From: Andreas Steffen Date: Wed, 9 Dec 2009 14:45:45 +0000 (+0100) Subject: adapted gcrypt-ikev1 alg scenarios X-Git-Tag: 4.3.6~126 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fcca5b5cafde278e1c9ddfde399eb9e8de2c866e;p=thirdparty%2Fstrongswan.git adapted gcrypt-ikev1 alg scenarios --- diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt index 604fb45df9..982efa5eac 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -SERPENT_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +SERPENT_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat index 2be8f675f9..d9964314bf 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(serpent)::YES moon::ip xfrm state::enc cbc(serpent)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf index b050f022ac..0848c3696d 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf index 75830f0436..05edfc7d07 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt index b65ea7b8d7..f3fc61fe63 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -TWOFISH_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +TWOFISH_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat index 34c9d1c65e..c69355b81a 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(twofish)::YES moon::ip xfrm state::enc cbc(twofish)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf index 71ed475199..838291f80b 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf index ba739f8873..c2ef128530 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes