- comments and cleanups
[strongswan.git] / Source / charon / testcases / sa_config_test.c
1 /**
2 * @file sa_config_test.c
3 *
4 * @brief Tests for the sa_config_t class.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "sa_config_test.h"
24
25 #include <daemon.h>
26 #include <config/sa_config.h>
27 #include <config/traffic_selector.h>
28 #include <utils/allocator.h>
29 #include <utils/logger.h>
30 #include <encoding/payloads/ts_payload.h>
31
32
33 /**
34 * Described in header.
35 */
36 void test_sa_config(protected_tester_t *tester)
37 {
38 sa_config_t *sa_config;
39 // traffic_selector_t *ts;
40 // linked_list_t *ts_stored, *ts_supplied, *ts_selected, *ts_expected;
41 proposal_t *proposal1, *proposal2, *proposal3, *proposal_sel;
42 linked_list_t *proposals_list;
43 iterator_t *iterator;
44 logger_t *logger;
45
46 logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL);
47 logger->disable_level(logger, FULL);
48
49 sa_config = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
50 ID_IPV4_ADDR, "152.96.193.131",
51 RSA_DIGITAL_SIGNATURE,
52 30000);
53
54 tester->assert_true(tester, (sa_config != NULL), "sa_config construction");
55
56
57 /*
58 * test proposal getting and selection
59 *
60 */
61
62 /* esp only prop */
63 proposal1 = proposal_create(1);
64 proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
65
66 /* ah only prop */
67 proposal2 = proposal_create(2);
68 proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
69
70 /* ah and esp prop */
71 proposal3 = proposal_create(3);
72 proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
73 proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
74
75
76 sa_config->add_proposal(sa_config, proposal1);
77 sa_config->add_proposal(sa_config, proposal2);
78 sa_config->add_proposal(sa_config, proposal3);
79
80
81 proposals_list = sa_config->get_proposals(sa_config);
82 tester->assert_true(tester, (proposals_list->get_count(proposals_list) == 3), "proposal count");
83
84
85 proposals_list = linked_list_create();
86 proposal1 = proposal_create(1);
87 proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
88 proposal2 = proposal_create(2);
89 proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
90 proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
91 proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
92 proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
93 proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
94
95 proposals_list->insert_last(proposals_list, proposal1);
96 proposals_list->insert_last(proposals_list, proposal2);
97
98 proposal_sel = sa_config->select_proposal(sa_config, proposals_list);
99 tester->assert_false(tester, proposal_sel == NULL, "proposal select");
100 /* check ESP encryption algo */
101 iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM);
102 tester->assert_false(tester, iterator == NULL, "algorithm select ESP");
103 while (iterator->has_next(iterator))
104 {
105 algorithm_t *algo;
106 iterator->current(iterator, (void**)&algo);
107 tester->assert_true(tester, algo->algorithm == ENCR_3DES, "ESP encryption algo");
108 tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize");
109 }
110 iterator->destroy(iterator);
111 iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM);
112 /* check AH integrity algo */
113 tester->assert_false(tester, iterator == NULL, "algorithm select AH");
114 while (iterator->has_next(iterator))
115 {
116 algorithm_t *algo;
117 iterator->current(iterator, (void**)&algo);
118 tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "ESP encryption algo");
119 tester->assert_true(tester, algo->key_size == 20, "ESP encryption keysize");
120 }
121 iterator->destroy(iterator);
122
123 proposal_sel->destroy(proposal_sel);
124
125 /* cleanup */
126 proposal1->destroy(proposal1);
127 proposal1->destroy(proposal2);
128 proposals_list->destroy(proposals_list);
129
130 // /*
131 // * test traffic selection getting and matching
132 // *
133 // */
134 //
135 // ts_stored = linked_list_create();
136 //
137 // /* allow any tcp */
138 // ts = traffic_selector_create_from_string(6, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
139 // ts_stored->insert_last(ts_stored, (void*)ts);
140 // /* allow udp on port 123 to ".122" */
141 // ts = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.122", 123, "152.96.193.122", 123);
142 // ts_stored->insert_last(ts_stored, (void*)ts);
143 // /* allow udp on ports > 2000 in subnet ... */
144 // ts = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.0", 2000, "152.96.193.255", 65535);
145 // ts_stored->insert_last(ts_stored, (void*)ts);
146 //
147 //
148 //
149 // /* define request and result */
150 //
151 // /* udp on subnet:123, should be reduced to ".122" */
152 // ts = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.0", 123, "152.96.193.255", 123);
153 // ts_supplied->insert_last(ts_supplied, (void*)ts);
154 // ts_reference[0] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.122", 123, "152.96.193.122", 123);
155 //
156 // /* should be granted. */
157 // ts_request[1] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.0", 2000, "152.96.193.255", 2000);
158 // ts_reference[1] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.0", 2000, "152.96.193.255", 2000);
159 //
160 // /* should be reduced to port 2000 - 3000. and range ".193.*" */
161 // ts_request[2] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.191.0", 1000, "152.96.194.255", 3000);
162 // ts_reference[2] = traffic_selector_create_from_string(7, TS_IPV4_ADDR_RANGE, "152.96.193.0", 2000, "152.96.193.255", 3000);
163 //
164 // /* icmp request, should be discarded */
165 // ts_request[3] = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
166 //
167 // sa_config->add_my_traffic_selector(sa_config, ts_policy[0]);
168 // sa_config->add_my_traffic_selector(sa_config, ts_policy[1]);
169 // sa_config->add_my_traffic_selector(sa_config, ts_policy[2]);
170 //
171 // count = sa_config->get_my_traffic_selectors(sa_config, &ts_result);
172 // tester->assert_true(tester, (count == 3), "ts get count");
173 // ts_result[0]->destroy(ts_result[0]);
174 // ts_result[0]->destroy(ts_result[1]);
175 // ts_result[0]->destroy(ts_result[2]);
176 // allocator_free(ts_result);
177 //
178 // count = sa_config->select_my_traffic_selectors(sa_config, &ts_request[0], 4, &ts_result);
179 // tester->assert_true(tester, (count == 3), "ts select count");
180 //
181 //
182 // /* store and restore into ts payload, tricky tricky */
183 // ts_payload = ts_payload_create_from_traffic_selectors(TRUE, ts_result, count);
184 //
185 // /* destroy */
186 // ts_result[0]->destroy(ts_result[0]);
187 // ts_result[0]->destroy(ts_result[1]);
188 // ts_result[0]->destroy(ts_result[2]);
189 // allocator_free(ts_result);
190 //
191 // /* get them again out of the payload */
192 // count = ts_payload->get_traffic_selectors(ts_payload, &ts_result);
193 // ts_payload->destroy(ts_payload);
194 //
195 //
196 //
197 // int i;
198 // for (i = 0; i<count; i++)
199 // {
200 // chunk_t fa_res = ts_result[i]->get_from_address(ts_result[i]);
201 // chunk_t fa_ref = ts_reference[i]->get_from_address(ts_reference[i]);
202 // chunk_t ta_res = ts_result[i]->get_to_address(ts_result[i]);
203 // chunk_t ta_ref = ts_reference[i]->get_to_address(ts_reference[i]);
204 // u_int16_t fp_res = ts_result[i]->get_from_port(ts_result[i]);
205 // u_int16_t fp_ref = ts_reference[i]->get_from_port(ts_reference[i]);
206 // u_int16_t tp_res = ts_result[i]->get_to_port(ts_result[i]);
207 // u_int16_t tp_ref = ts_reference[i]->get_to_port(ts_reference[i]);
208 //
209 //
210 // logger->log_chunk(logger, RAW, "from address result", &fa_res);
211 // logger->log_chunk(logger, RAW, "from address reference", &fa_ref);
212 // logger->log_chunk(logger, RAW, "to address result", &ta_res);
213 // logger->log_chunk(logger, RAW, "to address reference", &ta_ref);
214 // tester->assert_true(tester, fa_res.len == fa_ref.len, "from address len");
215 // tester->assert_false(tester, memcmp(fa_res.ptr, fa_ref.ptr,fa_res.len), "from address value");
216 // tester->assert_true(tester, ta_res.len == ta_ref.len, "to address len");
217 // tester->assert_false(tester, memcmp(ta_res.ptr, ta_ref.ptr,ta_res.len), "to address value");
218 //
219 // tester->assert_true(tester, fp_res == fp_ref, "from port");
220 // tester->assert_true(tester, tp_res == tp_ref, "to port");
221 //
222 // allocator_free(fa_res.ptr);
223 // allocator_free(fa_ref.ptr);
224 // allocator_free(ta_res.ptr);
225 // allocator_free(ta_ref.ptr);
226 // }
227 //
228 //
229 // /* destroy */
230 // ts_result[0]->destroy(ts_result[0]);
231 // ts_result[0]->destroy(ts_result[1]);
232 // ts_result[0]->destroy(ts_result[2]);
233 // allocator_free(ts_result);
234 //
235 // ts_policy[0]->destroy(ts_policy[0]);
236 // ts_policy[1]->destroy(ts_policy[1]);
237 // ts_policy[2]->destroy(ts_policy[2]);
238 // ts_request[0]->destroy(ts_request[0]);
239 // ts_reference[0]->destroy(ts_reference[0]);
240 // ts_request[1]->destroy(ts_request[1]);
241 // ts_reference[1]->destroy(ts_reference[1]);
242 // ts_request[2]->destroy(ts_request[2]);
243 // ts_reference[2]->destroy(ts_reference[2]);
244 // ts_request[3]->destroy(ts_request[3]);
245
246 sa_config->destroy(sa_config);
247 }