adapted pfkey alg and esp scenarios

diff --git a/testing/tests/pfkey/alg-aes-xcbc/description.txt b/testing/tests/pfkey/alg-aes-xcbc/description.txt
index cce0e1cd63b6cf6e7fdfabd3cf3021e41fcb9d35..c71d7493f1984205fa0bac1b757180a3d7254520 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/description.txt
+++ b/testing/tests/pfkey/alg-aes-xcbc/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
-in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>.
+<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-modp2048!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.

diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
index 5217c18df092ad5999558b349396bfb06630a1c2..24e36eb770d1d76320f6cf038920e50b1bb44420 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
@@ -1,9 +1,12 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
 moon::ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
+

diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
index edd0aaaf837ead0d3368cf166849fe259492880e..33e6a842b7a29260d3ff568fe48b1958b5b9472c 100755 (executable)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256-aesxcbc-modp2048!
-       esp=aes256-aesxcbc-modp2048!
+       ike=aes128-aesxcbc-modp2048!
+       esp=aes128-aesxcbc-modp2048!
 
 conn home
        left=PH_IP_CAROL

diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
index 18618929fe5b7e6e1597d7cf5e49b21cda828ba7..208477deb4ceb7957c90dc73633362210c1eeb21 100755 (executable)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256-aesxcbc-modp2048!
-       esp=aes256-aesxcbc-modp2048!
+       ike=aes128-aesxcbc-modp2048!
+       esp=aes128-aesxcbc-modp2048!
 
 conn rw
        left=PH_IP_MOON

diff --git a/testing/tests/pfkey/alg-aes-xcbc/test.conf b/testing/tests/pfkey/alg-aes-xcbc/test.conf
index 2b240d89533cf6d6f18a3dcef80184ee1551ee5b..acb73b06feb33c9b70c88d2c05bfcbd7f0d62c20 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/test.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes

diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat
index dc50f11e0fc3245cd1271670d0733bf84522172b..d5c0a64c434252c101a25acf3bc8a520f450ab36 100644 (file)
--- a/testing/tests/pfkey/esp-alg-null/evaltest.dat
+++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat
@@ -1,7 +1,9 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
 carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
 moon::ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES

diff --git a/testing/tests/pfkey/esp-alg-null/test.conf b/testing/tests/pfkey/esp-alg-null/test.conf
index 2b240d89533cf6d6f18a3dcef80184ee1551ee5b..acb73b06feb33c9b70c88d2c05bfcbd7f0d62c20 100644 (file)
--- a/testing/tests/pfkey/esp-alg-null/test.conf
+++ b/testing/tests/pfkey/esp-alg-null/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes