Annotation of embedaddon/strongswan/src/charon-tkm/tests/keymat_tests.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012 Reto Buerki
! 3: * Copyright (C) 2012 Adrian-Ken Rueegsegger
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #include <tests/test_suite.h>
! 18:
! 19: #include <daemon.h>
! 20: #include <crypto/proposal/proposal.h>
! 21: #include <encoding/payloads/ike_header.h>
! 22: #include <tkm/client.h>
! 23:
! 24: #include "tkm.h"
! 25: #include "tkm_nonceg.h"
! 26: #include "tkm_diffie_hellman.h"
! 27: #include "tkm_keymat.h"
! 28: #include "tkm_types.h"
! 29:
! 30: START_TEST(test_derive_ike_keys)
! 31: {
! 32: proposal_t *proposal = proposal_create_from_string(PROTO_IKE,
! 33: "aes256-sha512-modp4096");
! 34: fail_if(!proposal, "Unable to create proposal");
! 35: ike_sa_id_t *ike_sa_id = ike_sa_id_create(IKEV2_MAJOR_VERSION,
! 36: 123912312312, 32312313122, TRUE);
! 37: fail_if(!ike_sa_id, "Unable to create IKE SA ID");
! 38:
! 39: tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
! 40: fail_if(!keymat, "Unable to create keymat");
! 41: fail_if(!keymat->get_isa_id(keymat), "Invalid ISA context id (0)");
! 42:
! 43: chunk_t nonce;
! 44: tkm_nonceg_t *ng = tkm_nonceg_create();
! 45: fail_if(!ng, "Unable to create nonce generator");
! 46: fail_unless(ng->nonce_gen.allocate_nonce(&ng->nonce_gen, 32, &nonce),
! 47: "Unable to allocate nonce");
! 48:
! 49: tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
! 50: fail_if(!dh, "Unable to create DH");
! 51:
! 52: /* Use the same pubvalue for both sides */
! 53: chunk_t pubvalue;
! 54: ck_assert(dh->dh.get_my_public_value(&dh->dh, &pubvalue));
! 55: ck_assert(dh->dh.set_other_public_value(&dh->dh, pubvalue));
! 56:
! 57: fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal,
! 58: &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
! 59: "Key derivation failed");
! 60: chunk_free(&nonce);
! 61:
! 62: aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE);
! 63: fail_if(!aead, "AEAD is NULL");
! 64:
! 65: fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
! 66: aead->get_key_size(aead));
! 67: fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d",
! 68: aead->get_block_size(aead));
! 69:
! 70: ng->nonce_gen.destroy(&ng->nonce_gen);
! 71: proposal->destroy(proposal);
! 72: dh->dh.destroy(&dh->dh);
! 73: ike_sa_id->destroy(ike_sa_id);
! 74: keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
! 75: chunk_free(&pubvalue);
! 76: }
! 77: END_TEST
! 78:
! 79: START_TEST(test_derive_child_keys)
! 80: {
! 81: tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
! 82: fail_if(!dh, "Unable to create DH object");
! 83: proposal_t *proposal = proposal_create_from_string(PROTO_ESP,
! 84: "aes256-sha512-modp4096");
! 85: fail_if(!proposal, "Unable to create proposal");
! 86: proposal->set_spi(proposal, 42);
! 87:
! 88: tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
! 89: fail_if(!keymat, "Unable to create keymat");
! 90:
! 91: chunk_t encr_i, encr_r, integ_i, integ_r;
! 92: chunk_t nonce = chunk_from_chars("test chunk");
! 93:
! 94: fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
! 95: (diffie_hellman_t *)dh,
! 96: nonce, nonce, &encr_i,
! 97: &integ_i, &encr_r, &integ_r),
! 98: "Child key derivation failed");
! 99:
! 100: esa_info_t *info = (esa_info_t *)encr_i.ptr;
! 101: fail_if(!info, "encr_i does not contain esa information");
! 102: fail_if(info->isa_id != keymat->get_isa_id(keymat),
! 103: "Isa context id mismatch (encr_i)");
! 104: fail_if(info->spi_r != 42,
! 105: "SPI mismatch (encr_i)");
! 106: fail_unless(chunk_equals(info->nonce_i, nonce),
! 107: "nonce_i mismatch (encr_i)");
! 108: fail_unless(chunk_equals(info->nonce_r, nonce),
! 109: "nonce_r mismatch (encr_i)");
! 110: fail_if(info->is_encr_r,
! 111: "Flag is_encr_r set for encr_i");
! 112: fail_if(info->dh_id != dh->get_id(dh),
! 113: "DH context id mismatch (encr_i)");
! 114: chunk_free(&info->nonce_i);
! 115: chunk_free(&info->nonce_r);
! 116:
! 117: info = (esa_info_t *)encr_r.ptr;
! 118: fail_if(!info, "encr_r does not contain esa information");
! 119: fail_if(info->isa_id != keymat->get_isa_id(keymat),
! 120: "Isa context id mismatch (encr_r)");
! 121: fail_if(info->spi_r != 42,
! 122: "SPI mismatch (encr_r)");
! 123: fail_unless(chunk_equals(info->nonce_i, nonce),
! 124: "nonce_i mismatch (encr_r)");
! 125: fail_unless(chunk_equals(info->nonce_r, nonce),
! 126: "nonce_r mismatch (encr_r)");
! 127: fail_unless(info->is_encr_r,
! 128: "Flag is_encr_r set for encr_r");
! 129: fail_if(info->dh_id != dh->get_id(dh),
! 130: "DH context id mismatch (encr_i)");
! 131: chunk_free(&info->nonce_i);
! 132: chunk_free(&info->nonce_r);
! 133:
! 134: proposal->destroy(proposal);
! 135: dh->dh.destroy(&dh->dh);
! 136: keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
! 137: chunk_free(&encr_i);
! 138: chunk_free(&encr_r);
! 139: }
! 140: END_TEST
! 141:
! 142: Suite *make_keymat_tests()
! 143: {
! 144: Suite *s;
! 145: TCase *tc;
! 146:
! 147: s = suite_create("keymat");
! 148:
! 149: tc = tcase_create("derive IKE keys");
! 150: tcase_add_test(tc, test_derive_ike_keys);
! 151: suite_add_tcase(s, tc);
! 152:
! 153: tc = tcase_create("derive CHILD keys");
! 154: tcase_add_test(tc, test_derive_child_keys);
! 155: suite_add_tcase(s, tc);
! 156:
! 157: return s;
! 158: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to keymat_tests.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / charon-tkm / tests