From b737e9d9e8e44b360509cfab36d22170f54af334 Mon Sep 17 00:00:00 2001 From: Jan Hutter Date: Thu, 1 Dec 2005 08:48:57 +0000 Subject: [PATCH] implemented and tested functionality to create sa_payload from ike_proposal_t's and also generate ike_proposal_t's from sa_payload --- Source/charon/config/init_config.h | 8 +- .../encoding/payloads/proposal_substructure.c | 31 ++- .../encoding/payloads/proposal_substructure.h | 33 ++++ Source/charon/encoding/payloads/sa_payload.c | 186 ++++++++++++++++++ Source/charon/encoding/payloads/sa_payload.h | 27 +++ .../encoding/payloads/transform_attribute.c | 10 + .../encoding/payloads/transform_attribute.h | 14 +- .../payloads/transform_substructure.c | 30 ++- .../payloads/transform_substructure.h | 20 +- Source/charon/testcases/generator_test.c | 80 +++++++- Source/charon/testcases/parser_test.c | 87 +++++++- Source/charon/testcases/testcases.c | 4 +- 12 files changed, 518 insertions(+), 12 deletions(-) diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h index 876ead887..7ff46cc54 100644 --- a/Source/charon/config/init_config.h +++ b/Source/charon/config/init_config.h @@ -25,8 +25,11 @@ #include #include -#include #include +#include +#include +#include +#include typedef struct ike_proposal_t ike_proposal_t; @@ -65,11 +68,12 @@ struct ike_proposal_t { u_int16_t pseudo_random_function_key_length; /** - * Diffie hellman group + * Diffie hellman group. */ diffie_hellman_group_t diffie_hellman_group; }; + typedef struct init_config_t init_config_t; /** diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c index 354eedb9e..05b375ef9 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.c +++ b/Source/charon/encoding/payloads/proposal_substructure.c @@ -144,7 +144,7 @@ static status_t verify(private_proposal_substructure_t *this) status_t status = SUCCESS; iterator_t *iterator; - if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != PROPOSAL_SUBSTRUCTURE)) + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2)) { /* must be 0 or 2 */ return FAILED; @@ -250,6 +250,15 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr this->compute_length(this); } +/** + * Implementation of proposal_substructure_t.proposal_substructure_t. + */ +static void set_is_last_proposal (private_proposal_substructure_t *this, bool is_last) +{ + this->next_payload = (is_last) ? 0: PROPOSAL_TYPE_VALUE; +} + + /** * Implementation of proposal_substructure_t.set_proposal_number. */ @@ -373,6 +382,22 @@ static void compute_length (private_proposal_substructure_t *this) } +/** + * Implementation of proposal_substructure_t.get_transform_count. + */ +static size_t get_transform_count (private_proposal_substructure_t *this) +{ + return this->transforms->get_count(this->transforms); +} + +/** + * Implementation of proposal_substructure_t.get_spi_size. + */ +static size_t get_spi_size (private_proposal_substructure_t *this) +{ + return this->spi.len; +} + /** * Implementation of proposal_substructure_t.clone. */ @@ -464,8 +489,12 @@ proposal_substructure_t *proposal_substructure_create() this->public.set_protocol_id = (void (*) (proposal_substructure_t *,u_int8_t))set_protocol_id; this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id; this->public.get_info_for_transform_type = (status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type; + this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal; + this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi; this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi; + this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count; + this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone; this->public.destroy = (void (*) (proposal_substructure_t *)) destroy; diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h index f131cf74c..a2015fbfe 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.h +++ b/Source/charon/encoding/payloads/proposal_substructure.h @@ -28,6 +28,13 @@ #include #include +/** + * IKEv1 Value for a proposal payload. + * + * @ingroup payloads + */ +#define PROPOSAL_TYPE_VALUE 2 + /** * Length of the proposal substructure header * (without spi). @@ -106,6 +113,22 @@ struct proposal_substructure_t { */ u_int8_t (*get_proposal_number) (proposal_substructure_t *this); + /** + * @brief get the number of transforms in current proposal. + * + * @param this calling proposal_substructure_t object + * @return transform count in current proposal + */ + size_t (*get_transform_count) (proposal_substructure_t *this); + + /** + * @brief get size of the set spi in bytes. + * + * @param this calling proposal_substructure_t object + * @return size of the spi in bytes + */ + size_t (*get_spi_size) (proposal_substructure_t *this); + /** * @brief Sets the protocol id of current proposal. * @@ -136,6 +159,16 @@ struct proposal_substructure_t { */ status_t (*get_info_for_transform_type) (proposal_substructure_t *this,transform_type_t type, u_int16_t *transform_id, u_int16_t *key_length); + /** + * @brief Sets the next_payload field of this substructure + * + * If this is the last proposal, next payload field is set to 0, + * otherwise to 2 + * + * @param this calling proposal_substructure_t object + * @param is_last When TRUE, next payload field is set to 0, otherwise to 2 + */ + void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last); /** * @brief Returns the currently set SPI of this proposal. diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index 4054c6fb3..d2aecf875 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -243,10 +243,156 @@ static iterator_t *create_proposal_substructure_iterator (private_sa_payload_t * */ static void add_proposal_substructure (private_sa_payload_t *this,proposal_substructure_t *proposal) { + status_t status; + if (this->proposals->get_count(this->proposals) > 0) + { + proposal_substructure_t *last_proposal; + status = this->proposals->get_last(this->proposals,(void **) &last_proposal); + /* last transform is now not anymore last one */ + last_proposal->set_is_last_proposal(last_proposal,FALSE); + } + proposal->set_is_last_proposal(proposal,TRUE); + this->proposals->insert_last(this->proposals,(void *) proposal); this->compute_length(this); } +/** + * Implementation of sa_payload_t.get_ike_proposals. + */ +static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count) +{ + int found_ike_proposals = 0; + int current_proposal_number = 0; + iterator_t *iterator; + ike_proposal_t *tmp_proposals; + + + iterator = this->proposals->create_iterator(this->proposals,TRUE); + + /* first find out the number of ike proposals and check their number of transforms and + * if the SPI is empty!*/ + while (iterator->has_next(iterator)) + { + proposal_substructure_t *current_proposal; + iterator->current(iterator,(void **)&(current_proposal)); + if (current_proposal->get_protocol_id(current_proposal) == IKE) + { + /* a ike proposal consists of 4 transforms and an empty spi*/ + if ((current_proposal->get_transform_count(current_proposal) != 4) || + (current_proposal->get_spi_size(current_proposal) != 0)) + { + iterator->destroy(iterator); + return FAILED; + } + + found_ike_proposals++; + } + } + iterator->reset(iterator); + + if (found_ike_proposals == 0) + { + iterator->destroy(iterator); + return NOT_FOUND; + } + + /* allocate memory to hold each proposal as ike_proposal_t */ + + tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t)); + + /* create from each proposal_substructure a ike_proposal_t data area*/ + while (iterator->has_next(iterator)) + { + proposal_substructure_t *current_proposal; + iterator->current(iterator,(void **)&(current_proposal)); + if (current_proposal->get_protocol_id(current_proposal) == IKE) + { + bool encryption_algorithm_found = FALSE; + bool integrity_algorithm_found = FALSE; + bool pseudo_random_function_found = FALSE; + bool diffie_hellman_group_found = FALSE; + status_t status; + iterator_t *transforms; + + transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE); + while (transforms->has_next(transforms)) + { + transform_substructure_t *current_transform; + transforms->current(transforms,(void **)&(current_transform)); + + switch (current_transform->get_transform_type(current_transform)) + { + case ENCRYPTION_ALGORITHM: + { + tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform); + status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length)); + if (status == SUCCESS) + { + encryption_algorithm_found = TRUE; + } + break; + } + case INTEGRITY_ALGORITHM: + { + tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform); + status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length)); + if (status == SUCCESS) + { + integrity_algorithm_found = TRUE; + } + break; + } + case PSEUDO_RANDOM_FUNCTION: + { + tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform); + status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length)); + if (status == SUCCESS) + { + pseudo_random_function_found = TRUE; + } + break; + } + case DIFFIE_HELLMAN_GROUP: + { + tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform); + diffie_hellman_group_found = TRUE; + break; + } + default: + { + /* not a transform of an ike proposal. Break here */ + break; + } + } + + } + + transforms->destroy(transforms); + + if ((!encryption_algorithm_found) || + (!integrity_algorithm_found) || + (!pseudo_random_function_found) || + (!diffie_hellman_group_found)) + { + /* one of needed transforms could not be found */ + iterator->reset(iterator); + allocator_free(tmp_proposals); + return FAILED; + } + + current_proposal_number++; + } + } + + iterator->destroy(iterator); + + *proposals = tmp_proposals; + *proposal_count = found_ike_proposals; + + return SUCCESS; +} + /** * Implementation of private_sa_payload_t.compute_length. */ @@ -285,6 +431,7 @@ sa_payload_t *sa_payload_create() /* public functions */ this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator; this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; + this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals; this->public.destroy = (void (*) (sa_payload_t *)) destroy; /* private functions */ @@ -299,4 +446,43 @@ sa_payload_t *sa_payload_create() return (&(this->public)); } +/* + * Described in header. + */ +sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count) +{ + int i; + sa_payload_t *sa_payload= sa_payload_create(); + + for (i = 0; i < proposal_count; i++) + { + proposal_substructure_t *proposal_substructure; + transform_substructure_t *encryption_algorithm; + transform_substructure_t *integrity_algorithm; + transform_substructure_t *pseudo_random_function; + transform_substructure_t *diffie_hellman_group; + + /* create proposal substructure */ + proposal_substructure = proposal_substructure_create(); + proposal_substructure->set_protocol_id(proposal_substructure,IKE); + proposal_substructure->set_proposal_number(proposal_substructure,(i + 1)); + /* create transform substructures to hold each specific transform for an ike proposal */ + encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length); + proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm); + + pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length); + proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function); + + integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length); + proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm); + + diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0); + proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group); + + /* add proposal to sa payload */ + sa_payload->add_proposal_substructure(sa_payload,proposal_substructure); + } + + return sa_payload; +} diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index dbd0bd1c3..ad450b356 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -27,6 +27,7 @@ #include #include #include +#include /** * Critical flag must not be set. @@ -82,6 +83,22 @@ struct sa_payload_t { * @param proposal proposal_substructure_t object to add */ void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal); + + /** + * Creates an array of ike_proposal_t's in this SA payload. + * + * An IKE proposal consist of transform of type ENCRYPTION_ALGORITHM, + * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM and DIFFIE_HELLMAN_GROUP + * + * @param proposals the pointer to the first entry of ike_proposal_t's is set + * @param proposal_count the number of found proposals is written at this location + * @return + * - SUCCESS if an IKE proposal could be found + * - NOT_FOUND if no IKE proposal could be found + * - FAILED if a proposal does not contain all needed transforms + * for a IKE_PROPOSAL + */ + status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count); /** * @brief Destroys an sa_payload_t object. @@ -100,5 +117,15 @@ struct sa_payload_t { */ sa_payload_t *sa_payload_create(); +/** + * @brief Creates a sa_payload_t object from array of ike_proposal_t's. + * + * @return created sa_payload_t object + * @param proposals pointer to first proposal in array of type ike_proposal_t + * @param proposal_count number of ike_proposal_t's in array + * + * @ingroup payloads + */ +sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count); #endif /*SA_PAYLOAD_H_*/ diff --git a/Source/charon/encoding/payloads/transform_attribute.c b/Source/charon/encoding/payloads/transform_attribute.c index c85895fc6..9f9d82924 100644 --- a/Source/charon/encoding/payloads/transform_attribute.c +++ b/Source/charon/encoding/payloads/transform_attribute.c @@ -322,3 +322,13 @@ transform_attribute_t *transform_attribute_create() return (&(this->public)); } +/* + * Described in header. + */ +transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length) +{ + transform_attribute_t *attribute = transform_attribute_create(); + attribute->set_attribute_type(attribute,KEY_LENGTH); + attribute->set_value(attribute,key_length); + return attribute; +} diff --git a/Source/charon/encoding/payloads/transform_attribute.h b/Source/charon/encoding/payloads/transform_attribute.h index 8a0deb765..5820932e2 100644 --- a/Source/charon/encoding/payloads/transform_attribute.h +++ b/Source/charon/encoding/payloads/transform_attribute.h @@ -132,11 +132,23 @@ struct transform_attribute_t { }; /** - * @brief Creates an empty transform_attribute_t object + * @brief Creates an empty transform_attribute_t object. * * @return created transform_attribute_t object + * * @ingroup payloads */ transform_attribute_t *transform_attribute_create(); +/** + * @brief Creates an transform_attribute_t of type KEY_LENGTH. + * + * @param key_length key length in bytes + * @return created transform_attribute_t object + * + * @ingroup payloads + */ +transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length); + + #endif /*TRANSFORM_ATTRIBUTE_H_*/ diff --git a/Source/charon/encoding/payloads/transform_substructure.c b/Source/charon/encoding/payloads/transform_substructure.c index 3c91b257c..99af36c8d 100644 --- a/Source/charon/encoding/payloads/transform_substructure.c +++ b/Source/charon/encoding/payloads/transform_substructure.c @@ -448,7 +448,7 @@ static void destroy(private_transform_substructure_t *this) } /* - * Described in header + * Described in header. */ transform_substructure_t *transform_substructure_create() { @@ -488,3 +488,31 @@ transform_substructure_t *transform_substructure_create() return (&(this->public)); } + +/* + * Described in header + */ +transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length) +{ + transform_substructure_t *transform = transform_substructure_create(); + + transform->set_transform_type(transform,transform_type); + transform->set_transform_id(transform,transform_id); + + switch (transform_type) + { + case ENCRYPTION_ALGORITHM: + case PSEUDO_RANDOM_FUNCTION: + case INTEGRITY_ALGORITHM: + { + transform_attribute_t *attribute = transform_attribute_create_key_length(key_length); + transform->add_transform_attribute(transform,attribute); + break; + } + default: + { + /* no keylength attribute is created */ + } + } + return transform; +} diff --git a/Source/charon/encoding/payloads/transform_substructure.h b/Source/charon/encoding/payloads/transform_substructure.h index ac8684cc1..6671dbc7b 100644 --- a/Source/charon/encoding/payloads/transform_substructure.h +++ b/Source/charon/encoding/payloads/transform_substructure.h @@ -137,7 +137,7 @@ struct transform_substructure_t { * @brief Sets the next_payload field of this substructure * * If this is the last transform, next payload field is set to 0, - * otherwise to 3 (payload type of transform in IKEv1) + * otherwise to 3 * * @param this calling transform_substructure_t object * @param is_last When TRUE, next payload field is set to 0, otherwise to 3 @@ -213,7 +213,7 @@ struct transform_substructure_t { }; /** - * @brief Creates an empty transform_substructure_t object + * @brief Creates an empty transform_substructure_t object. * * @return created transform_substructure_t object * @@ -221,4 +221,20 @@ struct transform_substructure_t { */ transform_substructure_t *transform_substructure_create(); +/** + * @brief Creates an empty transform_substructure_t object. + * + * The key length is used for the transport types ENCRYPTION_ALGORITHM, + * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all + * other transport types the key_length parameter is not used + * + * @return created transform_substructure_t object + * @param transform_type type of transform to create + * @param transform_id transform id specifying the specific algorithm of a transform type + * @param key_length Key length for key lenght attribute + * + * @ingroup payloads + */ +transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length); + #endif /*TRANSFORM_SUBSTRUCTURE_H_*/ diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c index 6f13eecea..1df430a82 100644 --- a/Source/charon/testcases/generator_test.c +++ b/Source/charon/testcases/generator_test.c @@ -417,6 +417,8 @@ void test_generator_with_sa_payload(tester_t *tester) transform_attribute_t *attribute1, *attribute2, *attribute3; transform_substructure_t *transform1, *transform2; proposal_substructure_t *proposal1, *proposal2; + ike_proposal_t *ike_proposals; + size_t ike_proposal_count; sa_payload_t *sa_payload; ike_header_t *ike_header; @@ -429,6 +431,9 @@ void test_generator_with_sa_payload(tester_t *tester) /* create generator */ generator = generator_create(); tester->assert_true(tester,(generator != NULL), "generator create check"); + + /* --------------------------- */ + /* test first with self created proposals */ /* create attribute 1 */ attribute1 = transform_attribute_create(); @@ -527,7 +532,7 @@ void test_generator_with_sa_payload(tester_t *tester) /* sa payload header */ 0x00,0x00,0x00,0x44, /* proposal header */ - 0x00,0x00,0x00,0x38, + 0x02,0x00,0x00,0x38, 0x07,0x04,0x08,0x02, /* SPI */ 0x41,0x42,0x43,0x44, @@ -560,6 +565,79 @@ void test_generator_with_sa_payload(tester_t *tester) ike_header->destroy(ike_header); sa_payload->destroy(sa_payload); generator->destroy(generator); + + + /* test with automatic created proposals */ + + generator = generator_create(); + tester->assert_true(tester,(generator != NULL), "generator create check"); + + + ike_proposal_count = 2; + ike_proposals = allocator_alloc(ike_proposal_count * (sizeof(ike_proposal_t))); + + ike_proposals[0].encryption_algorithm = 1; + ike_proposals[0].encryption_algorithm_key_length = 20; + ike_proposals[0].pseudo_random_function = 2; + ike_proposals[0].pseudo_random_function_key_length = 22; + ike_proposals[0].integrity_algorithm = 3; + ike_proposals[0].integrity_algorithm_key_length = 24; + ike_proposals[0].diffie_hellman_group = 4; + + ike_proposals[1].encryption_algorithm = 5; + ike_proposals[1].encryption_algorithm_key_length = 26; + ike_proposals[1].pseudo_random_function = 6; + ike_proposals[1].pseudo_random_function_key_length = 28; + ike_proposals[1].integrity_algorithm = 7; + ike_proposals[1].integrity_algorithm_key_length = 30; + ike_proposals[1].diffie_hellman_group = 8; + + sa_payload = sa_payload_create_from_ike_proposals(ike_proposals,ike_proposal_count); + tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check"); + + generator->generate_payload(generator,(payload_t *)sa_payload); + generator->write_to_chunk(generator,&generated_data); + logger->log_chunk(logger,RAW,"generated",&generated_data); + + u_int8_t expected_generation2[] = { + 0x00,0x00,0x00,0x6C, /* payload header*/ + 0x02,0x00,0x00,0x34, /* a proposal */ + 0x01,0x01,0x00,0x04, + 0x03,0x00,0x00,0x0C, /* transform 1 */ + 0x01,0x00,0x00,0x01, + 0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 2 */ + 0x02,0x00,0x00,0x02, + 0x80,0x0E,0x00,0x16, /* keylength attribute with 20 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 3 */ + 0x03,0x00,0x00,0x03, + 0x80,0x0E,0x00,0x18, /* keylength attribute with 20 bytes length */ + 0x00,0x00,0x00,0x08, /* transform 4 */ + 0x04,0x00,0x00,0x04, + 0x00,0x00,0x00,0x34, /* a proposal */ + 0x02,0x01,0x00,0x04, + 0x03,0x00,0x00,0x0C, /* transform 1 */ + 0x01,0x00,0x00,0x05, + 0x80,0x0E,0x00,0x1A, /* keylength attribute with 16 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 2 */ + 0x02,0x00,0x00,0x06, + 0x80,0x0E,0x00,0x1C, /* keylength attribute with 16 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 3 */ + 0x03,0x00,0x00,0x07, + 0x80,0x0E,0x00,0x1E, /* keylength attribute with 16 bytes length */ + 0x00,0x00,0x00,0x08, /* transform 4 */ + 0x04,0x00,0x00,0x08, + + }; + + logger->log_bytes(logger,RAW,"expected",expected_generation2,sizeof(expected_generation2)); + + tester->assert_true(tester,(memcmp(expected_generation2,generated_data.ptr,sizeof(expected_generation2)) == 0), "compare generated data"); + + sa_payload->destroy(sa_payload); + allocator_free(ike_proposals); + allocator_free_chunk(&generated_data); + generator->destroy(generator); charon->logger_manager->destroy_logger(charon->logger_manager,logger); diff --git a/Source/charon/testcases/parser_test.c b/Source/charon/testcases/parser_test.c index f6f0fb202..b873306d8 100644 --- a/Source/charon/testcases/parser_test.c +++ b/Source/charon/testcases/parser_test.c @@ -96,9 +96,13 @@ void test_parser_with_sa_payload(tester_t *tester) parser_t *parser; sa_payload_t *sa_payload; status_t status; - chunk_t sa_chunk; + chunk_t sa_chunk, sa_chunk2; iterator_t *proposals, *transforms, *attributes; + ike_proposal_t *ike_proposals; + size_t ike_proposal_count; + /* first test generic parsing functionality */ + u_int8_t sa_bytes[] = { 0x00,0x80,0x00,0x24, /* payload header*/ 0x00,0x00,0x00,0x20, /* a proposal */ @@ -107,7 +111,7 @@ void test_parser_with_sa_payload(tester_t *tester) 0x00,0x00,0x00,0x14, /* transform */ 0x07,0x00,0x00,0x03, 0x80,0x01,0x00,0x05, /* attribute without length */ - 0x00,0x03,0x00,0x04, /* attribute with lenngth */ + 0x00,0x03,0x00,0x04, /* attribute with length */ 0x01,0x02,0x03,0x04 @@ -181,6 +185,85 @@ void test_parser_with_sa_payload(tester_t *tester) proposals->destroy(proposals); sa_payload->destroy(sa_payload); + + + + /* now test SA functionality after parsing an SA payload*/ + + u_int8_t sa_bytes2[] = { + 0x00,0x00,0x00,0x6C, /* payload header*/ + 0x02,0x00,0x00,0x34, /* a proposal */ + 0x01,0x01,0x00,0x04, + 0x03,0x00,0x00,0x0C, /* transform 1 */ + 0x01,0x00,0x00,0x01, + 0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 2 */ + 0x02,0x00,0x00,0x01, + 0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 3 */ + 0x03,0x00,0x00,0x01, + 0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */ + 0x00,0x00,0x00,0x08, /* transform 4 */ + 0x04,0x00,0x00,0x01, + 0x00,0x00,0x00,0x34, /* a proposal */ + 0x01,0x01,0x00,0x04, + 0x03,0x00,0x00,0x0C, /* transform 1 */ + 0x01,0x00,0x00,0x02, + 0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 2 */ + 0x02,0x00,0x00,0x02, + 0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */ + 0x03,0x00,0x00,0x0C, /* transform 3 */ + 0x03,0x00,0x00,0x02, + 0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */ + 0x00,0x00,0x00,0x08, /* transform 4 */ + 0x04,0x00,0x00,0x02, + }; + + sa_chunk2.ptr = sa_bytes2; + sa_chunk2.len = sizeof(sa_bytes2); + + parser = parser_create(sa_chunk2); + tester->assert_true(tester,(parser != NULL), "parser create check"); + status = parser->parse_payload(parser, SECURITY_ASSOCIATION, (payload_t**)&sa_payload); + tester->assert_true(tester,(status == SUCCESS),"parse_payload call check"); + parser->destroy(parser); + + if (status != SUCCESS) + { + return; + } + + status = sa_payload->payload_interface.verify(&(sa_payload->payload_interface)); + tester->assert_true(tester,(status == SUCCESS),"verify call check"); + + status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals, &ike_proposal_count); + tester->assert_true(tester,(status == SUCCESS),"get ike proposals call check"); + + tester->assert_true(tester,(ike_proposal_count == 2),"ike proposal count check"); + tester->assert_true(tester,(ike_proposals[0].encryption_algorithm == 1),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].encryption_algorithm_key_length == 20),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].integrity_algorithm == 1),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].integrity_algorithm_key_length == 20),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].pseudo_random_function == 1),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].pseudo_random_function_key_length == 20),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[0].diffie_hellman_group == 1),"ike proposal content check"); + + tester->assert_true(tester,(ike_proposals[1].encryption_algorithm == 2),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].encryption_algorithm_key_length == 16),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].integrity_algorithm == 2),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].integrity_algorithm_key_length == 16),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].pseudo_random_function == 2),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].pseudo_random_function_key_length == 16),"ike proposal content check"); + tester->assert_true(tester,(ike_proposals[1].diffie_hellman_group == 2),"ike proposal content check"); + + + if (status == SUCCESS) + { + allocator_free(ike_proposals); + } + + sa_payload->destroy(sa_payload); } /* diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index 45aa4772c..4ec6834bb 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -210,8 +210,8 @@ int main() tester_t *tester = tester_create(test_output, FALSE); - //tester->perform_tests(tester,all_tests); - tester->perform_test(tester,&init_config_test); + tester->perform_tests(tester,all_tests); +// tester->perform_test(tester,&generator_test5); tester->destroy(tester);