summaryrefslogtreecommitdiff
path: root/src/libcharon/tests/suites
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
committerYves-Alexis Perez <corsac@debian.org>2015-10-22 11:43:58 +0200
commit5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch)
tree037f1ec5bb860846938ddcf29771c24e9c529be0 /src/libcharon/tests/suites
parentb238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff)
downloadvyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz
vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip
Imported Upstream version 5.3.3
Diffstat (limited to 'src/libcharon/tests/suites')
-rw-r--r--src/libcharon/tests/suites/test_ike_cfg.c118
-rw-r--r--src/libcharon/tests/suites/test_message_chapoly.c138
2 files changed, 256 insertions, 0 deletions
diff --git a/src/libcharon/tests/suites/test_ike_cfg.c b/src/libcharon/tests/suites/test_ike_cfg.c
new file mode 100644
index 000000000..8062179b9
--- /dev/null
+++ b/src/libcharon/tests/suites/test_ike_cfg.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <config/ike_cfg.h>
+
+static void assert_family(int expected, char *addr, bool local)
+{
+ ike_cfg_t *cfg;
+ int family;
+
+ cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local ? addr : "%any", 500,
+ local ? "%any" : addr, 500, FRAGMENTATION_NO, 0);
+ family = ike_cfg_get_family(cfg, local);
+ ck_assert_msg(expected == family, "expected family %d != %d (addr: '%s')",
+ expected, family, addr);
+ cfg->destroy(cfg);
+}
+
+START_TEST(test_get_address_family_empty)
+{
+ assert_family(AF_UNSPEC, "", _i);
+}
+END_TEST
+
+START_TEST(test_get_address_family_addr)
+{
+ assert_family(AF_INET, "192.168.1.1", _i);
+ assert_family(AF_INET6, "fec::1", _i);
+}
+END_TEST
+
+START_TEST(test_get_address_family_multi)
+{
+ assert_family(AF_INET, "192.168.1.1,192.168.2.2", _i);
+ assert_family(AF_INET6, "fec::1,fec::2", _i);
+
+ assert_family(AF_UNSPEC, "192.168.1.1,fec::1", _i);
+ assert_family(AF_UNSPEC, "fec::1,192.168.1.1", _i);
+}
+END_TEST
+
+START_TEST(test_get_address_family_any)
+{
+ assert_family(AF_UNSPEC, "%any", _i);
+
+ assert_family(AF_INET, "%any4", _i);
+ assert_family(AF_INET, "0.0.0.0", _i);
+
+ assert_family(AF_INET6, "%any6", _i);
+ assert_family(AF_INET6, "::", _i);
+
+ assert_family(AF_INET, "192.168.1.1,%any", _i);
+ assert_family(AF_INET, "192.168.1.1,%any4", _i);
+ assert_family(AF_UNSPEC, "192.168.1.1,%any6", _i);
+
+ assert_family(AF_INET6, "fec::1,%any", _i);
+ assert_family(AF_UNSPEC, "fec::1,%any4", _i);
+ assert_family(AF_INET6, "fec::1,%any6", _i);
+}
+END_TEST
+
+START_TEST(test_get_address_family_other)
+{
+ assert_family(AF_INET, "192.168.1.0", _i);
+ assert_family(AF_UNSPEC, "192.168.1.0/24", _i);
+ assert_family(AF_UNSPEC, "192.168.1.0-192.168.1.10", _i);
+
+ assert_family(AF_INET, "192.168.1.0/24,192.168.2.1", _i);
+ assert_family(AF_INET, "192.168.1.0-192.168.1.10,192.168.2.1", _i);
+ assert_family(AF_INET6, "192.168.1.0/24,fec::1", _i);
+ assert_family(AF_INET6, "192.168.1.0-192.168.1.10,fec::1", _i);
+
+ assert_family(AF_INET6, "fec::", _i);
+ assert_family(AF_UNSPEC, "fec::/64", _i);
+ assert_family(AF_UNSPEC, "fec::1-fec::10", _i);
+
+ assert_family(AF_INET6, "fec::/64,fed::1", _i);
+ assert_family(AF_INET6, "fec::1-fec::10,fec::1", _i);
+ assert_family(AF_INET, "fec::/64,192.168.1.1", _i);
+ assert_family(AF_INET, "fec::1-fec::10,192.168.1.1", _i);
+
+ assert_family(AF_UNSPEC, "strongswan.org", _i);
+ assert_family(AF_INET, "192.168.1.0,strongswan.org", _i);
+ assert_family(AF_INET6, "fec::1,strongswan.org", _i);
+}
+END_TEST
+
+Suite *ike_cfg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ike_cfg");
+
+ tc = tcase_create("ike_cfg_get_address_family");
+ tcase_add_loop_test(tc, test_get_address_family_empty, 0, 2);
+ tcase_add_loop_test(tc, test_get_address_family_addr, 0, 2);
+ tcase_add_loop_test(tc, test_get_address_family_multi, 0, 2);
+ tcase_add_loop_test(tc, test_get_address_family_any, 0, 2);
+ tcase_add_loop_test(tc, test_get_address_family_other, 0, 2);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/suites/test_message_chapoly.c b/src/libcharon/tests/suites/test_message_chapoly.c
new file mode 100644
index 000000000..e871cf6c2
--- /dev/null
+++ b/src/libcharon/tests/suites/test_message_chapoly.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2015 Martin Willi
+ * Copyright (C) 2015 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <encoding/message.h>
+
+static aead_t *aead;
+
+static iv_gen_t *ivgen;
+
+METHOD(keymat_t, get_version, ike_version_t,
+ keymat_t *this)
+{
+ return IKEV2;
+}
+
+METHOD(keymat_t, get_aead, aead_t*,
+ keymat_t *this, bool in)
+{
+ return aead;
+}
+
+METHOD(aead_t, get_iv_gen, iv_gen_t*,
+ aead_t *this)
+{
+ return ivgen;
+}
+
+METHOD(iv_gen_t, get_iv, bool,
+ iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+{
+ if (size != 8)
+ {
+ return FALSE;
+ }
+ memcpy(buffer, "\x10\x11\x12\x13\x14\x15\x16\x17", 8);
+ return TRUE;
+}
+
+METHOD(iv_gen_t, allocate_iv, bool,
+ iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+{
+ if (size != 8)
+ {
+ return FALSE;
+ }
+ *chunk = chunk_alloc(size);
+ return get_iv(this, seq, chunk->len, chunk->ptr);
+}
+
+/**
+ * Appendix B draft-ietf-ipsecme-chacha20-poly1305-06
+ */
+START_TEST(test_chacha20poly1305)
+{
+ u_int64_t spii, spir;
+ ike_sa_id_t *id;
+ message_t *m;
+ u_int32_t window = htonl(10);
+ chunk_t chunk, exp;
+ keymat_t keymat = {
+ .get_version = _get_version,
+ .create_dh = (void*)return_null,
+ .create_nonce_gen = (void*)return_null,
+ .get_aead = _get_aead,
+ };
+
+ m = message_create(IKEV2, 0);
+ m->set_exchange_type(m, INFORMATIONAL);
+ htoun64(&spii, 0xc0c1c2c3c4c5c6c7);
+ htoun64(&spir, 0xd0d1d2d3d4d5d6d7);
+ id = ike_sa_id_create(IKEV2, spii, spir, FALSE);
+ m->set_ike_sa_id(m, id);
+ id->destroy(id);
+ m->set_source(m, host_create_from_string("1.2.3.4", 4500));
+ m->set_destination(m, host_create_from_string("4.3.2.1", 4500));
+ m->set_message_id(m, 9);
+ m->add_notify(m, TRUE, SET_WINDOW_SIZE, chunk_from_thing(window));
+
+ aead = lib->crypto->create_aead(lib->crypto, ENCR_CHACHA20_POLY1305, 32, 4);
+ ck_assert(aead);
+ ck_assert(aead->set_key(aead, chunk_from_chars(
+ 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,
+ 0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,
+ 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,
+ 0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
+ 0xa0,0xa1,0xa2,0xa3)));
+ INIT(ivgen,
+ .get_iv = _get_iv,
+ .allocate_iv = _allocate_iv,
+ .destroy = (void*)free,
+ );
+ aead->get_iv_gen = _get_iv_gen,
+
+ ck_assert(m->generate(m, &keymat, NULL) == SUCCESS);
+ chunk = m->get_packet_data(m);
+ exp = chunk_from_chars(0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+ 0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+ 0x2e,0x20,0x25,0x00,0x00,0x00,0x00,0x09,
+ 0x00,0x00,0x00,0x45,0x29,0x00,0x00,0x29,
+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+ 0x61,0x03,0x94,0x70,0x1f,0x8d,0x01,0x7f,
+ 0x7c,0x12,0x92,0x48,0x89,0x6b,0x71,0xbf,
+ 0xe2,0x52,0x36,0xef,0xd7,0xcd,0xc6,0x70,
+ 0x66,0x90,0x63,0x15,0xb2);
+ ck_assert_msg(chunk_equals(chunk, exp), "got %B\nexp %B", &chunk, &exp);
+ ivgen->destroy(ivgen);
+ aead->destroy(aead);
+ m->destroy(m);
+}
+END_TEST
+
+Suite *message_chapoly_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("chapoly");
+
+ tc = tcase_create("ChaCha20Poly1305 IKEv2 encryption");
+ tcase_add_test(tc, test_chacha20poly1305);
+ suite_add_tcase(s, tc);
+
+ return s;
+}