[thirdparty/strongswan.git] / src / libcharon / tests / utils / exchange_test_helper.c

/*
 * Copyright (C) 2016 Tobias Brunner
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "exchange_test_helper.h"
#include "mock_ipsec.h"

#include <credentials/sets/mem_cred.h>

typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;

/**
 * Private data
 */
struct private_exchange_test_helper_t {

	/**
	 * Public interface
	 */
	exchange_test_helper_t public;

	/**
	 * Config backend
	 */
	backend_t backend;

	/**
	 * Credentials
	 */
	mem_cred_t *creds;

	/**
	 * IKE_SA SPI counter
	 */
	refcount_t ike_spi;
};

CALLBACK(get_ike_spi, uint64_t,
	private_exchange_test_helper_t *this)
{
	return (uint64_t)ref_get(&this->ike_spi);
}

/*
 * Described in header
 */
exchange_test_helper_t *exchange_test_helper;

static ike_cfg_t *create_ike_cfg()
{
	ike_cfg_t *ike_cfg;

	ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
							 "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
	return ike_cfg;
}

static child_cfg_t *create_child_cfg(bool initiator)
{
	child_cfg_t *child_cfg;
	child_cfg_create_t child = {
		.mode = MODE_TUNNEL,
	};

	child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
	child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
	child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
	child_cfg->add_traffic_selector(child_cfg, TRUE,
								traffic_selector_create_dynamic(0, 0, 65535));
	child_cfg->add_traffic_selector(child_cfg, FALSE,
								traffic_selector_create_dynamic(0, 0, 65535));
	return child_cfg;
}

static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local)
{
	auth_cfg_t *auth;
	char *id = "init";

	auth = auth_cfg_create();
	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
	if (initiator ^ local)
	{
		id = "resp";
	}
	auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
	peer_cfg->add_auth_cfg(peer_cfg, auth, local);
}

static peer_cfg_t *create_peer_cfg(bool initiator)
{
	peer_cfg_t *peer_cfg;
	peer_cfg_create_t peer = {
		.cert_policy = CERT_SEND_IF_ASKED,
		.unique = UNIQUE_REPLACE,
		.keyingtries = 1,
	};

	peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(),
							   &peer);
	add_auth_cfg(peer_cfg, initiator, TRUE);
	add_auth_cfg(peer_cfg, initiator, FALSE);
	peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator));
	return peer_cfg;
}

METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
	backend_t *this, host_t *me, host_t *other)
{
	ike_cfg_t *ike_cfg = create_ike_cfg();
	return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy);
}

METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
	backend_t *this, identification_t *me, identification_t *other)
{
	peer_cfg_t *peer_cfg = create_peer_cfg(FALSE);
	return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
}

METHOD(exchange_test_helper_t, process_message, void,
	private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message)
{
	if (!message)
	{
		message = this->public.sender->dequeue(this->public.sender);
	}
	charon->bus->set_sa(charon->bus, ike_sa);
	ike_sa->process_message(ike_sa, message);
	charon->bus->set_sa(charon->bus, NULL);
	message->destroy(message);
}

METHOD(exchange_test_helper_t, establish_sa, void,
	private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp)
{
	ike_sa_id_t *id_i, *id_r;
	ike_sa_t *sa_i, *sa_r;
	peer_cfg_t *peer_cfg;

	sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
														IKEV2, TRUE);
	id_i = sa_i->get_id(sa_i);

	sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
														IKEV2, FALSE);
	id_r = sa_r->get_id(sa_r);

	peer_cfg = create_peer_cfg(TRUE);
	sa_i->set_peer_cfg(sa_i, peer_cfg);
	peer_cfg->destroy(peer_cfg);
	call_ikesa(sa_i, initiate, create_child_cfg(TRUE), 0, NULL, NULL);
	/* IKE_SA_INIT --> */
	id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
	process_message(this, sa_r, NULL);
	/* <-- IKE_SA_INIT */
	id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r));
	process_message(this, sa_i, NULL);
	/* IKE_AUTH --> */
	process_message(this, sa_r, NULL);
	/* <-- IKE_AUTH */
	process_message(this, sa_i, NULL);
}

/**
 * Enable logging in charon as requested
 */
static void initialize_logging()
{
	int level = LEVEL_SILENT;
	char *verbosity;

	verbosity = getenv("TESTS_VERBOSITY");
	if (verbosity)
	{
		level = atoi(verbosity);
	}
	lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
			lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
								   level, lib->ns), lib->ns);
	lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE,
							lib->ns);
	charon->load_loggers(charon, NULL, TRUE);
}

/*
 * Described in header
 */
void exchange_test_helper_init(char *plugins)
{
	private_exchange_test_helper_t *this;

	INIT(this,
		.public = {
			.sender = mock_sender_create(),
			.establish_sa = _establish_sa,
			.process_message = _process_message,
		},
		.backend = {
			.create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
			.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
			.get_peer_cfg_by_name = (void*)return_null,
		},
		.creds = mem_cred_create(),
	);

	initialize_logging();
	/* the libcharon unit tests only load the libstrongswan plugins, unless
	 * TESTS_PLUGINS is defined */
	charon->initialize(charon, plugins);
	lib->plugins->status(lib->plugins, LEVEL_CTRL);
	/* the original sender is not initialized because there is no socket */
	charon->sender = (sender_t*)this->public.sender;
	/* and there is no kernel plugin loaded
	 * TODO: we'd have more control if we'd implement kernel_interface_t */
	charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
	/* like SPIs for IPsec SAs, make IKE SPIs predictable */
	charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
									   this);

	charon->backends->add_backend(charon->backends, &this->backend);
	lib->credmgr->add_set(lib->credmgr, &this->creds->set);

	this->creds->add_shared(this->creds,
			shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))),
			identification_create_from_string("%any"), NULL);

	exchange_test_helper = &this->public;
}

/*
 * Described in header
 */
void exchange_test_helper_deinit()
{
	private_exchange_test_helper_t *this;

	this = (private_exchange_test_helper_t*)exchange_test_helper;

	charon->backends->remove_backend(charon->backends, &this->backend);
	lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
	this->creds->destroy(this->creds);
	/* can't let charon do it as it happens too late */
	charon->sender->destroy(charon->sender);
	charon->sender = NULL;
	free(this);
}
Commit	Line	Data
c7f5259c TB	1	/*
	2	* Copyright (C) 2016 Tobias Brunner
	3	* HSR Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	#include "exchange_test_helper.h"
	17	#include "mock_ipsec.h"
	18
	19	#include <credentials/sets/mem_cred.h>
	20
	21	typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;
	22
	23	/**
	24	* Private data
	25	*/
	26	struct private_exchange_test_helper_t {
	27
	28	/**
	29	* Public interface
	30	*/
	31	exchange_test_helper_t public;
	32
	33	/**
	34	* Config backend
	35	*/
	36	backend_t backend;
	37
	38	/**
	39	* Credentials
	40	*/
	41	mem_cred_t *creds;
29f1637b TB	42
	43	/**
	44	* IKE_SA SPI counter
	45	*/
	46	refcount_t ike_spi;
c7f5259c TB	47	};
c7f5259c TB	48
29f1637b TB	49	CALLBACK(get_ike_spi, uint64_t,
	50	private_exchange_test_helper_t *this)
	51	{
	52	return (uint64_t)ref_get(&this->ike_spi);
	53	}
	54
c7f5259c TB	55	/*
	56	* Described in header
	57	*/
	58	exchange_test_helper_t *exchange_test_helper;
	59
	60	static ike_cfg_t *create_ike_cfg()
	61	{
	62	ike_cfg_t *ike_cfg;
	63
	64	ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
	65	"127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
	66	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
	67	return ike_cfg;
	68	}
	69
	70	static child_cfg_t *create_child_cfg(bool initiator)
	71	{
	72	child_cfg_t *child_cfg;
	73	child_cfg_create_t child = {
	74	.mode = MODE_TUNNEL,
	75	};
	76
	77	child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
	78	child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
	79	child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
	80	child_cfg->add_traffic_selector(child_cfg, TRUE,
	81	traffic_selector_create_dynamic(0, 0, 65535));
	82	child_cfg->add_traffic_selector(child_cfg, FALSE,
	83	traffic_selector_create_dynamic(0, 0, 65535));
	84	return child_cfg;
	85	}
	86
	87	static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local)
	88	{
	89	auth_cfg_t *auth;
	90	char *id = "init";
	91
	92	auth = auth_cfg_create();
	93	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
	94	if (initiator ^ local)
	95	{
	96	id = "resp";
	97	}
	98	auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
	99	peer_cfg->add_auth_cfg(peer_cfg, auth, local);
	100	}
	101
	102	static peer_cfg_t *create_peer_cfg(bool initiator)
	103	{
	104	peer_cfg_t *peer_cfg;
	105	peer_cfg_create_t peer = {
	106	.cert_policy = CERT_SEND_IF_ASKED,
	107	.unique = UNIQUE_REPLACE,
	108	.keyingtries = 1,
	109	};
	110
	111	peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(),
	112	&peer);
	113	add_auth_cfg(peer_cfg, initiator, TRUE);
	114	add_auth_cfg(peer_cfg, initiator, FALSE);
	115	peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator));
	116	return peer_cfg;
	117	}
	118
119	METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
120	backend_t this, host_t me, host_t *other)
121	{
122	ike_cfg_t *ike_cfg = create_ike_cfg();
123	return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy);
124	}
125
126	METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
127	backend_t this, identification_t me, identification_t *other)
128	{
129	peer_cfg_t *peer_cfg = create_peer_cfg(FALSE);
130	return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
131	}
132
133	METHOD(exchange_test_helper_t, process_message, void,
134	private_exchange_test_helper_t this, ike_sa_t ike_sa, message_t *message)
135	{
136	if (!message)
137	{
138	message = this->public.sender->dequeue(this->public.sender);
139	}
140	charon->bus->set_sa(charon->bus, ike_sa);
141	ike_sa->process_message(ike_sa, message);
142	charon->bus->set_sa(charon->bus, NULL);
143	message->destroy(message);
144	}
145
146	METHOD(exchange_test_helper_t, establish_sa, void,
147	private_exchange_test_helper_t this, ike_sa_t init, ike_sa_t *resp)
148	{
149	ike_sa_id_t id_i, id_r;
150	ike_sa_t sa_i, sa_r;
151	peer_cfg_t *peer_cfg;
152
153	sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
154	IKEV2, TRUE);
155	id_i = sa_i->get_id(sa_i);
156
157	sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
158	IKEV2, FALSE);
159	id_r = sa_r->get_id(sa_r);
160
161	peer_cfg = create_peer_cfg(TRUE);
162	sa_i->set_peer_cfg(sa_i, peer_cfg);
163	peer_cfg->destroy(peer_cfg);
5d97e5c3	164	call_ikesa(sa_i, initiate, create_child_cfg(TRUE), 0, NULL, NULL);
c7f5259c TB	165	/* IKE_SA_INIT --> */
	166	id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
	167	process_message(this, sa_r, NULL);
	168	/* <-- IKE_SA_INIT */
	169	id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r));
	170	process_message(this, sa_i, NULL);
	171	/* IKE_AUTH --> */
	172	process_message(this, sa_r, NULL);
	173	/* <-- IKE_AUTH */
	174	process_message(this, sa_i, NULL);
	175	}
	176
	177	/**
	178	* Enable logging in charon as requested
	179	*/
	180	static void initialize_logging()
	181	{
	182	int level = LEVEL_SILENT;
	183	char *verbosity;
	184
	185	verbosity = getenv("TESTS_VERBOSITY");
	186	if (verbosity)
	187	{
	188	level = atoi(verbosity);
	189	}
	190	lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
	191	lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
	192	level, lib->ns), lib->ns);
	193	lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE,
	194	lib->ns);
	195	charon->load_loggers(charon, NULL, TRUE);
	196	}
	197
	198	/*
	199	* Described in header
	200	*/
	201	void exchange_test_helper_init(char *plugins)
	202	{
	203	private_exchange_test_helper_t *this;
	204
	205	INIT(this,
	206	.public = {
	207	.sender = mock_sender_create(),
	208	.establish_sa = _establish_sa,
	209	.process_message = _process_message,
	210	},
	211	.backend = {
	212	.create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
	213	.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
	214	.get_peer_cfg_by_name = (void*)return_null,
	215	},
	216	.creds = mem_cred_create(),
	217	);
	218
	219	initialize_logging();
	220	/* the libcharon unit tests only load the libstrongswan plugins, unless
	221	* TESTS_PLUGINS is defined */
	222	charon->initialize(charon, plugins);
	223	lib->plugins->status(lib->plugins, LEVEL_CTRL);
	224	/* the original sender is not initialized because there is no socket */
	225	charon->sender = (sender_t*)this->public.sender;
	226	/* and there is no kernel plugin loaded
	227	* TODO: we'd have more control if we'd implement kernel_interface_t */
	228	charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
29f1637b TB	229	/* like SPIs for IPsec SAs, make IKE SPIs predictable */
	230	charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
	231	this);
c7f5259c TB	232
	233	charon->backends->add_backend(charon->backends, &this->backend);
	234	lib->credmgr->add_set(lib->credmgr, &this->creds->set);
	235
	236	this->creds->add_shared(this->creds,
	237	shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))),
	238	identification_create_from_string("%any"), NULL);
	239
	240	exchange_test_helper = &this->public;
	241	}
	242
	243	/*
	244	* Described in header
	245	*/
	246	void exchange_test_helper_deinit()
	247	{
	248	private_exchange_test_helper_t *this;
	249
	250	this = (private_exchange_test_helper_t*)exchange_test_helper;
	251
	252	charon->backends->remove_backend(charon->backends, &this->backend);
	253	lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
	254	this->creds->destroy(this->creds);
	255	/* can't let charon do it as it happens too late */
	256	charon->sender->destroy(charon->sender);
	257	charon->sender = NULL;
	258	free(this);
	259	}