projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add keymat IKE key derivation test case
[strongswan.git] / src / charon-tkm / tests / keymat_tests.c
1 /*
2 * Copyright (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <check.h>
18 #include <daemon.h>
19 #include <hydra.h>
20 #include <config/proposal.h>
21 #include <encoding/payloads/ike_header.h>
22 #include <tkm/client.h>
23
24 #include "tkm.h"
25 #include "tkm_nonceg.h"
26 #include "tkm_diffie_hellman.h"
27 #include "tkm_keymat.h"
28
29 START_TEST(test_derive_ike_keys)
30 {
31 fail_if(!library_init(NULL), "Unable to init library");
32 fail_if(!libhydra_init("tkm-tests"), "Unable to init libhydra");
33 fail_if(!libcharon_init("tkm-tests"), "Unable to init libcharon");
34
35 /* Register TKM specific plugins */
36 static plugin_feature_t features[] = {
37 PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
38 PLUGIN_PROVIDE(NONCE_GEN),
39 PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
40 PLUGIN_PROVIDE(DH, MODP_3072_BIT),
41 PLUGIN_PROVIDE(DH, MODP_4096_BIT),
42 };
43 lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
44 countof(features), TRUE);
45
46 fail_if(!charon->initialize(charon, PLUGINS), "Unable to init charon");
47
48 proposal_t *proposal = proposal_create_from_string(PROTO_IKE,
49 "aes256-sha512-modp4096");
50 fail_if(!proposal, "Unable to create proposal");
51 ike_sa_id_t *ike_sa_id = ike_sa_id_create(IKEV2_MAJOR_VERSION,
52 123912312312, 32312313122, TRUE);
53 fail_if(!ike_sa_id, "Unable to create IKE SA ID");
54
55 tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
56 fail_if(!keymat, "Unable to create keymat");
57
58 chunk_t nonce;
59 tkm_nonceg_t *ng = tkm_nonceg_create();
60 fail_if(!ng, "Unable to create nonce generator");
61 fail_unless(ng->nonce_gen.allocate_nonce(&ng->nonce_gen, 32, &nonce),
62 "Unable to allocate nonce");
63 ng->nonce_gen.destroy(&ng->nonce_gen);
64
65 tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
66 fail_if(!dh, "Unable to create DH");
67
68 /* Use the same pubvalue for both sides */
69 chunk_t pubvalue;
70 dh->dh.get_my_public_value(&dh->dh, &pubvalue);
71 dh->dh.set_other_public_value(&dh->dh, pubvalue);
72
73 fail_unless(keymat->derive_ike_keys(keymat, proposal, &dh->dh, nonce, nonce,
74 ike_sa_id, PRF_UNDEFINED, chunk_empty), "Key derivation failed");
75 chunk_free(&nonce);
76
77 aead_t * const aead = keymat->keymat.get_aead(&keymat->keymat, TRUE);
78 fail_if(!aead, "AEAD is NULL");
79
80 fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
81 aead->get_key_size(aead));
82 fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d",
83 aead->get_block_size(aead));
84
85 proposal->destroy(proposal);
86 dh->dh.destroy(&dh->dh);
87 ike_sa_id->destroy(ike_sa_id);
88 keymat->keymat.destroy(&keymat->keymat);
89 chunk_free(&pubvalue);
90
91 libcharon_deinit();
92 libhydra_deinit();
93 library_deinit();
94 }
95 END_TEST
96
97 TCase *make_keymat_tests(void)
98 {
99 TCase *tc = tcase_create("Keymat tests");
100 tcase_add_test(tc, test_derive_ike_keys);
101
102 return tc;
103 }
strongSwan - IPsec VPN