From f6e20d6cc78dddc0221c0c981a273b4225bd5b08 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 21 Oct 2022 20:38:16 +0200 Subject: [PATCH] testing: Migrated wolfssl scenarios --- testing/tests/wolfssl/net2net-ed25519/description.txt | 4 ++-- .../wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf | 4 ++-- testing/tests/wolfssl/rw-cert/description.txt | 6 +++--- .../tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf | 4 ++-- testing/tests/wolfssl/rw-modp3072/description.txt | 6 +++--- .../wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/testing/tests/wolfssl/net2net-ed25519/description.txt b/testing/tests/wolfssl/net2net-ed25519/description.txt index f50109769b..58dbc6b333 100755 --- a/testing/tests/wolfssl/net2net-ed25519/description.txt +++ b/testing/tests/wolfssl/net2net-ed25519/description.txt @@ -1,8 +1,8 @@ A connection between the subnets behind the gateways moon and sun is set up. The authentication is based on X.509 certificates containing Ed25519 keys. moon uses the wolfssl plugin based on the wolfCrypt library for all -cryptographical functions whereas sun uses the default strongSwan -cryptographical plugins. +cryptographical functions whereas sun uses topenssl as the default +strongSwan cryptographical plugin.

Upon the successful establishment of the IPsec tunnel, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf index 24aa52cfb2..f0c7480ca3 100755 --- a/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf +++ b/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = random pem sha1 pkcs1 pkcs8 curve25519 x509 revocation constraints + load = random pem pkcs1 openssl revocation constraints } charon-systemd { - load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/wolfssl/rw-cert/description.txt b/testing/tests/wolfssl/rw-cert/description.txt index 9006bcb513..3fffa7b6ad 100755 --- a/testing/tests/wolfssl/rw-cert/description.txt +++ b/testing/tests/wolfssl/rw-cert/description.txt @@ -1,8 +1,8 @@ The roadwarrior carol and the gateway moon use the wolfssl plugin based on the wolfSSL library for all cryptographical functions whereas -roadwarrior dave uses the default strongSwan cryptographical -plugins. The authentication is based on X.509 certificates and the key exchange -on x25519. +roadwarrior dave uses openssl as the default strongSwan +cryptographical plugin. The authentication is based on X.509 certificates +and the key exchange on x25519.

Upon the successful establishment of the IPsec tunnels, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf index ba275349d0..924fc90dc4 100755 --- a/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pkcs1 pem openssl x509 revocation constraints + load = pkcs1 pem openssl revocation constraints } charon-systemd { - load = random nonce sha1 sha2 sha3 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici rsa_pss = yes } diff --git a/testing/tests/wolfssl/rw-modp3072/description.txt b/testing/tests/wolfssl/rw-modp3072/description.txt index a847d2652d..de6d2ff694 100755 --- a/testing/tests/wolfssl/rw-modp3072/description.txt +++ b/testing/tests/wolfssl/rw-modp3072/description.txt @@ -1,8 +1,8 @@ The roadwarrior carol and the gateway moon use the wolfssl plugin based on the wolfCrypt library for all cryptographical functions whereas -roadwarrior dave uses the default strongSwan cryptographical -plugins. The authentication is based on X.509 certificates and the key exchange -on modp3072. +roadwarrior dave uses openssl as the default strongSwan +cryptographical plugin. The authentication is based on X.509 certificates +and the key exchange on modp3072.

Upon the successful establishment of the IPsec tunnels, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf b/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf index f9df83ca4b..033ea6b297 100755 --- a/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf +++ b/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 revocation constraints pubkey openssl random } charon-systemd { - load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + load = random nonce openssl pem pkcs1 revocation constraints pubkey curl kernel-netlink socket-default updown vici rsa_pss = yes } -- 2.47.2