1216 lines
40 KiB
C
1216 lines
40 KiB
C
/*
|
|
* Copyright (C) 2013-2015 Tobias Brunner
|
|
* Copyright (C) 2016 Andreas Steffen
|
|
* Copyright (C) 2009 Martin Willi
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include "test_suite.h"
|
|
|
|
#include <utils/identification.h>
|
|
|
|
/*******************************************************************************
|
|
* create (_from_encoding, _from_data, _from_string, _from_sockaddr)
|
|
*/
|
|
|
|
START_TEST(test_from_encoding)
|
|
{
|
|
identification_t *a;
|
|
chunk_t expected, encoding;
|
|
|
|
/* only ID_ANY is handled differently, for all other types the following
|
|
* applies. should we perhaps test that this is in fact the case? */
|
|
expected = chunk_from_str("moon@strongswan.org");
|
|
a = identification_create_from_encoding(ID_RFC822_ADDR, expected);
|
|
ck_assert(ID_RFC822_ADDR == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(expected.ptr != encoding.ptr);
|
|
ck_assert(chunk_equals(expected, encoding));
|
|
a->destroy(a);
|
|
|
|
a = identification_create_from_encoding(ID_ANY, expected);
|
|
ck_assert(ID_ANY == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(encoding.ptr == NULL);
|
|
ck_assert(encoding.len == 0);
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_from_data)
|
|
{
|
|
identification_t *a;
|
|
chunk_t expected, encoding;
|
|
|
|
/* this uses the DN parser (C=CH) */
|
|
expected = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
|
|
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48);
|
|
a = identification_create_from_data(expected);
|
|
ck_assert(ID_DER_ASN1_DN == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(expected.ptr != encoding.ptr);
|
|
ck_assert(chunk_equals(expected, encoding));
|
|
a->destroy(a);
|
|
|
|
/* everything else is handled by the string parser */
|
|
expected = chunk_from_str("moon@strongswan.org");
|
|
a = identification_create_from_data(expected);
|
|
ck_assert(ID_RFC822_ADDR == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(expected.ptr != encoding.ptr);
|
|
ck_assert(chunk_equals(expected, encoding));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_from_sockaddr)
|
|
{
|
|
identification_t *a;
|
|
chunk_t expected, encoding;
|
|
struct sockaddr_in in = {
|
|
.sin_family = AF_INET,
|
|
};
|
|
struct sockaddr_in6 in6 = {
|
|
.sin6_family = AF_INET6,
|
|
};
|
|
|
|
expected = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01);
|
|
memcpy(&in.sin_addr, expected.ptr, sizeof(in.sin_addr));
|
|
a = identification_create_from_sockaddr((sockaddr_t*)&in);
|
|
ck_assert(ID_IPV4_ADDR == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(chunk_equals(expected, encoding));
|
|
a->destroy(a);
|
|
|
|
expected = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
|
|
memcpy(&in6.sin6_addr, expected.ptr, sizeof(in6.sin6_addr));
|
|
a = identification_create_from_sockaddr((sockaddr_t*)&in6);
|
|
ck_assert(ID_IPV6_ADDR == a->get_type(a));
|
|
encoding = a->get_encoding(a);
|
|
ck_assert(chunk_equals(expected, encoding));
|
|
a->destroy(a);
|
|
|
|
in6.sin6_family = AF_UNSPEC;
|
|
a = identification_create_from_sockaddr((sockaddr_t*)&in6);
|
|
ck_assert(ID_ANY == a->get_type(a));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
static struct {
|
|
char *id;
|
|
id_type_t type;
|
|
struct {
|
|
enum {
|
|
ENC_CHUNK,
|
|
ENC_STRING,
|
|
ENC_SIMPLE,
|
|
} type;
|
|
union {
|
|
chunk_t c;
|
|
char *s;
|
|
} data;
|
|
} result;
|
|
} string_data[] = {
|
|
{NULL, ID_ANY, { .type = ENC_CHUNK }},
|
|
{"", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"%any", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"%any6", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"0::0", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"::", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"*", ID_ANY, { .type = ENC_CHUNK }},
|
|
{"any", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"any6", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"0", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"**", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
|
|
{"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{".", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"192.168.1.1/33", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"192.168.1.1/32", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01,0xff,0xff,0xff,0xff) }},
|
|
{"192.168.1.1/31", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0xfe) }},
|
|
{"192.168.1.8/30", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x08,0xff,0xff,0xff,0xfc) }},
|
|
{"192.168.1.128/25", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x80,0xff,0xff,0xff,0x80) }},
|
|
{"192.168.1.0/24", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0x00) }},
|
|
{"192.168.1.0/23", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x00,0x00,0xff,0xff,0xfe,0x00) }},
|
|
{"192.168.4.0/22", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x04,0x00,0xff,0xff,0xfc,0x00) }},
|
|
{"0.0.0.0/0", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
|
|
{"192.168.1.0-192.168.1.40",ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xc0,0xa8,0x01,0x28) }},
|
|
{"0.0.0.0-255.255.255.255", ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff) }},
|
|
{"192.168.1.40-192.168.1.0",ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
|
|
{"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
|
|
{"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{":", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"fec0::1/129", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"fec0::1/128", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff ) }},
|
|
{"fec0::1/127", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe ) }},
|
|
{"fec0::4/126", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfc ) }},
|
|
{"fec0::100/120", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
|
|
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00 ) }},
|
|
{"::/0", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ) }},
|
|
{"fec0::1-fec0::4fff", ID_IPV6_ADDR_RANGE, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
|
|
0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff ) }},
|
|
{"fec0::4fff-fec0::1", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"fec0::1-", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
|
|
{"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
|
|
{"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
|
|
{"alice", ID_FQDN, { .type = ENC_SIMPLE }},
|
|
{"@", ID_FQDN, { .type = ENC_CHUNK }},
|
|
{" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
|
|
{"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
|
|
.data.s = "strongswan.org" }},
|
|
{"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xde,0xad,0xbe,0xef) }},
|
|
{"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x0d,0xea,0xdb,0xee) }},
|
|
{"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x30,0x0b,0x31,0x09,0x30,0x07,0x06,
|
|
0x03,0x55,0x04,0x06,0x13,0x00) }},
|
|
{"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
|
|
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
|
|
{"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
|
|
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
|
|
{"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
|
|
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
|
|
{"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
|
|
{"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
|
|
{ "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
|
|
.data.s = "tester" }},
|
|
{"xmppaddr:bob@strongswan.org", ID_DER_ASN1_GN, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xa0,0x20,0x06,0x08,0x2b,0x06,0x01,0x05,
|
|
0x05,0x07,0x08,0x05,0xa0,0x14,0x0c,0x12,
|
|
0x62,0x6f,0x62,0x40,0x73,0x74,0x72,0x6f,
|
|
0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,
|
|
0x72,0x67) }},
|
|
{ "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
|
|
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
|
|
{ "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
|
|
.data.s = "tester" }},
|
|
{ "{99}:somedata", 99, { .type = ENC_STRING,
|
|
.data.s = "somedata" }},
|
|
};
|
|
|
|
START_TEST(test_from_string)
|
|
{
|
|
identification_t *a;
|
|
chunk_t encoding, expected = chunk_empty;
|
|
char *id;
|
|
|
|
id = string_data[_i].id;
|
|
a = identification_create_from_string(id);
|
|
fail_unless(a->get_type(a) == string_data[_i].type,
|
|
"type of id '%s' is %N, %N expected", id,
|
|
id_type_names, a->get_type(a),
|
|
id_type_names, string_data[_i].type);
|
|
|
|
encoding = a->get_encoding(a);
|
|
switch (string_data[_i].result.type)
|
|
{
|
|
case ENC_SIMPLE:
|
|
expected = chunk_from_str(string_data[_i].id);
|
|
break;
|
|
case ENC_STRING:
|
|
expected = chunk_from_str(string_data[_i].result.data.s);
|
|
break;
|
|
case ENC_CHUNK:
|
|
expected = string_data[_i].result.data.c;
|
|
break;
|
|
default:
|
|
fail("unexpected result type");
|
|
}
|
|
|
|
ck_assert(!id || (char*)encoding.ptr != id);
|
|
if (expected.ptr)
|
|
{
|
|
fail_unless(chunk_equals(encoding, expected),
|
|
"parsing '%s' failed\nencoding %B\nexpected %B\n",
|
|
id, &encoding, &expected);
|
|
}
|
|
else
|
|
{
|
|
ck_assert(encoding.ptr == NULL);
|
|
ck_assert(encoding.len == 0);
|
|
}
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* printf_hook
|
|
*/
|
|
|
|
static void string_equals(char *a_str, char *b_str)
|
|
{
|
|
identification_t *b;
|
|
char buf[128];
|
|
|
|
b = b_str ? identification_create_from_string(b_str) : NULL;
|
|
snprintf(buf, sizeof(buf), "%Y", b);
|
|
DESTROY_IF(b);
|
|
ck_assert_str_eq(a_str, buf);
|
|
}
|
|
|
|
static void string_equals_id(char *a_str, identification_t *b)
|
|
{
|
|
char buf[128];
|
|
|
|
snprintf(buf, sizeof(buf), "%Y", b);
|
|
DESTROY_IF(b);
|
|
ck_assert_str_eq(a_str, buf);
|
|
}
|
|
|
|
START_TEST(test_printf_hook)
|
|
{
|
|
string_equals("(null)", NULL);
|
|
string_equals("%any", "");
|
|
string_equals("%any", "%any");
|
|
string_equals("%any", "*");
|
|
|
|
string_equals("192.168.1.1", "192.168.1.1");
|
|
string_equals_id("(invalid ID_IPV4_ADDR)",
|
|
identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
|
|
string_equals("192.168.1.1/32", "192.168.1.1/32");
|
|
string_equals("192.168.1.2/31", "192.168.1.2/31");
|
|
string_equals("192.168.1.0/24", "192.168.1.0/24");
|
|
string_equals("192.168.2.0/23", "192.168.2.0/23");
|
|
string_equals("0.0.0.0/0", "0.0.0.0/0");
|
|
string_equals_id("(invalid ID_IPV4_ADDR_SUBNET)",
|
|
identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty));
|
|
string_equals("192.168.1.1-192.168.1.254", "192.168.1.1-192.168.1.254");
|
|
string_equals("0.0.0.0-255.255.255.255", "0.0.0.0-255.255.255.255");
|
|
string_equals_id("(invalid ID_IPV4_ADDR_RANGE)",
|
|
identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty));
|
|
string_equals("fec0::1", "fec0::1");
|
|
string_equals("fec0::1", "fec0:0:0::1");
|
|
string_equals_id("(invalid ID_IPV6_ADDR)",
|
|
identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
|
|
string_equals("fec0::1/128", "fec0::1/128");
|
|
string_equals("fec0::2/127", "fec0::2/127");
|
|
string_equals("fec0::100/120", "fec0::100/120");
|
|
string_equals("::/0", "::/0");
|
|
string_equals_id("(invalid ID_IPV6_ADDR_SUBNET)",
|
|
identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty));
|
|
string_equals("fec0::1-fec0::4fff", "fec0::1-fec0::4fff");
|
|
string_equals_id("(invalid ID_IPV6_ADDR_RANGE)",
|
|
identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty));
|
|
string_equals_id("(unknown ID type: 255)",
|
|
identification_create_from_encoding(255, chunk_empty));
|
|
|
|
string_equals("moon@strongswan.org", "moon@strongswan.org");
|
|
string_equals("MOON@STRONGSWAN.ORG", "MOON@STRONGSWAN.ORG");
|
|
/* non-printable characters */
|
|
string_equals_id("????@strongswan.org", identification_create_from_encoding(ID_RFC822_ADDR,
|
|
chunk_from_chars(0xfa, 0xfb, 0xfc, 0xfd, 0x40, 0x73, 0x74, 0x72,
|
|
0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
|
|
0x6f, 0x72, 0x67)));
|
|
|
|
/* not a DN => ID_KEY_ID => no normalization */
|
|
string_equals("C=CH, AsdF=asdf", "C=CH, AsdF=asdf");
|
|
string_equals_id("moon@strongswan.org", identification_create_from_encoding(ID_KEY_ID,
|
|
chunk_from_str("moon@strongswan.org")));
|
|
/* non-printable characters */
|
|
string_equals_id("de:ad:be:ef", identification_create_from_encoding(ID_KEY_ID,
|
|
chunk_from_chars(0xde, 0xad, 0xbe, 0xef)));
|
|
/* printable characters */
|
|
string_equals_id("ABCDEFGHIJKLMNOPQRS",
|
|
identification_create_from_encoding(ID_KEY_ID,
|
|
chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
|
|
0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
|
|
0x51, 0x52, 0x53)));
|
|
/* ABCDEFGHIJKLMNOPQRST is printable but has the length of a SHA1 hash */
|
|
string_equals_id("41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50:51:52:53:54",
|
|
identification_create_from_encoding(ID_KEY_ID,
|
|
chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
|
|
0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
|
|
0x51, 0x52, 0x53, 0x54)));
|
|
|
|
string_equals_id("", identification_create_from_encoding(ID_DER_ASN1_DN, chunk_empty));
|
|
string_equals("C=", "C=");
|
|
string_equals("C=", "C=,");
|
|
string_equals("C=", "C=, ");
|
|
string_equals("C=", "C= , ");
|
|
string_equals("C=, O=strongSwan", "C=, O=strongSwan");
|
|
string_equals("C=CH, O=", "C=CH, O=");
|
|
string_equals("C=CH, O=strongSwan, CN=strongswan.org",
|
|
"C=CH, O=strongSwan, CN=strongswan.org");
|
|
string_equals("CN=strongswan.org, O=strongSwan, C=CH",
|
|
"cn=strongswan.org, o=strongSwan, c=CH");
|
|
string_equals("C=CH, O=strongSwan, CN=strongswan.org",
|
|
"C=CH,O=strongSwan,CN=strongswan.org");
|
|
string_equals("C=CH, O=strongSwan, CN=strongswan.org",
|
|
"/C=CH/O=strongSwan/CN=strongswan.org");
|
|
string_equals("CN=strongswan.org, O=strongSwan, C=CH",
|
|
"CN=strongswan.org,O=strongSwan,C=CH");
|
|
|
|
string_equals("C=CH, E=moon@strongswan.org, CN=moon",
|
|
"C=CH, email=moon@strongswan.org, CN=moon");
|
|
string_equals("C=CH, E=moon@strongswan.org, CN=moon",
|
|
"C=CH, emailAddress=moon@strongswan.org, CN=moon");
|
|
|
|
/* C=CH, telexNumber=123 (telexNumber is currently not recognized) */
|
|
string_equals_id("C=CH, 55:04:15=123", identification_create_from_encoding(ID_DER_ASN1_DN,
|
|
chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
|
|
0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
|
|
0x03, 0x55, 0x04, 0x15, 0x13, 0x03, 0x31, 0x32, 0x33)));
|
|
/* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
|
|
string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
|
|
chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
|
|
0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x11, 0x05,
|
|
0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x73, 0x74, 0x72,
|
|
0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e)));
|
|
/* moon@strongswan.org as GN */
|
|
string_equals_id("(ASN.1 general name)", identification_create_from_encoding(ID_DER_ASN1_GN,
|
|
chunk_from_chars(0x81, 0x14, 0x6d, 0x6f, 0x6f, 0x6e, 0x40, 0x73, 0x74,
|
|
0x72, 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
|
|
0x6f, 0x72, 0x67)));
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_printf_hook_width)
|
|
{
|
|
identification_t *a;
|
|
char buf[128];
|
|
|
|
a = identification_create_from_string("moon@strongswan.org");
|
|
snprintf(buf, sizeof(buf), "%25Y", a);
|
|
ck_assert_str_eq(" moon@strongswan.org", buf);
|
|
snprintf(buf, sizeof(buf), "%-*Y", 25, a);
|
|
ck_assert_str_eq("moon@strongswan.org ", buf);
|
|
snprintf(buf, sizeof(buf), "%5Y", a);
|
|
ck_assert_str_eq("moon@strongswan.org", buf);
|
|
DESTROY_IF(a);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* equals
|
|
*/
|
|
|
|
static bool id_equals(identification_t *a, char *b_str)
|
|
{
|
|
identification_t *b;
|
|
bool equals;
|
|
|
|
b = identification_create_from_string(b_str);
|
|
equals = a->equals(a, b);
|
|
ck_assert_int_eq(equals, b->equals(b, a));
|
|
b->destroy(b);
|
|
return equals;
|
|
}
|
|
|
|
START_TEST(test_equals)
|
|
{
|
|
identification_t *a;
|
|
chunk_t encoding, fuzzed;
|
|
int i;
|
|
|
|
/* this test also tests identification_create_from_string with DNs */
|
|
a = identification_create_from_string(
|
|
"C=CH, E=moon@strongswan.org, CN=moon");
|
|
|
|
ck_assert(id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
|
|
ck_assert(id_equals(a, "C=CH, email=moon@strongswan.org, CN=moon"));
|
|
ck_assert(id_equals(a, "C=CH, emailAddress=moon@strongswan.org, CN=moon"));
|
|
ck_assert(id_equals(a, "C==CH , E==moon@strongswan.org , CN==moon"));
|
|
ck_assert(id_equals(a, " C=CH, E=moon@strongswan.org, CN=moon "));
|
|
ck_assert(id_equals(a, "C=ch, E=moon@STRONGSWAN.ORG, CN=Moon"));
|
|
ck_assert(id_equals(a, "/C=CH/E=moon@strongswan.org/CN=moon"));
|
|
ck_assert(id_equals(a, " / C=CH / E=moon@strongswan.org / CN=moon"));
|
|
|
|
ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org/CN=moon"));
|
|
ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org,CN=moon"));
|
|
ck_assert(!id_equals(a, "C=CH E=moon@strongswan.org CN=moon"));
|
|
ck_assert(!id_equals(a, "C=CN, E=moon@strongswan.org, CN=moon"));
|
|
ck_assert(!id_equals(a, "E=moon@strongswan.org, C=CH, CN=moon"));
|
|
ck_assert(!id_equals(a, "E=moon@strongswan.org, C=CH, CN=moon"));
|
|
|
|
encoding = chunk_clone(a->get_encoding(a));
|
|
a->destroy(a);
|
|
|
|
/* simple fuzzing, increment each byte of encoding */
|
|
for (i = 0; i < encoding.len; i++)
|
|
{
|
|
if (i == 11 || i == 30 || i == 60)
|
|
{ /* skip ASN.1 type fields, as equals() handles them graceful */
|
|
continue;
|
|
}
|
|
fuzzed = chunk_clone(encoding);
|
|
fuzzed.ptr[i]++;
|
|
a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
|
|
if (id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"))
|
|
{
|
|
printf("%d %B\n%B\n", i, &fuzzed, &encoding);
|
|
}
|
|
ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
|
|
a->destroy(a);
|
|
free(fuzzed.ptr);
|
|
}
|
|
|
|
/* and decrement each byte of encoding */
|
|
for (i = 0; i < encoding.len; i++)
|
|
{
|
|
if (i == 11 || i == 30 || i == 60)
|
|
{
|
|
continue;
|
|
}
|
|
fuzzed = chunk_clone(encoding);
|
|
fuzzed.ptr[i]--;
|
|
a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
|
|
ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
|
|
a->destroy(a);
|
|
free(fuzzed.ptr);
|
|
}
|
|
free(encoding.ptr);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_equals_any)
|
|
{
|
|
identification_t *a, *b;
|
|
|
|
a = identification_create_from_string("%any");
|
|
b = identification_create_from_encoding(ID_ANY, chunk_empty);
|
|
ck_assert(a->equals(a, b));
|
|
ck_assert(b->equals(b, a));
|
|
b->destroy(b);
|
|
|
|
b = identification_create_from_string("C=CH, O=strongSwan, CN=strongswan.org");
|
|
ck_assert(!a->equals(a, b));
|
|
ck_assert(!b->equals(b, a));
|
|
a->destroy(a);
|
|
b->destroy(b);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_equals_binary)
|
|
{
|
|
identification_t *a, *b;
|
|
chunk_t encoding;
|
|
|
|
encoding = chunk_from_str("foobar=");
|
|
/* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
|
|
a = identification_create_from_string("foobar=");
|
|
ck_assert(a->get_type(a) == ID_KEY_ID);
|
|
b = identification_create_from_encoding(ID_KEY_ID, encoding);
|
|
ck_assert(a->equals(a, b));
|
|
a->destroy(a);
|
|
b->destroy(b);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_equals_fqdn)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_string("ipsec.strongswan.org");
|
|
ck_assert(id_equals(a, "IPSEC.strongswan.org"));
|
|
ck_assert(id_equals(a, "ipsec.strongSwan.org"));
|
|
ck_assert(id_equals(a, "ipsec.strongSwan.ORG"));
|
|
ck_assert(!id_equals(a, "strongswan.org"));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_equals_empty)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_encoding(_i, chunk_empty);
|
|
|
|
switch (_i)
|
|
{
|
|
case ID_ANY:
|
|
ck_assert(id_equals(a, "%any"));
|
|
break;
|
|
case ID_IPV4_ADDR:
|
|
ck_assert(!id_equals(a, "192.168.1.1"));
|
|
break;
|
|
case ID_FQDN:
|
|
ck_assert(!id_equals(a, "moon.strongswan.org"));
|
|
break;
|
|
case ID_USER_FQDN:
|
|
ck_assert(!id_equals(a, "moon@strongswan.org"));
|
|
break;
|
|
case ID_IPV6_ADDR:
|
|
ck_assert(!id_equals(a, "fec0::1"));
|
|
break;
|
|
case ID_DER_ASN1_DN:
|
|
ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
|
|
break;
|
|
case ID_KEY_ID:
|
|
ck_assert(!id_equals(a, "@#12345678"));
|
|
break;
|
|
case ID_DER_ASN1_GN:
|
|
case ID_IPV4_ADDR_SUBNET:
|
|
case ID_IPV6_ADDR_SUBNET:
|
|
case ID_IPV4_ADDR_RANGE:
|
|
case ID_IPV6_ADDR_RANGE:
|
|
/* currently not tested */
|
|
break;
|
|
}
|
|
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* matches
|
|
*/
|
|
|
|
static bool id_matches(identification_t *a, char *b_str, id_match_t expected)
|
|
{
|
|
identification_t *b;
|
|
id_match_t match;
|
|
|
|
b = identification_create_from_string(b_str);
|
|
match = a->matches(a, b);
|
|
b->destroy(b);
|
|
return match == expected;
|
|
}
|
|
|
|
static char* rdn_matching[] = { NULL, "reordered", "relaxed" };
|
|
|
|
static struct {
|
|
char *id;
|
|
id_match_t match[3];
|
|
} matches_data[] = {
|
|
/* C=CH, E=moon@strongswan.org, CN=moon */
|
|
{ "C=CH, E=moon@strongswan.org, CN=moon", {
|
|
ID_MATCH_PERFECT, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
{ "C=CH, email=moon@strongswan.org, CN=moon", {
|
|
ID_MATCH_PERFECT, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
{ "C=CH, emailAddress=moon@strongswan.org, CN=moon", {
|
|
ID_MATCH_PERFECT, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
{ "CN=moon, C=CH, E=moon@strongswan.org", {
|
|
ID_MATCH_NONE, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
{ "C=CH, E=*@strongswan.org, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_NONE }},
|
|
{ "C=CH, E=*, CN=moon", {
|
|
ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, E=*, CN=*", {
|
|
ID_MATCH_ONE_WILDCARD - 1, ID_MATCH_ONE_WILDCARD - 1, ID_MATCH_ONE_WILDCARD - 1 }},
|
|
{ "C=*, E=*, CN=*", {
|
|
ID_MATCH_ONE_WILDCARD - 2, ID_MATCH_ONE_WILDCARD - 2, ID_MATCH_ONE_WILDCARD - 2 }},
|
|
{ "C=*, E=*, CN=*, O=BADInc", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_NONE }},
|
|
{ "C=CH, CN=*", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD - 1 }},
|
|
{ "C=*, E=*", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD - 2 }},
|
|
{ "C=*, E=a@b.c, CN=*", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_NONE }},
|
|
{ "C=CH, O=strongSwan, E=*, CN=*", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_NONE }},
|
|
{ "", {
|
|
ID_MATCH_ANY, ID_MATCH_ANY, ID_MATCH_ANY }},
|
|
{ "%any", {
|
|
ID_MATCH_ANY, ID_MATCH_ANY, ID_MATCH_ANY }},
|
|
};
|
|
|
|
START_TEST(test_matches)
|
|
{
|
|
identification_t *a;
|
|
int i;
|
|
|
|
if (rdn_matching[_i])
|
|
{
|
|
lib->settings->set_str(lib->settings, "%s.rdn_matching",
|
|
rdn_matching[_i], lib->ns);
|
|
}
|
|
|
|
a = identification_create_from_string("C=CH, E=moon@strongswan.org, CN=moon");
|
|
|
|
for (i = 0; i < countof(matches_data); i++)
|
|
{
|
|
ck_assert(id_matches(a, matches_data[i].id, matches_data[i].match[_i]));
|
|
}
|
|
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
static struct {
|
|
char *id;
|
|
id_match_t match[3];
|
|
} matches_two_ou_data[] = {
|
|
/* C=CH, OU=Research, OU=Floor A, CN=moon */
|
|
{ "C=CH, OU=Research, OU=Floor A, CN=moon", {
|
|
ID_MATCH_PERFECT, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
{ "C=CH, OU=Floor A, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD - 1 }},
|
|
{ "C=CH, OU=*, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD - 1 }},
|
|
{ "C=CH, OU=*, OU=*, CN=moon", {
|
|
ID_MATCH_ONE_WILDCARD - 1, ID_MATCH_ONE_WILDCARD - 1, ID_MATCH_ONE_WILDCARD - 1 }},
|
|
{ "C=CH, OU=Research, OU=*, CN=moon", {
|
|
ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, OU=*, OU=Floor A, CN=moon", {
|
|
ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, OU=*, OU=Research, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, OU=Floor A, OU=*, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_ONE_WILDCARD, ID_MATCH_ONE_WILDCARD }},
|
|
{ "C=CH, OU=Floor A, OU=Research, CN=moon", {
|
|
ID_MATCH_NONE, ID_MATCH_PERFECT, ID_MATCH_PERFECT }},
|
|
};
|
|
|
|
START_TEST(test_matches_two_ou)
|
|
{
|
|
identification_t *a;
|
|
int i;
|
|
|
|
if (rdn_matching[_i])
|
|
{
|
|
lib->settings->set_str(lib->settings, "%s.rdn_matching",
|
|
rdn_matching[_i], lib->ns);
|
|
}
|
|
|
|
a = identification_create_from_string("C=CH, OU=Research, OU=Floor A, CN=moon");
|
|
|
|
for (i = 0; i < countof(matches_two_ou_data); i++)
|
|
{
|
|
ck_assert(id_matches(a, matches_two_ou_data[i].id, matches_two_ou_data[i].match[_i]));
|
|
}
|
|
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_matches_any)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_string("%any");
|
|
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "*", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_NONE));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_matches_binary)
|
|
{
|
|
identification_t *a;
|
|
|
|
/* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
|
|
a = identification_create_from_string("foo=bar");
|
|
ck_assert(a->get_type(a) == ID_KEY_ID);
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "foo=bar", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "bar=foo", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*=bar", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "foo=*", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_matches_range)
|
|
{
|
|
identification_t *a, *b;
|
|
|
|
/* IPv4 addresses */
|
|
a = identification_create_from_string("192.168.1.1");
|
|
ck_assert(a->get_type(a) == ID_IPV4_ADDR);
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_MAX_WILDCARDS));
|
|
ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "192.168.1.2", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "192.168.1.1/32", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "192.168.1.0/32", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "192.168.1.0/24", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "192.168.0.0/24", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "192.168.1.1-192.168.1.1", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "192.168.1.0-192.168.1.64", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "192.168.1.2-192.168.1.64", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "192.168.0.240-192.168.1.0", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
|
|
|
|
/* Malformed IPv4 subnet and range encoding */
|
|
b = identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty);
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty);
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE,
|
|
chunk_from_chars(0xc0,0xa8,0x01,0x28,0xc0,0xa8,0x01,0x00));
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
|
|
a->destroy(a);
|
|
|
|
/* IPv6 addresses */
|
|
a = identification_create_from_string("fec0::1");
|
|
ck_assert(a->get_type(a) == ID_IPV6_ADDR);
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "::/0", ID_MATCH_MAX_WILDCARDS));
|
|
ck_assert(id_matches(a, "fec0::1", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "fec0::2", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "fec0::1/128", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "fec0::/128", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "fec0::/120", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "fec0::100/120", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "fec0::1-fec0::1", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "fec0::0-fec0::5", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "fec0::4001-fec0::4ffe", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "feb0::1-fec0::0", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
|
|
|
|
/* Malformed IPv6 subnet and range encoding */
|
|
b = identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty);
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty);
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE,
|
|
chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff,
|
|
0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 ));
|
|
ck_assert(a->matches(a, b) == ID_MATCH_NONE);
|
|
b->destroy(b);
|
|
|
|
a->destroy(a);
|
|
|
|
/* Malformed IPv4 address encoding */
|
|
a = identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty);
|
|
ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "0.0.0.0-255.255.255.255", ID_MATCH_NONE));
|
|
a->destroy(a);
|
|
|
|
/* Malformed IPv6 address encoding */
|
|
a = identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty);
|
|
ck_assert(id_matches(a, "::/0", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", ID_MATCH_NONE));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_matches_string)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_string("moon@strongswan.org");
|
|
|
|
ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "*@strongswan.org", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "*@*.org", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*@*", ID_MATCH_NONE));
|
|
/* the following two are parsed as ID_FQDN, so no match */
|
|
ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*.org", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "moon@*", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "**", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
a->destroy(a);
|
|
|
|
a = identification_create_from_string("vpn.strongswan.org");
|
|
|
|
ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_PERFECT));
|
|
ck_assert(id_matches(a, "*.strongswan.org", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "*.org", ID_MATCH_ONE_WILDCARD));
|
|
ck_assert(id_matches(a, "*.strongswan.*", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*vpn.strongswan.org", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "vpn.strongswan.*", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "**", ID_MATCH_NONE));
|
|
ck_assert(id_matches(a, "*", ID_MATCH_ANY));
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_matches_empty)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_encoding(_i, chunk_empty);
|
|
|
|
switch (_i)
|
|
{
|
|
case ID_ANY:
|
|
ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
|
|
break;
|
|
case ID_IPV4_ADDR:
|
|
ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_NONE));
|
|
break;
|
|
case ID_FQDN:
|
|
ck_assert(id_matches(a, "moon.strongswan.org", ID_MATCH_NONE));
|
|
break;
|
|
case ID_USER_FQDN:
|
|
ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_NONE));
|
|
break;
|
|
case ID_IPV6_ADDR:
|
|
ck_assert(id_matches(a, "fec0::1", ID_MATCH_NONE));
|
|
break;
|
|
case ID_DER_ASN1_DN:
|
|
ck_assert(id_matches(a, "C=CH, E=moon@strongswan.org, CN=moon",
|
|
ID_MATCH_NONE));
|
|
break;
|
|
case ID_KEY_ID:
|
|
ck_assert(id_matches(a, "@#12345678", ID_MATCH_NONE));
|
|
break;
|
|
case ID_DER_ASN1_GN:
|
|
case ID_IPV4_ADDR_SUBNET:
|
|
case ID_IPV6_ADDR_SUBNET:
|
|
case ID_IPV4_ADDR_RANGE:
|
|
case ID_IPV6_ADDR_RANGE:
|
|
/* currently not tested */
|
|
break;
|
|
}
|
|
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
static bool id_matches_rev(identification_t *a, char *b_str, id_match_t expected)
|
|
{
|
|
identification_t *b;
|
|
id_match_t match;
|
|
|
|
b = identification_create_from_string(b_str);
|
|
match = b->matches(b, a);
|
|
b->destroy(b);
|
|
return match == expected;
|
|
}
|
|
|
|
START_TEST(test_matches_empty_reverse)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_encoding(_i, chunk_empty);
|
|
|
|
switch (_i)
|
|
{
|
|
case ID_ANY:
|
|
ck_assert(id_matches_rev(a, "%any", ID_MATCH_ANY));
|
|
break;
|
|
case ID_IPV4_ADDR:
|
|
ck_assert(id_matches_rev(a, "192.168.1.1", ID_MATCH_NONE));
|
|
break;
|
|
case ID_FQDN:
|
|
ck_assert(id_matches_rev(a, "moon.strongswan.org", ID_MATCH_NONE));
|
|
break;
|
|
case ID_USER_FQDN:
|
|
ck_assert(id_matches_rev(a, "moon@strongswan.org", ID_MATCH_NONE));
|
|
break;
|
|
case ID_IPV6_ADDR:
|
|
ck_assert(id_matches_rev(a, "fec0::1", ID_MATCH_NONE));
|
|
break;
|
|
case ID_DER_ASN1_DN:
|
|
ck_assert(id_matches_rev(a, "C=CH, E=moon@strongswan.org, CN=moon",
|
|
ID_MATCH_NONE));
|
|
break;
|
|
case ID_KEY_ID:
|
|
ck_assert(id_matches_rev(a, "@#12345678", ID_MATCH_NONE));
|
|
break;
|
|
case ID_DER_ASN1_GN:
|
|
case ID_IPV4_ADDR_SUBNET:
|
|
case ID_IPV6_ADDR_SUBNET:
|
|
case ID_IPV4_ADDR_RANGE:
|
|
case ID_IPV6_ADDR_RANGE:
|
|
/* currently not tested */
|
|
break;
|
|
}
|
|
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* identification hashing
|
|
*/
|
|
|
|
static bool id_hash_equals(char *str, char *b_str)
|
|
{
|
|
identification_t *a, *b;
|
|
bool success = FALSE;
|
|
|
|
a = identification_create_from_string(str);
|
|
b = identification_create_from_string(b_str ?: str);
|
|
success = a->hash(a, 0) == b->hash(b, 0);
|
|
a->destroy(a);
|
|
b->destroy(b);
|
|
return success;
|
|
}
|
|
|
|
START_TEST(test_hash)
|
|
{
|
|
ck_assert(id_hash_equals("moon@strongswan.org", NULL));
|
|
ck_assert(id_hash_equals("vpn.strongswan.org", NULL));
|
|
ck_assert(id_hash_equals("192.168.1.1", NULL));
|
|
ck_assert(id_hash_equals("C=CH", NULL));
|
|
|
|
ck_assert(!id_hash_equals("moon@strongswan.org", "sun@strongswan.org"));
|
|
ck_assert(!id_hash_equals("vpn.strongswan.org", "*.strongswan.org"));
|
|
ck_assert(!id_hash_equals("192.168.1.1", "192.168.1.2"));
|
|
ck_assert(!id_hash_equals("C=CH", "C=DE"));
|
|
ck_assert(!id_hash_equals("fqdn:strongswan.org", "keyid:strongswan.org"));
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_hash_any)
|
|
{
|
|
ck_assert(id_hash_equals("%any", NULL));
|
|
ck_assert(id_hash_equals("%any", "0.0.0.0"));
|
|
ck_assert(id_hash_equals("%any", "*"));
|
|
ck_assert(id_hash_equals("%any", ""));
|
|
|
|
ck_assert(!id_hash_equals("%any", "any"));
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_hash_dn)
|
|
{
|
|
identification_t *a, *b;
|
|
|
|
/* same DN (C=CH, O=strongSwan), different RDN type (PRINTABLESTRING vs.
|
|
* UTF8STRING) */
|
|
a = identification_create_from_data(chunk_from_chars(
|
|
0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
|
0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x31,
|
|
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
|
0x13, 0x0a, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67,
|
|
0x53, 0x77, 0x61, 0x6e));
|
|
b = identification_create_from_data(chunk_from_chars(
|
|
0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
|
0x55, 0x04, 0x06, 0x0c, 0x02, 0x43, 0x48, 0x31,
|
|
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
|
0x0c, 0x0a, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67,
|
|
0x53, 0x77, 0x61, 0x6e));
|
|
ck_assert_int_eq(a->hash(a, 0), b->hash(b, 0));
|
|
ck_assert(a->equals(a, b));
|
|
a->destroy(a);
|
|
b->destroy(b);
|
|
}
|
|
END_TEST
|
|
|
|
START_TEST(test_hash_inc)
|
|
{
|
|
identification_t *a;
|
|
|
|
a = identification_create_from_string("vpn.strongswan.org");
|
|
ck_assert(a->hash(a, 0) != a->hash(a, 1));
|
|
a->destroy(a);
|
|
|
|
a = identification_create_from_string("C=CH, O=strongSwan");
|
|
ck_assert(a->hash(a, 0) != a->hash(a, 1));
|
|
a->destroy(a);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* identification part enumeration
|
|
*/
|
|
|
|
START_TEST(test_parts)
|
|
{
|
|
identification_t *id;
|
|
enumerator_t *enumerator;
|
|
id_part_t part;
|
|
chunk_t data;
|
|
int i = 0;
|
|
|
|
id = identification_create_from_string("C=CH, O=strongSwan, CN=tester");
|
|
|
|
enumerator = id->create_part_enumerator(id);
|
|
while (enumerator->enumerate(enumerator, &part, &data))
|
|
{
|
|
switch (i++)
|
|
{
|
|
case 0:
|
|
ck_assert(part == ID_PART_RDN_C &&
|
|
chunk_equals(data, chunk_create("CH", 2)));
|
|
break;
|
|
case 1:
|
|
ck_assert(part == ID_PART_RDN_O &&
|
|
chunk_equals(data, chunk_from_str("strongSwan")));
|
|
break;
|
|
case 2:
|
|
ck_assert(part == ID_PART_RDN_CN &&
|
|
chunk_equals(data, chunk_from_str("tester")));
|
|
break;
|
|
default:
|
|
fail("unexpected identification part %d", part);
|
|
}
|
|
}
|
|
ck_assert_int_eq(i, 3);
|
|
enumerator->destroy(enumerator);
|
|
id->destroy(id);
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* wildcards
|
|
*/
|
|
|
|
static bool id_contains_wildcards(char *string)
|
|
{
|
|
identification_t *id;
|
|
bool contains;
|
|
|
|
id = identification_create_from_string(string);
|
|
contains = id->contains_wildcards(id);
|
|
id->destroy(id);
|
|
return contains;
|
|
}
|
|
|
|
START_TEST(test_contains_wildcards)
|
|
{
|
|
ck_assert(id_contains_wildcards("%any"));
|
|
ck_assert(id_contains_wildcards("C=*, O=strongSwan, CN=gw"));
|
|
ck_assert(id_contains_wildcards("C=CH, O=strongSwan, CN=*"));
|
|
ck_assert(id_contains_wildcards("*@strongswan.org"));
|
|
ck_assert(id_contains_wildcards("*.strongswan.org"));
|
|
ck_assert(!id_contains_wildcards("C=**, O=a*, CN=*a"));
|
|
}
|
|
END_TEST
|
|
|
|
/*******************************************************************************
|
|
* clone
|
|
*/
|
|
|
|
START_TEST(test_clone)
|
|
{
|
|
identification_t *a, *b;
|
|
chunk_t a_enc, b_enc;
|
|
|
|
a = identification_create_from_string("moon@strongswan.org");
|
|
a_enc = a->get_encoding(a);
|
|
b = a->clone(a);
|
|
ck_assert(b != NULL);
|
|
ck_assert(a != b);
|
|
b_enc = b->get_encoding(b);
|
|
ck_assert(a_enc.ptr != b_enc.ptr);
|
|
ck_assert(chunk_equals(a_enc, b_enc));
|
|
a->destroy(a);
|
|
b->destroy(b);
|
|
}
|
|
END_TEST
|
|
|
|
Suite *identification_suite_create()
|
|
{
|
|
Suite *s;
|
|
TCase *tc;
|
|
|
|
s = suite_create("identification");
|
|
|
|
tc = tcase_create("create");
|
|
tcase_add_test(tc, test_from_encoding);
|
|
tcase_add_test(tc, test_from_data);
|
|
tcase_add_test(tc, test_from_sockaddr);
|
|
tcase_add_loop_test(tc, test_from_string, 0, countof(string_data));
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("printf_hook");
|
|
tcase_add_test(tc, test_printf_hook);
|
|
tcase_add_test(tc, test_printf_hook_width);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("equals");
|
|
tcase_add_test(tc, test_equals);
|
|
tcase_add_test(tc, test_equals_any);
|
|
tcase_add_test(tc, test_equals_binary);
|
|
tcase_add_test(tc, test_equals_fqdn);
|
|
tcase_add_loop_test(tc, test_equals_empty, ID_ANY, ID_KEY_ID + 1);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("matches");
|
|
tcase_add_loop_test(tc, test_matches, 0, countof(rdn_matching));
|
|
tcase_add_loop_test(tc, test_matches_two_ou, 0, countof(rdn_matching));
|
|
tcase_add_test(tc, test_matches_any);
|
|
tcase_add_test(tc, test_matches_binary);
|
|
tcase_add_test(tc, test_matches_range);
|
|
tcase_add_test(tc, test_matches_string);
|
|
tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
|
|
tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("hash");
|
|
tcase_add_test(tc, test_hash);
|
|
tcase_add_test(tc, test_hash_any);
|
|
tcase_add_test(tc, test_hash_dn);
|
|
tcase_add_test(tc, test_hash_inc);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("part enumeration");
|
|
tcase_add_test(tc, test_parts);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("wildcards");
|
|
tcase_add_test(tc, test_contains_wildcards);
|
|
suite_add_tcase(s, tc);
|
|
|
|
tc = tcase_create("clone");
|
|
tcase_add_test(tc, test_clone);
|
|
suite_add_tcase(s, tc);
|
|
|
|
return s;
|
|
}
|