testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/ipsec.sql

   1 DROP TABLE IF EXISTS identities;
   2 CREATE TABLE identities (
   3   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
   4   type INTEGER NOT NULL,
   5   data BLOB NOT NULL,
   6   UNIQUE (type, data)
   7 );
   8
   9 DROP TABLE IF EXISTS child_configs;
  10 CREATE TABLE child_configs (
  11   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
  12   name TEXT NOT NULL,
  13   lifetime INTEGER NOT NULL DEFAULT '1200',
  14   rekeytime INTEGER NOT NULL DEFAULT '1020',
  15   jitter INTEGER NOT NULL DEFAULT '180',
  16   updown TEXT DEFAULT NULL,
  17   hostaccess INTEGER NOT NULL DEFAULT '0',
  18   mode INTEGER NOT NULL DEFAULT '1',
  19   dpd_action INTEGER NOT NULL DEFAULT '0',
  20   close_action INTEGER NOT NULL DEFAULT '0'
  21 );
  22 DROP INDEX IF EXISTS child_configs_name;
  23 CREATE INDEX child_configs_name ON child_configs (
  24   name
  25 );
  26
  27 DROP TABLE IF EXISTS child_config_traffic_selector;
  28 CREATE TABLE child_config_traffic_selector (
  29   child_cfg INTEGER NOT NULL,
  30   traffic_selector INTEGER NOT NULL,
  31   kind INTEGER NOT NULL
  32 );
  33 DROP INDEX IF EXISTS child_config_traffic_selector;
  34 CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector (
  35   child_cfg, traffic_selector
  36 );
  37
  38 DROP TABLE IF EXISTS ike_configs;
  39 CREATE TABLE ike_configs (
  40   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
  41   certreq INTEGER NOT NULL DEFAULT '1',
  42   force_encap INTEGER NOT NULL DEFAULT '0',
  43   local TEXT NOT NULL,
  44   remote TEXT NOT NULL
  45 );
  46
  47 DROP TABLE IF EXISTS peer_configs;
  48 CREATE TABLE peer_configs (
  49   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
  50   name TEXT NOT NULL,
  51   ike_version INTEGER NOT NULL DEFAULT '2',
  52   ike_cfg INTEGER NOT NULL,
  53   local_id TEXT NOT NULL,
  54   remote_id TEXT NOT NULL,
  55   cert_policy INTEGER NOT NULL DEFAULT '1',
  56   uniqueid INTEGER NOT NULL DEFAULT '0',
  57   auth_method INTEGER NOT NULL DEFAULT '1',
  58   eap_type INTEGER NOT NULL DEFAULT '0',
  59   eap_vendor INTEGER NOT NULL DEFAULT '0',
  60   keyingtries INTEGER NOT NULL DEFAULT '1',
  61   rekeytime INTEGER NOT NULL DEFAULT '0',
  62   reauthtime INTEGER NOT NULL DEFAULT '3600',
  63   jitter INTEGER NOT NULL DEFAULT '180',
  64   overtime INTEGER NOT NULL DEFAULT '300',
  65   mobike INTEGER NOT NULL DEFAULT '1',
  66   dpd_delay INTEGER NOT NULL DEFAULT '120',
  67   virtual TEXT DEFAULT NULL,
  68   pool TEXT DEFAULT NULL,
  69   mediation INTEGER NOT NULL DEFAULT '0',
  70   mediated_by INTEGER NOT NULL DEFAULT '0',
  71   peer_id INTEGER NOT NULL DEFAULT '0'
  72 );
  73 DROP INDEX IF EXISTS peer_configs_name;
  74 CREATE INDEX peer_configs_name ON peer_configs (
  75   name
  76 );
  77
  78 DROP TABLE IF EXISTS peer_config_child_config;
  79 CREATE TABLE peer_config_child_config (
  80   peer_cfg INTEGER NOT NULL,
  81   child_cfg INTEGER NOT NULL,
  82   PRIMARY KEY (peer_cfg, child_cfg)
  83 );
  84
  85 DROP TABLE IF EXISTS traffic_selectors;
  86 CREATE TABLE traffic_selectors (
  87   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
  88   type INTEGER NOT NULL DEFAULT '7',
  89   protocol INTEGER NOT NULL DEFAULT '0',
  90   start_addr BLOB DEFAULT NULL,
  91   end_addr BLOB DEFAULT NULL,
  92   start_port INTEGER NOT NULL DEFAULT '0',
  93   end_port INTEGER NOT NULL DEFAULT '65535'
  94 );
  95
  96 DROP TABLE IF EXISTS certificates;
  97 CREATE TABLE certificates (
  98   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
  99   type INTEGER NOT NULL,
 100   keytype INTEGER NOT NULL,
 101   data BLOB NOT NULL
 102 );
 103
 104 DROP TABLE IF EXISTS certificate_identity;
 105 CREATE TABLE certificate_identity (
 106   certificate INTEGER NOT NULL,
 107   identity INTEGER NOT NULL,
 108   PRIMARY KEY (certificate, identity)
 109 );
 110
 111 DROP TABLE IF EXISTS private_keys;
 112 CREATE TABLE private_keys (
 113   id INTEGER NOT NULL  PRIMARY KEY AUTOINCREMENT,
 114   type INTEGER NOT NULL,
 115   data BLOB NOT NULL
 116 );
 117
 118 DROP TABLE IF EXISTS private_key_identity;
 119 CREATE TABLE private_key_identity (
 120   private_key INTEGER NOT NULL,
 121   identity INTEGER NOT NULL,
 122   PRIMARY KEY (private_key, identity)
 123 );
 124
 125 DROP TABLE IF EXISTS shared_secrets;
 126 CREATE TABLE shared_secrets (
 127   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
 128   type INTEGER NOT NULL,
 129   data BLOB NOT NULL
 130 );
 131
 132 DROP TABLE IF EXISTS shared_secret_identity;
 133 CREATE TABLE shared_secret_identity (
 134   shared_secret INTEGER NOT NULL,
 135   identity INTEGER NOT NULL,
 136   PRIMARY KEY (shared_secret, identity)
 137 );
 138
 139 DROP TABLE IF EXISTS ike_sas;
 140 CREATE TABLE ike_sas (
 141   local_spi BLOB NOT NULL PRIMARY KEY,
 142   remote_spi BLOB NOT NULL,
 143   id INTEGER NOT NULL,
 144   initiator INTEGER NOT NULL,
 145   local_id_type INTEGER NOT NULL,
 146   local_id_data BLOB NOT NULL,
 147   remote_id_type INTEGER NOT NULL,
 148   remote_id_data BLOB NOT NULL,
 149   host_family INTEGER NOT NULL,
 150   local_host_data BLOB NOT NULL,
 151   remote_host_data BLOB NOT NULL,
 152   created INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
 153 );
 154
 155 DROP TABLE IF EXISTS logs;
 156 CREATE TABLE logs (
 157   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
 158   local_spi BLOB NOT NULL,
 159   signal INTEGER NOT NULL,
 160   level INTEGER NOT NULL,
 161   msg TEXT NOT NULL,
 162   time INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
 163 );
 164
 165 /* Identities */
 166
 167 INSERT INTO identities (
 168   type, data
 169 ) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
 170   9, X'3045310B300906035504061302434831193017060355040A13104C696E7578207374726F6E675377616E311B3019060355040313127374726F6E675377616E20526F6F74204341'
 171  );
 172
 173 INSERT INTO identities (
 174   type, data
 175 ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */
 176   202, X'ae096b87b44886d3b820978623dabd0eae22ebbc'
 177  );
 178
 179 INSERT INTO identities (
 180   type, data
 181 ) VALUES ( /* moon.strongswan.org */
 182   2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
 183  );
 184
 185 INSERT INTO identities (
 186   type, data
 187 ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
 188   202, X'd70dbd46d5133519064f12f100525ead0802ca95'
 189  );
 190
 191 INSERT INTO identities (
 192   type, data
 193 ) VALUES ( /* %any */
 194   0, '%any'
 195 );
 196
 197 INSERT INTO identities (
 198   type, data
 199 ) VALUES ( /* carol@strongswan.org */
 200   3, X'6361726f6c407374726f6e677377616e2e6f7267'
 201  );
 202
 203 INSERT INTO identities (
 204   type, data
 205 ) VALUES ( /* dave@strongswan.org */
 206   3, X'64617665407374726f6e677377616e2e6f7267'
 207  );
 208
 209 /* Certificates */
 210
 211 INSERT INTO certificates (
 212    type, keytype, data
 213 ) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
 214   1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f62ea3d566e58b3c87a49caf3ac61cfa96377734d842db3f8fd6ea023f7b0132e66265012317386729c6d7c427a8d9f167be138e8ebae2b12b95933baef36a315c3ddf224cee4bb9bd578135d0467382629621ff96b8d45f6e002e5083662dce181805c140b3f2ce93f83aee3c861cff610a39f0189cb3a3c7cb9bf7e2a09544e2170efaa18fdd4ff20fa94be176d7fecff821f68d17152041d9b46f0cfcfc1e4cf43de5d3f3a587763afe9267f53b11699b3264fc55c5189f5682871166cb98307950569641fa30ffb50de134fed2f973cef1a392827862bc4ddaa97bbb01442e293c41070d07224d4be47ae2753eb2bed4bc1da91c68ec780c4620f0f0203010001a381af3081ac300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e041604145da7dd700651327ee7b66db3b5e5e060ea2e4def306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100300d06092a864886f70d010104050003820101009ad74e3e60592dfb9b21c78628bd76b63090c1720c74bf94753cad6fddadc9c776eb39d3bfaa52136bf528840078386308fcf79503bd3d1ad6c15ac38e10c846bff7888a03cfe7fa0e644b522b2af5aedf0bbc508dc48330a180757772771095059b2be148f58dc0c753b59e9d6bfb02e9b685a928a284531b187313fd2b835bc9ea27d0020739a8d485e88bdede9a45cde6d28ed553b0e8e92dabf877bed59abf9d151f15e4f2d00b5e6e49fcb665293d2296697926c2954dae367542ef6e98053e76d2728732f6ce69f284f0b856aa6c2823a9ee29b280a66f50828f9b5cf27f84feca3c31c24897db156c7a833768ab306f51286457a51f09dd53bbb4190f'
 215 );
 216
 217 INSERT INTO certificates (
 218    type, keytype, data
 219 ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
 220   1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729'
 221 );
 222
 223 INSERT INTO certificate_identity (
 224   certificate, identity
 225 ) VALUES (
 226   1, 1
 227 );
 228
 229 INSERT INTO certificate_identity (
 230   certificate, identity
 231 ) VALUES (
 232   1, 2
 233 );
 234
 235 INSERT INTO certificate_identity (
 236   certificate, identity
 237 ) VALUES (
 238   2, 3
 239 );
 240
 241 INSERT INTO certificate_identity (
 242   certificate, identity
 243 ) VALUES (
 244   2, 4
 245 );
 246
 247 /* Private Keys */
 248
 249 INSERT INTO private_keys (
 250    type, data
 251 ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
 252   1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8'
 253 );
 254
 255 INSERT INTO private_key_identity (
 256   private_key, identity
 257 ) VALUES (
 258   1, 3
 259 );
 260
 261 INSERT INTO private_key_identity (
 262   private_key, identity
 263 ) VALUES (
 264   1, 4
 265 );
 266
 267 /* Shared Secrets */
 268
 269 INSERT INTO shared_secrets (
 270    type, data
 271 ) VALUES (
 272   1, X'16964066a10de938bdb2ab7864fe4459cab1'
 273 );
 274
 275 INSERT INTO shared_secrets (
 276    type, data
 277 ) VALUES (
 278   1, X'8d5cce342174da772c8224a59885deaa118d'
 279 );
 280
 281 INSERT INTO shared_secret_identity (
 282   shared_secret, identity
 283 ) VALUES (
 284   1, 3
 285 );
 286
 287 INSERT INTO shared_secret_identity (
 288   shared_secret, identity
 289 ) VALUES (
 290   1, 6
 291 );
 292
 293 INSERT INTO shared_secret_identity (
 294   shared_secret, identity
 295 ) VALUES (
 296   2, 3
 297 );
 298
 299 INSERT INTO shared_secret_identity (
 300   shared_secret, identity
 301 ) VALUES (
 302   2, 7
 303 );
 304
 305
 306 /* Configurations */
 307
 308 INSERT INTO ike_configs (
 309   local, remote, certreq
 310 ) VALUES (
 311   'PH_IP_MOON', '0.0.0.0', 0
 312 );
 313
 314 INSERT INTO peer_configs (
 315   name, ike_cfg, local_id, remote_id
 316 ) VALUES (
 317   'rw', 1, 3, 5
 318 );
 319
 320 INSERT INTO child_configs (
 321   name, updown
 322 ) VALUES (
 323   'rw', 'ipsec _updown iptables'
 324 );
 325
 326 INSERT INTO peer_config_child_config (
 327   peer_cfg, child_cfg
 328 ) VALUES (
 329   1, 1
 330 );
 331
 332 INSERT INTO traffic_selectors (
 333   type, start_addr, end_addr
 334 ) VALUES ( /* 10.1.0.0/16 */
 335   7, X'0a010000', X'0a01ffff'
 336 );
 337
 338 INSERT INTO traffic_selectors (
 339   type
 340 ) VALUES ( /* dynamic/32 */
 341   7
 342 );
 343
 344 INSERT INTO child_config_traffic_selector (
 345   child_cfg, traffic_selector, kind
 346 ) VALUES (
 347   1, 1, 0
 348 );
 349
 350 INSERT INTO child_config_traffic_selector (
 351         child_cfg, traffic_selector, kind
 352 ) VALUES (
 353   1, 2, 3
 354 );
 355