diff options
Diffstat (limited to 'testing/tests/swanctl/rw-ed25519-certpol/hosts')
15 files changed, 195 insertions, 0 deletions
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..91a05eabc --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem new file mode 100644 index 000000000..5c3e2623d --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8 +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..9990cf319 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..70d7664af --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/DCCAa6gAwIBAgIBBTAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTgwNjIxMTQzMDU1WhcNMjMwNjIxMTQzMDU1WjBbMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh +APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GiMIGfMB8GA1UdIwQY +MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAYBgNVHSAEETAPMA0GCysGAQQB +gqAqAQEBMAUGAytlcANBAJAqyQd0TjQUTba+9NzVdboKhq3D6I/go7wjzx9G2O5s +xn1QimUMNHpY4i8eDD9ISvZIR2sziZgm79zV/sY1bQw= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..91a05eabc --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem new file mode 100644 index 000000000..bf84ef3dd --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..2c5c8f3ee --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem new file mode 100644 index 000000000..18f0e088c --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz +d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn +86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK +MEj7Dg== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..b81a8a61a --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + default = 1 } + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem new file mode 100644 index 000000000..491d36430 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..1cc6ea429 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + cert_policy = 1.3.6.1.4.1.36906.1.1.1 + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..e67b224b6 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww +BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX +8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- |