testing: Changed gcrypt-ikev1 scenarios to swanctl
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 8 May 2016 13:16:24 +0000 (15:16 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 15 May 2016 17:02:57 +0000 (19:02 +0200)
20 files changed:
testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat
testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
testing/tests/gcrypt-ikev1/alg-serpent/test.conf
testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat
testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
testing/tests/gcrypt-ikev1/alg-twofish/test.conf

index db5a762..a1bd245 100644 (file)
@@ -1,12 +1,6 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=SERPENT_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 carol::ip xfrm state::enc cbc(serpent)::YES
 moon:: ip xfrm state::enc cbc(serpent)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index ce9e54f..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=serpent256-sha512-modp4096!
-       esp=serpent256-sha512!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       auto=add
index 1dcaed4..10c0ac6 100644 (file)
@@ -1,8 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-  send_vendor_id = yes
+  load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
 
-  dh_exponent_ansi_x9_42 = no
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+  send_vendor_id = yes
 }
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..f26335c
--- /dev/null
@@ -0,0 +1,26 @@
+connections {
+
+   home {
+      local_addrs  = 192.168.0.100
+      remote_addrs = 192.168.0.1 
+
+      local {
+         auth = pubkey
+         certs = carolCert.pem
+         id = carol@strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = moon.strongswan.org 
+      }
+      children {
+         home {
+            remote_ts = 10.1.0.0/16 
+
+            esp_proposals = serpent256-sha512 
+         }
+      }
+      version = 1 
+      proposals = serpent256-sha512-modp4096 
+   }
+}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 46dc368..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=serpent256-sha512-modp4096!
-       esp=serpent256-sha512!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       right=%any
-       rightid=carol@strongswan.org
-       auto=add
index 1dcaed4..6c49b5e 100644 (file)
@@ -1,8 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-  send_vendor_id = yes
+  load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
 
-  dh_exponent_ansi_x9_42 = no
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds
+    conns = /usr/local/sbin/swanctl --load-conns
+  }
+  send_vendor_id = yes
 }
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..92b4786
--- /dev/null
@@ -0,0 +1,24 @@
+connections {
+
+   rw {
+      local_addrs  = 192.168.0.1
+
+      local {
+         auth = pubkey
+         certs = moonCert.pem
+         id = moon.strongswan.org
+      }
+      remote {
+         auth = pubkey
+      }
+      children {
+         net {
+            local_ts  = 10.1.0.0/16 
+
+            esp_proposals = serpent256-sha512 
+         }
+      }
+      version = 1 
+      proposals = serpent256-sha512-modp4096 
+   }
+}
index c6d6235..6387dff 100644 (file)
@@ -1,2 +1,2 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::service charon stop
+carol::service charon stop
index d7f7959..0f615f4 100644 (file)
@@ -1,5 +1,5 @@
-moon::ipsec start
-carol::ipsec start
-moon::expect-connection rw
-carol::expect-connection home
-carol::ipsec up home
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+moon::expect-connection rw 
+carol::expect-connection home 
+carol::swanctl --initiate --child home 2> /dev/null
index d7b7142..307c7e9 100644 (file)
@@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon"
 #
 IPSECHOSTS="moon carol"
 
+# charon controlled by swanctl
+#
+SWANCTL=1
index ac3b5e0..d190db0 100644 (file)
@@ -1,12 +1,6 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
-carol::ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=TWOFISH_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 carol::ip xfrm state::enc cbc(twofish)::YES
 moon:: ip xfrm state::enc cbc(twofish)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index fe1a78d..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=twofish256-sha512-modp4096!
-       esp=twofish256-sha512!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       auto=add
index 1dcaed4..10c0ac6 100644 (file)
@@ -1,8 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-  send_vendor_id = yes
+  load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
 
-  dh_exponent_ansi_x9_42 = no
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+  send_vendor_id = yes
 }
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..b6ca9f1
--- /dev/null
@@ -0,0 +1,26 @@
+connections {
+
+   home {
+      local_addrs  = 192.168.0.100
+      remote_addrs = 192.168.0.1 
+
+      local {
+         auth = pubkey
+         certs = carolCert.pem
+         id = carol@strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = moon.strongswan.org 
+      }
+      children {
+         home {
+            remote_ts = 10.1.0.0/16 
+
+            esp_proposals = twofish256-sha512 
+         }
+      }
+      version = 1 
+      proposals = twofish256-sha512-modp4096 
+   }
+}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index b4391cd..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=twofish256-sha512-modp4096!
-       esp=twofish256-sha512!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       right=%any
-       rightid=carol@strongswan.org
-       auto=add
index 1dcaed4..6c49b5e 100644 (file)
@@ -1,8 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-  send_vendor_id = yes
+  load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
 
-  dh_exponent_ansi_x9_42 = no
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds
+    conns = /usr/local/sbin/swanctl --load-conns
+  }
+  send_vendor_id = yes
 }
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..3339fff
--- /dev/null
@@ -0,0 +1,24 @@
+connections {
+
+   rw {
+      local_addrs  = 192.168.0.1
+
+      local {
+         auth = pubkey
+         certs = moonCert.pem
+         id = moon.strongswan.org
+      }
+      remote {
+         auth = pubkey
+      }
+      children {
+         net {
+            local_ts  = 10.1.0.0/16 
+
+            esp_proposals = twofish256-sha512 
+         }
+      }
+      version = 1 
+      proposals = twofish256-sha512-modp4096 
+   }
+}
index c6d6235..6387dff 100644 (file)
@@ -1,2 +1,2 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::service charon stop
+carol::service charon stop
index d7f7959..0f615f4 100644 (file)
@@ -1,5 +1,5 @@
-moon::ipsec start
-carol::ipsec start
-moon::expect-connection rw
-carol::expect-connection home
-carol::ipsec up home
+moon::service charon start 2> /dev/null
+carol::service charon start 2> /dev/null
+moon::expect-connection rw 
+carol::expect-connection home 
+carol::swanctl --initiate --child home 2> /dev/null
index d7b7142..307c7e9 100644 (file)
@@ -20,3 +20,6 @@ TCPDUMPHOSTS="moon"
 #
 IPSECHOSTS="moon carol"
 
+# charon controlled by swanctl
+#
+SWANCTL=1