summaryrefslogtreecommitdiff
path: root/tests/unit_tests/openvpn/test_tls_crypt.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2017-06-22 13:16:46 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2017-06-22 13:16:46 +0200
commit766cdd4b4d1fcb31addf6727dbcfd3d99e390456 (patch)
tree76932876ae57f139fa1b3f82b375e4e526b507d7 /tests/unit_tests/openvpn/test_tls_crypt.c
parentd73f7253d939e293abf9e27b4b7f37df1ec12a39 (diff)
parent9683f890944ffb114f5f8214f694e0b339cf5a5a (diff)
Merge tag 'upstream/2.4.3'
Upstream version 2.4.3
Diffstat (limited to 'tests/unit_tests/openvpn/test_tls_crypt.c')
-rw-r--r--tests/unit_tests/openvpn/test_tls_crypt.c46
1 files changed, 38 insertions, 8 deletions
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c
index 7b014e0..9b82035 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -16,10 +16,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifdef HAVE_CONFIG_H
@@ -58,11 +57,22 @@ struct test_context {
static int
setup(void **state) {
- struct test_context *ctx = calloc(1, sizeof(*ctx));
+ struct test_context *ctx = calloc(1, sizeof(*ctx));
+ *state = ctx;
ctx->kt.cipher = cipher_kt_get("AES-256-CTR");
- ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher);
ctx->kt.digest = md_kt_get("SHA256");
+ if (!ctx->kt.cipher)
+ {
+ printf("No AES-256-CTR support, skipping test.\n");
+ return 0;
+ }
+ if (!ctx->kt.digest)
+ {
+ printf("No HMAC-SHA256 support, skipping test.\n");
+ return 0;
+ }
+ ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher);
ctx->kt.hmac_length = md_kt_size(ctx->kt.digest);
struct key key = { 0 };
@@ -82,8 +92,6 @@ setup(void **state) {
/* Write dummy opcode and session id */
buf_write(&ctx->ciphertext, "012345678", 1 + 8);
- *state = ctx;
-
return 0;
}
@@ -102,6 +110,14 @@ teardown(void **state) {
return 0;
}
+static void skip_if_tls_crypt_not_supported(struct test_context *ctx)
+{
+ if (!ctx->kt.cipher || !ctx->kt.digest)
+ {
+ skip();
+ }
+}
+
/**
* Check that short messages are successfully wrapped-and-unwrapped.
*/
@@ -109,6 +125,8 @@ static void
tls_crypt_loopback(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
@@ -124,6 +142,8 @@ static void
tls_crypt_loopback_zero_len(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
buf_clear(&ctx->source);
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
@@ -141,6 +161,8 @@ static void
tls_crypt_loopback_max_len(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
buf_clear(&ctx->source);
assert_non_null(buf_write_alloc(&ctx->source,
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead()));
@@ -160,6 +182,8 @@ static void
tls_crypt_fail_msg_too_long(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
buf_clear(&ctx->source);
assert_non_null(buf_write_alloc(&ctx->source,
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1));
@@ -174,6 +198,8 @@ static void
tls_crypt_fail_invalid_key(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
/* Change decrypt key */
struct key key = { { 1 } };
free_key_ctx(&ctx->co.key_ctx_bi.decrypt);
@@ -191,6 +217,8 @@ static void
tls_crypt_fail_replay(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
struct buffer tmp = ctx->ciphertext;
@@ -208,6 +236,8 @@ static void
tls_crypt_ignore_replay(void **state) {
struct test_context *ctx = (struct test_context *) *state;
+ skip_if_tls_crypt_not_supported(ctx);
+
ctx->co.flags |= CO_IGNORE_PACKET_ID;
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));