implemented and tested functionality to create sa_payload from
ike_proposal_t's and also generate ike_proposal_t's from sa_payload
This commit is contained in:
parent
d45ec1dedf
commit
b737e9d9e8
|
@ -25,8 +25,11 @@
|
|||
|
||||
#include <types.h>
|
||||
#include <network/host.h>
|
||||
#include <encoding/payloads/sa_payload.h>
|
||||
#include <utils/iterator.h>
|
||||
#include <transforms/crypters/crypter.h>
|
||||
#include <transforms/prfs/prf.h>
|
||||
#include <transforms/signers/signer.h>
|
||||
#include <transforms/diffie_hellman.h>
|
||||
|
||||
typedef struct ike_proposal_t ike_proposal_t;
|
||||
|
||||
|
@ -65,11 +68,12 @@ struct ike_proposal_t {
|
|||
u_int16_t pseudo_random_function_key_length;
|
||||
|
||||
/**
|
||||
* Diffie hellman group
|
||||
* Diffie hellman group.
|
||||
*/
|
||||
diffie_hellman_group_t diffie_hellman_group;
|
||||
};
|
||||
|
||||
|
||||
typedef struct init_config_t init_config_t;
|
||||
|
||||
/**
|
||||
|
|
|
@ -144,7 +144,7 @@ static status_t verify(private_proposal_substructure_t *this)
|
|||
status_t status = SUCCESS;
|
||||
iterator_t *iterator;
|
||||
|
||||
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != PROPOSAL_SUBSTRUCTURE))
|
||||
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
|
||||
{
|
||||
/* must be 0 or 2 */
|
||||
return FAILED;
|
||||
|
@ -250,6 +250,15 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr
|
|||
this->compute_length(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of proposal_substructure_t.proposal_substructure_t.
|
||||
*/
|
||||
static void set_is_last_proposal (private_proposal_substructure_t *this, bool is_last)
|
||||
{
|
||||
this->next_payload = (is_last) ? 0: PROPOSAL_TYPE_VALUE;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of proposal_substructure_t.set_proposal_number.
|
||||
*/
|
||||
|
@ -373,6 +382,22 @@ static void compute_length (private_proposal_substructure_t *this)
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of proposal_substructure_t.get_transform_count.
|
||||
*/
|
||||
static size_t get_transform_count (private_proposal_substructure_t *this)
|
||||
{
|
||||
return this->transforms->get_count(this->transforms);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of proposal_substructure_t.get_spi_size.
|
||||
*/
|
||||
static size_t get_spi_size (private_proposal_substructure_t *this)
|
||||
{
|
||||
return this->spi.len;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of proposal_substructure_t.clone.
|
||||
*/
|
||||
|
@ -464,8 +489,12 @@ proposal_substructure_t *proposal_substructure_create()
|
|||
this->public.set_protocol_id = (void (*) (proposal_substructure_t *,u_int8_t))set_protocol_id;
|
||||
this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id;
|
||||
this->public.get_info_for_transform_type = (status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type;
|
||||
this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal;
|
||||
|
||||
this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
|
||||
this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
|
||||
this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
|
||||
this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;
|
||||
this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone;
|
||||
this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
|
||||
|
||||
|
|
|
@ -28,6 +28,13 @@
|
|||
#include <encoding/payloads/transform_substructure.h>
|
||||
#include <utils/linked_list.h>
|
||||
|
||||
/**
|
||||
* IKEv1 Value for a proposal payload.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
#define PROPOSAL_TYPE_VALUE 2
|
||||
|
||||
/**
|
||||
* Length of the proposal substructure header
|
||||
* (without spi).
|
||||
|
@ -106,6 +113,22 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
|
||||
|
||||
/**
|
||||
* @brief get the number of transforms in current proposal.
|
||||
*
|
||||
* @param this calling proposal_substructure_t object
|
||||
* @return transform count in current proposal
|
||||
*/
|
||||
size_t (*get_transform_count) (proposal_substructure_t *this);
|
||||
|
||||
/**
|
||||
* @brief get size of the set spi in bytes.
|
||||
*
|
||||
* @param this calling proposal_substructure_t object
|
||||
* @return size of the spi in bytes
|
||||
*/
|
||||
size_t (*get_spi_size) (proposal_substructure_t *this);
|
||||
|
||||
/**
|
||||
* @brief Sets the protocol id of current proposal.
|
||||
*
|
||||
|
@ -136,6 +159,16 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
status_t (*get_info_for_transform_type) (proposal_substructure_t *this,transform_type_t type, u_int16_t *transform_id, u_int16_t *key_length);
|
||||
|
||||
/**
|
||||
* @brief Sets the next_payload field of this substructure
|
||||
*
|
||||
* If this is the last proposal, next payload field is set to 0,
|
||||
* otherwise to 2
|
||||
*
|
||||
* @param this calling proposal_substructure_t object
|
||||
* @param is_last When TRUE, next payload field is set to 0, otherwise to 2
|
||||
*/
|
||||
void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
|
||||
|
||||
/**
|
||||
* @brief Returns the currently set SPI of this proposal.
|
||||
|
|
|
@ -243,10 +243,156 @@ static iterator_t *create_proposal_substructure_iterator (private_sa_payload_t *
|
|||
*/
|
||||
static void add_proposal_substructure (private_sa_payload_t *this,proposal_substructure_t *proposal)
|
||||
{
|
||||
status_t status;
|
||||
if (this->proposals->get_count(this->proposals) > 0)
|
||||
{
|
||||
proposal_substructure_t *last_proposal;
|
||||
status = this->proposals->get_last(this->proposals,(void **) &last_proposal);
|
||||
/* last transform is now not anymore last one */
|
||||
last_proposal->set_is_last_proposal(last_proposal,FALSE);
|
||||
}
|
||||
proposal->set_is_last_proposal(proposal,TRUE);
|
||||
|
||||
this->proposals->insert_last(this->proposals,(void *) proposal);
|
||||
this->compute_length(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of sa_payload_t.get_ike_proposals.
|
||||
*/
|
||||
static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
|
||||
{
|
||||
int found_ike_proposals = 0;
|
||||
int current_proposal_number = 0;
|
||||
iterator_t *iterator;
|
||||
ike_proposal_t *tmp_proposals;
|
||||
|
||||
|
||||
iterator = this->proposals->create_iterator(this->proposals,TRUE);
|
||||
|
||||
/* first find out the number of ike proposals and check their number of transforms and
|
||||
* if the SPI is empty!*/
|
||||
while (iterator->has_next(iterator))
|
||||
{
|
||||
proposal_substructure_t *current_proposal;
|
||||
iterator->current(iterator,(void **)&(current_proposal));
|
||||
if (current_proposal->get_protocol_id(current_proposal) == IKE)
|
||||
{
|
||||
/* a ike proposal consists of 4 transforms and an empty spi*/
|
||||
if ((current_proposal->get_transform_count(current_proposal) != 4) ||
|
||||
(current_proposal->get_spi_size(current_proposal) != 0))
|
||||
{
|
||||
iterator->destroy(iterator);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
found_ike_proposals++;
|
||||
}
|
||||
}
|
||||
iterator->reset(iterator);
|
||||
|
||||
if (found_ike_proposals == 0)
|
||||
{
|
||||
iterator->destroy(iterator);
|
||||
return NOT_FOUND;
|
||||
}
|
||||
|
||||
/* allocate memory to hold each proposal as ike_proposal_t */
|
||||
|
||||
tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t));
|
||||
|
||||
/* create from each proposal_substructure a ike_proposal_t data area*/
|
||||
while (iterator->has_next(iterator))
|
||||
{
|
||||
proposal_substructure_t *current_proposal;
|
||||
iterator->current(iterator,(void **)&(current_proposal));
|
||||
if (current_proposal->get_protocol_id(current_proposal) == IKE)
|
||||
{
|
||||
bool encryption_algorithm_found = FALSE;
|
||||
bool integrity_algorithm_found = FALSE;
|
||||
bool pseudo_random_function_found = FALSE;
|
||||
bool diffie_hellman_group_found = FALSE;
|
||||
status_t status;
|
||||
iterator_t *transforms;
|
||||
|
||||
transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
|
||||
while (transforms->has_next(transforms))
|
||||
{
|
||||
transform_substructure_t *current_transform;
|
||||
transforms->current(transforms,(void **)&(current_transform));
|
||||
|
||||
switch (current_transform->get_transform_type(current_transform))
|
||||
{
|
||||
case ENCRYPTION_ALGORITHM:
|
||||
{
|
||||
tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform);
|
||||
status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length));
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
encryption_algorithm_found = TRUE;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case INTEGRITY_ALGORITHM:
|
||||
{
|
||||
tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform);
|
||||
status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length));
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
integrity_algorithm_found = TRUE;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case PSEUDO_RANDOM_FUNCTION:
|
||||
{
|
||||
tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform);
|
||||
status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length));
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
pseudo_random_function_found = TRUE;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DIFFIE_HELLMAN_GROUP:
|
||||
{
|
||||
tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform);
|
||||
diffie_hellman_group_found = TRUE;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
/* not a transform of an ike proposal. Break here */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
transforms->destroy(transforms);
|
||||
|
||||
if ((!encryption_algorithm_found) ||
|
||||
(!integrity_algorithm_found) ||
|
||||
(!pseudo_random_function_found) ||
|
||||
(!diffie_hellman_group_found))
|
||||
{
|
||||
/* one of needed transforms could not be found */
|
||||
iterator->reset(iterator);
|
||||
allocator_free(tmp_proposals);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
current_proposal_number++;
|
||||
}
|
||||
}
|
||||
|
||||
iterator->destroy(iterator);
|
||||
|
||||
*proposals = tmp_proposals;
|
||||
*proposal_count = found_ike_proposals;
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_sa_payload_t.compute_length.
|
||||
*/
|
||||
|
@ -285,6 +431,7 @@ sa_payload_t *sa_payload_create()
|
|||
/* public functions */
|
||||
this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
|
||||
this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
|
||||
this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
|
||||
this->public.destroy = (void (*) (sa_payload_t *)) destroy;
|
||||
|
||||
/* private functions */
|
||||
|
@ -299,4 +446,43 @@ sa_payload_t *sa_payload_create()
|
|||
return (&(this->public));
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count)
|
||||
{
|
||||
int i;
|
||||
sa_payload_t *sa_payload= sa_payload_create();
|
||||
|
||||
for (i = 0; i < proposal_count; i++)
|
||||
{
|
||||
proposal_substructure_t *proposal_substructure;
|
||||
transform_substructure_t *encryption_algorithm;
|
||||
transform_substructure_t *integrity_algorithm;
|
||||
transform_substructure_t *pseudo_random_function;
|
||||
transform_substructure_t *diffie_hellman_group;
|
||||
|
||||
/* create proposal substructure */
|
||||
proposal_substructure = proposal_substructure_create();
|
||||
proposal_substructure->set_protocol_id(proposal_substructure,IKE);
|
||||
proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
|
||||
|
||||
/* create transform substructures to hold each specific transform for an ike proposal */
|
||||
encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
|
||||
proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
|
||||
|
||||
pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length);
|
||||
proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function);
|
||||
|
||||
integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length);
|
||||
proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
|
||||
|
||||
diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0);
|
||||
proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
|
||||
|
||||
/* add proposal to sa payload */
|
||||
sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);
|
||||
}
|
||||
|
||||
return sa_payload;
|
||||
}
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
#include <encoding/payloads/payload.h>
|
||||
#include <encoding/payloads/proposal_substructure.h>
|
||||
#include <utils/linked_list.h>
|
||||
#include <config/init_config.h>
|
||||
|
||||
/**
|
||||
* Critical flag must not be set.
|
||||
|
@ -82,6 +83,22 @@ struct sa_payload_t {
|
|||
* @param proposal proposal_substructure_t object to add
|
||||
*/
|
||||
void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal);
|
||||
|
||||
/**
|
||||
* Creates an array of ike_proposal_t's in this SA payload.
|
||||
*
|
||||
* An IKE proposal consist of transform of type ENCRYPTION_ALGORITHM,
|
||||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM and DIFFIE_HELLMAN_GROUP
|
||||
*
|
||||
* @param proposals the pointer to the first entry of ike_proposal_t's is set
|
||||
* @param proposal_count the number of found proposals is written at this location
|
||||
* @return
|
||||
* - SUCCESS if an IKE proposal could be found
|
||||
* - NOT_FOUND if no IKE proposal could be found
|
||||
* - FAILED if a proposal does not contain all needed transforms
|
||||
* for a IKE_PROPOSAL
|
||||
*/
|
||||
status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count);
|
||||
|
||||
/**
|
||||
* @brief Destroys an sa_payload_t object.
|
||||
|
@ -100,5 +117,15 @@ struct sa_payload_t {
|
|||
*/
|
||||
sa_payload_t *sa_payload_create();
|
||||
|
||||
/**
|
||||
* @brief Creates a sa_payload_t object from array of ike_proposal_t's.
|
||||
*
|
||||
* @return created sa_payload_t object
|
||||
* @param proposals pointer to first proposal in array of type ike_proposal_t
|
||||
* @param proposal_count number of ike_proposal_t's in array
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
|
||||
|
||||
#endif /*SA_PAYLOAD_H_*/
|
||||
|
|
|
@ -322,3 +322,13 @@ transform_attribute_t *transform_attribute_create()
|
|||
return (&(this->public));
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length)
|
||||
{
|
||||
transform_attribute_t *attribute = transform_attribute_create();
|
||||
attribute->set_attribute_type(attribute,KEY_LENGTH);
|
||||
attribute->set_value(attribute,key_length);
|
||||
return attribute;
|
||||
}
|
||||
|
|
|
@ -132,11 +132,23 @@ struct transform_attribute_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* @brief Creates an empty transform_attribute_t object
|
||||
* @brief Creates an empty transform_attribute_t object.
|
||||
*
|
||||
* @return created transform_attribute_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
transform_attribute_t *transform_attribute_create();
|
||||
|
||||
/**
|
||||
* @brief Creates an transform_attribute_t of type KEY_LENGTH.
|
||||
*
|
||||
* @param key_length key length in bytes
|
||||
* @return created transform_attribute_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length);
|
||||
|
||||
|
||||
#endif /*TRANSFORM_ATTRIBUTE_H_*/
|
||||
|
|
|
@ -448,7 +448,7 @@ static void destroy(private_transform_substructure_t *this)
|
|||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
* Described in header.
|
||||
*/
|
||||
transform_substructure_t *transform_substructure_create()
|
||||
{
|
||||
|
@ -488,3 +488,31 @@ transform_substructure_t *transform_substructure_create()
|
|||
|
||||
return (&(this->public));
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length)
|
||||
{
|
||||
transform_substructure_t *transform = transform_substructure_create();
|
||||
|
||||
transform->set_transform_type(transform,transform_type);
|
||||
transform->set_transform_id(transform,transform_id);
|
||||
|
||||
switch (transform_type)
|
||||
{
|
||||
case ENCRYPTION_ALGORITHM:
|
||||
case PSEUDO_RANDOM_FUNCTION:
|
||||
case INTEGRITY_ALGORITHM:
|
||||
{
|
||||
transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
|
||||
transform->add_transform_attribute(transform,attribute);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
/* no keylength attribute is created */
|
||||
}
|
||||
}
|
||||
return transform;
|
||||
}
|
||||
|
|
|
@ -137,7 +137,7 @@ struct transform_substructure_t {
|
|||
* @brief Sets the next_payload field of this substructure
|
||||
*
|
||||
* If this is the last transform, next payload field is set to 0,
|
||||
* otherwise to 3 (payload type of transform in IKEv1)
|
||||
* otherwise to 3
|
||||
*
|
||||
* @param this calling transform_substructure_t object
|
||||
* @param is_last When TRUE, next payload field is set to 0, otherwise to 3
|
||||
|
@ -213,7 +213,7 @@ struct transform_substructure_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* @brief Creates an empty transform_substructure_t object
|
||||
* @brief Creates an empty transform_substructure_t object.
|
||||
*
|
||||
* @return created transform_substructure_t object
|
||||
*
|
||||
|
@ -221,4 +221,20 @@ struct transform_substructure_t {
|
|||
*/
|
||||
transform_substructure_t *transform_substructure_create();
|
||||
|
||||
/**
|
||||
* @brief Creates an empty transform_substructure_t object.
|
||||
*
|
||||
* The key length is used for the transport types ENCRYPTION_ALGORITHM,
|
||||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
|
||||
* other transport types the key_length parameter is not used
|
||||
*
|
||||
* @return created transform_substructure_t object
|
||||
* @param transform_type type of transform to create
|
||||
* @param transform_id transform id specifying the specific algorithm of a transform type
|
||||
* @param key_length Key length for key lenght attribute
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length);
|
||||
|
||||
#endif /*TRANSFORM_SUBSTRUCTURE_H_*/
|
||||
|
|
|
@ -417,6 +417,8 @@ void test_generator_with_sa_payload(tester_t *tester)
|
|||
transform_attribute_t *attribute1, *attribute2, *attribute3;
|
||||
transform_substructure_t *transform1, *transform2;
|
||||
proposal_substructure_t *proposal1, *proposal2;
|
||||
ike_proposal_t *ike_proposals;
|
||||
size_t ike_proposal_count;
|
||||
sa_payload_t *sa_payload;
|
||||
ike_header_t *ike_header;
|
||||
|
||||
|
@ -429,6 +431,9 @@ void test_generator_with_sa_payload(tester_t *tester)
|
|||
/* create generator */
|
||||
generator = generator_create();
|
||||
tester->assert_true(tester,(generator != NULL), "generator create check");
|
||||
|
||||
/* --------------------------- */
|
||||
/* test first with self created proposals */
|
||||
|
||||
/* create attribute 1 */
|
||||
attribute1 = transform_attribute_create();
|
||||
|
@ -527,7 +532,7 @@ void test_generator_with_sa_payload(tester_t *tester)
|
|||
/* sa payload header */
|
||||
0x00,0x00,0x00,0x44,
|
||||
/* proposal header */
|
||||
0x00,0x00,0x00,0x38,
|
||||
0x02,0x00,0x00,0x38,
|
||||
0x07,0x04,0x08,0x02,
|
||||
/* SPI */
|
||||
0x41,0x42,0x43,0x44,
|
||||
|
@ -560,6 +565,79 @@ void test_generator_with_sa_payload(tester_t *tester)
|
|||
ike_header->destroy(ike_header);
|
||||
sa_payload->destroy(sa_payload);
|
||||
generator->destroy(generator);
|
||||
|
||||
|
||||
/* test with automatic created proposals */
|
||||
|
||||
generator = generator_create();
|
||||
tester->assert_true(tester,(generator != NULL), "generator create check");
|
||||
|
||||
|
||||
ike_proposal_count = 2;
|
||||
ike_proposals = allocator_alloc(ike_proposal_count * (sizeof(ike_proposal_t)));
|
||||
|
||||
ike_proposals[0].encryption_algorithm = 1;
|
||||
ike_proposals[0].encryption_algorithm_key_length = 20;
|
||||
ike_proposals[0].pseudo_random_function = 2;
|
||||
ike_proposals[0].pseudo_random_function_key_length = 22;
|
||||
ike_proposals[0].integrity_algorithm = 3;
|
||||
ike_proposals[0].integrity_algorithm_key_length = 24;
|
||||
ike_proposals[0].diffie_hellman_group = 4;
|
||||
|
||||
ike_proposals[1].encryption_algorithm = 5;
|
||||
ike_proposals[1].encryption_algorithm_key_length = 26;
|
||||
ike_proposals[1].pseudo_random_function = 6;
|
||||
ike_proposals[1].pseudo_random_function_key_length = 28;
|
||||
ike_proposals[1].integrity_algorithm = 7;
|
||||
ike_proposals[1].integrity_algorithm_key_length = 30;
|
||||
ike_proposals[1].diffie_hellman_group = 8;
|
||||
|
||||
sa_payload = sa_payload_create_from_ike_proposals(ike_proposals,ike_proposal_count);
|
||||
tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check");
|
||||
|
||||
generator->generate_payload(generator,(payload_t *)sa_payload);
|
||||
generator->write_to_chunk(generator,&generated_data);
|
||||
logger->log_chunk(logger,RAW,"generated",&generated_data);
|
||||
|
||||
u_int8_t expected_generation2[] = {
|
||||
0x00,0x00,0x00,0x6C, /* payload header*/
|
||||
0x02,0x00,0x00,0x34, /* a proposal */
|
||||
0x01,0x01,0x00,0x04,
|
||||
0x03,0x00,0x00,0x0C, /* transform 1 */
|
||||
0x01,0x00,0x00,0x01,
|
||||
0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 2 */
|
||||
0x02,0x00,0x00,0x02,
|
||||
0x80,0x0E,0x00,0x16, /* keylength attribute with 20 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 3 */
|
||||
0x03,0x00,0x00,0x03,
|
||||
0x80,0x0E,0x00,0x18, /* keylength attribute with 20 bytes length */
|
||||
0x00,0x00,0x00,0x08, /* transform 4 */
|
||||
0x04,0x00,0x00,0x04,
|
||||
0x00,0x00,0x00,0x34, /* a proposal */
|
||||
0x02,0x01,0x00,0x04,
|
||||
0x03,0x00,0x00,0x0C, /* transform 1 */
|
||||
0x01,0x00,0x00,0x05,
|
||||
0x80,0x0E,0x00,0x1A, /* keylength attribute with 16 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 2 */
|
||||
0x02,0x00,0x00,0x06,
|
||||
0x80,0x0E,0x00,0x1C, /* keylength attribute with 16 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 3 */
|
||||
0x03,0x00,0x00,0x07,
|
||||
0x80,0x0E,0x00,0x1E, /* keylength attribute with 16 bytes length */
|
||||
0x00,0x00,0x00,0x08, /* transform 4 */
|
||||
0x04,0x00,0x00,0x08,
|
||||
|
||||
};
|
||||
|
||||
logger->log_bytes(logger,RAW,"expected",expected_generation2,sizeof(expected_generation2));
|
||||
|
||||
tester->assert_true(tester,(memcmp(expected_generation2,generated_data.ptr,sizeof(expected_generation2)) == 0), "compare generated data");
|
||||
|
||||
sa_payload->destroy(sa_payload);
|
||||
allocator_free(ike_proposals);
|
||||
allocator_free_chunk(&generated_data);
|
||||
generator->destroy(generator);
|
||||
|
||||
charon->logger_manager->destroy_logger(charon->logger_manager,logger);
|
||||
|
||||
|
|
|
@ -96,9 +96,13 @@ void test_parser_with_sa_payload(tester_t *tester)
|
|||
parser_t *parser;
|
||||
sa_payload_t *sa_payload;
|
||||
status_t status;
|
||||
chunk_t sa_chunk;
|
||||
chunk_t sa_chunk, sa_chunk2;
|
||||
iterator_t *proposals, *transforms, *attributes;
|
||||
ike_proposal_t *ike_proposals;
|
||||
size_t ike_proposal_count;
|
||||
|
||||
/* first test generic parsing functionality */
|
||||
|
||||
u_int8_t sa_bytes[] = {
|
||||
0x00,0x80,0x00,0x24, /* payload header*/
|
||||
0x00,0x00,0x00,0x20, /* a proposal */
|
||||
|
@ -107,7 +111,7 @@ void test_parser_with_sa_payload(tester_t *tester)
|
|||
0x00,0x00,0x00,0x14, /* transform */
|
||||
0x07,0x00,0x00,0x03,
|
||||
0x80,0x01,0x00,0x05, /* attribute without length */
|
||||
0x00,0x03,0x00,0x04, /* attribute with lenngth */
|
||||
0x00,0x03,0x00,0x04, /* attribute with length */
|
||||
0x01,0x02,0x03,0x04
|
||||
|
||||
|
||||
|
@ -181,6 +185,85 @@ void test_parser_with_sa_payload(tester_t *tester)
|
|||
proposals->destroy(proposals);
|
||||
|
||||
sa_payload->destroy(sa_payload);
|
||||
|
||||
|
||||
|
||||
/* now test SA functionality after parsing an SA payload*/
|
||||
|
||||
u_int8_t sa_bytes2[] = {
|
||||
0x00,0x00,0x00,0x6C, /* payload header*/
|
||||
0x02,0x00,0x00,0x34, /* a proposal */
|
||||
0x01,0x01,0x00,0x04,
|
||||
0x03,0x00,0x00,0x0C, /* transform 1 */
|
||||
0x01,0x00,0x00,0x01,
|
||||
0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 2 */
|
||||
0x02,0x00,0x00,0x01,
|
||||
0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 3 */
|
||||
0x03,0x00,0x00,0x01,
|
||||
0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
|
||||
0x00,0x00,0x00,0x08, /* transform 4 */
|
||||
0x04,0x00,0x00,0x01,
|
||||
0x00,0x00,0x00,0x34, /* a proposal */
|
||||
0x01,0x01,0x00,0x04,
|
||||
0x03,0x00,0x00,0x0C, /* transform 1 */
|
||||
0x01,0x00,0x00,0x02,
|
||||
0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 2 */
|
||||
0x02,0x00,0x00,0x02,
|
||||
0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
|
||||
0x03,0x00,0x00,0x0C, /* transform 3 */
|
||||
0x03,0x00,0x00,0x02,
|
||||
0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
|
||||
0x00,0x00,0x00,0x08, /* transform 4 */
|
||||
0x04,0x00,0x00,0x02,
|
||||
};
|
||||
|
||||
sa_chunk2.ptr = sa_bytes2;
|
||||
sa_chunk2.len = sizeof(sa_bytes2);
|
||||
|
||||
parser = parser_create(sa_chunk2);
|
||||
tester->assert_true(tester,(parser != NULL), "parser create check");
|
||||
status = parser->parse_payload(parser, SECURITY_ASSOCIATION, (payload_t**)&sa_payload);
|
||||
tester->assert_true(tester,(status == SUCCESS),"parse_payload call check");
|
||||
parser->destroy(parser);
|
||||
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
status = sa_payload->payload_interface.verify(&(sa_payload->payload_interface));
|
||||
tester->assert_true(tester,(status == SUCCESS),"verify call check");
|
||||
|
||||
status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals, &ike_proposal_count);
|
||||
tester->assert_true(tester,(status == SUCCESS),"get ike proposals call check");
|
||||
|
||||
tester->assert_true(tester,(ike_proposal_count == 2),"ike proposal count check");
|
||||
tester->assert_true(tester,(ike_proposals[0].encryption_algorithm == 1),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].encryption_algorithm_key_length == 20),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].integrity_algorithm == 1),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].integrity_algorithm_key_length == 20),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].pseudo_random_function == 1),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].pseudo_random_function_key_length == 20),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[0].diffie_hellman_group == 1),"ike proposal content check");
|
||||
|
||||
tester->assert_true(tester,(ike_proposals[1].encryption_algorithm == 2),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].encryption_algorithm_key_length == 16),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].integrity_algorithm == 2),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].integrity_algorithm_key_length == 16),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].pseudo_random_function == 2),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].pseudo_random_function_key_length == 16),"ike proposal content check");
|
||||
tester->assert_true(tester,(ike_proposals[1].diffie_hellman_group == 2),"ike proposal content check");
|
||||
|
||||
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
allocator_free(ike_proposals);
|
||||
}
|
||||
|
||||
sa_payload->destroy(sa_payload);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -210,8 +210,8 @@ int main()
|
|||
|
||||
tester_t *tester = tester_create(test_output, FALSE);
|
||||
|
||||
//tester->perform_tests(tester,all_tests);
|
||||
tester->perform_test(tester,&init_config_test);
|
||||
tester->perform_tests(tester,all_tests);
|
||||
// tester->perform_test(tester,&generator_test5);
|
||||
|
||||
|
||||
tester->destroy(tester);
|
||||
|
|
Loading…
Reference in New Issue