added pfkey/alg-sha384 and pfkey/alg-sha512 scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 9 Dec 2009 16:25:12 +0000 (17:25 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 9 Dec 2009 16:25:12 +0000 (17:25 +0100)
18 files changed:
testing/tests/pfkey/alg-sha384/description.txt [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/evaltest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/posttest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/pretest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha384/test.conf [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/description.txt [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/evaltest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/posttest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/pretest.dat [new file with mode: 0644]
testing/tests/pfkey/alg-sha512/test.conf [new file with mode: 0644]

diff --git a/testing/tests/pfkey/alg-sha384/description.txt b/testing/tests/pfkey/alg-sha384/description.txt
new file mode 100644 (file)
index 0000000..2255fe8
--- /dev/null
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat
new file mode 100644 (file)
index 0000000..31bb64c
--- /dev/null
@@ -0,0 +1,11 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon::ip xfrm state::auth hmac(sha384)::YES
+carol::ip xfrm state::auth hmac(sha384)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..d38b7df
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=yes
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes192-sha384-modp3072!
+       esp=aes192-sha384-modp3072!
+
+conn home
+       left=PH_IP_CAROL
+       leftfirewall=yes
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add 
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0768c2b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ea84cd8
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=yes
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes192-sha384-modp3072!
+       esp=aes192-sha384-modp3072!
+
+conn rw
+       left=PH_IP_MOON
+       leftfirewall=yes
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       right=%any
+       auto=add
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0768c2b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
diff --git a/testing/tests/pfkey/alg-sha384/posttest.dat b/testing/tests/pfkey/alg-sha384/posttest.dat
new file mode 100644 (file)
index 0000000..94a4006
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/pfkey/alg-sha384/pretest.dat b/testing/tests/pfkey/alg-sha384/pretest.dat
new file mode 100644 (file)
index 0000000..f360351
--- /dev/null
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/pfkey/alg-sha384/test.conf b/testing/tests/pfkey/alg-sha384/test.conf
new file mode 100644 (file)
index 0000000..acb73b0
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/pfkey/alg-sha512/description.txt b/testing/tests/pfkey/alg-sha512/description.txt
new file mode 100644 (file)
index 0000000..bf79a3b
--- /dev/null
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_256 / HMAC_SHA2_512_256</b> by defining <b>esp=aes256-sha512-modp4096!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat
new file mode 100644 (file)
index 0000000..e0f5fb7
--- /dev/null
@@ -0,0 +1,11 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon::ip xfrm state::auth hmac(sha512)::YES
+carol::ip xfrm state::auth hmac(sha512)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..583522d
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=yes
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256-sha512-modp4096!
+       esp=aes256-sha512-modp4096!
+
+conn home
+       left=PH_IP_CAROL
+       leftfirewall=yes
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add 
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0768c2b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..40fec93
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=yes
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256-sha512-modp4096!
+       esp=aes256-sha512-modp4096!
+
+conn rw
+       left=PH_IP_MOON
+       leftfirewall=yes
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       right=%any
+       auto=add
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0768c2b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
diff --git a/testing/tests/pfkey/alg-sha512/posttest.dat b/testing/tests/pfkey/alg-sha512/posttest.dat
new file mode 100644 (file)
index 0000000..94a4006
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/pfkey/alg-sha512/pretest.dat b/testing/tests/pfkey/alg-sha512/pretest.dat
new file mode 100644 (file)
index 0000000..f360351
--- /dev/null
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/pfkey/alg-sha512/test.conf b/testing/tests/pfkey/alg-sha512/test.conf
new file mode 100644 (file)
index 0000000..acb73b0
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"