diff options
Diffstat (limited to 'testing/tests/ikev2')
66 files changed, 424 insertions, 260 deletions
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf index 9e655eaa9..278f98ec3 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce chapoly aes sha1 sha2 md5 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf index 964c520d3..7d030517a 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce chapoly aes sha1 sha2 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf index 3314f7538..d2137d969 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf @@ -2,7 +2,6 @@ config setup strictcrlpolicy=yes - cachecrls=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index 7014c369e..ea1b90593 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -2,4 +2,6 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + + cache_crls = yes } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf index 3314f7538..d2137d969 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf @@ -2,7 +2,6 @@ config setup strictcrlpolicy=yes - cachecrls=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index 7014c369e..ea1b90593 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -2,4 +2,6 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + + cache_crls = yes } diff --git a/testing/tests/ikev2/default-keys/description.txt b/testing/tests/ikev2/default-keys/description.txt deleted file mode 100644 index 889f8297a..000000000 --- a/testing/tests/ikev2/default-keys/description.txt +++ /dev/null @@ -1,8 +0,0 @@ -Because of the missing <b>/etc/ipsec.secrets</b> file, roadwarrior <b>carol</b> -and gateway <b>moon</b> each automatically generate a PKCS#1 RSA private key -and a self-signed X.509 certificate. Because the virtual testing environment -does not offer enough entropy, the non-blocking /dev/urandom device is used in -place of /dev/random for generating the random primes. -<p> -The self-signed certificates are then distributed to the peers via scp -and are used to set up a road warrior connection initiated by <b>carol</b> diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat deleted file mode 100644 index 43d85d06f..000000000 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -carol::cat /var/log/auth.log::scepclient::YES -moon:: cat /var/log/auth.log::scepclient::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES -moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b..000000000 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules deleted file mode 100644 index 72a1c17c3..000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,30 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --sport 22 -j ACCEPT --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT --A OUTPUT -p tcp --dport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -COMMIT diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b..000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/posttest.dat b/testing/tests/ikev2/default-keys/posttest.dat deleted file mode 100644 index 25f737ecc..000000000 --- a/testing/tests/ikev2/default-keys/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat deleted file mode 100644 index 8ae506253..000000000 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ /dev/null @@ -1,20 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -carol::rm /etc/ipsec.secrets -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -carol::rm /etc/ipsec.d/cacerts/* -carol::ipsec start -moon::rm /etc/ipsec.secrets -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/cacerts/* -moon::ipsec start -moon::expect-connection carol -moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der -moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der -moon::ipsec reload -carol::ipsec reload -moon::expect-connection carol -carol::expect-connection home -carol::ipsec up home diff --git a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat index 91451e9e6..61adcd2d0 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat @@ -1,6 +1,6 @@ -moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA512 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_512 successful::YES moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA384 successful::YES +sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_384 successful::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/net2net-multicast/description.txt b/testing/tests/ikev2/net2net-multicast/description.txt new file mode 100644 index 000000000..82874321b --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/description.txt @@ -0,0 +1,7 @@ +A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. +Using the <b>forecast</b> plugin additionally all 224.0.0.251 mDNS multicasts are going +to be tunneled. +The authentication is based on <b>X.509 certificates</b>. Upon the successful +establishment of the IPsec tunnel, mDNS multicasts sent by <b>alice</b> are +received by <b>bob</b> and vice versa whereas unfortunately multicasts originating +from the gateways <b>moon</b> and <b>sun</b> themselves are not tunneled. diff --git a/testing/tests/ikev2/net2net-multicast/evaltest.dat b/testing/tests/ikev2/net2net-multicast/evaltest.dat new file mode 100644 index 000000000..7649abc5b --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/evaltest.dat @@ -0,0 +1,16 @@ +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +alice::traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +bob:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +moon:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +sun:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +alice::tcpdump::IP bob.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP moon1.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP sun1.strongswan.org.*224.0.0.251::NO +bob::tcpdump::IP alice.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP sun1.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP moon1.strongswan.org.*224.0.0.251::NO diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..47cd53afe --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16,224.0.0.251/32 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16,224.0.0.251/32 + mark=%unique + auto=add diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..db2698dbf --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..65a8ced3d --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16,224.0.0.251/32 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16,224.0.0.251/32 + mark=%unique + auto=add diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..db2698dbf --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/ikev2/net2net-multicast/posttest.dat b/testing/tests/ikev2/net2net-multicast/posttest.dat new file mode 100644 index 000000000..dff181797 --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +sun::ipsec stop diff --git a/testing/tests/ikev2/net2net-multicast/pretest.dat b/testing/tests/ikev2/net2net-multicast/pretest.dat new file mode 100644 index 000000000..e777dba06 --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/pretest.dat @@ -0,0 +1,7 @@ +moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev2/default-keys/test.conf b/testing/tests/ikev2/net2net-multicast/test.conf index ce84ce41a..48597379a 100644 --- a/testing/tests/ikev2/default-keys/test.conf +++ b/testing/tests/ikev2/net2net-multicast/test.conf @@ -5,17 +5,17 @@ # All guest instances that are required for this test # -VIRTHOSTS="alice moon carol" +VIRTHOSTS="alice moon winnetou sun bob" # Corresponding block diagram # -DIAGRAM="a-m-c.png" - +DIAGRAM="a-m-w-s-b.png" + # Guest instances on which tcpdump is to be started # -TCPDUMPHOSTS="moon" +TCPDUMPHOSTS="alice sun bob" # Guest instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="moon carol" +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf index 577d74e67..867949da4 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf index 9f1d9c41b..e39c9222e 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 978b276d6..3925d92a4 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index c52a325ad..a4cfc6168 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-newhope-bliss/description.txt b/testing/tests/ikev2/rw-newhope-bliss/description.txt new file mode 100644 index 000000000..eb7678496 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/description.txt @@ -0,0 +1,15 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. +The IKEv2 key exchange is based on the NewHope lattice-based post-quantum algorithm +with a cryptographical strength of 128 bits. Authentication is based on the BLISS +algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for +<b>carol</b>, <b>dave</b> and <b>moon</b>, respectively. +<p> +Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload +by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual +IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously +increasing order. +<p> +<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping +the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two +pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively. diff --git a/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat b/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat new file mode 100644 index 000000000..a2df0a3c0 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat @@ -0,0 +1,26 @@ +carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES +dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES +moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf index 15aba18e5..6f561ab50 100644 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf @@ -1,6 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup + strictcrlpolicy=yes conn %default ikelifetime=60m @@ -8,14 +9,18 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes conn home left=PH_IP_CAROL - leftcert=selfCert.der - leftsendcert=never + leftsourceip=%config + leftcert=carolCert.der + leftid=carol@strongswan.org leftfirewall=yes right=PH_IP_MOON rightsubnet=10.1.0.0/16 - rightcert=peerCert.der - rightsendcert=never + rightid=moon.strongswan.org auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differnew file mode 100644 index 000000000..fdfd39f13 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der Binary files differnew file mode 100644 index 000000000..8a520c0b4 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der Binary files differnew file mode 100644 index 000000000..b2831a8ed --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..c2225646d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS carolKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf new file mode 100644 index 000000000..caf99ddf0 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.der + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differnew file mode 100644 index 000000000..fdfd39f13 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der Binary files differnew file mode 100644 index 000000000..75a114339 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der Binary files differnew file mode 100644 index 000000000..0ec528ddf --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..fe2643204 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS daveKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf index 278943d28..0ec0ac826 100644 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf @@ -1,6 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup + strictcrlpolicy=yes conn %default ikelifetime=60m @@ -8,14 +9,18 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes -conn carol +conn rw left=PH_IP_MOON - leftcert=selfCert.der - leftsendcert=never leftsubnet=10.1.0.0/16 + leftcert=moonCert.der + leftauth=bliss-sha512 + leftid=moon.strongswan.org leftfirewall=yes right=%any - rightcert=peerCert.der - rightsendcert=never + rightsourceip=10.3.0.0/28 auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differnew file mode 100644 index 000000000..fdfd39f13 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der Binary files differnew file mode 100644 index 000000000..d0ea364b0 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der Binary files differnew file mode 100644 index 000000000..c989f91e5 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..b4a9ee68d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS moonKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-newhope-bliss/posttest.dat b/testing/tests/ikev2/rw-newhope-bliss/posttest.dat new file mode 100644 index 000000000..9ba8c5f55 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/posttest.dat @@ -0,0 +1,9 @@ +carol::ipsec stop +dave::ipsec stop +moon::ipsec stop +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush +moon::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der +carol::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der +dave::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/pretest.dat b/testing/tests/ikev2/rw-newhope-bliss/pretest.dat new file mode 100644 index 000000000..058b3c33d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/pretest.dat @@ -0,0 +1,14 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem +carol::rm /etc/ipsec.d/cacerts/strongswanCert.pem +dave::rm /etc/ipsec.d/cacerts/strongswanCert.pem +moon::ipsec start +carol::ipsec start +dave::ipsec start +moon::expect-connection rw +carol::expect-connection home +carol::ipsec up home +dave::expect-connection home +dave::ipsec up home diff --git a/testing/tests/ikev2/rw-newhope-bliss/test.conf b/testing/tests/ikev2/rw-newhope-bliss/test.conf new file mode 100644 index 000000000..164b07ff9 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-sig-auth/evaltest.dat b/testing/tests/ikev2/rw-sig-auth/evaltest.dat index 5e264c5ab..20849de1a 100644 --- a/testing/tests/ikev2/rw-sig-auth/evaltest.dat +++ b/testing/tests/ikev2/rw-sig-auth/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES -moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA384 successful::YES +moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_384 successful::YES moon ::ipsec status 2> /dev/null::research.*ESTABLISHED.*moon.strongswan.org.*PH_IP_CAROL::YES carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_CAROL.*moon.strongswan.org::YES moon ::ipsec status 2> /dev/null::research.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::NO dave ::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES -moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA512 successful::YES +moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_512 successful::YES moon ::ipsec status 2> /dev/null::accounting.*ESTABLISHED.*moon.strongswan.org.*PH_IP_DAVE::YES dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan.org::YES moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem index 929f737c8..d786db30b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEITCCAwmgAwIBAgIBJTANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ +MIIEITCCAwmgAwIBAgIBNjANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNDc1OVoXDTE2MTAxNTEyNDc1OVowWTELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1NDEwNFoXDTE5MDkwNTE1NDEwNFowWTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAuByYUPGv67XSQHjpfFjhuH/l/sMIQGhsFcO4ebYv -7otSsjbH4gasmAOvEFxoIxkOG9IWFAHP1WyiqG3sOsyyfUg6wHl1FTe4Y3kHWZp0 -DvtT6CWnnxQwKibIhXfB3IPHRTcRG1zGN4J3Vl6IofIRlrl0K3NYUUofn0xMKAoS -hLjwuqq2eviX5NIQDOTnoga2C5Ed58hIc6/YWXzfg9EpB194tcCWmSj7yfq6ruD9 -xAh32ywd10fsi4tt3F/BWzXjySxBlBhvvh6kL/Nqa6OSWaXsvZqXmrYm+hm4LKkO -ZLZYzBqJRpRm1rEhYqMg2u0SSSTXsNFuw+027n7Vt8+DzwIDAQABo4IBBjCCAQIw -CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFPk6ATSleHErWFAYkCZD -BhDo8X1qMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw +AQEFAAOCAQ8AMIIBCgKCAQEA0021rEucwTZnd5pGxpWrXvn6Vkhd8ibwiyQ7ynpk +1Wi+WB0eWqW6ciU3BbA6L8DXUZoo0BzhIlH68X1n+CWiSBS8lBC21QJTAYywdQar +TVzUusbhX5S7c6JQrk9Oj+Tt+X5D0Q91SMfcB/i+G9IpZZz9DiceCIxpBd0HxoPJ +PRANjThQnqot4TYYUm45N05PixAD+K3P8Yik7BTRHPV4JhflPeOd0pTZL2b4sg7O +vZctotdF/riDvDeixMS/OlYxrKqVeP1wafsTE4MwADooRgaWa9zkRTxO4JwNE9M3 +LQ2s8AUq73kHxwJqhvom18lgMD056iZYqN7RKSaE+Zn40QIDAQABo4IBBjCCAQIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFONu1FifPZHQiluTzIlQ +02i3SSqWMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS -c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3 +c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaCFGNhcm9sQHN0cm9uZ3N3 YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHiE/MMyXJXuMuhw -/lu/UwjCHbbJMA9QrBJe++34OwAV0siM98loVLs23vHXk/52QHRIwZgMLO2FF9Pk -4JkFOvTXCgNPZKrUL28UhHsnJe8EZVOuir5o6yTSti+J/tR4M2YoY67JjW/KeTwU -BVBtBVH88gf/xm2mSlIrkHxG3/GWqyEdeY7BOaft1sFTTZ1gKKXQlARtWidho1mf -5Y1lZ//kOuvMjnk+hEWPWESq8lBzLOmQGBk65vaEH3LVZxSQVJbfG2E0dHgPZNgc -hFOS8Oc6L6AfKlWHAT0ZCR5+1YsxxnlsftHzxiA0ayGCgpn2qcN+OPjfzPCtC80N -6oXDLZM= +cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAALEERUj19IbP7NL +fyNy+CRVZ9fT20jDjLhQ3yZpmYep2TEAAGIP2I550tc/eIXj4LCJJ3i5a/AdSQjW +09beMwXatszqrE+taY7tELSKGy5Pbnb32HIDPwKXs92Ivxt9FgwUaLrj3AtVUmxk +0bhGMSjkgtrxbeki9394+ISW0EdD9DZSheJSLKa6rykb7akQPU8J2hreVAFdNZnF +RDVpT/OI8ZoH0K12YvthC33fysmKyGNCjDRP/x4UsdrnRpHP7BMjVe1TJQBiu6cm +DWPvj6ZkKqRZ2P67GVZLSu7s3hHKu0O5p3oY0J3YLh6ZrCw53dfG0860vfAV78f3 +DhxaCpo= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem index 497d957e3..cb9c85a81 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,0BFCA887A0607C7629452B14E865F782 +DEK-Info: AES-192-CBC,3B3CC0EC06DA44CAF42AF63116EA300A -NG0IHVWcpgMabsPpHUOQeWi5pbAaXeQMkBMAJt2v5UIkB8oKojx4tFt98IKxlkPX -oUNYiw5Ku5Iz61EgO2Lk7NKYB1RPVYSvqnNOtqOdnbU6mb+rZD8dP42wLmVU91SP -VkBGCutAV3jP+lP5WYxTqUJI+MHaWaQxxDABgVYwpOgRdri1hqvcqVU0+BIEgnq0 -PzjOGF34zOyProCo3T8R4Y3QkuFy9KJAKfBRVQVyx2Mmu/3cGB6k+7YiU614WBxM -MlG7gMWx054QrYte5G9RvLCv98katprqbxSFF9Co1aOkLMxdY8vdyEn0I+oUfZuB -bZ8e5cdWEzdkz34rquh7cty+WyMfwboYgndXtnke33k2nltoP4Nhvgehyo3hQcio -4elGTyYTlzzSR+bcAtF2otcPL3idTlcCJQ/8gcydotY3oBI44lUhPbIYONKQYYUX -wYrKdZDHa2zxKRyWLEgbEqfN3S20iITREUu5pTAB4nzNtNf7Af6R81bS5/WsfdDk -VfJJC+ICX2GWxNefUPR+/wMtHLv2lIDzuBFFborF7v5YYHbQpXpjWbpFVaw7/0Gf -d5XuHG3OBMmZL0q0rLbSrOfWISJ2QnPmC9bqp6OgncTMDuMXkmyXTDu1F+oT8gZ2 -IBRL94gPvG5hJYaAIZXxxElbxhzmNb4E1nnYikYJXJDvjOk2+yPVZkVOCBGqP5Mn -p2ieW5ZBBlUtnVcRAalJKxU9l/vPjtQjE1/aeH2Z/B01Rjn65kiVXwyLQxnxBtDA -ed7Rpdc+wcnlleMLkIg8FntXpb7CIxqNx3eC8yaq7kHDCaWHL+6/4bexb/Q7Nzxi -H70ITSHu7L4p1KpLJIyaYHRYG0AKjr+vezK5SjREjZMpH+w805QLz5d0QpJSDTWI -XOkPW/vKvnacvUlPIlQrAS5fxMCQJgQmTGvbKnC+qE1Tbkc4Bz19cZn6Fseq1tPa -i8w2AKno1t+pRfXXrh7p8A0YxEBA0atf1O7gnyg6aMcMHfm3kSxq6xuPhNI4gG9z -v3yLNBd/08GGEtHNa6jG3cvankHpG6VUjFd5jwaHpvLZCh8U4sA7r4soXXag49LC -Y5UkHcjFkcbacBKX39x/AnGUCmP/bq+PLJQ7z35XQ360rqFTlGPISGzLaDiBKFxc -53xtkkgTqcrZq5Tv9xOIT+EhH7Z7ndAtA4hIs4rSc0d6zde206w3hzqzUwooPppj -qEd+FSb/lPnKQ5Q9z8pod28+CxCaxqxFBqfDT6ORlegdlvIWDvw4HS6BVWK9ZVy+ -xODJ4t1hTuTNEZUiyG6DMkhuQ41L39mnHxcSjWicS6BLYql+BAxM+Yp62VC5q3p6 -qIG17JjTSOm4FuyO2R9l2/jXjj4l4adPDtCmpJfI6PXjXdptWBITl1YrgHgeEme5 -H+Ag9HQgqbuP8REc4TwwCoMOV38KLsvlxK2oa1o2dJPF3Tck1rQNVM5mY8TnxSN2 -ozygG/ECyMoCyBDJYELfh1SN4OmX8kbsl4t6YxqydmRy9AqaLOwwSCKIWLH0graF -HwDujb3VkM9nhplw8aNeLZef4M1EpCwVVW+i6h9ADfWClePjJlJ9XTtgZku1TPEA ++1iflM4ExvjvCHQdk8C4nTd3DdND8KXrEHgcfUBlMasBSRca7++2i//FKNbs7wTe +M5X9JsHiL8ySsioCsRC778726Un48IRIrioBj4B3EsZ+vQL/E1JoIUA+Qm5WkjNT +Rd9o5z+C4GreHRWYP8Io4j+kDXPDTz1Ga7EcNFqoQybjwca6Yn8elZQ+ZfntZxTI +jVY37X1p9WmFv5ySkw5NyHzLgRGaPiTPg+MB39gOWzvZoZ6qQbY0lAyi+zJ1Xu+q +m4XeqNxYs0hLjEujTZ5+7StMThoTJUGiA5DbjQb07c1n3G9HytgyTnihEYWVCPq8 +Rb4f2/grVWj4DHGOXC7D5LNvvvrDHZZRIn3DjT73vveAUJcVawXCpx9TBZIvgsP8 +AbLr7PUUUmnngSkCRpmWphJjEEU28ocW9nP9qs7kLCk4FlW9vDXru37KsjiiN+96 +Puzczv6M9SLdvCKVfAYoKRNrmmfHO/HzvDBQfGhixs5B6HqW2RZ4TV1kUuqREhw+ +5ZbjROPbcXw6M0S2WWed81YxyFmM3OKxtFw5m4PUzQgG0uPAO2ttJMWjY8MWGxin +QYBOldvlXNkJOJOMJb1xYJ2OR5idDBvuhac5vJPMVJ53EMsJUviBf95HMZgCT4e9 +bcWbd1t5zV/xEyJRX+OlMjN9ket1/4m6faXTbcuEkhGGFiHTCv/wyPjBEtHQ6Lav +EU8zdtRHU4BA15qOwWvWYDyIya7LQfpcp3CuTwwQoOr47RIya5wz1WJvfrciuJUT +ZUflT88FSkfi401GRwFANArG0pdujuer9eHCzR39kQ1v+9goI7LF+mMElZb2Wugt +ccrX6RxvtBzAQBMaakMWQI048vibWjVGEmXxEVx4rgB/ze7WStVX+36/UE7JVw8P +zp0ygt63t1DgqTwwRGvkq/nvbOw6rgSuX7RWuOFSn2flsgEejJt1dmrg+/Iyb7Dm +/pw4d2+66DqfXDMBrj8+mwTPZolJy71aXv3xOY3rOB6Dj0K6X7WZVEiJMFbBdsJe +xS8OrRausahEno5KSqA7O/EXm4eGWl62OvMtixUV3Gg7Mz+nTsHbU6pzdMpa4QM/ +eLCPfUpyIFCk7heSh/k3fc9qG9L9kAn6qx+FoiZ09R153oRhIqGb5/P+4iXBFLR+ +OlsrSPJvXo/JpJHQh52SQe6mCnwAYIMS7KxF3sDFAFQKPzzXQaaqXUQkOLeO4Rvm +GKeRDpnfZ4RcdVu6gWz0stxnK0W32T0ZZj8RXlVJOJJdcfZ/gfmt4wODkqVCewF6 +/6JFneSz34qUHreHrX0fmQnpOTo1V3t2/iuliFH05q5ZuSRkFekt8qBlHm5bomYR +Xn9DwOUjFvIUoRj9qDO4L4H2wT4FuJjWL6WRzYtk/Z2aZzLcpGN03r8X7EOTbqiC +tAgb0+7HPOSiTQ32DG2mJVjqcCCd1zWGY+IYSbZfFxWsKUqhGa9gAQQpaowoR7nc +7Mqf/Fygjlu3YKPLHu5x179sl+cM+oYqN5ekv/O4Vc0f37jlq9/QN/MNpe724DMy +BOdwY6u3T1srykxtu2w7F6E1Yjf+y0iW6mdHvfzNWoOUFNlQwmqHq1Vw1XOfk8YU -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem index fc769c1c9..9c62f2132 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBJjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ +MIIEHzCCAwegAwIBAgIBNzANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNTAzMFoXDTE2MTAxNTEyNTAzMFowWDELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1NDIyNFoXDTE5MDkwNTE1NDIyNFowWDELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01 MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCs5SBCzV3Is/w7CIzfBXRGv6uXwyDivRXXYsczeSRf -5mw/slRVAEtNbX8rQ8BWLIqiJPCLDek5ODkqKI+hArZVpJqMzZyql2Teosrtnokb -h/yA8EWtEr0jII2RxQ0xb8r25h+DwBosAM15B1rCAMmJOjbEMMBGmAb7y7N0K8nr -Z8RctwrRdCGVcg+f+LFrklF1tBLs0zGIrJsk1eB0XbrB+fEPar9Lmn+/q2QHGPCt -aOlR2ZxRsjqsYJW9yI8r33PVVm2aGmS/19UguEG8FC3owud0boHfP91/NvSIWfhP -iIuDPjJOBPEJ/I6OYjYXXQuOZYwFGau2WrpNDQioPgedAgMBAAGjggEFMIIBATAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU5re6olyWAt1HfN2l92Rb -7DDCnxMwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +AQUAA4IBDwAwggEKAoIBAQDOTJOm4HBLbc0fCUHKOSYSAJj+dbWmXo+M+ViblRwU +iTij2wBchH2T3SUuj/OimtxloyVWyfATS7eTjCbqPbduVc2aE1QqwpBzTGnh8hd2 +1IQ2Hg/ruAS1t6XlGbQXbzOmA53tePh7iLMeW1UzIlq/i1isducIKSOusc5/225j +2C3OHbfpIlBzW9NgtDZZqAc6BsI2z6XsaA/U0S+4YYv8mImsSm71aoeesGLV2Fqm +7xQLxzH7eQQS1gg8+iWfPTU6pHL6AYR7HKKCdMiqDUOrP6VEleueinnzh8MbWwa3 +z3iIJ8pGD1jBLJ+Tlt+qKu5ZE0fGX2WCVntkf0IWc7HRAgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU4jVZk42tDoUyFnMs869u +69kHafUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz -dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu +dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITZGF2ZUBzdHJvbmdzd2Fu Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQAtRPFMSuEnPmqeC2mF -OE5N26r2p8HfB4FAPwarlg66IIvKvkk1zqn5YfZIXfMU/x5q+85aO31iQmjlAPpo -KXqRq7V0a0ldjXEr+Tz7xG3jno989dBrD3kQZnwXR57xGt1qTVGY7uQdbgXWzVHM -GYS6gjUw7Df9vAQcTfUxUpZc5wlDoiRrFkyPc1raFCZF3//Ig9agjO4r1SzPHYw7 -LrHJR1xkd0IWVTW8Z6xB14j452IiimhyK1zAR3zmh1vH9VuHDLHMhyjSl1R+gk5U -KzDPaqXd4NA7eIQNiAhysYTXfmUYytbFNZw9bamxTxlCmca1snuTIcFM5OYOfxRT -iKMh +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQBvE869kmBTDlTm3LnK +Sj6tGRhE0rN/Ki3zHBTlVzGZvaggt9ZvPFcLypLZkC0BfPu5/z58ig/Z8dC/bITR +g6kr02wgpLlwOTrU2dNQ/ehKOKClG0gkNNlw4cdi5ayRFXVvYhWzZNPGvIY8O8EH +LY2oZ0LXBvttx+rSuFAYiOEXON5/oiiNpGxqGu2mYIeyAAIIcKa4PqvGu7DxEGtN +OKwJ+ez5bg4qpUVGgBYce1SbzShS+eAe87xLRL1QKxcBD0DVFb9c6hrPRIpdxHD3 +AEFEo87lj5npbvP9PExufP9mTl4Ko7mENhEYVo4/2eGsMmyD+FXUWUXr7bWY5Zrg +jSFJ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem index 3223c1dfc..8fcd41063 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,8AF4F2ED0B6D096AD675CFDC4F41083B +DEK-Info: AES-256-CBC,5AB0B0B04BC2FBE873B5D35BF5A6082A -2ezZg1fOw6Wcvk2ei1VLqpA1Z5lxroSsibmDu5+UuyJyTtdbPPY0iWxnryVoaXBq -9VK4AD7lkoJOX/CymbzSSOkBL4t9fN6akefTN6rEY6g8zN2q4al3xxIvZv0WgCDg -XxqJ8ZsdZmUoe12RbJ6HvMw9UR2m2XZYvwcD9+hzT8Agsy5JBV5Nkgxc52ZVYoIh -O5E+PI3w1yrXrzIPx9H8nj3VKRGguZCVFtae7ChSSxotoaIQxM6weVkEDUQXtSs9 -CmtXrn/o6uiafzfHx2pPELdsARlnuyvbKATrOr5lwnM4kwUl+bBvoRI7YaUsg/A5 -48gy82PQRZoWH3ofQv1d24sGc6ZctrzRRrCLzDAGDd3fw8bJkV2b/9D1u9O5Df7+ -Vs0fdrRoP8ooa9d131zBy1brDUckTsTIQZ3Sn4FdBI610MX7l5gJ+7vXYqp/rMOt -Rq8LZoKggzeklwYjum77YFdtbv4m4ihI4DUYHY0xWgMDUMQTFLEUgvAeNrPNRRwI -Ep1JmV9I7it6DHrCD9QmVWUoxSgRqodQDV4p3npH8WlrJMlL0ReiOJZ45PWOsmvI -AAjdsKLwqQEfXkckCvtCM7Nuu8pNA7UUm9TqNLFOFR3HWtm0si1IE8iXu3v/o/tx -OzzRl5pxc1tg8TFiFrNT2+6+HcAJOnWboYJRJzkcW2UzVpSZ04BLiXHPfGue1gG7 -uPZ+pp3k4iQrRRC45I1I0MwE2gOpppt/MUmNVPGqvL/Uu4RGzOjPk6Re4mm3GvIs -JOD1Pqsg01OUqKTNqsTPEld8vLwFPlOgXwmPLr5cpC/hGo0YUx3ysJ8Hw3FN20V6 -+nm9xWpPytNqfaY7jaxhMYZPgz81WOuGrlCv48VkoJiWlrTxbaq2t4IzR2SdyXKd -HNu6ryFn0WVw6hVm2aE8Al9mLxmaiMhg6HaonPoQSVoHRCCM8/GoJQRx9I6lonTC -ZY04BuAUT+nmMlEa0vlLI+tbS7gNkSNG/UyUFGRN++vzQE6s2LPfe9FRsdOfnhaO -W2VqbFbiKkPK+pKXjh7ln+NMrXIGxYVtuKWFEUEp9drh5MQCUFNLTn2Jblb6u0kQ -WdBP9Ku+ea9VprmUVnTYhaRZbuMwQFlfx9eImZ1UQPs8MWSUWI0t4RB+9kdN66n2 -+H3aJTpGv4BGNdSohSCbKKe/VttflnkMQHZmSY1iTDQJhZqbMSAuNv/H3DV1ZBWv -pR1MYwG/kXbaKaFRTctPE8tLxTvO8GG9JmOPuMgldYD2wq4zAu4Fr+Ve0jjznQGN -nGDtG7NoUJxJBbcFFPY4pRH3wtLWXlc1WUnPAxen17ZjbYHrvA3WJqTNCdtQ9tan -StaDqbhDTwSS9HDAvdH7tXLk+lQ+xlaeKFDRd/6K3Tngtjwly+kJjTH1bWR9BXyc -rHeDSpexPdMgVccuDTGDloebjZ/lZVKqkyL0f4/gDOtw7/0kjTZZXkkoVeVKqQyW -aHREhiszCHhJzW2c+Uw7mPrd4tfolPsI6mneNtt/6CCf0kl5Nkx1rg7Anzo0YSvK -vHj7ciRZLri/B4fOFhfZvk4Qgjoq2t7cBKnuAcZuN7pNM8DRruDekrHKY2+uHJnU +M9GcjSK3WP68ZJ2KcFTfqU+vcqft81ypCMkRFJzT7RIgx8Z8dKUYUZtJLX7IkoSL +gFbux1Jm7eeQl+Lj73Vkz3JjQDHPz7jeh0MjbPz93IOqwo14NnEiVQylt/cuPgHO +/VkRr/rd24nObyEVMZR2rfQW+fHDn64EoJ44RCkK8M8s0edLzl942SnyZbOTKpNt +2V3G6v40e0TgmgCBQrJIAW69GFQNOndRMCQwtPojkX5QO8yeqz1m8QXhNAoGR8Ei +iJjy3u24dzmkMBSeL+1tlbQoMsR8dcNxroDBxWQerFbhfWq8yLHey5FyTR8mumqv +PFuEA+MJNOwj+WozaeMZcWdCB8UDadtYfNbWRRGOWQaEC/hjySmiegxr/XfGJRhO +QYUze4F2BbA7sY5E0YWMm6ENfbKXkl82sW6K+tFZrEQQXh0zaeeuOJvTxWrCKxMn +4lnIdczwhnegn/O8xRZ4GNHZi2nJrojkIBj2J6quzE0KcmK1cwmv1Gt+QJqa42pD +LL7HXl446oAcC+/8h+euwHubZwAv8fZn09j9lA3YFd/Klw9hRg+M4iesNLc8W80h +FW/W8InQwa/BfA4o0IeMMkewVi4EbSIhPcQkz+rUHgS8bjhvX0/E3jFdzZnatzTF +04pHtxSHRnIp/L/70oGs5yk//Rn+KjYeZxAIHJgf4J7gfYhjQMi9DzD2Dpan7Dlw +N3VtNeHb3wyDhYK9vsNiLdFBHU2oNXrZDtYYUDJWYVuzEk6X9twROnHBPPlea0xJ +2nfpTChtBkv8pSIadvsvkORTz7fKjvco8f6zndMyzKQ8xyAVSifPZQDWGmRREt7m +HTb/XlB9pz/KNQCgNrgz0fN4OLkQKyqYhMMsPCbUja/NnTOvdhMF5aDEmB0whokM +XhRPKFLHMjaqbHzBFXYLmCODkdCrG2wkbLHTtMmOc2zNBFNO7ApeaPqggXcC8Y09 +VpUsda5q6GMUpDVveY+ZHiSSGBYBNPHARX+aryNzY5KEaItjPD9aO9AcZoT55NCC +iSD62CKlOqm2MSy7VbXedyrwlUtFHxg40XAsMO0chPc2OxB0QDeCmaAi+T4RQgZn +O5W5b5DJNO4NbTjJ3ivmcl3QFKgJFZN3S6mUbKmlS/BGRMDSykRUtooI4ULSELMC +r1Z7uTMl3nL4Wf7sjS66iUd4zGjF3BEzFsEtbk278A9jdO6wpFZNdb9hYrISzI0z +1nezvZBFL7hKjHnTRaylr83d4o6qoPG07JmgzIY+UVFr738CTsoh/rq6AM8hWUek +tjst81PFqLKqsV121022epxfQSe8sz5KqzehTBWYo1ZbzlD9B8LkzXXIkVpOBPDY +nFpQYiwu/V12MGVTmAb2CE+F/j37KAbsdF5pi23eAYvp/miz9SqkcsD/Ucyg8AvN +/yfv8EX7sf7tPsknckExorQqVPOZs1XITUx1Zsmv+hOKRMdtyrVi7mn8wWPbP36G +uTL6glQVlGJXf706IcvG3tgKgXnG7DHK+txbhNFIivNd69C4ykoVYhSXpmHj2HBq +fkuAPRwAdSd6xeWDlZ49u9l/Q2Je7JO9r1yZTrC7KDIFbEZkpbWPObYjyyYYB2sq -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem index bda4f528e..20fd0249b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIENDCCAxygAwIBAgIBJDANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ +MIIEHzCCAwegAwIBAgIBNTANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNDUwN1oXDTE2MTAxNTEyNDUwN1owWDELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1MzcxM1oXDTE5MDkwNTE1MzcxM1owWDELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y MjQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDEPYW1tmcbkgNMcnOHXAKHlgL2k7r1+rVWJ/8NF9vI -7MpQ8qomHPV3G00CYSQsCDgBVvK71pasiz+dsYdHAY28ihb2m/lsaSquwsb0Fexj -hJiqaohcLJk0MjTDUdArh6iddvDAYMDkfApM49TaXNxdz0sffV5KOIH0hrQe0wsw -P2p/SHTATNh3ebTLr8Y7dMKecxFrKQswZc+d7gvIftZXRvjsUprc77dDURGByPw3 -N+/23chuDXNNaxMylWQhmiTUne8tIyg0vtur3do5Dq1IqQKqvxSfBjRL6ZJU0/6l -KuhChV0cSVd2H2zzovuke5XzHzUsoESWXWYK9qIEj2HRAgMBAAGjggEaMIIBFjAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUT4FJonJgeZBpFHc8iosc -WWM+mPswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +AQUAA4IBDwAwggEKAoIBAQDpZ9FM1s4VqqweOS24P5dVW4uTVrN4HgK2c70P+umh +u5+pr8cyPn/Kdor7SU9B/GdV6onZumgSUaeNqCSmGzLA77x/nR1xRWtiszWStJUQ +ICszEb8/WkPq68jlsmgIsfpTmABOBPYTvAqh7bZCTSoySG2fKt+E4UAd5S+BH1CH +YruIvrvuNxVMA/z8J+tMFZGqjQ6DopatYgSpccbSX5kuAgXCA9g9cemoPoKjjjLD +w0JBKCErtNKimY9pvf+SaRqoCc0YTIw6ydyna0e+tuPQImFjopZTyelnGHIZ/l62 +lnmrfB+sw2Younp7L9Fh9ki4wBOcXS/g4fQgyjKvLAG/AgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUwdMoB5LJvckJ8GY1vi2f +AiL8s5YwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu -Lm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEB -DgUAA4IBAQA60WN0QwQuFVYg/C156POjKENZP9CGF8NyiC/NUYqgbIrGGTTpwTxs -pW/+YDG1tVtCkqtLGsO0uZRe8Ihs3afNsPMNlCiTCPgrs5erc4ZTv5MB7Ap2lyL5 -NSQ9SggICbQhkHQHP6TINtas9+FrAw10jWIa107DYLLC7Ea77Y5vryL6/ymrpwdL -Vwm9kAkGYvm0lmzw6YfzPskKc3MpWnjBTraPG42Z8oWTEDJnBtS761k60lNwndKC -JdRUxoOOegzsKIIzorRz9xCN2zA2CAeChqHMbBpNCRwl0dQ00ztXReONl97iNgw6 -NrdHsqCiH8Q+I2JCxU230Zl6UFKARLo+ +Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDgUAA4IBAQCzWf9dGTbHy8B91uSR +BAR0K/Wi/j2AqqhDxIH7/PHh78ww9Zb1bBeCt5iFnpqGdTe17vmbga8QGK3W7NHm +hFYUJhXGyxT3uclUzsePLXKqDnoG9tbZMLoJLzle3j4uJ4PjWN0Wsu+76/QZudOt +zoJUZRyMvDfBByLOLqbdR7KOm0hNPsjCkzEfj2ql+IDQdNhulatpThqTRxZcYDP8 +bxpDIOaJQPGwpQFKIkZ34kZBPjUVY6Ad/mvoTna/ydWrPCGjfqcn/n14vxFS0nyh +FRtEpelFVKTX/JDXs/IZ0Bsn+lWar4lgUEs2PlmS5sMS8EZVOgiazT+rdVNWHrQh +cS9u -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem index 90631fb98..7b8a3631b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,3EEEC63B86A4F0864B610F29D446AB99 +DEK-Info: AES-128-CBC,BA475B267FC48360A09763ED2A15E817 -aUw9rzSBLmvzVlWlCePyRXs2LL10A2QGVjB9jiarsjVLd5k1uVPrLVb6lcTVuGR6 -9pC9sA7+F9Ub1V6oe/n5f1UiHiLeaqdYShfVan7N1z0Kvoaqg1qaVNmbGuZH81Mv -VH/kvfKbig6Gxyn2wxhxoQ84r5uVyzzrfQlrqcwQze43NuRaxh6Eov/vpel8yB4/ -HNSEyItiDenT6tDO4Exw4H91GYWPbutaTmcsbaDSQS54LMcZZA/NVu0Y/uiJ6lxJ -5qQ8xejBC07nc/g+GJgFRxetd56FdiTXR4ADVUiSgOrUaUu2t9NIMig9VBNYWsmv -wlKI1NB/Jt111AhbF+wdw9M0Yqe3O4V0N+jTxTzff+0gky61T5CxbhCMosD/Ohzy -IhRjeuL2gFvCENd2kn0U/1POe9anPJEo7mYfA8oYpxb/jl8KxIxssxLKGDE5qF8n -+J8jGDFbLkiwm/pDeFSWc1LZqKfZsSsBMhffC4NR/hhCi3eY3HnMpnyngzpWpwwY -eZnElVXFYro3qEuJbLRUkD/7rrLgU+LMoetdB5I8oaEvKucRo7dulLNXUFCt6tbK -AXLWn+pTCuLpjtAXxWjF6Hyr7ssLEcLjixDwdb66Ypqm3YncjFemsRFncVQe0R0b -3LY0FH4+GFFXAOywrMP1rQ+2mhl+BH079bu+BhP3bjusJwqBhlz8j4cnbv/STWGl -B9XnMXYx1NVOMFF23zMm9ftkPa6PvkZ3TcGJX2S849pxPTPrA0oFLfIPqyYLqZ42 -+a2jmMdr7lPtcT4ENshpWZ1L8O25Bl10yll+Upx4T7yDrSD/9P+yv/MyIlGiV1x4 -N1oaaVdTLU+ZZbpjVUmD/eSprGye8FzblEhSkY990m5kupWxiPmHzLCKHRYBOnBS -rNdyiz7pTXAQQLZBP4/RLDlYuIyXmbmn61PSdF7u6K/daUf+voKHHGi5m5NUhnS7 -zkUx+ZrHUoWhybOeMoQT0lsx0BsD+NiuqUbthkTFXyLD2dhvWcyAtsOW2yLMATa3 -09HPwdjI2ntJx4Msz1jqBY8XicXd+NHS5yx1jvg0POnygX4sU9xF0J3hfk/Phwfd -Cc7I+jWi+1yPwKi85PHEs0F6SW2kxOx9rmdwXi4EC7Lii3d8LtCR4jEKswzLNwRn -uceH3+vUv6UZC7EA9cdcmh6RWe3HvTrHNyPoYHng35jT5aZ1lhYx4bg67TJg7I6y -j2OyP48YhbKvpF2S8uUGdhCZSYJHLqh3yDI1DrzABMZ/9s0xpSfQtzhQYVz5svHk -Hv93VcbqrYf2Cx0OlxuZG4EEObyYdSqFnqMQBEf/L53oDe9jJKVaXt9IA2XHtyBD -SAjQeDUUKlzfD+CctjX407qpF2Z22xblGVKzYL1V1oXdN4E8GXq6VWQ8SSwQF/2H -wQYubDOJ6xxP1PdW+ws2eXhe5g49cSW4PgIpvmxyUEEnKro16RQL4M3Hv5VJYic3 -CRxugrdJWLSrHGnoz/0W5QUTzMX4L2RNf+xeE3eKU74qj2lWEWZgtZLW1waiTqXE -MBvvFYWh/qMOprpTlXWG5vTag1XLj55uutz1KAVXQRg6AbMKpLXi7wTlZ2nUpUbj +jRBH0cHh7XWdhRMqOIoOrQUcQV/petFZ4n8xOlZyKhzN8tLCSDEujKpJ/Bw+mE+X +kXR2rIV3KAywXe3zWkA7s5jiJBKZ5BeTCYyk5veMf9GlRdKbh/BmaHelDRb/yvsv +GVlS9jT92vde96aMhbJM5AI4cjlu4GxFz5pCtkdg2hLLntSDQIl4fa++Cu2ToN1O +6wFbvYrKRB8eLUMXEfU/qfXnjL66QAnPA1vW0ys0DWBQKULjJXYzZJPBS/K/3tzS +HkB+ZhlLmg+aeggxxm3axPa8xF4VkmIfICsOgNcs7nUyGcC+9bY3DWpYtlvYo8ss +xOEAMGygf+DH4KcGfET+21Lzi8vX9Zz8dG2qhulojZ+IwHZAJ2sLcxGo2bJCimAD +0sOA4d+ikplEIUJlzNK765y5CYq93s0vgT7E9RiP1rbV2hn46uPZmTxEH904Hobs +h4aUg7jdiMVHX3/oFYnk0uKjVc4s/QukuvQ2Bd6DTi3UiSv59bZOfKyElQyFwSHP +C/eIn2lZJrYZBhIZT7BaoQ0ohnXiF7LNeyYj7OW7HeMbKmoIyYBvXFN7F0yk+A4d +LDa82N+OJax6t+mDMtfx0bH86mOsvHG5O4Vu3AcJIMTsQgyq+7RVJCt3MJXNshbk +TnkrMrWPFZgPuvZPi1l0+CcUXUqVCQlRkyBccDobG2NFWZEW3isirZX4/cPaKXgD +UwtGZ0/26vxCJHnf6eD2/2xwckKbsL85lFd0M1U0EijL+/4ScJIf/LS8G9wvma5L +cB80m32axufatrhmkQmMXijpgLmyr0IAvdhQgmD3AA99H7BbFueUh6oggjHw2kVK +0QFgW/s+eP9M1/jOlkndALEWzxuuisZ24UFUHLmIGkLwRh955rgtfb4ILlvNhAfG +2YTn9q9eTURwKJDWFk8SDfQiIqDpqC6iSF5A5PAlC9MOO9Xf+kGsj2+wZ5MeERO5 +DTpQOMbM8mKbswmbDwLbT4D1sOCJEPzpYgpN0s+UQvbcM8DVe06z8x/4g1sDVM0C +JRqB4Oz4Nbn/BuqKeNYwwP59y5VNez0Plneny3SRQE0mA711n8uiF8X403U33+6Y +In3B53FPVWjCS6u06YRe99ZXsZ/PsoV0pL9wTqt1Q4m4Kqm5eRQe/Mj4+jmyKbqz +4S4H2YulRHxC/75vqQr3Ffsdk80pwX4Guwpsd3RwuxJ0rPYh3qm1fMIJ1TW7pOX2 +n1RuPu1/N23u6FfVn8oiXny2FbultJLb9X10EQMIIPyqO0Uch7W8pAa1yH7egLUz +wJaxcfmBfVGHnrftSZd49WNaD7WcivZbkZgGWPFT6I8b4wGN3Qh6UornqiPptLSJ +vDYGjPjxA0/sXx/8uLG9On4wrg4RpqUVr7drkJ7PkSGf3q3rVCdaV5HYRdb/Mepz +k+coJ4HOzR+BSN/tm7XgYZfCLPYBHuDmTsHY5a3GjJcKwY+S75sygYR0uG+5W6ai +bdwz3pr/aPB8GEKO+ARLYlowesn57FJRtNg+q5he+iamYC/EK7Oh4bs9H/rQGDsL +9VCrbN3UtqXp8CUUEEtNxBCrIVHr4Fv+/GHHk5vrCWEhVjg16Ww/Pz1UDIILXyef -----END RSA PRIVATE KEY----- |