diff options
Diffstat (limited to 'tests/unit_tests/openvpn/test_tls_crypt.c')
| -rw-r--r-- | tests/unit_tests/openvpn/test_tls_crypt.c | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index 7b014e0..9b82035 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -16,10 +16,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifdef HAVE_CONFIG_H @@ -58,11 +57,22 @@ struct test_context { static int setup(void **state) { - struct test_context *ctx = calloc(1, sizeof(*ctx)); + struct test_context *ctx = calloc(1, sizeof(*ctx)); + *state = ctx; ctx->kt.cipher = cipher_kt_get("AES-256-CTR"); - ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); ctx->kt.digest = md_kt_get("SHA256"); + if (!ctx->kt.cipher) + { + printf("No AES-256-CTR support, skipping test.\n"); + return 0; + } + if (!ctx->kt.digest) + { + printf("No HMAC-SHA256 support, skipping test.\n"); + return 0; + } + ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); ctx->kt.hmac_length = md_kt_size(ctx->kt.digest); struct key key = { 0 }; @@ -82,8 +92,6 @@ setup(void **state) { /* Write dummy opcode and session id */ buf_write(&ctx->ciphertext, "012345678", 1 + 8); - *state = ctx; - return 0; } @@ -102,6 +110,14 @@ teardown(void **state) { return 0; } +static void skip_if_tls_crypt_not_supported(struct test_context *ctx) +{ + if (!ctx->kt.cipher || !ctx->kt.digest) + { + skip(); + } +} + /** * Check that short messages are successfully wrapped-and-unwrapped. */ @@ -109,6 +125,8 @@ static void tls_crypt_loopback(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co)); @@ -124,6 +142,8 @@ static void tls_crypt_loopback_zero_len(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); @@ -141,6 +161,8 @@ static void tls_crypt_loopback_max_len(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead())); @@ -160,6 +182,8 @@ static void tls_crypt_fail_msg_too_long(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1)); @@ -174,6 +198,8 @@ static void tls_crypt_fail_invalid_key(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + /* Change decrypt key */ struct key key = { { 1 } }; free_key_ctx(&ctx->co.key_ctx_bi.decrypt); @@ -191,6 +217,8 @@ static void tls_crypt_fail_replay(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); struct buffer tmp = ctx->ciphertext; @@ -208,6 +236,8 @@ static void tls_crypt_ignore_replay(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + ctx->co.flags |= CO_IGNORE_PACKET_ID; assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |