static bool add_child_proposals(child_cfg_t *child_cfg)
{
proposal_t* proposal = proposal_create_from_string(PROTO_ESP, child_proposal_gcm);
if (!proposal)
{
DBG1(DBG_CFG, "Failed to create child proposal");
return FALSE;
}
child_cfg->add_proposal(child_cfg, proposal);
proposal = proposal_create_from_string(PROTO_ESP, child_proposal_gcm_dh);
if (proposal)
{
child_cfg->add_proposal(child_cfg, proposal);
}
proposal = proposal_create_from_string(PROTO_ESP, child_proposal_cbc);
if (proposal)
{
child_cfg->add_proposal(child_cfg, proposal);
}
proposal = proposal_create_from_string(PROTO_ESP, child_proposal_cbc_dh);
if (proposal)
{
child_cfg->add_proposal(child_cfg, proposal);
}
return TRUE;
}
END_TEST
START_TEST(test_unknown_transform_types_select_fail)
{
proposal_t *self, *other, *selected;
self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
other->add_algorithm(other, 242, 42, 0);
selected = self->select(self, other, TRUE, FALSE);
ck_assert(!selected);
other->destroy(other);
self->destroy(self);
}
END_TEST
START_TEST(test_unknown_transform_types_equals)
{
proposal_t *self, *other;
self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
other->add_algorithm(other, 242, 42, 0);
ck_assert(!self->equals(self, other));
ck_assert(!other->equals(other, self));
self->add_algorithm(self, 242, 42, 0);
ck_assert(self->equals(self, other));
ck_assert(other->equals(other, self));
other->destroy(other);
self->destroy(self);
}
static bool add_ike_proposals(ike_cfg_t *ike_cfg)
{
proposal_t* proposal = proposal_create_from_string(PROTO_IKE, ikev2_proposal_cbc);
if (!proposal)
{
DBG1(DBG_CFG, "Failed to create ike proposal");
return FALSE;
}
ike_cfg->add_proposal(ike_cfg, proposal);
proposal = proposal_create_from_string(PROTO_IKE, ikev2_proposal_gcm);
if (proposal)
{
ike_cfg->add_proposal(ike_cfg, proposal);
}
return TRUE;
}
END_TEST
START_TEST(test_unknown_transform_types_select_success)
{
proposal_t *self, *other, *selected;
self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
self->add_algorithm(self, 242, 42, 128);
other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
other->add_algorithm(other, 242, 42, 128);
other->add_algorithm(other, 242, 1, 0);
selected = self->select(self, other, TRUE, FALSE);
ck_assert(selected);
assert_proposal_eq(selected, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128");
selected->destroy(selected);
other->destroy(other);
self->destroy(self);
}
END_TEST
START_TEST(test_promote_dh_group_already_front)
{
proposal_t *proposal;
proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha256-modp3072-ecp256");
ck_assert(proposal->promote_dh_group(proposal, MODP_3072_BIT));
assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072/ECP_256");
proposal->destroy(proposal);
}
END_TEST
START_TEST(test_chacha20_poly1305_key_length)
{
proposal_t *proposal;
uint16_t alg, ks;
proposal = proposal_create_from_string(PROTO_IKE, "chacha20poly1305-prfsha256-ecp256");
proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &ks);
ck_assert_int_eq(alg, ENCR_CHACHA20_POLY1305);
ck_assert_int_eq(ks, 0);
assert_proposal_eq(proposal, "IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/ECP_256");
proposal->destroy(proposal);
}
END_TEST
START_TEST(test_select_spi)
{
proposal_t *self, *other, *selected;
self = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072");
other = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072");
other->set_spi(other, 0x12345678);
selected = self->select(self, other, TRUE, FALSE);
ck_assert(selected);
ck_assert_int_eq(selected->get_spi(selected), other->get_spi(other));
selected->destroy(selected);
selected = self->select(self, other, FALSE, FALSE);
ck_assert(selected);
ck_assert_int_eq(selected->get_spi(selected), self->get_spi(self));
selected->destroy(selected);
other->destroy(other);
self->destroy(self);
}
END_TEST
START_TEST(test_unknown_transform_types_print)
{
proposal_t *proposal;
proposal = proposal_create(PROTO_IKE, 0);
proposal->add_algorithm(proposal, 242, 42, 128);
assert_proposal_eq(proposal, "IKE:UNKNOWN_242_42_128");
proposal->destroy(proposal);
proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha256-ecp256");
proposal->add_algorithm(proposal, 242, 42, 128);
proposal->add_algorithm(proposal, 243, 1, 0);
assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128/UNKNOWN_243_1");
proposal->destroy(proposal);
}
END_TEST
START_TEST(test_derive_child_keys)
{
tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT);
fail_if(!dh, "Unable to create DH object");
proposal_t *proposal = proposal_create_from_string(PROTO_ESP,
"aes256-sha512-modp4096");
fail_if(!proposal, "Unable to create proposal");
proposal->set_spi(proposal, 42);
tkm_keymat_t *keymat = tkm_keymat_create(TRUE);
fail_if(!keymat, "Unable to create keymat");
chunk_t encr_i, encr_r, integ_i, integ_r;
chunk_t nonce = chunk_from_chars("test chunk");
fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
(diffie_hellman_t *)dh,
nonce, nonce, &encr_i,
&integ_i, &encr_r, &integ_r),
"Child key derivation failed");
esa_info_t *info = (esa_info_t *)encr_i.ptr;
fail_if(!info, "encr_i does not contain esa information");
fail_if(info->isa_id != keymat->get_isa_id(keymat),
"Isa context id mismatch (encr_i)");
fail_if(info->spi_r != 42,
"SPI mismatch (encr_i)");
fail_unless(chunk_equals(info->nonce_i, nonce),
"nonce_i mismatch (encr_i)");
fail_unless(chunk_equals(info->nonce_r, nonce),
"nonce_r mismatch (encr_i)");
fail_if(info->is_encr_r,
"Flag is_encr_r set for encr_i");
fail_if(info->dh_id != dh->get_id(dh),
"DH context id mismatch (encr_i)");
chunk_free(&info->nonce_i);
chunk_free(&info->nonce_r);
info = (esa_info_t *)encr_r.ptr;
fail_if(!info, "encr_r does not contain esa information");
fail_if(info->isa_id != keymat->get_isa_id(keymat),
"Isa context id mismatch (encr_r)");
fail_if(info->spi_r != 42,
"SPI mismatch (encr_r)");
fail_unless(chunk_equals(info->nonce_i, nonce),
"nonce_i mismatch (encr_r)");
fail_unless(chunk_equals(info->nonce_r, nonce),
"nonce_r mismatch (encr_r)");
fail_unless(info->is_encr_r,
"Flag is_encr_r set for encr_r");
fail_if(info->dh_id != dh->get_id(dh),
"DH context id mismatch (encr_i)");
chunk_free(&info->nonce_i);
chunk_free(&info->nonce_r);
proposal->destroy(proposal);
dh->dh.destroy(&dh->dh);
keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
chunk_free(&encr_i);
chunk_free(&encr_r);
}
