
 		return FALSE;
 	}
-	this->prev = seq;
+	if (seq & SEQ_IV_HIGH_MASK)
+	{
+		this->prevh = seq;
+	}
+	else
+	{
+		this->prevl = seq;
+	}
 	if (len > sizeof(u_int64_t))
 	{
 		len = sizeof(u_int64_t);
@@ -107,7 +124,8 @@ iv_gen_t *iv_gen_seq_create()
 			.allocate_iv = _allocate_iv,
 			.destroy = _destroy,
 		},
-		.prev = SEQ_IV_INIT_STATE,
+		.prevl = SEQ_IV_INIT_STATE,
+		.prevh = SEQ_IV_INIT_STATE,
 	);
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index 8c081c673..d86584ad1 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -47,6 +47,7 @@ tests_SOURCES = tests.h tests.c \
   suites/test_hasher.c \
   suites/test_crypter.c \
   suites/test_crypto_factory.c \
+  suites/test_iv_gen.c \
   suites/test_pen.c \
   suites/test_asn1.c \
   suites/test_asn1_parser.c \
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 97e24bdb7..13fd4cc25 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -143,6 +143,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \
 	suites/tests-test_hasher.$(OBJEXT) \
 	suites/tests-test_crypter.$(OBJEXT) \
 	suites/tests-test_crypto_factory.$(OBJEXT) \
+	suites/tests-test_iv_gen.$(OBJEXT) \
 	suites/tests-test_pen.$(OBJEXT) \
 	suites/tests-test_asn1.$(OBJEXT) \
 	suites/tests-test_asn1_parser.$(OBJEXT) \
@@ -507,6 +508,7 @@ tests_SOURCES = tests.h tests.c \
   suites/test_hasher.c \
   suites/test_crypter.c \
   suites/test_crypto_factory.c \
+  suites/test_iv_gen.c \
   suites/test_pen.c \
   suites/test_asn1.c \
   suites/test_asn1_parser.c \
@@ -652,6 +654,8 @@ suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
 	suites/$(DEPDIR)/$(am__dirstamp)
 suites/tests-test_crypto_factory.$(OBJEXT): suites/$(am__dirstamp) \
 	suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_iv_gen.$(OBJEXT): suites/$(am__dirstamp) \
+	suites/$(DEPDIR)/$(am__dirstamp)
 suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
 	suites/$(DEPDIR)/$(am__dirstamp)
 suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \
@@ -701,6 +705,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hashtable.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_host.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_identification.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_iv_gen.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_mgf1.Po@am__quote@
@@ -1156,6 +1161,20 @@ suites/tests-test_crypto_factory.obj: suites/test_crypto_factory.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
 
+suites/tests-test_iv_gen.o: suites/test_iv_gen.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+
+suites/tests-test_iv_gen.obj: suites/test_iv_gen.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+
 suites/tests-test_pen.o: suites/test_pen.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c
new file mode 100644
index 000000000..4e45c8538
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_iv_gen.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/iv/iv_gen_seq.h>
+#include <utils/test.h>
+
+START_TEST(test_iv_gen_seq)
+{
+	iv_gen_t *iv_gen;
+	u_int64_t iv0, iv1_1, iv1_2;
+
+	iv_gen = iv_gen_seq_create();
+	ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv0));
+	ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_1));
+	ck_assert(iv0 != iv1_1);
+	/* every sequence number may be used twice, but results in a different IV */
+	ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+	ck_assert(iv0 != iv1_2);
+	ck_assert(iv1_1 != iv1_2);
+	ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2));
+	iv_gen->destroy(iv_gen);
+}
+END_TEST
+
+START_TEST(test_iv_gen_seq_len)
+{
+	iv_gen_t *iv_gen;
+	u_int64_t iv;
+	u_int8_t buf[9];
+
+	iv_gen = iv_gen_seq_create();
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (u_int8_t*)&iv));
+	ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (u_int8_t*)&iv));
+	ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv));
+	ck_assert(iv_gen->get_iv(iv_gen, 0, 9, buf));
+	iv_gen->destroy(iv_gen);
+}
+END_TEST
+
+Suite *iv_gen_suite_create()
+{
+	Suite *s;
+	TCase *tc;
+
+	s = suite_create("iv-gen");
+
+	tc = tcase_create("iv-gen-seq");
+	tcase_add_test(tc, test_iv_gen_seq);
+	tcase_add_test(tc, test_iv_gen_seq_len);
+	suite_add_tcase(s, tc);
+
+	return s;
+}
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index e1d8ca4ba..e1074b931 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -40,6 +40,7 @@ TEST_SUITE(printf_suite_create)
 TEST_SUITE(hasher_suite_create)
 TEST_SUITE(crypter_suite_create)
 TEST_SUITE(crypto_factory_suite_create)
+TEST_SUITE(iv_gen_suite_create)
 TEST_SUITE(pen_suite_create)
 TEST_SUITE(asn1_suite_create)
 TEST_SUITE(asn1_parser_suite_create)