]>
git.ipfire.org Git - people/ms/strongswan.git/blob - Source/charon/testcases/sa_config_test.c
2 * @file sa_config_test.c
4 * @brief Tests for the sa_config_t class.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 #include "sa_config_test.h"
26 #include <config/sa_config.h>
27 #include <config/traffic_selector.h>
28 #include <utils/allocator.h>
29 #include <utils/logger.h>
30 #include <encoding/payloads/ts_payload.h>
34 * Described in header.
36 void test_sa_config(protected_tester_t
*tester
)
38 sa_config_t
*sa_config
;
39 traffic_selector_t
*ts_policy
[3], *ts_request
[4], *ts_reference
[3], **ts_result
;
40 proposal_t
*proposal1
, *proposal2
, *proposal3
, *proposal_sel
;
41 linked_list_t
*proposals_list
;
45 ts_payload_t
*ts_payload
;
47 logger
= charon
->logger_manager
->create_logger(charon
->logger_manager
, TESTER
, NULL
);
48 logger
->disable_level(logger
, FULL
);
50 sa_config
= sa_config_create(ID_IPV4_ADDR
, "152.96.193.130",
51 ID_IPV4_ADDR
, "152.96.193.131",
52 RSA_DIGITAL_SIGNATURE
,
55 tester
->assert_true(tester
, (sa_config
!= NULL
), "sa_config construction");
59 * test proposal getting and selection
64 proposal1
= proposal_create(1);
65 proposal1
->add_algorithm(proposal1
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_AES_CBC
, 16);
68 proposal2
= proposal_create(2);
69 proposal2
->add_algorithm(proposal2
, AH
, INTEGRITY_ALGORITHM
, AUTH_HMAC_SHA1_96
, 20);
72 proposal3
= proposal_create(3);
73 proposal3
->add_algorithm(proposal3
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_3DES
, 16);
74 proposal3
->add_algorithm(proposal3
, AH
, INTEGRITY_ALGORITHM
, AUTH_HMAC_MD5_96
, 20);
77 sa_config
->add_proposal(sa_config
, proposal1
);
78 sa_config
->add_proposal(sa_config
, proposal2
);
79 sa_config
->add_proposal(sa_config
, proposal3
);
82 proposals_list
= sa_config
->get_proposals(sa_config
);
83 tester
->assert_true(tester
, (proposals_list
->get_count(proposals_list
) == 3), "proposal count");
86 proposals_list
= linked_list_create();
87 proposal1
= proposal_create(1);
88 proposal1
->add_algorithm(proposal1
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_AES_CBC
, 32);
89 proposal2
= proposal_create(2);
90 proposal2
->add_algorithm(proposal2
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_AES_CBC
, 16);
91 proposal2
->add_algorithm(proposal2
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_3DES
, 16);
92 proposal2
->add_algorithm(proposal2
, ESP
, ENCRYPTION_ALGORITHM
, ENCR_BLOWFISH
, 0);
93 proposal2
->add_algorithm(proposal2
, AH
, INTEGRITY_ALGORITHM
, AUTH_HMAC_SHA1_96
, 20);
94 proposal2
->add_algorithm(proposal2
, AH
, INTEGRITY_ALGORITHM
, AUTH_HMAC_MD5_96
, 20);
96 proposals_list
->insert_last(proposals_list
, proposal1
);
97 proposals_list
->insert_last(proposals_list
, proposal2
);
99 proposal_sel
= sa_config
->select_proposal(sa_config
, proposals_list
);
100 tester
->assert_false(tester
, proposal_sel
== NULL
, "proposal select");
101 /* check ESP encryption algo */
102 iterator
= proposal_sel
->create_algorithm_iterator(proposal_sel
, ESP
, ENCRYPTION_ALGORITHM
);
103 tester
->assert_false(tester
, iterator
== NULL
, "algorithm select ESP");
104 while (iterator
->has_next(iterator
))
107 iterator
->current(iterator
, (void**)&algo
);
108 tester
->assert_true(tester
, algo
->algorithm
== ENCR_3DES
, "ESP encryption algo");
109 tester
->assert_true(tester
, algo
->key_size
== 16, "ESP encryption keysize");
111 iterator
->destroy(iterator
);
112 iterator
= proposal_sel
->create_algorithm_iterator(proposal_sel
, AH
, INTEGRITY_ALGORITHM
);
113 /* check AH integrity algo */
114 tester
->assert_false(tester
, iterator
== NULL
, "algorithm select AH");
115 while (iterator
->has_next(iterator
))
118 iterator
->current(iterator
, (void**)&algo
);
119 tester
->assert_true(tester
, algo
->algorithm
== AUTH_HMAC_MD5_96
, "ESP encryption algo");
120 tester
->assert_true(tester
, algo
->key_size
== 20, "ESP encryption keysize");
122 iterator
->destroy(iterator
);
124 proposal_sel
->destroy(proposal_sel
);
127 proposal1
->destroy(proposal1
);
128 proposal1
->destroy(proposal2
);
129 proposals_list
->destroy(proposals_list
);
132 * test traffic selection getting and matching
136 /* define policies */
139 ts_policy
[0] = traffic_selector_create_from_string(6, TS_IPV4_ADDR_RANGE
, "0.0.0.0", 0, "255.255.255.255", 65535);
141 /* allow udp on port 123 to ".122" */
142 ts_policy
[1] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.122", 123, "152.96.193.122", 123);
144 /* allow udp on ports > 2000 in subnet ... */
145 ts_policy
[2] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.0", 2000, "152.96.193.255", 65535);
149 /* define request and result */
151 /* udp on subnet:123, should be reduced to ".122" */
152 ts_request
[0] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.0", 123, "152.96.193.255", 123);
153 ts_reference
[0] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.122", 123, "152.96.193.122", 123);
155 /* should be granted. */
156 ts_request
[1] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.0", 2000, "152.96.193.255", 2000);
157 ts_reference
[1] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.0", 2000, "152.96.193.255", 2000);
159 /* should be reduced to port 2000 - 3000. and range ".193.*" */
160 ts_request
[2] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.191.0", 1000, "152.96.194.255", 3000);
161 ts_reference
[2] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE
, "152.96.193.0", 2000, "152.96.193.255", 3000);
163 /* icmp request, should be discarded */
164 ts_request
[3] = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE
, "0.0.0.0", 0, "255.255.255.255", 65535);
166 sa_config
->add_my_traffic_selector(sa_config
, ts_policy
[0]);
167 sa_config
->add_my_traffic_selector(sa_config
, ts_policy
[1]);
168 sa_config
->add_my_traffic_selector(sa_config
, ts_policy
[2]);
170 count
= sa_config
->get_my_traffic_selectors(sa_config
, &ts_result
);
171 tester
->assert_true(tester
, (count
== 3), "ts get count");
172 ts_result
[0]->destroy(ts_result
[0]);
173 ts_result
[0]->destroy(ts_result
[1]);
174 ts_result
[0]->destroy(ts_result
[2]);
175 allocator_free(ts_result
);
177 count
= sa_config
->select_my_traffic_selectors(sa_config
, &ts_request
[0], 4, &ts_result
);
178 tester
->assert_true(tester
, (count
== 3), "ts select count");
181 /* store and restore into ts payload, tricky tricky */
182 ts_payload
= ts_payload_create_from_traffic_selectors(TRUE
, ts_result
, count
);
185 ts_result
[0]->destroy(ts_result
[0]);
186 ts_result
[0]->destroy(ts_result
[1]);
187 ts_result
[0]->destroy(ts_result
[2]);
188 allocator_free(ts_result
);
190 /* get them again out of the payload */
191 count
= ts_payload
->get_traffic_selectors(ts_payload
, &ts_result
);
192 ts_payload
->destroy(ts_payload
);
197 for (i
= 0; i
<count
; i
++)
199 chunk_t fa_res
= ts_result
[i
]->get_from_address(ts_result
[i
]);
200 chunk_t fa_ref
= ts_reference
[i
]->get_from_address(ts_reference
[i
]);
201 chunk_t ta_res
= ts_result
[i
]->get_to_address(ts_result
[i
]);
202 chunk_t ta_ref
= ts_reference
[i
]->get_to_address(ts_reference
[i
]);
203 u_int16_t fp_res
= ts_result
[i
]->get_from_port(ts_result
[i
]);
204 u_int16_t fp_ref
= ts_reference
[i
]->get_from_port(ts_reference
[i
]);
205 u_int16_t tp_res
= ts_result
[i
]->get_to_port(ts_result
[i
]);
206 u_int16_t tp_ref
= ts_reference
[i
]->get_to_port(ts_reference
[i
]);
209 logger
->log_chunk(logger
, RAW
, "from address result", &fa_res
);
210 logger
->log_chunk(logger
, RAW
, "from address reference", &fa_ref
);
211 logger
->log_chunk(logger
, RAW
, "to address result", &ta_res
);
212 logger
->log_chunk(logger
, RAW
, "to address reference", &ta_ref
);
213 tester
->assert_true(tester
, fa_res
.len
== fa_ref
.len
, "from address len");
214 tester
->assert_false(tester
, memcmp(fa_res
.ptr
, fa_ref
.ptr
,fa_res
.len
), "from address value");
215 tester
->assert_true(tester
, ta_res
.len
== ta_ref
.len
, "to address len");
216 tester
->assert_false(tester
, memcmp(ta_res
.ptr
, ta_ref
.ptr
,ta_res
.len
), "to address value");
218 tester
->assert_true(tester
, fp_res
== fp_ref
, "from port");
219 tester
->assert_true(tester
, tp_res
== tp_ref
, "to port");
221 allocator_free(fa_res
.ptr
);
222 allocator_free(fa_ref
.ptr
);
223 allocator_free(ta_res
.ptr
);
224 allocator_free(ta_ref
.ptr
);
229 ts_result
[0]->destroy(ts_result
[0]);
230 ts_result
[0]->destroy(ts_result
[1]);
231 ts_result
[0]->destroy(ts_result
[2]);
232 allocator_free(ts_result
);
234 ts_policy
[0]->destroy(ts_policy
[0]);
235 ts_policy
[1]->destroy(ts_policy
[1]);
236 ts_policy
[2]->destroy(ts_policy
[2]);
237 ts_request
[0]->destroy(ts_request
[0]);
238 ts_reference
[0]->destroy(ts_reference
[0]);
239 ts_request
[1]->destroy(ts_request
[1]);
240 ts_reference
[1]->destroy(ts_reference
[1]);
241 ts_request
[2]->destroy(ts_request
[2]);
242 ts_reference
[2]->destroy(ts_reference
[2]);
243 ts_request
[3]->destroy(ts_request
[3]);
245 sa_config
->destroy(sa_config
);