added scenario
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 9 Oct 2006 08:20:01 +0000 (08:20 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 9 Oct 2006 08:20:01 +0000 (08:20 -0000)
17 files changed:
testing/tests/ikev2/strong-keys-certs/description.txt [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/strong-keys-certs/test.conf [new file with mode: 0644]

diff --git a/testing/tests/ikev2/strong-keys-certs/description.txt b/testing/tests/ikev2/strong-keys-certs/description.txt
new file mode 100644 (file)
index 0000000..9d0ca55
--- /dev/null
@@ -0,0 +1,7 @@
+This scenario is derived from <a href="../rw-cert"><b>ikev2/rw-cert</b></a>.
+The gateway <b>moon</b> uses a 2048 bit RSA private key protected by <b>AES-128</b>
+encryption whereas the roadwarriors <b>carol</b> and <b>dave</b> have an
+<b>AES-192</b> and <b>AES-256</b> envelope, respectively. 
+The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-256</b> hash in
+its signature whereas the certificates of the roadwarriors <b>carol</b>
+and <b>dave</b> use <b>SHA-384</b> and <b>SHA-512</b>, respectively.
diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat
new file mode 100644 (file)
index 0000000..06a0f8c
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..9d2f533
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftnexthop=%direct
+       leftcert=carolCert-sha384.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
new file mode 100644 (file)
index 0000000..d4b5323
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAwmgAwIBAgIBETANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEyMTI1MFoXDTExMTAwNzEyMTI1MFowWTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z
+ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAtCwjB6Yni4jSTbPJ4GX0kM06nr2tDBdU0PH6dZra
+IXNaNiBthBNPNDeCYAQDG/ouwuywAJ6L2Lt0GYEhJSwfXMm87fYSG8qRP+C/nlKz
+3fCfsuZ8yOAo5NAp2kgvbFVdB5cMeOtid21UqUvDxkncjFRDgpERtrjSthalUFYu
+ObIcSMPdlcDho73jzq6zVK5XDJ4l1LHUQLbS4SzyrphCYKekTIoDy3YwRUys6Pdm
+4QlFBIXuBwOYHjclvVu0HQVNSM4nWAJd+204KUm/+8neO0kn1Yakv9yoa47o3KGP
+3XjtmcgY9SqBbuF+8yDcZQ7+5zUBjc0J+d8txdPoIjLi7wIDAQABo4IBBjCCAQIw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFIUlEfDm3V0eDmRrpIvj
+4FiPpGlpMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS
+c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3
+YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAL5ZmFmy8lW4Vdwq
+hWB6qTtLLa1wwCvTXwbV9V+F8dK39AvHj6CHFqTiFhAbGIq/Ryt9cg2XGy1TDjVj
+hQEua7mjp8XH2j2NLY2SiFTMjchbHmMylFk2FrHy2ZnmlRCiH83TAw+EnUWsQKj+
+gL+7Of9SpiaaIblrl+aCiBVktRuXcFSaxjYWTVXOeTCwnxQdF2SNtUKDoCuVPk1J
+XCrs86mj575xL/FGjyN4SVbjTEZ4lm1emxrf/RblZOhCKp7mUic8KyP0kf7o6X8E
+MXXjq9fDQVrSDG/q62uhZu7CyInnBpWnoUKiMImSxRn/cs0r7RUspC5DtJyhE33Y
+DW2BzIc=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem
new file mode 100644 (file)
index 0000000..9797405
--- /dev/null
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,3127472197F76F3E81FF26DCD894FE6F
+
+ixCdabns1DD2EVjOUQYbxes+mSU6WmfUnRPBthTw1K3X7/jYEVRrApZlPoRxfitg
+7aHdqsV70elT48ucP4z410jupq80OI5/3I31zHiqDpmUNXr0ZGs69dC2g01op98Q
+IWfbHygALh0PDjhczHWhDBOx+gJDN58qgMfCI2hUDqpcYD9gvEpkkdM/R3Ggwgiq
+f+HBD4rQHcpvuKCPIOBVAR/4cXE3D8pcls3FJALwNGf03yIm24hEG2mTz5cDIVTw
+m0Bjk5Hbiym4LBreUoVQUF04wDXsuDtz7m1IPkw4GsYpeiomqRyAs7bKUJhbKwaK
+/l2MKoQ06Ofx0kc20CG7/qoboiqUgDEOsNd/qdMVOXcqinONW2v2T8+mEi/iLZDJ
+B6WXoV15PBkHXfaKeA66oFfF8EqggF4gLoPwekz1jvz5hbeTNYCiuFsMV9ntTxoE
+opohFNBvY2ZbJUmmkecgSJcmmByR2cahukh91PjssfZUjMOJjoTpuB3OXF9J6g9U
+RKWYxgcyT1n0e0MbYxe4TXHxxUDa5UBkquELQ2gcmJDO5GFuXF40mcvcz3Bse6I7
+GTRvhSL3hmRvbODE3JVI2dISHJ60Fethjxo5JNmCuBqnSkc2KPvsS7ulqANMnnNE
+5u2g9RMAtYKfkwscLY8zByouCZTS2pAI+LQd/eTm3/TAZWDJx/Z2UA5peFm2At4n
+aerRYP20TeaAI4tcnqsrOpBj0ouphgkGUTGAbBhjR3c2rSoOHxmjQXJOAc59vjgG
+zBl2F9M1xtjuTFZxFLMbnx15W1l5rmhZmSTdDY8C5ePBcjn6umxl6QdwvPjbkMIL
+MoeyM6w1Eqweg+m25CFOCWrFnglZNM6lcsR3X88oz+gzmHOs/VtAQn7vCA2Ukc5m
+RuLro/1juBjMrXd63Mqvxml/0lcSrXH1/ZiTdrdakU5rHNk9554tSL14rBSD86tQ
+u7unnobiXTmE0l/fDVuRYzW/Y8GGEr5S2t7SOuNFnU+tXTdavftJD0D7F8v4/bTf
+ObDe5qJ/7Y7X/8i6L+va1cm5rXNDI1qrBgwmNv7FbY1G0qBIP80ie7FbcsCpXauE
+T5HWTOdJX+xpTVCHXnBriMhlFHXAIKUVdAZqbzgRFWPCOYpzpztgny4l83qP0OLw
+vYxvU7RSGFAamRz05t3vHXy3X8n7JulleE8laBFpwx9Xq/bEAkwwmZq1Y6tbksae
+4G9aJ6Tdr4SA7BsH+FrtLtwFUkzgmKg+MqDGXamFSx0rvhksl3u67tMpGh0Il8KS
+xGfpPXRKaeQwZ18AA1xfPVl01Ajuxhnmmr/ng8WR+DfBpx7uK3lSpUX37Gh06DP5
+Of9oPHpc+Z0Asx/k6XWYGP9G15azUXP5ejebl19QQdZex/wP0MkKNlZ/BH0xJO+a
+FLOkg4OhtTppIA0dOhj/v/WCLC+pdl+78pBOQO7dpuJeYrcVvhiQKMhEJdYiYLXY
+ZcbN+E0Ta8I9fX1D6qgIEhL0NOczEYT9kYYQZJf2LW9k+dxICPV/0hEjaRNyMrei
+C9ZP1k9cEhNMSVRVV2jm2PhOW3nvOFUNkG8OIfFhCri8dXWaGVS/DMb18rpSoB+B
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4c9a601
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey-aes192.pem "ITP/H4lSHqGpUGmCpgNDklbzTNV+swjA"
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..7f650e5
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftnexthop=%direct
+       leftcert=daveCert-sha512.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
new file mode 100644 (file)
index 0000000..73088cd
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIBEjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEyMjExMloXDTExMTAwNzEyMjExMlowWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01
+MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDL4+PsltDM0QCCS08tkefhll5Q0nb2VEdRZotBIdt6
+XEY1kmDlw0yQOp0XUznnIhcrxXpKeWpLqJdbo56jSxMaUB3Mod1u+aKvVhCgkOT8
+uQa7gIdcNMuXnfnch7yYYS6YxVfzdr/qXBxmVYNbR9sXy48vAD6glZLEVjDITHJO
+a6tEVSrAOMyeuA9XTYJiGw5loj63YbUr6Ikp6W9SncPCtfX6G2Amk38MTuITu93W
+Pd/bGB06ra6gmMQGAhXuGs14n3QZfQz9PWTp9TPsQNqQZdEjQyNdfeAKtPuz5jnO
+cnZuhvVR0q4sxWuy64vkyZ57luTZAXyxdInBeBOp7sC3AgMBAAGjggEFMIIBATAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0wvMMeoe59mocM/RiYnD
+iw9NUm0wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu
+Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQC/uKe2O9elbSFgpKP5
+7ZjJrCkYu493iH/PDm5G4D76q6WkRvZDqTgGDSIrXrt1xRLIsVJES+HERxfED0DB
+yXNe22p1jR8iZdCesZxmEsKYyLh9XmeixKCfnLvStWCVs0+vqwhJlIkyEAveZ4HR
+Yq121khdmCDDUugpjEl/nU7CLvCRVgFrlhDm1QLs2rYqxwQrJ2SH4/1W0YRdkY2R
+vKZ2ngjLBNjBfXWNXSOpEAG367nVam5lFAepUC0wZTshyCUXt1NzClTnxWABm6M6
+x2Qwg4D6Qt5iXSjR8+DGVh+LaBL/alQi1YYcjkxufdFHnko294c0HsZcTZ3KRghk
+ue1F
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem
new file mode 100644 (file)
index 0000000..e2a1ccb
--- /dev/null
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,088DA49D259D5876324277FE7C38F22B
+
+fChe2r3NjWQnfK3tFIUHtrnYsU+CzbGKmWE1T8ARaLeVC7XtPN99odBYTBOzJj98
+REHk41NWHlVjcY+2ACedniTsQcvuuN3bMHGvyikQeLmg7tc54pQrc85BHfdGrU49
+5Bzhxn29kqY33Dt2aeAMyP3k/b5HyZlCGuQUJx71uPsaEl1so5QE0aIBLaCutIUz
+zZcAAa6ahFhw2oOcU2kj8ACGzXrJvBhVU97/yZTdfqrTJauoPXL/WQ+ScfMBhQ0x
+vaJbaVy8On1SXTMH2K1ehszjpeFTeRVgndkWuUipwm/xlyzoubs8L4BhJZNzV23r
+04ZGYxwSQ0rZBEt+TqopVpc/iMx/vg33P8PHrI45DeoztvjHpD6Fgj5Yh2kGgU5R
+cKD1ejgX3FMwTSI5xumUi8mQ+N2pUIK9polS146dpQRoM8F9hsXkYoK/l9Em5jJA
+V4vBBbVr6E9G0fVyHboqIzAHgFiC3xnCvVC/Cnyit4zD7D0E86pktR0y4Imtxten
+3WUV4rNAVkLR0D5Hoslk9nsqEaOxDBzUVU/zfG8GXItpWQgug5sb6RjcrK0b4Fit
+iHsEO5qLZ09cM+1hoddgibUQd0G+iZDPfPc++SCdZVjcvdSOOtcUCJwQGjOdGi9U
+I30gjh1Vtql67CnykRmk38duTFFNpL3zLNGfiA+kUeHDr0C4zeD2NsK4v/4nLAO1
+OWSYYFGrhbU5C96q3rgczdh+TurgIhM+ktBUJ/7yYV2eTRlRT35Wk03O7STBLinV
+jaXuDBOKb/NAYgA+xtOeBqd1c4cSdOxJEv80G9hhXxxNgf1W1OHDNY6+qXhnLZJU
+o1kbF6QNI+R+ip8643GwdLEcz5s49V7x53TDcCGnW2TwzVVHvj+63u5RPcfu8b9e
+gz0ey++z6OWvEIt/7NiTzA0dZdmiNLY24uHDHvQ5XmMs4XVM1r5wSFXvs/tDuUpK
+/a9zMbr12RDsObVcXXr07FD5Zyh/y2mBEB7xRFXKk5tt++Hvlzbgqxypgq9t5+m8
+PBddV4GarMuZw8bRjMHJ2CVY1VyRGIx+StsHehVMWdfzZTm/Uizq/yPaxqbQE8wY
+Vcm6wgYRekAga6I9XsHZ0TBfKtfZqXf0kXX0A+ymQYbfyUm2MqWV5avOKtBRIqcW
+B9jCKxah7rjQNlI7vzwZ/whePHU2sL4D23aGGZa373Ql2CmB3AetxYtkRGTSILw9
+aT+ZNgh+BGq6lcdlyks29fFuWRlE+NyJIAwmIVEisZGFijFe5WXBhKWsvEt2JT1v
+3qW9lMimOgpkClroPSdb9gQMt1yXDR6z1ty+B41kgy5qSxUiL8z8EUCWPEBPrz5+
++3KGi1cU5BsfptnkFYCSnVSyRxARh310mruQ2Mb6ipIXX95ejQPSskz5P4u26Olt
+UHyS0lgDc8hZTwJUchE5wqj4bAJs12mKbIbapjYv83OAEW8ybGz8R6QVMp3pAad3
+O2WGef6evGrbGKHI6ACMEHaz8fP8GIMjhbJkPxsXYGRsHbUsqYcSmew3EYW51qSA
+xMhrzZ6e9ow4PYDuNnUc4bFeV0BIVl6kH7KscT1LBtJVJkXDDoddxFiEhcRjOLDr
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..b4b1c62
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey-aes256.pem "MeFnDN7VUbj+qU/bkgRIFvbCketIk2wrrs5Ii8297N2v"
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ac7c2ce
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw
+       left=PH_IP_MOON
+       leftnexthop=%direct
+       leftcert=moonCert-sha256.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem
new file mode 100644 (file)
index 0000000..307f495
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEwNTgxMVoXDTExMTAwNzEwNTgxMVowWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y
+NTYxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDzXHm8D8sY1lmX7o1KK0jt/M+UzAI2Ifpx7nAqoviH
+XQIPe56BOAm4zHhEIlojEMFd1nncplXvDDGjuV/2F0KK1bFxbNtom88Ix1jrRWtk
+FLopYwj3ERC2970OhNO3nuPLrnEAzj6k3XPGMTA3drGnpRf162f7mHAdmYIRXtWm
+mfaecs4wGFs8BFGdeDfo6SPhQXZSBwZqjzQxvk1PA7E1qifgR5IGNZkNQRQ9IZD0
+86xzjmZgg5DaJcQKw45elpiVKQN6OkdWTngR3uUBfseWNeRGP5UxCUbDnPijWUbA
+6ZAdEfFXLgSpSoXHLNttvGg+SWm0kgKTpHYWYhvpflKNAgMBAAGjggEFMIIBATAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0gL3aEo/H8c/Ld/GkBTb
+W9Ma+nUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu
+Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCItzRn3TNWUzczBd8z
+MtdPEsRl5Oi4fV3UecQxhjxAmJDLsEZT5I4uNa1XoLkJm6jVdSL7k+bjzjmpNJ1H
+uL49cqia2yTdGP4IU0K8dTGaflg3ccaLLGGXTWU/NtgdI1o6yuZTwb6a9ZL7wWZT
+x21BAsvyPTzCpUS1yCK4bFeYOxOYDphUGcwb0JTuRxx2/710b+p64BYiCfVkQJxT
+eF1ZtjSW6nJgzMRg5n2zNpdrdXMMCPI6Nl7V6wxbs3Cphmz5qx3lijwi7nZt+jE5
+qK5gphph1MkKIhnA7MF66KEcx5Rknao68yLBBDIA/AISZ3bCIj8R1SGgl/tMYfep
+sbRF
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem
new file mode 100644 (file)
index 0000000..bc9ed38
--- /dev/null
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,381AA672F615E55CD044FB981754FDA6
+
+whvkSUJ2sAIH4EOu8vT9LHcKKKG6W9hl/hO++/awU2AVtHn6mYlkkAqDRJiOZbbT
+vo0ndy+0B0tCoTyKZbiMRNc6bzHPNgS17cVa2wXrzzMo64xRcElzdN14L8UGA7Cc
+Wu3aD0zmzawU9uRZjaQ4qA46FPz/S9/REImZ02QSALIzZJSIIDoUbznBitaHYFve
+eLl7e/0vMS/s03FaRNKrVhids3Z3q7lQoF/z5BzBaKNBaDYDLhMeScjNF6QZnDUe
+k+++/l54pozl+RvQI6RljPhOzutIC5D627zfordITsBRYEhv6KPShy673H4McaRz
+tx2zkflsDyPWDWmRLxA0GfD5jQvbS7aZU1R3iyi/TDXacHXlR92bzVu4AHZClOSn
+fypT1h2YnUQOMMw9XlVKklHCWvgpWbVmjiBbnsIh1WjORLgSielrGP/iXVemgzEI
+kaTErf7B7sx1pIMyQ8IFdniFryUSuGDvOV4Dt/PZhxh2oKIBIaVYwrl3jQvYlyNv
+vpBD6MU2wXU4iP7kt9SN63RjzQoYk7TA7f9JlfXlBrjjwSjPYB1R+MoEfovvEr4j
+PHghYnwtwZ4Ok3kR+zxR/M37iJ252IDkOwTuqEXWQMlOlxIeESlh1OYKVLptZwgB
+0mFzzx4JapkHP34c4ntsFc3AbUh8uSt67zLJ7JDFhSQ6ltNu1/92nOjXh5tzwGvo
+ak5lrUpi2zrgyxSgF7fxOxjXr604f7yxOcoWfXQd354dUXdxrMZigh3ajwsGwXxh
+o5Zv+EVXaIpnHnUYmupJwrKQR1ffdVCPlvys99/BlGnvsBzLx+hmut1pjnFwQCPf
+aj8Z3NhSdWspQiUzWm+DXpqPKt+4CL5mdxcjyye9ATOPf+30iuY25WvwelT4rgGt
+NS0iVMJSHnPVMlcibCwVtCl8hvjzq2TYHGo6cCKDaYJ4+Hy6MjgNrHA011HkJ9iC
+P4Ysyq04/OiFPrl0RS+om29By+4/O+w1t0HpuZIFTm6oRg7zWcXtDWkfrhu9WY7e
+m7FI8O2f3ezPoMbiRJmdEi0RFsgyqkTdQLOUUF1ad5ZHEAVghsgvaPG5aRLhXQin
+gqNvHlDmpekOTDLbEn9cyDf5po45LrUgGOBp6DK+AGb6SymjonNxczlG/eNYHtch
+AXBdz5A/n6uP1DXfmGVyI6kZKU+Fotsly5Iov6SLcEicLcfA2oKHK6AIJL+IWGGL
+kkShWx0Dv/2UbEkKDjFl36Z0oD5wSW6fyYeslD4IFCjXwkdgWd7l4nreisW9YTl/
+PdnVOBq6yQxfK0WlAxfGzAabmknIXkSE/BlTb5y8q92U3tR3YFLFQ1hPaSPIokIu
+Op51DMXOfrbnd1iBrybduktdljoxlcAGmg5Dfz+s9fdkESQfw6oNOP5cHxfctAy9
+k21dKvkI/PqWkgwVv94wX8bWx0LgC0aV3F62qM+Y7/r5N4ZsD76GY7VFIFeSoPKx
+Fn9yZOl8JzszvlWNtG7G6DwBL+ZyHS0rM7UEyTwWp8mLasEO96V6dYxD8LqWNbo4
+hY/6xsZOtNDsPdW/Os7MBD+Wf2fL/gzrD7QJyqcy41K8Oxhn2W+Aso3s9DnJ4eSt
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..9d298e1
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey-aes128.pem "gOQHdrSWeFuiZtYPetWuyzHW"
diff --git a/testing/tests/ikev2/strong-keys-certs/posttest.dat b/testing/tests/ikev2/strong-keys-certs/posttest.dat
new file mode 100644 (file)
index 0000000..5f72643
--- /dev/null
@@ -0,0 +1,12 @@
+moon::iptables -v -n -L
+carol::iptables -v -n -L
+dave::iptables -v -n -L
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/crls/*
+carol::rm /etc/ipsec.d/crls/*
+dave::rm /etc/ipsec.d/crls/*
diff --git a/testing/tests/ikev2/strong-keys-certs/pretest.dat b/testing/tests/ikev2/strong-keys-certs/pretest.dat
new file mode 100644 (file)
index 0000000..d917ec4
--- /dev/null
@@ -0,0 +1,13 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::wget -q http://crl.strongswan.org/strongswan.crl -O /etc/ipsec.d/crls/strongswan.crl
+carol::wget -q http://crl.strongswan.org/strongswan.crl -O /etc/ipsec.d/crls/strongswan.crl
+dave::wget -q http://crl.strongswan.org/strongswan.crl -O /etc/ipsec.d/crls/strongswan.crl
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1 
diff --git a/testing/tests/ikev2/strong-keys-certs/test.conf b/testing/tests/ikev2/strong-keys-certs/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"