Annotation of embedaddon/strongswan/src/libstrongswan/tests/suites/test_auth_cfg.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2016 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "test_suite.h"
17:
18: #include <credentials/auth_cfg.h>
19:
20: struct {
21: char *constraints;
22: signature_scheme_t sig[5];
23: signature_scheme_t ike[5];
24: } sig_constraints_tests[] = {
25: { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
26: { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
27: { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
28: { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
29: { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
30: { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
31: { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
32: { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
33: { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
34: { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
35: { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
36: { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
37: { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
38: { "rsa4096-sha256", {0}, {0}},
39: { "sha256", {0}, {0}},
40: { "ike:sha256", {0}, {0}},
41: };
42:
43: static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
44: signature_scheme_t expected[])
45: {
46: enumerator_t *enumerator;
47: auth_rule_t t;
48: signature_params_t *value;
49: int i = 0;
50:
51: enumerator = cfg->create_enumerator(cfg);
52: while (enumerator->enumerate(enumerator, &t, &value))
53: {
54: if (t == type)
55: {
56: ck_assert(expected[i]);
57: ck_assert_int_eq(expected[i], value->scheme);
58: i++;
59: }
60: }
61: enumerator->destroy(enumerator);
62: ck_assert(!expected[i]);
63: }
64:
65: START_TEST(test_sig_constraints)
66: {
67: auth_cfg_t *cfg;
68: signature_scheme_t none[] = {0};
69:
70: cfg = auth_cfg_create();
71: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, FALSE);
72: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
73: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, none);
74: cfg->destroy(cfg);
75:
76: lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
77: FALSE, lib->ns);
78:
79: cfg = auth_cfg_create();
80: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
81: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
82: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
83: cfg->destroy(cfg);
84: }
85: END_TEST
86:
87: START_TEST(test_ike_constraints_fallback)
88: {
89: auth_cfg_t *cfg;
90:
91: lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
92: TRUE, lib->ns);
93:
94: cfg = auth_cfg_create();
95: cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
96: check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
97: if (sig_constraints_tests[_i].ike[0])
98: {
99: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
100: }
101: else
102: {
103: check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
104: }
105: cfg->destroy(cfg);
106: }
107: END_TEST
108:
109: typedef union {
110: rsa_pss_params_t pss;
111: } signature_param_types_t;
112:
113: struct {
114: char *constraints;
115: signature_scheme_t sig[5];
116: signature_param_types_t p[5];
117: } sig_constraints_params_tests[] = {
118: { "rsa/pss-sha256", { SIGN_RSA_EMSA_PSS, 0 }, {
119: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
120: { "rsa/pss-sha256-sha384", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, 0 }, {
121: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
122: { .pss = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, .salt_len = HASH_SIZE_SHA384, }}}},
123: { "rsa/pss-sha256-rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
124: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
125: { "rsa-sha256-rsa/pss-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PSS, 0 }, {
126: {},
127: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
128: { "rsa/pss", { 0 }, {}},
129: };
130:
131: static void check_sig_constraints_params(auth_cfg_t *cfg, auth_rule_t type,
132: signature_scheme_t scheme[],
133: signature_param_types_t p[])
134: {
135: enumerator_t *enumerator;
136: auth_rule_t t;
137: signature_params_t *value;
138: int i = 0;
139:
140: enumerator = cfg->create_enumerator(cfg);
141: while (enumerator->enumerate(enumerator, &t, &value))
142: {
143: if (t == type)
144: {
145: if (scheme[i] == SIGN_RSA_EMSA_PSS)
146: {
147: signature_params_t expected = {
148: .scheme = scheme[i],
149: .params = &p[i].pss,
150: };
151: ck_assert(signature_params_equal(value, &expected));
152: }
153: else
154: {
155: ck_assert(scheme[i]);
156: ck_assert(!value->params);
157: ck_assert_int_eq(scheme[i], value->scheme);
158: }
159: i++;
160: }
161: }
162: enumerator->destroy(enumerator);
163: ck_assert(!scheme[i]);
164: }
165:
166: START_TEST(test_sig_constraints_params)
167: {
168: auth_cfg_t *cfg;
169:
170: cfg = auth_cfg_create();
171: cfg->add_pubkey_constraints(cfg, sig_constraints_params_tests[_i].constraints, TRUE);
172: check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
173: sig_constraints_params_tests[_i].sig,
174: sig_constraints_params_tests[_i].p);
175: cfg->destroy(cfg);
176: }
177: END_TEST
178:
179: struct {
180: char *constraints;
181: signature_scheme_t sig[6];
182: signature_param_types_t p[6];
183: } sig_constraints_rsa_pss_tests[] = {
184: { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
185: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
186: { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
187: { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
188: };
189:
190: START_TEST(test_sig_constraints_rsa_pss)
191: {
192: auth_cfg_t *cfg;
193:
194: lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns);
195:
196: cfg = auth_cfg_create();
197: cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE);
198: check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
199: sig_constraints_rsa_pss_tests[_i].sig,
200: sig_constraints_rsa_pss_tests[_i].p);
201: cfg->destroy(cfg);
202: }
203: END_TEST
204:
205: Suite *auth_cfg_suite_create()
206: {
207: Suite *s;
208: TCase *tc;
209:
210: s = suite_create("auth_cfg");
211:
212: tc = tcase_create("add_pubkey_constraints");
213: tcase_add_loop_test(tc, test_sig_constraints, 0, countof(sig_constraints_tests));
214: tcase_add_loop_test(tc, test_ike_constraints_fallback, 0, countof(sig_constraints_tests));
215: suite_add_tcase(s, tc);
216:
217: tc = tcase_create("add_pubkey_constraints parameters");
218: tcase_add_loop_test(tc, test_sig_constraints_params, 0, countof(sig_constraints_params_tests));
219: tcase_add_loop_test(tc, test_sig_constraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests));
220: suite_add_tcase(s, tc);
221:
222: return s;
223: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to test_auth_cfg.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / tests / suites