1: /*
2: * Copyright (C) 2012 Reto Buerki
3: * Copyright (C) 2012 Adrian-Ken Rueegsegger
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include <tests/test_suite.h>
18:
19: #include <daemon.h>
20: #include <crypto/proposal/proposal.h>
21: #include <encoding/payloads/ike_header.h>
22: #include <tkm/client.h>
23:
24: #include "tkm.h"
25: #include "tkm_nonceg.h"
26: #include "tkm_diffie_hellman.h"
27: #include "tkm_keymat.h"
28: #include "tkm_types.h"
29:
30: START_TEST(test_derive_ike_keys)
31: {
32: proposal_t *proposal = proposal_create_from_string(PROTO_IKE,
33: "aes256-sha512-modp4096");
34: fail_if(!proposal, "Unable to create proposal");
35: ike_sa_id_t *ike_sa_id = ike_sa_id_create(IKEV2_MAJOR_VERSION,
36: 123912312312, 32312313122, TRUE);
37: fail_if(!ike_sa_id, "Unable to create IKE SA ID");
38:
39: tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
40: fail_if(!keymat, "Unable to create keymat");
41: fail_if(!keymat->get_isa_id(keymat), "Invalid ISA context id (0)");
42:
43: chunk_t nonce;
44: tkm_nonceg_t *ng = tkm_nonceg_create();
45: fail_if(!ng, "Unable to create nonce generator");
46: fail_unless(ng->nonce_gen.allocate_nonce(&ng->nonce_gen, 32, &nonce),
47: "Unable to allocate nonce");
48:
49: tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
50: fail_if(!dh, "Unable to create DH");
51:
52: /* Use the same pubvalue for both sides */
53: chunk_t pubvalue;
54: ck_assert(dh->dh.get_my_public_value(&dh->dh, &pubvalue));
55: ck_assert(dh->dh.set_other_public_value(&dh->dh, pubvalue));
56:
57: fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal,
58: &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
59: "Key derivation failed");
60: chunk_free(&nonce);
61:
62: aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE);
63: fail_if(!aead, "AEAD is NULL");
64:
65: fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
66: aead->get_key_size(aead));
67: fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d",
68: aead->get_block_size(aead));
69:
70: ng->nonce_gen.destroy(&ng->nonce_gen);
71: proposal->destroy(proposal);
72: dh->dh.destroy(&dh->dh);
73: ike_sa_id->destroy(ike_sa_id);
74: keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
75: chunk_free(&pubvalue);
76: }
77: END_TEST
78:
79: START_TEST(test_derive_child_keys)
80: {
81: tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
82: fail_if(!dh, "Unable to create DH object");
83: proposal_t *proposal = proposal_create_from_string(PROTO_ESP,
84: "aes256-sha512-modp4096");
85: fail_if(!proposal, "Unable to create proposal");
86: proposal->set_spi(proposal, 42);
87:
88: tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
89: fail_if(!keymat, "Unable to create keymat");
90:
91: chunk_t encr_i, encr_r, integ_i, integ_r;
92: chunk_t nonce = chunk_from_chars("test chunk");
93:
94: fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
95: (diffie_hellman_t *)dh,
96: nonce, nonce, &encr_i,
97: &integ_i, &encr_r, &integ_r),
98: "Child key derivation failed");
99:
100: esa_info_t *info = (esa_info_t *)encr_i.ptr;
101: fail_if(!info, "encr_i does not contain esa information");
102: fail_if(info->isa_id != keymat->get_isa_id(keymat),
103: "Isa context id mismatch (encr_i)");
104: fail_if(info->spi_r != 42,
105: "SPI mismatch (encr_i)");
106: fail_unless(chunk_equals(info->nonce_i, nonce),
107: "nonce_i mismatch (encr_i)");
108: fail_unless(chunk_equals(info->nonce_r, nonce),
109: "nonce_r mismatch (encr_i)");
110: fail_if(info->is_encr_r,
111: "Flag is_encr_r set for encr_i");
112: fail_if(info->dh_id != dh->get_id(dh),
113: "DH context id mismatch (encr_i)");
114: chunk_free(&info->nonce_i);
115: chunk_free(&info->nonce_r);
116:
117: info = (esa_info_t *)encr_r.ptr;
118: fail_if(!info, "encr_r does not contain esa information");
119: fail_if(info->isa_id != keymat->get_isa_id(keymat),
120: "Isa context id mismatch (encr_r)");
121: fail_if(info->spi_r != 42,
122: "SPI mismatch (encr_r)");
123: fail_unless(chunk_equals(info->nonce_i, nonce),
124: "nonce_i mismatch (encr_r)");
125: fail_unless(chunk_equals(info->nonce_r, nonce),
126: "nonce_r mismatch (encr_r)");
127: fail_unless(info->is_encr_r,
128: "Flag is_encr_r set for encr_r");
129: fail_if(info->dh_id != dh->get_id(dh),
130: "DH context id mismatch (encr_i)");
131: chunk_free(&info->nonce_i);
132: chunk_free(&info->nonce_r);
133:
134: proposal->destroy(proposal);
135: dh->dh.destroy(&dh->dh);
136: keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
137: chunk_free(&encr_i);
138: chunk_free(&encr_r);
139: }
140: END_TEST
141:
142: Suite *make_keymat_tests()
143: {
144: Suite *s;
145: TCase *tc;
146:
147: s = suite_create("keymat");
148:
149: tc = tcase_create("derive IKE keys");
150: tcase_add_test(tc, test_derive_ike_keys);
151: suite_add_tcase(s, tc);
152:
153: tc = tcase_create("derive CHILD keys");
154: tcase_add_test(tc, test_derive_child_keys);
155: suite_add_tcase(s, tc);
156:
157: return s;
158: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to keymat_tests.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / charon-tkm / tests