From 43d92475998f85b977ca98dd8ac81fc630a19000 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 28 Nov 2014 13:11:58 +0100 Subject: [PATCH] Created ikev2/rw-ntru-bliss scenario --- .../openssl/bliss/strongswan_blissCert.der | Bin 0 -> 2317 bytes .../etc/openssl/bliss/strongswan_blissKey.der | Bin 0 -> 1950 bytes .../hosts/winnetou/etc/openssl/generate-crl | 4 ++- testing/scripts/recipes/013_strongswan.mk | 3 +- .../tests/ikev2/rw-ntru-bliss/description.txt | 15 ++++++++++ .../tests/ikev2/rw-ntru-bliss/evaltest.dat | 26 ++++++++++++++++++ .../rw-ntru-bliss/hosts/carol/etc/ipsec.conf | 25 +++++++++++++++++ .../ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2317 bytes .../carol/etc/ipsec.d/certs/carolCert.der | Bin 0 -> 2400 bytes .../carol/etc/ipsec.d/private/carolKey.der | Bin 0 -> 1950 bytes .../hosts/carol/etc/ipsec.secrets | 3 ++ .../hosts/carol/etc/strongswan.conf | 7 +++++ .../rw-ntru-bliss/hosts/dave/etc/ipsec.conf | 25 +++++++++++++++++ .../ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2317 bytes .../hosts/dave/etc/ipsec.d/certs/daveCert.der | Bin 0 -> 2400 bytes .../dave/etc/ipsec.d/private/daveKey.der | Bin 0 -> 1950 bytes .../hosts/dave/etc/ipsec.secrets | 3 ++ .../hosts/dave/etc/strongswan.conf | 7 +++++ .../rw-ntru-bliss/hosts/moon/etc/ipsec.conf | 24 ++++++++++++++++ .../ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2317 bytes .../hosts/moon/etc/ipsec.d/certs/moonCert.der | Bin 0 -> 2420 bytes .../moon/etc/ipsec.d/private/moonKey.der | Bin 0 -> 1950 bytes .../hosts/moon/etc/ipsec.secrets | 3 ++ .../hosts/moon/etc/strongswan.conf | 7 +++++ .../tests/ikev2/rw-ntru-bliss/posttest.dat | 9 ++++++ testing/tests/ikev2/rw-ntru-bliss/pretest.dat | 13 +++++++++ testing/tests/ikev2/rw-ntru-bliss/test.conf | 21 ++++++++++++++ 27 files changed, 193 insertions(+), 2 deletions(-) create mode 100644 testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der create mode 100644 testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissKey.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/description.txt create mode 100644 testing/tests/ikev2/rw-ntru-bliss/evaltest.dat create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-ntru-bliss/posttest.dat create mode 100644 testing/tests/ikev2/rw-ntru-bliss/pretest.dat create mode 100644 testing/tests/ikev2/rw-ntru-bliss/test.conf diff --git a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der new file mode 100644 index 0000000000000000000000000000000000000000..db397a78c80b4f30e1eed254a1c335b3566908c7 GIT binary patch literal 2317 zc-pO0X;c%37M>-EA%V;c5ilss1f#fAli*f7RaONQS;Z<+hzlxJ2&6953PLD|R3U)2 z7Ep+|p+$4tmnu=8f(sIq#Xc1h6cG`J6FMzAS~{57RUgV71Nk7$OI%yrCf;(3yxy2_>f8-QlSL@QiA#8{!0?R!9kIcM1)+vmGJYCxH{QMXG^6X^Q4~A zIkP>Zo$NfmhX3DTN?0v%{^}eM{0cw}SP5qW2OfW`n6Iu^r_Khmj+AAp|ITd7iDD@n z)~T{Z*K*yQk>?6tcER|_fDIYispgnwLEyq8QSK++9btFpvsOHrqMQ3L>v9V< z#_hK$Q;sS+pH!9e99)Ya@TTfuJh4Z}Wlx$TRIwcWTfB>;5x+~)%JkN=s{m(?;k$&7 z88)TDtP%iQzT*$`Vmj^8QPIA(6(a9%14i!Ym-v((t$QrYJA2%BxJMVf>r71^2<(OKLRPC+?aAFnzb?}r~dD0_`Z&(D8)70FW`JlKD! zwU#fuP5-P-oVF}bwcV@Rkmag_P9cfXjvwx}w!oV#!X>{{8WhKGpbh@U)0aObT=w0) z{hrs7iEF2Du2zP}jFV64iY;nb-*oeKO5fh+G4@+zzA>c<$%6CVuFS`Kmb}PRMIxss zw03L?@tbjfV)SrlA#+o+LkX)jE456${2&yZH^}LVWoGxRiqL-G-fCfGZx?37YYzRS zj31v-A3D+V$ENS2lkfQwVRM_Zw!Op8?wox0LelHM_Vi_+_l(Q;C#&pd1Evyb{C0ZU z%Xyw-&M5w5% zBm8NEhuS@AZIAt*o6+Oqi#r|S?!274T)6m-pg>thH5T6upA)z>=$Cgn3-Ual-SU}V z0P)eackU%$%NK6i@PKD=`Ylb#=XWgVm@ew(0mr7iKN`$qs|AnXksF?VDz{a#lVG=D zmg7K;=>A~Nd(>m+JA_1q)>E-LJVkLH7466BkStG<(BKBvp%SphXEc zD}5#2qn-mtx$r@dW-ul2Xp->05XcvTF=|gNiOUzvV>mL#8iIe`pVhi7Yx=AgGYb@3 zRGD727yieyU?pP)@WFfWr{oO%ObFvOI5#A?#9kRgI(7q3Y_aU;HKn$aTvLAi#D)Dm z#u?nO<&2qmy|jg@nKmrXW~>s#VpxAgFU=A~8QJQTN|*4ho! zgxE={Ss`b@_K%$8S6$WhpW67=uqqovwe@x-TXF&O`WsekV5A@5WU^*Sf2YA_AfJXb z+jwCETtq)0Kf;vXW`vG|%WDP@fUR^wkBItwob}=aJoMi~(kO1&Q8Nhw`Af`ZT#u>p#@teydC&W(2{7o+Q3dy@ zomt6ZwB6R6^xo*R-X#ukEWZJ09frkoUzM+;j-+F5lRGscYwRvQU1cKN2Z#)jcJJqz zBt7Gv6CT<017)i26d~lGmNf1@X3>EC4FN+vDg5Lx+t^z(lPU@8d7IrSX4JP|eM><1 zAu{%0m%O6*_`19L8genheJ< zatJVeR&{=s9AKryeU?9@lb(b6qJGUQ_L>J){c0PPz^>>@y_UqD#IX1K4p;c-caMG3 zxWJCY9UF#v3RkjxmU0&KHp-Mv(g%!&iov8$gXOzG+{KClwnR`r81m6eVfA8|!Rv6? z`L1Pk<^sVm!564EGH*pXre7S=oaAUS-eIxfh6|Z@hCyYMz-4f4bvu z8N^VRIM?cJvf^eB&#LJ%ON zBtRk*NJF3%#84W7a0EdCv;(sz#3)5tQ4+U;Cd7b35P>0j6dM&Lj*Pyi1hok- z007%C9^QjCicup#B~H@l)<>`(pJp=lK06-Z+XSpulnA(P_6{p|ZFXqTH%7l7E8LbJ K$Iw3f*M9)ZLfs?) literal 0 Hc-jL100001 diff --git a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissKey.der b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissKey.der new file mode 100644 index 0000000000000000000000000000000000000000..65376a449277d8a5d3a4eab27141c3ef758c43f3 GIT binary patch literal 1950 zc-l=;4OCNA9Dncf7|M#zzyJe=6A|<%2;w*)-v~tNP%(&fVIxSVuoMa91e*gz<1^B> zsSE`Kl;css57JZ)f(nWRn;tpJN2C#2l%xjU*Sq(v(dzO(iPf#l3EhmiOfrs$!=# zD^hZ=&VQZM=Mc60$hvtozZ`knUX$Ko?NT|v)yMfjOw;C$2F>HfrzT*Fb9c1#jg!{p zmDhWVNY|r&;3lEkxo=Vuaq2Jc(wsCQf5pqLJ@z4z%KDJ3h7kYBeUIOYb$8^|=w+I? zh5GPzOCR5^j+fi6Id4xHj_kXXKk#v@LAE6Rjz{;>TgqnrxS892505JO$ep^Q7Iw~M zfV^B%A$2Vf@Mp~R6O{1m!}Y;s-f`b8&e0CQ#stFAeDM9W-*RVa1WGkwy>{op*O7Ei zQ-Oonk%A&II8w3BWtd(kA4I6r@T4Gyl z&PzUxPgL@2W<}?3?@Tx>4RbkOAsKc_3@GZkU|FcBsQA0d&~7WZMt^lx=J{b%NoLU4 zpwhV;oUoL64}H>V(3_;b5yb2|HYl%dvAP@ndwuh>wC2#SGuwh<<|KQVUpOXCdUu=0 z=!UYppY>k8mNBvKev-`=NobNLE#2Wvu(N4rLCnLvk~Nm~vkgP3E5jDvn3Fg;Qfivo zXQ$>Flv!Hc+6oX`_{w~AgQ@CyLfq9~`B(HjRi+?Udiv0p3aL|W*Qz<9FM8J}rniN< zu3p-!-0{SvG26ZM?AGCv1rw?>qK!r2f7IFd5`U__rJ1y6zrV<=L4L4ZcdDRz=)lP4 z!R+vxx>2{$b0J01>4v0{D*=9%JaV?vF!ukAZ-b+tPtYQk1eRGwH6 zKE6um*|W!AbUPyHkmZXP)&|*w&JPs#3opqdZ8Q(gS0@0+_CxZTdu8I+<^30;V0^~P z=EEJQGotz%@)i`_>JrHF#pPo4H}bTat)+|Xe4HAic?$K>*x-KZWJmiZttd;)f0$#g zn2>y4Xg521q*hj$lcMKOCM$~k=9)aByw8qhlhhl|x{9bvh*e_~(^sXoQfrX-16!-)>uu>5iv+1DH!a@G+MlDa zwH*o^@)C|&5XU{9R>fM(&^g>TnQ9S*mAEBHYRR#|CH60W6yA81|J2H7{-ju0*}GR; zKCBWiFAkK<8yn_ZIH=ZtBnxzR=nFQ9SzH$}6GWt4rWAl62%4rz0&NHy{YXeKCuU3H z1hXem4a%TAb7EE$LSLqqBuU&x8p~*$V*)e^G5?5xIYSgdxCHJ;QG$eM&x9dHhB(2r zL6(BXJa|PYBtU4Gk)AF<;+cnLdRSC$64JPmc+WDEG{z&KQ7!vn5ZN{wX`s24;DRLL zg~pNb(6|*6M$<@|T>&>B$J4x zcL?@gNcK)}Co2q(O|tif^pKn*?9F2TFa>%CNQwXe9RT|tP|N{BNKg;}f|^2MoCOd9 zRKz??7ElCk!A<~N1S!a203-rHyk&z33v$xI6hsV61h-;##EJfxJ;TWIu$q{M!ptZM zFfM^H@dsrnmVyxg!THlG4UH?iR?3l{*$V}fI4 strongswan_bliss.crl +cp strongswan_bliss.crl ${ROOT} diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index 2b7bde5a53..221f4f312d 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -92,7 +92,8 @@ CONFIG_OPTS = \ --enable-tkm \ --enable-ntru \ --enable-lookip \ - --enable-swanctl + --enable-swanctl \ + --enable-bliss export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat diff --git a/testing/tests/ikev2/rw-ntru-bliss/description.txt b/testing/tests/ikev2/rw-ntru-bliss/description.txt new file mode 100644 index 0000000000..b81fdb7cf6 --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/description.txt @@ -0,0 +1,15 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and +192 bit for carol and dave, respectively. Authentication is based on the BLISS +algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for +carol, dave and moon, respectively. +

+Both carol and dave request a virtual IP via the IKEv2 configuration payload +by using the leftsourceip=%config parameter. The gateway moon assigns virtual +IP addresses from a simple pool defined by rightsourceip=10.3.0.0/28 in a monotonously +increasing order. +

+leftfirewall=yes automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnels, carol and dave then ping +the client alice behind the gateway moon. The source IP addresses of the two +pings will be the virtual IPs carol1 and dave1, respectively. diff --git a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat new file mode 100644 index 0000000000..c7b5be4129 --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat @@ -0,0 +1,26 @@ +carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS signature successful::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS signature successful::YES +dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS signature successful::YES +moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS signature successful::YES +moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES +moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf new file mode 100644 index 0000000000..f13e47a715 --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-ntru128! + esp=aes128-sha256! + authby=pubkey + fragmentation=yes + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.der + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 0000000000000000000000000000000000000000..db397a78c80b4f30e1eed254a1c335b3566908c7 GIT binary patch literal 2317 zc-pO0X;c%37M>-EA%V;c5ilss1f#fAli*f7RaONQS;Z<+hzlxJ2&6953PLD|R3U)2 z7Ep+|p+$4tmnu=8f(sIq#Xc1h6cG`J6FMzAS~{57RUgV71Nk7$OI%yrCf;(3yxy2_>f8-QlSL@QiA#8{!0?R!9kIcM1)+vmGJYCxH{QMXG^6X^Q4~A zIkP>Zo$NfmhX3DTN?0v%{^}eM{0cw}SP5qW2OfW`n6Iu^r_Khmj+AAp|ITd7iDD@n z)~T{Z*K*yQk>?6tcER|_fDIYispgnwLEyq8QSK++9btFpvsOHrqMQ3L>v9V< z#_hK$Q;sS+pH!9e99)Ya@TTfuJh4Z}Wlx$TRIwcWTfB>;5x+~)%JkN=s{m(?;k$&7 z88)TDtP%iQzT*$`Vmj^8QPIA(6(a9%14i!Ym-v((t$QrYJA2%BxJMVf>r71^2<(OKLRPC+?aAFnzb?}r~dD0_`Z&(D8)70FW`JlKD! zwU#fuP5-P-oVF}bwcV@Rkmag_P9cfXjvwx}w!oV#!X>{{8WhKGpbh@U)0aObT=w0) z{hrs7iEF2Du2zP}jFV64iY;nb-*oeKO5fh+G4@+zzA>c<$%6CVuFS`Kmb}PRMIxss zw03L?@tbjfV)SrlA#+o+LkX)jE456${2&yZH^}LVWoGxRiqL-G-fCfGZx?37YYzRS zj31v-A3D+V$ENS2lkfQwVRM_Zw!Op8?wox0LelHM_Vi_+_l(Q;C#&pd1Evyb{C0ZU z%Xyw-&M5w5% zBm8NEhuS@AZIAt*o6+Oqi#r|S?!274T)6m-pg>thH5T6upA)z>=$Cgn3-Ual-SU}V z0P)eackU%$%NK6i@PKD=`Ylb#=XWgVm@ew(0mr7iKN`$qs|AnXksF?VDz{a#lVG=D zmg7K;=>A~Nd(>m+JA_1q)>E-LJVkLH7466BkStG<(BKBvp%SphXEc zD}5#2qn-mtx$r@dW-ul2Xp->05XcvTF=|gNiOUzvV>mL#8iIe`pVhi7Yx=AgGYb@3 zRGD727yieyU?pP)@WFfWr{oO%ObFvOI5#A?#9kRgI(7q3Y_aU;HKn$aTvLAi#D)Dm z#u?nO<&2qmy|jg@nKmrXW~>s#VpxAgFU=A~8QJQTN|*4ho! zgxE={Ss`b@_K%$8S6$WhpW67=uqqovwe@x-TXF&O`WsekV5A@5WU^*Sf2YA_AfJXb z+jwCETtq)0Kf;vXW`vG|%WDP@fUR^wkBItwob}=aJoMi~(kO1&Q8Nhw`Af`ZT#u>p#@teydC&W(2{7o+Q3dy@ zomt6ZwB6R6^xo*R-X#ukEWZJ09frkoUzM+;j-+F5lRGscYwRvQU1cKN2Z#)jcJJqz zBt7Gv6CT<017)i26d~lGmNf1@X3>EC4FN+vDg5Lx+t^z(lPU@8d7IrSX4JP|eM><1 zAu{%0m%O6*_`19L8genheJ< zatJVeR&{=s9AKryeU?9@lb(b6qJGUQ_L>J){c0PPz^>>@y_UqD#IX1K4p;c-caMG3 zxWJCY9UF#v3RkjxmU0&KHp-Mv(g%!&iov8$gXOzG+{KClwnR`r81m6eVfA8|!Rv6? z`L1Pk<^sVm!564EGH*pXre7S=oaAUS-eIxfh6|Z@hCyYMz-4f4bvu z8N^VRIM?cJvf^eB&#LJ%ON zBtRk*NJF3%#84W7a0EdCv;(sz#3)5tQ4+U;Cd7b35P>0j6dM&Lj*Pyi1hok- z007%C9^QjCicup#B~H@l)<>`(pJp=lK06-Z+XSpulnA(P_6{p|ZFXqTH%7l7E8LbJ K$Iw3f*M9)ZLfs?) literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der new file mode 100644 index 0000000000000000000000000000000000000000..dd6f1877267670c7f244a35d8432eb18f5f6acab GIT binary patch literal 2400 zc-oDWX;c$w7KW>`0ZB-z!oEln6s1LzBI4Q#K|w(g0zwN)n*b`CLI7>iZh-*e#*W%5 z0zo{sBM5@Z!IgjlW4jRCMqHp!K}0cCVU;B{*!DTyb7p?b&*$FfJMXvo02IPwwh*B05x{I4Q!xtHgyX~I`njRevZ9W6OnA1XQ<=E~nYc$JvvbxXiSx(w` zxosJBxYC1fJRbz}o36k3G1Bb^y79By$Fu2$O!dNo^pB2*Lw|R#@0?Ft5*B6@wAeZ7 zwLL1v>ly;oO)b{TRV~9o(cAaR{rb*ALv{gnWh9Ncoqe0Sj&b7h9hsh}?3RtT+uSd` zVVZOAJv)UVKV@ajvV5V@T>IZ#qsn6}Wy%l(B7TYRY}q+%&dF@C|KYWcip1fo?epUr zTq(`Gh`F{~SLQ1eYwhPiGa5fTFFv9w@@bekn?JhBeo;nn`QyL@U4eX03}g54N#gh9saqqfHw4TVcr2OJSF51w!O!H92A zQ6wH!p3btos1>hxaIlFQG83Y@3%z&yTGkmpW9;1GyUXMkdy+8dL`LeWUZyDDm*HpW z8W#DWKu!(pWo}l@c<1^quKC*bYZ?0Lkcz$N*}`^;ohAA-@)CDh)eBQwpDnoWhsNp< zPDHH=ru9_ZH-`O|Z%A)0X`XrHPWmTGBf8pDv-zxvR_!|*HhaD2Y{)F_@t)7Jjr8z} zrze^mLbuiwd!z;y-IkwOwlzQK&CKGP@zF&El2H#@@QXemF1#Ryy;GXR2RZJ=nb4uS zJ!s~p#N)@(t31zVJgEK6ZLfUJTMs#Nd$@CH_t2+8@9K~9j?&4Y8LdBAJH+Y*6po#5 zcB{8{>)l?k_^MaP=Jc#-=V+F`6QxK2vq<$M?@)$iYU9|aVOql#np>vt(X~2iz>fjt zksW(#k2xe{=UEmoeY{SsD{OexvFJe1!Nhe;KhEzo)$LOHcK;K&&_UUx;K){Yu6XBg zE~!0-ZvE2lsD-R1YT%si{uSx*@^#gfdoz()mb2VAKa2LwurHgD`pOi~Rw7oR8`FaH zD7E6|2;xK&-5f+pmp_}d5>z3%)91vC0*QN1ae(2r<}NV>>2!P`tlc5+`0t2>hfD_7wkVDt#{^eKFcGjC7Gm)Y!-#< z?iAZSN7|BYHu!sLN{5fm%Lu}wLhr0M&3^oRNds8oO7_fn7(zb#kc(sJpW0Dlz}|NFDMd=x3?2sd$R-W)kem7g&Q$t6dF)6oXu0C$rX zi2j0pKQ3+SP)dPnqe(@PPL?t*9{ngOHm*0e_IWK0fgDGc~NA| zLVams4;EvfdH7Dr9L>oYsTLE$Urh5{S;;eout}14hyI0{iHF7(vZwaaFa6oR%uNXs z!i9#dXCC#Q?8~$0 z#O{)?T1{)DPLe^EyUfb@{;~STXSubpbPa%{!4D6Rc=TS}!lY8k6pxQ{o%$h^?{a;@ zTl}uRo6L$Dt7@dnvim!pl4Q|?n_f{v&syXz#^qLkz^uF8pOQED2HHtS-;N~}Oe&?+ z7@Y}EXkLHLOq@UN=K7cR^p zN!QaPnPj}^S#B68EE%aUqt;JMid`piqV&-!V^uCt+1W2dAq>R{9R@>f0E7u32*g1y zi3M=DAOK<*o1^C85CH=u7{dWJL}&>XYNG*QXwnAif_MbUM#}~W7Q}^d0o+LdD8T}7 z4hrya0LLM)%XR=@voHt-YzYknk#N|MD-hbSc)%NOmk{FO0DmfkU>kub0Kgakfe>#x zj-k_801B~fAP!#x@^CiTh2w0(7UOC#00Ur02vu|OE&yXgBq7GfDF6?IL7aoV;Sdmn zlh~LR>>fd<419AWW literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der new file mode 100644 index 0000000000000000000000000000000000000000..a7feb85a88e2a9405f0593ea7e0a38da5d572317 GIT binary patch literal 1950 zc-m!B3rrJd9KSo-BD5+mfpsV=q1aFyh+zsD46tZr0&4}eJ_aoa1qK6+3T}v$T163K zD@g4?umlNoB1{PCrY+F2sl@ssf~aIFVd!LFXq=k6wfATXyM9T(`+l$g|NmWx#PKYJ z%BFxMP|^@chCm02Lm8k+UcmDG?)Rhmd&fnFCU7KZfO5ypuUOsdC3_G*$s9Ua{-MoJ zO*UQRGCaaSP_Dl=vNM~r+1X>LueQorMKi8eNMEfyF1i_a<5?IbB0b$*5FVBDgf$jD z-J?q}>IZycwF4$WZeB?Nf3n$SmYKp-LsQ;N)?H%{Re8BT%`sGcec8-QZ@yHwG-~1& zvuq*b(7Mh@d9eEm)`ggywtRY8gU|`t9TD8DZuuwZY*lpf@r0FSMW!pmVTHOFlHoJ) z3ct*C^0Kl7R*;K-@0+Ob)7rWuT|gk?-Fns<*^c3+d`50`#MiTh8>cF{)XdhnKU{lx zZzY-D8cw8VuJ`_=&V@X({MZf-wGeTV1y=jjP<5&=<5Nz5POE6uZ+2%mY3iciHJm>| zzcdrQcCbQE76!PG9<9$by0eN||K+1T9p~qw?u7>Dhyd0`k@g zT87sDMa+vr!_~a2vIRz=rev&HHB4gC#~xxL+^uz`jB9Rt zxbkDSNe$-=0jK+=uSvaQ@t#u|%}ZvCyg*m4CkL8^%V%oG-=uAK&eA+o>e-^q&U&t7 zYh7PKQ)H%G@Ml2%Z@Y8r6yLn#Qg)0?0)<(M{Kb1y4>CZvxcW+$V?77PD!(nNt&z5G zXq63iU*MD!1U=^#(DJgP8eh)7RwZ`4T2<}rAd=nL=fnQqF-7&h)xf#I;!NZz!mn%; zW=KygZK2S49~(myv^wpBQ^#amDCW@|$!l~p{C&1*CohfbEPY-n0u=iA*qAO@g z8-LoQ(v3b{b5u}Kw28)dyGhaZH9F@dE2o3m4f-;-wD@OhU$9#a4xe=PdCaf=B&{>& zZ3}$6E48+5Q^&=U%8=#s?d{GrPct9iy|wtE{KNWk%|)LhyFaE2 z^U0-y`z8@>d(JR)KH(g8ENcDyKm1PW=GrggfEV?<~larmoMVx43t7}wjneN?yqM)3b|XlY+Le%sYX-v zDw$w9N7TQ?v+Dk%2pxDX(P7K4qX0<)0pGTr9ZO_#>EyJbJKV& z7z+Y$cf0;zXwIb(au{RUcJRC^Ai!3*T_rGJ8?eP3CNlABm_JLrZ>&!Aj_itqV8Cu_ JM279|{sZC~Jca-O literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.secrets new file mode 100644 index 0000000000..c2225646d5 --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS carolKey.der diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf new file mode 100644 index 0000000000..ab824c993a --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf new file mode 100644 index 0000000000..5f605a43df --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes192-sha384-ntru192! + esp=aes192-sha384! + authby=pubkey + fragmentation=yes + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.der + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 0000000000000000000000000000000000000000..db397a78c80b4f30e1eed254a1c335b3566908c7 GIT binary patch literal 2317 zc-pO0X;c%37M>-EA%V;c5ilss1f#fAli*f7RaONQS;Z<+hzlxJ2&6953PLD|R3U)2 z7Ep+|p+$4tmnu=8f(sIq#Xc1h6cG`J6FMzAS~{57RUgV71Nk7$OI%yrCf;(3yxy2_>f8-QlSL@QiA#8{!0?R!9kIcM1)+vmGJYCxH{QMXG^6X^Q4~A zIkP>Zo$NfmhX3DTN?0v%{^}eM{0cw}SP5qW2OfW`n6Iu^r_Khmj+AAp|ITd7iDD@n z)~T{Z*K*yQk>?6tcER|_fDIYispgnwLEyq8QSK++9btFpvsOHrqMQ3L>v9V< z#_hK$Q;sS+pH!9e99)Ya@TTfuJh4Z}Wlx$TRIwcWTfB>;5x+~)%JkN=s{m(?;k$&7 z88)TDtP%iQzT*$`Vmj^8QPIA(6(a9%14i!Ym-v((t$QrYJA2%BxJMVf>r71^2<(OKLRPC+?aAFnzb?}r~dD0_`Z&(D8)70FW`JlKD! zwU#fuP5-P-oVF}bwcV@Rkmag_P9cfXjvwx}w!oV#!X>{{8WhKGpbh@U)0aObT=w0) z{hrs7iEF2Du2zP}jFV64iY;nb-*oeKO5fh+G4@+zzA>c<$%6CVuFS`Kmb}PRMIxss zw03L?@tbjfV)SrlA#+o+LkX)jE456${2&yZH^}LVWoGxRiqL-G-fCfGZx?37YYzRS zj31v-A3D+V$ENS2lkfQwVRM_Zw!Op8?wox0LelHM_Vi_+_l(Q;C#&pd1Evyb{C0ZU z%Xyw-&M5w5% zBm8NEhuS@AZIAt*o6+Oqi#r|S?!274T)6m-pg>thH5T6upA)z>=$Cgn3-Ual-SU}V z0P)eackU%$%NK6i@PKD=`Ylb#=XWgVm@ew(0mr7iKN`$qs|AnXksF?VDz{a#lVG=D zmg7K;=>A~Nd(>m+JA_1q)>E-LJVkLH7466BkStG<(BKBvp%SphXEc zD}5#2qn-mtx$r@dW-ul2Xp->05XcvTF=|gNiOUzvV>mL#8iIe`pVhi7Yx=AgGYb@3 zRGD727yieyU?pP)@WFfWr{oO%ObFvOI5#A?#9kRgI(7q3Y_aU;HKn$aTvLAi#D)Dm z#u?nO<&2qmy|jg@nKmrXW~>s#VpxAgFU=A~8QJQTN|*4ho! zgxE={Ss`b@_K%$8S6$WhpW67=uqqovwe@x-TXF&O`WsekV5A@5WU^*Sf2YA_AfJXb z+jwCETtq)0Kf;vXW`vG|%WDP@fUR^wkBItwob}=aJoMi~(kO1&Q8Nhw`Af`ZT#u>p#@teydC&W(2{7o+Q3dy@ zomt6ZwB6R6^xo*R-X#ukEWZJ09frkoUzM+;j-+F5lRGscYwRvQU1cKN2Z#)jcJJqz zBt7Gv6CT<017)i26d~lGmNf1@X3>EC4FN+vDg5Lx+t^z(lPU@8d7IrSX4JP|eM><1 zAu{%0m%O6*_`19L8genheJ< zatJVeR&{=s9AKryeU?9@lb(b6qJGUQ_L>J){c0PPz^>>@y_UqD#IX1K4p;c-caMG3 zxWJCY9UF#v3RkjxmU0&KHp-Mv(g%!&iov8$gXOzG+{KClwnR`r81m6eVfA8|!Rv6? z`L1Pk<^sVm!564EGH*pXre7S=oaAUS-eIxfh6|Z@hCyYMz-4f4bvu z8N^VRIM?cJvf^eB&#LJ%ON zBtRk*NJF3%#84W7a0EdCv;(sz#3)5tQ4+U;Cd7b35P>0j6dM&Lj*Pyi1hok- z007%C9^QjCicup#B~H@l)<>`(pJp=lK06-Z+XSpulnA(P_6{p|ZFXqTH%7l7E8LbJ K$Iw3f*M9)ZLfs?) literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der new file mode 100644 index 0000000000000000000000000000000000000000..379132b467361cc4ca9ed851b87d549718610bdd GIT binary patch literal 2400 zc-oDWX;f2Z8pq#zvk=H~?AM>OCFo#{%4s8D8!3ylKN0KP`d#0}|`jZ``p_6rbO z;N~B}h>Na`OW2<(NKQ$TCd7sv+>s!*!}%X23YYiSqhR^kz_2jEdZ{!;;OC3mnzP03 zVzJvIH!&`D_Y9v!uUYi?6Y=o>JIokIKT1rl;U5Wsfq`Oc-17GUOt>*S4(#;#!<{_q z7D|(1@k~nTtp3;UAn4x!rcg2|GGKXUL7QFl*JamEJb&d-4mOrArsnP5dH5#f1m#n# z>y&(?D9`)G;xbTPcS}XTIq+L6ZD{8HHC~j2SZ9Q`eB!>Td7t!jz36&Xhh)btCkN+2 zeg9&LQ%&X%UAB|~H}m=^S_6IiFLeW_MQbS!ZBB2PQxeH+xalx%?Ur%l$vU z@;$fOr9@79UTurFT{n5+UU!s!@C46n`%ZzS!_byxS%c@4Fm=~rtvSR5HvkC~jAb8z|htGz=_!@it9*1Bn;B2IP7XZtC?izT#2 zHiDp=;q~2{I=qe@1$&2c{TvDzkF$KxjY|X0U#RggslHUZ@uvz;S;e*Ek6e;cD$d7T zESmr+yVg$8%HBNWMU?Kw2D3*cQE7R_t-r3+Nl3S;v`f;)OII8kH-DF!Lm#-kF+SbVq!{!I; zKih1z?R$s8!1rrzAKRL1e~-K3mSdOw@lSMHAD${SF}XfG@Kx2f$D0=2e1+w$q6%C- zbJR=JL6=Sqe?w2J7hgW9wZzu&rY!7suQ>56+qryh{I1HU@h{`gnr<;eD;IgO&lv=N zf`**-Z(xlzbed7yMOAS_g_8&DvgT}5U%eg)OQvk7$*Z5d z6za^{?{lR&WYnIxZs_c;w~#+j!|tlabXbl@m7l(fr!g1Oy!8ZwO9pO;|F^D zyZI}jr^!^%`C7VH9dyL9=eCh7SlgVXC~f2NLm)C`LXvEx^wE|qKuX;0u$7aAoy=Mp zU4MiPsvsgjZR-l^TJ`OW5$X4!Zm%}M<%2BSrnprDH5!T_T|xMC&=!Nz6-@b2!~EkQ z^uSP$B_>JhkECOfugsRMV359MQY);MG)qgwif#g4uTe90?g$-uZ!N%%-AFPQLSa(kNP9AwytBnS)P;9(t?%niBk)p|3Nk zv1Z|IG@^BM*+NF`OU3bjqtNgNoT>{ z&nFV?hXn6fB@ysQ25U1GrP*=OLbos5{z@GhE`51ID1P@gu8 zkTDAR3j_XKooL;-(n?usG4|wvGBQWo>&ARCJcUmW>UXN-@0`0sU`(O{6kamjAYEpd zVXe|P80}la?ya6uZZbz+P$SPkfP&PTvkF50XU&?FyJocJwrBr^{dh|Yc88yE{r{w$#OXB>( literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der new file mode 100644 index 0000000000000000000000000000000000000000..dfc623cad2b406364ce2df4f881269974a7cdaf6 GIT binary patch literal 1950 zc-l=;2~bm46n+0E1gfA3MmDRU5)6xo8v;7xfU;6f`ZBSfv@0tKr=TR~+pyx;%+`$^5r`|sX&?>+b2bK@a1E#i%L z=)fM zPR~4Rt<>oR+Ein`bD4>KZbvHS$4D_o^-7!p5kv&=C8P0N1Fa@6A1O z2JSn>YHp`Iy!x`N(yh_5-E`P0C)J@r`TUq7?c$5>4Q8v|Zxxj*;zM6==6gQ5 zgtbMkIOz9!?czkopy(lWO{|!7^<8c0J;5*ho%@6@4@}sztJU>ViQ}X39WS$!R*b(h z&U4kU+V+!FBZX&%-cPz6eB3RdsNkmio1BPr%aMeP7EXn4q+j1Qud9-EF*D2}bVud6 zn_$V~@HUxO@u7#d4^lfTRb!FOrvh(_v?odmyjzo(&a|)cwA=Tnb9rHa%ef0C9p%$J znk$8O7t|c$C1l%JZQtQwCt4$Ke0?Les?4LK;!~ov|5S_Yj@a}c?LAx~|1y_k@eVdg z|CvOLT)6c%&RaaU^eyk{+0*$?k|t)%bo|ceCqejt>47S(O7*;2AW3T3=%4beyo+a3 zU+s0UqI$FKfxh8E;fWauD=r5t-8ebu@a(~+kPqsZfx2be^L)>oGr2R>VSR0w_E|`q zcjh7RZC{SBDA%kteHlM^iT}ydRi47~;_Bev)m~}p^I3OX_Qb1CMx9Z90P#E5j+!W6 zwb*?9bF`pW{)^86iINPjFV5>b&P&nG zEj_BY6RfcrwVfWlGW&ttSv50uXUV-=tV9ykfdiEE+uNaN>yN2N=>N&g2d3AN^ikQfjt|Z_n4+ z-gT>RekIeSNlXbh`IN+kL+!%fN}aZOy0`8+@@Ie0Ue4w!h4y3dMrZSV%gU|=CdbX* zFgjm)BS`EFy7L#$gZ{kM7U`B3ruTP!;pAVzm63n|1OWh`2#Pi+ zK>PFupqqZAkVl755HJt4PrCrHIoP7`BTgaEAt?++FhFz|qI85$vG^qOz|=Acs0wkx z6*L}dihrmCvX-Hx!C}%Mz}0}luXF*4=fcxq0}Y5f;b)3z%@C)6kt$*6K%_8%Zgdk2QnhDjxiS}Ghob?XfO&A?1~619TQ~a zrVM*SFp#0lij7qu@CMjrqeprP=s&<=2$3Yo?gd{E9RRtE^pJ%3W)37t$YwD~I0zY& zMjxNhOLpGF=jmQzc>sm9t#+zg~mAQ!!`jdZ4#@?DuKnu xQ|VcX>=1ebFv(@(5OQ%xl2w2mh{0qH78GHAwii8VWQM8{j&X%ZCx#EB+J9rKkM#fm literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.secrets new file mode 100644 index 0000000000..fe26432049 --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS daveKey.der diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf new file mode 100644 index 0000000000..ab824c993a --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf new file mode 100644 index 0000000000..d2d2b2102b --- /dev/null +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-ntru128,aes192-sha384-ntru192! + esp=aes128-sha256,aes192-sha384! + authby=pubkey + fragmentation=yes + +conn rw + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.der + leftid=moon.strongswan.org + leftfirewall=yes + right=%any + rightsourceip=10.3.0.0/28 + auto=add diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 0000000000000000000000000000000000000000..db397a78c80b4f30e1eed254a1c335b3566908c7 GIT binary patch literal 2317 zc-pO0X;c%37M>-EA%V;c5ilss1f#fAli*f7RaONQS;Z<+hzlxJ2&6953PLD|R3U)2 z7Ep+|p+$4tmnu=8f(sIq#Xc1h6cG`J6FMzAS~{57RUgV71Nk7$OI%yrCf;(3yxy2_>f8-QlSL@QiA#8{!0?R!9kIcM1)+vmGJYCxH{QMXG^6X^Q4~A zIkP>Zo$NfmhX3DTN?0v%{^}eM{0cw}SP5qW2OfW`n6Iu^r_Khmj+AAp|ITd7iDD@n z)~T{Z*K*yQk>?6tcER|_fDIYispgnwLEyq8QSK++9btFpvsOHrqMQ3L>v9V< z#_hK$Q;sS+pH!9e99)Ya@TTfuJh4Z}Wlx$TRIwcWTfB>;5x+~)%JkN=s{m(?;k$&7 z88)TDtP%iQzT*$`Vmj^8QPIA(6(a9%14i!Ym-v((t$QrYJA2%BxJMVf>r71^2<(OKLRPC+?aAFnzb?}r~dD0_`Z&(D8)70FW`JlKD! zwU#fuP5-P-oVF}bwcV@Rkmag_P9cfXjvwx}w!oV#!X>{{8WhKGpbh@U)0aObT=w0) z{hrs7iEF2Du2zP}jFV64iY;nb-*oeKO5fh+G4@+zzA>c<$%6CVuFS`Kmb}PRMIxss zw03L?@tbjfV)SrlA#+o+LkX)jE456${2&yZH^}LVWoGxRiqL-G-fCfGZx?37YYzRS zj31v-A3D+V$ENS2lkfQwVRM_Zw!Op8?wox0LelHM_Vi_+_l(Q;C#&pd1Evyb{C0ZU z%Xyw-&M5w5% zBm8NEhuS@AZIAt*o6+Oqi#r|S?!274T)6m-pg>thH5T6upA)z>=$Cgn3-Ual-SU}V z0P)eackU%$%NK6i@PKD=`Ylb#=XWgVm@ew(0mr7iKN`$qs|AnXksF?VDz{a#lVG=D zmg7K;=>A~Nd(>m+JA_1q)>E-LJVkLH7466BkStG<(BKBvp%SphXEc zD}5#2qn-mtx$r@dW-ul2Xp->05XcvTF=|gNiOUzvV>mL#8iIe`pVhi7Yx=AgGYb@3 zRGD727yieyU?pP)@WFfWr{oO%ObFvOI5#A?#9kRgI(7q3Y_aU;HKn$aTvLAi#D)Dm z#u?nO<&2qmy|jg@nKmrXW~>s#VpxAgFU=A~8QJQTN|*4ho! zgxE={Ss`b@_K%$8S6$WhpW67=uqqovwe@x-TXF&O`WsekV5A@5WU^*Sf2YA_AfJXb z+jwCETtq)0Kf;vXW`vG|%WDP@fUR^wkBItwob}=aJoMi~(kO1&Q8Nhw`Af`ZT#u>p#@teydC&W(2{7o+Q3dy@ zomt6ZwB6R6^xo*R-X#ukEWZJ09frkoUzM+;j-+F5lRGscYwRvQU1cKN2Z#)jcJJqz zBt7Gv6CT<017)i26d~lGmNf1@X3>EC4FN+vDg5Lx+t^z(lPU@8d7IrSX4JP|eM><1 zAu{%0m%O6*_`19L8genheJ< zatJVeR&{=s9AKryeU?9@lb(b6qJGUQ_L>J){c0PPz^>>@y_UqD#IX1K4p;c-caMG3 zxWJCY9UF#v3RkjxmU0&KHp-Mv(g%!&iov8$gXOzG+{KClwnR`r81m6eVfA8|!Rv6? z`L1Pk<^sVm!564EGH*pXre7S=oaAUS-eIxfh6|Z@hCyYMz-4f4bvu z8N^VRIM?cJvf^eB&#LJ%ON zBtRk*NJF3%#84W7a0EdCv;(sz#3)5tQ4+U;Cd7b35P>0j6dM&Lj*Pyi1hok- z007%C9^QjCicup#B~H@l)<>`(pJp=lK06-Z+XSpulnA(P_6{p|ZFXqTH%7l7E8LbJ K$Iw3f*M9)ZLfs?) literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der new file mode 100644 index 0000000000000000000000000000000000000000..af4f7d792fc1d9beea038ca105231d655e3e7ebf GIT binary patch literal 2420 zc-oDWX;c$g8isFWg9J!bL6k*F1)4=sNd;WdCLj$80>%afZH0ie3ylc~?u;aeO1lBl zpdySxv|B`EQCzz&pAD3W`4|{d(QK{@4fGLe|#UF z$xg;InI0-S4WiM^L2I|Tv#wZo4B$vxP|1hVHn?2>5 z*W;P=(sBLI&q2_?0gXY=q$@!hnSEKEE!%}iZ+Q6^(Ojw<3maLHi_7nmE7_&>Iqol~ z&#(Tf!sZUjwYPV>mpmzEtLs8GZnJOeV6pY2hhdJquaWOwHB2dJK6%wWq@*_Vr^|~& zg4_z*X0#QtyR?=9ktJ&TDPIpc~RIR zXo1tSpw5K!z&bHJdui6F0y@6NSyD(YtLWM^l+yL$OrKAqU#-}0SA5WpIZzRIO6#Qj zx7=^0t8c%Jh^h}4gk^aL(^l%e8l zZnt2Q&)3-L?bBq(%`EK`qG|@aSA>@HHZ(VH&)$1{tG1xb%8gLU6}c?ZvE0WMIOVi#|s7&n}whYD{me z=Pia$2RyyK?K}OuFrCl(E=|Iw@W+pSZBc%|vvdBy3Euha;il_?mfc69lXYd$qL=ji zz2W!v1$m9)`c8yL~6f4cXiEIIJ<+@`pGR??La%GD)Gd2puj zMBTSU-SQiPg4}E6yEqR_dnYal5J;O=Z8)^d%<}gt{DXx3YU^3uiOfnjQhY!^uVMA5 z-HjC9K}|`ZHfn0cH&^rOI_lC(Vgl2Hn}0i-<^7lNGm6tzbL=XN%oj@A??b(vTBb*N zhHEeP)~?p&ncsh(lu)oJSgM{}R_rjvB{yenljTUqSJP4pT?TI+*_;y>c=DU*FWuH1 zOVzZ-razmpmMwg+?@c08xA@%Y#*Xv9wFjNdE_S=udMMGiI;0YgsZ3ObxX1ZT?@^}~ zuD<4Ax?Xl$b6J)Jw`O9JUjnV#45!qwF+0t&-%L*|Jc!pmXg|sE<-slXU!E?wdPAm^ z6zE@^tLVbsBwX*Sd>T<2>55hz%}KdR@qsz|TdWMOUQIDmB7&`3Cg=a|5n>weE9!);vwBIUaj*Y-ouh>ZYc$ldt2h?ln zOYt$qPevsEUBmkU#7&nMVXE0hmn;YJsd}9m`}P%(yoQ3UK8`IJrGk6mhrRk2Ba(Xn zxy919qd8d|Ir{@&;!T9`hqp~Ix73BY^_b^3l^{fP6~i*4$RIT^bMKh)+CEjC zcNTBpX_UOG?4jM74@-4~XpJekoUFcJXtesBkPp`^gT!qBOEokO^ON7uV)j``!?@&4 zGlgd}@UcZo$Mi3)<8*Ya)`UH$6n?+^soqKEbyBZM{zX@?!0cAysJ_QmG+|I;?QlDo zDX%o~*&K?)O;*x8x2QsA+Bre!OVq;RT zhGL&E2==d45Bsp;A${K`Eyu}(Z~@dms?m)hfDk|gg3QqCxim0_j6qsTKm&jz0YYdY znBUJuXaq`;LWt;xQBsRFP+Ccr3!Kusu4 zKtde?Q5XrKG(c(rgaU%AX#`*lqjCAxBtQWr#0D?|a3O$LQ3OH3BuPO1A_|271|SmR zVvrUlv{Jc)_S){lr&8T-wbkz4o#dO}Q1xm@ JN~P76e*i;n7Uuu} literal 0 Hc-jL100001 diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der new file mode 100644 index 0000000000000000000000000000000000000000..7eead79eb25e01112f4995c63af35a726c31d0b6 GIT binary patch literal 1950 zc-lo$2~bm46#f4bK&*<^xCEpk0|5aQrEcH`8XyQMXlhVd1fnvCxPukiF)`Q(jDQqm zZGngi7(|4!SSu=w8!C{2!Iec3QL9BQjrQ|?|9kJJO(t)-_uO;OJufaw(>#+eoJ>d_ zsVs6drg%n5BL%U4SY6Ykj!l@jrE!5r9%WnAmfdC|^(ku^-e^{QHO;=$*}ZB_#pG*~ zCI|$==G~T|adw_&E|ZVOjTC%odDGvDzi#4=2lpMaboq7mzJ=9(XKH+Wy@c7XWdMitw5`+JkiX5ICACQlUA zt~6itjfy@@=7iV;WDf^c4D9^0XQ1QM8@IMq)hkyeM0kC-n9Q5t&~2IdV!~$UrYkSj z%dSeS{Z+1FYSSTkd4wH#K-F(^IOO;6Wzr?-W$sDoQ|f;zej-sN*H{e-#iMTPW|kau zip?<{Cy>i7j0|q@E8|D$bO+T*C*tfob-VN@hmuK6@q$@}Iq@%z<2`)_9&J$Agt(pa zE)dSu=oOBE!pe%Ts>ckzj&LZr*595c^-RA$i7b6~n)oQ)?v=CfK;~k-{K>)%J=;7g zokH>wUJ6<-3pSqqc=1VsT-+bmTdC4c{4iy?_gm@vMR`l@^oea(`99_)t6Q(c?|Aph zzt3&^K#zQ<<(I2Jw>MaK{ct>Jcb_I`ey34plBD^lc+mr2U5tOS zWGM)f)t752`r&;*k z%c$+IO)Lx*C5m;AOI5DlOHLgw8NYaXh2FSBG3}V2>#Qzk*<49)%}{l4U&ff0*D>-e zZ}FC<8JYqM2ix?t$o6sn^sjN+mu)+8>G8XiTnRhE^ z23!`6fAsN}rm)aMrt0U;(b*|3)i<8zk6pnx?-DF8$*OCNRRmo{96F!Q;*;f=O+ zeX-PW&rl10w&ni#Kuxt?yvEPY^_bO>j2ws1`Bp!Vd}^)x(c!q_ocyyg5g5CcMk(fa z1>D?KZrr7|C3?DJ&89lOwNS5}o?3Q9o4Y{0OMi>EFtyS?<58^rcCC6aZ1p^ibC7QD z4C#yp_p?P?3s1OR_lOj^ICk8e7M%N=$?fxf2V2fn`BOuqcRYAXieN~RBnXBe8G_vy z1}+plkOcc>b1+U)FixNk#*qXCxI4vg84~?S5+6`K%S!;fk+2s^kPOKZaA>ZMz(7dP z(y7)4ze>@pMzTe8BSHr#|Ai{%E~8PjsCBpQn` z^dq4I0KFTwjH5-Ba2$Xc@XjDNkquY@V35nC!3*>s0Dx7+J}96F00565c<@G108sFm zDdakUS020~Gz!5&1OUJgq!1OXMsDE02`m9T9y+osjg2A@3Iiwri{XNp3BctskcH7$ z1i&XK5hY<8qyX_C36$YLAR#osx&Yu9Sq6amAuNyhPYj#Ew6F!z0;h&^Kyox82c|hT z9KxMh;{ckO0yO6jCgoAM73_@N1Y8A@18`@Epb6G|Y#b)y5l97XfOEzGq>sidJQSe_ c8rz6n1zZrhLm|_-w*hcOI34?BG#VcK3pqTieE