From: Tobias Brunner Date: Tue, 24 May 2016 12:14:05 +0000 (+0200) Subject: unit-tests: Make IKE and ESP proposals configurable X-Git-Tag: 5.5.0dr1~4^2~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=557e262f048400dbfeee500e5b067fafb2e173bd;p=thirdparty%2Fstrongswan.git unit-tests: Make IKE and ESP proposals configurable --- diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c index 1b44798c8f..51b3f059de 100644 --- a/src/libcharon/tests/suites/test_child_delete.c +++ b/src/libcharon/tests/suites/test_child_delete.c @@ -31,12 +31,12 @@ START_TEST(test_regular) if (_i) { /* responder deletes the CHILD_SA (SPI 2) */ exchange_test_helper->establish_sa(exchange_test_helper, - &b, &a); + &b, &a, NULL); } else { /* initiator deletes the CHILD_SA (SPI 1) */ exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); } assert_hook_not_called(child_updown); call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE); @@ -71,7 +71,7 @@ START_TEST(test_collision) ike_sa_t *a, *b; exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); /* both peers delete the CHILD_SA concurrently */ assert_hook_not_called(child_updown); call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); @@ -137,7 +137,7 @@ START_TEST(test_collision_drop) message_t *msg; exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); /* both peers delete the CHILD_SA concurrently */ assert_hook_not_called(child_updown); call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index 4fd4807566..7355a8c2a9 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -45,12 +45,12 @@ START_TEST(test_regular) if (_i) { /* responder rekeys the CHILD_SA (SPI 2) */ exchange_test_helper->establish_sa(exchange_test_helper, - &b, &a); + &b, &a, NULL); } else { /* initiator rekeys the CHILD_SA (SPI 1) */ exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); } initiate_rekey(a, spi_a); @@ -105,7 +105,7 @@ START_TEST(test_collision) ike_sa_t *a, *b; exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); /* When rekeyings collide we get two CHILD_SAs with a total of four nonces. * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that @@ -235,12 +235,12 @@ START_TEST(test_collision_delete) if (_i) { /* responder rekeys the CHILD_SA (SPI 2) */ exchange_test_helper->establish_sa(exchange_test_helper, - &b, &a); + &b, &a, NULL); } else { /* initiator rekeys the CHILD_SA (SPI 1) */ exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); @@ -322,12 +322,12 @@ START_TEST(test_collision_delete_drop_delete) if (_i) { /* responder rekeys the CHILD_SA (SPI 2) */ exchange_test_helper->establish_sa(exchange_test_helper, - &b, &a); + &b, &a, NULL); } else { /* initiator rekeys the CHILD_SA (SPI 1) */ exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); @@ -407,12 +407,12 @@ END_TEST if (_i) { /* responder rekeys the CHILD_SA (SPI 2) */ exchange_test_helper->establish_sa(exchange_test_helper, - &b, &a); + &b, &a, NULL); } else { /* initiator rekeys the CHILD_SA (SPI 1) */ exchange_test_helper->establish_sa(exchange_test_helper, - &a, &b); + &a, &b, NULL); } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c index 018804e6c8..038cca07a0 100644 --- a/src/libcharon/tests/utils/exchange_test_helper.c +++ b/src/libcharon/tests/utils/exchange_test_helper.c @@ -21,6 +21,7 @@ #include typedef struct private_exchange_test_helper_t private_exchange_test_helper_t; +typedef struct private_backend_t private_backend_t; /** * Private data @@ -32,11 +33,6 @@ struct private_exchange_test_helper_t { */ exchange_test_helper_t public; - /** - * Config backend - */ - backend_t backend; - /** * Credentials */ @@ -48,6 +44,27 @@ struct private_exchange_test_helper_t { refcount_t ike_spi; }; +/** + * Custom backend_t implementation + */ +struct private_backend_t { + + /** + * Public interface + */ + backend_t public; + + /** + * Responder ike_cfg + */ + ike_cfg_t *ike_cfg; + + /** + * Responder peer_cfg/child_cfg + */ + peer_cfg_t *peer_cfg; +}; + CALLBACK(get_ike_spi, uint64_t, private_exchange_test_helper_t *this) { @@ -59,26 +76,52 @@ CALLBACK(get_ike_spi, uint64_t, */ exchange_test_helper_t *exchange_test_helper; -static ike_cfg_t *create_ike_cfg() +static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf) { ike_cfg_t *ike_cfg; + char *proposal = NULL; ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT, "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + if (conf) + { + proposal = initiator ? conf->initiator.ike : conf->responder.ike; + } + if (proposal) + { + ike_cfg->add_proposal(ike_cfg, + proposal_create_from_string(PROTO_IKE, proposal)); + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } return ike_cfg; } -static child_cfg_t *create_child_cfg(bool initiator) +static child_cfg_t *create_child_cfg(bool initiator, + exchange_test_sa_conf_t *conf) { child_cfg_t *child_cfg; child_cfg_create_t child = { .mode = MODE_TUNNEL, }; + char *proposal = NULL; child_cfg = child_cfg_create(initiator ? "init" : "resp", &child); - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); - child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); + if (conf) + { + proposal = initiator ? conf->initiator.esp : conf->responder.esp; + } + if (proposal) + { + child_cfg->add_proposal(child_cfg, + proposal_create_from_string(PROTO_ESP, proposal)); + } + else + { + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + } child_cfg->add_traffic_selector(child_cfg, TRUE, traffic_selector_create_dynamic(0, 0, 65535)); child_cfg->add_traffic_selector(child_cfg, FALSE, @@ -101,7 +144,8 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local) peer_cfg->add_auth_cfg(peer_cfg, auth, local); } -static peer_cfg_t *create_peer_cfg(bool initiator) +static peer_cfg_t *create_peer_cfg(bool initiator, + exchange_test_sa_conf_t *conf) { peer_cfg_t *peer_cfg; peer_cfg_create_t peer = { @@ -110,26 +154,23 @@ static peer_cfg_t *create_peer_cfg(bool initiator) .keyingtries = 1, }; - peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(), - &peer); + peer_cfg = peer_cfg_create(initiator ? "init" : "resp", + create_ike_cfg(initiator, conf), &peer); add_auth_cfg(peer_cfg, initiator, TRUE); add_auth_cfg(peer_cfg, initiator, FALSE); - peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator)); return peer_cfg; } METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, - backend_t *this, host_t *me, host_t *other) + private_backend_t *this, host_t *me, host_t *other) { - ike_cfg_t *ike_cfg = create_ike_cfg(); - return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy); + return enumerator_create_single(this->ike_cfg, NULL); } METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, - backend_t *this, identification_t *me, identification_t *other) + private_backend_t *this, identification_t *me, identification_t *other) { - peer_cfg_t *peer_cfg = create_peer_cfg(FALSE); - return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); + return enumerator_create_single(this->peer_cfg, NULL); } METHOD(exchange_test_helper_t, process_message, void, @@ -146,11 +187,20 @@ METHOD(exchange_test_helper_t, process_message, void, } METHOD(exchange_test_helper_t, establish_sa, void, - private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp) + private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp, + exchange_test_sa_conf_t *conf) { + private_backend_t backend = { + .public = { + .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, + .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, + .get_peer_cfg_by_name = (void*)return_null, + }, + }; ike_sa_id_t *id_i, *id_r; ike_sa_t *sa_i, *sa_r; peer_cfg_t *peer_cfg; + child_cfg_t *child_cfg; sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, IKEV2, TRUE); @@ -160,10 +210,20 @@ METHOD(exchange_test_helper_t, establish_sa, void, IKEV2, FALSE); id_r = sa_r->get_id(sa_r); - peer_cfg = create_peer_cfg(TRUE); + peer_cfg = create_peer_cfg(TRUE, conf); + child_cfg = create_child_cfg(TRUE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); sa_i->set_peer_cfg(sa_i, peer_cfg); peer_cfg->destroy(peer_cfg); - call_ikesa(sa_i, initiate, create_child_cfg(TRUE), 0, NULL, NULL); + call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL); + + backend.ike_cfg = create_ike_cfg(FALSE, conf); + peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf); + child_cfg = create_child_cfg(FALSE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + child_cfg->destroy(child_cfg); + charon->backends->add_backend(charon->backends, &backend.public); + /* IKE_SA_INIT --> */ id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i)); process_message(this, sa_r, NULL); @@ -174,6 +234,10 @@ METHOD(exchange_test_helper_t, establish_sa, void, process_message(this, sa_r, NULL); /* <-- IKE_AUTH */ process_message(this, sa_i, NULL); + + charon->backends->remove_backend(charon->backends, &backend.public); + DESTROY_IF(backend.peer_cfg); + DESTROY_IF(backend.ike_cfg); } /** @@ -228,11 +292,6 @@ void exchange_test_helper_init(char *plugins) .establish_sa = _establish_sa, .process_message = _process_message, }, - .backend = { - .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, - .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, - .get_peer_cfg_by_name = (void*)return_null, - }, .creds = mem_cred_create(), ); @@ -253,7 +312,6 @@ void exchange_test_helper_init(char *plugins) charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi, this); - charon->backends->add_backend(charon->backends, &this->backend); lib->credmgr->add_set(lib->credmgr, &this->creds->set); this->creds->add_shared(this->creds, @@ -272,7 +330,6 @@ void exchange_test_helper_deinit() this = (private_exchange_test_helper_t*)exchange_test_helper; - charon->backends->remove_backend(charon->backends, &this->backend); lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->creds->destroy(this->creds); /* can't let charon do it as it happens too late */ diff --git a/src/libcharon/tests/utils/exchange_test_helper.h b/src/libcharon/tests/utils/exchange_test_helper.h index 861ce0d475..6530f75640 100644 --- a/src/libcharon/tests/utils/exchange_test_helper.h +++ b/src/libcharon/tests/utils/exchange_test_helper.h @@ -32,6 +32,7 @@ #include "mock_sender.h" typedef struct exchange_test_helper_t exchange_test_helper_t; +typedef struct exchange_test_sa_conf_t exchange_test_sa_conf_t; struct exchange_test_helper_t { @@ -51,9 +52,10 @@ struct exchange_test_helper_t { * * @param[out] init IKE_SA of the initiator * @param[out] resp IKE_SA of the responder + * @param conf configuration for SAs */ void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init, - ike_sa_t **resp); + ike_sa_t **resp, exchange_test_sa_conf_t *conf); /** * Pass a message to the given IKE_SA for processing, setting the IKE_SA on @@ -67,6 +69,19 @@ struct exchange_test_helper_t { message_t *message); }; +struct exchange_test_sa_conf_t { + + /** + * Configuration for initiator and responder + */ + struct { + /** IKE proposal */ + char *ike; + /** ESP proposal */ + char *esp; + } initiator, responder; +}; + /** * Since we don't use the IKE_SA manager to checkout SAs use this to call a * method on the given IKE_SA in its context.