2 * Copyright (C) 2016 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "test_suite.h"
18 #include <credentials/auth_cfg.h>
22 signature_scheme_t sig
[5];
23 signature_scheme_t ike
[5];
24 } sig_constraints_tests
[] = {
25 { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }, {0}},
26 { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256
, SIGN_RSA_EMSA_PKCS1_SHA512
, 0 }, {0}},
27 { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, 0 }, {0}},
28 { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, 0 }, {0}},
29 { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, SIGN_BLISS_WITH_SHA2_256
, 0 }, {0}},
30 { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }},
31 { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }},
32 { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }},
33 { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256
, SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, SIGN_BLISS_WITH_SHA2_256
, 0 }},
34 { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, 0 }, {0}},
35 { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, 0 }, {0}},
36 { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER
, SIGN_ECDSA_256
, 0 }, {0}},
37 { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256
, 0 }, {0}},
38 { "rsa4096-sha256", {0}, {0}},
39 { "sha256", {0}, {0}},
40 { "ike:sha256", {0}, {0}},
43 static void check_sig_constraints(auth_cfg_t
*cfg
, auth_rule_t type
,
44 signature_scheme_t expected
[])
46 enumerator_t
*enumerator
;
51 enumerator
= cfg
->create_enumerator(cfg
);
52 while (enumerator
->enumerate(enumerator
, &t
, &value
))
56 ck_assert(expected
[i
]);
57 ck_assert_int_eq(expected
[i
], (signature_scheme_t
)value
);
61 enumerator
->destroy(enumerator
);
62 ck_assert(!expected
[i
]);
65 START_TEST(test_sig_contraints
)
68 signature_scheme_t none
[] = {0};
70 cfg
= auth_cfg_create();
71 cfg
->add_pubkey_constraints(cfg
, sig_constraints_tests
[_i
].constraints
, FALSE
);
72 check_sig_constraints(cfg
, AUTH_RULE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].sig
);
73 check_sig_constraints(cfg
, AUTH_RULE_IKE_SIGNATURE_SCHEME
, none
);
76 lib
->settings
->set_bool(lib
->settings
, "%s.signature_authentication_constraints",
79 cfg
= auth_cfg_create();
80 cfg
->add_pubkey_constraints(cfg
, sig_constraints_tests
[_i
].constraints
, TRUE
);
81 check_sig_constraints(cfg
, AUTH_RULE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].sig
);
82 check_sig_constraints(cfg
, AUTH_RULE_IKE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].ike
);
87 START_TEST(test_ike_contraints_fallback
)
91 lib
->settings
->set_bool(lib
->settings
, "%s.signature_authentication_constraints",
94 cfg
= auth_cfg_create();
95 cfg
->add_pubkey_constraints(cfg
, sig_constraints_tests
[_i
].constraints
, TRUE
);
96 check_sig_constraints(cfg
, AUTH_RULE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].sig
);
97 if (sig_constraints_tests
[_i
].ike
[0])
99 check_sig_constraints(cfg
, AUTH_RULE_IKE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].ike
);
103 check_sig_constraints(cfg
, AUTH_RULE_IKE_SIGNATURE_SCHEME
, sig_constraints_tests
[_i
].sig
);
109 Suite
*auth_cfg_suite_create()
114 s
= suite_create("auth_cfg");
116 tc
= tcase_create("add_pubkey_constraints");
117 tcase_add_loop_test(tc
, test_sig_contraints
, 0, countof(sig_constraints_tests
));
118 tcase_add_loop_test(tc
, test_ike_contraints_fallback
, 0, countof(sig_constraints_tests
));
119 suite_add_tcase(s
, tc
);