From fcca5b5cafde278e1c9ddfde399eb9e8de2c866e Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 9 Dec 2009 15:45:45 +0100 Subject: adapted gcrypt-ikev1 alg scenarios --- testing/tests/gcrypt-ikev1/alg-serpent/description.txt | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat | 9 +++++---- .../tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/description.txt | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat | 9 +++++---- .../tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 2 +- 10 files changed, 18 insertions(+), 16 deletions(-) (limited to 'testing') diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt index 604fb45df..982efa5ea 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -SERPENT_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +SERPENT_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat index 2be8f675f..d9964314b 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(serpent)::YES moon::ip xfrm state::enc cbc(serpent)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf index b050f022a..0848c3696 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf index 75830f043..05edfc7d0 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt index b65ea7b8d..f3fc61fe6 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -TWOFISH_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +TWOFISH_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat index 34c9d1c65..c69355b81 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(twofish)::YES moon::ip xfrm state::enc cbc(twofish)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf index 71ed47519..838291f80 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf index ba739f887..c2ef12853 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes -- cgit v1.2.3