]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/tests/suites/test_proposal.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'dh-group-rekey'
[thirdparty/strongswan.git] / src / libstrongswan / tests / suites / test_proposal.c
1 /*
2 * Copyright (C) 2016-2018 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <crypto/proposal/proposal.h>
19
20 static struct {
21 protocol_id_t proto;
22 char *proposal;
23 char *expected;
24 } create_data[] = {
25 { PROTO_IKE, "", NULL },
26 { PROTO_IKE, "sha256", NULL },
27 { PROTO_IKE, "sha256-modp3072", NULL },
28 { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
29 { PROTO_IKE, "aes128", NULL },
30 { PROTO_IKE, "aes128-sha256", NULL },
31 { PROTO_IKE, "aes128-sha256-modpnone", NULL },
32 { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
33 { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
34 { PROTO_IKE, "aes128gcm16-modp3072", NULL },
35 { PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
36 { PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
37 { PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL },
38 { PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL },
39 { PROTO_ESP, "", NULL },
40 { PROTO_ESP, "sha256", NULL },
41 { PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
42 { PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" },
43 { PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
44 { PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
45 { PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" },
46 { PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL },
47 { PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" },
48 { PROTO_AH, "", NULL },
49 { PROTO_AH, "aes128", NULL },
50 { PROTO_AH, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
51 { PROTO_AH, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" },
52 { PROTO_AH, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
53 { PROTO_AH, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
54 { PROTO_AH, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
55 { PROTO_AH, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" },
56 { PROTO_AH, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
57 { PROTO_AH, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
58 };
59
60 static void assert_proposal_eq(proposal_t *proposal, char *expected)
61 {
62 char str[BUF_LEN];
63
64 if (!expected)
65 {
66 ck_assert(!proposal);
67 return;
68 }
69 snprintf(str, sizeof(str), "%P", proposal);
70 ck_assert_str_eq(expected, str);
71 }
72
73 START_TEST(test_create_from_string)
74 {
75 proposal_t *proposal;
76
77 proposal = proposal_create_from_string(create_data[_i].proto,
78 create_data[_i].proposal);
79 assert_proposal_eq(proposal, create_data[_i].expected);
80 DESTROY_IF(proposal);
81 }
82 END_TEST
83
84 static struct {
85 protocol_id_t proto;
86 char *self;
87 char *other;
88 char *expected;
89 } select_data[] = {
90 { PROTO_ESP, "aes128", "aes128", "aes128" },
91 { PROTO_ESP, "aes128", "aes256", NULL },
92 { PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" },
93 { PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" },
94 { PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
95 { PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
96 { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL },
97 { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL },
98 { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
99 { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
100 { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
101 { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
102 { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
103 { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
104 { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
105 { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
106 { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
107 };
108
109 START_TEST(test_select)
110 {
111 proposal_t *self, *other, *selected, *expected;
112
113 self = proposal_create_from_string(select_data[_i].proto,
114 select_data[_i].self);
115 other = proposal_create_from_string(select_data[_i].proto,
116 select_data[_i].other);
117 selected = self->select(self, other, TRUE, FALSE);
118 if (select_data[_i].expected)
119 {
120 expected = proposal_create_from_string(select_data[_i].proto,
121 select_data[_i].expected);
122 ck_assert(selected);
123 ck_assert_msg(expected->equals(expected, selected), "proposal %P does "
124 "not match expected %P", selected, expected);
125 expected->destroy(expected);
126 }
127 else
128 {
129 ck_assert(!selected);
130 }
131 DESTROY_IF(selected);
132 other->destroy(other);
133 self->destroy(self);
134 }
135 END_TEST
136
137 START_TEST(test_select_spi)
138 {
139 proposal_t *self, *other, *selected;
140
141 self = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072");
142 other = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072");
143 other->set_spi(other, 0x12345678);
144
145 selected = self->select(self, other, TRUE, FALSE);
146 ck_assert(selected);
147 ck_assert_int_eq(selected->get_spi(selected), other->get_spi(other));
148 selected->destroy(selected);
149
150 selected = self->select(self, other, FALSE, FALSE);
151 ck_assert(selected);
152 ck_assert_int_eq(selected->get_spi(selected), self->get_spi(self));
153 selected->destroy(selected);
154
155 other->destroy(other);
156 self->destroy(self);
157 }
158 END_TEST
159
160 START_TEST(test_promote_dh_group)
161 {
162 proposal_t *proposal;
163
164 proposal = proposal_create_from_string(PROTO_IKE,
165 "aes128-sha256-modp3072-ecp256");
166 ck_assert(proposal->promote_dh_group(proposal, ECP_256_BIT));
167 assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/MODP_3072");
168 proposal->destroy(proposal);
169 }
170 END_TEST
171
172 START_TEST(test_promote_dh_group_already_front)
173 {
174 proposal_t *proposal;
175
176 proposal = proposal_create_from_string(PROTO_IKE,
177 "aes128-sha256-modp3072-ecp256");
178 ck_assert(proposal->promote_dh_group(proposal, MODP_3072_BIT));
179 assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
180 proposal->destroy(proposal);
181 }
182 END_TEST
183
184 START_TEST(test_promote_dh_group_not_contained)
185 {
186 proposal_t *proposal;
187
188 proposal = proposal_create_from_string(PROTO_IKE,
189 "aes128-sha256-modp3072-ecp256");
190
191 ck_assert(!proposal->promote_dh_group(proposal, MODP_2048_BIT));
192 assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
193 proposal->destroy(proposal);
194 }
195 END_TEST
196
197 Suite *proposal_suite_create()
198 {
199 Suite *s;
200 TCase *tc;
201
202 s = suite_create("proposal");
203
204 tc = tcase_create("create_from_string");
205 tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data));
206 suite_add_tcase(s, tc);
207
208 tc = tcase_create("select");
209 tcase_add_loop_test(tc, test_select, 0, countof(select_data));
210 tcase_add_test(tc, test_select_spi);
211 suite_add_tcase(s, tc);
212
213 tc = tcase_create("promote_dh_group");
214 tcase_add_test(tc, test_promote_dh_group);
215 tcase_add_test(tc, test_promote_dh_group_already_front);
216 tcase_add_test(tc, test_promote_dh_group_not_contained);
217 suite_add_tcase(s, tc);
218
219 return s;
220 }
Unnamed repository; edit this file 'description' to name the repository.