ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
15,356 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

56 Commits

Author SHA1 Message Date
Tobias Brunner a6d7aed78a libcharon: Add exchange_tests to .gitignore 2016-07-25 14:01:26 +02:00
Tobias Brunner 5435a9a062 unit-tests: Add tests for expires after CHILD_SA rekeying 2016-06-17 18:48:08 +02:00
Tobias Brunner d707a19733 unit-tests: Add test for CHILD_SA rekey if a retry due to an INVALID_KE_PAYLOAD is delayed 2016-06-17 18:48:08 +02:00
Tobias Brunner b4f24ac0f6 unit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creation 2016-06-17 18:48:08 +02:00
Tobias Brunner 46cbdcace9 unit-tests: Add tests for IKE rekeying if INVALID_KE_PAYLOAD notifies are received 2016-06-17 18:48:07 +02:00
Tobias Brunner aae9510148 proposal: Handle MODP_NONE in both directions when selecting proposals 2016-06-17 18:48:07 +02:00
Tobias Brunner 2e33d1f9ae unit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is delayed 2016-06-17 18:48:06 +02:00
Tobias Brunner 566134b25a unit-tests: Add tests for IKE_SA rekeying if collision is not detected by one peer 2016-06-17 18:48:06 +02:00
Tobias Brunner 0a2cad40a6 unit-tests: Add tests for IKE/CHILD delete collisions 2016-06-17 18:48:06 +02:00
Tobias Brunner 7b3eccfff4 unit-tests: Add tests for IKE/CHILD rekey collisions 2016-06-17 18:48:05 +02:00
Tobias Brunner 7015994a94 unit-tests: Add tests for collisions between IKE_SA rekeying and deletion 2016-06-17 18:48:05 +02:00
Tobias Brunner 72c295df5b unit-tests: Add tests for IKE SA deletion 2016-06-17 18:48:05 +02:00
Tobias Brunner 40d9a4c892 unit-tests: Only deliver messages to the SA they are addressed to 2016-06-17 18:48:05 +02:00
Tobias Brunner 498a46d22f unit-tests: Add test for simple IKE rekey collision 2016-06-17 18:48:05 +02:00
Tobias Brunner bb3899739d ikev2: Add a new state to track rekeyed IKE_SAs 
This makes handling such IKE_SAs more specifically compared to keeping them
in state IKE_CONNECTING or IKE_ESTABLISHED (which we did when we lost a
collision - even triggering the ike_updown event), or using IKE_REKEYING for
them, which would also be ambiguous.

For instance, we can now reject anything but DELETES for such SAs.
 2016-06-17 18:48:05 +02:00
Tobias Brunner b5695bbffc unit-tests: Add tests for IKE_SA rekeying 2016-06-17 18:48:04 +02:00
Tobias Brunner d7b3ee6cca unit-tests: Add asserts against IKE_SAs 2016-06-17 18:48:04 +02:00
Tobias Brunner 735bd4ca14 unit-tests: Make sure to flush the IKE_SA manager before destroying the sender 
As the static plugin that creates and destroys the default sender was
not initialized because of the missing socket the daemon won't destroy
our sender.  Test cases will eventually have to flush the IKE_SA manager to
satisfy the leak detective.  However, in case of a test failure and if there
are IKE_SAs in the manager the daemon will flush the SAs when deinitializing,
which will cause deletes to get sent.  This crashes if the sender is already
destroyed.
 2016-06-17 18:48:04 +02:00
Tobias Brunner b76c1decd4 unit-tests: Return status from process_message() 2016-06-17 18:48:04 +02:00
Tobias Brunner 7c6e0c2979 unit-tests: Use wrapper for add_listener in bus_t related asserts 2016-06-17 18:48:04 +02:00
Tobias Brunner 5d10ef316d unit-tests: Provide a wrapper around bus_t::add_listener and unregister them during cleanup 
In case listeners on the stack are triggered while cleaning up after a
test failed (e.g. via ike_sa_manager_t::flush) remaining listeners defined on
the stack would cause a segmentation fault.
 2016-06-17 18:48:04 +02:00
Tobias Brunner b6a3c444e4 unit-tests: Add tests where a peer is not aware of a CHILD_SA rekey collision 2016-06-17 18:48:04 +02:00
Tobias Brunner f97bac5594 unit-tests: Test for rekeying if INVALID_KE_PAYLOAD notifies are received 2016-06-17 18:48:03 +02:00
Tobias Brunner 557e262f04 unit-tests: Make IKE and ESP proposals configurable 2016-06-17 18:48:03 +02:00
Tobias Brunner 42af3b4cce unit-tests: Add tests for CHILD_SA rekeying/deletion collisions 2016-06-17 18:48:03 +02:00
Tobias Brunner 62a2567b06 unit-tests: Add asserts against job scheduling 2016-06-17 18:48:03 +02:00
Tobias Brunner cdbf942889 ikev2: Use CHILD_REKEYED for replaced CHILD_SAs after rekeying 
This allows handling collisions better, in particular with deletions.
 2016-06-17 18:48:03 +02:00
Tobias Brunner b79beba518 unit-tests: Add asserts against task queues of IKE_SAs 2016-06-17 18:48:03 +02:00
Tobias Brunner fa098aa97c unit-tests: Add unit tests for basic CHILD_SA rekeying 2016-06-17 18:48:02 +02:00
Tobias Brunner 14588d99a4 unit-tests: Add asserts against ike|child_rekey hooks 2016-06-17 18:48:02 +02:00
Tobias Brunner 5d7f03dcaa unit-tests: Match in and outbound SPIs in SA asserts 
Since we use unique sequential SPIs that should be OK.
 2016-06-17 18:48:02 +02:00
Tobias Brunner dda5aab0f4 unit-tests: Register nonce generator and make first nonce byte configurable 2016-06-17 18:48:02 +02:00
Tobias Brunner c1289eb578 unit-tests: Add mock nonce generator 
We don't make the full nonces configurable but only the first byte,
which should be enough to force a nonce to be smaller than others.
 2016-06-17 18:48:02 +02:00
Tobias Brunner fbb0b3cb0a unit-tests: Make message asserts more flexible 2016-06-17 18:48:02 +02:00
Tobias Brunner 32cfe1e00c unit-tests: Add another CHILD_SA delete collision 2016-06-17 18:48:02 +02:00
Tobias Brunner 7e5424868d unit-tests: Register mock DH implementation as static plugin feature 2016-06-17 18:48:02 +02:00
Tobias Brunner 1f73a74be0 unit-tests: Add mock DH implementation that's basically a noop 
If the openssl plugin is built DH isn't that much of an overhead as
ecp256 is used, but the default MODP group is now modp3072.
 2016-06-17 18:48:01 +02:00
Tobias Brunner 29f1637b9a unit-tests: Make IKE SPIs predictable 2016-06-17 18:48:01 +02:00
Tobias Brunner 5d97e5c30f unit-tests: Call methods on IKE_SAs in their context 2016-06-17 18:48:01 +02:00
Tobias Brunner 33e2620b8c unit-tests: Add a unit test for CHILD_SA DELETE collisions 2016-06-17 18:48:01 +02:00
Tobias Brunner 632ba2a21e unit-tests: Add asserts against hooks on listener_t and messages captured there 2016-06-17 18:48:01 +02:00
Tobias Brunner 735b0cdd01 unit-tests: Add asserts against SAs (e.g. their states) 2016-06-17 18:48:01 +02:00
Tobias Brunner d3c4d55391 unit-tests: Add separate test runner to test IKEv2 exchanges 
This allows proper initialization of the daemon and the helper object.
 2016-06-17 18:48:01 +02:00
Tobias Brunner c7f5259cde unit-tests: Add helper class/object to test IKE exchanges 2016-06-17 18:48:01 +02:00
Tobias Brunner 7a5dd544f6 unit-tests: Add mock kernel_ipsec_t implementation for unit tests 
Provides predictable sequential SPIs.
 2016-06-17 18:48:01 +02:00
Tobias Brunner 87539617f1 unit-tests: Add mock sender_t implementation for unit testing 
This allows to retrieve packets sent by an IKE_SA and pass it to another
IKE_SA directly via process_message().
 2016-06-17 18:48:01 +02:00
Tobias Brunner 3b50e6fc3e unit-tests: Don't unload plugins before calling libcharon_deinit() 
libcharon_deinit() already calls all the functions we called manually.
Unloading the plugins will not work if charon->initialize() is called
as charon's static plugin features would already be unloaded before the
destroyed members are accessed in destroy() to flush them.
 2016-06-17 18:48:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 28649f6d91 libhydra: Remove empty unused library 2016-03-03 17:36:11 +01:00
Tobias Brunner 834bf7ca5f ike-cfg: Add unit tests for ike_cfg_get_family() helper 2015-07-27 12:08:45 +02:00