Annotation of embedaddon/strongswan/src/libstrongswan/tests/suites/test_auth_cfg.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2016 Tobias Brunner
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "test_suite.h"
! 17:
! 18: #include <credentials/auth_cfg.h>
! 19:
! 20: struct {
! 21: char *constraints;
! 22: signature_scheme_t sig[5];
! 23: signature_scheme_t ike[5];
! 24: } sig_constraints_tests[] = {
! 25: { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
! 26: { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
! 27: { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
! 28: { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
! 29: { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
! 30: { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
! 31: { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
! 32: { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
! 33: { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
! 34: { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
! 35: { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
! 36: { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
! 37: { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
! 38: { "rsa4096-sha256", {0}, {0}},
! 39: { "sha256", {0}, {0}},
! 40: { "ike:sha256", {0}, {0}},
! 41: };
! 42:
! 43: static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
! 44: signature_scheme_t expected[])
! 45: {
! 46: enumerator_t *enumerator;
! 47: auth_rule_t t;
! 48: signature_params_t *value;
! 49: int i = 0;
! 50:
! 51: enumerator = cfg->create_enumerator(cfg);
! 52: while (enumerator->enumerate(enumerator, &t, &value))
! 53: {
! 54: if (t == type)
! 55: {
! 56: ck_assert(expected[i]);
! 57: ck_assert_int_eq(expected[i], value->scheme);
! 58: i++;
! 59: }
! 60: }
! 61: enumerator->destroy(enumerator);
! 62: ck_assert(!expected[i]);
! 63: }
! 64:
! 65: START_TEST(test_sig_constraints)
! 66: {
! 67: auth_cfg_t *cfg;
! 68: signature_scheme_t none[] = {0};
! 69:
! 70: cfg = auth_cfg_create();
! 71: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, FALSE);
! 72: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
! 73: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, none);
! 74: cfg->destroy(cfg);
! 75:
! 76: lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
! 77: FALSE, lib->ns);
! 78:
! 79: cfg = auth_cfg_create();
! 80: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
! 81: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
! 82: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
! 83: cfg->destroy(cfg);
! 84: }
! 85: END_TEST
! 86:
! 87: START_TEST(test_ike_constraints_fallback)
! 88: {
! 89: auth_cfg_t *cfg;
! 90:
! 91: lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
! 92: TRUE, lib->ns);
! 93:
! 94: cfg = auth_cfg_create();
! 95: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
! 96: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
! 97: if (sig_constraints_tests[_i].ike[0])
! 98: {
! 99: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
! 100: }
! 101: else
! 102: {
! 103: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
! 104: }
! 105: cfg->destroy(cfg);
! 106: }
! 107: END_TEST
! 108:
! 109: typedef union {
! 110: rsa_pss_params_t pss;
! 111: } signature_param_types_t;
! 112:
! 113: struct {
! 114: char *constraints;
! 115: signature_scheme_t sig[5];
! 116: signature_param_types_t p[5];
! 117: } sig_constraints_params_tests[] = {
! 118: { "rsa/pss-sha256", { SIGN_RSA_EMSA_PSS, 0 }, {
! 119: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
! 120: { "rsa/pss-sha256-sha384", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, 0 }, {
! 121: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
! 122: { .pss = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, .salt_len = HASH_SIZE_SHA384, }}}},
! 123: { "rsa/pss-sha256-rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
! 124: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
! 125: { "rsa-sha256-rsa/pss-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PSS, 0 }, {
! 126: {},
! 127: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
! 128: { "rsa/pss", { 0 }, {}},
! 129: };
! 130:
! 131: static void check_sig_constraints_params(auth_cfg_t *cfg, auth_rule_t type,
! 132: signature_scheme_t scheme[],
! 133: signature_param_types_t p[])
! 134: {
! 135: enumerator_t *enumerator;
! 136: auth_rule_t t;
! 137: signature_params_t *value;
! 138: int i = 0;
! 139:
! 140: enumerator = cfg->create_enumerator(cfg);
! 141: while (enumerator->enumerate(enumerator, &t, &value))
! 142: {
! 143: if (t == type)
! 144: {
! 145: if (scheme[i] == SIGN_RSA_EMSA_PSS)
! 146: {
! 147: signature_params_t expected = {
! 148: .scheme = scheme[i],
! 149: .params = &p[i].pss,
! 150: };
! 151: ck_assert(signature_params_equal(value, &expected));
! 152: }
! 153: else
! 154: {
! 155: ck_assert(scheme[i]);
! 156: ck_assert(!value->params);
! 157: ck_assert_int_eq(scheme[i], value->scheme);
! 158: }
! 159: i++;
! 160: }
! 161: }
! 162: enumerator->destroy(enumerator);
! 163: ck_assert(!scheme[i]);
! 164: }
! 165:
! 166: START_TEST(test_sig_constraints_params)
! 167: {
! 168: auth_cfg_t *cfg;
! 169:
! 170: cfg = auth_cfg_create();
! 171: cfg->add_pubkey_constraints(cfg, sig_constraints_params_tests[_i].constraints, TRUE);
! 172: check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
! 173: sig_constraints_params_tests[_i].sig,
! 174: sig_constraints_params_tests[_i].p);
! 175: cfg->destroy(cfg);
! 176: }
! 177: END_TEST
! 178:
! 179: struct {
! 180: char *constraints;
! 181: signature_scheme_t sig[6];
! 182: signature_param_types_t p[6];
! 183: } sig_constraints_rsa_pss_tests[] = {
! 184: { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
! 185: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
! 186: { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
! 187: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
! 188: };
! 189:
! 190: START_TEST(test_sig_constraints_rsa_pss)
! 191: {
! 192: auth_cfg_t *cfg;
! 193:
! 194: lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns);
! 195:
! 196: cfg = auth_cfg_create();
! 197: cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE);
! 198: check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
! 199: sig_constraints_rsa_pss_tests[_i].sig,
! 200: sig_constraints_rsa_pss_tests[_i].p);
! 201: cfg->destroy(cfg);
! 202: }
! 203: END_TEST
! 204:
! 205: Suite *auth_cfg_suite_create()
! 206: {
! 207: Suite *s;
! 208: TCase *tc;
! 209:
! 210: s = suite_create("auth_cfg");
! 211:
! 212: tc = tcase_create("add_pubkey_constraints");
! 213: tcase_add_loop_test(tc, test_sig_constraints, 0, countof(sig_constraints_tests));
! 214: tcase_add_loop_test(tc, test_ike_constraints_fallback, 0, countof(sig_constraints_tests));
! 215: suite_add_tcase(s, tc);
! 216:
! 217: tc = tcase_create("add_pubkey_constraints parameters");
! 218: tcase_add_loop_test(tc, test_sig_constraints_params, 0, countof(sig_constraints_params_tests));
! 219: tcase_add_loop_test(tc, test_sig_constraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests));
! 220: suite_add_tcase(s, tc);
! 221:
! 222: return s;
! 223: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to test_auth_cfg.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / tests / suites