aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests
Commit message (Collapse)AuthorAgeFilesLines
* imv-os: Updated security update evaluationAndreas Steffen2017-09-013-3/+3
|
* imv-attestation: Fixed file hash measurementsAndreas Steffen2017-09-015-12/+12
| | | | | | The introduction of file versions broke file hash measurements. This has been fixed by using a generic product versions having an empty package name.
* testing: Move collector.db in tnc/tnccs-20-ev-pt-tls scenario to /etc/db.dTobias Brunner2017-08-073-2/+3
| | | | | Also move initialization to the pretest script (it's way faster in the in-memory database).
* charon-tkm: Call esa_reset() when the inbound SA is deletedTobias Brunner2017-08-076-7/+19
| | | | | | | | | After a rekeying the outbound SA and policy is deleted immediately, however, the inbound SA is not removed until a few seconds later, so delayed packets can still be processed. This adds a flag to get_esa_id() that specifies the location of the given SPI.
* testing: Add tkm/xfrmproxy-rekey scenarioTobias Brunner2017-08-0711-0/+119
| | | | | Similar to the xfrmproxy-expire scenario but here the TKM host is the responder to a rekeying.
* testing: Add pfkey/net2net-rekey scenarioTobias Brunner2017-08-079-0/+117
|
* testing: Add ikev2/net2net-rekey scenarioTobias Brunner2017-08-079-0/+115
|
* testing: Added tnc/tnccs-20-ev-pt-tls scenarioAndreas Steffen2017-08-0431-0/+484
|
* testing: Fixed the path of pt-tls-clientAndreas Steffen2017-07-183-5/+5
|
* testing: Added tnc/tnccs-20-nea-pt-tls scenarioAndreas Steffen2017-07-0829-0/+455
|
* testing: Adaptation to ISO 19770-2:2015 SWID standardAndreas Steffen2017-07-081-1/+1
|
* testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenarioAndreas Steffen2017-07-081-1/+1
|
* testing: Added swanctl/rw-eap-md5-id-rsa scenarioAndreas Steffen2017-05-269-0/+160
|
* testing: Fix ikev2/two-certs scenarioTobias Brunner2017-05-261-1/+1
| | | | | | | Since 6a8a44be88b0 the certificate received by the client is verified first, before checking the cached certificates for any with matching identities. So we usually don't have to attempt to verify the signature with wrong certificates first and can avoid this message.
* testing: Created swanctl/rw-eap-aka-sql-rsa scenarioAndreas Steffen2017-04-2613-0/+187
|
* testing: Created ikev2/rw-eap-aka-sql-rsa scenarioAndreas Steffen2017-04-2614-0/+162
| | | | This test scenario tests the eap-simaka-sql plugin.
* testing: List BLIS certs in swanctl/rw-newhope-bliss scenarioAndreas Steffen2017-03-273-3/+3
|
* testing: Updated OCSP certificate for carolAndreas Steffen2017-03-218-444/+168
|
* Allow x25519 as an alias of the curve25519 KE algorithmAndreas Steffen2017-03-2083-171/+171
|
* testing: Fix ALLOWED_HOSTS in strongTNC settings.iniTobias Brunner2017-02-162-2/+2
|
* testing: Fix swanctl/ocsp-disabled scenario after changing the log messagesTobias Brunner2017-02-161-2/+2
|
* testing: Added swanctl/ocsp-disabled scenarioAndreas Steffen2017-01-0211-0/+264
|
* testing: Added swanctl/ocsp-signer-cert scenarioAndreas Steffen2017-01-0211-0/+257
|
* testing: Convert swanctl scenarios to curve-25519Andreas Steffen2016-12-3055-101/+101
|
* testing: strongTNC does not come with django.db any moreAndreas Steffen2016-12-172-2/+2
|
* testing: Added ikev2/net2net-ed25519 scenarioAndreas Steffen2016-12-1717-0/+173
|
* Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificatesAndreas Steffen2016-12-1415-0/+218
|
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14819-1071/+1049
|
* testing: Renewed expired certificatesAndreas Steffen2016-10-186-132/+132
|
* Save both base and delta CRLs to diskAndreas Steffen2016-10-115-9/+58
|
* vici: strongswan.conf cache_crls = yes saves fetched CRLs to diskAndreas Steffen2016-10-1113-2/+124
|
* testing: Remove ikev2/default-keys scenarioTobias Brunner2016-10-0510-156/+0
| | | | No default keys are generated anymore.
* testing: Enable outbound FWD policies in swanctl/manual-prio scenarioTobias Brunner2016-09-281-5/+6
|
* testing: Added swanctl/net2net-multicast scenarioAndreas Steffen2016-09-279-0/+166
|
* testing: Added ikev2/net2net-multicast scenarioAndreas Steffen2016-09-279-0/+125
|
* testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa ↵Andreas Steffen2016-09-2235-0/+803
| | | | scenarios
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-222-4/+4
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2129-29/+30
|
* testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenarioTobias Brunner2016-09-203-3/+3
| | | | | The soup plugin is already used in the openssl-ikev2/rw-suite-b* scenarios.
* testing: Virtual IPs went missingAndreas Steffen2016-08-165-15/+17
|
* testing: Added swanctl/rw-newhope-bliss scenarioAndreas Steffen2016-08-1020-0/+212
|
* testing: Add chapoly, ntru and newhope plugins to crypto and integrity testsAndreas Steffen2016-08-103-3/+3
|
* testing: Added ikev2/rw-newhope-bliss scenarioAndreas Steffen2016-08-1023-0/+193
|
* testing: Add ikev1/net2net-esn scenarioTobias Brunner2016-06-299-0/+117
|
* testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tlsTobias Brunner2016-06-211-1/+1
| | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then.
* testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-172-3/+1
| | | | | | | | | | aacf84d837e7 ("testing: Add expect-connection calls for all tests and hosts") removed the expect-connection call for the non-existing aaa connection. However, because the credentials were loaded asynchronously via start-script the clients might have been connecting when the secrets were not yet loaded. As `swanctl --load-creds` is a synchronous call this change avoids that issue without having to add a sleep or failing expect-connection call.
* testing: Use TLS 1.2 in RADIUS test casesTobias Brunner2016-06-172-0/+6
| | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
* testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-171-2/+2
|
* testing: Add expect-connection calls for all tests and hostsTobias Brunner2016-06-16184-11/+236
| | | | There are some exceptions (e.g. those that use auto=start or p2pnat).
* testing: Update test scenarios for Debian jessieTobias Brunner2016-06-16289-576/+576
| | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.