1a79525559
testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs
2015-12-21 12:14:12 +01:00
490ba67682
testing: Fixed description in swanctl/rw-ntru-bliss scenario
2015-12-18 15:24:59 +01:00
76cbf1df34
testing: Added swanctl/rw-ntru-bliss scenario
2015-12-17 17:49:48 +01:00
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
36b6d400d2
testing: swanctl/rw-cert scenario tests password-protected RSA key
2015-12-12 17:12:44 +01:00
4f7f2538c4
Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security
2015-12-12 15:54:48 +01:00
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
6aa7703122
testing: Converted tnc scenarios to swanctl
2015-12-11 18:26:54 +01:00
ae37090e65
testing: Use expect-connection in swanctl scenarios
...
Only in net2net-start do we have to use `sleep` to ensure the SA is
up when the tests are running.
2015-12-11 18:26:53 +01:00
cbc43f1b43
testing: Some more timing fixes
2015-12-01 14:51:23 +01:00
dddb32329c
testing: Updated expired mars.strongswan.org certificate
2015-11-26 09:55:28 +01:00
1c1f713431
testing: Error messages of curl plugin have changed
2015-11-13 14:02:45 +01:00
c4b9b7ef2c
testing: Fixed another timing issue
2015-11-13 14:02:06 +01:00
019c7c2310
testing: Check for leases in swanctl/ip-pool scenario
2015-11-11 08:43:43 +01:00
946bc3a3f5
testing: Fixed some more timing issues
2015-11-10 16:54:38 +01:00
10051b01e9
testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs
2015-11-09 15:18:39 +01:00
3102da20a7
testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNC
2015-11-09 15:18:38 +01:00
10fa70ee5c
testing: Improve runtime of TNC tests by storing the SQLite DB in ramfs
...
This saves about 50%-70% of the time needed for scenarios that use a DB.
2015-11-09 15:18:38 +01:00
f24ec20ebb
testing: Fix test constraints in ikev2/rw-ntru-bliss scenario
...
Changed with a88d958933
2015-11-09 15:18:38 +01:00
529357f09a
testing: Use sha3 plugin in ikev2/rw-cert scenario
2015-11-09 15:18:38 +01:00
bde9fb6fa1
testing: Don't run redundant crypto tests in sql/rw-cert scenario
...
They run in all other rw-cert scenarios but in the SQL version there is
no change in the loaded crypto plugins.
2015-11-09 15:18:36 +01:00
1091b3a636
testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenarios
2015-11-09 15:18:36 +01:00
bb66b4d56b
testing: Speed up OCSP scenarios
...
Don't make clients wait for the TCP connections to timeout by dropping
packets. By rejecting them the OCSP requests fail immediately.
2015-11-09 15:18:35 +01:00
0ee4a333a8
testing: Speed up ifdown calls in ikev2/mobike scenarios
...
ifdown calls bind's rndc, which tries to access TCP port 953 on lo.
If these packets are dropped by the firewall we have to wait for the TCP
connections to time out, which takes quite a while.
2015-11-09 15:18:35 +01:00
cbaafa03c7
testing: Avoid delays with ping by using -W and -i options
...
With -W we reduce timeouts when we don't expect a response. With -i the
interval between pings is reduced (mostly in case of auto=route where
the first ping yields no reply).
2015-11-09 15:18:35 +01:00
f519acd42f
testing: Remove nearly all sleep calls from pretest and posttest scripts
...
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
2015-11-09 15:18:35 +01:00
f36b6d49af
testing: Adapt tests to retransmission settings and reduce DPD delay/timeout
2015-11-09 15:18:34 +01:00
17816515d2
testing: Add libipsec/net2net-null scenario
2015-11-09 11:09:48 +01:00
a98360a64c
testing: BLISS CA uses SHA-3 in its CRL
2015-11-03 21:35:09 +01:00
c6aa606a65
testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 scenario
...
The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes
ICMP + 40 bytes IPv6 = 104 bytes). By reducing the size we make sure the
packet is not compressed (40 + 8 + 40 = 88).
This also fixes a strange failure of this scenario due to the recently
added post-test `ip xfrm state` check. The kernel stores a reference to
the used SAs on the inbound skbuffs and since these are garbage collected
it could take a while until all references to an SA disappear and the SA
is finally destroyed. But while SAs might not get destroyed immediately
when we delete them, they are actually marked as dead and therefore won't
show up in `ip xfrm state`. However, that's not the case for the tunnel
SAs the kernel attaches to IPComp SAs, which we don't explicitly delete,
and which aren't modified by the kernel until the IPComp SA is destroyed.
So what happened when the last ping unintentionally got compressed is that
the skbuff had a reference to the IPComp SA and therefore the tunnel SA.
This skbuff often was destroyed after the `ip xfrm state` check ran and
because the tunnel SA would still get reported the test case failed.
2015-10-06 15:48:55 +02:00
2b5c543051
testing: added ikev2/alg-chacha20poly1305 scenario
2015-09-01 17:30:15 +02:00
e9ea7e6fb7
testing: Updated environment variable documentation in updown scripts
2015-08-31 11:00:05 +02:00
cdb61c3e88
Added some spaces in swanctl.conf
2015-08-25 15:10:13 +02:00
8923621280
testing: Fix typo in p2pnat/behind-same-nat scenario
2015-08-21 17:48:37 +02:00
efb4b9440a
testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario
2015-08-21 11:37:23 +02:00
161d75f403
testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario
2015-08-21 11:17:25 +02:00
18943c1f1b
testing: Print triplets.dat files of clients in EAP-SIM scenarios
...
References #1078 .
2015-08-21 11:16:56 +02:00
bb1d9e454d
testing: Add ikev2/trap-any scenario
2015-08-19 11:34:25 +02:00
5f60c55919
Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenario
2015-08-18 21:25:39 +02:00
b19ef52d51
Added reason string support to HCD IMV
2015-08-18 21:25:39 +02:00
627e4b9659
Fixed patches format delimited by CR/LF
2015-08-18 21:25:39 +02:00
ac28daac38
testing: Added tnc/tnccs-20-hcd-eap scenario
2015-08-18 21:25:39 +02:00
9b1eaf083f
testing: Updated expired AAA server certificate
2015-08-04 21:50:01 +02:00
493ad293b7
testing: Adapted ha/both-active scenario to new jhash values
2015-07-31 14:43:40 +02:00
fbcac07043
testing: Regenerated BLISS certificates due to oracle changes
2015-07-27 22:09:08 +02:00
aaeb524cea
testing: Updated loop ca certificates
2015-07-22 17:11:00 +02:00
73cbd5c7f8
testing: Updated all swanctl scenarios and added some new ones
2015-07-22 13:27:08 +02:00
db69295d2e
tests: Introduced IPV6 flag in tests.conf
2015-07-21 23:17:14 +02:00
6b265c5e5c
tests: Introduced SWANCTL flag in test.conf
2015-07-21 23:17:14 +02:00
3d9bfb607c
tests: fixed evaltest of swanctl/rw-cert scenario
2015-07-21 23:17:13 +02:00
f335e2f848
tests: fixed description of swanctl ip-pool scenarios
2015-07-21 23:17:13 +02:00
b8399a2edc
testing: use a decent PSK
2015-05-30 16:56:41 +02:00
1047d44b57
testing: Added ha/active-passive scenario
2015-05-30 16:48:17 +02:00
966efbc10d
testing: Fix URL to TNC@FHH project in scenario descriptions
2015-05-05 11:48:56 +02:00
41e9a261ac
testing: Update TKM assert strings
2015-05-05 10:55:14 +02:00
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
d04e47a9eb
testing: Wait for DH crypto tests to complete
2015-04-26 11:51:49 +02:00
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
85aa509e84
Added tnc/tnccs-20-pt-tls scenario
2015-03-27 20:56:43 +01:00
be04f90815
testing: added tnc/tnccs-20-mutual scenario
2015-03-23 23:01:13 +01:00
3d964213f5
testing: Remove obsolete leftnexthop option from configs
2015-03-12 15:51:25 +01:00
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
2015-03-10 10:21:16 +01:00
58c3e09918
testing: Fix active/passive role description in ha/both-active test case
2015-03-10 10:02:21 +01:00
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
3fcb59b62a
use SHA512 for moon's BLISS signature
2015-03-04 14:08:37 +01:00
26ebe5fea8
testing: Test classic public key authentication in ikev2/net2net-cert scenario
2015-03-04 13:54:12 +01:00
53217d70b0
testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario
2015-03-04 13:54:12 +01:00
7a9c0d51f4
testing: Don't check for exact IKEv2 fragment size
...
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
2015-03-04 13:54:10 +01:00
4aa24d4c13
testing: Update test conditions because signature schemes are now logged
...
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
2015-03-04 13:54:10 +01:00
2f1b2d9183
testing: Add ikev2/rw-sig-auth scenario
2015-03-04 13:54:10 +01:00
3b31245a0f
testing: Add ikev2/net2net-cert-sha2 scenario
2015-03-04 13:54:10 +01:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
c10b2be967
testing: Add a forecast test case
2015-02-20 16:34:55 +01:00
9ed09d5f77
testing: Add a connmark plugin test
...
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.
This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
2015-02-20 16:34:54 +01:00
f27fb58ae0
testing: Update description and test evaluation of host2host-transport-nat
...
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
2015-02-20 13:34:58 +01:00
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
b1ff437bbc
testing: Add a test scenario for make-before-break reauth using a virtual IP
2015-02-20 13:34:58 +01:00
ae3fdf2603
testing: Add a test scenario for make-before-break reauth without a virtual IP
2015-02-20 13:34:57 +01:00
65566c37ca
testing: Add tkm xfrmproxy-expire test
...
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
2015-02-20 13:34:54 +01:00
03409ac7a0
testing: Assert ees acquire messages in xfrmproxy tests
2015-02-20 13:34:54 +01:00
8fce649d9a
testing: Assert proper ESA deletion
...
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
2015-02-20 13:34:52 +01:00
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
ac0cb2d363
Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario
2014-12-12 13:55:03 +01:00
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
0de4ba58ce
testing: Update tkm/multiple-clients/evaltest.dat
...
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
2014-10-31 13:49:40 +01:00
a521ef3b8e
Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario
2014-10-18 14:05:53 +02:00
09b46cdb6a
Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario
2014-10-18 14:05:18 +02:00
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
1836c1845b
testing: Add ikev2/net2net-fragmentation scenario
2014-10-10 09:33:23 +02:00
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
89e953797d
testing: Don't check for the actual number of SWID tags in PDP scenarios
...
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
2014-10-07 12:18:36 +02:00
8f9016b1e2
testing: Make TNC scenarios agnostic to the actual Debian version
...
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
2014-10-07 12:18:25 +02:00
100c1a4bf1
testing: Updated certificates and keys in sql scenarios
2014-10-06 09:42:58 +02:00
73af3a1b04
Updated revoked certificate in ikev2/ocsp-revoked scenario
2014-10-05 21:33:35 +02:00
006518e859
The critical-extension scenarios need the old private keys
2014-10-05 20:58:03 +02:00
12e9ed12ec
testing: Wait a bit in swanctl scenarios before interacting with the daemon
2014-10-03 12:44:14 +02:00
722a8a177e
testing: Make sure the whitelist plugin is ready before configuring it
2014-10-03 12:44:14 +02:00
09f1fb82f9
testing: Update PKCS#12 containers
2014-10-03 12:44:13 +02:00
079c797421
testing: Update PKCS#8 keys
2014-10-03 12:44:13 +02:00
9f5fd7899e
testing: Update public keys in DNSSEC scenarios
...
The tests are successful even if the public keys are not stored locally,
but an additional DNS query is required to fetch them.
2014-10-03 12:44:13 +02:00
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
7ab320def3
testing: Add some notes about how to reissue attribute certificates
2014-10-03 12:31:01 +02:00
16469e8474
testing: Reissue attribute certificates for the new holder certificates
...
Due to the expired and reissued holder certificates of carol and dave, new
attribute certificates are required to match the holder certificates serial in
the ikev2/acert-{cached,fallback,inline} tests.
2014-10-03 12:28:11 +02:00
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
e0d59e10f8
testing: Update certs and keys in tkm tests
...
References #705 .
2014-09-17 17:08:35 +02:00
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
be41910e19
testing: Add sql/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
73211f9b74
testing: Add pfkey/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
945e1df738
testing: Remove obsolete shunt-policies scenarios
2014-06-26 18:12:00 +02:00
75598e5053
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
2014-06-26 09:47:03 +02:00
21aebe3781
Removed django.db from swid scenarios
2014-06-26 09:45:54 +02:00
2ef6f57456
testing: Add ikev2/shunt-policies-nat-rw scenario
2014-06-19 14:23:07 +02:00
d93987ce24
testing: Remove ikev2/shunt-policies scenario
...
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
d345f0b75d
Added swanctl/net2net-route scenario
2014-06-18 14:57:33 +02:00
3f5f0b8940
Added swanctl/net2net-start scenario
2014-06-18 14:35:59 +02:00
4402bae77d
Minor changes in swanctl scenarios
2014-06-18 14:35:36 +02:00
39d6469d76
Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios
2014-06-14 15:40:23 +02:00
3eb22f1f00
Single-line --raw mode simplifies evaltest of swanctl scenarios
2014-06-14 15:40:23 +02:00
12d618e280
Added swanctl/ip-pool-db scenario
2014-06-11 18:12:35 +02:00
cda2a1e4dc
Updated strongTNC configuration
2014-06-11 18:12:34 +02:00
d643f2cf91
Added swanctl/ip-pool scenario
2014-06-10 16:48:16 +02:00
c621847395
Added swanctl/rw-cert scenario
2014-06-10 16:48:15 +02:00
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
2997077bae
Migration from Debian 7.4 to 7.5
2014-05-31 20:37:57 +02:00
0f000cdd6c
Minor changes in the test environment
2014-05-15 21:30:42 +02:00
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
1dfd11fd92
testing: Added pfkey/compress test case
2014-04-24 17:36:17 +02:00
fa6c5f3506
Handle tag separators
2014-04-15 09:28:38 +02:00
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
9b7f9ab5d2
Updated SWID scenarios
2014-04-15 09:21:06 +02:00
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
91d71abb16
revocation: Restrict OCSP signing to specific certificates
...
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
2014-03-31 14:40:33 +02:00
babd848778
testing: Add an acert test that forces a fallback connection based on groups
2014-03-31 11:14:59 +02:00
1a4d3222be
testing: Add an acert test case sending attribute certificates inline
2014-03-31 11:14:59 +02:00
9f676321a9
testing: Add an acert test using locally cached attribute certificates
2014-03-31 11:14:59 +02:00
959ef1a2e4
Added libipsec/net2net-3des scenario
2014-03-28 09:21:51 +01:00
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
c6d173a1f1
Check that valid OCSP responses are received in the ikev2/ocsp-multi-level scenario
2014-03-24 23:57:55 +01:00
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
07e7cb146f
Added openssl-ikev2/net2net-pgp-v3 scenario
2014-03-22 09:55:03 +01:00
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
a334ac80ae
Added ikev2/lookip scenario
2014-02-17 12:04:21 +01:00
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
571025a609
testing: Add ikev2/host2host-transport-nat scenario
2014-01-23 10:27:13 +01:00
62e050e0ef
testing: Add ipv6/rw-compress-ikev2 scenario
2014-01-23 10:27:13 +01:00
6055e347f8
testing: Add ikev2/compress-nat scenario
2014-01-23 10:27:13 +01:00
1fde30cc23
testing: Enable firewall for ikev2/compress scenario
...
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
7967876257
Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios
2013-10-30 20:46:32 +01:00
9043cb2f9c
Fixed sql/net2net-route-pem scenario evaluation
2013-10-23 22:23:47 +02:00
2efe61e07b
Added two Brainpool IKEv2 scenarios
2013-10-23 21:11:28 +02:00
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
1ca57d497f
Increase debug level in libipsec/rw-suite-b scenario
2013-10-11 21:34:59 +02:00
1486fe786a
Use bold font to display key size
2013-10-11 21:23:10 +02:00
fcf355036f
Added swid_directory option
2013-10-11 20:59:24 +02:00
3bd4536185
Added tnc/tnccs-11-supplicant scenario
2013-10-11 20:18:59 +02:00
d14ba7e7fd
testing: Add libipsec/host2host-cert scenario
2013-10-11 18:04:48 +02:00
ca28e13fe8
testing: Add ikev2/net2net-dnscert scenario
2013-10-11 15:45:42 +02:00
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
80a82b8d67
testing: Add an IKEv2 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
850bab6d58
testing: Add an IKEv2 net2net AH test case
2013-10-11 10:15:22 +02:00
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
44047e7adb
converted all openssl-ikev1 iptables scenarios
2013-01-17 16:55:01 +01:00
61ab7db386
converted all gcrypt-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
1dc14281fc
converted all af-alg iptables scenarios
2013-01-17 16:55:01 +01:00
Tobias Brunner