- implemented functionality to generate sa payload from
authorJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 12:18:20 +0000 (12:18 -0000)
committerJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 12:18:20 +0000 (12:18 -0000)
child_proposal_t's and vice versa...

Source/charon/encoding/payloads/sa_payload.c
Source/charon/encoding/payloads/sa_payload.h
Source/charon/encoding/payloads/transform_substructure.c
Source/charon/encoding/payloads/transform_substructure.h
Source/charon/testcases/generator_test.c
Source/charon/testcases/parser_test.c
Source/charon/testcases/testcases.c

index d2aecf8..d2bfc9c 100644 (file)
@@ -394,6 +394,298 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
 }
 
 /**
+ * Implementation of sa_payload_t.get_child_proposals.
+ */
+static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t ** proposals, size_t *proposal_count)
+{
+       int found_child_proposals = 0;
+       int found_suites = 1;
+       int current_suite_number = 0;
+       
+       iterator_t *iterator;
+       child_proposal_t *tmp_proposals;
+       
+       iterator = this->proposals->create_iterator(this->proposals,TRUE);
+       
+       /* first find out the number of child proposals and check their number of transforms and 
+        * if the SPI is 4 byte long!*/
+       current_suite_number = 1;
+       while (iterator->has_next(iterator))
+       {
+               proposal_substructure_t *current_proposal;
+               iterator->current(iterator,(void **)&(current_proposal));
+               if ((current_proposal->get_protocol_id(current_proposal) == AH) ||
+                       (current_proposal->get_protocol_id(current_proposal) == ESP))
+               {
+                       if (current_proposal->get_spi_size(current_proposal) != 4)
+                   {
+                       iterator->destroy(iterator);
+                       return FAILED;
+                   }
+                       if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1))
+                       {
+                               found_suites++;
+                               current_suite_number = current_proposal->get_proposal_number(current_proposal);
+                       }       
+                       found_child_proposals++;
+               }
+       }
+       iterator->reset(iterator);
+       
+       if (found_child_proposals == 0)
+       {
+               iterator->destroy(iterator);
+               return NOT_FOUND;
+       }
+       
+       /* allocate memory to hold each proposal as child_proposal_t */
+
+       tmp_proposals = allocator_alloc(found_child_proposals * sizeof(child_proposal_t));
+       
+       current_suite_number = 1;
+       tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+       tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
+
+       tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
+       tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
+       tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+       
+       /* create from each proposal_substructure a child_proposal_t data area*/
+       while (iterator->has_next(iterator))
+       {
+               proposal_substructure_t *current_proposal;
+               iterator->current(iterator,(void **)&(current_proposal));
+               
+               if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1))
+               {
+                       current_suite_number++;
+                       if (current_suite_number > found_suites)
+                       {
+                               /* inconsistent situation */
+                               return FAILED;
+                       }
+                       tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+                       tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
+
+                       tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
+                       tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
+                       tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+               }
+                               
+               if (current_proposal->get_protocol_id(current_proposal) == AH)
+               {
+                       bool integrity_algorithm_found = FALSE;
+                       bool diffie_hellman_group_found = FALSE;
+                       bool extended_sequence_numbers_found = FALSE;
+                       iterator_t *transforms;
+                       status_t status;
+                       
+                       chunk_t spi;
+
+                       tmp_proposals[current_suite_number - 1].ah.is_set = TRUE;
+
+                       spi = current_proposal->get_spi(current_proposal);
+                       memcpy(tmp_proposals[current_suite_number - 1].ah.spi,spi.ptr,min(spi.len,4));
+
+                       transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
+                       while (transforms->has_next(transforms))
+                       {
+                               transform_substructure_t *current_transform;
+                               transforms->current(transforms,(void **)&(current_transform));
+                               
+                               switch (current_transform->get_transform_type(current_transform))
+                               {
+                                       case INTEGRITY_ALGORITHM:
+                                       {
+                                               u_int16_t key_size;
+                                               
+                                               if (integrity_algorithm_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = current_transform->get_transform_id(current_transform);
+                                               status = current_transform->get_key_length(current_transform,&key_size);
+                                               tmp_proposals[current_suite_number - 1].ah.integrity_algorithm_key_size = key_size;
+                                               if (status == SUCCESS)
+                                               {
+                                                       integrity_algorithm_found = TRUE;
+                                               }
+                                               break;
+                                       }
+                                       case EXTENDED_SEQUENCE_NUMBERS:
+                                       {
+                                               if (extended_sequence_numbers_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = current_transform->get_transform_id(current_transform);
+                                               extended_sequence_numbers_found = TRUE;
+                                               break;
+                                       }
+                                       case DIFFIE_HELLMAN_GROUP:
+                                       {
+                                               if (diffie_hellman_group_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = current_transform->get_transform_id(current_transform);
+                                               diffie_hellman_group_found = TRUE;
+                                               break;
+                                       }
+                                       default:
+                                       {
+                                               /* not a transform of an child proposal. return here */
+                                               transforms->destroy(transforms);
+                                               iterator->destroy(iterator);
+                                               allocator_free(tmp_proposals);
+                                               return FAILED;
+                                       }
+                               }
+                               
+                       }
+                       transforms->destroy(transforms);
+
+                       if (!integrity_algorithm_found)
+                       {
+                               /* one of needed transforms could not be found */
+                               iterator->reset(iterator);
+                               allocator_free(tmp_proposals);
+                               return FAILED;
+                       }
+               }
+               else if (current_proposal->get_protocol_id(current_proposal) == ESP)
+               {
+                       bool encryption_algorithm_found = FALSE;
+                       bool integrity_algorithm_found = FALSE;
+                       bool diffie_hellman_group_found = FALSE;
+                       bool extended_sequence_numbers_found = FALSE;
+                       iterator_t *transforms;
+                       status_t status;
+                       chunk_t spi;
+
+                       spi = current_proposal->get_spi(current_proposal);
+                       memcpy(tmp_proposals[current_suite_number - 1].esp.spi,spi.ptr,min(spi.len,4));
+                       tmp_proposals[current_suite_number - 1].esp.is_set = TRUE;
+
+
+                       transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
+                       while (transforms->has_next(transforms))
+                       {
+                               transform_substructure_t *current_transform;
+                               transforms->current(transforms,(void **)&(current_transform));
+                                                               
+                               switch (current_transform->get_transform_type(current_transform))
+                               {
+                                       case ENCRYPTION_ALGORITHM:
+                                       {
+                                               u_int16_t key_size;
+                                               
+                                               if (encryption_algorithm_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].esp.encryption_algorithm = current_transform->get_transform_id(current_transform);
+                                               status = current_transform->get_key_length(current_transform,&key_size);
+                                               tmp_proposals[current_suite_number - 1].esp.encryption_algorithm_key_size = key_size;
+                                               if (status == SUCCESS)
+                                               {
+                                                       encryption_algorithm_found = TRUE;
+                                               }
+                                               break;
+                                       }
+                                       case INTEGRITY_ALGORITHM:
+                                       {
+                                               u_int16_t key_size;
+                                               
+                                               if (integrity_algorithm_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = current_transform->get_transform_id(current_transform);
+                                               status = current_transform->get_key_length(current_transform,&key_size);
+                                               tmp_proposals[current_suite_number - 1].esp.integrity_algorithm_key_size = key_size;
+                                               if (status == SUCCESS)
+                                               {
+                                                       integrity_algorithm_found = TRUE;
+                                               }
+                                               break;
+                                       }
+                                       case EXTENDED_SEQUENCE_NUMBERS:
+                                       {
+                                               if (extended_sequence_numbers_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = current_transform->get_transform_id(current_transform);
+                                               extended_sequence_numbers_found = TRUE;
+                                               break;
+                                       }
+                                       case DIFFIE_HELLMAN_GROUP:
+                                       {
+                                               if (diffie_hellman_group_found)
+                                               {
+                                                               transforms->destroy(transforms);
+                                                               iterator->destroy(iterator);
+                                                               allocator_free(tmp_proposals);
+                                                               return FAILED;
+                                               }
+                                               tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = current_transform->get_transform_id(current_transform);
+                                               diffie_hellman_group_found = TRUE;
+                                               break;
+                                       }
+                                       default:
+                                       {
+                                               /* not a transform of an child proposal. return here */
+                                               transforms->destroy(transforms);
+                                               iterator->destroy(iterator);
+                                               allocator_free(tmp_proposals);
+                                               return FAILED;
+                                       }
+                               }
+                               
+                       }
+                       transforms->destroy(transforms);
+                       
+
+                       if (!encryption_algorithm_found)
+                       {
+                               /* one of needed transforms could not be found */
+                               iterator->reset(iterator);
+                               allocator_free(tmp_proposals);
+                               return FAILED;
+                       }
+                       
+               }
+       }
+
+       iterator->destroy(iterator);    
+       
+       *proposals = tmp_proposals;
+       *proposal_count = found_suites;
+
+       return SUCCESS;
+}
+
+
+/**
  * Implementation of private_sa_payload_t.compute_length.
  */
 static void compute_length (private_sa_payload_t *this)
@@ -432,6 +724,7 @@ sa_payload_t *sa_payload_create()
        this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
        this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
        this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
+       this->public.get_child_proposals = (status_t (*) (sa_payload_t *, child_proposal_t **, size_t *)) get_child_proposals;
        this->public.destroy = (void (*) (sa_payload_t *)) destroy;
        
        /* private functions */
@@ -486,3 +779,93 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
        
        return sa_payload;
 }
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count)
+{      
+       int i;
+       sa_payload_t *sa_payload= sa_payload_create();
+       
+       for (i = 0; i < proposal_count; i++)
+       {
+               /* first the AH part is created */
+               if (proposals[i].ah.is_set)
+               {
+                       transform_substructure_t *integrity_algorithm;
+                       proposal_substructure_t *proposal_substructure; 
+                       chunk_t spi;
+                       
+                       proposal_substructure = proposal_substructure_create();
+                       proposal_substructure->set_protocol_id(proposal_substructure,AH);
+                       proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
+                       spi.ptr = proposals[i].ah.spi;
+                       spi.len = 4;
+                       proposal_substructure->set_spi(proposal_substructure,spi);
+                       
+                       integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].ah.integrity_algorithm,proposals[i].ah.integrity_algorithm_key_size);
+                       proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
+                       if (proposals[i].ah.diffie_hellman_group != MODP_UNDEFINED)
+                       {
+                               transform_substructure_t *diffie_hellman_group;
+                               diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].ah.diffie_hellman_group,0);
+                               proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
+                               
+                       }
+                       if (proposals[i].ah.extended_sequence_numbers == EXT_SEQ_NUMBERS)
+                       {
+                               transform_substructure_t *extended_sequence_numbers;
+                               extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].ah.extended_sequence_numbers,0);
+                               proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers);
+                       }
+
+                       sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);        
+               }
+
+               /* then the ESP part is created */
+               if (proposals[i].esp.is_set)
+               {
+                       transform_substructure_t *encryption_algorithm;
+                       proposal_substructure_t *proposal_substructure; 
+                       chunk_t spi;
+                       
+                       proposal_substructure = proposal_substructure_create();
+                       proposal_substructure->set_protocol_id(proposal_substructure,ESP);
+                       proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
+                       spi.ptr = proposals[i].esp.spi;
+                       spi.len = 4;
+                       proposal_substructure->set_spi(proposal_substructure,spi);
+                       
+                       encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].esp.encryption_algorithm,proposals[i].esp.encryption_algorithm_key_size);
+                       proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
+                       
+                       if (proposals[i].esp.integrity_algorithm != AUTH_UNDEFINED)
+                       {
+                               transform_substructure_t *integrity_algorithm;
+                               integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].esp.integrity_algorithm,proposals[i].esp.integrity_algorithm_key_size);
+                               proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
+                               
+                       }
+                       
+                       if (proposals[i].esp.diffie_hellman_group != MODP_UNDEFINED)
+                       {
+                               transform_substructure_t *diffie_hellman_group;
+                               diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].esp.diffie_hellman_group,0);
+                               proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
+                               
+                       }
+                       if (proposals[i].esp.extended_sequence_numbers == EXT_SEQ_NUMBERS)
+                       {
+                               transform_substructure_t *extended_sequence_numbers;
+                               extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].esp.extended_sequence_numbers,0);
+                               proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers);
+                       }
+
+                       sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);                        
+               }
+               
+       }
+       
+       return sa_payload;
+}
index ad450b3..fff2142 100644 (file)
@@ -28,6 +28,7 @@
 #include <encoding/payloads/proposal_substructure.h>
 #include <utils/linked_list.h>
 #include <config/init_config.h>
+#include <config/sa_config.h>
 
 /**
  * Critical flag must not be set.
@@ -98,7 +99,19 @@ struct sa_payload_t {
         *                                                      - FAILED if a proposal does not contain all needed transforms
         *                                                        for a IKE_PROPOSAL 
         */
-       status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count); 
+       status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count);
+       
+       /**
+        * Creates an array of child_proposal_t's in this SA payload.
+        * 
+        * @param proposals                     the pointer to the first entry of child_proposal_t's is set
+        * @param proposal_count        the number of found proposals is written at this location
+        * @return
+        *                                                      - SUCCESS if child proposals could be found
+        *                                                      - NOT_FOUND if no child proposal could be found
+        *                                                      - FAILED if a proposal does not contain all needed transforms
+        */
+       status_t (*get_child_proposals) (sa_payload_t *this, child_proposal_t **proposals, size_t *proposal_count);     
 
        /**
         * @brief Destroys an sa_payload_t object.
@@ -128,4 +141,18 @@ sa_payload_t *sa_payload_create();
  */
 sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
 
+/**
+ * @brief Creates a sa_payload_t object from array of child_proposal_t's.
+ * 
+ * @warning for proposals where AH and ESP is not set, an empty proposal is created.
+ * 
+ * 
+ * @return                                     created sa_payload_t object
+ * @param proposals                    pointer to first proposal in array of type child_proposal_t
+ * @param proposal_count       number of child_proposal_t's in array
+ * 
+ * @ingroup payloads
+ */
+sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count);
+
 #endif /*SA_PAYLOAD_H_*/
index 99af36c..c519c67 100644 (file)
@@ -89,7 +89,7 @@ mapping_t transform_type_m[] = {
        {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
        {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
        {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
-       {EXTENDED_SEQUENCE_NUNBERS, "EXTENDED_SEQUENCE_NUNBERS"},
+       {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
        {MAPPING_END, NULL}
 };
 
@@ -207,7 +207,7 @@ static status_t verify(private_transform_substructure_t *this)
                        
                        break;
                }
-               case EXTENDED_SEQUENCE_NUNBERS:
+               case EXTENDED_SEQUENCE_NUMBERS:
                {
                        if ((this->transform_id != NO_EXT_SEQ_NUMBERS) && (this->transform_id != EXT_SEQ_NUMBERS))
                        {
index 6671dbc..b108f63 100644 (file)
@@ -62,7 +62,7 @@ enum transform_type_t {
        PSEUDO_RANDOM_FUNCTION = 2,
        INTEGRITY_ALGORITHM = 3,
        DIFFIE_HELLMAN_GROUP = 4,
-       EXTENDED_SEQUENCE_NUNBERS = 5
+       EXTENDED_SEQUENCE_NUMBERS = 5
 };
 
 /** 
index 1df430a..a2ae015 100644 (file)
@@ -418,6 +418,8 @@ void test_generator_with_sa_payload(tester_t *tester)
        transform_substructure_t *transform1, *transform2;
        proposal_substructure_t *proposal1, *proposal2;
        ike_proposal_t *ike_proposals;
+       size_t child_proposal_count;
+       child_proposal_t *child_proposals;
        size_t ike_proposal_count;
        sa_payload_t *sa_payload;
        ike_header_t *ike_header;
@@ -566,7 +568,7 @@ void test_generator_with_sa_payload(tester_t *tester)
        sa_payload->destroy(sa_payload);
        generator->destroy(generator);
        
-       
+       /* --------------------------- */
        /* test with automatic created proposals */
        
        generator = generator_create();
@@ -638,6 +640,138 @@ void test_generator_with_sa_payload(tester_t *tester)
        allocator_free(ike_proposals);
        allocator_free_chunk(&generated_data);
        generator->destroy(generator);
+       
+       
+       /* --------------------------- */
+       /* test with automatic created child proposals */
+
+       generator = generator_create();
+       tester->assert_true(tester,(generator != NULL), "generator create check");
+       
+
+       child_proposal_count = 2;
+       child_proposals = allocator_alloc(child_proposal_count * (sizeof(child_proposal_t)));
+
+       child_proposals[0].ah.is_set = TRUE;
+       child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
+       child_proposals[0].ah.integrity_algorithm_key_size = 20;
+       child_proposals[0].ah.diffie_hellman_group = MODP_2048_BIT;
+       child_proposals[0].ah.extended_sequence_numbers = EXT_SEQ_NUMBERS;
+       child_proposals[0].ah.spi[0] = 1;
+       child_proposals[0].ah.spi[1] = 1;
+       child_proposals[0].ah.spi[2] = 1;
+       child_proposals[0].ah.spi[3] = 1;
+
+       child_proposals[0].esp.is_set = TRUE;
+       child_proposals[0].esp.diffie_hellman_group = MODP_1024_BIT;
+       child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
+       child_proposals[0].esp.encryption_algorithm_key_size = 32;
+       child_proposals[0].esp.integrity_algorithm = AUTH_UNDEFINED;
+       child_proposals[0].esp.spi[0] = 2;
+       child_proposals[0].esp.spi[1] = 2;
+       child_proposals[0].esp.spi[2] = 2;
+       child_proposals[0].esp.spi[3] = 2;
+       
+       child_proposals[1].ah.is_set = TRUE;
+       child_proposals[1].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
+       child_proposals[1].ah.integrity_algorithm_key_size = 20;
+       child_proposals[1].ah.diffie_hellman_group = MODP_2048_BIT;
+       child_proposals[1].ah.extended_sequence_numbers = EXT_SEQ_NUMBERS;
+       child_proposals[1].ah.spi[0] = 1;
+       child_proposals[1].ah.spi[1] = 1;
+       child_proposals[1].ah.spi[2] = 1;
+       child_proposals[1].ah.spi[3] = 1;
+
+       child_proposals[1].esp.is_set = TRUE;
+       child_proposals[1].esp.diffie_hellman_group = MODP_1024_BIT;
+       child_proposals[1].esp.encryption_algorithm = ENCR_AES_CBC;
+       child_proposals[1].esp.encryption_algorithm_key_size = 32;
+       child_proposals[1].esp.integrity_algorithm = AUTH_HMAC_MD5_96;
+       child_proposals[1].esp.integrity_algorithm_key_size = 20;
+       child_proposals[1].esp.spi[0] = 2;
+       child_proposals[1].esp.spi[1] = 2;
+       child_proposals[1].esp.spi[2] = 2;
+       child_proposals[1].esp.spi[3] = 2;      
+       
+       
+       sa_payload = sa_payload_create_from_child_proposals(child_proposals,child_proposal_count);
+       tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check");
+
+       generator->generate_payload(generator,(payload_t *)sa_payload);
+       generator->write_to_chunk(generator,&generated_data);
+       logger->log_chunk(logger,RAW,"generated",&generated_data);      
+
+       u_int8_t expected_generation3[] = {     
+               0x00,0x00,0x00,0xA0, /* payload header*/
+
+                       /* suite 1 */
+                       0x02,0x00,0x00,0x28,  /* a proposal */
+                       0x01,0x02,0x04,0x03,
+                       0x01,0x01,0x01,0x01,
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+
+                               0x03,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x0E,  
+
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x05,0x00,0x00,0x01,  
+
+
+                       0x02,0x00,0x00,0x20,  /* a proposal */
+                       0x01,0x03,0x04,0x02,
+                       0x02,0x02,0x02,0x02,
+                       
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x01,0x00,0x00,0x0C,  
+                                       0x80,0x0E,0x00,0x20, /* keylength attribute with 32 bytes length */
+                                       
+                               0x00,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x02,  
+
+                       /* suite 2 */
+                       0x02,0x00,0x00,0x28,  /* a proposal */
+                       0x02,0x02,0x04,0x03,
+                       0x01,0x01,0x01,0x01,
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+
+                               0x03,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x0E,  
+
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x05,0x00,0x00,0x01,  
+
+
+                       0x00,0x00,0x00,0x2C,  /* a proposal */
+                       0x02,0x03,0x04,0x03,
+                       0x02,0x02,0x02,0x02,
+                       
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x01,0x00,0x00,0x0C,  
+                                       0x80,0x0E,0x00,0x20, /* keylength attribute with 32 bytes length */
+                                       
+                               0x03,0x00,0x00,0x0C, /* transform 2 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+                                       
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x04,0x00,0x00,0x02,  
+
+       };
+
+
+       logger->log_bytes(logger,RAW,"expected",expected_generation3,sizeof(expected_generation3));     
+       
+       tester->assert_true(tester,(memcmp(expected_generation3,generated_data.ptr,sizeof(expected_generation3)) == 0), "compare generated data");
+
+       sa_payload->destroy(sa_payload);
+       allocator_free(child_proposals);
+       allocator_free_chunk(&generated_data);
+       generator->destroy(generator);
+       
                
        charon->logger_manager->destroy_logger(charon->logger_manager,logger);  
        
index b873306..81e26d9 100644 (file)
@@ -96,10 +96,12 @@ void test_parser_with_sa_payload(tester_t *tester)
        parser_t *parser;
        sa_payload_t *sa_payload;
        status_t status;
-       chunk_t sa_chunk, sa_chunk2;
+       chunk_t sa_chunk, sa_chunk2, sa_chunk3;
        iterator_t *proposals, *transforms, *attributes;
     ike_proposal_t *ike_proposals;
     size_t ike_proposal_count;
+    child_proposal_t *child_proposals;
+    size_t child_proposal_count;
        
        /* first test generic parsing functionality */
                
@@ -262,6 +264,140 @@ void test_parser_with_sa_payload(tester_t *tester)
        {
                allocator_free(ike_proposals);
        }
+       sa_payload->destroy(sa_payload);
+       
+       /* now test SA functionality after parsing an SA payload with child sa proposals*/
+       u_int8_t sa_bytes3[] = {
+               0x00,0x00,0x00,0xA0, /* payload header*/
+
+                       /* suite 1 */
+                       0x02,0x00,0x00,0x28,  /* a proposal */
+                       0x01,0x02,0x04,0x03,
+                       0x01,0x01,0x01,0x01,
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+
+                               0x03,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x0E,  
+
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x05,0x00,0x00,0x01,  
+
+
+                       0x02,0x00,0x00,0x20,  /* a proposal */
+                       0x01,0x03,0x04,0x02,
+                       0x02,0x02,0x02,0x02,
+                       
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x01,0x00,0x00,0x0C,  
+                                       0x80,0x0E,0x00,0x20, /* keylength attribute with 32 bytes length */
+                                       
+                               0x00,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x02,  
+
+                       /* suite 2 */
+                       0x02,0x00,0x00,0x28,  /* a proposal */
+                       0x02,0x02,0x04,0x03,
+                       0x01,0x01,0x01,0x01,
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+
+                               0x03,0x00,0x00,0x08, /* transform 2 */
+                               0x04,0x00,0x00,0x0E,  
+
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x05,0x00,0x00,0x01,  
+
+
+                       0x00,0x00,0x00,0x2C,  /* a proposal */
+                       0x02,0x03,0x04,0x03,
+                       0x02,0x02,0x02,0x02,
+                       
+                               0x03,0x00,0x00,0x0C, /* transform 1 */
+                               0x01,0x00,0x00,0x0C,  
+                                       0x80,0x0E,0x00,0x20, /* keylength attribute with 32 bytes length */
+                                       
+                               0x03,0x00,0x00,0x0C, /* transform 2 */
+                               0x03,0x00,0x00,0x01,  
+                                       0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+                                       
+                               0x00,0x00,0x00,0x08, /* transform 3 */
+                               0x04,0x00,0x00,0x02,
+       };
+       
+       sa_chunk3.ptr = sa_bytes3;
+       sa_chunk3.len = sizeof(sa_bytes3);
+               
+       parser = parser_create(sa_chunk3);
+       tester->assert_true(tester,(parser != NULL), "parser create check");
+       status = parser->parse_payload(parser, SECURITY_ASSOCIATION, (payload_t**)&sa_payload);
+       tester->assert_true(tester,(status == SUCCESS),"parse_payload call check");
+       parser->destroy(parser);
+       
+       if (status != SUCCESS)
+       {
+               return; 
+       }
+
+       status = sa_payload->payload_interface.verify(&(sa_payload->payload_interface));
+       tester->assert_true(tester,(status == SUCCESS),"verify call check");
+
+       status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals, &ike_proposal_count);       
+       tester->assert_false(tester,(status == SUCCESS),"get ike proposals call check");
+       
+       status = sa_payload->get_child_proposals (sa_payload, &child_proposals, &child_proposal_count); 
+       tester->assert_true(tester,(status == SUCCESS),"get child proposals call check");       
+       
+
+       tester->assert_true(tester,(child_proposal_count == 2),"child proposal count check");
+       tester->assert_true(tester,(child_proposals[0].ah.is_set == TRUE),"is ah set check");
+       tester->assert_true(tester,(child_proposals[0].ah.integrity_algorithm == AUTH_HMAC_MD5_96),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[0].ah.integrity_algorithm_key_size == 20),"integrity_algorithm_key_size check");
+       tester->assert_true(tester,(child_proposals[0].ah.diffie_hellman_group == MODP_2048_BIT),"diffie_hellman_group check");
+       tester->assert_true(tester,(child_proposals[0].ah.extended_sequence_numbers == EXT_SEQ_NUMBERS),"extended_sequence_numbers check");
+       tester->assert_true(tester,(child_proposals[0].ah.spi[0] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[0].ah.spi[1] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[0].ah.spi[2] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[0].ah.spi[3] == 1),"spi check");
+       
+       tester->assert_true(tester,(child_proposals[0].esp.is_set == TRUE),"is ah set check");
+       tester->assert_true(tester,(child_proposals[0].esp.encryption_algorithm == ENCR_AES_CBC),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[0].esp.encryption_algorithm_key_size == 32),"integrity_algorithm_key_size check");
+       tester->assert_true(tester,(child_proposals[0].esp.diffie_hellman_group == MODP_1024_BIT),"diffie_hellman_group check");
+       tester->assert_true(tester,(child_proposals[0].esp.integrity_algorithm == AUTH_UNDEFINED),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[0].esp.spi[0] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[0].esp.spi[1] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[0].esp.spi[2] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[0].esp.spi[3] == 2),"spi check");
+
+       tester->assert_true(tester,(child_proposals[1].ah.is_set == TRUE),"is ah set check");
+       tester->assert_true(tester,(child_proposals[1].ah.integrity_algorithm == AUTH_HMAC_MD5_96),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[1].ah.integrity_algorithm_key_size == 20),"integrity_algorithm_key_size check");
+       tester->assert_true(tester,(child_proposals[1].ah.diffie_hellman_group == MODP_2048_BIT),"diffie_hellman_group check");
+       tester->assert_true(tester,(child_proposals[1].ah.extended_sequence_numbers == EXT_SEQ_NUMBERS),"extended_sequence_numbers check");
+       tester->assert_true(tester,(child_proposals[1].ah.spi[0] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[1].ah.spi[1] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[1].ah.spi[2] == 1),"spi check");
+       tester->assert_true(tester,(child_proposals[1].ah.spi[3] == 1),"spi check");    
+
+       tester->assert_true(tester,(child_proposals[1].esp.is_set == TRUE),"is ah set check");
+       tester->assert_true(tester,(child_proposals[1].esp.encryption_algorithm == ENCR_AES_CBC),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[1].esp.encryption_algorithm_key_size == 32),"integrity_algorithm_key_size check");
+       tester->assert_true(tester,(child_proposals[1].esp.diffie_hellman_group == MODP_1024_BIT),"diffie_hellman_group check");
+       tester->assert_true(tester,(child_proposals[1].esp.integrity_algorithm == AUTH_HMAC_MD5_96),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[1].esp.integrity_algorithm_key_size == 20),"integrity_algorithm check");
+       tester->assert_true(tester,(child_proposals[1].esp.spi[0] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[1].esp.spi[1] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[1].esp.spi[2] == 2),"spi check");
+       tester->assert_true(tester,(child_proposals[1].esp.spi[3] == 2),"spi check");
+
+       if (status == SUCCESS)
+       {
+               allocator_free(child_proposals);
+       }
+
        
        sa_payload->destroy(sa_payload);
 }
index 4ec6834..0d1a086 100644 (file)
@@ -206,12 +206,12 @@ int main()
        daemon_create();
  
        charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
-       //charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
+//     charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
        
        tester_t *tester = tester_create(test_output, FALSE);
        
        tester->perform_tests(tester,all_tests);
-//     tester->perform_test(tester,&generator_test5); 
+//     tester->perform_test(tester,&parser_test2); 
        
        
        tester->destroy(tester);