diff options
Diffstat (limited to 'testing/tests/pfkey')
5 files changed, 26 insertions, 8 deletions
diff --git a/testing/tests/pfkey/alg-aes-xcbc/description.txt b/testing/tests/pfkey/alg-aes-xcbc/description.txt index 24a4afe57..cce0e1cd6 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/description.txt +++ b/testing/tests/pfkey/alg-aes-xcbc/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC-256/AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b> +<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b> in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat index 853746cd4..5217c18df 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat @@ -1,9 +1,9 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048_BIT::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048_BIT::YES -moon::ipsec statusall::rw.*AES_CBC-256/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC-256/AES_XCBC_96,::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES +carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES moon::ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } |