]>
Commit | Line | Data |
---|---|---|
4be8471f RB |
1 | /* |
2 | * Copyright (C) 2012 Reto Buerki | |
3 | * Copyright (C) 2012 Adrian-Ken Rueegsegger | |
4 | * Hochschule fuer Technik Rapperswil | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
d6032bff TB |
17 | #include <tests/test_suite.h> |
18 | ||
4be8471f RB |
19 | #include <daemon.h> |
20 | #include <hydra.h> | |
21 | #include <config/proposal.h> | |
22 | #include <encoding/payloads/ike_header.h> | |
23 | #include <tkm/client.h> | |
24 | ||
25 | #include "tkm.h" | |
26 | #include "tkm_nonceg.h" | |
27 | #include "tkm_diffie_hellman.h" | |
28 | #include "tkm_keymat.h" | |
e472129a | 29 | #include "tkm_types.h" |
4be8471f RB |
30 | |
31 | START_TEST(test_derive_ike_keys) | |
32 | { | |
4be8471f RB |
33 | proposal_t *proposal = proposal_create_from_string(PROTO_IKE, |
34 | "aes256-sha512-modp4096"); | |
35 | fail_if(!proposal, "Unable to create proposal"); | |
36 | ike_sa_id_t *ike_sa_id = ike_sa_id_create(IKEV2_MAJOR_VERSION, | |
37 | 123912312312, 32312313122, TRUE); | |
38 | fail_if(!ike_sa_id, "Unable to create IKE SA ID"); | |
39 | ||
40 | tkm_keymat_t *keymat = tkm_keymat_create(TRUE); | |
41 | fail_if(!keymat, "Unable to create keymat"); | |
d91acfdb | 42 | fail_if(!keymat->get_isa_id(keymat), "Invalid ISA context id (0)"); |
4be8471f RB |
43 | |
44 | chunk_t nonce; | |
45 | tkm_nonceg_t *ng = tkm_nonceg_create(); | |
46 | fail_if(!ng, "Unable to create nonce generator"); | |
47 | fail_unless(ng->nonce_gen.allocate_nonce(&ng->nonce_gen, 32, &nonce), | |
48 | "Unable to allocate nonce"); | |
49 | ng->nonce_gen.destroy(&ng->nonce_gen); | |
50 | ||
51 | tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT); | |
52 | fail_if(!dh, "Unable to create DH"); | |
53 | ||
54 | /* Use the same pubvalue for both sides */ | |
55 | chunk_t pubvalue; | |
42431690 | 56 | ck_assert(dh->dh.get_my_public_value(&dh->dh, &pubvalue)); |
a777155f | 57 | ck_assert(dh->dh.set_other_public_value(&dh->dh, pubvalue)); |
4be8471f | 58 | |
62b62543 AKR |
59 | fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal, |
60 | &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty), | |
61 | "Key derivation failed"); | |
4be8471f RB |
62 | chunk_free(&nonce); |
63 | ||
62b62543 | 64 | aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE); |
4be8471f RB |
65 | fail_if(!aead, "AEAD is NULL"); |
66 | ||
67 | fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d", | |
68 | aead->get_key_size(aead)); | |
69 | fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d", | |
70 | aead->get_block_size(aead)); | |
71 | ||
72 | proposal->destroy(proposal); | |
73 | dh->dh.destroy(&dh->dh); | |
74 | ike_sa_id->destroy(ike_sa_id); | |
62b62543 | 75 | keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat); |
4be8471f | 76 | chunk_free(&pubvalue); |
4be8471f RB |
77 | } |
78 | END_TEST | |
79 | ||
e472129a AKR |
80 | START_TEST(test_derive_child_keys) |
81 | { | |
e472129a AKR |
82 | tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT); |
83 | fail_if(!dh, "Unable to create DH object"); | |
84 | proposal_t *proposal = proposal_create_from_string(PROTO_ESP, | |
85 | "aes256-sha512-modp4096"); | |
86 | fail_if(!proposal, "Unable to create proposal"); | |
87 | proposal->set_spi(proposal, 42); | |
88 | ||
89 | tkm_keymat_t *keymat = tkm_keymat_create(TRUE); | |
90 | fail_if(!keymat, "Unable to create keymat"); | |
91 | ||
92 | chunk_t encr_i, encr_r, integ_i, integ_r; | |
93 | chunk_t nonce = chunk_from_chars("test chunk"); | |
94 | ||
62b62543 AKR |
95 | fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal, |
96 | (diffie_hellman_t *)dh, | |
97 | nonce, nonce, &encr_i, | |
98 | &integ_i, &encr_r, &integ_r), | |
e472129a AKR |
99 | "Child key derivation failed"); |
100 | ||
101 | esa_info_t *info = (esa_info_t *)encr_i.ptr; | |
102 | fail_if(!info, "encr_i does not contain esa information"); | |
103 | fail_if(info->isa_id != keymat->get_isa_id(keymat), | |
104 | "Isa context id mismatch (encr_i)"); | |
105 | fail_if(info->spi_r != 42, | |
106 | "SPI mismatch (encr_i)"); | |
107 | fail_unless(chunk_equals(info->nonce_i, nonce), | |
108 | "nonce_i mismatch (encr_i)"); | |
109 | fail_unless(chunk_equals(info->nonce_r, nonce), | |
110 | "nonce_r mismatch (encr_i)"); | |
111 | fail_if(info->is_encr_r, | |
112 | "Flag is_encr_r set for encr_i"); | |
113 | fail_if(info->dh_id != dh->get_id(dh), | |
114 | "DH context id mismatch (encr_i)"); | |
115 | chunk_free(&info->nonce_i); | |
116 | chunk_free(&info->nonce_r); | |
117 | ||
118 | info = (esa_info_t *)encr_r.ptr; | |
119 | fail_if(!info, "encr_r does not contain esa information"); | |
120 | fail_if(info->isa_id != keymat->get_isa_id(keymat), | |
121 | "Isa context id mismatch (encr_r)"); | |
122 | fail_if(info->spi_r != 42, | |
123 | "SPI mismatch (encr_r)"); | |
124 | fail_unless(chunk_equals(info->nonce_i, nonce), | |
125 | "nonce_i mismatch (encr_r)"); | |
126 | fail_unless(chunk_equals(info->nonce_r, nonce), | |
127 | "nonce_r mismatch (encr_r)"); | |
128 | fail_unless(info->is_encr_r, | |
129 | "Flag is_encr_r set for encr_r"); | |
130 | fail_if(info->dh_id != dh->get_id(dh), | |
131 | "DH context id mismatch (encr_i)"); | |
132 | chunk_free(&info->nonce_i); | |
133 | chunk_free(&info->nonce_r); | |
134 | ||
135 | proposal->destroy(proposal); | |
136 | dh->dh.destroy(&dh->dh); | |
62b62543 | 137 | keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat); |
e472129a AKR |
138 | chunk_free(&encr_i); |
139 | chunk_free(&encr_r); | |
e472129a AKR |
140 | } |
141 | END_TEST | |
142 | ||
d6032bff | 143 | Suite *make_keymat_tests() |
4be8471f | 144 | { |
d6032bff TB |
145 | Suite *s; |
146 | TCase *tc; | |
147 | ||
148 | s = suite_create("keymat"); | |
149 | ||
150 | tc = tcase_create("derive IKE keys"); | |
4be8471f | 151 | tcase_add_test(tc, test_derive_ike_keys); |
d6032bff TB |
152 | suite_add_tcase(s, tc); |
153 | ||
154 | tc = tcase_create("derive CHILD keys"); | |
e472129a | 155 | tcase_add_test(tc, test_derive_child_keys); |
d6032bff | 156 | suite_add_tcase(s, tc); |
4be8471f | 157 | |
d6032bff | 158 | return s; |
4be8471f | 159 | } |