added the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Oct 2008 03:37:40 +0000 (03:37 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Oct 2008 03:37:40 +0000 (03:37 -0000)
34 files changed:
testing/tests/sql/rw-rsa-keyid/description.txt [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/evaltest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/posttest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/pretest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa-keyid/test.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa/description.txt [new file with mode: 0644]
testing/tests/sql/rw-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/sql/rw-rsa/posttest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa/pretest.dat [new file with mode: 0644]
testing/tests/sql/rw-rsa/test.conf [new file with mode: 0644]

diff --git a/testing/tests/sql/rw-rsa-keyid/description.txt b/testing/tests/sql/rw-rsa-keyid/description.txt
new file mode 100644 (file)
index 0000000..9d59ad6
--- /dev/null
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>raw RSA public keys</b>
+and <b>ID_KEY_ID</b> identities.
+Upon the successful establishment of the IPsec tunnels, automatically inserted
+iptables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/sql/rw-rsa-keyid/evaltest.dat b/testing/tests/sql/rw-rsa-keyid/evaltest.dat
new file mode 100644 (file)
index 0000000..ff52c91
--- /dev/null
@@ -0,0 +1,11 @@
+moon::ipsec statusall::rw.*ESTABLISHED.*d7:0d:.*:ca:95.*98:5c:.*:d4:82::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*d7:0d:.*:ca:95.*f6:51:.*:ea:25::YES
+carol::ipsec statusall::home.*ESTABLISHED.*98:5c:.*:d4:82.*d7:0d:.*:ca:95::YES
+dave::ipsec statusall::home.*ESTABLISHED.*f6:51:.*:ea:25.*d7:0d:.*:ca:95::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..bdb9635
--- /dev/null
@@ -0,0 +1,134 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* carol@strongswan.org */
+  3, X'6361726f6c407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of carol@strongswan.org */
+  11, X'985c23660cd9b9a7554da6a4aa31ea02230fd482'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  11, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+/* Certificates */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* carol@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 4
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of carol@strongswan.org' */
+  1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 3
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_CAROL', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'home', 1, 3, 4
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.secrets b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..fc7af4d
--- /dev/null
@@ -0,0 +1,133 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* dave@strongswan.org */
+  3, X'64617665407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of dave@strongswan.org */
+  11, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  11, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+/* Certificates */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* dave@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+$INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 4
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of dave@strongswan.org */
+  1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 3
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_DAVE', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'home', 1, 3, 4
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.secrets b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..bb82bda
--- /dev/null
@@ -0,0 +1,170 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* carol@strongswan.org */
+  3, X'6361726f6c407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* dave@strongswan.org */
+  3, X'64617665407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* %any */
+  0, '%any'
+);
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  11, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of carol@strongswan.org */
+  11, X'985c23660cd9b9a7554da6a4aa31ea02230fd482'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of dave@strongswan.org */
+  11, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25'
+ );
+
+/* Raw RSA public keys */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* carol@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* dave@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 5
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 6
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  3, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  3, 7
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of CN=moon.strongswan.org' */
+  1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 5
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_MOON', '0.0.0.0'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'rw', 1, 5, 4
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'rw', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 0
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 3
+);
+
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.secrets b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa-keyid/posttest.dat b/testing/tests/sql/rw-rsa-keyid/posttest.dat
new file mode 100644 (file)
index 0000000..b10aeb3
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.db
+carol::rm /etc/ipsec.d/ipsec.db
+dave::rm /etc/ipsec.d/ipsec.db
+~
diff --git a/testing/tests/sql/rw-rsa-keyid/pretest.dat b/testing/tests/sql/rw-rsa-keyid/pretest.dat
new file mode 100644 (file)
index 0000000..76316f3
--- /dev/null
@@ -0,0 +1,18 @@
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/sql/rw-rsa-keyid/test.conf b/testing/tests/sql/rw-rsa-keyid/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/sql/rw-rsa/description.txt b/testing/tests/sql/rw-rsa/description.txt
new file mode 100644 (file)
index 0000000..51f22ad
--- /dev/null
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>raw RSA public keys</b>
+with <b>ID_RFC822_ADDR</b> and <b>ID_FQDN</b> identities for the roadwarriors and
+gateway, respectively.
+Upon the successful establishment of the IPsec tunnels, automatically inserted
+iptables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/sql/rw-rsa/evaltest.dat b/testing/tests/sql/rw-rsa/evaltest.dat
new file mode 100644 (file)
index 0000000..cc565fb
--- /dev/null
@@ -0,0 +1,11 @@
+moon::ipsec statusall::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave::ipsec statusall::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..7c7e5e0
--- /dev/null
@@ -0,0 +1,134 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* carol@strongswan.org */
+  3, X'6361726f6c407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of carol@strongswan.org */
+  202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  202, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+/* Certificates */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* carol@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 4
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of carol@strongswan.org' */
+  1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 3
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_CAROL', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'home', 1, 1, 2 
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..9e7d6d5
--- /dev/null
@@ -0,0 +1,133 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* dave@strongswan.org */
+  3, X'64617665407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of dave@strongswan.org */
+  202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  202, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+/* Certificates */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* dave@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+$INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 4
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of dave@strongswan.org */
+  1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 3
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_DAVE', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'home', 1, 1, 2 
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..3bc2962
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql
new file mode 100644 (file)
index 0000000..95dbc6e
--- /dev/null
@@ -0,0 +1,170 @@
+/* Identities */
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* moon.strongswan.org */
+  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* carol@strongswan.org */
+  3, X'6361726f6c407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* dave@strongswan.org */
+  3, X'64617665407374726f6e677377616e2e6f7267'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* %any */
+  0, '%any'
+);
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of moon.strongswan.org */
+  202, X'd70dbd46d5133519064f12f100525ead0802ca95'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of carol@strongswan.org */
+  202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482'
+ );
+
+INSERT INTO identities (
+  type, data
+) VALUES ( /* keyid of dave@strongswan.org */
+  202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25'
+ );
+
+/* Raw RSA public keys */
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* moon.strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* carol@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001'
+);
+
+INSERT INTO certificates (
+   type, keytype, data
+) VALUES ( /* dave@strongswan.org */
+  6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001'
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  1, 5
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 2
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  2, 6
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  3, 3
+);
+
+INSERT INTO certificate_identity (
+  certificate, identity
+) VALUES (
+  3, 7
+);
+
+/* Private Keys */
+
+INSERT INTO private_keys (
+   type, data
+) VALUES ( /* key of CN=moon.strongswan.org' */
+  1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8'
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 1
+);
+
+INSERT INTO private_key_identity (
+  private_key, identity
+) VALUES (
+  1, 5
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+  local, remote
+) VALUES (
+  'PH_IP_MOON', '0.0.0.0'
+);
+
+INSERT INTO peer_configs (
+  name, ike_cfg, local_id, remote_id
+) VALUES (
+  'rw', 1, 1, 4
+);
+
+INSERT INTO child_configs (
+  name, updown
+) VALUES (
+  'rw', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+  peer_cfg, child_cfg
+) VALUES (
+  1, 1
+);
+
+INSERT INTO traffic_selectors (
+  type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+  7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+  type
+) VALUES ( /* dynamic/32 */
+  7
+);
+
+INSERT INTO child_config_traffic_selector (
+  child_cfg, traffic_selector, kind
+) VALUES (
+  1, 1, 0
+);
+
+INSERT INTO child_config_traffic_selector (
+       child_cfg, traffic_selector, kind
+) VALUES (
+  1, 2, 3
+);
+
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..76bb21b
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f70c4cb
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql
+}
diff --git a/testing/tests/sql/rw-rsa/posttest.dat b/testing/tests/sql/rw-rsa/posttest.dat
new file mode 100644 (file)
index 0000000..b10aeb3
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.db
+carol::rm /etc/ipsec.d/ipsec.db
+dave::rm /etc/ipsec.d/ipsec.db
+~
diff --git a/testing/tests/sql/rw-rsa/pretest.dat b/testing/tests/sql/rw-rsa/pretest.dat
new file mode 100644 (file)
index 0000000..76316f3
--- /dev/null
@@ -0,0 +1,18 @@
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/sql/rw-rsa/test.conf b/testing/tests/sql/rw-rsa/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"