From: Andreas Steffen Date: Sun, 29 Aug 2010 18:39:51 +0000 (+0200) Subject: replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm X-Git-Tag: 4.5.0~394 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4f2a0bd8395496669a231e2ecdccbde37870770c;p=thirdparty%2Fstrongswan.git replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm --- diff --git a/testing/tests/ikev2/alg-aes-gcm/description.txt b/testing/tests/ikev2/alg-aes-gcm/description.txt new file mode 100644 index 0000000000..2afcecd689 --- /dev/null +++ b/testing/tests/ikev2/alg-aes-gcm/description.txt @@ -0,0 +1,5 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +AES_GCM_16_256 both for IKE and ESP by defining ike=aes256gcm16-aesxcbc-modp2048 +(or alternatively aes256gcm128) and esp=aes256gcm16-modp2048 in ipsec.conf, +respectively. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat similarity index 68% rename from testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat rename to testing/tests/ikev2/alg-aes-gcm/evaltest.dat index 7434cc1561..9cd3e8e155 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -1,9 +1,11 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::AES_GCM_16_256::YES -carol::ipsec statusall::AES_GCM_16_256::YES -carol::ip xfrm state::aead rfc4106(gcm(aes))::YES +moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES +carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES +moon::ipsec statusall::AES_GCM_16_256,::YES +carol::ipsec statusall::AES_GCM_16_256,::YES moon::ip xfrm state::aead rfc4106(gcm(aes))::YES +carol::ip xfrm state::aead rfc4106(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf similarity index 92% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index df2b7437da..e3f19aff82 100755 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! + ike=aes256gcm128-aesxcbc-modp2048! esp=aes256gcm128-modp2048! conn home diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf index 339b56987a..7fe7619f1f 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf similarity index 91% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 661681105a..0d51a3ea8c 100755 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! + ike=aes256gcm16-aesxcbc-modp2048! esp=aes256gcm16-modp2048! conn rw diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf rename to testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf index 339b56987a..7fe7619f1f 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat b/testing/tests/ikev2/alg-aes-gcm/posttest.dat similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat rename to testing/tests/ikev2/alg-aes-gcm/posttest.dat diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev2/alg-aes-gcm/pretest.dat similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat rename to testing/tests/ikev2/alg-aes-gcm/pretest.dat diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/test.conf b/testing/tests/ikev2/alg-aes-gcm/test.conf similarity index 100% rename from testing/tests/ikev2/esp-alg-aes-gcm/test.conf rename to testing/tests/ikev2/alg-aes-gcm/test.conf diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/description.txt b/testing/tests/ikev2/esp-alg-aes-gcm/description.txt deleted file mode 100644 index bd9521e0df..0000000000 --- a/testing/tests/ikev2/esp-alg-aes-gcm/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the ESP cipher suite -AES_GCM_16_256 by defining esp=aes256gcm16-modp2048 or alternatively -esp=aes256gcm128-modp2048 in ipsec.conf. -A ping from carol to alice successfully checks the established tunnel.