unit-tests: Make IKE and ESP proposals configurable
authorTobias Brunner <tobias@strongswan.org>
Tue, 24 May 2016 12:14:05 +0000 (14:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Jun 2016 16:48:03 +0000 (18:48 +0200)
src/libcharon/tests/suites/test_child_delete.c
src/libcharon/tests/suites/test_child_rekey.c
src/libcharon/tests/utils/exchange_test_helper.c
src/libcharon/tests/utils/exchange_test_helper.h

index 1b44798..51b3f05 100644 (file)
@@ -31,12 +31,12 @@ START_TEST(test_regular)
        if (_i)
        {       /* responder deletes the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        if (_i)
        {       /* responder deletes the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &b, &a);
+                                                                                  &b, &a, NULL);
        }
        else
        {       /* initiator deletes the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        }
        else
        {       /* initiator deletes the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &a, &b);
+                                                                                  &a, &b, NULL);
        }
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE);
        }
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE);
@@ -71,7 +71,7 @@ START_TEST(test_collision)
        ike_sa_t *a, *b;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
        ike_sa_t *a, *b;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                          &a, &b);
+                                                                          &a, &b, NULL);
        /* both peers delete the CHILD_SA concurrently */
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
        /* both peers delete the CHILD_SA concurrently */
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
@@ -137,7 +137,7 @@ START_TEST(test_collision_drop)
        message_t *msg;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
        message_t *msg;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                          &a, &b);
+                                                                          &a, &b, NULL);
        /* both peers delete the CHILD_SA concurrently */
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
        /* both peers delete the CHILD_SA concurrently */
        assert_hook_not_called(child_updown);
        call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE);
index 4fd4807..7355a8c 100644 (file)
@@ -45,12 +45,12 @@ START_TEST(test_regular)
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &b, &a);
+                                                                                  &b, &a, NULL);
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &a, &b);
+                                                                                  &a, &b, NULL);
        }
        initiate_rekey(a, spi_a);
 
        }
        initiate_rekey(a, spi_a);
 
@@ -105,7 +105,7 @@ START_TEST(test_collision)
        ike_sa_t *a, *b;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
        ike_sa_t *a, *b;
 
        exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                          &a, &b);
+                                                                          &a, &b, NULL);
 
        /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
         * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
 
        /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
         * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
@@ -235,12 +235,12 @@ START_TEST(test_collision_delete)
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &b, &a);
+                                                                                  &b, &a, NULL);
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &a, &b);
+                                                                                  &a, &b, NULL);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
@@ -322,12 +322,12 @@ START_TEST(test_collision_delete_drop_delete)
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &b, &a);
+                                                                                  &b, &a, NULL);
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &a, &b);
+                                                                                  &a, &b, NULL);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
@@ -407,12 +407,12 @@ END_TEST
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        if (_i)
        {       /* responder rekeys the CHILD_SA (SPI 2) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &b, &a);
+                                                                                  &b, &a, NULL);
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
        }
        else
        {       /* initiator rekeys the CHILD_SA (SPI 1) */
                exchange_test_helper->establish_sa(exchange_test_helper,
-                                                                                  &a, &b);
+                                                                                  &a, &b, NULL);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
        }
        initiate_rekey(a, spi_a);
        call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
index 018804e..038cca0 100644 (file)
@@ -21,6 +21,7 @@
 #include <credentials/sets/mem_cred.h>
 
 typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;
 #include <credentials/sets/mem_cred.h>
 
 typedef struct private_exchange_test_helper_t private_exchange_test_helper_t;
+typedef struct private_backend_t private_backend_t;
 
 /**
  * Private data
 
 /**
  * Private data
@@ -33,11 +34,6 @@ struct private_exchange_test_helper_t {
        exchange_test_helper_t public;
 
        /**
        exchange_test_helper_t public;
 
        /**
-        * Config backend
-        */
-       backend_t backend;
-
-       /**
         * Credentials
         */
        mem_cred_t *creds;
         * Credentials
         */
        mem_cred_t *creds;
@@ -48,6 +44,27 @@ struct private_exchange_test_helper_t {
        refcount_t ike_spi;
 };
 
        refcount_t ike_spi;
 };
 
+/**
+ * Custom backend_t implementation
+ */
+struct private_backend_t {
+
+       /**
+        * Public interface
+        */
+       backend_t public;
+
+       /**
+        * Responder ike_cfg
+        */
+       ike_cfg_t *ike_cfg;
+
+       /**
+        * Responder peer_cfg/child_cfg
+        */
+       peer_cfg_t *peer_cfg;
+};
+
 CALLBACK(get_ike_spi, uint64_t,
        private_exchange_test_helper_t *this)
 {
 CALLBACK(get_ike_spi, uint64_t,
        private_exchange_test_helper_t *this)
 {
@@ -59,26 +76,52 @@ CALLBACK(get_ike_spi, uint64_t,
  */
 exchange_test_helper_t *exchange_test_helper;
 
  */
 exchange_test_helper_t *exchange_test_helper;
 
-static ike_cfg_t *create_ike_cfg()
+static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf)
 {
        ike_cfg_t *ike_cfg;
 {
        ike_cfg_t *ike_cfg;
+       char *proposal = NULL;
 
        ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
                                                         "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
 
        ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT,
                                                         "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
-       ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       if (conf)
+       {
+               proposal = initiator ? conf->initiator.ike : conf->responder.ike;
+       }
+       if (proposal)
+       {
+               ike_cfg->add_proposal(ike_cfg,
+                                                       proposal_create_from_string(PROTO_IKE, proposal));
+       }
+       else
+       {
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       }
        return ike_cfg;
 }
 
        return ike_cfg;
 }
 
-static child_cfg_t *create_child_cfg(bool initiator)
+static child_cfg_t *create_child_cfg(bool initiator,
+                                                                        exchange_test_sa_conf_t *conf)
 {
        child_cfg_t *child_cfg;
        child_cfg_create_t child = {
                .mode = MODE_TUNNEL,
        };
 {
        child_cfg_t *child_cfg;
        child_cfg_create_t child = {
                .mode = MODE_TUNNEL,
        };
+       char *proposal = NULL;
 
        child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
 
        child_cfg = child_cfg_create(initiator ? "init" : "resp", &child);
-       child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
-       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
+       if (conf)
+       {
+               proposal = initiator ? conf->initiator.esp : conf->responder.esp;
+       }
+       if (proposal)
+       {
+               child_cfg->add_proposal(child_cfg,
+                                                       proposal_create_from_string(PROTO_ESP, proposal));
+       }
+       else
+       {
+               child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       }
        child_cfg->add_traffic_selector(child_cfg, TRUE,
                                                                traffic_selector_create_dynamic(0, 0, 65535));
        child_cfg->add_traffic_selector(child_cfg, FALSE,
        child_cfg->add_traffic_selector(child_cfg, TRUE,
                                                                traffic_selector_create_dynamic(0, 0, 65535));
        child_cfg->add_traffic_selector(child_cfg, FALSE,
@@ -101,7 +144,8 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local)
        peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }
 
        peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }
 
-static peer_cfg_t *create_peer_cfg(bool initiator)
+static peer_cfg_t *create_peer_cfg(bool initiator,
+                                                                  exchange_test_sa_conf_t *conf)
 {
        peer_cfg_t *peer_cfg;
        peer_cfg_create_t peer = {
 {
        peer_cfg_t *peer_cfg;
        peer_cfg_create_t peer = {
@@ -110,26 +154,23 @@ static peer_cfg_t *create_peer_cfg(bool initiator)
                .keyingtries = 1,
        };
 
                .keyingtries = 1,
        };
 
-       peer_cfg = peer_cfg_create(initiator ? "init" : "resp", create_ike_cfg(),
-                                                          &peer);
+       peer_cfg = peer_cfg_create(initiator ? "init" : "resp",
+                                                          create_ike_cfg(initiator, conf), &peer);
        add_auth_cfg(peer_cfg, initiator, TRUE);
        add_auth_cfg(peer_cfg, initiator, FALSE);
        add_auth_cfg(peer_cfg, initiator, TRUE);
        add_auth_cfg(peer_cfg, initiator, FALSE);
-       peer_cfg->add_child_cfg(peer_cfg, create_child_cfg(initiator));
        return peer_cfg;
 }
 
 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
        return peer_cfg;
 }
 
 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
-       backend_t *this, host_t *me, host_t *other)
+       private_backend_t *this, host_t *me, host_t *other)
 {
 {
-       ike_cfg_t *ike_cfg = create_ike_cfg();
-       return enumerator_create_single(ike_cfg, (void*)ike_cfg->destroy);
+       return enumerator_create_single(this->ike_cfg, NULL);
 }
 
 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
 }
 
 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
-       backend_t *this, identification_t *me, identification_t *other)
+       private_backend_t *this, identification_t *me, identification_t *other)
 {
 {
-       peer_cfg_t *peer_cfg = create_peer_cfg(FALSE);
-       return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
+       return enumerator_create_single(this->peer_cfg, NULL);
 }
 
 METHOD(exchange_test_helper_t, process_message, void,
 }
 
 METHOD(exchange_test_helper_t, process_message, void,
@@ -146,11 +187,20 @@ METHOD(exchange_test_helper_t, process_message, void,
 }
 
 METHOD(exchange_test_helper_t, establish_sa, void,
 }
 
 METHOD(exchange_test_helper_t, establish_sa, void,
-       private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp)
+       private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp,
+       exchange_test_sa_conf_t *conf)
 {
 {
+       private_backend_t backend = {
+               .public = {
+                       .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
+                       .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+                       .get_peer_cfg_by_name = (void*)return_null,
+               },
+       };
        ike_sa_id_t *id_i, *id_r;
        ike_sa_t *sa_i, *sa_r;
        peer_cfg_t *peer_cfg;
        ike_sa_id_t *id_i, *id_r;
        ike_sa_t *sa_i, *sa_r;
        peer_cfg_t *peer_cfg;
+       child_cfg_t *child_cfg;
 
        sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
                                                                                                                IKEV2, TRUE);
 
        sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
                                                                                                                IKEV2, TRUE);
@@ -160,10 +210,20 @@ METHOD(exchange_test_helper_t, establish_sa, void,
                                                                                                                IKEV2, FALSE);
        id_r = sa_r->get_id(sa_r);
 
                                                                                                                IKEV2, FALSE);
        id_r = sa_r->get_id(sa_r);
 
-       peer_cfg = create_peer_cfg(TRUE);
+       peer_cfg = create_peer_cfg(TRUE, conf);
+       child_cfg = create_child_cfg(TRUE, conf);
+       peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
        sa_i->set_peer_cfg(sa_i, peer_cfg);
        peer_cfg->destroy(peer_cfg);
        sa_i->set_peer_cfg(sa_i, peer_cfg);
        peer_cfg->destroy(peer_cfg);
-       call_ikesa(sa_i, initiate, create_child_cfg(TRUE), 0, NULL, NULL);
+       call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL);
+
+       backend.ike_cfg = create_ike_cfg(FALSE, conf);
+       peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf);
+       child_cfg = create_child_cfg(FALSE, conf);
+       peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+       child_cfg->destroy(child_cfg);
+       charon->backends->add_backend(charon->backends, &backend.public);
+
        /* IKE_SA_INIT --> */
        id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
        process_message(this, sa_r, NULL);
        /* IKE_SA_INIT --> */
        id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i));
        process_message(this, sa_r, NULL);
@@ -174,6 +234,10 @@ METHOD(exchange_test_helper_t, establish_sa, void,
        process_message(this, sa_r, NULL);
        /* <-- IKE_AUTH */
        process_message(this, sa_i, NULL);
        process_message(this, sa_r, NULL);
        /* <-- IKE_AUTH */
        process_message(this, sa_i, NULL);
+
+       charon->backends->remove_backend(charon->backends, &backend.public);
+       DESTROY_IF(backend.peer_cfg);
+       DESTROY_IF(backend.ike_cfg);
 }
 
 /**
 }
 
 /**
@@ -228,11 +292,6 @@ void exchange_test_helper_init(char *plugins)
                        .establish_sa = _establish_sa,
                        .process_message = _process_message,
                },
                        .establish_sa = _establish_sa,
                        .process_message = _process_message,
                },
-               .backend = {
-                       .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
-                       .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
-                       .get_peer_cfg_by_name = (void*)return_null,
-               },
                .creds = mem_cred_create(),
        );
 
                .creds = mem_cred_create(),
        );
 
@@ -253,7 +312,6 @@ void exchange_test_helper_init(char *plugins)
        charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
                                                                           this);
 
        charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
                                                                           this);
 
-       charon->backends->add_backend(charon->backends, &this->backend);
        lib->credmgr->add_set(lib->credmgr, &this->creds->set);
 
        this->creds->add_shared(this->creds,
        lib->credmgr->add_set(lib->credmgr, &this->creds->set);
 
        this->creds->add_shared(this->creds,
@@ -272,7 +330,6 @@ void exchange_test_helper_deinit()
 
        this = (private_exchange_test_helper_t*)exchange_test_helper;
 
 
        this = (private_exchange_test_helper_t*)exchange_test_helper;
 
-       charon->backends->remove_backend(charon->backends, &this->backend);
        lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
        this->creds->destroy(this->creds);
        /* can't let charon do it as it happens too late */
        lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
        this->creds->destroy(this->creds);
        /* can't let charon do it as it happens too late */
index 861ce0d..6530f75 100644 (file)
@@ -32,6 +32,7 @@
 #include "mock_sender.h"
 
 typedef struct exchange_test_helper_t exchange_test_helper_t;
 #include "mock_sender.h"
 
 typedef struct exchange_test_helper_t exchange_test_helper_t;
+typedef struct exchange_test_sa_conf_t exchange_test_sa_conf_t;
 
 struct exchange_test_helper_t {
 
 
 struct exchange_test_helper_t {
 
@@ -51,9 +52,10 @@ struct exchange_test_helper_t {
         *
         * @param[out] init             IKE_SA of the initiator
         * @param[out] resp             IKE_SA of the responder
         *
         * @param[out] init             IKE_SA of the initiator
         * @param[out] resp             IKE_SA of the responder
+        * @param conf                  configuration for SAs
         */
        void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init,
         */
        void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init,
-                                                ike_sa_t **resp);
+                                                ike_sa_t **resp, exchange_test_sa_conf_t *conf);
 
        /**
         * Pass a message to the given IKE_SA for processing, setting the IKE_SA on
 
        /**
         * Pass a message to the given IKE_SA for processing, setting the IKE_SA on
@@ -67,6 +69,19 @@ struct exchange_test_helper_t {
                                                        message_t *message);
 };
 
                                                        message_t *message);
 };
 
+struct exchange_test_sa_conf_t {
+
+       /**
+        * Configuration for initiator and responder
+        */
+       struct {
+               /** IKE proposal */
+               char *ike;
+               /** ESP proposal */
+               char *esp;
+       } initiator, responder;
+};
+
 /**
  * Since we don't use the IKE_SA manager to checkout SAs use this to call a
  * method on the given IKE_SA in its context.
 /**
  * Since we don't use the IKE_SA manager to checkout SAs use this to call a
  * method on the given IKE_SA in its context.