test-vector support in rw-cert scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 16 Jun 2009 18:53:41 +0000 (20:53 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 16 Jun 2009 18:53:41 +0000 (20:53 +0200)
44 files changed:
testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf
testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf
testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf
testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf
testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf
testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf

diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..304ef99
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  crypto_test {
+    on_add = yes
+  }
+}
index ef63f72..f1dcd52 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 8dcb265..7133aef 100644 (file)
@@ -1,9 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
 }
 
 pluto {
-  load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..304ef99
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..304ef99
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  crypto_test {
+    on_add = yes
+  }
+}
index 40eb84b..de122ac 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 40eb84b..de122ac 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 40eb84b..de122ac 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index ce047eb..16171fe 100755 (executable)
@@ -23,5 +23,4 @@ conn rw-eap
        rightsendcert=never
        rightauth=eap-aka
        eap_identity=%any       
-       right=%any
        auto=add
index 8cffbe3..5f779d1 100755 (executable)
@@ -9,15 +9,16 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_CAROL
        leftnexthop=%direct
        leftid=carol@strongswan.org
+       leftauth=eap
        leftfirewall=yes
        eap_identity=carol
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
+       rightauth=pubkey
        auto=add
index 08b920a..11ff844 100755 (executable)
@@ -12,15 +12,15 @@ conn %default
        keyexchange=ikev2
 
 conn rw-eap
-       authby=rsasig
-       eap=radius
-       eap_identity=%identity
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
+       leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
        rightsendcert=never
+       rightauth=eap-radius
+       eap_identity=%any
        right=%any
        auto=add
index 2af93a3..ba9294f 100755 (executable)
@@ -9,14 +9,15 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_CAROL
        leftnexthop=%direct
        leftid=carol@strongswan.org
+       leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
+       rightauth=pubkey
        auto=add
index 8259942..4a885ba 100755 (executable)
@@ -12,14 +12,14 @@ conn %default
        keyexchange=ikev2
 
 conn rw-eap
-       authby=rsasig
-       eap=radius
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
+       leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
+       rightauth=eap-radius
        rightsendcert=never
        right=%any
        auto=add
index 2af93a3..ba9294f 100755 (executable)
@@ -9,14 +9,15 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_CAROL
        leftnexthop=%direct
        leftid=carol@strongswan.org
+       leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
+       rightauth=pubkey
        auto=add
index 7777e91..28d52b9 100755 (executable)
@@ -12,14 +12,14 @@ conn %default
        keyexchange=ikev2
 
 conn rw-eap
-       authby=rsasig
-       eap=md5
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
+       leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
+       rightauth=eap-md5
        rightsendcert=never
        right=%any
        auto=add
index 94186cf..d3a99fe 100755 (executable)
@@ -9,15 +9,16 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_CAROL
        leftnexthop=%direct
        leftid=carol@strongswan.org
        leftfirewall=yes
+       leftauth=eap
        eap_identity=228060123456001
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
+       rightauth=pubkey
        auto=add
index 08b920a..a86bb3d 100755 (executable)
@@ -12,15 +12,15 @@ conn %default
        keyexchange=ikev2
 
 conn rw-eap
-       authby=rsasig
-       eap=radius
-       eap_identity=%identity
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
+       leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
+       rightauth=eap-radius
+        eap_identity=%any
        rightsendcert=never
        right=%any
        auto=add
index 2af93a3..ba9294f 100755 (executable)
@@ -9,14 +9,15 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_CAROL
        leftnexthop=%direct
        leftid=carol@strongswan.org
+       leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
+       rightauth=pubkey
        auto=add
index 509deb9..53ecb4d 100755 (executable)
@@ -12,14 +12,14 @@ conn %default
        keyexchange=ikev2
 
 conn rw-eapsim
-       authby=rsasig
-       eap=sim
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
+       leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
+       rightauth=eap-sim
        right=%any
        rightsendcert=never
        auto=add
index ce37764..9836736 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index ffe0cc1..c421161 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index ce37764..9836736 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index 19d6369..6689986 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl 
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index ffe0cc1..c421161 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index 19d6369..6689986 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl 
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index 0736ee6..b0b6ff7 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
-       authby=ecdsasig
 
 conn home
        left=PH_IP_CAROL
index ce37764..9836736 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index adf26f0..23813b2 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
-       authby=ecdsasig
 
 conn home
        left=PH_IP_DAVE
index ffe0cc1..c421161 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index f85d263..f22a4ac 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
-       authby=ecdsasig
 
 conn carol
        also=moon
index ce37764..9836736 100644 (file)
@@ -3,3 +3,9 @@
 pluto {
   load = openssl pubkey random hmac curl
 }
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index 1887f76..e102303 100644 (file)
@@ -1,6 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  dh_exponent_ansi_x9_42 = no
   load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
 }
index 4f6fdc5..c75d6b2 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=ecdsasig
 
 conn home
        left=PH_IP_CAROL
index 3138458..080ce9b 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=ecdsasig
 
 conn home
        left=PH_IP_DAVE
index 892e0c3..c932101 100755 (executable)
@@ -11,7 +11,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=ecdsasig
 
 conn rw
        left=PH_IP_MOON
index e102303..195bcf0 100644 (file)
@@ -1,5 +1,12 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+  load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
 }
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
+}
+
index d46082b..f4b6dfd 100644 (file)
@@ -1,5 +1,12 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
 }
index 1887f76..166e24e 100644 (file)
@@ -1,6 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  dh_exponent_ansi_x9_42 = no
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+  load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index db6fa74..2f3bc44 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index db6fa74..2f3bc44 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index db6fa74..2f3bc44 100644 (file)
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 29e2395..329498d 100644 (file)
@@ -6,5 +6,11 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 29e2395..329498d 100644 (file)
@@ -6,5 +6,11 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }
index 29e2395..329498d 100644 (file)
@@ -6,5 +6,11 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+  crypto_test {
+    on_add = yes
+  }
 }