From 4f2a0bd8395496669a231e2ecdccbde37870770c Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Sun, 29 Aug 2010 20:39:51 +0200 Subject: [PATCH] replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm --- testing/tests/ikev2/alg-aes-gcm/description.txt | 5 +++++ .../ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/evaltest.dat | 8 +++++--- .../hosts/carol/etc/ipsec.conf | 2 +- .../moon => alg-aes-gcm/hosts/carol}/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.conf | 2 +- .../carol => alg-aes-gcm/hosts/moon}/etc/strongswan.conf | 2 +- .../ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/posttest.dat | 0 .../ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/pretest.dat | 0 .../ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/test.conf | 0 testing/tests/ikev2/esp-alg-aes-gcm/description.txt | 4 ---- 10 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 testing/tests/ikev2/alg-aes-gcm/description.txt rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/evaltest.dat (68%) rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/hosts/carol/etc/ipsec.conf (92%) rename testing/tests/ikev2/{esp-alg-aes-gcm/hosts/moon => alg-aes-gcm/hosts/carol}/etc/strongswan.conf (66%) rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/hosts/moon/etc/ipsec.conf (91%) rename testing/tests/ikev2/{esp-alg-aes-gcm/hosts/carol => alg-aes-gcm/hosts/moon}/etc/strongswan.conf (66%) rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/posttest.dat (100%) rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/pretest.dat (100%) rename testing/tests/ikev2/{esp-alg-aes-gcm => alg-aes-gcm}/test.conf (100%) delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/description.txt diff --git a/testing/tests/ikev2/alg-aes-gcm/description.txt b/testing/tests/ikev2/alg-aes-gcm/description.txt new file mode 100644 index 000000000..2afcecd68 --- /dev/null +++ b/testing/tests/ikev2/alg-aes-gcm/description.txt @@ -0,0 +1,5 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +AES_GCM_16_256 both for IKE and ESP by defining ike=aes256gcm16-aesxcbc-modp2048 +(or alternatively aes256gcm128) and esp=aes256gcm16-modp2048 in ipsec.conf, +respectively. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat similarity index 68% rename from testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat rename to testing/tests/ikev2/alg-aes-gcm/evaltest.dat index 7434cc156..9cd3e8e15 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -1,9 +1,11 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::AES_GCM_16_256::YES -carol::ipsec statusall::AES_GCM_16_256::YES -carol::ip xfrm state::aead rfc4106(gcm(aes))::YES +moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES +carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES +moon::ipsec statusall::AES_GCM_16_256,::YES +carol::ipsec statusall::AES_GCM_16_256,::YES moon::ip xfrm state::aead rfc4106(gcm(aes))::YES +carol::ip xfrm state::aead rfc4106(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf similarity index 92% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index df2b7437d..e3f19aff8 100755 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! + ike=aes256gcm128-aesxcbc-modp2048! esp=aes256gcm128-modp2048! conn home diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf index 339b56987..7fe7619f1 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf similarity index 91% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 661681105..0d51a3ea8 100755 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! + ike=aes256gcm16-aesxcbc-modp2048! esp=aes256gcm16-modp2048! conn rw diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf index 339b56987..7fe7619f1 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat b/testing/tests/ikev2/alg-aes-gcm/posttest.dat similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat rename to testing/tests/ikev2/alg-aes-gcm/posttest.dat diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev2/alg-aes-gcm/pretest.dat similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat rename to testing/tests/ikev2/alg-aes-gcm/pretest.dat diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/test.conf b/testing/tests/ikev2/alg-aes-gcm/test.conf similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/test.conf rename to testing/tests/ikev2/alg-aes-gcm/test.conf diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/description.txt b/testing/tests/ikev2/esp-alg-aes-gcm/description.txt deleted file mode 100644 index bd9521e0d..000000000 --- a/testing/tests/ikev2/esp-alg-aes-gcm/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the ESP cipher suite -AES_GCM_16_256 by defining esp=aes256gcm16-modp2048 or alternatively -esp=aes256gcm128-modp2048 in ipsec.conf. -A ping from carol to alice successfully checks the established tunnel. -- 2.47.3