- fixed some BAD bugs
- clean localhost-testcases for bad_dh, shared and rsa
This commit is contained in:
parent
7fa8decb78
commit
6db4e80b56
|
@ -274,15 +274,16 @@ u_int8_t private_key_2[];
|
|||
*/
|
||||
static void load_default_config (private_configuration_manager_t *this)
|
||||
{
|
||||
init_config_t *init_config1, *init_config2, *init_config3;
|
||||
ike_proposal_t proposals[2];
|
||||
init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
|
||||
ike_proposal_t proposals[4];
|
||||
child_proposal_t child_proposals[1];
|
||||
sa_config_t *sa_config1, *sa_config2, *sa_config3;
|
||||
sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
|
||||
traffic_selector_t *ts;
|
||||
|
||||
init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
|
||||
|
||||
|
||||
|
@ -299,7 +300,13 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
proposals[1].integrity_algorithm_key_length = 20;
|
||||
proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
|
||||
proposals[1].pseudo_random_function_key_length = 20;
|
||||
proposals[1].diffie_hellman_group = MODP_1024_BIT;
|
||||
proposals[1].diffie_hellman_group = MODP_2048_BIT;
|
||||
|
||||
|
||||
proposals[2] = proposals[1];
|
||||
proposals[2].diffie_hellman_group = MODP_4096_BIT;
|
||||
proposals[3] = proposals[1];
|
||||
proposals[3].diffie_hellman_group = MODP_2048_BIT;
|
||||
|
||||
init_config1->add_proposal(init_config1,1,proposals[1]);
|
||||
init_config1->add_proposal(init_config1,1,proposals[0]);
|
||||
|
@ -307,7 +314,8 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
init_config2->add_proposal(init_config2,1,proposals[0]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[1]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[0]);
|
||||
|
||||
init_config4->add_proposal(init_config4,1,proposals[3]);
|
||||
init_config4->add_proposal(init_config4,1,proposals[2]);
|
||||
|
||||
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
|
||||
ID_IPV4_ADDR, "152.96.193.131",
|
||||
|
@ -324,14 +332,22 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
|
||||
sa_config2->add_traffic_selector_initiator(sa_config2,ts);
|
||||
sa_config2->add_traffic_selector_responder(sa_config2,ts);
|
||||
|
||||
|
||||
sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1",
|
||||
ID_IPV4_ADDR, "127.0.0.1",
|
||||
RSA_DIGITAL_SIGNATURE,
|
||||
SHARED_KEY_MESSAGE_INTEGRITY_CODE,
|
||||
30000);
|
||||
|
||||
sa_config3->add_traffic_selector_initiator(sa_config3,ts);
|
||||
sa_config3->add_traffic_selector_responder(sa_config3,ts);
|
||||
|
||||
sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1",
|
||||
ID_IPV4_ADDR, "127.0.0.1",
|
||||
RSA_DIGITAL_SIGNATURE,
|
||||
30000);
|
||||
|
||||
sa_config4->add_traffic_selector_initiator(sa_config4,ts);
|
||||
sa_config4->add_traffic_selector_responder(sa_config4,ts);
|
||||
|
||||
ts->destroy(ts);
|
||||
|
||||
|
@ -360,10 +376,13 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
|
||||
this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
|
||||
this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
|
||||
this->add_new_configuration(this,"localhost",init_config3,sa_config3);
|
||||
this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
|
||||
this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
|
||||
this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
|
||||
|
||||
|
||||
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
|
||||
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","scheisen");
|
||||
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
|
||||
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
|
||||
|
||||
this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
|
||||
|
@ -598,7 +617,7 @@ static void add_new_configuration (private_configuration_manager_t *this, char *
|
|||
this->sa_configs->insert_first(this->sa_configs,sa_config);
|
||||
}
|
||||
|
||||
this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
|
||||
this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -157,14 +157,19 @@ static void kill_daemon(private_daemon_t *this, char *reason)
|
|||
* Implementation of private_daemon_t.build_test_jobs.
|
||||
*/
|
||||
static void build_test_jobs(private_daemon_t *this)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i<1; i++)
|
||||
{
|
||||
initiate_ike_sa_job_t *initiate_job;
|
||||
initiate_job = initiate_ike_sa_job_create("pinflb30");
|
||||
this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
|
||||
}
|
||||
{
|
||||
char *config_name;
|
||||
initiate_ike_sa_job_t *initiate_job;
|
||||
|
||||
config_name = "localhost-rsa";
|
||||
/* config_name = "localhost-shared"; */
|
||||
/* config_name = "localhost-bad_dh_group"; */
|
||||
|
||||
|
||||
initiate_job = initiate_ike_sa_job_create(config_name);
|
||||
|
||||
this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -395,6 +395,7 @@ notify_payload_t *notify_payload_create()
|
|||
this->notify_message_type = 0;
|
||||
this->spi.ptr = NULL;
|
||||
this->spi.len = 0;
|
||||
this->spi_size = 0;
|
||||
this->notification_data.ptr = NULL;
|
||||
this->notification_data.len = 0;
|
||||
|
||||
|
|
|
@ -761,6 +761,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
|
|||
proposal_substructure = proposal_substructure_create();
|
||||
proposal_substructure->set_protocol_id(proposal_substructure,IKE);
|
||||
proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
|
||||
|
||||
|
||||
/* create transform substructures to hold each specific transform for an ike proposal */
|
||||
encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
|
||||
|
|
|
@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_established_ike_sa_job_t *this)
|
|||
/**
|
||||
* Implementation of job_t.destroy.
|
||||
*/
|
||||
static void destroy(job_t *job)
|
||||
static void destroy(private_delete_established_ike_sa_job_t *this)
|
||||
{
|
||||
private_delete_established_ike_sa_job_t *this = (private_delete_established_ike_sa_job_t *) job;
|
||||
this->ike_sa_id->destroy(this->ike_sa_id);
|
||||
allocator_free(this);
|
||||
}
|
||||
|
@ -79,7 +78,7 @@ delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_
|
|||
this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
|
||||
/* same as destroy */
|
||||
this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
|
||||
this->public.job_interface.destroy = destroy;
|
||||
this->public.job_interface.destroy = (void (*)(job_t*)) destroy;
|
||||
|
||||
/* public functions */
|
||||
this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_established_ike_sa_job_t *)) get_ike_sa_id;
|
||||
|
|
|
@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_half_open_ike_sa_job_t *this)
|
|||
/**
|
||||
* Implements job_t.destroy.
|
||||
*/
|
||||
static void destroy(job_t *job)
|
||||
static void destroy(private_delete_half_open_ike_sa_job_t *this)
|
||||
{
|
||||
private_delete_half_open_ike_sa_job_t *this = (private_delete_half_open_ike_sa_job_t *) job;
|
||||
this->ike_sa_id->destroy(this->ike_sa_id);
|
||||
allocator_free(this);
|
||||
}
|
||||
|
@ -79,7 +78,7 @@ delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *i
|
|||
this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
|
||||
/* same as destroy */
|
||||
this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
|
||||
this->public.job_interface.destroy = destroy;
|
||||
this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
|
||||
|
||||
/* public functions */
|
||||
this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_half_open_ike_sa_job_t *)) get_ike_sa_id;
|
||||
|
|
|
@ -278,14 +278,16 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
|
|||
|
||||
this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply));
|
||||
/* create new state */
|
||||
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
|
||||
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
|
||||
this->public.state_interface.destroy(&(this->public.state_interface));
|
||||
|
||||
|
||||
my_host = this->ike_sa->get_my_host(this->ike_sa);
|
||||
other_host = this->ike_sa->get_other_host(this->ike_sa);
|
||||
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s",
|
||||
my_host->get_address(my_host), other_host->get_address(other_host));
|
||||
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s",
|
||||
my_host->get_address(my_host), other_host->get_address(other_host),
|
||||
mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
|
||||
|
||||
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
|
||||
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
|
||||
this->public.state_interface.destroy(&(this->public.state_interface));
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -336,7 +338,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
|
|||
if (status != SUCCESS)
|
||||
{
|
||||
/* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
|
||||
this->logger->log(this->logger, CONTROL, "Responders SA_PAYLOAD contained no proposals, no CHILD_SA is built");
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
|
||||
return SUCCESS;
|
||||
}
|
||||
if (proposal_count > 1)
|
||||
|
|
|
@ -651,7 +651,12 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
|
|||
new_dh_group_priority = this->dh_group_priority + 1;
|
||||
|
||||
this->public.state_interface.destroy(&(this->public.state_interface));
|
||||
return (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority));
|
||||
if (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority) != SUCCESS)
|
||||
{
|
||||
return DELETE_ME;
|
||||
}
|
||||
return FAILED;
|
||||
|
||||
}
|
||||
default:
|
||||
{
|
||||
|
|
|
@ -313,15 +313,15 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
|
|||
return DELETE_ME;
|
||||
}
|
||||
|
||||
/* create new state */
|
||||
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
|
||||
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
|
||||
this->public.state_interface.destroy(&(this->public.state_interface));
|
||||
|
||||
my_host = this->ike_sa->get_my_host(this->ike_sa);
|
||||
/* create new state */my_host = this->ike_sa->get_my_host(this->ike_sa);
|
||||
other_host = this->ike_sa->get_other_host(this->ike_sa);
|
||||
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s",
|
||||
my_host->get_address(my_host), other_host->get_address(other_host));
|
||||
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s",
|
||||
my_host->get_address(my_host), other_host->get_address(other_host),
|
||||
mapping_find(auth_method_m, auth_request->get_auth_method(auth_request)));
|
||||
|
||||
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
|
||||
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
|
||||
this->public.state_interface.destroy(&(this->public.state_interface));
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
@ -404,6 +404,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
|
|||
{
|
||||
sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
|
||||
response->add_payload(response, (payload_t*)sa_response);
|
||||
allocator_free(proposal_chosen);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -411,22 +412,17 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
|
|||
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
|
||||
status = DELETE_ME;
|
||||
}
|
||||
allocator_free(proposals);
|
||||
}
|
||||
else
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
|
||||
/* this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
|
||||
status = DELETE_ME; */
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
|
||||
sa_response = sa_payload_create();
|
||||
response->add_payload(response, (payload_t*)sa_response);
|
||||
|
||||
status = SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
allocator_free(proposal_chosen);
|
||||
allocator_free(proposals);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
|
|
@ -557,6 +557,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
|
|||
this->sent_nonce = CHUNK_INITIALIZER;
|
||||
this->received_nonce = CHUNK_INITIALIZER;
|
||||
this->dh_group_number = MODP_UNDEFINED;
|
||||
this->diffie_hellman = NULL;
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
|
|
@ -241,13 +241,13 @@ int main()
|
|||
daemon_create();
|
||||
|
||||
charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
|
||||
//charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
|
||||
/* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */
|
||||
|
||||
tester_t *tester = tester_create(test_output, FALSE);
|
||||
|
||||
|
||||
// tester->perform_tests(tester,all_tests);
|
||||
tester->perform_test(tester,&linked_list_insert_and_remove_test);
|
||||
tester->perform_tests(tester,all_tests);
|
||||
/* tester->perform_test(tester,&linked_list_insert_and_remove_test); */
|
||||
|
||||
|
||||
tester->destroy(tester);
|
||||
|
|
Loading…
Reference in New Issue