Imported Upstream version 5.4.0

15 files changed, 231 insertions, 0 deletions

diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..dc166b588
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+  load = pem pkcs1 pubkey openssl random 
+}
+
+charon {
+  load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici 
+
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/carolPub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/carolPub.pem
new file mode 100644
index 000000000..8fdc45a70
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/carolPub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/PUNxfK3+w4AuLUhn9F
+y49rmb7h+JJJPbBVZauXDeFSN6LAt+Cguu0poZfiL4C3zZmiXaZ1sRcWk772rFeW
+I/a7R97Go/iYG5m6zcQsDzYQ4vSVDZqECLw7epp+QMwFKC+h4mkTA17TRSCHneDu
+FPt3Dy1KBw8apCRa60ggpP1Pp78dsc2NG1iXD1mUeynyBJiOD9Dq9Xqh+2254xQP
+01G/zDZjvqudFGZQZ/caU0UWaDFme0IlG5iW2fFXtVwIWimnJq5i398+aMDFs9G6
+EcppyfMjOrzcjF/l9KMxOWW4YJ9YVf80YQ1dqYGoKGREsea4Ic17HFGn2zYXVLXS
+EQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/moonPub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/moonPub.pem
new file mode 100644
index 000000000..94fadce57
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/pubkey/moonPub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHwF+sUXQdH+WwYzdPMz
+pjuwhGGvHgsmBah1IQsPsddL9gZygerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IAB
+r87L9JAva56EHIAiUMuG8WizVbIKIhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6x
+vMJbwHLi0h7BUO9tBVLPy72YeGNBY6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL
+0DgYP/n2maPEJGEivTFunkJD/mJ8DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhy
+YK5wsATB1ANeAtlFfgH+wsuHjZwtTJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47
+nwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f1a074fed
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+   home {
+      local_addrs  = 192.168.0.100
+      remote_addrs = 192.168.0.1 
+
+      local {
+         auth = pubkey
+         pubkeys = carolPub.pem
+      }
+      remote {
+         auth = pubkey
+         pubkeys = moonPub.pem 
+      }
+      children {
+         home {
+            remote_ts = 10.1.0.0/16 
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-ecp256
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-ecp256
+   }
+}
+
+secrets {
+
+   rsa-carol {
+      file = carolKey.pem
+      secret = "nH5ZQEWtku0RJEZ6"
+   }
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..dc166b588
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+  load = pem pkcs1 pubkey openssl random 
+}
+
+charon {
+  load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici 
+
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/davePub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/davePub.pem
new file mode 100644
index 000000000..154ac5034
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/davePub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jzcTcWEzV+14gWt0dJC
+Ew8ZYpfWCD4lTz0grXvhf+T9gMHx9vx3SiZvAq+CBTuTkpsBydpUEbQC9GZv6qRd
+1FmIQCUk6pHZit+UH44w3tuc+YNB6QjT1PMMm31rULX14jGZQnaHYN4MASfGumnX
+CwqdYF3jwx5iGOQAStGHHwDxmUFuR3IZAkP7Lwa2nSJZLivPxqIZDS9hL4/0NWQw
+ltsaGXZqrBVj4Xffn/8tUbbjj7LNdN/WjxovA+XX48dyBq834zvrpjduojlgeCHY
+IQlMJoF/jOihMFJDpOvVxDkH/9XnX0nXH+6H//YKkRBdsVgWJTeQuZNM/P2lyZ5W
+QwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/moonPub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/moonPub.pem
new file mode 100644
index 000000000..94fadce57
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/pubkey/moonPub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHwF+sUXQdH+WwYzdPMz
+pjuwhGGvHgsmBah1IQsPsddL9gZygerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IAB
+r87L9JAva56EHIAiUMuG8WizVbIKIhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6x
+vMJbwHLi0h7BUO9tBVLPy72YeGNBY6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL
+0DgYP/n2maPEJGEivTFunkJD/mJ8DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhy
+YK5wsATB1ANeAtlFfgH+wsuHjZwtTJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47
+nwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4383ab850
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+   home {
+      local_addrs  = 192.168.0.200
+      remote_addrs = 192.168.0.1 
+
+      local {
+         auth = pubkey
+         pubkeys = davePub.pem
+      }
+      remote {
+         auth = pubkey
+         pubkeys = moonPub.pem
+      }
+      children {
+         home {
+            remote_ts = 10.1.0.0/16 
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-ecp256
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-ecp256
+   }
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..720e903c9
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+}
+
+charon {
+  load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici 
+
+  start-scripts {
+    creds = /usr/local/sbin/swanctl --load-creds 
+    conns = /usr/local/sbin/swanctl --load-conns
+  } 
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/carolPub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/carolPub.pem
new file mode 100644
index 000000000..8fdc45a70
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/carolPub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/PUNxfK3+w4AuLUhn9F
+y49rmb7h+JJJPbBVZauXDeFSN6LAt+Cguu0poZfiL4C3zZmiXaZ1sRcWk772rFeW
+I/a7R97Go/iYG5m6zcQsDzYQ4vSVDZqECLw7epp+QMwFKC+h4mkTA17TRSCHneDu
+FPt3Dy1KBw8apCRa60ggpP1Pp78dsc2NG1iXD1mUeynyBJiOD9Dq9Xqh+2254xQP
+01G/zDZjvqudFGZQZ/caU0UWaDFme0IlG5iW2fFXtVwIWimnJq5i398+aMDFs9G6
+EcppyfMjOrzcjF/l9KMxOWW4YJ9YVf80YQ1dqYGoKGREsea4Ic17HFGn2zYXVLXS
+EQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/davePub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/davePub.pem
new file mode 100644
index 000000000..154ac5034
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/davePub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jzcTcWEzV+14gWt0dJC
+Ew8ZYpfWCD4lTz0grXvhf+T9gMHx9vx3SiZvAq+CBTuTkpsBydpUEbQC9GZv6qRd
+1FmIQCUk6pHZit+UH44w3tuc+YNB6QjT1PMMm31rULX14jGZQnaHYN4MASfGumnX
+CwqdYF3jwx5iGOQAStGHHwDxmUFuR3IZAkP7Lwa2nSJZLivPxqIZDS9hL4/0NWQw
+ltsaGXZqrBVj4Xffn/8tUbbjj7LNdN/WjxovA+XX48dyBq834zvrpjduojlgeCHY
+IQlMJoF/jOihMFJDpOvVxDkH/9XnX0nXH+6H//YKkRBdsVgWJTeQuZNM/P2lyZ5W
+QwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/moonPub.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/moonPub.pem
new file mode 100644
index 000000000..94fadce57
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/pubkey/moonPub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHwF+sUXQdH+WwYzdPMz
+pjuwhGGvHgsmBah1IQsPsddL9gZygerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IAB
+r87L9JAva56EHIAiUMuG8WizVbIKIhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6x
+vMJbwHLi0h7BUO9tBVLPy72YeGNBY6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL
+0DgYP/n2maPEJGEivTFunkJD/mJ8DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhy
+YK5wsATB1ANeAtlFfgH+wsuHjZwtTJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47
+nwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..eac4bc1aa
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,20 @@
+connections {
+
+   rw-carol {
+      include swanctl_base.conf
+
+      remote {
+         auth = pubkey
+         pubkeys = carolPub.pem
+      }
+   }
+
+   rw-dave {
+      include swanctl_base.conf
+
+      remote {
+         auth = pubkey
+         pubkeys = davePub.pem
+      }
+   }
+}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl_base.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl_base.conf
new file mode 100755
index 000000000..61e71f873
--- /dev/null
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/swanctl/swanctl_base.conf
@@ -0,0 +1,16 @@
+      local_addrs  = 192.168.0.1
+
+      local {
+         auth = pubkey
+         pubkeys = moonPub.pem
+      }
+      children {
+         net {
+            local_ts  = 10.1.0.0/16 
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-ecp256
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-ecp256