added
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 21 Feb 2007 13:05:53 +0000 (13:05 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 21 Feb 2007 13:05:53 +0000 (13:05 -0000)
24 files changed:
testing/tests/ikev1/ike-alg-sha2_384/description.txt [new file with mode: 0644]
testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1/ike-alg-sha2_384/posttest.dat [new file with mode: 0644]
testing/tests/ikev1/ike-alg-sha2_384/pretest.dat [new file with mode: 0644]
testing/tests/ikev1/ike-alg-sha2_384/test.conf [new file with mode: 0644]
testing/tests/ikev1/strong-certs/description.txt [new file with mode: 0644]
testing/tests/ikev1/strong-certs/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem [new file with mode: 0644]
testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/strong-certs/posttest.dat [new file with mode: 0644]
testing/tests/ikev1/strong-certs/pretest.dat [new file with mode: 0644]
testing/tests/ikev1/strong-certs/test.conf [new file with mode: 0644]

diff --git a/testing/tests/ikev1/ike-alg-sha2_384/description.txt b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
new file mode 100644 (file)
index 0000000..a347a3f
--- /dev/null
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
+<b>AES_CBC_192-SHA2_384-MODP4096</b> for the IKE protocol and
+<b>AES_192-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
new file mode 100644 (file)
index 0000000..31959f5
--- /dev/null
@@ -0,0 +1,8 @@
+carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
+carol::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
+moon::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..2bf2f87
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control crypt"
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       ike=aes192-sha2_384-modp4096!
+       esp=aes192-sha2_256!
+conn home
+       left=PH_IP_CAROL
+       leftnexthop=%direct
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..5baf8f1
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control crypt"
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       leftnexthop=%direct
+       ike=aes192-sha2_384-modp4096!
+       esp=aes192-sha2_256!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       right=%any
+       rightid=carol@strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/posttest.dat b/testing/tests/ikev1/ike-alg-sha2_384/posttest.dat
new file mode 100644 (file)
index 0000000..c6d6235
--- /dev/null
@@ -0,0 +1,2 @@
+moon::ipsec stop
+carol::ipsec stop
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/pretest.dat b/testing/tests/ikev1/ike-alg-sha2_384/pretest.dat
new file mode 100644 (file)
index 0000000..7d077c1
--- /dev/null
@@ -0,0 +1,5 @@
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+carol::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/test.conf b/testing/tests/ikev1/ike-alg-sha2_384/test.conf
new file mode 100644 (file)
index 0000000..a6c8f02
--- /dev/null
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
+
diff --git a/testing/tests/ikev1/strong-certs/description.txt b/testing/tests/ikev1/strong-certs/description.txt
new file mode 100644 (file)
index 0000000..22b5866
--- /dev/null
@@ -0,0 +1,6 @@
+This is a remote-access scenario with two roadwarriors <b>carol</b> and <b>dave</b>
+setting up a connection each to the VPN gateway <b>moon</b>. Authentication is
+based on strong X.509 certificates with SHA-2 signatures.
+The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-256</b> hash in
+its signature whereas the certificates of the roadwarriors <b>carol</b>
+and <b>dave</b> use <b>SHA-384</b> and <b>SHA-512</b>, respectively.
diff --git a/testing/tests/ikev1/strong-certs/evaltest.dat b/testing/tests/ikev1/strong-certs/evaltest.dat
new file mode 100644 (file)
index 0000000..2fe4de7
--- /dev/null
@@ -0,0 +1,10 @@
+carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..81d1ae8
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       strictcrlpolicy=no
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+
+conn home
+       left=PH_IP_CAROL
+       leftnexthop=%direct
+       leftcert=carolCert-sha384.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
new file mode 100644 (file)
index 0000000..d4b5323
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAwmgAwIBAgIBETANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEyMTI1MFoXDTExMTAwNzEyMTI1MFowWTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z
+ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAtCwjB6Yni4jSTbPJ4GX0kM06nr2tDBdU0PH6dZra
+IXNaNiBthBNPNDeCYAQDG/ouwuywAJ6L2Lt0GYEhJSwfXMm87fYSG8qRP+C/nlKz
+3fCfsuZ8yOAo5NAp2kgvbFVdB5cMeOtid21UqUvDxkncjFRDgpERtrjSthalUFYu
+ObIcSMPdlcDho73jzq6zVK5XDJ4l1LHUQLbS4SzyrphCYKekTIoDy3YwRUys6Pdm
+4QlFBIXuBwOYHjclvVu0HQVNSM4nWAJd+204KUm/+8neO0kn1Yakv9yoa47o3KGP
+3XjtmcgY9SqBbuF+8yDcZQ7+5zUBjc0J+d8txdPoIjLi7wIDAQABo4IBBjCCAQIw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFIUlEfDm3V0eDmRrpIvj
+4FiPpGlpMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS
+c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3
+YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAL5ZmFmy8lW4Vdwq
+hWB6qTtLLa1wwCvTXwbV9V+F8dK39AvHj6CHFqTiFhAbGIq/Ryt9cg2XGy1TDjVj
+hQEua7mjp8XH2j2NLY2SiFTMjchbHmMylFk2FrHy2ZnmlRCiH83TAw+EnUWsQKj+
+gL+7Of9SpiaaIblrl+aCiBVktRuXcFSaxjYWTVXOeTCwnxQdF2SNtUKDoCuVPk1J
+XCrs86mj575xL/FGjyN4SVbjTEZ4lm1emxrf/RblZOhCKp7mUic8KyP0kf7o6X8E
+MXXjq9fDQVrSDG/q62uhZu7CyInnBpWnoUKiMImSxRn/cs0r7RUspC5DtJyhE33Y
+DW2BzIc=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644 (file)
index 0000000..f719e44
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtCwjB6Yni4jSTbPJ4GX0kM06nr2tDBdU0PH6dZraIXNaNiBt
+hBNPNDeCYAQDG/ouwuywAJ6L2Lt0GYEhJSwfXMm87fYSG8qRP+C/nlKz3fCfsuZ8
+yOAo5NAp2kgvbFVdB5cMeOtid21UqUvDxkncjFRDgpERtrjSthalUFYuObIcSMPd
+lcDho73jzq6zVK5XDJ4l1LHUQLbS4SzyrphCYKekTIoDy3YwRUys6Pdm4QlFBIXu
+BwOYHjclvVu0HQVNSM4nWAJd+204KUm/+8neO0kn1Yakv9yoa47o3KGP3XjtmcgY
+9SqBbuF+8yDcZQ7+5zUBjc0J+d8txdPoIjLi7wIDAQABAoIBAGmMhcUAYKBMui8N
+CVHtSJXftNyz74Fq1aRGbdyhp/H6urmEy8OY8Eh90GHhV9T2/pfwwrbKKtEAF+at
+EDbPn1vjT0v0YO1pAShzyK2+c2KsiVHr1uRy9WH+VNZsfWOwqnw8z/CyrI+cPAGl
+wf4S3SJUZuxBgigSJFbJ83SZ2CCxrF3xyGyHxqiFWp0QMV2FPR3zedmwQiZTJft5
+fu3K5n8xlhHoiS32fuM57eNKKxt0v50JcobpT4uXBqPCrffOlORnjISRoWt/coSy
+pmj1GFyRaaM5StvaEcowdZejIeVInhM+T1WEQ6mxog/JkzBPBStuSdCKxccqiTRs
+ZO4i8xkCgYEA2KBVcgot6LB/UmYkXF2roaag/PYL7V0wdcF3BMJ2rwdT67fIaKm3
+aroxZpVauRLknH8epFpPpxbbLdyBjkNCuwB4NMKGwTZLzN+mFsQKLtFAxz959pPx
+df5G30CmU09pJ+99C1m3AF295tOd4LTsw6OjyqUJpwl0y10EBg/FwN0CgYEA1OuY
+jU8s029Hv6/2HB22rw5UN4Lj/ori/6SGZ5pHAdQVCooVaEd7HRgzPQKXGGMeNAxH
+7oCVJWz16+XHDzyRVnjErn9Ux1mr/axiAiFC5MeNIHT1EZ8/NUCZJ14PANWobJpt
+ft55BiNd92ygzVVsJgDzuWF87MILhk9AA7buMDsCgYBrPm0uyQVTZlWSOIkVxTXc
+EH8w3Kqo93KvSXkfvRo+qpUMZG7uCd+JEea1D4nbiBPvuis0WJWIdhNKUBk/keLu
+a1wXWpqV+shqA+rY6HLWHLhCLBW4UiO/M4RosDvnkK/RmonAXcjwgHgsV2WYwllY
+vaGwCCaQMGlG6KS+T36qbQKBgELciNc3Gbh7pWhIdVx26DsooMGd1MLGEmp828gE
+5m9ojgL1QauxZrPIOa7a9V+vIHjvslbvAebyxHcDfPMH7gvdeMXjLlg7jIroaw6I
+K110XJjooVybSVoLowx9uPBmJ7GS/PduHUsUKBneftB8Fq4IdoCsYHJorP3MPSnt
+c/apAoGANwqIIdgf+Lu17kDO0svQDzuZR5cRCmGZ8BpC+SpT49VpRaitYNqbSgVy
+kOzXK1ZrO7nPnGkOQQjcaZZjKrUaMFMECFhNTwAv1RQZgkYDA8yAIC0MyACrwiGp
+5fg/ZwLjlOuiJZ3sEUwRsrp72DwXE3x6X0+bJOr+KlPEq200E84=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..fac55d6
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..468be8a
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       strictcrlpolicy=no
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+
+conn home
+       left=PH_IP_DAVE
+       leftnexthop=%direct
+       leftcert=daveCert-sha512.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
new file mode 100644 (file)
index 0000000..73088cd
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIBEjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEyMjExMloXDTExMTAwNzEyMjExMlowWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01
+MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDL4+PsltDM0QCCS08tkefhll5Q0nb2VEdRZotBIdt6
+XEY1kmDlw0yQOp0XUznnIhcrxXpKeWpLqJdbo56jSxMaUB3Mod1u+aKvVhCgkOT8
+uQa7gIdcNMuXnfnch7yYYS6YxVfzdr/qXBxmVYNbR9sXy48vAD6glZLEVjDITHJO
+a6tEVSrAOMyeuA9XTYJiGw5loj63YbUr6Ikp6W9SncPCtfX6G2Amk38MTuITu93W
+Pd/bGB06ra6gmMQGAhXuGs14n3QZfQz9PWTp9TPsQNqQZdEjQyNdfeAKtPuz5jnO
+cnZuhvVR0q4sxWuy64vkyZ57luTZAXyxdInBeBOp7sC3AgMBAAGjggEFMIIBATAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0wvMMeoe59mocM/RiYnD
+iw9NUm0wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu
+Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQC/uKe2O9elbSFgpKP5
+7ZjJrCkYu493iH/PDm5G4D76q6WkRvZDqTgGDSIrXrt1xRLIsVJES+HERxfED0DB
+yXNe22p1jR8iZdCesZxmEsKYyLh9XmeixKCfnLvStWCVs0+vqwhJlIkyEAveZ4HR
+Yq121khdmCDDUugpjEl/nU7CLvCRVgFrlhDm1QLs2rYqxwQrJ2SH4/1W0YRdkY2R
+vKZ2ngjLBNjBfXWNXSOpEAG367nVam5lFAepUC0wZTshyCUXt1NzClTnxWABm6M6
+x2Qwg4D6Qt5iXSjR8+DGVh+LaBL/alQi1YYcjkxufdFHnko294c0HsZcTZ3KRghk
+ue1F
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
new file mode 100644 (file)
index 0000000..a4a8a4f
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAy+Pj7JbQzNEAgktPLZHn4ZZeUNJ29lRHUWaLQSHbelxGNZJg
+5cNMkDqdF1M55yIXK8V6SnlqS6iXW6Oeo0sTGlAdzKHdbvmir1YQoJDk/LkGu4CH
+XDTLl5353Ie8mGEumMVX83a/6lwcZlWDW0fbF8uPLwA+oJWSxFYwyExyTmurRFUq
+wDjMnrgPV02CYhsOZaI+t2G1K+iJKelvUp3DwrX1+htgJpN/DE7iE7vd1j3f2xgd
+Oq2uoJjEBgIV7hrNeJ90GX0M/T1k6fUz7EDakGXRI0MjXX3gCrT7s+Y5znJ2bob1
+UdKuLMVrsuuL5Mmee5bk2QF8sXSJwXgTqe7AtwIDAQABAoIBAH9mxAoW5xvEUTQZ
+SL1p2WH9qquIB2u+l93GXKdzN4iK1hgtgjyvv0y0Q2rKx3iktaPVPqgAnCnwi7to
+Tv0sMSCVBTnTvuDUPhKfjb43K8668vkAxBQarUjtHq7tZiw1NX+ieGWaQyt3KQvM
+zUqhaMbCnJK67Wc8bzwdu1e9ZQOYZlRWke4G8OU3GFkG5XsOPnoQySWAlhB6VEjv
+qUZ6BS8SYTy0Rdzyjc35a3cvtDUqs0MOFVJ+gW44bje2B9X+59Wc8m1PJUf9P5+4
+HyNJl3BYfMUobfDuoSKBtcJtudGClUpBSCvBV34X3cYS//jNTuQxfZVc1HJym94C
+uHj63wECgYEA/7ZyDDGap7dZahmhsU1a7H69zSrhwZDj9SozSnbWHfpml2yleLYO
+fh94Jf8iL8yA4taS7JlB0YCuvvBsvXez2aD2Alh5rYqKYA/TROEXz+MLr4fqwi/X
+ZvG1O5oM1/rJPQ06TKzEsYyAUKY3vInivrzUKIv0UP9D9HdkFWAvTYECgYEAzB6J
+0Rrn15LFGhpzC3m2QH6EjWpoD8FMgGyV9E86d/v8kwBGvxRL8uma/mqP2A3okfuw
+8ONP2HgXM7mUkr5wN9XbSuTRRUkDBsV9+tmR4pzMhKfiXZTekPIfaXTA60Fp9Ip8
+ddojWjs9P57ayxL6YVU/Y6uAON9Jbi7jH5DmGjcCgYEAjSjYGGchqsgKMgnoOoor
+UTY97I5phYNIc8RSAB9N38qk655sUhCeO31/w+nto1lPJOmyva10qgRRctIiFQ2J
+WPAEHhNdSDGcZZ8Wz4U6seXyQ3nSXFQwooF3vGk0Ad5NTMiKkF0nT6PyCZNYXVn4
+s7Zln+RygGwJxWBK/YnVUwECgYARgPzohZokDl4AowwCi+lpFnBfgCR0VWsuCCHD
+1Zd5+o3qPTfT4vWwWwADmTfEm0y6WA8QWS3brlCvCtcGznXpE9m+TmjzvBMaXY00
+Gbw85p1TMuJijAWaAGlZLb3tbqqbYdTSdmZZsoLKFeFFUNdPyXOqJGbWea9eV376
+kf5peQKBgF5S8s7A73IqmvUcfGLdg91ff4PGkDhDjNt+hzACX9pk0LQiCBSM28Tm
+bYwKy3P/Id7lfkPqe/lyTxBMVThBMIgW676g1yNKz21l2L5qakZQvunfqNfaV3iP
+Y0i+BmuXM/SjEP+agX9hVyUZfqxITqUUgHA7GIP1O4/LJAZCbd/X
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..9031f32
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..434ca5e
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control"
+       strictcrlpolicy=no
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+
+conn rw
+       left=PH_IP_MOON
+       leftnexthop=%direct
+       leftcert=moonCert-sha256.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem
new file mode 100644 (file)
index 0000000..307f495
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA2MTAwODEwNTgxMVoXDTExMTAwNzEwNTgxMVowWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y
+NTYxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDzXHm8D8sY1lmX7o1KK0jt/M+UzAI2Ifpx7nAqoviH
+XQIPe56BOAm4zHhEIlojEMFd1nncplXvDDGjuV/2F0KK1bFxbNtom88Ix1jrRWtk
+FLopYwj3ERC2970OhNO3nuPLrnEAzj6k3XPGMTA3drGnpRf162f7mHAdmYIRXtWm
+mfaecs4wGFs8BFGdeDfo6SPhQXZSBwZqjzQxvk1PA7E1qifgR5IGNZkNQRQ9IZD0
+86xzjmZgg5DaJcQKw45elpiVKQN6OkdWTngR3uUBfseWNeRGP5UxCUbDnPijWUbA
+6ZAdEfFXLgSpSoXHLNttvGg+SWm0kgKTpHYWYhvpflKNAgMBAAGjggEFMIIBATAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0gL3aEo/H8c/Ld/GkBTb
+W9Ma+nUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu
+Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCItzRn3TNWUzczBd8z
+MtdPEsRl5Oi4fV3UecQxhjxAmJDLsEZT5I4uNa1XoLkJm6jVdSL7k+bjzjmpNJ1H
+uL49cqia2yTdGP4IU0K8dTGaflg3ccaLLGGXTWU/NtgdI1o6yuZTwb6a9ZL7wWZT
+x21BAsvyPTzCpUS1yCK4bFeYOxOYDphUGcwb0JTuRxx2/710b+p64BYiCfVkQJxT
+eF1ZtjSW6nJgzMRg5n2zNpdrdXMMCPI6Nl7V6wxbs3Cphmz5qx3lijwi7nZt+jE5
+qK5gphph1MkKIhnA7MF66KEcx5Rknao68yLBBDIA/AISZ3bCIj8R1SGgl/tMYfep
+sbRF
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644 (file)
index 0000000..58ddc15
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA81x5vA/LGNZZl+6NSitI7fzPlMwCNiH6ce5wKqL4h10CD3ue
+gTgJuMx4RCJaIxDBXdZ53KZV7wwxo7lf9hdCitWxcWzbaJvPCMdY60VrZBS6KWMI
+9xEQtve9DoTTt57jy65xAM4+pN1zxjEwN3axp6UX9etn+5hwHZmCEV7Vppn2nnLO
+MBhbPARRnXg36Okj4UF2UgcGao80Mb5NTwOxNaon4EeSBjWZDUEUPSGQ9POsc45m
+YIOQ2iXECsOOXpaYlSkDejpHVk54Ed7lAX7HljXkRj+VMQlGw5z4o1lGwOmQHRHx
+Vy4EqUqFxyzbbbxoPklptJICk6R2FmIb6X5SjQIDAQABAoIBAFl1Rf6eo57mtJqI
+A4IfNTjetQPSloGFrgWRi8PwkoFX7Dj6zUJc8h3vc8pAAnhfYWV4QOWec3pjNiAk
+NaVF2Z0lfoveYy0qEUn91a7untJ0WBZ8pEAGEunfWazroNQf4UbvQfT028xI55UU
+YdARnq6snok01s2CtLv8wPZXsRwDRzs3FGg+S9ZCyYJ/NdRVn9JdjJLqi79mqGqM
+il2bia6xmS7C/FVbHo3qS1G3WTXuwN6wLRihAzAzgvByeRnj1P3XuBU5xdAUwulm
+6/LAcdZ/teWhR0z/NGAkCJ5NZa9u6u0OAyc6HSrPG6sGo8fQjXNWUIMwP2ucpg8q
+Cvxt0GECgYEA/xfPo9d3cAFCnrBkefamtOU2jOOJeFVoapYQpEpOR0soTKx1BqUz
+MWoqDuwjQTutwmfOlsDCL7T7QCQwAOQ4jwNdxwTm1EysNojVTkwoFJBicmvjrjof
+MYyXv6EuDJnSDSmeTLuiDL91VoYgE1IeJjrunDLTCEFYBObI/LOjCmUCgYEA9Dn8
+a5wm15t4pSFJl81vLfY8lz4FtCWYygqmafh1HEb8UOAFZAEtCe7ulb1E4ce/IaNt
+/YALjbMFT5D0jhRwmljBLHzJh3v9H0jl/0vudXxrzS7bqfHnbB0enJWsZBCfDBA6
+hiZd645F4gJyWcI/MQXP199w+UgV/v80XGyFUQkCgYBejo/8VrFCRmVQd2g3QXOY
+GGL5JJrfjSEwaUHv9E9B5B0jFsYmWXQ5e/XtJCEJXDrTljEg9oDEuFxt8TwOCIri
+kEfhrvJ1fZpUeLJA3L/6p26mpVF3UrofXtMdSHzOVPJkyKmSHfc6rHmtQfh/0O+2
+EiBCrCBHrhkXcAjOizQDdQKBgQDNb9l9S6UAyK77eLzHDO/w4aimMG3r05Rqn/rM
+OUuJtcyY21itfq+8I1hebQ98POHyEd971jHhyC03eN++hEMUEoSsP2vmo82Qe2m9
+DspP2ZF0z23Hzsy0jOorHVwd8D1ZkG0qWyu18b+nFhfKmTM+sXzcQgBuMM0P6uzI
+siCSwQKBgCOPBbSSXEIMUAKcsJ0p+j2fEy6CKmb/lOu+Aw1uvVNZI+xoOuXTmj9h
+Jf79Lbhj16vmj0BPhRPyVEpgGIbNLiAU8518xGGaNdJgxQONwn9UGSJz4bgsbNBj
+icwIRVYbKF13EKJp50tFpY+4FK2Z6Bg2KXh5RWWQdYcTApWBjyrZ
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e86d6aa
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/ikev1/strong-certs/posttest.dat b/testing/tests/ikev1/strong-certs/posttest.dat
new file mode 100644 (file)
index 0000000..12b540b
--- /dev/null
@@ -0,0 +1,15 @@
+moon::iptables -v -n -L
+carol::iptables -v -n -L
+dave::iptables -v -n -L
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/private/*
+carol::rm /etc/ipsec.d/private/*
+dave::rm /etc/ipsec.d/private/*
+moon::rm /etc/ipsec.d/certs/*
+carol::rm /etc/ipsec.d/certs/*
+dave::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/strong-certs/pretest.dat b/testing/tests/ikev1/strong-certs/pretest.dat
new file mode 100644 (file)
index 0000000..de51ccd
--- /dev/null
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1 
diff --git a/testing/tests/ikev1/strong-certs/test.conf b/testing/tests/ikev1/strong-certs/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"