00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00052 #include <string.h>
00053
00054 #include "ipsec/util.h"
00055 #include "ipsec/debug.h"
00056 #include "testing/structural/structural_test.h"
00057
00058 #include "ipsec/sa.h"
00059
00060 sad_entry inbound_sad_test[IPSEC_MAX_SAD_ENTRIES] = {
00061 { SAD_ENTRY( 192,168,1,1, 255,255,255,255,
00062 0x1001,
00063 IPSEC_PROTO_ESP, IPSEC_TUNNEL,
00064 IPSEC_3DES,
00065 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00066 0,
00067 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0),
00068
00069 SAD_ENTRY( 192,168,1,2, 255,255,255,255,
00070 0x1002,
00071 IPSEC_PROTO_AH, IPSEC_TUNNEL,
00072 0,
00073 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00074 IPSEC_HMAC_MD5,
00075 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0, 0, 0, 0),
00076
00077 SAD_ENTRY( 192,168,156,189, 255,255,255,255,
00078 0x0010002,
00079 IPSEC_PROTO_AH, IPSEC_TUNNEL,
00080 0,
00081 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00082 IPSEC_HMAC_SHA1,
00083 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0, 0, 0, 0)}
00084 } ;
00085
00086
00087 spd_entry inbound_spd_test[IPSEC_MAX_SAD_ENTRIES] = {
00088
00089
00090 { SPD_ENTRY( 204,152,189,116, 255,255,255,0, 147,87,70,105, 255,255,255,255, IPSEC_PROTO_TCP, 21, 0, POLICY_DISCARD, 0)},
00091 { SPD_ENTRY( 147,87,70,105, 255,255,255,255, 204,152,189,116, 255,255,255,255, IPSEC_PROTO_TCP, 0, 21, POLICY_APPLY, 0)},
00092 { SPD_ENTRY( 147,87,70,250, 255,255,255,0, 255,255,255,255, 255,255,255,255, IPSEC_PROTO_UDP, 0, 0, POLICY_APPLY, 0)},
00093 { SPD_ENTRY( 192,168,1,0, 255,255,255,0, 192,168,1,3, 255,255,255,255, IPSEC_PROTO_AH, 0, 0, POLICY_APPLY, 0)},
00094 { SPD_ENTRY( 192,168,1,40, 255,255,255,255, 192,168,1,3, 255,255,255,255, IPSEC_PROTO_ESP, 0, 0, POLICY_APPLY, 0)},
00095 { SPD_ENTRY( 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0, 0, 0, POLICY_BYPASS, 0)}
00096 } ;
00097
00098
00099
00100
00101 sad_entry outbound_sad_test[IPSEC_MAX_SAD_ENTRIES] = {
00102 { SAD_ENTRY( 192,168,156,189, 255,255,255,255,
00103 0x100000,
00104 IPSEC_PROTO_AH, IPSEC_TUNNEL,
00105 IPSEC_3DES,
00106 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00107 IPSEC_HMAC_SHA1,
00108 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0, 0, 0, 0),
00109
00110 SAD_ENTRY( 192,168,156,189, 255,255,255,255,
00111 0x100000,
00112 IPSEC_PROTO_ESP, IPSEC_TUNNEL,
00113 IPSEC_3DES,
00114 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00115 IPSEC_HMAC_SHA1,
00116 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0, 0, 0, 0),
00117
00118 SAD_ENTRY( 192,168,156,189, 255,255,255,255,
00119 0x100000,
00120 IPSEC_PROTO_AH, IPSEC_TUNNEL,
00121 0,
00122 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45 , 0x67, 0x01, 0x23, 0x45, 0x67,
00123 IPSEC_HMAC_SHA1,
00124 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0x01, 0x23, 0x45, 0x67, 0, 0, 0, 0)}
00125 } ;
00126
00127
00128 spd_entry outbound_spd_test[IPSEC_MAX_SPD_ENTRIES] = {
00129
00130
00131 { SPD_ENTRY( 192,168,1,1, 255,255,255,255, 192,168,1,3, 255,255,255,255, IPSEC_PROTO_ICMP, 0, 0, POLICY_APPLY, 0)},
00132 { SPD_ENTRY( 192,168,1,2, 255,255,255,255, 192,168,1,3, 255,255,255,255, 0, 0, 80, POLICY_DISCARD, 0)},
00133 { SPD_ENTRY( 192,168,1,2, 255,255,255,255, 192,168,1,3, 255,255,255,255, 0, 0, 0, POLICY_BYPASS, 0)},
00134 { SPD_ENTRY( 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0, 0, 0, POLICY_BYPASS, 0)}
00135 } ;
00136
00137 spd_entry outbound_spd[IPSEC_MAX_SPD_ENTRIES] ;
00138 spd_entry inbound_spd[IPSEC_MAX_SPD_ENTRIES] ;
00139
00140 sad_entry outbound_sad[IPSEC_MAX_SAD_ENTRIES] ;
00141 sad_entry inbound_sad[IPSEC_MAX_SAD_ENTRIES] ;
00142
00143
00144
00145 unsigned char ip_ftp_1[70] =
00146 {
00147 0x45, 0x00, 0x00, 0x46, 0x8E, 0xF2, 0x40, 0x00, 0x31, 0x06, 0x56, 0xF2, 0xCC, 0x98, 0xBD, 0x74,
00148 0x93, 0x57, 0x46, 0x69, 0x00, 0x15, 0x11, 0xEF, 0x38, 0x57, 0xC8, 0x7F, 0xEC, 0x0F, 0x03, 0x14,
00149 0x50, 0x18, 0x16, 0xD0, 0x76, 0x2A, 0x00, 0x00, 0x32, 0x30, 0x30, 0x20, 0x50, 0x4F, 0x52, 0x54,
00150 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E, 0x64, 0x20, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
00151 0x66, 0x75, 0x6C, 0x2E, 0x0D, 0x0A,
00152 } ;
00153
00154 unsigned char ip_ftp_2[67] =
00155 {
00156 0x45, 0x00, 0x00, 0x43, 0xB6, 0x8F, 0x40, 0x00, 0x80, 0x06, 0x00, 0x00, 0x93, 0x57, 0x46, 0x69,
00157 0xCC, 0x98, 0xBD, 0x74, 0x11, 0xEF, 0x00, 0x15, 0xEC, 0x0F, 0x02, 0xF9, 0x38, 0x57, 0xC8, 0x7F,
00158 0x50, 0x18, 0xFF, 0x62, 0x64, 0x03, 0x00, 0x00, 0x50, 0x4F, 0x52, 0x54, 0x20, 0x31, 0x34, 0x37,
00159 0x2C, 0x38, 0x37, 0x2C, 0x37, 0x30, 0x2C, 0x31, 0x30, 0x35, 0x2C, 0x31, 0x37, 0x2C, 0x32, 0x34,
00160 0x30, 0x0D, 0x0A,
00161 } ;
00162
00163 unsigned char ip_rip[28] =
00164 {
00165 0x45, 0xC0, 0x02, 0x14, 0x00, 0x00, 0x00, 0x00, 0x02, 0x11, 0xDB, 0xC8, 0x93, 0x57, 0x46, 0xFA,
00166 0xFF, 0xFF, 0xFF, 0xFF, 0x02, 0x08, 0x02, 0x08, 0x02, 0x00, 0x96, 0x98,
00167 } ;
00168
00169 unsigned char ip_ah[20] =
00170 {
00171 0x45, 0x00, 0x00, 0x68, 0x79, 0x9C, 0x00, 0x00, 0x40, 0x33, 0x7D, 0x4B, 0xC0, 0xA8, 0x01, 0x28,
00172 0xC0, 0xA8, 0x01, 0x03,
00173 } ;
00174
00175 unsigned char ip_esp[20] =
00176 {
00177 0x45, 0x00, 0x00, 0x64, 0x79, 0x30, 0x00, 0x00, 0x40, 0x32, 0x7D, 0xBC, 0xC0, 0xA8, 0x01, 0x28,
00178 0xC0, 0xA8, 0x01, 0x03,
00179 } ;
00180
00181 unsigned char ip_def[70] =
00182 {
00183 0x45, 0x00, 0x00, 0x46, 0x8E, 0xF2, 0x40, 0x00, 0x31, 0x06, 0x56, 0xF2, 0xCA, 0x92, 0xB0, 0x74,
00184 0x93, 0x57, 0x46, 0x69, 0x00, 0x15, 0x11, 0xEF, 0x38, 0x57, 0xC8, 0x7F, 0xEC, 0x0F, 0x03, 0x14,
00185 0x50, 0x18, 0x16, 0xD0, 0x76, 0x2A, 0x00, 0x00, 0x32, 0x30, 0x30, 0x20, 0x50, 0x4F, 0x52, 0x54,
00186 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E, 0x64, 0x20, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
00187 0x66, 0x75, 0x6C, 0x2E, 0x0D, 0x0A,
00188 } ;
00189
00190 unsigned char esp_hdr[32] =
00191 {
00192 0x45, 0x00, 0x00, 0x64, 0x79, 0x30, 0x00, 0x00, 0x40, 0x32, 0x7D, 0xBC, 0xC0, 0xA8, 0x01, 0x28,
00193 0xC0, 0xA8, 0x01, 0x03, 0x00, 0x00, 0x10, 0x06, 0x00, 0x00, 0x00, 0x01, 0x87, 0xC5, 0xBA, 0x8C,
00194 } ;
00195
00196 unsigned char ah_hdr[48] =
00197 {
00198 0x45, 0x00, 0x00, 0x68, 0x79, 0x9C, 0x00, 0x00, 0x40, 0x33, 0x7D, 0x4B, 0xC0, 0xA8, 0x01, 0x28,
00199 0xC0, 0xA8, 0x01, 0x03, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x10, 0x09, 0x00, 0x00, 0x00, 0x01,
00200 0x45, 0x2F, 0x1D, 0xE9, 0xEE, 0x8B, 0x41, 0x26, 0x44, 0x51, 0xCC, 0x8D, 0x45, 0x00, 0x00, 0x3C,
00201 } ;
00202
00203 #define MAX_IP_ADD_LENGTH (15)
00204
00205
00210 int test_spd_init(void)
00211 {
00212 int local_error_count = 0 ;
00213 int entry_count ;
00214 spd_entry *spd ;
00215 sad_entry *sad ;
00216 db_set_netif *databases ;
00217
00218
00219 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00220 memset(outbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00221 memset(inbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00222 memset(outbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00223
00224 memcpy(inbound_spd, inbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00225 memcpy(outbound_spd, outbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00226 memcpy(inbound_sad, inbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00227 memcpy(outbound_sad, outbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00228
00229
00230 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00231 if(databases == NULL)
00232 {
00233 local_error_count++ ;
00234 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00235 }
00236
00237
00238
00239
00240 for(entry_count = 1, spd = databases->inbound_spd.first; spd->next != NULL; spd = spd->next, entry_count++) ;
00241
00242 if(entry_count != 6)
00243 {
00244 local_error_count++ ;
00245 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_inbound: did not link all entries properly")) ;
00246 }
00247 if(spd != databases->inbound_spd.last)
00248 {
00249 local_error_count++ ;
00250 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_inbound: did reach end of linked list")) ;
00251 }
00252 if(spd != &databases->inbound_spd.table[5])
00253 {
00254 local_error_count++ ;
00255 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_inbound: linked list does not end at last entry")) ;
00256 }
00257 if(databases->inbound_spd.first != &databases->inbound_spd.table[0])
00258 {
00259 local_error_count++ ;
00260 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_inbound: linked list does not start at first entry")) ;
00261 }
00262
00263
00264 for(entry_count = 1, spd = databases->outbound_spd.first; spd->next != NULL; spd = spd->next, entry_count++) ;
00265
00266 if(entry_count != 4)
00267 {
00268 local_error_count++ ;
00269 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_outbound: did not link all entries properly")) ;
00270 }
00271 if(spd != databases->outbound_spd.last)
00272 {
00273 local_error_count++ ;
00274 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_outbound: did reach end of linked list")) ;
00275 }
00276 if(spd != &databases->outbound_spd.table[3])
00277 {
00278 local_error_count++ ;
00279 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_outbound: linked list does not end at last entry")) ;
00280 }
00281 if(databases->outbound_spd.first != &databases->outbound_spd.table[0])
00282 {
00283 local_error_count++ ;
00284 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("spd_outbound: linked list does not start at first entry")) ;
00285 }
00286
00287
00288 for(entry_count = 1, sad = databases->inbound_sad.first; sad->next != NULL; sad = sad->next, entry_count++) ;
00289
00290 if(entry_count != 3)
00291 {
00292 local_error_count++ ;
00293 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_inbound: did not link all entries properly")) ;
00294 }
00295 if(sad != databases->inbound_sad.last)
00296 {
00297 local_error_count++ ;
00298 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_inbound: did reach end of linked list")) ;
00299 }
00300 if(sad != &databases->inbound_sad.table[2])
00301 {
00302 local_error_count++ ;
00303 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_inbound: linked list does not end at last entry")) ;
00304 }
00305 if(databases->inbound_sad.first != &databases->inbound_sad.table[0])
00306 {
00307 local_error_count++ ;
00308 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_inbound: linked list does not start at first entry")) ;
00309 }
00310
00311
00312 for(entry_count = 1, sad = databases->outbound_sad.first; sad->next != NULL; sad = sad->next, entry_count++) ;
00313
00314 if(entry_count != 3)
00315 {
00316 local_error_count++ ;
00317 IPSEC_LOG_TST("test_spd_init", "FAILURE", ("sad_outbound: did not link all entries properly")) ;
00318 }
00319 if(sad != databases->outbound_sad.last)
00320 {
00321 local_error_count++ ;
00322 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_outbound: did reach end of linked list")) ;
00323 }
00324 if(sad != &databases->outbound_sad.table[2])
00325 {
00326 local_error_count++ ;
00327 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_outbound: linked list does not end at last entry")) ;
00328 }
00329 if(databases->outbound_sad.first != &databases->outbound_sad.table[0])
00330 {
00331 local_error_count++ ;
00332 IPSEC_LOG_TST("test_sad_init", "FAILURE", ("sad_outbound: linked list does not start at first entry")) ;
00333 }
00334
00335 if(databases)
00336 ipsec_spd_release_dbs(databases) ;
00337
00338 return local_error_count ;
00339 }
00340
00345 int test_spd_get_free(void)
00346 {
00347 int index ;
00348 int local_error_count = 0 ;
00349 spd_entry *free_entry ;
00350 db_set_netif *databases ;
00351
00352
00353 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00354
00355
00356 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00357 if(databases == NULL)
00358 {
00359 local_error_count++ ;
00360 IPSEC_LOG_TST("test_spd_get_free", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00361 }
00362
00363
00364 for(index = 0; index < IPSEC_MAX_SPD_ENTRIES; index++)
00365 {
00366 databases->inbound_spd.table[index].use_flag = IPSEC_FREE ;
00367 }
00368
00369
00370 free_entry = ipsec_spd_get_free(&databases->inbound_spd) ;
00371 if (free_entry != inbound_spd)
00372 {
00373 local_error_count++ ;
00374 IPSEC_LOG_TST("test_spd_get_first", "FAILURE", ("unable to get the first entry from SPD data pool")) ;
00375 }
00376
00377
00378 inbound_spd[0].use_flag = IPSEC_USED ;
00379 inbound_spd[2].use_flag = IPSEC_USED ;
00380
00381
00382 free_entry = ipsec_spd_get_free(&databases->inbound_spd) ;
00383 if (free_entry != &inbound_spd[1])
00384 {
00385 local_error_count++ ;
00386 IPSEC_LOG_TST("test_spd_get_first", "FAILURE", ("unable to get the right free entry")) ;
00387 }
00388
00389
00390 for(index = 0; index < IPSEC_MAX_SPD_ENTRIES-1; index++)
00391 {
00392 inbound_spd[index].use_flag = IPSEC_USED ;
00393 }
00394
00395
00396 free_entry = ipsec_spd_get_free(&databases->inbound_spd) ;
00397 if (free_entry != &inbound_spd[IPSEC_MAX_SPD_ENTRIES-1])
00398 {
00399 local_error_count++ ;
00400 IPSEC_LOG_TST("test_spd_get_first", "FAILURE", ("unable to get the last free entry")) ;
00401 }
00402
00403
00404 inbound_spd[IPSEC_MAX_SPD_ENTRIES-1].use_flag = IPSEC_USED ;
00405
00406
00407 free_entry = ipsec_spd_get_free(&databases->inbound_spd) ;
00408 if (free_entry != NULL)
00409 {
00410 local_error_count++ ;
00411 IPSEC_LOG_TST("test_spd_get_first", "FAILURE", ("got a pointer but should have received NULL")) ;
00412 }
00413
00414 if(databases)
00415 ipsec_spd_release_dbs(databases) ;
00416
00417 return local_error_count ;
00418 }
00419
00420
00425 int test_spd_add(void)
00426 {
00427 spd_entry *entry ;
00428 int local_error_count = 0;
00429 db_set_netif *databases ;
00430
00431 if(IPSEC_MAX_SPD_ENTRIES < 10)
00432 IPSEC_LOG_TST("test_spd_add", "WARNING", ("IPSEC_MAX_SA_ENTRIES may be too small for running test properly")) ;
00433
00434
00435 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00436 memset(outbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00437 memset(inbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00438 memset(outbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00439
00440 memcpy(inbound_spd, inbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00441 memcpy(outbound_spd, outbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00442 memcpy(inbound_sad, inbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00443 memcpy(outbound_sad, outbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00444
00445
00446 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00447 if(databases == NULL)
00448 {
00449 local_error_count++ ;
00450 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00451 }
00452
00453
00454 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.40"),
00455 ipsec_inet_addr("255.255.255.255"),
00456 ipsec_inet_addr("192.168.1.3"),
00457 ipsec_inet_addr("255.255.255.255"),
00458 0x06,
00459 ipsec_htons(0),
00460 ipsec_htons(80),
00461 POLICY_APPLY,
00462 &databases->inbound_spd) ;
00463 if(!entry)
00464 {
00465 local_error_count++ ;
00466 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("1st entry could not be added")) ;
00467 }
00468
00469
00470 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.0"),
00471 ipsec_inet_addr("255.255.255.0"),
00472 ipsec_inet_addr("192.168.1.3"),
00473 ipsec_inet_addr("255.255.255.255"),
00474 0x06,
00475 ipsec_htons(0),
00476 ipsec_htons(80),
00477 POLICY_APPLY,
00478 &databases->inbound_spd) ;
00479 if(!entry)
00480 {
00481 local_error_count++ ;
00482 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("2nd entry could not be added")) ;
00483 }
00484
00485
00486 entry = ipsec_spd_add( ipsec_inet_addr("147.87.0.0"),
00487 ipsec_inet_addr("255.255.0.0"),
00488 ipsec_inet_addr("192.168.1.3"),
00489 ipsec_inet_addr("255.255.255.255"),
00490 0x06,
00491 ipsec_htons(0),
00492 ipsec_htons(80),
00493 POLICY_APPLY,
00494 &databases->inbound_spd) ;
00495 if(!entry)
00496 {
00497 local_error_count++ ;
00498 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("3th entry could not be added")) ;
00499 }
00500
00501
00502 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.0"),
00503 ipsec_inet_addr("255.255.255.0"),
00504 ipsec_inet_addr("192.168.1.3"),
00505 ipsec_inet_addr("255.255.255.255"),
00506 0x06,
00507 ipsec_htons(0),
00508 ipsec_htons(80),
00509 POLICY_APPLY,
00510 &databases->inbound_spd) ;
00511 if(!entry)
00512 {
00513 local_error_count++ ;
00514 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("4th entry could not be added")) ;
00515 }
00516
00517
00518 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.0"),
00519 ipsec_inet_addr("255.255.255.0"),
00520 ipsec_inet_addr("192.168.1.3"),
00521 ipsec_inet_addr("255.255.255.255"),
00522 0x06,
00523 ipsec_htons(0),
00524 ipsec_htons(80),
00525 POLICY_APPLY,
00526 &databases->inbound_spd) ;
00527 if(entry)
00528 {
00529 local_error_count++ ;
00530 IPSEC_LOG_TST("test_spd_add", "FAILURE", ("5th entry should not have been added")) ;
00531 }
00532
00533 if(databases)
00534 ipsec_spd_release_dbs(databases) ;
00535
00536 return local_error_count ;
00537 }
00538
00539
00544 int test_spd_del(void)
00545 {
00546 ipsec_status status ;
00547 spd_entry *test_pointer, *entry ;
00548 int local_error_count = 0 ;
00549
00550 db_set_netif *databases ;
00551
00552 if(IPSEC_MAX_SPD_ENTRIES < 10)
00553 IPSEC_LOG_TST("test_spd_del", "WARNING", ("IPSEC_MAX_SA_ENTRIES may be too small for running test properly")) ;
00554
00555
00556 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00557 memset(outbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00558 memset(inbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00559 memset(outbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00560
00561 memcpy(inbound_spd, inbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00562 memcpy(outbound_spd, outbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00563 memcpy(inbound_sad, inbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00564 memcpy(outbound_sad, outbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00565
00566
00567 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00568 if(databases == NULL)
00569 {
00570 local_error_count++ ;
00571 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00572 }
00573
00574
00575 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.40"),
00576 ipsec_inet_addr("255.255.255.255"),
00577 ipsec_inet_addr("192.168.1.3"),
00578 ipsec_inet_addr("255.255.255.255"),
00579 0x06,
00580 ipsec_htons(0),
00581 ipsec_htons(80),
00582 POLICY_APPLY,
00583 &databases->inbound_spd) ;
00584 if(!entry)
00585 {
00586 local_error_count++ ;
00587 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("1st entry could not be added")) ;
00588 }
00589
00590
00591 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.0"),
00592 ipsec_inet_addr("255.255.255.0"),
00593 ipsec_inet_addr("192.168.1.3"),
00594 ipsec_inet_addr("255.255.255.255"),
00595 0x06,
00596 ipsec_htons(0),
00597 ipsec_htons(80),
00598 POLICY_APPLY,
00599 &databases->inbound_spd) ;
00600 if(!entry)
00601 {
00602 local_error_count++ ;
00603 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("2nd entry could not be added")) ;
00604 }
00605
00606
00607 entry = ipsec_spd_add( ipsec_inet_addr("147.87.0.0"),
00608 ipsec_inet_addr("255.255.0.0"),
00609 ipsec_inet_addr("192.168.1.3"),
00610 ipsec_inet_addr("255.255.255.255"),
00611 0x06,
00612 ipsec_htons(0),
00613 ipsec_htons(80),
00614 POLICY_APPLY,
00615 &databases->inbound_spd) ;
00616 if(!entry)
00617 {
00618 local_error_count++ ;
00619 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("3rd entry could not be added")) ;
00620 }
00621
00622
00623 entry = ipsec_spd_add( ipsec_inet_addr("192.168.1.0"),
00624 ipsec_inet_addr("255.255.255.0"),
00625 ipsec_inet_addr("192.168.1.3"),
00626 ipsec_inet_addr("255.255.255.255"),
00627 0x06,
00628 ipsec_htons(0),
00629 ipsec_htons(80),
00630 POLICY_APPLY,
00631 &databases->inbound_spd) ;
00632 if(!entry)
00633 {
00634 local_error_count++ ;
00635 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("4th entry could not be added")) ;
00636 }
00637
00638
00639 test_pointer = databases->inbound_spd.table -1 ;
00640 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00641 if(status == IPSEC_STATUS_SUCCESS)
00642 {
00643 local_error_count++ ;
00644 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was able to delete an SPD entry which does not exitst")) ;
00645 }
00646
00647
00648 test_pointer = databases->inbound_spd.table + 1000 ;
00649 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00650 if(status == IPSEC_STATUS_SUCCESS)
00651 {
00652 local_error_count++ ;
00653 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was able to delete an SPD entry which does not exist")) ;
00654 }
00655
00656
00657 test_pointer = databases->inbound_spd.table + 1 ;
00658 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00659 if(status == IPSEC_STATUS_FAILURE)
00660 {
00661 local_error_count++ ;
00662 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was not able to remove 2nd SPD entry")) ;
00663 }
00664
00665
00666 test_pointer = databases->inbound_spd.table + 3 ;
00667 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00668 if(status == IPSEC_STATUS_FAILURE)
00669 {
00670 local_error_count++ ;
00671 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was not able to remove 2nd SPD entry")) ;
00672 }
00673
00674
00675 test_pointer = databases->inbound_spd.table + 9 ;
00676 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00677 if(status == IPSEC_STATUS_FAILURE)
00678 {
00679 local_error_count++ ;
00680 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was not able to remove 2nd SPD entry")) ;
00681 }
00682
00683
00684 test_pointer = databases->inbound_spd.table + 0 ;
00685 status = ipsec_spd_del(test_pointer, &databases->inbound_spd) ;
00686 if(status == IPSEC_STATUS_FAILURE)
00687 {
00688 local_error_count++ ;
00689 IPSEC_LOG_TST("test_spd_del", "FAILURE", ("was not able to remove 2nd SPD entry")) ;
00690 }
00691
00692 if(databases)
00693 ipsec_spd_release_dbs(databases) ;
00694
00695 return local_error_count ;
00696 }
00697
00698
00703 int test_spd_lookup(void)
00704 {
00705 int local_error_count = 0 ;
00706 spd_entry *tmp_entry ;
00707 db_set_netif *databases ;
00708
00709
00710 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00711 memset(outbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00712 memset(inbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00713 memset(outbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00714
00715 memcpy(inbound_spd, inbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00716 memcpy(outbound_spd, outbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00717 memcpy(inbound_sad, inbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00718 memcpy(outbound_sad, outbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00719
00720
00721 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00722 if(databases == NULL)
00723 {
00724 local_error_count++ ;
00725 IPSEC_LOG_TST("test_spd_lookup", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00726 }
00727
00728 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_ftp_1, &databases->inbound_spd) ;
00729 if(tmp_entry != &databases->inbound_spd.table[0])
00730 {
00731 local_error_count++ ;
00732 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for 1st FTP packet failed")) ;
00733 }
00734 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_ftp_2, &databases->inbound_spd) ;
00735 if(tmp_entry != &databases->inbound_spd.table[1])
00736 {
00737 local_error_count++ ;
00738 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for 2nd FTP packet failed")) ;
00739 }
00740 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_rip, &databases->inbound_spd) ;
00741 if(tmp_entry != &databases->inbound_spd.table[2])
00742 {
00743 local_error_count++ ;
00744 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for RIP packet failed")) ;
00745 }
00746 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_ah, &databases->inbound_spd) ;
00747 if(tmp_entry != &databases->inbound_spd.table[3])
00748 {
00749 local_error_count++ ;
00750 ipsec_print_ip((ipsec_ip_header*)ip_ah) ;
00751 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for AH packet failed")) ;
00752 }
00753 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_esp, &databases->inbound_spd) ;
00754 if(tmp_entry != &databases->inbound_spd.table[4])
00755 {
00756 local_error_count++ ;
00757 ipsec_print_ip((ipsec_ip_header*)ip_esp) ;
00758 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for ESP packet failed")) ;
00759 }
00760 tmp_entry = ipsec_spd_lookup((ipsec_ip_header*)ip_def, &databases->inbound_spd) ;
00761 if(tmp_entry != &databases->inbound_spd.table[5])
00762 {
00763 local_error_count++ ;
00764 IPSEC_LOG_TST("test_spd_lookup", "FALIURE", ("SPD lookup for default packet failed")) ;
00765 }
00766
00767 if(databases)
00768 ipsec_spd_release_dbs(databases) ;
00769
00770 return local_error_count ;
00771 }
00772
00777 int test_sad_lookup(void)
00778 {
00779 int local_error_count = 0 ;
00780
00781 db_set_netif *databases ;
00782
00783
00784 memset(inbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00785 memset(outbound_spd, 0, IPSEC_MAX_SPD_ENTRIES) ;
00786 memset(inbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00787 memset(outbound_sad, 0, IPSEC_MAX_SAD_ENTRIES) ;
00788
00789 memcpy(inbound_spd, inbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00790 memcpy(outbound_spd, outbound_spd_test, IPSEC_MAX_SPD_ENTRIES*sizeof(spd_entry)) ;
00791 memcpy(inbound_sad, inbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00792 memcpy(outbound_sad, outbound_sad_test, IPSEC_MAX_SAD_ENTRIES*sizeof(sad_entry)) ;
00793
00794
00795 databases = ipsec_spd_load_dbs(inbound_spd, outbound_spd, inbound_sad, outbound_sad) ;
00796 if(databases == NULL)
00797 {
00798 local_error_count++ ;
00799 IPSEC_LOG_TST("test_sad_lookup", "FAILURE", ("spd_inbound: unable to initialize the databases")) ;
00800 }
00801
00802 if (ipsec_sad_lookup(ipsec_inet_addr("192.168.1.1"), IPSEC_PROTO_ESP, IPSEC_HTONL(0x1001), &databases->inbound_sad) != &databases->inbound_sad.table[0])
00803 {
00804 local_error_count++ ;
00805 IPSEC_LOG_TST("test_sad_lookup", "FAILURE", ("1st SA lookup falied")) ;
00806 }
00807
00808 if (ipsec_sad_lookup(ipsec_inet_addr("192.168.1.2"), IPSEC_PROTO_AH, IPSEC_HTONL(0x1002), &databases->inbound_sad) != &databases->inbound_sad.table[1])
00809 {
00810 local_error_count++ ;
00811 IPSEC_LOG_TST("test_sad_lookup", "FAILURE", ("2nd SA lookup falied")) ;
00812 }
00813
00814 if (ipsec_sad_lookup(ipsec_inet_addr("192.168.1.1"), IPSEC_PROTO_ESP, IPSEC_HTONL(0x1002), &databases->inbound_sad) != NULL)
00815 {
00816 local_error_count++ ;
00817 IPSEC_LOG_TST("test_sad_lookup", "FAILURE", ("3rd SA lookup found an SA but there was no one!")) ;
00818 }
00819
00820 if (ipsec_sad_lookup(ipsec_inet_addr("192.168.1.1"), IPSEC_PROTO_AH, IPSEC_HTONL(0x1001), &databases->inbound_sad) != NULL)
00821 {
00822 local_error_count++ ;
00823 IPSEC_LOG_TST("test_sad_lookup", "FAILURE", ("4th SA lookup found an SA but there was no one!")) ;
00824 }
00825
00826 if(databases)
00827 ipsec_spd_release_dbs(databases) ;
00828
00829 return local_error_count ;
00830 }
00831
00836 int test_sad_get_spi(void)
00837 {
00838 int local_error_count = 0 ;
00839 __u32 spi ;
00840
00841 spi = ipsec_sad_get_spi((ipsec_ip_header*)esp_hdr) ;
00842 if(spi != ipsec_htonl(0x1006))
00843 {
00844 local_error_count++ ;
00845 IPSEC_LOG_TST("test_sad_get_spi", "FAILURE", ("unable to get SPI from ESP packet")) ;
00846 }
00847
00848 spi = ipsec_sad_get_spi((ipsec_ip_header*)ah_hdr) ;
00849 if(spi != ipsec_htonl(0x1009))
00850 {
00851 local_error_count++ ;
00852 IPSEC_LOG_TST("test_sad_get_spi", "FAILURE", ("unable to get SPI from ESP packet")) ;
00853 }
00854
00855 return local_error_count ;
00856 }
00857
00858
00859 int test_spd_flush(void)
00860 {
00861 return IPSEC_STATUS_NOT_IMPLEMENTED ;
00862 }
00863
00864
00865 int test_sad_flush(void)
00866 {
00867 return IPSEC_STATUS_NOT_IMPLEMENTED ;
00868 }
00869
00870
00871 int test_sad_add(void)
00872 {
00873 return IPSEC_STATUS_NOT_IMPLEMENTED ;
00874 }
00875
00876
00877 int test_sad_del(void)
00878 {
00879 return IPSEC_STATUS_NOT_IMPLEMENTED ;
00880 }
00881
00882
00887 void sa_test(test_result *global_results)
00888 {
00889 test_result sub_results = {
00890 47,
00891 10,
00892 0,
00893 0,
00894 };
00895
00896 int retcode;
00897
00898 retcode = test_spd_init() ;
00899 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_spd_init()", (" "));
00900
00901 retcode = test_spd_get_free() ;
00902 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_spd_free()", (" "));
00903
00904 retcode = test_spd_add() ;
00905 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_spd_add()", (" "));
00906
00907 retcode = test_spd_del() ;
00908 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_spd_del()", (" "));
00909
00910 retcode = test_sad_add() ;
00911 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_sad_add()", (" "));
00912
00913 retcode = test_sad_del() ;
00914 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_sad_del()", (" "));
00915
00916 retcode = test_sad_lookup() ;
00917 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_sad_lookup()", (" "));
00918
00919 retcode = test_sad_get_spi() ;
00920 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_sad_get_spi()", (" "));
00921
00922 retcode = test_spd_flush() ;
00923 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_spd_flush()", (" "));
00924
00925 retcode = test_sad_flush() ;
00926 IPSEC_TESTING_EVALUATE(retcode, sub_results, "sa_test_sad_flush()", (" "));
00927
00928 global_results->tests += sub_results.tests;
00929 global_results->functions += sub_results.functions;
00930 global_results->errors += sub_results.errors;
00931 global_results->notimplemented += sub_results.notimplemented;
00932 }
00933
00934