summaryrefslogtreecommitdiff
path: root/src/libstrongswan/tests/suites
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-03-24 11:59:32 +0100
committerYves-Alexis Perez <corsac@debian.org>2016-03-24 11:59:32 +0100
commit518dd33c94e041db0444c7d1f33da363bb8e3faf (patch)
treee8d1665ffadff7ec40228dda47e81f8f4691cd07 /src/libstrongswan/tests/suites
parentf42f239a632306ed082f6fde878977248eea85cf (diff)
downloadvyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.tar.gz
vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.zip
Imported Upstream version 5.4.0
Diffstat (limited to 'src/libstrongswan/tests/suites')
-rw-r--r--src/libstrongswan/tests/suites/test_array.c43
-rw-r--r--src/libstrongswan/tests/suites/test_auth_cfg.c122
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c261
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list.c91
4 files changed, 466 insertions, 51 deletions
diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c
index ba2aff460..eda72e10a 100644
--- a/src/libstrongswan/tests/suites/test_array.c
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -491,6 +491,44 @@ START_TEST(test_invoke_offset)
}
END_TEST
+START_TEST(test_insert_create)
+{
+ array_t *array = NULL;
+ uintptr_t x;
+
+ array_insert_create(&array, ARRAY_TAIL, (void*)(uintptr_t)1);
+ array_insert_create(&array, ARRAY_TAIL, (void*)(uintptr_t)2);
+ ck_assert(array != NULL);
+
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 1);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 2);
+
+ array_destroy(array);
+}
+END_TEST
+
+START_TEST(test_insert_create_value)
+{
+ array_t *array = NULL;
+ u_int16_t v;
+
+ v = 1;
+ array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v);
+ v = 2;
+ array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v);
+ ck_assert(array != NULL);
+
+ ck_assert(array_get(array, ARRAY_HEAD, &v));
+ ck_assert_int_eq(v, 1);
+ ck_assert(array_get(array, ARRAY_TAIL, &v));
+ ck_assert_int_eq(v, 2);
+
+ array_destroy(array);
+}
+END_TEST
+
Suite *array_suite_create()
{
Suite *s;
@@ -528,5 +566,10 @@ Suite *array_suite_create()
tcase_add_test(tc, test_invoke_offset);
suite_add_tcase(s, tc);
+ tc = tcase_create("insert create");
+ tcase_add_test(tc, test_insert_create);
+ tcase_add_test(tc, test_insert_create_value);
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
new file mode 100644
index 000000000..e046725b8
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <credentials/auth_cfg.h>
+
+struct {
+ char *constraints;
+ signature_scheme_t sig[5];
+ signature_scheme_t ike[5];
+} sig_constraints_tests[] = {
+ { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+ { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+ { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+ { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa4096-sha256", {0}, {0}},
+ { "sha256", {0}, {0}},
+ { "ike:sha256", {0}, {0}},
+};
+
+static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
+ signature_scheme_t expected[])
+{
+ enumerator_t *enumerator;
+ auth_rule_t t;
+ void *value;
+ int i = 0;
+
+ enumerator = cfg->create_enumerator(cfg);
+ while (enumerator->enumerate(enumerator, &t, &value))
+ {
+ if (t == type)
+ {
+ ck_assert(expected[i]);
+ ck_assert_int_eq(expected[i], (signature_scheme_t)value);
+ i++;
+ }
+ }
+ enumerator->destroy(enumerator);
+ ck_assert(!expected[i]);
+}
+
+START_TEST(test_sig_contraints)
+{
+ auth_cfg_t *cfg;
+ signature_scheme_t none[] = {0};
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, FALSE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, none);
+ cfg->destroy(cfg);
+
+ lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
+ FALSE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
+ cfg->destroy(cfg);
+}
+END_TEST
+
+START_TEST(test_ike_contraints_fallback)
+{
+ auth_cfg_t *cfg;
+
+ lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
+ TRUE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ if (sig_constraints_tests[_i].ike[0])
+ {
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
+ }
+ else
+ {
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ }
+ cfg->destroy(cfg);
+}
+END_TEST
+
+Suite *auth_cfg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("auth_cfg");
+
+ tc = tcase_create("add_pubkey_constraints");
+ tcase_add_loop_test(tc, test_sig_contraints, 0, countof(sig_constraints_tests));
+ tcase_add_loop_test(tc, test_ike_contraints_fallback, 0, countof(sig_constraints_tests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index 9554d2919..c0a21fe34 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -1,7 +1,8 @@
/*
* Copyright (C) 2013-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -122,67 +123,122 @@ static struct {
} data;
} result;
} string_data[] = {
- {NULL, ID_ANY, { .type = ENC_CHUNK }},
- {"", ID_ANY, { .type = ENC_CHUNK }},
- {"%any", ID_ANY, { .type = ENC_CHUNK }},
- {"%any6", ID_ANY, { .type = ENC_CHUNK }},
- {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
- {"0::0", ID_ANY, { .type = ENC_CHUNK }},
- {"::", ID_ANY, { .type = ENC_CHUNK }},
- {"*", ID_ANY, { .type = ENC_CHUNK }},
- {"any", ID_FQDN, { .type = ENC_SIMPLE }},
- {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
- {"0", ID_FQDN, { .type = ENC_SIMPLE }},
- {"**", ID_FQDN, { .type = ENC_SIMPLE }},
- {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ {NULL, ID_ANY, { .type = ENC_CHUNK }},
+ {"", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any6", ID_ANY, { .type = ENC_CHUNK }},
+ {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
+ {"0::0", ID_ANY, { .type = ENC_CHUNK }},
+ {"::", ID_ANY, { .type = ENC_CHUNK }},
+ {"*", ID_ANY, { .type = ENC_CHUNK }},
+ {"any", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"0", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"**", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- {"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
- {".", ID_FQDN, { .type = ENC_SIMPLE }},
- {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ {"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
+ {".", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1/33", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1/32", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01,0xff,0xff,0xff,0xff) }},
+ {"192.168.1.1/31", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0xfe) }},
+ {"192.168.1.8/30", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x08,0xff,0xff,0xff,0xfc) }},
+ {"192.168.1.128/25", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x80,0xff,0xff,0xff,0x80) }},
+ {"192.168.1.0/24", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0x00) }},
+ {"192.168.1.0/23", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x00,0x00,0xff,0xff,0xfe,0x00) }},
+ {"192.168.4.0/22", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x04,0x00,0xff,0xff,0xfc,0x00) }},
+ {"0.0.0.0/0", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
+ {"192.168.1.0-192.168.1.40",ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xc0,0xa8,0x01,0x28) }},
+ {"0.0.0.0-255.255.255.255", ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff) }},
+ {"192.168.1.40-192.168.1.0",ID_FQDN, { .type = ENC_SIMPLE }},
+ {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
- {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
+ {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
- {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
- {"@", ID_FQDN, { .type = ENC_CHUNK }},
- {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
+ {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1/129", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1/128", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff ) }},
+ {"fec0::1/127", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe ) }},
+ {"fec0::4/126", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfc ) }},
+ {"fec0::100/120", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00 ) }},
+ {"::/0", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ) }},
+ {"fec0::1-fec0::4fff", ID_IPV6_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+ 0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff ) }},
+ {"fec0::4fff-fec0::1", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1-", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"@", ID_FQDN, { .type = ENC_CHUNK }},
+ {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
.data.s = "strongswan.org" }},
- {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
+ {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xde,0xad,0xbe,0xef) }},
- {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
+ {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x0d,0xea,0xdb,0xee) }},
- {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0b,0x31,0x09,0x30,0x07,0x06,
0x03,0x55,0x04,0x06,0x13,0x00) }},
- {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
+ { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
.data.s = "tester" }},
- { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
+ { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
.data.s = "tester" }},
- { "{99}:somedata", 99, { .type = ENC_STRING,
+ { "{99}:somedata", 99, { .type = ENC_STRING,
.data.s = "somedata" }},
};
@@ -264,14 +320,33 @@ START_TEST(test_printf_hook)
string_equals("192.168.1.1", "192.168.1.1");
string_equals_id("(invalid ID_IPV4_ADDR)",
- identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
+ identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
+ string_equals("192.168.1.1/32", "192.168.1.1/32");
+ string_equals("192.168.1.2/31", "192.168.1.2/31");
+ string_equals("192.168.1.0/24", "192.168.1.0/24");
+ string_equals("192.168.2.0/23", "192.168.2.0/23");
+ string_equals("0.0.0.0/0", "0.0.0.0/0");
+ string_equals_id("(invalid ID_IPV4_ADDR_SUBNET)",
+ identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty));
+ string_equals("192.168.1.1-192.168.1.254", "192.168.1.1-192.168.1.254");
+ string_equals("0.0.0.0-255.255.255.255", "0.0.0.0-255.255.255.255");
+ string_equals_id("(invalid ID_IPV4_ADDR_RANGE)",
+ identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty));
string_equals("fec0::1", "fec0::1");
string_equals("fec0::1", "fec0:0:0::1");
string_equals_id("(invalid ID_IPV6_ADDR)",
- identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
-
+ identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
+ string_equals("fec0::1/128", "fec0::1/128");
+ string_equals("fec0::2/127", "fec0::2/127");
+ string_equals("fec0::100/120", "fec0::100/120");
+ string_equals("::/0", "::/0");
+ string_equals_id("(invalid ID_IPV6_ADDR_SUBNET)",
+ identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty));
+ string_equals("fec0::1-fec0::4fff", "fec0::1-fec0::4fff");
+ string_equals_id("(invalid ID_IPV6_ADDR_RANGE)",
+ identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty));
string_equals_id("(unknown ID type: 255)",
- identification_create_from_encoding(255, chunk_empty));
+ identification_create_from_encoding(255, chunk_empty));
string_equals("moon@strongswan.org", "moon@strongswan.org");
string_equals("MOON@STRONGSWAN.ORG", "MOON@STRONGSWAN.ORG");
@@ -324,11 +399,11 @@ START_TEST(test_printf_hook)
string_equals("C=CH, E=moon@strongswan.org, CN=moon",
"C=CH, emailAddress=moon@strongswan.org, CN=moon");
- /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
- string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN,
+ /* C=CH, telexNumber=123 (telexNumber is currently not recognized) */
+ string_equals_id("C=CH, 55:04:15=123", identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
- 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
+ 0x03, 0x55, 0x04, 0x15, 0x13, 0x03, 0x31, 0x32, 0x33)));
/* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
@@ -595,6 +670,89 @@ START_TEST(test_matches_binary)
}
END_TEST
+START_TEST(test_matches_range)
+{
+ identification_t *a, *b;
+
+ /* IPv4 addresses */
+ a = identification_create_from_string("192.168.1.1");
+ ck_assert(a->get_type(a) == ID_IPV4_ADDR);
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_MAX_WILDCARDS));
+ ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.2", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.1/32", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.0/32", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.0/24", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "192.168.0.0/24", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.1-192.168.1.1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.0-192.168.1.64", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "192.168.1.2-192.168.1.64", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.0.240-192.168.1.0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
+
+ /* Malformed IPv4 subnet and range encoding */
+ b = identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE,
+ chunk_from_chars(0xc0,0xa8,0x01,0x28,0xc0,0xa8,0x01,0x00));
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+
+ a->destroy(a);
+
+ /* IPv6 addresses */
+ a = identification_create_from_string("fec0::1");
+ ck_assert(a->get_type(a) == ID_IPV6_ADDR);
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "::/0", ID_MATCH_MAX_WILDCARDS));
+ ck_assert(id_matches(a, "fec0::1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::2", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::1/128", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::/128", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::/120", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "fec0::100/120", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::1-fec0::1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::0-fec0::5", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "fec0::4001-fec0::4ffe", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "feb0::1-fec0::0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
+
+ /* Malformed IPv6 subnet and range encoding */
+ b = identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE,
+ chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff,
+ 0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 ));
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+
+ a->destroy(a);
+
+ /* Malformed IPv4 address encoding */
+ a = identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty);
+ ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "0.0.0.0-255.255.255.255", ID_MATCH_NONE));
+ a->destroy(a);
+
+ /* Malformed IPv6 address encoding */
+ a = identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty);
+ ck_assert(id_matches(a, "::/0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", ID_MATCH_NONE));
+ a->destroy(a);
+}
+END_TEST
+
START_TEST(test_matches_string)
{
identification_t *a;
@@ -929,6 +1087,7 @@ Suite *identification_suite_create()
tcase_add_test(tc, test_matches);
tcase_add_test(tc, test_matches_any);
tcase_add_test(tc, test_matches_binary);
+ tcase_add_test(tc, test_matches_range);
tcase_add_test(tc, test_matches_string);
tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c
index 922f954e3..7a161817c 100644
--- a/src/libstrongswan/tests/suites/test_linked_list.c
+++ b/src/libstrongswan/tests/suites/test_linked_list.c
@@ -348,6 +348,91 @@ START_TEST(test_clone_offset)
}
END_TEST
+
+/*******************************************************************************
+ * equals
+ */
+
+typedef struct equals_t equals_t;
+
+struct equals_t {
+ int val;
+ bool (*equals)(equals_t *a, equals_t *b);
+};
+
+static bool equalsfn(equals_t *a, equals_t *b)
+{
+ return a->val == b->val;
+}
+
+START_TEST(test_equals_offset)
+{
+ linked_list_t *other;
+ equals_t *x, items[] = {
+ { .val = 1, .equals = equalsfn, },
+ { .val = 2, .equals = equalsfn, },
+ { .val = 3, .equals = equalsfn, },
+ { .val = 4, .equals = equalsfn, },
+ { .val = 5, .equals = equalsfn, },
+ };
+ int i;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ ck_assert(list->equals_offset(list, list, offsetof(equals_t, equals)));
+ other = linked_list_create_from_enumerator(list->create_enumerator(list));
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->remove_last(other, (void**)&x);
+ ck_assert(!list->equals_offset(list, other, offsetof(equals_t, equals)));
+ list->remove_last(list, (void**)&x);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->remove_first(other, (void**)&x);
+ ck_assert(!list->equals_offset(list, other, offsetof(equals_t, equals)));
+ list->remove_first(list, (void**)&x);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ while (list->remove_first(list, (void**)&x) == SUCCESS);
+ while (other->remove_first(other, (void**)&x) == SUCCESS);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->destroy(other);
+}
+END_TEST
+
+START_TEST(test_equals_function)
+{
+ linked_list_t *other;
+ equals_t *x, items[] = {
+ { .val = 1, },
+ { .val = 2, },
+ { .val = 3, },
+ { .val = 4, },
+ { .val = 5, },
+ };
+ int i;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ ck_assert(list->equals_function(list, list, (void*)equalsfn));
+ other = linked_list_create_from_enumerator(list->create_enumerator(list));
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->remove_last(other, (void**)&x);
+ ck_assert(!list->equals_function(list, other, (void*)equalsfn));
+ list->remove_last(list, (void**)&x);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->remove_first(other, (void**)&x);
+ ck_assert(!list->equals_function(list, other, (void*)equalsfn));
+ list->remove_first(list, (void**)&x);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ while (list->remove_first(list, (void**)&x) == SUCCESS);
+ while (other->remove_first(other, (void**)&x) == SUCCESS);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->destroy(other);
+}
+END_TEST
+
Suite *linked_list_suite_create()
{
Suite *s;
@@ -386,5 +471,11 @@ Suite *linked_list_suite_create()
tcase_add_test(tc, test_clone_offset);
suite_add_tcase(s, tc);
+ tc = tcase_create("equals");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_equals_offset);
+ tcase_add_test(tc, test_equals_function);
+ suite_add_tcase(s, tc);
+
return s;
}