Andreas Steffen
493ad293b7
testing: Adapted ha/both-active scenario to new jhash values
2015-07-31 14:43:40 +02:00
Tobias Brunner
1f406f3e6e
testing: Fix initial kernel build
...
The directory does not exist yet if the kernel was never built.
Fixes: a4a13d0be2
("testing: Extract and patch each kernel version only once")
2015-07-31 12:34:44 +02:00
Andreas Steffen
fbcac07043
testing: Regenerated BLISS certificates due to oracle changes
2015-07-27 22:09:08 +02:00
Andreas Steffen
aaeb524cea
testing: Updated loop ca certificates
2015-07-22 17:11:00 +02:00
Andreas Steffen
450c6e8dd9
testing: Added swanctl --list-authorities output to do-tests
2015-07-22 13:27:08 +02:00
Andreas Steffen
73cbd5c7f8
testing: Updated all swanctl scenarios and added some new ones
2015-07-22 13:27:08 +02:00
Andreas Steffen
db69295d2e
tests: Introduced IPV6 flag in tests.conf
2015-07-21 23:17:14 +02:00
Andreas Steffen
6b265c5e5c
tests: Introduced SWANCTL flag in test.conf
2015-07-21 23:17:14 +02:00
Andreas Steffen
3d9bfb607c
tests: fixed evaltest of swanctl/rw-cert scenario
2015-07-21 23:17:13 +02:00
Andreas Steffen
f335e2f848
tests: fixed description of swanctl ip-pool scenarios
2015-07-21 23:17:13 +02:00
Tobias Brunner
170e8d141c
testing: Do not attempt to start the test environment if hosts are still running
2015-07-15 16:53:37 +02:00
Martin Willi
918dfce551
testing: Enable AESNI/PCLMULQD in moon/sun guests, if supported
2015-07-12 13:54:08 +02:00
Martin Willi
2a75c6e487
testing: Do not overwrite kernel configuration if it already exists
...
This allows us to do changes to the kernel configuration using menuconfig
and friends, and update the kernel with make-testing.
2015-07-12 13:54:08 +02:00
Martin Willi
a4a13d0be2
testing: Extract and patch each kernel version only once
...
This allows us to do modifications to the kernel tree and rebuild that kernel
using make-testing. We can even have a git kernel tree in a directory to
do kernel development.
2015-07-12 13:54:08 +02:00
Martin Willi
6f913def3c
testing: Build with --enable-chapoly
2015-07-12 13:54:08 +02:00
Andreas Steffen
b8399a2edc
testing: use a decent PSK
2015-05-30 16:56:41 +02:00
Andreas Steffen
1047d44b57
testing: Added ha/active-passive scenario
2015-05-30 16:48:17 +02:00
Tobias Brunner
13497e6cc1
testing: Include iperf and htop in base image
2015-05-22 13:30:10 +02:00
Tobias Brunner
682aab205e
testing: Don't check parent dir (and subdirs) when downloading OpenSSL packages
2015-05-21 09:32:37 +02:00
Tobias Brunner
c077642cbd
testing: Fix kernel download URL for kernel versions != 4.x
2015-05-19 17:00:06 +02:00
Tobias Brunner
966efbc10d
testing: Fix URL to TNC@FHH project in scenario descriptions
2015-05-05 11:48:56 +02:00
Reto Buerki
41e9a261ac
testing: Update TKM assert strings
2015-05-05 10:55:14 +02:00
Reto Buerki
3ff0edd804
testing: Update alog to version 0.3.1
2015-05-05 10:55:14 +02:00
Reto Buerki
2fc53e76f8
testing: Update tkm to version 0.1.2
2015-05-05 10:55:14 +02:00
Reto Buerki
3c13ff0a97
testing: Update tkm-rpc to version 0.2
2015-05-05 10:55:14 +02:00
Andreas Steffen
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
Andreas Steffen
d04e47a9eb
testing: Wait for DH crypto tests to complete
2015-04-26 11:51:49 +02:00
Andreas Steffen
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
Andreas Steffen
ce354443bf
testing: Migration of KVM framework to Linux 4.x kernel
2015-04-25 18:05:00 +02:00
Andreas Steffen
883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
Andreas Steffen
193e057509
Added configurations for 3.18 and 3.19 KMV guest kernels
2015-03-27 20:56:44 +01:00
Andreas Steffen
85aa509e84
Added tnc/tnccs-20-pt-tls scenario
2015-03-27 20:56:43 +01:00
Andreas Steffen
be04f90815
testing: added tnc/tnccs-20-mutual scenario
2015-03-23 23:01:13 +01:00
Tobias Brunner
3d964213f5
testing: Remove obsolete leftnexthop option from configs
2015-03-12 15:51:25 +01:00
Martin Willi
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
, the exact packet size depends on many factors we don't
want to consider in this test case.
2015-03-10 10:21:16 +01:00
Martin Willi
58c3e09918
testing: Fix active/passive role description in ha/both-active test case
2015-03-10 10:02:21 +01:00
Tobias Brunner
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
Andreas Steffen
3fcb59b62a
use SHA512 for moon's BLISS signature
2015-03-04 14:08:37 +01:00
Tobias Brunner
26ebe5fea8
testing: Test classic public key authentication in ikev2/net2net-cert scenario
2015-03-04 13:54:12 +01:00
Tobias Brunner
53217d70b0
testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario
2015-03-04 13:54:12 +01:00
Tobias Brunner
7a9c0d51f4
testing: Don't check for exact IKEv2 fragment size
...
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
2015-03-04 13:54:10 +01:00
Tobias Brunner
4aa24d4c13
testing: Update test conditions because signature schemes are now logged
...
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
2015-03-04 13:54:10 +01:00
Tobias Brunner
2f1b2d9183
testing: Add ikev2/rw-sig-auth scenario
2015-03-04 13:54:10 +01:00
Tobias Brunner
3b31245a0f
testing: Add ikev2/net2net-cert-sha2 scenario
2015-03-04 13:54:10 +01:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Martin Willi
c10b2be967
testing: Add a forecast test case
2015-02-20 16:34:55 +01:00
Martin Willi
3748fc70a7
testing: Build forecast plugin
2015-02-20 16:34:55 +01:00
Martin Willi
9ed09d5f77
testing: Add a connmark plugin test
...
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.
This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
2015-02-20 16:34:54 +01:00
Martin Willi
15f392d9ed
testing: Build strongSwan with the connmark plugin
2015-02-20 16:34:54 +01:00
Martin Willi
f3a419e9c4
testing: Install iptables-dev to guest images
2015-02-20 16:34:54 +01:00
Martin Willi
f27fb58ae0
testing: Update description and test evaluation of host2host-transport-nat
...
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
2015-02-20 13:34:58 +01:00
Martin Willi
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
Martin Willi
b1ff437bbc
testing: Add a test scenario for make-before-break reauth using a virtual IP
2015-02-20 13:34:58 +01:00
Martin Willi
ae3fdf2603
testing: Add a test scenario for make-before-break reauth without a virtual IP
2015-02-20 13:34:57 +01:00
Reto Buerki
65566c37ca
testing: Add tkm xfrmproxy-expire test
...
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
2015-02-20 13:34:54 +01:00
Reto Buerki
03409ac7a0
testing: Assert ees acquire messages in xfrmproxy tests
2015-02-20 13:34:54 +01:00
Reto Buerki
8fce649d9a
testing: Assert proper ESA deletion
...
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
2015-02-20 13:34:52 +01:00
Andreas Steffen
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
Andreas Steffen
ac0cb2d363
Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario
2014-12-12 13:55:03 +01:00
Andreas Steffen
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
Andreas Steffen
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
Andreas Steffen
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
Reto Buerki
0de4ba58ce
testing: Update tkm/multiple-clients/evaltest.dat
...
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
2014-10-31 13:49:40 +01:00
Andreas Steffen
a521ef3b8e
Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario
2014-10-18 14:05:53 +02:00
Andreas Steffen
09b46cdb6a
Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario
2014-10-18 14:05:18 +02:00
Tobias Brunner
504bcf71b5
testing: Enable nat table for iptables on 3.17 kernels
2014-10-13 15:48:55 +02:00
Andreas Steffen
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
Andreas Steffen
a5e6a479d4
Added KVM config for 3.16 and 3.17 kernels
2014-10-11 14:50:08 +02:00
Tobias Brunner
83efded313
testing: Ensure no guest is running when modifying images
...
Sometimes guests are not stopped properly. If images are then modified
they will be corrupted.
2014-10-10 19:03:50 +02:00
Tobias Brunner
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
Tobias Brunner
1836c1845b
testing: Add ikev2/net2net-fragmentation scenario
2014-10-10 09:33:23 +02:00
Tobias Brunner
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
Tobias Brunner
89e953797d
testing: Don't check for the actual number of SWID tags in PDP scenarios
...
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
2014-10-07 12:18:36 +02:00
Tobias Brunner
8f9016b1e2
testing: Make TNC scenarios agnostic to the actual Debian version
...
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
2014-10-07 12:18:25 +02:00
Tobias Brunner
93fac61da5
testing: Make TKM related build recipes future-proof
...
The tkm scenarios recently failed due to a segmentation fault on my host
because I had an old build of the tkm library already built in the build
directory. Because the stamp file was not versioned the new release was
never checked out or built and charon-tkm was linked against the old
version causing a segmentation fault during key derivation.
2014-10-07 10:47:06 +02:00
Andreas Steffen
100c1a4bf1
testing: Updated certificates and keys in sql scenarios
2014-10-06 09:42:58 +02:00
Andreas Steffen
73af3a1b04
Updated revoked certificate in ikev2/ocsp-revoked scenario
2014-10-05 21:33:35 +02:00
Andreas Steffen
006518e859
The critical-extension scenarios need the old private keys
2014-10-05 20:58:03 +02:00
Tobias Brunner
030295dd44
testing: Updated swanctl certificates and keys
2014-10-03 12:50:08 +02:00
Tobias Brunner
12e9ed12ec
testing: Wait a bit in swanctl scenarios before interacting with the daemon
2014-10-03 12:44:14 +02:00
Tobias Brunner
e9028462c8
testing: Actually build swanctl
2014-10-03 12:44:14 +02:00
Tobias Brunner
722a8a177e
testing: Make sure the whitelist plugin is ready before configuring it
2014-10-03 12:44:14 +02:00
Tobias Brunner
09f1fb82f9
testing: Update PKCS#12 containers
2014-10-03 12:44:13 +02:00
Tobias Brunner
079c797421
testing: Update PKCS#8 keys
2014-10-03 12:44:13 +02:00
Tobias Brunner
9f5fd7899e
testing: Update public keys in DNSSEC scenarios
...
The tests are successful even if the public keys are not stored locally,
but an additional DNS query is required to fetch them.
2014-10-03 12:44:13 +02:00
Tobias Brunner
1bab64e7cb
testing: Update public keys and certificates in DNS zone
2014-10-03 12:44:13 +02:00
Tobias Brunner
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
Martin Willi
7ab320def3
testing: Add some notes about how to reissue attribute certificates
2014-10-03 12:31:01 +02:00
Martin Willi
16469e8474
testing: Reissue attribute certificates for the new holder certificates
...
Due to the expired and reissued holder certificates of carol and dave, new
attribute certificates are required to match the holder certificates serial in
the ikev2/acert-{cached,fallback,inline} tests.
2014-10-03 12:28:11 +02:00
Martin Willi
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Tobias Brunner
0bf2abf182
testing: Use multiple jobs to install strongSwan
2014-09-19 13:37:59 +02:00
Tobias Brunner
82136aa2cf
testing: Add a script to build the current (or an arbitrary) source tree
...
This allows to (relatively) quickly (re-)build and install the current
or an arbitrary strongSwan source tree within the root image.
bindfs is used to bind mount the source directory using the regular user
and group (only works if sudo is used to run the script) so that newly
created files are not owned by root.
As with building the root image in general the guests must not be
running while executing this script. The guest images are automatically
rebuilt after the root image has been updated so configuration files and
other modifications in guests will be lost.
2014-09-19 13:37:59 +02:00
Tobias Brunner
f376503f41
testing: Add packages to rebuild strongSwan from the repository
2014-09-19 13:37:59 +02:00
Tobias Brunner
ffcf8f4ea2
testing: Make strongSwan build recipe more configurable
2014-09-19 13:37:59 +02:00
Reto Buerki
e0d59e10f8
testing: Update certs and keys in tkm tests
...
References #705 .
2014-09-17 17:08:35 +02:00
Reto Buerki
1004d395f5
testing: Update x509-ada version to 0.1.1
...
Fixes #705 .
2014-09-17 17:07:29 +02:00
Andreas Steffen
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
Tobias Brunner
6095714e64
testing: Make sure the kernel exists when starting
2014-08-25 10:58:46 +02:00
Andreas Steffen
4ccfc879b5
Updated URL to swidGenerator in recipe
2014-07-09 15:08:18 +02:00
Andreas Steffen
cac71ff00c
Update KVM test framework to 3.15 guest kernel
2014-06-27 10:07:27 +02:00
Tobias Brunner
be41910e19
testing: Add sql/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
73211f9b74
testing: Add pfkey/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
945e1df738
testing: Remove obsolete shunt-policies scenarios
2014-06-26 18:12:00 +02:00
Andreas Steffen
75598e5053
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
2014-06-26 09:47:03 +02:00
Andreas Steffen
21aebe3781
Removed django.db from swid scenarios
2014-06-26 09:45:54 +02:00
Tobias Brunner
2ef6f57456
testing: Add ikev2/shunt-policies-nat-rw scenario
2014-06-19 14:23:07 +02:00
Tobias Brunner
d93987ce24
testing: Remove ikev2/shunt-policies scenario
...
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
Andreas Steffen
d345f0b75d
Added swanctl/net2net-route scenario
2014-06-18 14:57:33 +02:00
Andreas Steffen
3f5f0b8940
Added swanctl/net2net-start scenario
2014-06-18 14:35:59 +02:00
Andreas Steffen
4402bae77d
Minor changes in swanctl scenarios
2014-06-18 14:35:36 +02:00
Andreas Steffen
ed42874645
Added swanctl --list-pols and swanctl --stats do scenario log
2014-06-18 13:16:18 +02:00
Tobias Brunner
d6f0372daf
testing: Delete accidentally committed test cases
2014-06-18 09:38:53 +02:00
Andreas Steffen
39d6469d76
Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios
2014-06-14 15:40:23 +02:00
Andreas Steffen
3eb22f1f00
Single-line --raw mode simplifies evaltest of swanctl scenarios
2014-06-14 15:40:23 +02:00
Andreas Steffen
12d618e280
Added swanctl/ip-pool-db scenario
2014-06-11 18:12:35 +02:00
Andreas Steffen
cda2a1e4dc
Updated strongTNC configuration
2014-06-11 18:12:34 +02:00
Andreas Steffen
d643f2cf91
Added swanctl/ip-pool scenario
2014-06-10 16:48:16 +02:00
Andreas Steffen
c621847395
Added swanctl/rw-cert scenario
2014-06-10 16:48:15 +02:00
Andreas Steffen
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
Tobias Brunner
acdcb91e07
testing: Cache packages downloaded with pip for strongTNC
...
This way no network connections is required to rebuild the root/guest images.
2014-06-02 17:45:42 +02:00
Andreas Steffen
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
Andreas Steffen
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
Andreas Steffen
2997077bae
Migration from Debian 7.4 to 7.5
2014-05-31 20:37:57 +02:00
Andreas Steffen
0f000cdd6c
Minor changes in the test environment
2014-05-15 21:30:42 +02:00
Andreas Steffen
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
Tobias Brunner
1dfd11fd92
testing: Added pfkey/compress test case
2014-04-24 17:36:17 +02:00
Andreas Steffen
fa6c5f3506
Handle tag separators
2014-04-15 09:28:38 +02:00
Andreas Steffen
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
Andreas Steffen
9b7f9ab5d2
Updated SWID scenarios
2014-04-15 09:21:06 +02:00
Andreas Steffen
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
Andreas Steffen
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
Tobias Brunner
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
Andreas Steffen
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
Andreas Steffen
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
Martin Willi
91d71abb16
revocation: Restrict OCSP signing to specific certificates
...
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
2014-03-31 14:40:33 +02:00
Martin Willi
babd848778
testing: Add an acert test that forces a fallback connection based on groups
2014-03-31 11:14:59 +02:00
Martin Willi
1a4d3222be
testing: Add an acert test case sending attribute certificates inline
2014-03-31 11:14:59 +02:00
Martin Willi
9f676321a9
testing: Add an acert test using locally cached attribute certificates
2014-03-31 11:14:59 +02:00
Martin Willi
c602ee65dc
testing: build strongSwan with acert plugin
2014-03-31 11:14:59 +02:00
Andreas Steffen
959ef1a2e4
Added libipsec/net2net-3des scenario
2014-03-28 09:21:51 +01:00
Andreas Steffen
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
Andreas Steffen
c6d173a1f1
Check that valid OCSP responses are received in the ikev2/ocsp-multi-level scenario
2014-03-24 23:57:55 +01:00
Andreas Steffen
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
Andreas Steffen
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
Andreas Steffen
07e7cb146f
Added openssl-ikev2/net2net-pgp-v3 scenario
2014-03-22 09:55:03 +01:00
Andreas Steffen
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
Andreas Steffen
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
Andreas Steffen
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
Andreas Steffen
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
Andreas Steffen
a334ac80ae
Added ikev2/lookip scenario
2014-02-17 12:04:21 +01:00
Tobias Brunner
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
Tobias Brunner
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
Andreas Steffen
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
Andreas Steffen
ccb7630ca1
Updated test kvm tests to Linux 3.13 kernel
2014-02-12 13:16:34 +01:00
Andreas Steffen
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
Tobias Brunner
44e6dbf04d
testing: Add ssh script to distribution
2014-02-12 10:53:17 +01:00
Andreas Steffen
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
Martin Willi
0c5dfb741f
testing: Fetch the FreeRADIUS tarball from the "old" directory
...
Fixes #483 .
2014-01-31 17:51:45 +01:00
Tobias Brunner
571025a609
testing: Add ikev2/host2host-transport-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
62e050e0ef
testing: Add ipv6/rw-compress-ikev2 scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
6055e347f8
testing: Add ikev2/compress-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
1fde30cc23
testing: Enable firewall for ikev2/compress scenario
...
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
Andreas Steffen
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
Andreas Steffen
fde42c15fd
Starting with 3.1.7 kernel.org replaced bz2 with xz format
2014-01-15 02:14:08 +01:00
Reto Buerki
ea4f71c2c3
testing: Fix status output in build-baseimage script
2013-12-04 10:42:03 +01:00
Reto Buerki
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Tobias Brunner
8071c2a5e3
testing: Config for Linux kernel 3.12
...
The most significant change is that CONFIG_ACPI_PROC_EVENT is now
finally removed (after being deprecated for a long time).
So to successfully shutdown the guests via ACPI the CONFIG_INPUT_EVDEV
option is now enabled.
2013-11-19 17:15:12 +01:00
Andreas Steffen
c501c78c5f
Version bump to 5.1.1
2013-10-31 09:42:15 +01:00
Andreas Steffen
7967876257
Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios
2013-10-30 20:46:32 +01:00
Andreas Steffen
9043cb2f9c
Fixed sql/net2net-route-pem scenario evaluation
2013-10-23 22:23:47 +02:00
Andreas Steffen
2efe61e07b
Added two Brainpool IKEv2 scenarios
2013-10-23 21:11:28 +02:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
252c04d3f9
Adapted recipe and patches to freeradius-2.2.1
2013-10-22 10:09:24 +02:00
Andreas Steffen
1ca57d497f
Increase debug level in libipsec/rw-suite-b scenario
2013-10-11 21:34:59 +02:00
Andreas Steffen
1486fe786a
Use bold font to display key size
2013-10-11 21:23:10 +02:00
Andreas Steffen
fcf355036f
Added swid_directory option
2013-10-11 20:59:24 +02:00
Andreas Steffen
3bd4536185
Added tnc/tnccs-11-supplicant scenario
2013-10-11 20:18:59 +02:00
Andreas Steffen
cae778147a
Define aaa.strongswan.org in /etc/hosts
2013-10-11 20:16:59 +02:00
Tobias Brunner
d14ba7e7fd
testing: Add libipsec/host2host-cert scenario
2013-10-11 18:04:48 +02:00
Tobias Brunner
ca28e13fe8
testing: Add ikev2/net2net-dnscert scenario
2013-10-11 15:45:42 +02:00
Tobias Brunner
a4d6a5a359
testing: Provide moon's and sun's certificate as CERT RR
2013-10-11 15:45:42 +02:00
Tobias Brunner
99a89ea7f4
testing: Enable dnscert plugin
2013-10-11 15:45:42 +02:00
Tobias Brunner
42525d1142
testing: Load testing.conf.local from the same directory as testing.conf
2013-10-11 15:45:42 +02:00
Martin Willi
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
Martin Willi
80a82b8d67
testing: Add an IKEv2 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
850bab6d58
testing: Add an IKEv2 net2net AH test case
2013-10-11 10:15:22 +02:00
Martin Willi
71d468ec90
testing: Allow AH packets in default INPUT/OUTPUT chains
2013-10-11 10:15:22 +02:00
Andreas Steffen
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
Andreas Steffen
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
Martin Willi
b656f63efe
testing: support a .gitignored testing.conf.local for site-local configurations
2013-08-29 15:55:23 +02:00
Andreas Steffen
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
Andreas Steffen
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Andreas Steffen
4c961168cc
Updated PTS database scheme to new workitems model
2013-07-29 11:41:47 +02:00
Martin Willi
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
Andreas Steffen
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
Andreas Steffen
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
Tobias Brunner
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
Andreas Steffen
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
Andreas Steffen
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
Andreas Steffen
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
Andreas Steffen
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
Andreas Steffen
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
Andreas Steffen
ef13480699
Added config-3.10
2013-07-04 23:17:10 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Tobias Brunner
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
Andreas Steffen
2ea32e7964
Enable libipsec and charon-cmd in strongSwan recipe
2013-07-01 12:32:45 +02:00
Andreas Steffen
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
Andreas Steffen
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
Andreas Steffen
9ea77350ce
Fixed index.txt for strongSwan EC CA
2013-07-01 11:01:11 +02:00
Andreas Steffen
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
Reto Buerki
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
Andreas Steffen
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
Tobias Brunner
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
Andreas Steffen
4f9aabbfd7
implemented policy rules for OS IMV
2013-06-21 23:25:22 +02:00
Tobias Brunner
62516a7465
testing: Increase base image size so there is space for test results on winnetou
2013-06-11 11:01:26 +02:00
Tobias Brunner
053ad34959
testing: Ignore errors when searching for imcv log entries in daemon.log
2013-06-10 18:52:32 +02:00
Tobias Brunner
c6e1eda6d0
testing: Set terminal title when logging in via SSH
...
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
2013-05-15 10:35:48 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Tobias Brunner
e74bca9e19
testing: Don't run tests when building tkm
...
The problem with XML/Ada described in 9c2aba27
actually occurs when
running the tests here.
Really fixes #336 .
2013-05-07 10:19:37 +02:00
Tobias Brunner
9c2aba2735
testing: Don't run tests when building tkm-rpc
...
There are issues with some versions of the XML/Ada library on i386,
blocking the build of the testing environment when these tests are run.
TKM tests won't work in such a case but at least make-testing does not
block with this patch.
Fixes #336 .
2013-05-06 18:17:58 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
b97dd59ba8
install FIPS-aware OpenSSL Debian packages
2013-04-19 18:36:38 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
70312e6596
build openssl-fips in KVM root-image
2013-04-19 18:34:35 +02:00
Andreas Steffen
ef934caba8
build soup plugin in KVM test environment
2013-04-15 20:23:41 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Andreas Steffen
8dade2d146
fixed configure options
2013-04-04 21:09:07 +02:00
Andreas Steffen
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
Andreas Steffen
fec7c824b8
fix start of wpa_supplicant
2013-03-31 19:48:07 +02:00
Martin Willi
c59f3dcb68
Use new strongSwan HA kernel patchset keeping iptables ABI
...
Allows us to install stock debian iptables without the need for patching and
compiling our own.
2013-03-26 10:31:29 +01:00
Martin Willi
b5f3c1f785
Define SSHCONF from strongswan testing directory, not TESTDIR
...
This fixes the use of SSHCONF in the ssh wrapper script before ./do-tests
had a chance to create the required symlinks.
2013-03-26 10:31:29 +01:00