proposal-substructure: Fix incorrect type for IKEv2 proposals
[strongswan.git] / src / libcharon / tests / utils / exchange_test_helper.c
1 /*
2 * Copyright (C) 2016-2018 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "exchange_test_helper.h"
17 #include "mock_dh.h"
18 #include "mock_ipsec.h"
19 #include "mock_net.h"
20 #include "mock_nonce_gen.h"
21
22 #include <collections/array.h>
23 #include <credentials/sets/mem_cred.h>
24
25 typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;
26 typedef struct private_backend_t private_backend_t;
27
28 /**
29 * Private data
30 */
31 struct private_exchange_test_helper_t {
32
33 /**
34 * Public interface
35 */
36 exchange_test_helper_t public;
37
38 /**
39 * Credentials
40 */
41 mem_cred_t *creds;
42
43 /**
44 * IKE_SA SPI counter
45 */
46 refcount_t ike_spi;
47
48 /**
49 * List of registered listeners
50 */
51 array_t *listeners;
52 };
53
54 /**
55 * Custom backend_t implementation
56 */
57 struct private_backend_t {
58
59 /**
60 * Public interface
61 */
62 backend_t public;
63
64 /**
65 * Responder ike_cfg
66 */
67 ike_cfg_t *ike_cfg;
68
69 /**
70 * Responder peer_cfg/child_cfg
71 */
72 peer_cfg_t *peer_cfg;
73 };
74
75 CALLBACK(get_ike_spi, uint64_t,
76 private_exchange_test_helper_t *this)
77 {
78 return (uint64_t)ref_get(&this->ike_spi);
79 }
80
81 /*
82 * Described in header
83 */
84 exchange_test_helper_t *exchange_test_helper;
85
86 static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf)
87 {
88 ike_cfg_t *ike_cfg;
89 char *proposal = NULL;
90
91 ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
92 "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
93 if (conf)
94 {
95 proposal = initiator ? conf->initiator.ike : conf->responder.ike;
96 }
97 if (proposal)
98 {
99 ike_cfg->add_proposal(ike_cfg,
100 proposal_create_from_string(PROTO_IKE, proposal));
101 }
102 else
103 {
104 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
105 }
106 return ike_cfg;
107 }
108
109 static child_cfg_t *create_child_cfg(bool initiator,
110 exchange_test_sa_conf_t *conf)
111 {
112 child_cfg_t *child_cfg;
113 child_cfg_create_t child = {
114 .mode = MODE_TUNNEL,
115 };
116 char *proposal = NULL;
117
118 child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
119 if (conf)
120 {
121 proposal = initiator ? conf->initiator.esp : conf->responder.esp;
122 }
123 if (proposal)
124 {
125 child_cfg->add_proposal(child_cfg,
126 proposal_create_from_string(PROTO_ESP, proposal));
127 }
128 else
129 {
130 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
131 }
132 child_cfg->add_traffic_selector(child_cfg, TRUE,
133 traffic_selector_create_dynamic(0, 0, 65535));
134 child_cfg->add_traffic_selector(child_cfg, FALSE,
135 traffic_selector_create_dynamic(0, 0, 65535));
136 return child_cfg;
137 }
138
139 static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local)
140 {
141 auth_cfg_t *auth;
142 char *id = "init";
143
144 auth = auth_cfg_create();
145 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
146 if (initiator ^ local)
147 {
148 id = "resp";
149 }
150 auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
151 peer_cfg->add_auth_cfg(peer_cfg, auth, local);
152 }
153
154 static peer_cfg_t *create_peer_cfg(bool initiator,
155 exchange_test_sa_conf_t *conf)
156 {
157 peer_cfg_t *peer_cfg;
158 peer_cfg_create_t peer = {
159 .cert_policy = CERT_SEND_IF_ASKED,
160 .unique = UNIQUE_REPLACE,
161 .keyingtries = 1,
162 };
163
164 peer_cfg = peer_cfg_create(initiator ? "init" : "resp",
165 create_ike_cfg(initiator, conf), &peer);
166 add_auth_cfg(peer_cfg, initiator, TRUE);
167 add_auth_cfg(peer_cfg, initiator, FALSE);
168 return peer_cfg;
169 }
170
171 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
172 private_backend_t *this, host_t *me, host_t *other)
173 {
174 return enumerator_create_single(this->ike_cfg, NULL);
175 }
176
177 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
178 private_backend_t *this, identification_t *me, identification_t *other)
179 {
180 return enumerator_create_single(this->peer_cfg, NULL);
181 }
182
183 METHOD(exchange_test_helper_t, process_message, status_t,
184 private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message)
185 {
186 status_t status = FAILED;
187 ike_sa_id_t *id;
188
189 if (!message)
190 {
191 message = this->public.sender->dequeue(this->public.sender);
192 }
193 id = message->get_ike_sa_id(message);
194 id = id->clone(id);
195 id->switch_initiator(id);
196 if (!id->get_responder_spi(id) || id->equals(id, ike_sa->get_id(ike_sa)))
197 {
198 charon->bus->set_sa(charon->bus, ike_sa);
199 status = ike_sa->process_message(ike_sa, message);
200 charon->bus->set_sa(charon->bus, NULL);
201 }
202 message->destroy(message);
203 id->destroy(id);
204 return status;
205 }
206
207 METHOD(exchange_test_helper_t, establish_sa, void,
208 private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp,
209 exchange_test_sa_conf_t *conf)
210 {
211 private_backend_t backend = {
212 .public = {
213 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
214 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
215 .get_peer_cfg_by_name = (void*)return_null,
216 },
217 };
218 ike_sa_id_t *id_i, *id_r;
219 ike_sa_t *sa_i, *sa_r;
220 peer_cfg_t *peer_cfg;
221 child_cfg_t *child_cfg;
222
223 sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
224 IKEV2, TRUE);
225 id_i = sa_i->get_id(sa_i);
226
227 sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
228 IKEV2, FALSE);
229 id_r = sa_r->get_id(sa_r);
230
231 peer_cfg = create_peer_cfg(TRUE, conf);
232 child_cfg = create_child_cfg(TRUE, conf);
233 peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
234 sa_i->set_peer_cfg(sa_i, peer_cfg);
235 peer_cfg->destroy(peer_cfg);
236 call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL);
237
238 backend.ike_cfg = create_ike_cfg(FALSE, conf);
239 peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf);
240 child_cfg = create_child_cfg(FALSE, conf);
241 peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
242 child_cfg->destroy(child_cfg);
243 charon->backends->add_backend(charon->backends, &backend.public);
244
245 /* IKE_SA_INIT --> */
246 id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
247 process_message(this, sa_r, NULL);
248 /* <-- IKE_SA_INIT */
249 id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r));
250 process_message(this, sa_i, NULL);
251 /* IKE_AUTH --> */
252 process_message(this, sa_r, NULL);
253 /* <-- IKE_AUTH */
254 process_message(this, sa_i, NULL);
255
256 charon->backends->remove_backend(charon->backends, &backend.public);
257 DESTROY_IF(backend.peer_cfg);
258 DESTROY_IF(backend.ike_cfg);
259 }
260
261 METHOD(exchange_test_helper_t, add_listener, void,
262 private_exchange_test_helper_t *this, listener_t *listener)
263 {
264 array_insert_create(&this->listeners, ARRAY_TAIL, listener);
265 charon->bus->add_listener(charon->bus, listener);
266 }
267
268 /**
269 * Enable logging in charon as requested
270 */
271 static void initialize_logging()
272 {
273 int level = LEVEL_SILENT;
274 char *verbosity;
275
276 verbosity = getenv("TESTS_VERBOSITY");
277 if (verbosity)
278 {
279 level = atoi(verbosity);
280 }
281 lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
282 lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
283 level, lib->ns), lib->ns);
284 lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE,
285 lib->ns);
286 charon->load_loggers(charon);
287 }
288
289 /**
290 * Create a nonce generator with the first byte
291 */
292 static nonce_gen_t *create_nonce_gen()
293 {
294 return mock_nonce_gen_create(exchange_test_helper->nonce_first_byte);
295 }
296
297 /*
298 * Described in header
299 */
300 void exchange_test_helper_init(char *plugins)
301 {
302 private_exchange_test_helper_t *this;
303 plugin_feature_t features[] = {
304 PLUGIN_REGISTER(DH, mock_dh_create),
305 /* we only need to support a limited number of DH groups */
306 PLUGIN_PROVIDE(DH, MODP_2048_BIT),
307 PLUGIN_PROVIDE(DH, MODP_3072_BIT),
308 PLUGIN_PROVIDE(DH, ECP_256_BIT),
309 PLUGIN_REGISTER(NONCE_GEN, create_nonce_gen),
310 PLUGIN_PROVIDE(NONCE_GEN),
311 PLUGIN_DEPENDS(RNG, RNG_WEAK),
312 };
313
314 INIT(this,
315 .public = {
316 .sender = mock_sender_create(),
317 .establish_sa = _establish_sa,
318 .process_message = _process_message,
319 .add_listener = _add_listener,
320 },
321 .creds = mem_cred_create(),
322 );
323
324 initialize_logging();
325 lib->plugins->add_static_features(lib->plugins, "exchange-test-helper",
326 features, countof(features), TRUE, NULL, NULL);
327 /* the libcharon unit tests only load the libstrongswan plugins, unless
328 * TESTS_PLUGINS is defined */
329 charon->initialize(charon, plugins);
330 lib->plugins->status(lib->plugins, LEVEL_CTRL);
331
332 /* the original sender is not initialized because there is no socket */
333 charon->sender = (sender_t*)this->public.sender;
334 /* and there is no kernel plugin loaded
335 * TODO: we'd have more control if we'd implement kernel_interface_t */
336 charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
337 charon->kernel->add_net_interface(charon->kernel, mock_net_create);
338 /* like SPIs for IPsec SAs, make IKE SPIs predictable */
339 charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
340 this);
341
342 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
343
344 this->creds->add_shared(this->creds,
345 shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))),
346 identification_create_from_string("%any"), NULL);
347
348 exchange_test_helper = &this->public;
349 }
350
351 /*
352 * Described in header
353 */
354 void exchange_test_helper_deinit()
355 {
356 private_exchange_test_helper_t *this;
357 listener_t *listener;
358
359 this = (private_exchange_test_helper_t*)exchange_test_helper;
360
361 while (array_remove(this->listeners, ARRAY_HEAD, &listener))
362 {
363 charon->bus->remove_listener(charon->bus, listener);
364 }
365 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
366 this->creds->destroy(this->creds);
367 /* flush SAs before destroying the sender (in case of test failures) */
368 charon->ike_sa_manager->flush(charon->ike_sa_manager);
369 /* charon won't destroy this as it didn't initialize the original sender */
370 charon->sender->destroy(charon->sender);
371 charon->sender = NULL;
372 array_destroy(this->listeners);
373 free(this);
374 }