2 * Copyright (C) 2016-2018 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "test_suite.h"
18 #include <crypto/proposal/proposal.h>
25 { PROTO_IKE
, "", NULL
},
26 { PROTO_IKE
, "sha256", NULL
},
27 { PROTO_IKE
, "sha256-modp3072", NULL
},
28 { PROTO_IKE
, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
29 { PROTO_IKE
, "aes128", NULL
},
30 { PROTO_IKE
, "aes128-sha256", NULL
},
31 { PROTO_IKE
, "aes128-sha256-modpnone", NULL
},
32 { PROTO_IKE
, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
33 { PROTO_IKE
, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
34 { PROTO_IKE
, "aes128gcm16-modp3072", NULL
},
35 { PROTO_IKE
, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
36 { PROTO_IKE
, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
37 { PROTO_IKE
, "aes128gcm16-aes128-modp3072", NULL
},
38 { PROTO_IKE
, "aes128gcm16-aes128-sha256-modp3072", NULL
},
39 { PROTO_ESP
, "", NULL
},
40 { PROTO_ESP
, "sha256", NULL
},
41 { PROTO_ESP
, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
42 { PROTO_ESP
, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" },
43 { PROTO_ESP
, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
44 { PROTO_ESP
, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
45 { PROTO_ESP
, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" },
46 { PROTO_ESP
, "aes128gcm16-aes128-sha256-modp3072", NULL
},
47 { PROTO_ESP
, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" },
48 { PROTO_AH
, "", NULL
},
49 { PROTO_AH
, "aes128", NULL
},
50 { PROTO_AH
, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
51 { PROTO_AH
, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" },
52 { PROTO_AH
, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
53 { PROTO_AH
, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
54 { PROTO_AH
, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
55 { PROTO_AH
, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" },
56 { PROTO_AH
, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
57 { PROTO_AH
, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
60 static void assert_proposal_eq(proposal_t
*proposal
, char *expected
)
69 snprintf(str
, sizeof(str
), "%P", proposal
);
70 ck_assert_str_eq(expected
, str
);
73 START_TEST(test_create_from_string
)
77 proposal
= proposal_create_from_string(create_data
[_i
].proto
,
78 create_data
[_i
].proposal
);
79 assert_proposal_eq(proposal
, create_data
[_i
].expected
);
90 { PROTO_ESP
, "aes128", "aes128", "aes128" },
91 { PROTO_ESP
, "aes128", "aes256", NULL
},
92 { PROTO_ESP
, "aes128-aes256", "aes256-aes128", "aes128" },
93 { PROTO_ESP
, "aes256-aes128", "aes128-aes256", "aes256" },
94 { PROTO_ESP
, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
95 { PROTO_ESP
, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
96 { PROTO_ESP
, "aes128-sha256-modp3072", "aes128-sha256", NULL
},
97 { PROTO_ESP
, "aes128-sha256", "aes128-sha256-modp3072", NULL
},
98 { PROTO_ESP
, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL
},
99 { PROTO_ESP
, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL
},
100 { PROTO_ESP
, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
101 { PROTO_ESP
, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
102 { PROTO_ESP
, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
103 { PROTO_ESP
, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
104 { PROTO_IKE
, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
105 { PROTO_IKE
, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
106 { PROTO_IKE
, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
109 START_TEST(test_select
)
111 proposal_t
*self
, *other
, *selected
, *expected
;
113 self
= proposal_create_from_string(select_data
[_i
].proto
,
114 select_data
[_i
].self
);
115 other
= proposal_create_from_string(select_data
[_i
].proto
,
116 select_data
[_i
].other
);
117 selected
= self
->select(self
, other
, TRUE
, FALSE
);
118 if (select_data
[_i
].expected
)
120 expected
= proposal_create_from_string(select_data
[_i
].proto
,
121 select_data
[_i
].expected
);
123 ck_assert_msg(expected
->equals(expected
, selected
), "proposal %P does "
124 "not match expected %P", selected
, expected
);
125 expected
->destroy(expected
);
129 ck_assert(!selected
);
131 DESTROY_IF(selected
);
132 other
->destroy(other
);
137 START_TEST(test_select_spi
)
139 proposal_t
*self
, *other
, *selected
;
141 self
= proposal_create_from_string(PROTO_ESP
, "aes128-sha256-modp3072");
142 other
= proposal_create_from_string(PROTO_ESP
, "aes128-sha256-modp3072");
143 other
->set_spi(other
, 0x12345678);
145 selected
= self
->select(self
, other
, TRUE
, FALSE
);
147 ck_assert_int_eq(selected
->get_spi(selected
), other
->get_spi(other
));
148 selected
->destroy(selected
);
150 selected
= self
->select(self
, other
, FALSE
, FALSE
);
152 ck_assert_int_eq(selected
->get_spi(selected
), self
->get_spi(self
));
153 selected
->destroy(selected
);
155 other
->destroy(other
);
160 START_TEST(test_promote_dh_group
)
162 proposal_t
*proposal
;
164 proposal
= proposal_create_from_string(PROTO_IKE
,
165 "aes128-sha256-modp3072-ecp256");
166 ck_assert(proposal
->promote_dh_group(proposal
, ECP_256_BIT
));
167 assert_proposal_eq(proposal
, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/MODP_3072");
168 proposal
->destroy(proposal
);
172 START_TEST(test_promote_dh_group_already_front
)
174 proposal_t
*proposal
;
176 proposal
= proposal_create_from_string(PROTO_IKE
,
177 "aes128-sha256-modp3072-ecp256");
178 ck_assert(proposal
->promote_dh_group(proposal
, MODP_3072_BIT
));
179 assert_proposal_eq(proposal
, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
180 proposal
->destroy(proposal
);
184 START_TEST(test_promote_dh_group_not_contained
)
186 proposal_t
*proposal
;
188 proposal
= proposal_create_from_string(PROTO_IKE
,
189 "aes128-sha256-modp3072-ecp256");
191 ck_assert(!proposal
->promote_dh_group(proposal
, MODP_2048_BIT
));
192 assert_proposal_eq(proposal
, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
193 proposal
->destroy(proposal
);
197 Suite
*proposal_suite_create()
202 s
= suite_create("proposal");
204 tc
= tcase_create("create_from_string");
205 tcase_add_loop_test(tc
, test_create_from_string
, 0, countof(create_data
));
206 suite_add_tcase(s
, tc
);
208 tc
= tcase_create("select");
209 tcase_add_loop_test(tc
, test_select
, 0, countof(select_data
));
210 tcase_add_test(tc
, test_select_spi
);
211 suite_add_tcase(s
, tc
);
213 tc
= tcase_create("promote_dh_group");
214 tcase_add_test(tc
, test_promote_dh_group
);
215 tcase_add_test(tc
, test_promote_dh_group_already_front
);
216 tcase_add_test(tc
, test_promote_dh_group_not_contained
);
217 suite_add_tcase(s
, tc
);