wip: CHILD_SA rekey and creation testing

diff --git a/testing/tests/swanctl/rw-qske-l5/evaltest.dat b/testing/tests/swanctl/rw-qske-l5/evaltest.dat
index 26cb3e8dfaeac34171733a45070a7841e1ef2727..c8f2a52cf0b1f81e2b48d65a00a84caaf6db2184 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/evaltest.dat
+++ b/testing/tests/swanctl/rw-qske-l5/evaltest.dat
@@ -4,6 +4,20 @@ moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=EST
 moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256_BP qske-mechanism=QSKE_BIKE1_L5.*remote-vips=\[10.3.0.2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
 alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
 alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --rekey --child home::.*::YES
+dave:: swanctl --rekey --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --terminate --child home::.*::YES
+dave:: swanctl --terminate --child home::.*::YES
+carol::swanctl --initiate --child home::.*::YES
+dave:: swanctl --initiate --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --rekey --child home::.*::YES
+dave:: swanctl --rekey --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
index 311d2e971b5e22915c184678dc474cba0a4d373a..3775a59139030d58a10ee73c4edf1fe3e971f8a3 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
@@ -12,6 +12,7 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
     }
   }
 }

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
index 927fc8799adfee3ae84040d51bed6cdc45484eeb..cd5a34d126e50ca9049c4a0cdc404d9a2ea06f31 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
@@ -19,7 +19,7 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskekyber5
          }
       }
       version = 2

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
index 5d56431e89975c3e50d98d1b7cc8a74885c20b70..31de3ad56355f08bd155271828388b4982bf0a0a 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
@@ -12,6 +12,7 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
     }
   }
 }

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
index 9e0a1678c2760af6e227509ac88d287651fddeb9..fb80ab9bb52e6e0040ac05382c2fc5d3db14c4a0 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
@@ -19,7 +19,7 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskebike15
          }
       }
       version = 2

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
index ebbacced889ad2ec6eb308c9719dd316b87f4fb6..eccbabade16821a3f6047d5ff6a3a6b99b32d4f3 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
@@ -12,6 +12,8 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
+      chd=4
     }
   }
 }

diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
index 2560b10c0ac88ee1724067d8df3ade7c6634128d..bf2074e73607ae6dbbe6cd1e7ce1eefc9dcfda79 100755 (executable)
--- a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
@@ -17,7 +17,7 @@ connections {
             local_ts  = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskekyber5-qskebike15
          }
       }
       version = 2