diff options
Diffstat (limited to 'testing')
220 files changed, 5187 insertions, 1102 deletions
diff --git a/testing/Makefile.in b/testing/Makefile.in index 1c244c66e..22de00b50 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -253,6 +252,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -273,8 +274,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -329,8 +328,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -359,8 +356,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/testing/config/kernel/config-4.18 b/testing/config/kernel/config-4.18 new file mode 100644 index 000000000..2d21a556d --- /dev/null +++ b/testing/config/kernel/config-4.18 @@ -0,0 +1,2653 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.18.7 Kernel Configuration +# + +# +# Compiler: gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_FILTER_PGPROT=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=50400 +CONFIG_CLANG_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TINY_SRCU=y +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +# CONFIG_BPF_SYSCALL is not set +# CONFIG_USERFAULTFD is not set +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_RSEQ=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_CLK=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_RCU_TABLE_FREE=y +CONFIG_HAVE_RCU_TABLE_INVALIDATE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_PLUGIN_HOSTCC="" +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_CC_HAS_STACKPROTECTOR_NONE=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_REFCOUNT=y +# CONFIG_REFCOUNT_FULL is not set + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_SED_OPAL is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y +# CONFIG_INTEL_RDT is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_NR_CPUS_RANGE_BEGIN=1 +CONFIG_NR_CPUS_RANGE_END=1 +CONFIG_NR_CPUS_DEFAULT=1 +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_HAVE_GENERIC_GUP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_ZONE_DEVICE=y +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_BENCHMARK is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_UMIP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_INTEL_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_STUB is not set +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI controller drivers +# + +# +# Cadence PCIe controllers support +# +# CONFIG_VMD is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_TLS=y +# CONFIG_TLS_DEVICE is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +CONFIG_NET_IPGRE_DEMUX=y +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_IPGRE=y +# CONFIG_SYN_COOKIES is not set +CONFIG_NET_IPVTI=y +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +# CONFIG_INET_ESP_OFFLOAD is not set +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +# CONFIG_INET6_ESP_OFFLOAD is not set +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +CONFIG_IPV6_VTI=y +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_ARP=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_TPROXY_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_TPROXY_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_STREAM_PARSER=y +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_FAILOVER=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_VIRTIO_BLK_SCSI is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set + +# +# Misc devices +# +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC & related support +# + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_MISC_RTSX_PCI is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_AMD_XGBE is not set +CONFIG_NET_VENDOR_AQUANTIA=y +# CONFIG_AQTION is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +CONFIG_CAVIUM_PTP=y +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +CONFIG_NET_VENDOR_CORTINA=y +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_HUAWEI=y +# CONFIG_HINIC is not set +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP is not set +CONFIG_NET_VENDOR_NI=y +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_MDIO_DEVICE is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WLAN_VENDOR_QUANTENNA=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +CONFIG_RC_CORE=y +CONFIG_RC_MAP=y +# CONFIG_LIRC is not set +CONFIG_RC_DECODERS=y +CONFIG_IR_NEC_DECODER=y +CONFIG_IR_RC5_DECODER=y +CONFIG_IR_RC6_DECODER=y +CONFIG_IR_JVC_DECODER=y +CONFIG_IR_SONY_DECODER=y +CONFIG_IR_SANYO_DECODER=y +CONFIG_IR_SHARP_DECODER=y +CONFIG_IR_MCE_KBD_DECODER=y +CONFIG_IR_XMP_DECODER=y +# CONFIG_IR_IMON_DECODER is not set +# CONFIG_RC_DEVICES is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# AMD Library routines +# + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +CONFIG_HID_ITE=y +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_REDRAGON=y +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set +CONFIG_USB_PCI=y + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACER_WIRELESS is not set +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMBIOS is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +CONFIG_PMC_ATOM=y +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_CLKDEV_LOOKUP=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Common Clock Framework +# +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_VIRTIO is not set +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# + +# +# Broadcom SoC drivers +# + +# +# i.MX SoC drivers +# + +# +# Qualcomm SoC drivers +# +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# CONFIG_XILINX_VCU is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +# CONFIG_NVMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# CONFIG_FPGA is not set +# CONFIG_UNISYS_VISORBUS is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# Tegra firmware driver +# + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_FS_IOMAP=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +CONFIG_MEMFD_CREATE=y +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_STACK_VALIDATION=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_TEST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_OVERFLOW is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_X86_PTDUMP is not set +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_BIG_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_AEGIS128L is not set +# CONFIG_CRYPTO_AEGIS256 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2 is not set +# CONFIG_CRYPTO_AEGIS256_AESNI_SSE2 is not set +# CONFIG_CRYPTO_MORUS640 is not set +# CONFIG_CRYPTO_MORUS640_SSE2 is not set +# CONFIG_CRYPTO_MORUS1280 is not set +# CONFIG_CRYPTO_MORUS1280_SSE2 is not set +# CONFIG_CRYPTO_MORUS1280_AVX2 is not set +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_SM3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_SM4=y +# CONFIG_CRYPTO_SPECK is not set +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y +# CONFIG_CRYPTO_ZSTD is not set + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +CONFIG_CRYPTO_HASH_INFO=y +# CONFIG_CRYPTO_HW is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +CONFIG_RATIONAL=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_DMA_DIRECT_OPS=y +CONFIG_SWIOTLB=y +CONFIG_SGL_ALLOC=y +CONFIG_IOMMU_HELPER=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_SBITMAP=y +# CONFIG_STRING_SELFTEST is not set diff --git a/testing/do-tests b/testing/do-tests index 641529533..52d0d70eb 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -444,20 +444,22 @@ do next } printf("cmd_err=\044(tempfile -p test -s err); ") + printf("cmd_out=\044(tempfile -p test -s out); ") if (command == "tcpdump") { printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) - printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"); ", host, pattern) + printf("ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log > \044cmd_out; ", host) } else { - printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s %s 2>\044cmd_err | grep \"%s\"); ", host, command, pattern) + printf("ssh \044SSHCONF root@\044ipv4_%s %s >\044cmd_out 2>\044cmd_err; ", host, command) } + printf("cmd_res=\044(cat \044cmd_out | grep \"%s\"); ", pattern) printf("cmd_exit=\044?; ") printf("cmd_fail=0; ") if (hit ~ /^[0-9]+$/) { - printf("if [ \044(echo \"\044cmd_out\" | wc -l) -ne %d ] ", hit) + printf("if [ \044(echo \"\044cmd_res\" | wc -l) -ne %d ] ", hit) } else { @@ -475,9 +477,14 @@ do { printf("echo \"$(print_time)%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) } - printf("if [ -n \"\044cmd_out\" ]; then echo \"\044cmd_out\"; fi; \n") - printf("cat \044cmd_err; rm -f -- \044cmd_err; \n") - printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n") + printf("if [ -n \"\044cmd_res\" ]; then echo \"\044cmd_res\"; fi; \n") + printf("cat \044cmd_err; \n") + printf("if [ \044cmd_fail -ne 0 ]; then \n") + printf("if [ -s \044cmd_out ]; then echo \"~~ output ~~~~~~~~~~\"; \n") + printf("if [ \"\044verbose\" == \"YES\" ]; then cat \044cmd_out;\n") + printf("else cat \044cmd_out | head; fi; fi; \n") + printf("echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n") + printf("rm -f -- \044cmd_out \044cmd_err; \n") printf("echo; ") }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 diff --git a/testing/hosts/default/usr/local/bin/systemctl b/testing/hosts/default/usr/local/bin/systemctl new file mode 100755 index 000000000..bbe2bc9b3 --- /dev/null +++ b/testing/hosts/default/usr/local/bin/systemctl @@ -0,0 +1,22 @@ +#!/bin/bash +# +# LEAK_DETECTIVE_LOG is set for automated runs, however, this is not passed +# to a process started via systemctl. This wrapper is used to set the variable +# for the strongswan-swanctl.service unit. + +ORIG=/bin/systemctl +CONF=/lib/systemd/system/strongswan-swanctl.service + +if [[ "$2" != "strongswan-swanctl" ]]; then + $ORIG "$@" +fi + +if [[ "$1" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then + sed -i "s:Type=:Environment=LEAK_DETECTIVE_LOG=$LEAK_DETECTIVE_LOG\nType=:" $CONF 2>/dev/null +fi + +$ORIG "$@" + +if [[ "$1" == "stop" ]]; then + sed -i '/LEAK_DETECTIVE_LOG/d' $CONF 2>/dev/null +fi diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt index 1f01a4c26..bc6b9d648 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt @@ -2,12 +2,19 @@ R 130621144307Z 130627211828Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU= R 130621161252Z 080622162459Z,keyCompromise 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org R 130621161359Z 130627211849Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org R 130621162918Z 130627211852Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org -V 140611160633Z 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org -V 140611160706Z 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org -V 180602071743Z 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org -V 180602072050Z 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org -V 180602072738Z 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org -V 180602073154Z 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org -V 180602073328Z 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org -V 180602073519Z 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org -V 180602100216Z 0D unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org +R 140611160633Z 180613112511Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +R 140611160706Z 180613112516Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org +R 180602071743Z 180613112520Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +R 180602072050Z 180613112523Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org +R 180602072738Z 180613112527Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +R 180602073154Z 180613112530Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org +R 180602073328Z 180613112534Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org +R 180602073519Z 180613112537Z,superseded 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org +R 180602100216Z 180613112944Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=ECSA 521 bit/CN=moon.strongswan.org +V 230611120443Z 0E unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org +V 230611121031Z 0F unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org +V 230611121121Z 10 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +V 230611123432Z 11 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org +V 230611123524Z 12 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org +V 230611143131Z 13 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +V 230611143151Z 14 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old index bb87bbd13..aa36356e7 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old @@ -1,5 +1,19 @@ -V 130621144307Z 01 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org -R 130621161252Z 080622162459Z 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org -V 130621161359Z 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org -V 130621162918Z 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org -V 140611160633Z 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +R 130621144307Z 130627211828Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org +R 130621161252Z 080622162459Z,keyCompromise 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +R 130621161359Z 130627211849Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org +R 130621162918Z 130627211852Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +R 140611160633Z 180613112511Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +R 140611160706Z 180613112516Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org +R 180602071743Z 180613112520Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org +R 180602072050Z 180613112523Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org +R 180602072738Z 180613112527Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +R 180602073154Z 180613112530Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org +R 180602073328Z 180613112534Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org +R 180602073519Z 180613112537Z,superseded 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org +R 180602100216Z 180613112944Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=ECSA 521 bit/CN=moon.strongswan.org +V 230611120443Z 0E unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org +V 230611121031Z 0F unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org +V 230611121121Z 10 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org +V 230611123432Z 11 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org +V 230611123524Z 12 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org +V 230611143131Z 13 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem new file mode 100644 index 000000000..a4962286e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr +dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx +JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu +M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl +8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB +7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G +A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr +aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq +hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT +tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8 +ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN +Vjo6NkA= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem new file mode 100644 index 000000000..35b3df49a --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5 +7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ +rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq +duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2 +d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP +GnRyvRuhwRkbBIGt6l1mbA== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem new file mode 100644 index 000000000..646f6e8e3 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem new file mode 100644 index 000000000..f3f4c6671 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAm+gAwIBAgIBETAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzEyMzQzMloXDTIzMDYxMTEyMzQzMlowXzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDM4NCBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAExm8lmoXGUfLL8xzhhQFmadz7SjPdubASbH9m+t7h30OV +yo+NPmtve7uqrWzttyWfqR7tFSOLtP5joj8U9E580ilT/2MsjVQJpKOFpYaggPUK +f+fhRwfQMUunyyAoIRSbo4IBFDCCARAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw +HQYDVR0OBBYEFCQeIdu6skXTNWUg5w1Eb9HR1dU2MHgGA1UdIwRxMG+AFLpd+XG2 +E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA +9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwPAYDVR0f +BDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2Fu +X2VjLmNybDAKBggqhkjOPQQDAgOBjAAwgYgCQgGptTrYfjcWM+P66K5W+sq1d4X6 +E0+I2lXRKRiku2vPjpTQZJim4k4pAJNC19R2CCJMBgqab1ROUUsHMMHBNcyR/gJC +AN6S1J68o3UTQwAyN/zXW4ur8cxsPKV9uZYoz7O6Snz+eTliz/g8NPtfLYUseCii +VoXhdWwKkiRd8Cjck+RJHVWh +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem new file mode 100644 index 000000000..0f6315794 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7TCCAlCgAwIBAgIBEjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzEyMzUyNFoXDTIzMDYxMTEyMzUyNFowXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDI1NiBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAATRc+i666sxHVohZ/4ld8ffz2xoa+x9+7TzM689nczQ +oZMs3+AJIjjNzdjvEe6kPHW73p51IdtlVF97Ib62hgQuo4IBEzCCAQ8wCQYDVR0T +BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDA3QkktCD5ZvWeiepNeQPWpcKP8 +MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYETZGF2ZUBzdHJv +bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 +YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GKADCBhgJBOrfM +xT0Cn1uXVvuS977ANQZwzAX4O9y5POFXBkDKLFPL9hgWg7jxhREkDRcvViovMmiM +EAjoEZLD8SysfYrRZxcCQXtgWTfS2GAIDSQS1of1so/8Z/xZdfoIWxRoZ/xmH7jY +Yt3wK6yGjziEbX9LGN4MkOwkJKjEkTwbTygv7Wt3arz/ +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem new file mode 100644 index 000000000..961c8bec8 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAlCgAwIBAgIBEzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzE0MzEzMVoXDTIzMDYxMTE0MzEzMVowXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAATCqc/Wov++N8wvG3IhsEAxa38bxoIBPQZeOqMyi/lV +breEsOSJD/POV3gkt1lKOaQ502XdJcjdAvCqjtbpzCMWo4IBEzCCAQ8wCQYDVR0T +BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFAtkayAwMYDQqnlKDRvm7HNCIxY8 +MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYITbW9vbi5zdHJv +bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 +YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GLADCBhwJBVnfl +l9eV6R+jNdUCuz+yDdM7c1UpQ+Qy7rtXq50KZY7d1xJsTk152LxXIkO8EJnHmO4l +s39RHlGXItWcYGffXIICQgCLB+R8QFnMcKlgpjrxsuO/Ljg1RcMav3y3zaHJJJLT +eJBEL7RhDaPGcJ/hKU4TPwvSEIkswQaDnN+oAZiz/gFDUw== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem new file mode 100644 index 000000000..a71ffdca1 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCzCCAm2gAwIBAgIBFDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG +A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS +b290IENBMB4XDTE4MDYxMzE0MzE1MVoXDTIzMDYxMTE0MzE1MVowXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q4+MyOBab2jzM +AVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSBwyYzL9+Nhnam +F6qMSaPBnIE2CK2hgqGjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUT4FEmRbCvjxKsXqruiQgzC50pj0weAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYsAMIGHAkIAhHCvrcHfCJbPcNDdyT4x3F3V2wq7 +96TzcVzlLJ+zSxr3Xo3eqOZaxAlnnoI4aQIukZ0RXzSCebDrOL9+k+5uRakCQU9k +W5MphqYKOys+lQmpKBEnzZlM1QvFfUUiXwoxN8Ilc9c0nSVXKl9m/uPgP7GZjvaE +J4juvRKmi2nMoxWIJtMt +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/serial b/testing/hosts/winnetou/etc/openssl/ecdsa/serial index ff470b05e..60d3b2f4a 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/serial +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/serial @@ -1 +1 @@ -0E +15 diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old b/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old index cd672a533..8351c1939 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old @@ -1 +1 @@ -06 +14 diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem new file mode 100644 index 000000000..70d7664af --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/DCCAa6gAwIBAgIBBTAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTgwNjIxMTQzMDU1WhcNMjMwNjIxMTQzMDU1WjBbMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh +APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GiMIGfMB8GA1UdIwQY +MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAYBgNVHSAEETAPMA0GCysGAQQB +gqAqAQEBMAUGAytlcANBAJAqyQd0TjQUTba+9NzVdboKhq3D6I/go7wjzx9G2O5s +xn1QimUMNHpY4i8eDD9ISvZIR2sziZgm79zV/sY1bQw= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan index 150fce30c..13fd1e691 100755 --- a/testing/scripts/build-strongswan +++ b/testing/scripts/build-strongswan @@ -1,7 +1,5 @@ #!/bin/bash -echo "Preparing root image" - DIR=$(dirname `readlink -f $0`) . $DIR/../testing.conf . $DIR/function.sh @@ -26,8 +24,20 @@ load_qemu_nbd mkdir -p $LOOPDIR mkdir -p $IMGDIR -log_action "Connecting root image to NBD device $NBDEV" -execute "qemu-nbd -c $NBDEV $ROOTIMG" +case "$2" in +"") + log_action "Connecting root image to NBD device $NBDEV" + execute "qemu-nbd -c $NBDEV $ROOTIMG" + ;; +*) + echo $STRONGSWANHOSTS | grep -q "\b$2\b" || die "Guest $2 not found" + GUESTIMG="$IMGDIR/$2.$IMGEXT" + [ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found" + log_action "Connecting guest image to NBD device $NBDEV" + execute "qemu-nbd -c $NBDEV $GUESTIMG" + ;; +esac + do_on_exit qemu-nbd -d $NBDEV partprobe $NBDEV @@ -74,7 +84,9 @@ cp $RECPDIR/$RECIPE $SHAREDDIR/build-strongswan log_action "Installing from recipe $RECIPE" execute_chroot "make SRCDIR=/root/strongswan BUILDDIR=/root/shared/build-strongswan -f /root/shared/build-strongswan/$RECIPE" -# cleanup before mounting guest images -on_exit - -$DIR/build-guestimages +# requild the guest images if we modified the root image +if [ -z "$2" ]; then + # cleanup before mounting guest images + on_exit + $DIR/build-guestimages +fi diff --git a/testing/scripts/recipes/011_botan.mk b/testing/scripts/recipes/011_botan.mk new file mode 100644 index 000000000..ef0f6d066 --- /dev/null +++ b/testing/scripts/recipes/011_botan.mk @@ -0,0 +1,30 @@ +#!/usr/bin/make + +PKG = botan +SRC = https://github.com/randombit/$(PKG).git +# will have to be changed to the 2.8.0 tag later +REV = 1872f899716854927ecc68022fac318735be8824 + +NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) + +# the first two are necessary due to LD, the others to reduce the build time +CONFIG_OPTS = \ + --without-os-features=threads \ + --disable-modules=locking_allocator \ + --disable-modules=pkcs11,tls,x509,xmss \ + +all: install + +$(PKG): + git clone $(SRC) $(PKG) + +.$(PKG)-cloned-$(REV): $(PKG) + cd $(PKG) && git fetch && git checkout $(REV) + @touch $@ + +.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV) + cd $(PKG) && python ./configure.py $(CONFIG_OPTS) && make -j $(NUM_CPUS) + @touch $@ + +install: .$(PKG)-built-$(REV) + cd $(PKG) && make install && ldconfig diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index 52462d077..13a1b23c8 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -54,8 +54,6 @@ CONFIG_OPTS = \ --enable-imv-os \ --enable-imc-attestation \ --enable-imv-attestation \ - --enable-imc-swid \ - --enable-imv-swid \ --enable-imc-swima \ --enable-imv-swima \ --enable-imc-hcd \ @@ -64,6 +62,7 @@ CONFIG_OPTS = \ --enable-sqlite \ --enable-attr-sql \ --enable-mediation \ + --enable-botan \ --enable-openssl \ --enable-blowfish \ --enable-kernel-pfkey \ diff --git a/testing/testing.conf b/testing/testing.conf index 0da9aedad..78c8dcabc 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,14 +24,14 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.15.18} +: ${KERNELVERSION=4.18.9} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} -: ${KERNELCONFIG=$DIR/../config/kernel/config-4.15} -: ${KERNELPATCH=ha-4.15.6-abicompat.patch.bz2} +: ${KERNELCONFIG=$DIR/../config/kernel/config-4.18} +: ${KERNELPATCH=ha-4.16-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.6.3} +: ${SWANVERSION=5.7.0} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/botan/rw-cert/description.txt b/testing/tests/botan/rw-cert/description.txt new file mode 100755 index 000000000..2d9d550fc --- /dev/null +++ b/testing/tests/botan/rw-cert/description.txt @@ -0,0 +1,10 @@ +The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b> +plugin based on the <b>Botan</b> library for all cryptographical functions whereas +roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical +plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange +on <b>x25519</b>. +<p/> +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/botan/rw-cert/evaltest.dat b/testing/tests/botan/rw-cert/evaltest.dat new file mode 100755 index 000000000..8a8a95f7e --- /dev/null +++ b/testing/tests/botan/rw-cert/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..e5c6d88b3 --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = botan pem x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..1454ec54c --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F + +1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b +/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ +/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o +Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+ +f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6 +LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv +06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC +e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr +3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC +sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily +c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy +UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h +XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T +iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO +Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO +v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO +t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H +8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA +jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p +p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS +7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk +GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+ +4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0 +yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd ++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..c9ffac848 --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + rsa-carol { + file = carolKey.pem + secret = "nH5ZQEWtku0RJEZ6" + } +} diff --git a/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..f2ab7d3e8 --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..7fcdea834 --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..6a33d582b --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf @@ -0,0 +1,15 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem botan x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes + integrity_test = yes + crypto_test { + on_add = yes + } +} diff --git a/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..4ba02ad6c --- /dev/null +++ b/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/botan/rw-cert/posttest.dat b/testing/tests/botan/rw-cert/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/botan/rw-cert/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/botan/rw-cert/pretest.dat b/testing/tests/botan/rw-cert/pretest.dat new file mode 100755 index 000000000..dd1a17ccb --- /dev/null +++ b/testing/tests/botan/rw-cert/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf b/testing/tests/botan/rw-cert/test.conf index 08ea543e2..1227b9d1c 100644..100755 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf +++ b/testing/tests/botan/rw-cert/test.conf @@ -18,11 +18,7 @@ TCPDUMPHOSTS="moon" # Guest instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="carol moon dave alice" - -# Guest instances on which databases are used -# -DBHOSTS="alice" +IPSECHOSTS="moon carol dave" # charon controlled by swanctl # diff --git a/testing/tests/botan/rw-ecp256/description.txt b/testing/tests/botan/rw-ecp256/description.txt new file mode 100755 index 000000000..f6d0f149c --- /dev/null +++ b/testing/tests/botan/rw-ecp256/description.txt @@ -0,0 +1,9 @@ +The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b> +plugin based on the <b>Botan</b> library for all cryptographical functions whereas +roadwarrior <b>dave</b> uses the <b>openssl</b> plugin. The authentication is based +on <b>X.509 certificates</b> and the key exchange on <b>ecp256</b>. +<p/> +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/botan/rw-ecp256/evaltest.dat b/testing/tests/botan/rw-ecp256/evaltest.dat new file mode 100755 index 000000000..dc67b2d20 --- /dev/null +++ b/testing/tests/botan/rw-ecp256/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..e5c6d88b3 --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = botan pem x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..1454ec54c --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F + +1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b +/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ +/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o +Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+ +f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6 +LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv +06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC +e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr +3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC +sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily +c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy +UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h +XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T +iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO +Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO +v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO +t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H +8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA +jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p +p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS +7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk +GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+ +4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0 +yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd ++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..a50497eed --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-ecp256 + } + } + version = 2 + proposals = aes128-sha256-ecp256 + } +} + +secrets { + + rsa-carol { + file = carolKey.pem + secret = "nH5ZQEWtku0RJEZ6" + } +} diff --git a/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..3ee76327c --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = nonce openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..66c6cd1c9 --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-ecp256 + } + } + version = 2 + proposals = aes128-sha256-ecp256 + } +} diff --git a/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..29b16f107 --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem botan x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..240cccf44 --- /dev/null +++ b/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-ecp256 + } + } + version = 2 + proposals = aes128-sha256-ecp256 + } +} diff --git a/testing/tests/botan/rw-ecp256/posttest.dat b/testing/tests/botan/rw-ecp256/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/botan/rw-ecp256/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/botan/rw-ecp256/pretest.dat b/testing/tests/botan/rw-ecp256/pretest.dat new file mode 100755 index 000000000..dd1a17ccb --- /dev/null +++ b/testing/tests/botan/rw-ecp256/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/botan/rw-ecp256/test.conf b/testing/tests/botan/rw-ecp256/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/botan/rw-ecp256/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/botan/rw-modp3072/description.txt b/testing/tests/botan/rw-modp3072/description.txt new file mode 100755 index 000000000..3c1c0dc84 --- /dev/null +++ b/testing/tests/botan/rw-modp3072/description.txt @@ -0,0 +1,10 @@ +The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b> +plugin based on the <b>Botan</b> library for all cryptographical functions whereas +roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical +plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange +on <b>modp3072</b>. +<p/> +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/botan/rw-modp3072/evaltest.dat b/testing/tests/botan/rw-modp3072/evaltest.dat new file mode 100755 index 000000000..51bf8c1ba --- /dev/null +++ b/testing/tests/botan/rw-modp3072/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..e5c6d88b3 --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = botan pem x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..1454ec54c --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F + +1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b +/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ +/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o +Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+ +f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6 +LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv +06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC +e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr +3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC +sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily +c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy +UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h +XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T +iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO +Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO +v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO +t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H +8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA +jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p +p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS +7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk +GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+ +4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0 +yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd ++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..8485bc3fb --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } +} + +secrets { + + rsa-carol { + file = carolKey.pem + secret = "nH5ZQEWtku0RJEZ6" + } +} diff --git a/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..b682bc054 --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..27c6f12ba --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..29b16f107 --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem botan x509 revocation constraints pubkey +} + +charon-systemd { + load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici + + rsa_pss = yes +} diff --git a/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..75c21c663 --- /dev/null +++ b/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/botan/rw-modp3072/posttest.dat b/testing/tests/botan/rw-modp3072/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/botan/rw-modp3072/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/botan/rw-modp3072/pretest.dat b/testing/tests/botan/rw-modp3072/pretest.dat new file mode 100755 index 000000000..dd1a17ccb --- /dev/null +++ b/testing/tests/botan/rw-modp3072/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/botan/rw-modp3072/test.conf b/testing/tests/botan/rw-modp3072/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/botan/rw-modp3072/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat index 7180fee05..45e76c155 100644 --- a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat +++ b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat @@ -1,11 +1,11 @@ moon::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES sun::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES -moon::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -sun::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES +moon::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +sun::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES moon::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES -moon::cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES +moon::cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES sun::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES -sun::cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES +sun::cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules index 792fc56bc..2d9a466b0 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootps (in relay mode also in OUTPUT) --A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT +# allow bootpc and bootps +-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules index 792fc56bc..2d9a466b0 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootps (in relay mode also in OUTPUT) --A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT +# allow bootpc and bootps +-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules index 792fc56bc..2d9a466b0 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootps (in relay mode also in OUTPUT) --A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT +# allow bootpc and bootps +-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat index 4abcde1e8..49271bd8c 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat @@ -10,7 +10,7 @@ carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA bui carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*unacceptable::YES moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat index e1c5be4ed..10da97f98 100644 --- a/testing/tests/ikev2/multi-level-ca/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat @@ -10,7 +10,7 @@ carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA bui carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*unacceptable::YES moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat index c6a8ff5d7..b8e2eff41 100644 --- a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat +++ b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat @@ -1,11 +1,11 @@ moon::cat /var/log/daemon.log::IKE_SA_INIT request 0.*FRAG_SUP::YES sun::cat /var/log/daemon.log::IKE_SA_INIT response 0.*FRAG_SUP::YES -moon::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -sun::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES +moon::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +sun::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES moon::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -moon::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +moon::cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES sun::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -sun::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +sun::cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem index a85635faf..646f6e8e3 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj -BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME -GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv -bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 -YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5 -nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR -Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49 -hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00= +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem index 0a0b83889..c277ba4f6 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,8 +1,8 @@ -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,0F93D8FBCA4CAA40 +DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C -jyvWqe7yjLux30mLeMsjlEjWu1A7u4xdRUg/R+JzsUxnFDpJKOEd5LgXSExrgVwD -RMlH6vVkZPboxmveOH8lXDVUyscYLLLTianw9R+Vj3zm6x7kT1CaNryLKfQSCVE8 -QGsF+LrF7/uIS+4RePGQyGv4C3pbBCB168+e362WnjQ= +CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH +7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB +71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem index e97709a3f..35b3df49a 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr -DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r -3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB -7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw -MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j -cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT -d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY -iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr -ZEmeb0/mRB56osgppA== +IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5 +7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ +rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq +duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2 +d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP +GnRyvRuhwRkbBIGt6l1mbA== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem index 574c86a2e..40a76935e 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,6 +1,6 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE -hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp -nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq -Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4= +MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n +2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco +AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B +Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem index 25f0538a7..a4962286e 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,17 +1,20 @@ -----BEGIN CERTIFICATE----- -MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg -NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO -PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU -ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0 -Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71 -tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R -BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49 -BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv -vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil -9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm -2A== +b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr +dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx +JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu +M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl +8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB +7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G +A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr +aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq +hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT +tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8 +ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN +Vjo6NkA= -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem index a1ba4c9b9..24f07b5d7 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,7 +1,7 @@ -----BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix -+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak -OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg -Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2 -lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg== +MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B +qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb +Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ +7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd +lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA== -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem index a85635faf..646f6e8e3 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj -BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME -GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv -bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 -YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5 -nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR -Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49 -hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00= +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem index d2f97f858..c277ba4f6 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,8 +1,8 @@ -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F +DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C -eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde -v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK -NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U= +CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH +7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB +71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem index e97709a3f..35b3df49a 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr -DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r -3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB -7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw -MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j -cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT -d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY -iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr -ZEmeb0/mRB56osgppA== +IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5 +7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ +rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq +duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2 +d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP +GnRyvRuhwRkbBIGt6l1mbA== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem index 574c86a2e..40a76935e 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,6 +1,6 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE -hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp -nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq -Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4= +MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n +2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco +AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B +Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem index 25f0538a7..a4962286e 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,17 +1,20 @@ -----BEGIN CERTIFICATE----- -MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg -NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO -PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU -ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0 -Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71 -tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R -BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49 -BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv -vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil -9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm -2A== +b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr +dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx +JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu +M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl +8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB +7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G +A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr +aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq +hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT +tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8 +ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN +Vjo6NkA= -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem index a1ba4c9b9..24f07b5d7 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,7 +1,7 @@ -----BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix -+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak -OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg -Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2 -lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg== +MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B +qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb +Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ +7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd +lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA== -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem index a85635faf..646f6e8e3 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj -BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME -GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv -bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 -YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5 -nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR -Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49 -hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00= +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem index 681c1ee67..d043dfd6d 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,6 +1,7 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIGwMBsGCSqGSIb3DQEFAzAOBAhvrv2j+DAo4AICCAAEgZAkhslW1CuYRZ7SKigR -p/5suJU4xR6scHyS1yVYtrTC99Ha287MuS1/KUf0DZasx89AxoYcOgr+YvuIrUYw -/f8cNmkcw3E2EvGwy7VVtqf12M+j4B2eUSNjaQvw4sQvxFPlbETocWYaLOOZrgr1 -/+b5n4o4VZ/MYDyfxmgNNluXaVGz9xP5pTvHI7ocDJzh5d4= +MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiROOtxlAFj6QICCAAw +HQYJYIZIAWUDBAECBBBD9qsqx1EbF8RiH8mOSf9iBIGQ3URjA/8q9stwEZNsEtS5 +/EzlxReZu+hSmH4+PlOXegP8bSpVtSC+wgTierfXNKDOV4Bs+OY3F/l0D0NYYiaj +u041/vF1NuO38Fu5rwMZJcCZhlLXVuQVBqyQ5I+52RxTjoEluIQ5MvJOcMap/mc+ +saMMOFLlCeiseIuAWOjcpFzoOWUgXRcABCXJItj+6RgK -----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem index e97709a3f..35b3df49a 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr -DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r -3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB -7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw -MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j -cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT -d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY -iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr -ZEmeb0/mRB56osgppA== +IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5 +7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ +rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq +duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2 +d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP +GnRyvRuhwRkbBIGt6l1mbA== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem index 6dca1f239..c32137ef9 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,8 +1,8 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9Dxjbv7bnuoCAggA -MBQGCCqGSIb3DQMHBAjONh5rePJ/owSBwG8qgvCeUae7yZQRM1iEa90zq1yrS71z -l5dEFzeFnYcu25qVK6IkYRHUFZIDGep+2Ep33+IrCYadV69AjCdM3Lnl+cjp+vVn -o1ZvXoNKMor0AHyuTbHI/xdOrd2ZFjkWITnXX2qHTKViFFBoMGo7Jb9XI2eAT4hF -0Z2EaAzl383eBQ/Wb/Jr0c+cwi5lvRLW5OKp48mQ5++8wJlaw+7W1MxPVhggG6U3 -lVzl9N+aLEFOSr0b8EMTDywJNBJZcNOQZw== +MIIBDjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIfDUTNLH0pIECAggA +MB0GCWCGSAFlAwQBFgQQJkz6Ue4pqL1cy6jxNoXBMQSBwMn8dxyRJjcjbPvy6v7r +Zdn7Nb69xYhkH2n+8DY8vfutsh9g84HbzzBLhpl1MJZXq8xwxS1AQUYNJqoIrd9s +4j8IkGZX935I2FBABzN4JEdY2h1zX3VJxU0XgDLEPYYJUUY0PTQ+5P1ooYyDg73t +lAUw2eKPl9sgdX2f+5gTLVJZMFkWJsCFkCHFRdLaFdsaXcoB8TI0UWYSK1yJD+6K +XbCMqK/jV/jckXtwCMIG8/DSxnObFu2PEUGjzMSAVUvCWQ== -----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem index 25f0538a7..a4962286e 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,17 +1,20 @@ -----BEGIN CERTIFICATE----- -MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg -NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO -PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU -ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0 -Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71 -tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R -BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49 -BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv -vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil -9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm -2A== +b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr +dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx +JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu +M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl +8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB +7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G +A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr +aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq +hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT +tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8 +ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN +Vjo6NkA= -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem index 04db7f7e0..24f07b5d7 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,8 +1,7 @@ ------BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB2FqpGVb6Q8oGdL/b -oMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6y -MDfqZhuhgYkDgYYABABlnLakOG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4v -TemT194qTZVQIugGEuzF1mQgYk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2 -X45I1D2iihIZsNH8treYFIT2lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUg -Ng== ------END PRIVATE KEY----- +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B +qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb +Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ +7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd +lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA== +-----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat index a24c7a053..5b525ef06 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat @@ -3,7 +3,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES +carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf index ee8cbcdef..f3d7a807c 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf @@ -15,7 +15,7 @@ conn home leftauth=eap leftfirewall=yes right=PH_IP_MOON - rightid="C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org" + rightid="C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org" rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem index a85635faf..646f6e8e3 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj -BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME -GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv -bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 -YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5 -nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR -Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49 -hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00= +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem index d2f97f858..c277ba4f6 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,8 +1,8 @@ -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F +DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C -eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde -v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK -NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U= +CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH +7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB +71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem index 25f0538a7..a4962286e 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,17 +1,20 @@ -----BEGIN CERTIFICATE----- -MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg -NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO -PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU -ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0 -Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71 -tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R -BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49 -BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv -vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil -9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm -2A== +b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB +IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr +dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx +JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu +M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl +8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB +7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G +A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr +aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq +hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT +tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8 +ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN +Vjo6NkA= -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem index a1ba4c9b9..24f07b5d7 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,7 +1,7 @@ -----BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix -+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak -OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg -Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2 -lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg== +MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B +qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb +Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ +7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd +lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA== -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem index a85635faf..646f6e8e3 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj -BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME -GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv -bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 -YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5 -nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR -Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49 -hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00= +IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C +Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+ +aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u +Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0 +cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n +c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA +7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm +q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE +gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem index 522a29607..c8c12c3b7 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,6 +1,7 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIGxMBwGCiqGSIb3DQEMAQMwDgQIMZeZ6WcLRQICAggABIGQVdFY4uNX+wTljx5B -maey2lQKGzR1uWujrlgrnV5XUllz5riVLBQ62guQv2TWkQmwaiT503Fki+Hc+VfJ -9CYAg9UjPuT/2H0e5wq0ZnWNJkpWY2LRpMeCkS4Tdww8PBINAoDraeLxtYLm2xsX -mQ7raVahMTmSIO0YTkT7DJmevJAh2zYP7B613tY0PSKxcIdI +MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAgyh91hjqzCuAICCAAw +HQYJYIZIAWUDBAECBBBZwepsRENncvW5UJ/blAqmBIGQZdbHnD3PWEbUXZJPkbIK +VvJZkd2+k12IxdShMWwCeW93R+3nj+7T0NPAQqMbuqz51zgO+SuXDupUIKdLHKMy +vdasLrbA3fe7YFVlxQjB6fB69V059ifi61OCIO/KfC7Je4ff3TZVwJcUYpduPIkQ +BZAw46T0JtrXltFgxxGYnnTlzuYW6EDB3l6Fwb2zCyZm -----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem index c83be145d..0f6315794 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC7TCCAlCgAwIBAgIBEjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMzUyNFoXDTIzMDYxMTEyMzUyNFowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh -RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw -FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz -d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c -CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3 -45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi -gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI= +IDI1NiBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAATRc+i666sxHVohZ/4ld8ffz2xoa+x9+7TzM689nczQ +oZMs3+AJIjjNzdjvEe6kPHW73p51IdtlVF97Ib62hgQuo4IBEzCCAQ8wCQYDVR0T +BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDA3QkktCD5ZvWeiepNeQPWpcKP8 +MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYETZGF2ZUBzdHJv +bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 +YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GKADCBhgJBOrfM +xT0Cn1uXVvuS977ANQZwzAX4O9y5POFXBkDKLFPL9hgWg7jxhREkDRcvViovMmiM +EAjoEZLD8SysfYrRZxcCQXtgWTfS2GAIDSQS1of1so/8Z/xZdfoIWxRoZ/xmH7jY +Yt3wK6yGjziEbX9LGN4MkOwkJKjEkTwbTygv7Wt3arz/ -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem index 17e94022e..a4041c5fa 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICwxFtCsSqIAzwZDyxHclTRdz/tGzAY7fP/vPoxqr8vuoAoGCCqGSM49 -AwEHoUQDQgAENGlLrntwXAbxemhCEiA+HPplQScr0ptnz1UUZAEKoUZLUxzGA1mO -gfHv4hq+Bg3heW46+OrzAeXhLVcd3IVm0A== +MHcCAQEEICEAikut4YuFnv6vLE/7Lk+LmQ+ic35apftbhu2+TICQoAoGCCqGSM49 +AwEHoUQDQgAE0XPouuurMR1aIWf+JXfH389saGvsffu08zOvPZ3M0KGTLN/gCSI4 +zc3Y7xHupDx1u96edSHbZVRfeyG+toYELg== -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem index a3b043e82..961c8bec8 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,15 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICXDCCAb2gAwIBAgIBBzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIC7jCCAlCgAwIBAgIBEzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MTc0M1oXDTE4MDYwMjA3MTc0M1owXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzE0MzEzMVoXDTIzMDYxMTE0MzEzMVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO -PQIBBggqhkjOPQMBBwNCAATf97+pfDnyPIA9gf6bYTZiIjNBAbCjCIqxxWou/oMq -/9V1O20vyI/dg2g3yzTdzESUa+X81fop+i2n9ymBqI1No4GBMH8wHwYDVR0jBBgw -FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz -d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCALNndw3C -DDWCb0f+6P6hxkqiYmUpv39XrioZrLbw+MjMD2WAchbj60KibBep1cVwIq3kWIJ6 -Jj0tYXG+f6yjmImqAkIBGOGRm+MQZxPFdYZoJZq5QXwIN0w2hJxmLIxBASW4PLdl -RLIlvW/XTJObdb0VVYmClg0HTSvuuYOJrzwdyd8D1w0= +PQIBBggqhkjOPQMBBwNCAATCqc/Wov++N8wvG3IhsEAxa38bxoIBPQZeOqMyi/lV +breEsOSJD/POV3gkt1lKOaQ502XdJcjdAvCqjtbpzCMWo4IBEzCCAQ8wCQYDVR0T +BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFAtkayAwMYDQqnlKDRvm7HNCIxY8 +MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYITbW9vbi5zdHJv +bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3 +YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GLADCBhwJBVnfl +l9eV6R+jNdUCuz+yDdM7c1UpQ+Qy7rtXq50KZY7d1xJsTk152LxXIkO8EJnHmO4l +s39RHlGXItWcYGffXIICQgCLB+R8QFnMcKlgpjrxsuO/Ljg1RcMav3y3zaHJJJLT +eJBEL7RhDaPGcJ/hKU4TPwvSEIkswQaDnN+oAZiz/gFDUw== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem index 5bd2778a9..c0a8c852b 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIHWBnv6tDi/CTTWOQi/0XME7r8Wd5GRPaXx3wNTElpSvoAoGCCqGSM49 -AwEHoUQDQgAE3/e/qXw58jyAPYH+m2E2YiIzQQGwowiKscVqLv6DKv/VdTttL8iP -3YNoN8s03cxElGvl/NX6Kfotp/cpgaiNTQ== +MHcCAQEEIG7fewqQ4RTIWsck4m9ftByXOl4X0va0RtYqdbiF9CAHoAoGCCqGSM49 +AwEHoUQDQgAEwqnP1qL/vjfMLxtyIbBAMWt/G8aCAT0GXjqjMov5VW63hLDkiQ/z +zld4JLdZSjmkOdNl3SXI3QLwqo7W6cwjFg== -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem index f43957143..f3f4c6671 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICfDCCAd2gAwIBAgIBCjAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDDjCCAm+gAwIBAgIBETAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzE1NFoXDTE4MDYwMjA3MzE1NFowXzELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMzQzMloXDTIzMDYxMTEyMzQzMlowXzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDM4NCBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI -zj0CAQYFK4EEACIDYgAERiDlh/bOFDq6bSRdDq2ivOcNcxWSGlO5dy5yBRvAhTWl -NJcy93jxhDIzF5mxPpmgNXpdmSBRKbm3ydkw8LbWI+5/lje06Yl6nOLBO6Zb7GqH -XFO+BqJrUxzbdHXwxWqto4GDMIGAMB8GA1UdIwQYMBaAFLpd+XG2E7Vq0d26Nreq -0sHuj9jSMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 -MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l -Yy5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8mbKzo+mp8umjvpoQUo5pIvR1CQQ -lvBGCUWv7mtq1CVBXzv7Z+HQqPsrL388RymEErA7BzDMkPKTa5E3ZV5LL38CQgDx -+v/cIcJdYngOOF0IgVSDzcGgSvOmMlPF/D97eC4Od7XwdYl5p9Sxi4SjmDZZi4r/ -EArN3teDfoc7CZcRxWcDhQ== +IDM4NCBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAExm8lmoXGUfLL8xzhhQFmadz7SjPdubASbH9m+t7h30OV +yo+NPmtve7uqrWzttyWfqR7tFSOLtP5joj8U9E580ilT/2MsjVQJpKOFpYaggPUK +f+fhRwfQMUunyyAoIRSbo4IBFDCCARAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw +HQYDVR0OBBYEFCQeIdu6skXTNWUg5w1Eb9HR1dU2MHgGA1UdIwRxMG+AFLpd+XG2 +E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA +9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwPAYDVR0f +BDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2Fu +X2VjLmNybDAKBggqhkjOPQQDAgOBjAAwgYgCQgGptTrYfjcWM+P66K5W+sq1d4X6 +E0+I2lXRKRiku2vPjpTQZJim4k4pAJNC19R2CCJMBgqab1ROUUsHMMHBNcyR/gJC +AN6S1J68o3UTQwAyN/zXW4ur8cxsPKV9uZYoz7O6Snz+eTliz/g8NPtfLYUseCii +VoXhdWwKkiRd8Cjck+RJHVWh -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem index 52e044d5e..713942d7f 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,8 +1,8 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBJ620rnDFmACAggA -MBQGCCqGSIb3DQMHBAh/kkTRYRcX+wSBwIWR0utZGuNjA73xHtLlpgEG+Bt3WfVk -f/C5nSAIov9F3x1BdJ6il25cdcZBsq8/I15kWU9M5CyAnoHFNLcyAHcRK6NONqlr -lFCrU0P5OBDbo6YbCVQKAufCCH1WIGdJvMKL5gaV4mytTrc0g8aYr+66lMKlMJb8 -43pzNGdEwLFfyrpKIFjysCIj30btCVzJWFDeBptmF9Vw0ST+x7x6FWjh2SRgnU10 -/0cs85hh6etFtXlUhzSw7P3abL/8zmWIHw== +MIIBDjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI1OV1cAp5SZcCAggA +MB0GCWCGSAFlAwQBFgQQ1SGtVnno2vKhkF+iPT6vygSBwFZQrciZs2FN8cDI0x9c +3OFxbaRawXnagMlpYq/To268rDFtcKGBN7JxwBaFGJw4NFrU/sOu2NkhLuA/Jbaz +w75aQ/MjTeOtwy2PS62J/+T1zqCdfpfCJYeYCc2CPd3E21FbsW0Mmfw1b8vZ2YeS +lsd9jvY/bob4tH68J1ZqErOLaCU0EXPgqlZiLhcDIwfZJDqrZ5xFHk3mcjB6Pc4O +TWwJN+elQoxd29HSASw9plO2p1DRDpSZPTU67UDXDOWfJA== -----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem index e97709a3f..35b3df49a 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB -IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr -DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r -3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB -7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw -MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j -cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT -d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY -iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr -ZEmeb0/mRB56osgppA== +IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5 +7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ +rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq +duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2 +d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP +GnRyvRuhwRkbBIGt6l1mbA== -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem index 574c86a2e..40a76935e 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,6 +1,6 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE -hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp -nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq -Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4= +MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n +2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco +AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B +Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww= -----END EC PRIVATE KEY----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 3480a434a..a1a86a222 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC -Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3 -YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA -BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn -/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM -h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2 -t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx -CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD -ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM -ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq -cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q -3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg= +MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT +AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT +d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI +MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE +AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG +AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE +J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb +TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd +uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E +J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd +YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA +ihgk0RArH39otlUFPSbSE9bicCDy -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem index 7bf96cdc8..a71ffdca1 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,16 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICdzCCAdqgAwIBAgIBCDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG +MIIDCzCCAm2gAwIBAgIBFDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS -b290IENBMB4XDTEzMDYyODA3MjA1MFoXDTE4MDYwMjA3MjA1MFowXjELMAkGA1UE +b290IENBMB4XDTE4MDYxMzE0MzE1MVoXDTIzMDYxMTE0MzE1MVowXjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijEV5Nw1OqU5jlk -srCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42COUhWXh760M/c -2SNzsjvsJgGXAsiPwiajgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB -7o/Y0jAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw -MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j -cmwwCgYIKoZIzj0EAwQDgYoAMIGGAkE35mfDj/fFUXGsetoU9l9Kt3jbIKYugJgE -2gmv/MW8jwrqoP7y6ATHXJkonA6AvEK+o0ZMrae55lIKPkBh5xk3XQJBfp5Eqg6Y -efRIXUeLksM56fRjVwJS6es7qb8l1q6+c1wC1A3lEHQvAs+kJxFfFyni2oxA923F -h2eoaYy9vSqET5Q= +PQIBBgUrgQQAIgNiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q4+MyOBab2jzM +AVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSBwyYzL9+Nhnam +F6qMSaPBnIE2CK2hgqGjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd +BgNVHQ4EFgQUT4FEmRbCvjxKsXqruiQgzC50pj0weAYDVR0jBHEwb4AUul35cbYT +tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2 +onV+Iu+miTAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1 +MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l +Yy5jcmwwCgYIKoZIzj0EAwIDgYsAMIGHAkIAhHCvrcHfCJbPcNDdyT4x3F3V2wq7 +96TzcVzlLJ+zSxr3Xo3eqOZaxAlnnoI4aQIukZ0RXzSCebDrOL9+k+5uRakCQU9k +W5MphqYKOys+lQmpKBEnzZlM1QvFfUUiXwoxN8Ilc9c0nSVXKl9m/uPgP7GZjvaE +J4juvRKmi2nMoxWIJtMt -----END CERTIFICATE----- diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem index 231aa3bdc..ba7520f6c 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,6 +1,6 @@ -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDDlpnLnnwL+nIt/+e+cY2PoTtyHPM10qgck9nYj/f3bPd3ZfiraSBhZ -KttBZfw5xQKgBwYFK4EEACKhZANiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijE -V5Nw1OqU5jlksrCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42C -OUhWXh760M/c2SNzsjvsJgGXAsiPwiY= +MIGkAgEBBDDuG7KDU5nek/TFvZQIxg89wevYYa1/EDyQHLFanmbK1DTx07Wv9D/b +BL5sHWEPNMGgBwYFK4EEACKhZANiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q +4+MyOBab2jzMAVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSB +wyYzL9+NhnamF6qMSaPBnIE2CK2hgqE= -----END EC PRIVATE KEY----- diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules index 792fc56bc..2d9a466b0 100644 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules @@ -5,8 +5,8 @@ -P OUTPUT DROP -P FORWARD DROP -# allow bootps (in relay mode also in OUTPUT) --A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT +# allow bootpc and bootps +-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT # allow broadcasts from eth1 diff --git a/testing/tests/swanctl/frags-ipv4/evaltest.dat b/testing/tests/swanctl/frags-ipv4/evaltest.dat index 4b0455667..0bae44ad2 100755 --- a/testing/tests/swanctl/frags-ipv4/evaltest.dat +++ b/testing/tests/swanctl/frags-ipv4/evaltest.dat @@ -1,12 +1,12 @@ -carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES +carol:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +dave:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +moon:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES -carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES +carol:: cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES diff --git a/testing/tests/swanctl/frags-ipv6/evaltest.dat b/testing/tests/swanctl/frags-ipv6/evaltest.dat index 18814f65e..f7af441a4 100755 --- a/testing/tests/swanctl/frags-ipv6/evaltest.dat +++ b/testing/tests/swanctl/frags-ipv6/evaltest.dat @@ -1,12 +1,12 @@ -carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES -moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES +carol:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +dave:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES +moon:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES -carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES +carol:: cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES -moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES +moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES diff --git a/testing/tests/swanctl/multi-level-ca/evaltest.dat b/testing/tests/swanctl/multi-level-ca/evaltest.dat index 050a35db3..e6ec6b2ff 100644 --- a/testing/tests/swanctl/multi-level-ca/evaltest.dat +++ b/testing/tests/swanctl/multi-level-ca/evaltest.dat @@ -11,7 +11,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED. moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES +moon:: cat /var/log/daemon.log::selected peer config.*research.*unacceptable::YES moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf index cdf6bcaf5..aeea94e1f 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf @@ -11,7 +11,7 @@ connections { id = moon.strongswan.org } children { - net-moon { + net { local_ts = 10.2.0.0/16 remote_ts = 10.1.0.0/16 @@ -23,27 +23,16 @@ connections { mobike = no proposals = aes128-sha256-x25519 } - gw-sun { - local { - auth = pubkey - certs = carolCert.pem - id = carol@strongswan.org - } + + gw-sun : connections.gw-moon { remote { - auth = pubkey id = sun.strongswan.org } children { - net-sun { + net { local_ts = 10.1.0.0/16 remote_ts = 10.2.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 } } - version = 2 - mobike = no - proposals = aes128-sha256-modp3072 } } diff --git a/testing/tests/swanctl/ocsp-multi-level/evaltest.dat b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat index 2f3c34622..87ef4319b 100644 --- a/testing/tests/swanctl/ocsp-multi-level/evaltest.dat +++ b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat @@ -18,7 +18,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED. moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES +moon:: cat /var/log/daemon.log::selected peer config.*research.*unacceptable::YES moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO diff --git a/testing/tests/swanctl/rw-cert-ppk/description.txt b/testing/tests/swanctl/rw-cert-ppk/description.txt new file mode 100755 index 000000000..53e103359 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/description.txt @@ -0,0 +1,11 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b> +and includes a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the +derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b> +but since both peers don't enforce the use of a PPK they fall back to regular +authentication by use of the authentication data provided in the NO_PPK_AUTH +notify. +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/swanctl/rw-cert-ppk/evaltest.dat b/testing/tests/swanctl/rw-cert-ppk/evaltest.dat new file mode 100755 index 000000000..4138124a7 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/evaltest.dat @@ -0,0 +1,15 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES +moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES +moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..b415e075c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..1454ec54c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F + +1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b +/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ +/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o +Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+ +f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6 +LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv +06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC +e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr +3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC +sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily +c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy +UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h +XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T +iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO +Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO +v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO +t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H +8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA +jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p +p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS +7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk +GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+ +4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0 +yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd ++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..4d0057c94 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,42 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + ppk_id = ppk-carol@strongswan.org + ppk_required = yes + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + rsa-carol { + file = carolKey.pem + secret = "nH5ZQEWtku0RJEZ6" + } + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..b415e075c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..63282479f --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,38 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + ppk_id = ppk-dave@strongswan.org + ppk_required = no + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + ppk-dave { + id = ppk-dave@strongswan.org + secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13 + } +}
\ No newline at end of file diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..b415e075c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..f6c05695d --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} diff --git a/testing/tests/swanctl/rw-cert-ppk/posttest.dat b/testing/tests/swanctl/rw-cert-ppk/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-cert-ppk/pretest.dat b/testing/tests/swanctl/rw-cert-ppk/pretest.dat new file mode 100755 index 000000000..dd1a17ccb --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-cert-ppk/test.conf b/testing/tests/swanctl/rw-cert-ppk/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-ppk/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt new file mode 100644 index 000000000..fb8449068 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt @@ -0,0 +1,11 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the clients by sending +an IKEv2 <b>RSA signature</b> accompanied by a certificate. +The roadwarrios then use the <i>Extensible Authentication Protocol</i> +in association with an <i>MD5</i> challenge and response protocol +(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b> and includes +a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the +derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b> +but since both peers don't enforce the use of a PPK they fall back to regular +authentication by use of the authentication data provided in the NO_PPK_AUTH +notify. diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat new file mode 100644 index 000000000..b02c21257 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat @@ -0,0 +1,27 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES +carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol +moon:: cat /var/log/daemon.log::EAP method EAP_MD5 succeeded, no MSK established +moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES +moon:: cat /var/log/daemon.log::received EAP identity.*dave +moon:: cat /var/log/daemon.log::EAP method EAP_MD5 succeeded, no MSK established +moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES +moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES +moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..d2cc789b3 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown +} diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..b01ce7289 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,41 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + ppk_id = ppk-carol@strongswan.org + ppk_required = yes + + local { + auth = eap + eap_id = carol + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + eap-carol { + id = carol + secret = Ar3etTnp + } + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..d2cc789b3 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown +} diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..f288788a9 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,39 @@ +connections { + + home { + remote_addrs = 192.168.0.1 + + ppk_id = ppk-dave@strongswan.org + + local { + auth = eap + eap_id = dave + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + eap-dave { + id = dave + secret = W7R0g3do + } + ppk-dave { + id = ppk-dave@strongswan.org + secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13 + } +} diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..d2cc789b3 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown +} diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..f4485ced1 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,44 @@ +connections { + + rw-eap { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = eap-md5 + eap_id = %any + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-x25519 + } +} + +secrets { + + eap-carol { + id = carol + secret = Ar3etTnp + } + eap-dave { + id = dave + secret = W7R0g3do + } + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} + diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat new file mode 100644 index 000000000..46536ef80 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::swanctl --terminate --ike home +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat new file mode 100644 index 000000000..9ae476e64 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat @@ -0,0 +1,13 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +carol::cd /etc/swanctl; rm rsa/* x509/* +dave::cd /etc/swanctl; rm rsa/* x509/* +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw-eap +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf new file mode 100644 index 000000000..842f4b38d --- /dev/null +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice carol moon dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-ed25519-certpol/description.txt b/testing/tests/swanctl/rw-ed25519-certpol/description.txt new file mode 100755 index 000000000..00f552939 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/description.txt @@ -0,0 +1,6 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b> +containing <b>Ed25519</b> keys. The CA defines two certificate policies +<b>1.3.6.1.4.1.36906.1.1.1</b> and <b>1.3.6.1.4.1.36906.1.1.2</b>, the former one +contained in <b>carol</b>'s certificate. Since gateway <b>moon</b> enforces this +certificate policy, <b>carol</b> is accepted whereas <b>dave</b> is rejected. diff --git a/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat b/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat new file mode 100755 index 000000000..0e8593d4e --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat @@ -0,0 +1,12 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*::NO +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*::NO +moon::cat /var/log/daemon.log::constraint requires cert policy 1.3.6.1.4.1.36906.1.1.1::YES +dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES +alice::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::NO +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..91a05eabc --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem new file mode 100644 index 000000000..5c3e2623d --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8 +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..9990cf319 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..70d7664af --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/DCCAa6gAwIBAgIBBTAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTgwNjIxMTQzMDU1WhcNMjMwNjIxMTQzMDU1WjBbMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh +APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GiMIGfMB8GA1UdIwQY +MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAYBgNVHSAEETAPMA0GCysGAQQB +gqAqAQEBMAUGAytlcANBAJAqyQd0TjQUTba+9NzVdboKhq3D6I/go7wjzx9G2O5s +xn1QimUMNHpY4i8eDD9ISvZIR2sziZgm79zV/sY1bQw= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..91a05eabc --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem new file mode 100644 index 000000000..bf84ef3dd --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..2c5c8f3ee --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem new file mode 100644 index 000000000..18f0e088c --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz +d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn +86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK +MEj7Dg== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..b81a8a61a --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + default = 1 } + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem new file mode 100644 index 000000000..491d36430 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..1cc6ea429 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + cert_policy = 1.3.6.1.4.1.36906.1.1.1 + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..e67b224b6 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww +BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX +8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..ec34ff0b0 --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw +A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg +GjZr7I5qruXG76jCbjDTlGSbBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat b/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat new file mode 100755 index 000000000..57fda649c --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat @@ -0,0 +1,11 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +carol::rm /etc/swanctl/pkcs8/* +dave::rm /etc/swanctl/pkcs8/* +moon::rm /etc/swanctl/pkcs8/* +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat b/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat new file mode 100755 index 000000000..34b118c1d --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat @@ -0,0 +1,14 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::rm /etc/swanctl/rsa/* +carol::rm /etc/swanctl/rsa/* +dave::rm /etc/swanctl/rsa/* +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-ed25519-certpol/test.conf b/testing/tests/swanctl/rw-ed25519-certpol/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-ed25519-certpol/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-psk-ppk/description.txt b/testing/tests/swanctl/rw-psk-ppk/description.txt new file mode 100755 index 000000000..b9535b95c --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/description.txt @@ -0,0 +1,11 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b> +and <b>Fully Qualified Domain Names</b> and includes a <b>Postquantum Preshared Key (PPK)</b> +that's also mixed into the derived key material. The PPK_ID used by <b>dave</b> is +unknown to <b>moon</b> but since both peers don't enforce the use of a PPK they fall back +to regular authentication by use of the authentication data provided in the NO_PPK_AUTH +notify. +Upon the successful establishment of the IPsec tunnels, +<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that +let pass the tunneled traffic. In order to test both tunnel and firewall, both +<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/swanctl/rw-psk-ppk/evaltest.dat b/testing/tests/swanctl/rw-psk-ppk/evaltest.dat new file mode 100755 index 000000000..b8b3fcb0e --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/evaltest.dat @@ -0,0 +1,15 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES +moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES +moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES +moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES +alice::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..b56cc0cbf --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = random openssl +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici + syslog { + daemon { + ike = 4 + } + } +} diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..935a39ea8 --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,43 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + ppk_id = ppk-carol@strongswan.org + ppk_required = yes + + local { + auth = psk + id = carol@strongswan.org + } + remote { + auth = psk + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + ike-moon { + id = moon.strongswan.org + # hex value equal to base64 0sFpZAZqEN6Ti9sqt4ZP5EWcqx + secret = 0x16964066a10de938bdb2ab7864fe4459cab1 + } + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} + diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..dcef959ef --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = random openssl +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..84134fed3 --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,40 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + ppk_id = ppk-dave@strongswan.org + + local { + auth = psk + id = dave@strongswan.org + } + remote { + auth = psk + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + ike-moon { + id = moon.strongswan.org + secret = 0sjVzONCF02ncsgiSlmIXeqhGN + } + ppk-dave { + id = ppk-dave@strongswan.org + secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13 + } +} diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..dcef959ef --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = random openssl +} + +charon-systemd { + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici +} diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..8552945bb --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,42 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + ppk_id = *@strongswan.org + + local { + auth = psk + id = moon.strongswan.org + } + remote { + auth = psk + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + ike-carol { + id = carol@strongswan.org + secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx + } + ike-dave { + id = dave@strongswan.org + secret = 0sjVzONCF02ncsgiSlmIXeqhGN + } + ppk-carol { + id = ppk-carol@strongswan.org + secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb + } +} diff --git a/testing/tests/swanctl/rw-psk-ppk/posttest.dat b/testing/tests/swanctl/rw-psk-ppk/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-psk-ppk/pretest.dat b/testing/tests/swanctl/rw-psk-ppk/pretest.dat new file mode 100755 index 000000000..48849c8b0 --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/pretest.dat @@ -0,0 +1,14 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/* +carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/* +dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/* +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-psk-ppk/test.conf b/testing/tests/swanctl/rw-psk-ppk/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-psk-ppk/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt deleted file mode 100644 index 90e85485c..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt +++ /dev/null @@ -1,9 +0,0 @@ -The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision -point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the -<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication -during the <b>TLS setup phase</b>. -<p/> -During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs -loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages -embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver -a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>. diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat deleted file mode 100644 index 7850e2e74..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat +++ /dev/null @@ -1,25 +0,0 @@ -dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES -dave:: cat /var/log/auth.log::collected ... SW records::YES -carol::cat /var/log/auth.log::received SASL Success result::YES -carol::cat /var/log/auth.log::collected ... SW ID records::YES -carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES -carol::cat /var/log/auth.log::collected 1 SW record::YES -alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES -alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES -alice::cat /var/log/daemon.log::certificate status is good::YES -alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES -alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES -alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES -alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES -moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES -alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES -alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES -alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES -alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES -alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES -alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES -alice::cat /var/log/daemon.log::1 SWID tag target::YES -alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES -alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES -alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES -moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf deleted file mode 100644 index 4075f75bd..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf +++ /dev/null @@ -1,31 +0,0 @@ -WSGIPythonPath /var/www/tnc - -<VirtualHost *:80> - ServerName tnc.strongswan.org - ServerAlias tnc - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/tnc - - <Directory /var/www/tnc/config> - <Files wsgi.py> - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> - </Files> - </Directory> - - WSGIScriptAlias / /var/www/tnc/config/wsgi.py - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - Alias /static/ /var/www/tnc/static/ - - ErrorLog ${APACHE_LOG_DIR}/tnc/error.log - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined -</VirtualHost> diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default deleted file mode 100644 index 1dc8b5688..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default +++ /dev/null @@ -1 +0,0 @@ -Include sites-available/000-default.conf
\ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules deleted file mode 100644 index c556d9483..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules +++ /dev/null @@ -1,28 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# open loopback interface --A INPUT -i lo -j ACCEPT --A OUTPUT -o lo -j ACCEPT - -# allow PT-TLS --A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT --A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT - -# allow inbound ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow outbound ssh --A OUTPUT -p tcp --dport 22 -j ACCEPT --A INPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql deleted file mode 100644 index 16ab96d58..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql +++ /dev/null @@ -1,61 +0,0 @@ -/* Devices */ - -INSERT INTO devices ( /* 1 */ - value, product, created -) -SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 -FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; - -/* Groups Members */ - -INSERT INTO groups_members ( - group_id, device_id -) VALUES ( - 10, 1 -); - -/* Identities */ - -INSERT INTO identities ( - type, value -) VALUES ( /* dave@strongswan.org */ - 4, X'64617665407374726f6e677377616e2e6f7267' -); - -/* Sessions */ - -INSERT INTO sessions ( - time, connection, identity, device, product, rec -) -SELECT NOW, 1, 1, 1, id, 0 -FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; - -/* Results */ - -INSERT INTO results ( - session, policy, rec, result -) VALUES ( - 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' -); - -/* Enforcements */ - -INSERT INTO enforcements ( - policy, group_id, max_age, rec_fail, rec_noresult -) VALUES ( - 3, 10, 0, 2, 2 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 17, 2, 86400 -); - -INSERT INTO enforcements ( - policy, group_id, max_age -) VALUES ( - 18, 10, 86400 -); - -DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini deleted file mode 100644 index 5ae53c47a..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini +++ /dev/null @@ -1,19 +0,0 @@ -[debug] -DEBUG=0 -TEMPLATE_DEBUG=0 -DEBUG_TOOLBAR=0 - -[db] -DJANGO_DB_URL=sqlite:////var/www/tnc/django.db -STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db - -[localization] -LANGUAGE_CODE=en-us -TIME_ZONE=Europe/Zurich - -[admins] -Your Name: alice@strongswan.org - -[security] -SECRET_KEY=strongSwan -ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 04d7dbacc..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,46 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - - syslog { - daemon { - tls = 2 - tnc = 2 - imv = 3 - } - } - plugins { - tnc-pdp { - server = aaa.strongswan.org - radius { - secret = gv6URkSs - } - } - tnc-imv { - dlclose = no - } - } -} - -libtls { - suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -} - -libimcv { - database = sqlite:///etc/db.d/config.db - policy_script = /usr/local/libexec/ipsec/imv_policy_manager - - plugins { - imv-swima { - rest_api { - uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ - } - } - } -} - -imv_policy_manager { - command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""' - command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""' -} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem deleted file mode 100644 index adc47dd33..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl -h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l -0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a -VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S -W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD -e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k -nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj -AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/ -/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs -P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF -sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek -uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj -PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5 -hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg -Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+ -Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL -SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU -zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH -xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I -XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF -hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9 -AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO -Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH -yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5 -9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc= ------END RSA PRIVATE KEY----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf deleted file mode 100644 index 635620b7d..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,7 +0,0 @@ -secrets { - - eap-carol { - id = carol - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem deleted file mode 100644 index 42083c2a9..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX -z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii -95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS -rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6 -fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR -dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig -kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd -p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT -EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB -BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y -Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs -nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/ -TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2 -FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ -GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH -sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73 -xyr/Qw== ------END CERTIFICATE----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config deleted file mode 100644 index 1499dfc90..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so -IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql deleted file mode 100644 index 805c8bfd9..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql +++ /dev/null @@ -1,4 +0,0 @@ -/* strongSwan SQLite database */ - -/* configuration is read from the command line */ -/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules deleted file mode 100644 index d01d0a3c9..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules +++ /dev/null @@ -1,20 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow PT-TLS --A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT --A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options deleted file mode 100644 index 52a3673b3..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options +++ /dev/null @@ -1,6 +0,0 @@ ---connect aaa.strongswan.org ---client carol ---secret "Ar3etTnp" ---cert /etc/swanctl/x509ca/strongswanCert.pem ---quiet ---debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 5aad08905..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,18 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libtls { - suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -} - -libimcv { - swid_gen { - tag_creator { - name = Debian Project - regid = debian.org - } - } -} - -pt-tls-client { - load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 -} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index 28da4d427..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1 +0,0 @@ -# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config deleted file mode 100644 index 3975056ca..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql deleted file mode 100644 index 805c8bfd9..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql +++ /dev/null @@ -1,4 +0,0 @@ -/* strongSwan SQLite database */ - -/* configuration is read from the command line */ -/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules deleted file mode 100644 index d01d0a3c9..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules +++ /dev/null @@ -1,20 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow PT-TLS --A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT --A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options deleted file mode 100644 index 08953142f..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options +++ /dev/null @@ -1,7 +0,0 @@ ---connect aaa.strongswan.org ---client dave@strongswan.org ---key /etc/swanctl/rsa/daveKey.pem ---cert /etc/swanctl/x509/daveCert.pem ---cert /etc/swanctl/x509ca/strongswanCert.pem ---quiet ---debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf deleted file mode 100644 index cf08b969d..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,27 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - swid_gen { - tag_creator { - name = Debian Project - regid = debian.org - } - } - plugins { - imc-os { - push_info = no - } - imc-swima { - swid_directory = /usr/share - swid_pretty = yes - } - } -} - -libtls { - suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -} - -pt-tls-client { - load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 -} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 28da4d427..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1 +0,0 @@ -# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config deleted file mode 100644 index 3975056ca..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf deleted file mode 100644 index d99a4b78a..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 27f96a620..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1 +0,0 @@ -# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat deleted file mode 100644 index c0049d7fd..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat +++ /dev/null @@ -1,10 +0,0 @@ -carol::ip route del 10.1.0.0/16 via 192.168.0.1 -dave::ip route del 10.1.0.0/16 via 192.168.0.1 -winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 -alice::systemctl stop strongswan-swanctl -alice::systemctl stop apache2 -alice::rm /etc/swanctl/rsa/aaaKey.pem -alice::rm /etc/swanctl/x509/aaaCert.pem -alice::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat deleted file mode 100644 index c895148f2..000000000 --- a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat +++ /dev/null @@ -1,25 +0,0 @@ -alice::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -dave::iptables-restore < /etc/iptables.rules -alice::cat /etc/tnc_config -carol::cat /etc/tnc_config -carol::echo 0 > /proc/sys/net/ipv4/ip_forward -dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id -dave::cat /etc/tnc_config -alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql -alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql -alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db -alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db -alice::/usr/local/bin/init_tnc -alice::rm /etc/swanctl/x509/aliceCert.pem -alice::rm /etc/swanctl/rsa/aliceKey.pem -alice::systemctl start apache2 -alice::systemctl start strongswan-swanctl -alice::swanctl --load-creds -winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 -dave::ip route add 10.1.0.0/16 via 192.168.0.1 -dave::cat /etc/pts/options -dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options -carol::ip route add 10.1.0.0/16 via 192.168.0.1 -carol::cat /etc/pts/options -carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt index a178211e1..234941171 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt +++ b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt @@ -6,7 +6,9 @@ authenticated by an X.509 AAA certificate. The strong EAP-TTLS tunnel protects t client authentication based on <b>EAP-MD5</b>. In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b> client-server interface defined by <b>RFC 5793 PB-TNC</b>. The communication between IMCs and IMVs -is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. +is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. The <b>SWIMA</b> IMC on <b>carol</b> +is requested to deliver a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full +<b>Software Inventory</b>. <p> <b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively. diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat index 258352834..dfe42aed9 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat @@ -1,18 +1,22 @@ dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES -dave:: cat /var/log/daemon.log::collected ... SWID tags::YES +dave:: cat /var/log/daemon.log::collected ... SW records::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES -carol::cat /var/log/daemon.log::collected ... SWID tag IDs::YES -carol::cat /var/log/daemon.log::collected 1 SWID tag::YES +carol::cat /var/log/daemon.log::collected ... SW ID records::YES +carol::cat /var/log/daemon.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/daemon.log::collected 1 SW record::YES carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by password::YES -alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and ... SWID tags::YES +alice::cat /var/log/daemon.log::received software inventory with.*items for request 3 at last eid 1 of epoch::YES alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES -alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of ... SWID tag IDs and 1 SWID tag::YES +alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES +alice::cat /var/log/daemon.log::received software ID inventory with.*items for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::1 SWID tag target::YES +alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index e01fe4b4c..72dbbfa52 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -34,8 +34,11 @@ libimcv { policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { - imv-swid { - rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + imv-swima { + rest_api + { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } } } } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config index ebe88bc99..0c6812b41 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config @@ -1,4 +1,4 @@ -#IMV configuration file for strongSwan client +#IMV configuration file for strongSwan client IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so -IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config index a954883a4..8139c3a4c 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config @@ -1,4 +1,4 @@ -#IMC configuration file for strongSwan client +#IMC configuration file for strongSwan client IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf index 852e0714e..55d07f574 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf @@ -32,7 +32,7 @@ libimcv { imc-os { push_info = no } - imc-swid { + imc-swima { swid_directory = /usr/share swid_pretty = no } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config index a954883a4..8139c3a4c 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config @@ -1,4 +1,4 @@ -#IMC configuration file for strongSwan client +#IMC configuration file for strongSwan client IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt index 45a77e900..90e85485c 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt @@ -1,9 +1,9 @@ The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision -point (PDP) <b>alice</b>. <b>carol</b> uses password-based SASL PLAIN client authentication during the -<b>PT-TLS negotiation phase</b> and <b>dave</b> uses certificate-based TLS client authentication during the -<b>TLS setup phase</b>. +point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the +<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication +during the <b>TLS setup phase</b>. <p/> -During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWID</b> IMC/IMV pairs +During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages -embedded in PB-TNC (RFC 5793) batches. The <b>SWID</b> IMC on <b>carol</b> is requested to deliver -a concise <b>SWID Tag ID Inventory</b> whereas <b>dave</b> must send a full <b>SWID Tag Inventory</b>. +embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver +a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>. diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat index bf4191618..bded669da 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat @@ -1,23 +1,25 @@ dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES -dave:: cat /var/log/auth.log::collected ... SWID tags::YES +dave:: cat /var/log/auth.log::collected ... SW records::YES carol::cat /var/log/auth.log::received SASL Success result::YES -carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES -carol::cat /var/log/auth.log::collected 1 SWID tag::YES +carol::cat /var/log/auth.log::collected ... SW ID records::YES +carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/auth.log::collected 1 SW record::YES alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES alice::cat /var/log/daemon.log::certificate status is good::YES alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES -alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES +alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES -alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES +alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES +alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES alice::cat /var/log/daemon.log::1 SWID tag target::YES -alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES -alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES +alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ file:///usr/local/share/strongswan::YES alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf index 944a5928d..04d7dbacc 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf @@ -17,6 +17,9 @@ charon-systemd { secret = gv6URkSs } } + tnc-imv { + dlclose = no + } } } @@ -29,8 +32,10 @@ libimcv { policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { - imv-swid { - rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + imv-swima { + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } } } } diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config index ebe88bc99..1499dfc90 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config @@ -1,4 +1,4 @@ #IMV configuration file for strongSwan client IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so -IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf index c83805aae..5aad08905 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf @@ -4,6 +4,15 @@ libtls { suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 } +libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } +} + pt-tls-client { load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 } diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config index f40174e57..3975056ca 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config @@ -1,4 +1,4 @@ #IMC configuration file for strongSwan client IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf index 2e2fccd10..cf08b969d 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf @@ -1,11 +1,17 @@ # /etc/strongswan.conf - strongSwan configuration file libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } plugins { imc-os { push_info = no } - imc-swid { + imc-swima { swid_directory = /usr/share swid_pretty = yes } diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config index f40174e57..3975056ca 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config @@ -1,4 +1,4 @@ #IMC configuration file for strongSwan client IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so -IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so |