From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Jul 2018 16:45:53 +0000 (+0200)
Subject: wip: CHILD_SA rekey and creation testing
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=179ea422f130c74d567a70b3c9b65cb6ea0f3d99;p=thirdparty%2Fstrongswan.git

wip: CHILD_SA rekey and creation testing
---

diff --git a/testing/tests/swanctl/rw-qske-l5/evaltest.dat b/testing/tests/swanctl/rw-qske-l5/evaltest.dat
index 26cb3e8dfa..c8f2a52cf0 100755
--- a/testing/tests/swanctl/rw-qske-l5/evaltest.dat
+++ b/testing/tests/swanctl/rw-qske-l5/evaltest.dat
@@ -4,6 +4,20 @@ moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=EST
 moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256_BP qske-mechanism=QSKE_BIKE1_L5.*remote-vips=\[10.3.0.2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
 alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
 alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --rekey --child home::.*::YES
+dave:: swanctl --rekey --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --terminate --child home::.*::YES
+dave:: swanctl --terminate --child home::.*::YES
+carol::swanctl --initiate --child home::.*::YES
+dave:: swanctl --initiate --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
+carol::swanctl --rekey --child home::.*::YES
+dave:: swanctl --rekey --child home::.*::YES
+alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
+alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
index 311d2e971b..3775a59139 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/strongswan.conf
@@ -12,6 +12,7 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
     }
   }
 }
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
index 927fc8799a..cd5a34d126 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/carol/etc/swanctl/swanctl.conf
@@ -19,7 +19,7 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskekyber5
          }
       }
       version = 2
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
index 5d56431e89..31de3ad563 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/strongswan.conf
@@ -12,6 +12,7 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
     }
   }
 }
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
index 9e0a1678c2..fb80ab9bb5 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/dave/etc/swanctl/swanctl.conf
@@ -19,7 +19,7 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskebike15
          }
       }
       version = 2
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
index ebbacced88..eccbabade1 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/strongswan.conf
@@ -12,6 +12,8 @@ charon-systemd {
   syslog {
     daemon {
       default = 1
+      ike=4
+      chd=4
     }
   }
 }
diff --git a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
index 2560b10c0a..bf2074e736 100755
--- a/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-qske-l5/hosts/moon/etc/swanctl/swanctl.conf
@@ -17,7 +17,7 @@ connections {
             local_ts  = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes256gcm128
+            esp_proposals = aes256gcm128-qskekyber5-qskebike15
          }
       }
       version = 2