From 398ad11cf3aee8ce0a9c5cfe55b88af7d0fcc5b6 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 31 Oct 2014 15:44:26 +0100 Subject: [PATCH] testing: Use 384-bit Blowfish for ESP on carol to show off variable key lengths --- testing/tests/ikev1/alg-blowfish/evaltest.dat | 4 ++-- testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 2 +- testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 2 +- testing/tests/ikev2/alg-blowfish/evaltest.dat | 4 ++-- testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf | 2 +- testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat index cd83c56b4b..ab00c3bc13 100644 --- a/testing/tests/ikev1/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat @@ -6,9 +6,9 @@ carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_51 dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_384/HMAC_SHA2_384_192,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES -carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES +carol::ip -s xfrm state::enc cbc(blowfish).*(384 bits)::YES dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf index db409be435..be458a308d 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -9,7 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev1 ike=blowfish256-sha512-modp2048! - esp=blowfish192-sha384! + esp=blowfish384-sha384! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf index f3c84ece89..585f39e53c 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -9,7 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev1 ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536! - esp=blowfish192-sha384,blowfish128-sha256! + esp=blowfish384-sha384,blowfish128-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index f76522c5c9..fdba0bba53 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -6,9 +6,9 @@ carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_51 dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES +carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_384/HMAC_SHA2_256_128,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES -carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES +carol::ip -s xfrm state::enc cbc(blowfish).*(384 bits)::YES dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf index 89674b2a1a..3df8c97bd0 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -10,7 +10,7 @@ conn %default keyingtries=1 keyexchange=ikev2 ike=blowfish256-sha512-modp2048! - esp=blowfish192-sha256! + esp=blowfish384-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf index 82804a0fe3..fb84a9b162 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -10,7 +10,7 @@ conn %default keyingtries=1 keyexchange=ikev2 ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536! - esp=blowfish192-sha256,blowfish128-sha1! + esp=blowfish384-sha256,blowfish128-sha1! conn rw left=PH_IP_MOON -- 2.47.2