diff options
Diffstat (limited to 'testing/tests/swanctl/rw-eap-tls-sha3-rsa')
20 files changed, 473 insertions, 0 deletions
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt new file mode 100755 index 000000000..e9ea4aca5 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt @@ -0,0 +1,8 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on <b>EAP-TLS</b> only using +<b>X.509 certificates</b> with signatures consisting of <b>RSA-encrypted SHA-3 hashes</b>. +<p/> +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat new file mode 100755 index 000000000..51bf8c1ba --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..3b492f0d4 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} + +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..db6c98d89 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAw7ArNq1Cs5RMc1MuHO5BZAIAc9v04THLSpCs+zNQlyJCXaij +siTQUbATyhgB5O11HKh69J8PRITx+dqIW/are3KGAKbvo8G5AgVOPhO+X3n7iOwT +PqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9Js36gZegcm/w3d0QVOPUIEMWpSMIHCAm +v6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8djDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH +8akPB6NgNvFVUZPK4EQfr19JNAQp7KbPA6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj +4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfubaGkFE4AKxUEGcm0N4gHXo1PBj7hayJJSU +IuAfoIfmkorqrPTp3bRoH2NWmMveBU6W4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9x +KPeiD232KeBZdpK4vs1ewkzftWmOVYUBG0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7 +Z6iqH7hQ9gNGOe+NAgMBAAECggGAKuC3F0vviZm9Bqf7OquZ+GfX4YsYpR9cBAKf +ZIth5TvEfvEsrSQT4VJLg8Su5ZKCTr07883GcqUOwEh6CGyMNohphEsPxznzZ9Xx +xvhchl8cFmxj6x9woYEb40hRQp4gUO7f+nW1DfpssYKIlbAca7jlly2gAX0mzvL8 +z/TjSVvbsw34b5UNS5LZmCrfVLkSEscQbvWM/cECgnIJ72fxmC8NvAIZ9ZNSLpyk +lDuEeNU+2zBQtUrt2CacNm263B0dvHrW9QSTdi1GvIjxhc3ab8OT0ZDNzo/S2eRJ +InN77gwkYgEu1jeloBsicG4ZAAdbQU5/X4prnJIy2novnA/2C+hrmpYDhxqOT4Uk +AhoMiyvrJF6rxPZj+R5qzc4RUzZapcXUNzH0lCwtwd19Ogfw38LUkHCtqQQpleme +AL7FeVDXDu9oe6c5YrZihehT7p8ExKwlwiWy4u2bnoip77wOCuLo+D6eZpt64w4e +XiHpWtmkADqhfzMgt/WUMpD/+gcBAoHBAPTa6zMClhGP6su624Rv9HSVClacXR7d +zJNo5stnPierfcIZs8loWthR6AgGx36q9bOqtfIdFRc/PajF7oggnTcxMBZdCoU8 +Oi3vWEH+aIzIX3KICUjRYjj1kpm9xcy7XPGc6bEit+PM1DJ1jXCTiC30uQpavNxr +klV4+ROIt9MYsb3tQw7CO1mGNR37jAEUqbJ7sK2OnvmjZPJlwJs0AyN1j7ZUihDO +VT5UhjwB4KUH6BEirXTkoaDxZwsRfR5SaQKBwQDMmFm2M8J9AOxgrYTY80YIRQpy +vrcX7Xrzn4Lu8M8Xr6RlS5bbXApAH7WtRHGlIj14lItmvZpRSOTzawtn65AzeIUF +82/EMxLJaGjMBviTyNy+ta9wn8Qdy5c2ZZ5dKgsQ4PprSkAvNOnpd1wG48pbGg7/ +n3tVs9zdD2wa35KVjoyueu9Ls9BbND8v7OYmkmSNqFlA5KuLIeQkuLNxjxQsV5Vg +S8pyg1jlYs7KmYs9GIFHAVEf5LG6a/3huWfuR4UCgcAGWfdn51VFN1p71mkDUnQg +4gzWmk/AETjRShNSi2cNWGF2u3vyaYaRve4q5yIdowmkk3UMxrxZUgajbh714QKy +/8+jhN5U/m7z6hV8AMFthXUUX3r+LJBDsfsPieCrouCSU+Or+J6Uhieq92mn1eve +ZU63egsUHKY7GVw8qXs7OpTBvHnU1Cz98YFHOdMz4/lS6+p1VhHBn/9qWkFYxUyf +itkjfaXnMbL8XuzseY/+N+pJJ4EgWx3mMtzdaKK6OqECgcAttOdt1fhgFsG4A2vH +T+nYVRw1cDfVJ5+tJ3iHytJpFzshyhZEoTZFBxB+SekdnB2hf4X5COiduiwz2Tku +GSkY5pbJMo5IhaRvzFyFIBWOZnQyQsKT5Y1Znq8EXwVXCNp6BdjL+UWHhkmvd5Pe +kisV2Sd6ofVauxjfZd+fzUyhDryNCjfFcMFebrijC0iLW28NWou9/Jf6ODMQpRap +iu5Vzac4YRY0KPXGISHTjyPVHVFcPIYUGvI9lHyeXd5DFEUCgcA9s3ei/H000sC6 +3q5iELW8kxFCpwvu7uKCFfakAqQn8nponHEUgRS7eLjzS1NB0qysIiOMtZPAVMCz +puETLsi9PxD8de4RyEyZC2yd973j+TqFQmPyiWF3QNW55zM2iELW5sGeEVk/Z15c +nlItcy7KOJOJU0TAKvUUjr4ug5N7sVSN1aeF4tiaFz0GFIqV3qAkcTMfpaOKfuSc +huiHBdBaY7m4uNK4/ZOi1JitocO7wpRsX/eRJ4AuNrro8EHHAe0= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..229b6022c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = eap-tls + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..94f2c0a19 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtTCCAx2gAwIBAgIBAzANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzYwMloXDTI2MDky +MjEwMzYwMlowWTELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw7ArNq1Cs5RMc1Mu +HO5BZAIAc9v04THLSpCs+zNQlyJCXaijsiTQUbATyhgB5O11HKh69J8PRITx+dqI +W/are3KGAKbvo8G5AgVOPhO+X3n7iOwTPqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9 +Js36gZegcm/w3d0QVOPUIEMWpSMIHCAmv6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8d +jDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH8akPB6NgNvFVUZPK4EQfr19JNAQp7KbP +A6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfuba +GkFE4AKxUEGcm0N4gHXo1PBj7hayJJSUIuAfoIfmkorqrPTp3bRoH2NWmMveBU6W +4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9xKPeiD232KeBZdpK4vs1ewkzftWmOVYUB +G0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7Z6iqH7hQ9gNGOe+NAgMBAAGjgYkwgYYw +HwYDVR0jBBgwFoAU5MnNjPKIbR2nLtdeeTGlZlU1zgIwHwYDVR0RBBgwFoEUY2Fy +b2xAc3Ryb25nc3dhbi5vcmcwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5z +dHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLXNoYTMtcnNhLmNybDANBglghkgBZQME +Aw4FAAOCAYEAHxkcN7plS2BvO/yXxE5WJ+2k9IP/IupuE6ChuFHDq5SrGNMsStsG +sGpV6/yxvLSHchNGnGMIOyLTMzKgWy5dnDy4YX2FqZkI8ZBa0FJ9iO2IxILCsmyw +ouShOv47YkNuAzJWIZjRz3+7mNhfX3TsdEr26cNKf1JqawTyFCDq0t/UYS6K/8O+ ++6Q1kmy2mRgR19XkxA0ts3xno+eeB0NelnVEjJwqZPFgmVYK/2T4fUKraJyQzwhp +xghLtlmwNuN6jetB4Z9k3hQQaPlUy2wxrqdsNfV9Ysgy+3LcI2ynoFMYShrS4avW +FI2z0hb8sDkvS4Knif4UCv14Gycb/8nSgiingEMU+UmPOxwUl79/99e4LvIaslp4 +S0AiLwe0Tz2NqQ6uhvVppw3lYptIt+EK042cYpm/CPTMlMhT+Pi8l/POWIdquNLp +85NuiVBbt3wMff+qTu+/ppyQsytTfDMD6XLggorLni/Owf9PoBakcdGuPW9MAUTf +6Idv0tl5T0qX +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..3b492f0d4 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} + +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem new file mode 100644 index 000000000..85ad0d826 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEA2tDIPF4nBGWCGJrnrV1npIw4nz24u1siDlD1eS2o17sYTBnf +zQGkayW9dw/hhy3bGNrsGmuwr/lTMn1g3Kg+UQ0MNIWGPs3UWLeB5OBjQ4mWTmHK +l0Aov2QnFO5PT63f57qwZOBXMLJzIdOlBJku5kxBu0qYT/FsX40KR0QSzl5at7QH +5tJ81eBHuVaLEJrg5hYkqaDltGvisUeUozo5sijMfNvJUbwYQtL7UQrAMyFDAHqH +kx/RaOkOP58FdmzTihqRXLObVVrOMWq6pTARCssdDhcA/y2QtcQzftCbID9/+hMx +8yRyD0FbPcDC6CvrxVzUTyqBNjW9ZnrDfIxrqiRna7Fnjfq9gDYxYtDXGjvx1PdI +p1ZgiiiQ0BLWQV8w+ujKgM52wy8YMdnCTDdcIVmreo02amu4txX3wf9YAeGtQ5gN +QkJSooZEjwOnqVhiqNDEjxDgoEssAJ/VQtSwj37Ug1AFZ9bB2x+YNtC5b/Mj0Y4o +k7mO+ButDiTzkw53AgMBAAECggGACY1lwGTn1SRNSp+wj3vtY1yPuDvsjZlL4k4c +eT7KCSjsxZ23jG6O6/KI0+LImKsiznH4LqsW2ofK3wBkMx3RIp6sMrrFgoZfx8Oz +EvfMvY0LF77jJjkxzjEkF6DTq4nOpYIb4zt78u9HYWmo4YuCZaFcmT2Haq4CaiVx +Fm1dWM77rNtaIPR9aKTS3L9vcLkiKkk7LoCMppSzH8QdNAb9r85iJu09W6kXcgtd +10rd2x2PnDy9IGoaLTdHXPWnOmVDviFgCp9zxBk4g/SWDR2AdHOgg3D2mvOmFkVK +SLxr8RKhzzQfbRQuV4F3so9QVfkKyH8xsOpjAqjQwJC1LIWMJipzmc8o/AnUw0Rj +UvU1sDYV8MHimgoftG000vB72hws8tv/XQHl13Tig8y46lSOYxavBJZuHjPPhkQF +YlsfyUV5B11EmlyZ+KsNCHj9vXGRL6bw3Hu1UeG5cnXBXNkPq7ssNpgwdJrpqcW3 +8KWtl7w/b68ZLwyMpxKbmUNIyNkJAoHBAP9KBnqa91RA8gg0/Kp91NLiNXT9ibN3 +cQ6Y6HXuCWrKIKVKMmxRkhM9lMzOVfVVw5ydWZ3B5tzMiIfVCnyzs357vxBGsQEk +TQ9I/kdFuR1gSMZVbXSH1Cbf/Ealg7j/w5/3WpQSaszUN2dmkJ64I3iEWELjT/VV +RaxEhdNmZiRieOglkpvt+4X2Cr5oKXUofb11QX8bBmPnZklWUTuEfQu2KFc7T2im +2ZonJKdxRMMFcnHqS3StX8OYqK8qqTC9hQKBwQDbbMIAp2omxd+iiN4hCIgZ1mK3 +HzBBwam6A/ZLqbByB4Ch1TNRK959xtJW6FLibZPYCi12b1ILwjOVO7aQHKnhKItX +rhwAdhaBd3tJTxu2jDB0Bx1UkKbTDQ3bipnLY+VX/r/rMKbRsWgzejLs/CjafOj7 +OaFSpQOiQfOkpGKpwTab2H0CYqCMxK/4VYBP/NWwM0o0gaL5dJCjZ5i72CnHtmx7 +3D69TCieFY7RiDyf4Pix0tonwD5FfVHfH1SpjssCgcEAxJIcYQW4EhEcDIO4VhMj +7+msndOn1x/OVx4YSM4sRCU1c/Co2M0KfHQ7gmQSviD2yT5DxfyLJlL7ghPhylmY +iXkBiqfUHXv1NiLPYNPoER2Vi9o1uLfp/LEVkNRbk/SkjiUpgsCXqfZyXtUT4JML +BP5q874SUGcDif0NStUbK0MDtEVSGWzq8qCcbzbHTWYLQ/non9WQWxbPpQKo8/o1 +SvJNJ7YMlBl9jnw7dg76kmw8TkjJJyNkjLickpx3wIb9AoHBAIx01s6SW9nL6fZh +xEbC7lQTrobn2P0OmbWv2ZXfXknv0YBGOB4qhbZfcb8d4gh8+hldknJwmcVbH6fU +XG1tW7T8Pg33LoeBD7D6KZnooKW+oTl0YGsEWTVZ8tfopb/TBzjHolRLhU1PUZM6 +EqUuWHxbXsuJvWForaXMr8hhTaK6QlmKP6MqPPk+4iGFoagSATtT6Zkorokd+4QN +yW/c1Am6FUFH34VO3eUriYtIuP3ihW9WuDyfy3yx1pmLtab/9wKBwQDbBXYm9ugE +wRSIxCywJ+aPNRQKanCKORwQMNJZ80rrXIs7saomY4Os+utJpOhoksTJB7mAn3ij +kopmXn6NOsXdOlp9Ty55YRylGmOIQpsO7kSfylE1NFioHqksuQndbUwZFbskI0cN +egyoihqnbfoLyxGu1/M521IseW3AwFIc0gAGdQ7i4ZXVlXOXWvdZFxnpd6PAfFMb +J9mOicxHQ6Yv5b30RUvSIN+LHnUNGGk9XAxCH/jKtU7886jD6f34ru8= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..adf9326c7 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = eap-tls + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem new file mode 100644 index 000000000..c5c769cb5 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIBBDANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzcwN1oXDTI2MDky +MjEwMzcwN1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDa0Mg8XicEZYIYmuet +XWekjDifPbi7WyIOUPV5LajXuxhMGd/NAaRrJb13D+GHLdsY2uwaa7Cv+VMyfWDc +qD5RDQw0hYY+zdRYt4Hk4GNDiZZOYcqXQCi/ZCcU7k9Prd/nurBk4FcwsnMh06UE +mS7mTEG7SphP8WxfjQpHRBLOXlq3tAfm0nzV4Ee5VosQmuDmFiSpoOW0a+KxR5Sj +OjmyKMx828lRvBhC0vtRCsAzIUMAeoeTH9Fo6Q4/nwV2bNOKGpFcs5tVWs4xarql +MBEKyx0OFwD/LZC1xDN+0JsgP3/6EzHzJHIPQVs9wMLoK+vFXNRPKoE2Nb1mesN8 +jGuqJGdrsWeN+r2ANjFi0NcaO/HU90inVmCKKJDQEtZBXzD66MqAznbDLxgx2cJM +N1whWat6jTZqa7i3FffB/1gB4a1DmA1CQlKihkSPA6epWGKo0MSPEOCgSywAn9VC +1LCPftSDUAVn1sHbH5g20Llv8yPRjiiTuY74G60OJPOTDncCAwEAAaOBiDCBhTAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVgRNkYXZl +QHN0cm9uZ3N3YW4ub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwuc3Ry +b25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEzLXJzYS5jcmwwDQYJYIZIAWUDBAMO +BQADggGBAISXAxemOSUmXqkf7cgTQHpreMH1Y9LPJxZUUq5GVErmPzhLaZDSqZSy +ZXcu3EWPA0RElaYBd9CSgFx0I89tw41dIYOLDyLnrEDHmcsgcJl74YYBSzebB/TJ +OGXtV3S9M9OF1vSdugaXI1hDXck7cODUR6nyZAWOp5kBSItAH5bglCRtaQlAuSxM +wRWYhBErUR5tZvu0loCN+11hVg/ddQ3r+FeHUt35KNenxkd6hWlHljbPv/eTtqgc +/5VGEC96I2rD6WNcszj/SKK40zA9GuF1mIwNKEdcYnPRxoszlD6C7cdGJZ8VpJLc +d7sO0QJur5HNtj6oUbM3HuHAaZBjg7uh5GDj+RehhKCybYyJQ1fu4iRaNYKdPwZh +/F6hBRLytkt1qjJhngmBmQU4Ent8GL0Zn6Q8/HvbTP/xw4VXkY9JHdMIkzH8zokd +TVjkunPPt+zdzeMq4hOewYR8HfiKcAnNUG7eO6PnUvC2NKsqX8a7/z0OV68XybZs +gjC1FqvMvg== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..646ee0e4c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem new file mode 100644 index 000000000..f24b3ebf3 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAnD3x6bsLjwUP9BU0+hDSo28XBn1aM8+UO5n5XnnuQ8CDB+Mq +pEHgNve71FBD8Gqf2dha5rfRx5HhXbw6BZMCTdUs5oxHsaOl5LGwp8W4G1BSxofV +T7yzfnmW/+lPER2zJnXbOlVfW8UoEbsAfXpCr/edJvBu10kk1VHjrnMJIDGlNc4N +Re06DcYSb/7AgRN6umPQr+uRzn5jFXJyROjx00gH89GzZIaNciyiYwaCZFBduByt +UhaL8RKMA+MxWrB1ICQgE7hITZXvJJg2UuEe+t3lXMSfKoZHyU2sTBtctXan6rf/ +XmC0O3Bf7RTwoFmDvJlApgfpL1QIe8gH1hi/NukTYskm+zWYPkJAzcwCyMmyhZFY +v0r0pybLWI1hZ8xeTr7MSbtImsvxl8mxwG7wRtWS5BKd0kke/gorCEI8AYZj33NA +G58iX4+z745z4UNNTDg1bnjB2fTw4c0AD7TOIU76ZskhGKj4J7ZMzeQ5YXLMFRmp +qn0p9obSqXwg62dXAgMBAAECggGAHb2g3efv5FKHXePniK5JGjkcPe0AjZo20j2V +/UjidN0hVBAG3ut3PZ9cjqaUuB/ju7j2XLKi6QU4y/n3ZXY9Wwl4GY6cWxEWk/jK +8rStPe3FQ+s5TItT84A7oQ0NMunfXzPR/kGf/D0ESpO5HSl3pj1RGcdsoehXbY+/ +8kYNd6Zbl2lYl3X3tgV9Hvp0NF2739z+LW5++7qNK9j0LW/WEGzGrr+9ESaXqCMc +6hKkIWo23MQArf6Ctunb4yWNEIFEDi1r9DzMbZN/lVhDx77Q0KYLH1P31R5rOc1G +NYXPF4F3CSfUsgd48dB2/1FCTnDJ4PmOU/R1L8jAgnSOroTAYDVzY4DJ7vyKGvIE +DL7eKlbwOfS5swyANUKgHO6QiHt9WzcNUGpeinTa3wJ4KoAdG+lzDMuiwRFdSRRU +z7t1ptTf2LuCAtva2daP2SPed+ITg2QB6X4BSQkqR0vPYBQIZAtFjMWH78E2PLrD +01+LpOj8TBRerd834etDODg4ddiRAoHBAMiYg7hWfChw3SdnmAmkhDAZN80pvsUU +bzzAiQ5EI59JYMoi/amYyLd6hUK4Z8g4gcdXzBYw9iwJuj8LMpPBZlplAxVnFdId +23I+GNDmcX2ovOpl6skKy1grNhBigxRUQUGsS9oxrYeuy2VymDzeZPCQmrrhsXk/ +Mac237nncJj2n8I5RtDOoSOFD0+grs7MXs4P+W2HHzWgkN7mBgKeFfUPLI3Kyy3p +F7tXegtJqIJsXlfZ/fzR40QTy7/VbwAW/wKBwQDHZVDYtYe4YoHKdwtAqs/J08QA +29fGkM4ZawLNTY4jz9rdtOuBWg0FPAo82x21xlbRQLsaTKzy9O6a3cQ5oaKtKCh/ +XmKCssrnzJsYZYnhkP4f4VXK8nai/9LFo8TWhB8hNy62GGmfXffsqhAIqIqZA02F +/mOfR6Wrqs7yfzYnJnVsjbR1B2zSiNAYKtk1VtQdGjuagSn/dEyhSCaQRXotXUKX +SJDzPf/H2mj97Cg+3bCtdE/h//N1/cmV/5QEx6kCgcEAh1ua7oW1bBiUsuVNi5wu +8sHhjJiRuS0LzsPg9/Z0zyRVorCv2IRXVK/hQl9q8Ilo0VnmRkctphO+UJI+w8Nq +TK8CwKt55vnsvY83cac+h9uX9tdk8dpN0qX96lp/NvWPv0ADQy3oebkyWLdWESTE +miwJrPdkqXtCByKZHzoUGbO5o/bAWWBFDdHYvhOgQb1Yb9YJqqXWInrBpxcykQuZ +p25g0yE3rzgtomXp3boLck6r7r4TjEkZATQWddERAM+DAoHAEW4w6BDOYXbzA6Du +ceO8sFb7vlt5fFkyOxSYtRu/fi/wYQssvy0BEGEUQAejjD1fX4F6Ga10PPTeWtli +CuuvTdXB3IiCsgwxIpxHPpW5vOcw39aR6mDRsCQO58oOLfZ0xjGNustdiFntj1m6 +dxdMrl2UjE8VpFneCKiw2I/4SunYv/mPOd/BSpI9Jq+wNzJ07mpZpYL/Cd6/yCWH +gXshWA/b/1+PlEPqNS1JmlDnn78/b5pIVWhLfxgFZEBoTxapAoHAY/58nLcWpvpY +3IZC0fBuR7usTACbxr9Z4okHzJUNnoJe+MSE+wQwuE3nP+vc1CrmBSwCjN2wyVLc +gy3idN77NthU9l0oElrPbGFKdFEaa85IcKtnfnspzmvo9AJn2wveZUAlZAzu2zBN +vKI8ubXgoS56uHQnNsWOIugTW/P1I8FnlD4jPItaACGJ3yZWolh9g/WOGS29qJvV +E/6hT4QPPXPZFEnOKO0/3YsMXBwcnEqm2mQ+c4rGMKrTcynk4KaE +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..ec6b06bbc --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = eap-tls + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..bea7e81f8 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyDCCAzCgAwIBAgIBAjANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzU0N1oXDTI2MDky +MjEwMzU0N1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcPfHpuwuPBQ/0FTT6 +ENKjbxcGfVozz5Q7mfleee5DwIMH4yqkQeA297vUUEPwap/Z2Frmt9HHkeFdvDoF +kwJN1SzmjEexo6XksbCnxbgbUFLGh9VPvLN+eZb/6U8RHbMmdds6VV9bxSgRuwB9 +ekKv950m8G7XSSTVUeOucwkgMaU1zg1F7ToNxhJv/sCBE3q6Y9Cv65HOfmMVcnJE +6PHTSAfz0bNkho1yLKJjBoJkUF24HK1SFovxEowD4zFasHUgJCATuEhNle8kmDZS +4R763eVcxJ8qhkfJTaxMG1y1dqfqt/9eYLQ7cF/tFPCgWYO8mUCmB+kvVAh7yAfW +GL826RNiySb7NZg+QkDNzALIybKFkVi/SvSnJstYjWFnzF5OvsxJu0iay/GXybHA +bvBG1ZLkEp3SSR7+CisIQjwBhmPfc0AbnyJfj7PvjnPhQ01MODVueMHZ9PDhzQAP +tM4hTvpmySEYqPgntkzN5DlhcswVGamqfSn2htKpfCDrZ1cCAwEAAaOBnTCBmjAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVghNtb29u +LnN0cm9uZ3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdHwQ7MDkw +N6A1oDOGMWh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEz +LXJzYS5jcmwwDQYJYIZIAWUDBAMOBQADggGBAAHZATrdzGmUIq+0+EdA1AbPdcaT +UDKJvDS30JyOkUnAv5jr63PHyfw+RS92zgE2UyB4+u43BiggBNmTNCjpaEUmViAo +tdywkzIKm7q3dr0078IZ8LU8Wo+hoeRNkBJOxdgflsSislQYDeTd7syoQ4BW7whs +jjFK2Lbthd+/33Iw3LMekYuZF7ZUbHY7D3nlBidrmTIQQCvOnsW2lJi/S83FEYzl +noK+of3eo4Ryg1/428FHts26PxSmnHv+ckj9R4Jf5kH8kd1WhrgDyHQMnihWlUJ2 +pintDBgislbZytqiBOGeYpbpxKl57zHs421wmUs329asu7zgfJFnCynkUgvuRXdc +gDJ+DAiVaXCJlYnk36P87028SR9/C0JLzHA3O5CcfUdFEUs0BvVe1D3b9kC28rdA +5V86DFCL+gp6rB+wDtq6YnCddaNk+ZCs/QAPidqOFAytaBBKaagMIFk+wlsFge79 +ZssIfKy33Frluw0HCj0LNs2tjWvG4Ku8xkFO1Q== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat new file mode 100755 index 000000000..d7107ccc6 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +dave::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat new file mode 100755 index 000000000..762c35418 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +dave::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 |