Annotation of embedaddon/strongswan/src/libcharon/tests/suites/test_childless.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2019 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "test_suite.h"
17:
18: #include <daemon.h>
19: #include <tests/utils/exchange_test_helper.h>
20: #include <tests/utils/exchange_test_asserts.h>
21: #include <tests/utils/sa_asserts.h>
22:
23: /**
24: * Childless initiation of the IKE_SA. The first CHILD_SA is automatically
25: * initiated in a separate CREATE_CHILD_SA exchange including DH.
26: */
27: START_TEST(test_regular)
28: {
29: exchange_test_sa_conf_t conf = {
30: .initiator = {
31: .childless = CHILDLESS_FORCE,
32: .esp = "aes128-sha256-modp3072",
33: },
34: .responder = {
35: .esp = "aes128-sha256-modp3072",
36: },
37: };
38: ike_sa_t *a, *b;
39: ike_sa_id_t *id_a, *id_b;
40: child_cfg_t *child_cfg;
41:
42: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b,
43: &conf);
44: id_a = a->get_id(a);
45: id_b = b->get_id(b);
46:
47: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL);
48:
49: /* IKE_SA_INIT --> */
50: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a));
51: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
52: /* <-- IKE_SA_INIT */
53: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED);
54: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b));
55: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
56:
57: /* IKE_AUTH --> */
58: assert_hook_not_called(child_updown);
59: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION);
60: assert_no_payload(IN, PLV2_TS_INITIATOR);
61: assert_no_payload(IN, PLV2_TS_RESPONDER);
62: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
63:
64: /* <-- IKE_AUTH */
65: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION);
66: assert_no_payload(IN, PLV2_TS_INITIATOR);
67: assert_no_payload(IN, PLV2_TS_RESPONDER);
68: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
69: assert_child_sa_count(a, 0);
70: assert_child_sa_count(b, 0);
71: assert_hook();
72:
73: /* CREATE_CHILD_SA { SA, Ni, KEi, TSi, TSr } --> */
74: assert_hook_called(child_updown);
75: assert_payload(IN, PLV2_KEY_EXCHANGE);
76: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
77: assert_child_sa_count(b, 1);
78: assert_hook();
79:
80: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
81: assert_hook_called(child_updown);
82: assert_payload(IN, PLV2_KEY_EXCHANGE);
83: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
84: assert_child_sa_count(a, 1);
85: assert_hook();
86:
87: assert_sa_idle(a);
88: assert_sa_idle(b);
89:
90: call_ikesa(a, destroy);
91: call_ikesa(b, destroy);
92: }
93: END_TEST
94:
95: /**
96: * Childless initiation of the IKE_SA, no CHILD_SA created automatically.
97: * It's created with a separate initiation and exchange afterwards.
98: */
99: START_TEST(test_regular_manual)
100: {
101: exchange_test_sa_conf_t conf = {
102: .initiator = {
103: .esp = "aes128-sha256-modp3072",
104: },
105: .responder = {
106: .esp = "aes128-sha256-modp3072",
107: },
108: };
109: ike_sa_t *a, *b;
110: ike_sa_id_t *id_a, *id_b;
111: child_cfg_t *child_cfg;
112:
113: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b,
114: &conf);
115: id_a = a->get_id(a);
116: id_b = b->get_id(b);
117:
118: call_ikesa(a, initiate, NULL, 0, NULL, NULL);
119:
120: /* IKE_SA_INIT --> */
121: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a));
122: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
123: /* <-- IKE_SA_INIT */
124: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED);
125: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b));
126: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
127:
128: /* IKE_AUTH --> */
129: assert_hook_not_called(child_updown);
130: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION);
131: assert_no_payload(IN, PLV2_TS_INITIATOR);
132: assert_no_payload(IN, PLV2_TS_RESPONDER);
133: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
134:
135: /* <-- IKE_AUTH */
136: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION);
137: assert_no_payload(IN, PLV2_TS_INITIATOR);
138: assert_no_payload(IN, PLV2_TS_RESPONDER);
139: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
140: assert_child_sa_count(a, 0);
141: assert_child_sa_count(b, 0);
142: assert_hook();
143:
144: assert_sa_idle(a);
145: assert_sa_idle(b);
146:
147: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL);
148:
149: /* CREATE_CHILD_SA { SA, Ni, KEi, TSi, TSr } --> */
150: assert_hook_called(child_updown);
151: assert_payload(IN, PLV2_KEY_EXCHANGE);
152: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
153: assert_child_sa_count(b, 1);
154: assert_hook();
155:
156: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
157: assert_hook_called(child_updown);
158: assert_payload(IN, PLV2_KEY_EXCHANGE);
159: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
160: assert_child_sa_count(a, 1);
161: assert_hook();
162:
163: assert_sa_idle(a);
164: assert_sa_idle(b);
165:
166: call_ikesa(a, destroy);
167: call_ikesa(b, destroy);
168: }
169: END_TEST
170:
171: /**
172: * The initiator aborts the initiation once it notices the responder does not
173: * support childless IKE_SAs.
174: */
175: START_TEST(test_failure_init)
176: {
177: exchange_test_sa_conf_t conf = {
178: .initiator = {
179: .childless = CHILDLESS_FORCE,
180: },
181: .responder = {
182: .childless = CHILDLESS_NEVER,
183: },
184: };
185: ike_sa_t *a, *b;
186: ike_sa_id_t *id_a, *id_b;
187: child_cfg_t *child_cfg;
188: status_t status;
189:
190: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b,
191: &conf);
192: id_a = a->get_id(a);
193: id_b = b->get_id(b);
194:
195: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL);
196:
197: /* IKE_SA_INIT --> */
198: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a));
199: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
200: /* <-- IKE_SA_INIT */
201: assert_no_notify(IN, CHILDLESS_IKEV2_SUPPORTED);
202: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b));
203: status = exchange_test_helper->process_message(exchange_test_helper, a,
204: NULL);
205: ck_assert_int_eq(DESTROY_ME, status);
206:
207: call_ikesa(a, destroy);
208: call_ikesa(b, destroy);
209: }
210: END_TEST
211:
212: /**
213: * The responder aborts the initiation once it notices the initiator does not
214: * create a childless IKE_SA.
215: */
216: START_TEST(test_failure_resp)
217: {
218: exchange_test_sa_conf_t conf = {
219: .initiator = {
220: .childless = CHILDLESS_NEVER,
221: },
222: .responder = {
223: .childless = CHILDLESS_FORCE,
224: },
225: };
226: ike_sa_t *a, *b;
227: ike_sa_id_t *id_a, *id_b;
228: child_cfg_t *child_cfg;
229: status_t status;
230:
231: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b,
232: &conf);
233: id_a = a->get_id(a);
234: id_b = b->get_id(b);
235:
236: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL);
237:
238: /* IKE_SA_INIT --> */
239: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a));
240: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
241: /* <-- IKE_SA_INIT */
242: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED);
243: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b));
244: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
245:
246: /* IKE_AUTH --> */
247: assert_hook_not_called(child_updown);
248: assert_payload(IN, PLV2_SECURITY_ASSOCIATION);
249: assert_payload(IN, PLV2_TS_INITIATOR);
250: assert_payload(IN, PLV2_TS_RESPONDER);
251: status = exchange_test_helper->process_message(exchange_test_helper, b,
252: NULL);
253: ck_assert_int_eq(DESTROY_ME, status);
254: assert_hook();
255:
256: /* <-- IKE_AUTH */
257: assert_hook_not_called(child_updown);
258: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION);
259: assert_no_payload(IN, PLV2_TS_INITIATOR);
260: assert_no_payload(IN, PLV2_TS_RESPONDER);
261: assert_notify(IN, INVALID_SYNTAX);
262: status = exchange_test_helper->process_message(exchange_test_helper, a,
263: NULL);
264: ck_assert_int_eq(DESTROY_ME, status);
265: assert_hook();
266:
267: assert_sa_idle(a);
268: assert_sa_idle(b);
269:
270: call_ikesa(a, destroy);
271: call_ikesa(b, destroy);
272: }
273: END_TEST
274:
275: Suite *childless_suite_create()
276: {
277: Suite *s;
278: TCase *tc;
279:
280: s = suite_create("childless");
281:
282: tc = tcase_create("initiation");
283: tcase_add_test(tc, test_regular);
284: tcase_add_test(tc, test_regular_manual);
285: suite_add_tcase(s, tc);
286:
287: tc = tcase_create("failure");
288: tcase_add_test(tc, test_failure_init);
289: tcase_add_test(tc, test_failure_resp);
290: suite_add_tcase(s, tc);
291:
292: return s;
293: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to test_childless.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / tests / suites