forked from libreswan/libreswan
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
testing: Added test cases for RFC 7427 functionality and interop
Test cases with impairments are added to test interoperability with clients that do not support RFC 7427
- Loading branch information
1 parent
81c7cf0
commit fb50a26
Showing
48 changed files
with
961 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 11 additions & 0 deletions
11
testing/pluto/interop-ikev2-strongswan-04-responder-impair/description.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
RFC 7427 : | ||
Basic pluto with IKEv2 using X.509 on the initiator (west), and Strongswan on | ||
the responder (east) with impair. | ||
|
||
Impairment is introduced in such a way that , the Signature hash notification is | ||
not sent. Therefore Authentication method is no longer Digital Signature , but RSA (legacy) | ||
|
||
This case is to be sure that libreswan without Digital Signatures(RFC 7427) ie an older version | ||
can still interop with Strongwan (with Digital Signature implemented) | ||
|
||
|
27 changes: 27 additions & 0 deletions
27
testing/pluto/interop-ikev2-strongswan-04-responder-impair/east.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# /etc/ipsec.conf - Strongswan IPsec configuration file | ||
|
||
config setup | ||
# setup items now go into strongswan.conf for version 5+ | ||
|
||
conn westnet-eastnet-ikev2 | ||
authby=rsasig | ||
#auto=start | ||
left=192.1.2.45 | ||
leftsubnet=192.0.1.0/24 | ||
leftrsasigkey=%cert | ||
leftcert=/etc/strongswan/ipsec.d/certs/west.crt | ||
leftsendcert=never | ||
leftid="C=CA, ST=Ontario, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=testing.libreswan.org" | ||
right=192.1.2.23 | ||
rightsubnet=192.0.2.0/24 | ||
rightrsasigkey=%cert | ||
rightcert=/etc/strongswan/ipsec.d/certs/east.crt | ||
rightsendcert=never | ||
rightid="C=CA/ST=Ontario/O=Libreswan/OU=Test Department/CN=east.testing.libreswan.org/E=testing.libreswan.org" | ||
# strongswan options | ||
keyexchange=ikev2 | ||
auto=add | ||
fragmentation=yes | ||
|
||
#strongswan cannot include this, due to incompatible options | ||
#include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common |
22 changes: 22 additions & 0 deletions
22
testing/pluto/interop-ikev2-strongswan-04-responder-impair/east.console.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
setenforce 0 | ||
east # | ||
/testing/guestbin/swan-prep --userland strongswan --x509 | ||
east # | ||
../../pluto/bin/strongswan-start.sh | ||
east # | ||
echo "initdone" | ||
initdone | ||
east # | ||
if [ -f /var/run/pluto/pluto.pid ]; then ipsec look ; fi | ||
east # | ||
if [ -f /var/run/charon.pid ]; then strongswan status ; fi | ||
Security Associations (1 up, 0 connecting): | ||
westnet-eastnet-ikev2[2]: ESTABLISHED XXX second ago, 192.1.2.23[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...192.1.2.45[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org] | ||
westnet-eastnet-ikev2{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o | ||
westnet-eastnet-ikev2{1}: 192.0.2.0/24 === 192.0.1.0/24 | ||
east # | ||
east # | ||
../bin/check-for-core.sh | ||
east # | ||
if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi | ||
|
1 change: 1 addition & 0 deletions
1
testing/pluto/interop-ikev2-strongswan-04-responder-impair/east.secrets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
: RSA /etc/strongswan/ipsec.d/private/east.key "foobar" |
4 changes: 4 additions & 0 deletions
4
testing/pluto/interop-ikev2-strongswan-04-responder-impair/eastinit.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
setenforce 0 | ||
/testing/guestbin/swan-prep --userland strongswan --x509 | ||
../../pluto/bin/strongswan-start.sh | ||
echo "initdone" |
39 changes: 39 additions & 0 deletions
39
testing/pluto/interop-ikev2-strongswan-04-responder-impair/eaststrongswan.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# strongswan.conf - strongSwan configuration file | ||
|
||
charon { | ||
|
||
# number of worker threads in charon | ||
threads = 16 | ||
|
||
# send strongswan vendor ID? | ||
# send_vendor_id = yes | ||
|
||
plugins { | ||
|
||
} | ||
|
||
filelog { | ||
/tmp/charon.log { | ||
time_format = %b %e %T | ||
append = no | ||
default = 4 | ||
} | ||
stderr { | ||
ike = 4 | ||
knl = 4 | ||
ike_name = yes | ||
} | ||
} | ||
|
||
|
||
} | ||
|
||
pluto { | ||
|
||
} | ||
|
||
libstrongswan { | ||
|
||
# set to no, the DH exponent size is optimized | ||
# dh_exponent_ansi_x9_42 = no | ||
} |
9 changes: 9 additions & 0 deletions
9
testing/pluto/interop-ikev2-strongswan-04-responder-impair/final.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
if [ -f /var/run/pluto/pluto.pid ]; then ipsec look ; fi | ||
if [ -f /var/run/charon.pid ]; then strongswan status ; fi | ||
: ==== cut ==== | ||
if [ -f /var/run/pluto/pluto.pid ]; then ipsec auto --status ; fi | ||
if [ -f /var/run/charon.pid ]; then strongswan statusall ; fi | ||
: ==== tuc ==== | ||
../bin/check-for-core.sh | ||
if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi | ||
: ==== end ==== |
4 changes: 4 additions & 0 deletions
4
testing/pluto/interop-ikev2-strongswan-04-responder-impair/testparams.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
|
||
. ../../default-testparams.sh | ||
EAST_CONSOLE_FIXUPS="$REF_CONSOLE_FIXUPS strongswan.sed" |
25 changes: 25 additions & 0 deletions
25
testing/pluto/interop-ikev2-strongswan-04-responder-impair/west.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# /etc/ipsec.conf - Libreswan IPsec configuration file | ||
|
||
version 2.0 | ||
|
||
config setup | ||
# put the logs in /tmp for the UMLs, so that we can operate | ||
# without syslogd, which seems to break on UMLs | ||
logfile=/tmp/pluto.log | ||
logtime=no | ||
logappend=no | ||
plutodebug=all | ||
plutorestartoncrash=false | ||
dumpdir=/tmp | ||
protostack=netkey | ||
|
||
conn westnet-eastnet-ikev2 | ||
also=slow-retransmits | ||
also=westnet-eastnet-x509 | ||
ikev2=insist | ||
authby=rsasig | ||
leftsendcert=always | ||
rightsendcert=never | ||
|
||
|
||
include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common |
Oops, something went wrong.