]>
Commit | Line | Data |
---|---|---|
c7f5259c TB |
1 | /* |
2 | * Copyright (C) 2016 Tobias Brunner | |
3 | * HSR Hochschule fuer Technik Rapperswil | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | #include "exchange_test_helper.h" | |
17 | #include "mock_ipsec.h" | |
18 | ||
19 | #include <credentials/sets/mem_cred.h> | |
20 | ||
21 | typedef struct private_exchange_test_helper_t private_exchange_test_helper_t; | |
22 | ||
23 | /** | |
24 | * Private data | |
25 | */ | |
26 | struct private_exchange_test_helper_t { | |
27 | ||
28 | /** | |
29 | * Public interface | |
30 | */ | |
31 | exchange_test_helper_t public; | |
32 | ||
33 | /** | |
34 | * Config backend | |
35 | */ | |
36 | backend_t backend; | |
37 | ||
38 | /** | |
39 | * Credentials | |
40 | */ | |
41 | mem_cred_t *creds; | |
42 | }; | |
43 | ||
44 | /* | |
45 | * Described in header | |
46 | */ | |
47 | exchange_test_helper_t *exchange_test_helper; | |
48 | ||
49 | static ike_cfg_t *create_ike_cfg() | |
50 | { | |
51 | ike_cfg_t *ike_cfg; | |
52 | ||
53 | ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT, | |
54 | "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); | |
55 | ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); | |
56 | return ike_cfg; | |
57 | } | |
58 | ||
59 | static child_cfg_t *create_child_cfg(bool initiator) | |
60 | { | |
61 | child_cfg_t *child_cfg; | |
62 | child_cfg_create_t child = { | |
63 | .mode = MODE_TUNNEL, | |
64 | }; | |
65 | ||
66 | child_cfg = child_cfg_create(initiator ? "init" : "resp", &child); | |
67 | child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); | |
68 | child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); | |
69 | child_cfg->add_traffic_selector(child_cfg, TRUE, | |
70 | traffic_selector_create_dynamic(0, 0, 65535)); | |
71 | child_cfg->add_traffic_selector(child_cfg, FALSE, | |
72 | traffic_selector_create_dynamic(0, 0, 65535)); | |
73 | return child_cfg; | |
74 | } | |
75 | ||
76 | static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local) | |
77 | { | |
78 | auth_cfg_t *auth; | |
79 | char *id = "init"; | |
80 | ||
81 | auth = auth_cfg_create(); | |
82 | auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); | |
83 | if (initiator ^ local) | |
84 | { | |
85 | id = "resp"; | |
86 | } | |
87 | auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id)); | |
88 | peer_cfg->add_auth_cfg(peer_cfg, auth, local); | |
89 | } | |
90 | ||
91 | static peer_cfg_t *create_peer_cfg(bool initiator) | |
92 | { | |
93 | peer_cfg_t *peer_cfg; | |
94 | peer_cfg_create_t peer = { | |
95 | .cert_policy = CERT_SEND_IF_ASKED, | |
96 | .unique = UNIQUE_REPLACE, | |
97 | .keyingtries = 1, | |
98 | }; | |
99 | ||
100 | peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(), | |
101 | &peer); | |
102 | add_auth_cfg(peer_cfg, initiator, TRUE); | |
103 | add_auth_cfg(peer_cfg, initiator, FALSE); | |
104 | peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator)); | |
105 | return peer_cfg; | |
106 | } | |
107 | ||
108 | METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, | |
109 | backend_t *this, host_t *me, host_t *other) | |
110 | { | |
111 | ike_cfg_t *ike_cfg = create_ike_cfg(); | |
112 | return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy); | |
113 | } | |
114 | ||
115 | METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, | |
116 | backend_t *this, identification_t *me, identification_t *other) | |
117 | { | |
118 | peer_cfg_t *peer_cfg = create_peer_cfg(FALSE); | |
119 | return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); | |
120 | } | |
121 | ||
122 | METHOD(exchange_test_helper_t, process_message, void, | |
123 | private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message) | |
124 | { | |
125 | if (!message) | |
126 | { | |
127 | message = this->public.sender->dequeue(this->public.sender); | |
128 | } | |
129 | charon->bus->set_sa(charon->bus, ike_sa); | |
130 | ike_sa->process_message(ike_sa, message); | |
131 | charon->bus->set_sa(charon->bus, NULL); | |
132 | message->destroy(message); | |
133 | } | |
134 | ||
135 | METHOD(exchange_test_helper_t, establish_sa, void, | |
136 | private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp) | |
137 | { | |
138 | ike_sa_id_t *id_i, *id_r; | |
139 | ike_sa_t *sa_i, *sa_r; | |
140 | peer_cfg_t *peer_cfg; | |
141 | ||
142 | sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, | |
143 | IKEV2, TRUE); | |
144 | id_i = sa_i->get_id(sa_i); | |
145 | ||
146 | sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, | |
147 | IKEV2, FALSE); | |
148 | id_r = sa_r->get_id(sa_r); | |
149 | ||
150 | peer_cfg = create_peer_cfg(TRUE); | |
151 | sa_i->set_peer_cfg(sa_i, peer_cfg); | |
152 | peer_cfg->destroy(peer_cfg); | |
153 | charon->bus->set_sa(charon->bus, sa_i); | |
154 | sa_i->initiate(sa_i, create_child_cfg(TRUE), 0, NULL, NULL); | |
155 | /* IKE_SA_INIT --> */ | |
156 | id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i)); | |
157 | process_message(this, sa_r, NULL); | |
158 | /* <-- IKE_SA_INIT */ | |
159 | id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r)); | |
160 | process_message(this, sa_i, NULL); | |
161 | /* IKE_AUTH --> */ | |
162 | process_message(this, sa_r, NULL); | |
163 | /* <-- IKE_AUTH */ | |
164 | process_message(this, sa_i, NULL); | |
165 | } | |
166 | ||
167 | /** | |
168 | * Enable logging in charon as requested | |
169 | */ | |
170 | static void initialize_logging() | |
171 | { | |
172 | int level = LEVEL_SILENT; | |
173 | char *verbosity; | |
174 | ||
175 | verbosity = getenv("TESTS_VERBOSITY"); | |
176 | if (verbosity) | |
177 | { | |
178 | level = atoi(verbosity); | |
179 | } | |
180 | lib->settings->set_int(lib->settings, "%s.filelog.stderr.default", | |
181 | lib->settings->get_int(lib->settings, "%s.filelog.stderr.default", | |
182 | level, lib->ns), lib->ns); | |
183 | lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE, | |
184 | lib->ns); | |
185 | charon->load_loggers(charon, NULL, TRUE); | |
186 | } | |
187 | ||
188 | /* | |
189 | * Described in header | |
190 | */ | |
191 | void exchange_test_helper_init(char *plugins) | |
192 | { | |
193 | private_exchange_test_helper_t *this; | |
194 | ||
195 | INIT(this, | |
196 | .public = { | |
197 | .sender = mock_sender_create(), | |
198 | .establish_sa = _establish_sa, | |
199 | .process_message = _process_message, | |
200 | }, | |
201 | .backend = { | |
202 | .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, | |
203 | .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, | |
204 | .get_peer_cfg_by_name = (void*)return_null, | |
205 | }, | |
206 | .creds = mem_cred_create(), | |
207 | ); | |
208 | ||
209 | initialize_logging(); | |
210 | /* the libcharon unit tests only load the libstrongswan plugins, unless | |
211 | * TESTS_PLUGINS is defined */ | |
212 | charon->initialize(charon, plugins); | |
213 | lib->plugins->status(lib->plugins, LEVEL_CTRL); | |
214 | /* the original sender is not initialized because there is no socket */ | |
215 | charon->sender = (sender_t*)this->public.sender; | |
216 | /* and there is no kernel plugin loaded | |
217 | * TODO: we'd have more control if we'd implement kernel_interface_t */ | |
218 | charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create); | |
219 | ||
220 | charon->backends->add_backend(charon->backends, &this->backend); | |
221 | lib->credmgr->add_set(lib->credmgr, &this->creds->set); | |
222 | ||
223 | this->creds->add_shared(this->creds, | |
224 | shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))), | |
225 | identification_create_from_string("%any"), NULL); | |
226 | ||
227 | exchange_test_helper = &this->public; | |
228 | } | |
229 | ||
230 | /* | |
231 | * Described in header | |
232 | */ | |
233 | void exchange_test_helper_deinit() | |
234 | { | |
235 | private_exchange_test_helper_t *this; | |
236 | ||
237 | this = (private_exchange_test_helper_t*)exchange_test_helper; | |
238 | ||
239 | charon->backends->remove_backend(charon->backends, &this->backend); | |
240 | lib->credmgr->remove_set(lib->credmgr, &this->creds->set); | |
241 | this->creds->destroy(this->creds); | |
242 | /* can't let charon do it as it happens too late */ | |
243 | charon->sender->destroy(charon->sender); | |
244 | charon->sender = NULL; | |
245 | free(this); | |
246 | } |