projects / thirdparty / strongswan.git / blame
| Commit | Line | Data |
|---|---|---|
| c7f5259c TB |
1 | /* |
| 2 | * Copyright (C) 2016 Tobias Brunner | |
| 3 | * HSR Hochschule fuer Technik Rapperswil | |
| 4 | * | |
| 5 | * This program is free software; you can redistribute it and/or modify it | |
| 6 | * under the terms of the GNU General Public License as published by the | |
| 7 | * Free Software Foundation; either version 2 of the License, or (at your | |
| 8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
| 9 | * | |
| 10 | * This program is distributed in the hope that it will be useful, but | |
| 11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
| 12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
| 13 | * for more details. | |
| 14 | */ | |
| 15 | ||
| 16 | #include "exchange_test_helper.h" | |
| 17 | #include "mock_ipsec.h" | |
| 18 | ||
| 19 | #include <credentials/sets/mem_cred.h> | |
| 20 | ||
| 21 | typedef struct private_exchange_test_helper_t private_exchange_test_helper_t; | |
| 22 | ||
| 23 | /** | |
| 24 | * Private data | |
| 25 | */ | |
| 26 | struct private_exchange_test_helper_t { | |
| 27 | ||
| 28 | /** | |
| 29 | * Public interface | |
| 30 | */ | |
| 31 | exchange_test_helper_t public; | |
| 32 | ||
| 33 | /** | |
| 34 | * Config backend | |
| 35 | */ | |
| 36 | backend_t backend; | |
| 37 | ||
| 38 | /** | |
| 39 | * Credentials | |
| 40 | */ | |
| 41 | mem_cred_t *creds; | |
| 42 | }; | |
| 43 | ||
| 44 | /* | |
| 45 | * Described in header | |
| 46 | */ | |
| 47 | exchange_test_helper_t *exchange_test_helper; | |
| 48 | ||
| 49 | static ike_cfg_t *create_ike_cfg() | |
| 50 | { | |
| 51 | ike_cfg_t *ike_cfg; | |
| 52 | ||
| 53 | ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT, | |
| 54 | "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); | |
| 55 | ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); | |
| 56 | return ike_cfg; | |
| 57 | } | |
| 58 | ||
| 59 | static child_cfg_t *create_child_cfg(bool initiator) | |
| 60 | { | |
| 61 | child_cfg_t *child_cfg; | |
| 62 | child_cfg_create_t child = { | |
| 63 | .mode = MODE_TUNNEL, | |
| 64 | }; | |
| 65 | ||
| 66 | child_cfg = child_cfg_create(initiator ? "init" : "resp", &child); | |
| 67 | child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); | |
| 68 | child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); | |
| 69 | child_cfg->add_traffic_selector(child_cfg, TRUE, | |
| 70 | traffic_selector_create_dynamic(0, 0, 65535)); | |
| 71 | child_cfg->add_traffic_selector(child_cfg, FALSE, | |
| 72 | traffic_selector_create_dynamic(0, 0, 65535)); | |
| 73 | return child_cfg; | |
| 74 | } | |
| 75 | ||
| 76 | static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local) | |
| 77 | { | |
| 78 | auth_cfg_t *auth; | |
| 79 | char *id = "init"; | |
| 80 | ||
| 81 | auth = auth_cfg_create(); | |
| 82 | auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); | |
| 83 | if (initiator ^ local) | |
| 84 | { | |
| 85 | id = "resp"; | |
| 86 | } | |
| 87 | auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id)); | |
| 88 | peer_cfg->add_auth_cfg(peer_cfg, auth, local); | |
| 89 | } | |
| 90 | ||
| 91 | static peer_cfg_t *create_peer_cfg(bool initiator) | |
| 92 | { | |
| 93 | peer_cfg_t *peer_cfg; | |
| 94 | peer_cfg_create_t peer = { | |
| 95 | .cert_policy = CERT_SEND_IF_ASKED, | |
| 96 | .unique = UNIQUE_REPLACE, | |
| 97 | .keyingtries = 1, | |
| 98 | }; | |
| 99 | ||
| 100 | peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(), | |
| 101 | &peer); | |
| 102 | add_auth_cfg(peer_cfg, initiator, TRUE); | |
| 103 | add_auth_cfg(peer_cfg, initiator, FALSE); | |
| 104 | peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator)); | |
| 105 | return peer_cfg; | |
| 106 | } | |
| 107 | ||
| 108 | METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, | |
| 109 | backend_t *this, host_t *me, host_t *other) | |
| 110 | { | |
| 111 | ike_cfg_t *ike_cfg = create_ike_cfg(); | |
| 112 | return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy); | |
| 113 | } | |
| 114 | ||
| 115 | METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, | |
| 116 | backend_t *this, identification_t *me, identification_t *other) | |
| 117 | { | |
| 118 | peer_cfg_t *peer_cfg = create_peer_cfg(FALSE); | |
| 119 | return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); | |
| 120 | } | |
| 121 | ||
| 122 | METHOD(exchange_test_helper_t, process_message, void, | |
| 123 | private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message) | |
| 124 | { | |
| 125 | if (!message) | |
| 126 | { | |
| 127 | message = this->public.sender->dequeue(this->public.sender); | |
| 128 | } | |
| 129 | charon->bus->set_sa(charon->bus, ike_sa); | |
| 130 | ike_sa->process_message(ike_sa, message); | |
| 131 | charon->bus->set_sa(charon->bus, NULL); | |
| 132 | message->destroy(message); | |
| 133 | } | |
| 134 | ||
| 135 | METHOD(exchange_test_helper_t, establish_sa, void, | |
| 136 | private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp) | |
| 137 | { | |
| 138 | ike_sa_id_t *id_i, *id_r; | |
| 139 | ike_sa_t *sa_i, *sa_r; | |
| 140 | peer_cfg_t *peer_cfg; | |
| 141 | ||
| 142 | sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, | |
| 143 | IKEV2, TRUE); | |
| 144 | id_i = sa_i->get_id(sa_i); | |
| 145 | ||
| 146 | sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, | |
| 147 | IKEV2, FALSE); | |
| 148 | id_r = sa_r->get_id(sa_r); | |
| 149 | ||
| 150 | peer_cfg = create_peer_cfg(TRUE); | |
| 151 | sa_i->set_peer_cfg(sa_i, peer_cfg); | |
| 152 | peer_cfg->destroy(peer_cfg); | |
| 153 | charon->bus->set_sa(charon->bus, sa_i); | |
| 154 | sa_i->initiate(sa_i, create_child_cfg(TRUE), 0, NULL, NULL); | |
| 155 | /* IKE_SA_INIT --> */ | |
| 156 | id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i)); | |
| 157 | process_message(this, sa_r, NULL); | |
| 158 | /* <-- IKE_SA_INIT */ | |
| 159 | id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r)); | |
| 160 | process_message(this, sa_i, NULL); | |
| 161 | /* IKE_AUTH --> */ | |
| 162 | process_message(this, sa_r, NULL); | |
| 163 | /* <-- IKE_AUTH */ | |
| 164 | process_message(this, sa_i, NULL); | |
| 165 | } | |
| 166 | ||
| 167 | /** | |
| 168 | * Enable logging in charon as requested | |
| 169 | */ | |
| 170 | static void initialize_logging() | |
| 171 | { | |
| 172 | int level = LEVEL_SILENT; | |
| 173 | char *verbosity; | |
| 174 | ||
| 175 | verbosity = getenv("TESTS_VERBOSITY"); | |
| 176 | if (verbosity) | |
| 177 | { | |
| 178 | level = atoi(verbosity); | |
| 179 | } | |
| 180 | lib->settings->set_int(lib->settings, "%s.filelog.stderr.default", | |
| 181 | lib->settings->get_int(lib->settings, "%s.filelog.stderr.default", | |
| 182 | level, lib->ns), lib->ns); | |
| 183 | lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE, | |
| 184 | lib->ns); | |
| 185 | charon->load_loggers(charon, NULL, TRUE); | |
| 186 | } | |
| 187 | ||
| 188 | /* | |
| 189 | * Described in header | |
| 190 | */ | |
| 191 | void exchange_test_helper_init(char *plugins) | |
| 192 | { | |
| 193 | private_exchange_test_helper_t *this; | |
| 194 | ||
| 195 | INIT(this, | |
| 196 | .public = { | |
| 197 | .sender = mock_sender_create(), | |
| 198 | .establish_sa = _establish_sa, | |
| 199 | .process_message = _process_message, | |
| 200 | }, | |
| 201 | .backend = { | |
| 202 | .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, | |
| 203 | .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, | |
| 204 | .get_peer_cfg_by_name = (void*)return_null, | |
| 205 | }, | |
| 206 | .creds = mem_cred_create(), | |
| 207 | ); | |
| 208 | ||
| 209 | initialize_logging(); | |
| 210 | /* the libcharon unit tests only load the libstrongswan plugins, unless | |
| 211 | * TESTS_PLUGINS is defined */ | |
| 212 | charon->initialize(charon, plugins); | |
| 213 | lib->plugins->status(lib->plugins, LEVEL_CTRL); | |
| 214 | /* the original sender is not initialized because there is no socket */ | |
| 215 | charon->sender = (sender_t*)this->public.sender; | |
| 216 | /* and there is no kernel plugin loaded | |
| 217 | * TODO: we'd have more control if we'd implement kernel_interface_t */ | |
| 218 | charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create); | |
| 219 | ||
| 220 | charon->backends->add_backend(charon->backends, &this->backend); | |
| 221 | lib->credmgr->add_set(lib->credmgr, &this->creds->set); | |
| 222 | ||
| 223 | this->creds->add_shared(this->creds, | |
| 224 | shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))), | |
| 225 | identification_create_from_string("%any"), NULL); | |
| 226 | ||
| 227 | exchange_test_helper = &this->public; | |
| 228 | } | |
| 229 | ||
| 230 | /* | |
| 231 | * Described in header | |
| 232 | */ | |
| 233 | void exchange_test_helper_deinit() | |
| 234 | { | |
| 235 | private_exchange_test_helper_t *this; | |
| 236 | ||
| 237 | this = (private_exchange_test_helper_t*)exchange_test_helper; | |
| 238 | ||
| 239 | charon->backends->remove_backend(charon->backends, &this->backend); | |
| 240 | lib->credmgr->remove_set(lib->credmgr, &this->creds->set); | |
| 241 | this->creds->destroy(this->creds); | |
| 242 | /* can't let charon do it as it happens too late */ | |
| 243 | charon->sender->destroy(charon->sender); | |
| 244 | charon->sender = NULL; | |
| 245 | free(this); | |
| 246 | } |