Return to test_childless.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / tests / suites |
1.1 misho 1: /* 2: * Copyright (C) 2019 Tobias Brunner 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "test_suite.h" 17: 18: #include <daemon.h> 19: #include <tests/utils/exchange_test_helper.h> 20: #include <tests/utils/exchange_test_asserts.h> 21: #include <tests/utils/sa_asserts.h> 22: 23: /** 24: * Childless initiation of the IKE_SA. The first CHILD_SA is automatically 25: * initiated in a separate CREATE_CHILD_SA exchange including DH. 26: */ 27: START_TEST(test_regular) 28: { 29: exchange_test_sa_conf_t conf = { 30: .initiator = { 31: .childless = CHILDLESS_FORCE, 32: .esp = "aes128-sha256-modp3072", 33: }, 34: .responder = { 35: .esp = "aes128-sha256-modp3072", 36: }, 37: }; 38: ike_sa_t *a, *b; 39: ike_sa_id_t *id_a, *id_b; 40: child_cfg_t *child_cfg; 41: 42: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b, 43: &conf); 44: id_a = a->get_id(a); 45: id_b = b->get_id(b); 46: 47: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); 48: 49: /* IKE_SA_INIT --> */ 50: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a)); 51: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 52: /* <-- IKE_SA_INIT */ 53: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED); 54: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b)); 55: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 56: 57: /* IKE_AUTH --> */ 58: assert_hook_not_called(child_updown); 59: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION); 60: assert_no_payload(IN, PLV2_TS_INITIATOR); 61: assert_no_payload(IN, PLV2_TS_RESPONDER); 62: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 63: 64: /* <-- IKE_AUTH */ 65: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION); 66: assert_no_payload(IN, PLV2_TS_INITIATOR); 67: assert_no_payload(IN, PLV2_TS_RESPONDER); 68: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 69: assert_child_sa_count(a, 0); 70: assert_child_sa_count(b, 0); 71: assert_hook(); 72: 73: /* CREATE_CHILD_SA { SA, Ni, KEi, TSi, TSr } --> */ 74: assert_hook_called(child_updown); 75: assert_payload(IN, PLV2_KEY_EXCHANGE); 76: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 77: assert_child_sa_count(b, 1); 78: assert_hook(); 79: 80: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ 81: assert_hook_called(child_updown); 82: assert_payload(IN, PLV2_KEY_EXCHANGE); 83: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 84: assert_child_sa_count(a, 1); 85: assert_hook(); 86: 87: assert_sa_idle(a); 88: assert_sa_idle(b); 89: 90: call_ikesa(a, destroy); 91: call_ikesa(b, destroy); 92: } 93: END_TEST 94: 95: /** 96: * Childless initiation of the IKE_SA, no CHILD_SA created automatically. 97: * It's created with a separate initiation and exchange afterwards. 98: */ 99: START_TEST(test_regular_manual) 100: { 101: exchange_test_sa_conf_t conf = { 102: .initiator = { 103: .esp = "aes128-sha256-modp3072", 104: }, 105: .responder = { 106: .esp = "aes128-sha256-modp3072", 107: }, 108: }; 109: ike_sa_t *a, *b; 110: ike_sa_id_t *id_a, *id_b; 111: child_cfg_t *child_cfg; 112: 113: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b, 114: &conf); 115: id_a = a->get_id(a); 116: id_b = b->get_id(b); 117: 118: call_ikesa(a, initiate, NULL, 0, NULL, NULL); 119: 120: /* IKE_SA_INIT --> */ 121: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a)); 122: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 123: /* <-- IKE_SA_INIT */ 124: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED); 125: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b)); 126: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 127: 128: /* IKE_AUTH --> */ 129: assert_hook_not_called(child_updown); 130: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION); 131: assert_no_payload(IN, PLV2_TS_INITIATOR); 132: assert_no_payload(IN, PLV2_TS_RESPONDER); 133: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 134: 135: /* <-- IKE_AUTH */ 136: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION); 137: assert_no_payload(IN, PLV2_TS_INITIATOR); 138: assert_no_payload(IN, PLV2_TS_RESPONDER); 139: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 140: assert_child_sa_count(a, 0); 141: assert_child_sa_count(b, 0); 142: assert_hook(); 143: 144: assert_sa_idle(a); 145: assert_sa_idle(b); 146: 147: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); 148: 149: /* CREATE_CHILD_SA { SA, Ni, KEi, TSi, TSr } --> */ 150: assert_hook_called(child_updown); 151: assert_payload(IN, PLV2_KEY_EXCHANGE); 152: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 153: assert_child_sa_count(b, 1); 154: assert_hook(); 155: 156: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ 157: assert_hook_called(child_updown); 158: assert_payload(IN, PLV2_KEY_EXCHANGE); 159: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 160: assert_child_sa_count(a, 1); 161: assert_hook(); 162: 163: assert_sa_idle(a); 164: assert_sa_idle(b); 165: 166: call_ikesa(a, destroy); 167: call_ikesa(b, destroy); 168: } 169: END_TEST 170: 171: /** 172: * The initiator aborts the initiation once it notices the responder does not 173: * support childless IKE_SAs. 174: */ 175: START_TEST(test_failure_init) 176: { 177: exchange_test_sa_conf_t conf = { 178: .initiator = { 179: .childless = CHILDLESS_FORCE, 180: }, 181: .responder = { 182: .childless = CHILDLESS_NEVER, 183: }, 184: }; 185: ike_sa_t *a, *b; 186: ike_sa_id_t *id_a, *id_b; 187: child_cfg_t *child_cfg; 188: status_t status; 189: 190: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b, 191: &conf); 192: id_a = a->get_id(a); 193: id_b = b->get_id(b); 194: 195: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); 196: 197: /* IKE_SA_INIT --> */ 198: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a)); 199: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 200: /* <-- IKE_SA_INIT */ 201: assert_no_notify(IN, CHILDLESS_IKEV2_SUPPORTED); 202: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b)); 203: status = exchange_test_helper->process_message(exchange_test_helper, a, 204: NULL); 205: ck_assert_int_eq(DESTROY_ME, status); 206: 207: call_ikesa(a, destroy); 208: call_ikesa(b, destroy); 209: } 210: END_TEST 211: 212: /** 213: * The responder aborts the initiation once it notices the initiator does not 214: * create a childless IKE_SA. 215: */ 216: START_TEST(test_failure_resp) 217: { 218: exchange_test_sa_conf_t conf = { 219: .initiator = { 220: .childless = CHILDLESS_NEVER, 221: }, 222: .responder = { 223: .childless = CHILDLESS_FORCE, 224: }, 225: }; 226: ike_sa_t *a, *b; 227: ike_sa_id_t *id_a, *id_b; 228: child_cfg_t *child_cfg; 229: status_t status; 230: 231: child_cfg = exchange_test_helper->create_sa(exchange_test_helper, &a, &b, 232: &conf); 233: id_a = a->get_id(a); 234: id_b = b->get_id(b); 235: 236: call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); 237: 238: /* IKE_SA_INIT --> */ 239: id_b->set_initiator_spi(id_b, id_a->get_initiator_spi(id_a)); 240: exchange_test_helper->process_message(exchange_test_helper, b, NULL); 241: /* <-- IKE_SA_INIT */ 242: assert_notify(IN, CHILDLESS_IKEV2_SUPPORTED); 243: id_a->set_responder_spi(id_a, id_b->get_responder_spi(id_b)); 244: exchange_test_helper->process_message(exchange_test_helper, a, NULL); 245: 246: /* IKE_AUTH --> */ 247: assert_hook_not_called(child_updown); 248: assert_payload(IN, PLV2_SECURITY_ASSOCIATION); 249: assert_payload(IN, PLV2_TS_INITIATOR); 250: assert_payload(IN, PLV2_TS_RESPONDER); 251: status = exchange_test_helper->process_message(exchange_test_helper, b, 252: NULL); 253: ck_assert_int_eq(DESTROY_ME, status); 254: assert_hook(); 255: 256: /* <-- IKE_AUTH */ 257: assert_hook_not_called(child_updown); 258: assert_no_payload(IN, PLV2_SECURITY_ASSOCIATION); 259: assert_no_payload(IN, PLV2_TS_INITIATOR); 260: assert_no_payload(IN, PLV2_TS_RESPONDER); 261: assert_notify(IN, INVALID_SYNTAX); 262: status = exchange_test_helper->process_message(exchange_test_helper, a, 263: NULL); 264: ck_assert_int_eq(DESTROY_ME, status); 265: assert_hook(); 266: 267: assert_sa_idle(a); 268: assert_sa_idle(b); 269: 270: call_ikesa(a, destroy); 271: call_ikesa(b, destroy); 272: } 273: END_TEST 274: 275: Suite *childless_suite_create() 276: { 277: Suite *s; 278: TCase *tc; 279: 280: s = suite_create("childless"); 281: 282: tc = tcase_create("initiation"); 283: tcase_add_test(tc, test_regular); 284: tcase_add_test(tc, test_regular_manual); 285: suite_add_tcase(s, tc); 286: 287: tc = tcase_create("failure"); 288: tcase_add_test(tc, test_failure_init); 289: tcase_add_test(tc, test_failure_resp); 290: suite_add_tcase(s, tc); 291: 292: return s; 293: }