diff options
| author | Reto Buerki <reet@codelabs.ch> | 2013-01-22 20:52:55 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:50 +0100 |
| commit | 117375ed00f67e86e759bd79de027d91e386e2b3 (patch) | |
| tree | 270e676ff2795374681ef662fcc8e371077d39fa /testing | |
| parent | 7b702150a091605dc3473f9d36ef05a22e6fcde7 (diff) | |
| download | strongswan-117375ed00f67e86e759bd79de027d91e386e2b3.tar.bz2 strongswan-117375ed00f67e86e759bd79de027d91e386e2b3.tar.xz | |
Add initial TKM integration test
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
Diffstat (limited to 'testing')
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/description.txt | 3 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/evaltest.dat | 12 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der | bin | 0 -> 1191 bytes | |||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/strongswanCert.der | bin | 0 -> 956 bytes | |||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf | 21 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/hosts/sun/etc/ipsec.conf | 20 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf | 5 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/posttest.dat | 4 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/pretest.dat | 10 | ||||
| -rw-r--r-- | testing/tests/tkm/host2host-initiator/test.conf | 21 |
10 files changed, 96 insertions, 0 deletions
diff --git a/testing/tests/tkm/host2host-initiator/description.txt b/testing/tests/tkm/host2host-initiator/description.txt new file mode 100644 index 000000000..467693b1e --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/description.txt @@ -0,0 +1,3 @@ +A connection between the hosts <b>moon</b> and <b>sun</b> is set up. The host +<b>moon</b> uses the Trusted Key Manager (TKM) and is the initiator of the +transport connection. The authentication is based on X.509 certificates. diff --git a/testing/tests/tkm/host2host-initiator/evaltest.dat b/testing/tests/tkm/host2host-initiator/evaltest.dat new file mode 100644 index 000000000..d8d44dff6 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/evaltest.dat @@ -0,0 +1,12 @@ +moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES +sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES +moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.2 \]::YES +moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES +moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES +moon::cat /tmp/tkm.log::Adding SA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 30, hard 60 \]::YES diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der Binary files differnew file mode 100644 index 000000000..97f0963f8 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/strongswanCert.der b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/strongswanCert.der Binary files differnew file mode 100644 index 000000000..a5a631f4b --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/strongswanCert.der diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf new file mode 100644 index 000000000..2619c0089 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf @@ -0,0 +1,21 @@ +<tkmconfig> + <local_identity id="1"> + <identity>moon.strongswan.org</identity> + <certificate>moonCert.pem</certificate> + </local_identity> + <policy id="1"> + <mode>transport</mode> + <local> + <identity_id>1</identity_id> + <ip>192.168.0.1</ip> + </local> + <remote> + <identity>sun.strongswan.org</identity> + <ip>192.168.0.2</ip> + </remote> + <lifetime> + <soft>30</soft> + <hard>60</hard> + </lifetime> + </policy> +</tkmconfig> diff --git a/testing/tests/tkm/host2host-initiator/hosts/sun/etc/ipsec.conf b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..4ad0aa7db --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/ipsec.conf @@ -0,0 +1,20 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn host-host + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=sun.strongswan.org + right=PH_IP_MOON + rightid=moon.strongswan.org + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + auto=add diff --git a/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..dc937641c --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/tkm/host2host-initiator/posttest.dat b/testing/tests/tkm/host2host-initiator/posttest.dat new file mode 100644 index 000000000..34037bc23 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/posttest.dat @@ -0,0 +1,4 @@ +moon::DAEMON_NAME=charon-tkm ipsec stop +moon::killall tkm_keymanager +moon::rm -f /tmp/tkm.rpc.ike /tmp/tkm.rpc.ees /tmp/tkm.log +sun::ipsec stop diff --git a/testing/tests/tkm/host2host-initiator/pretest.dat b/testing/tests/tkm/host2host-initiator/pretest.dat new file mode 100644 index 000000000..7cb90ac26 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/pretest.dat @@ -0,0 +1,10 @@ +moon::rm /etc/ipsec.secrets +moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd +moon::cat /etc/ipsec.conf +moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 & +moon::expect-file /tmp/tkm.rpc.ike +moon::DAEMON_NAME=charon-tkm ipsec start +sun::ipsec start +sun::expect-connection host-host +moon::DAEMON_NAME=charon-tkm expect-connection conn1 +moon::DAEMON_NAME=charon-tkm ipsec up conn1 diff --git a/testing/tests/tkm/host2host-initiator/test.conf b/testing/tests/tkm/host2host-initiator/test.conf new file mode 100644 index 000000000..9647dc6a2 --- /dev/null +++ b/testing/tests/tkm/host2host-initiator/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon winnetou sun" + +# Corresponding block diagram +# +DIAGRAM="m-w-s.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" |