Commit Graph

884 Commits

Author SHA1 Message Date
Andreas Steffen f0ffb9f9af Fixed description of ikev1/rw-ntru-psk scenario 2014-02-12 13:21:46 +01:00
Andreas Steffen 83caf0827c Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios 2014-02-12 13:16:34 +01:00
Tobias Brunner 571025a609 testing: Add ikev2/host2host-transport-nat scenario 2014-01-23 10:27:13 +01:00
Tobias Brunner 62e050e0ef testing: Add ipv6/rw-compress-ikev2 scenario 2014-01-23 10:27:13 +01:00
Tobias Brunner 6055e347f8 testing: Add ikev2/compress-nat scenario 2014-01-23 10:27:13 +01:00
Tobias Brunner 1fde30cc23 testing: Enable firewall for ikev2/compress scenario
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
Reto Buerki 8416ebb628 charon-tkm: Update integration tests 2013-12-04 10:41:54 +01:00
Andreas Steffen 802eaf3789 Any of the four NTRU parameter sets can be selected 2013-11-27 20:21:41 +01:00
Andreas Steffen d5cd6eba2b Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios 2013-11-27 20:21:40 +01:00
Andreas Steffen 7967876257 Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios 2013-10-30 20:46:32 +01:00
Andreas Steffen 9043cb2f9c Fixed sql/net2net-route-pem scenario evaluation 2013-10-23 22:23:47 +02:00
Andreas Steffen 2efe61e07b Added two Brainpool IKEv2 scenarios 2013-10-23 21:11:28 +02:00
Andreas Steffen b891c22aa9 Updated and split data.sql 2013-10-23 00:26:02 +02:00
Andreas Steffen 1ca57d497f Increase debug level in libipsec/rw-suite-b scenario 2013-10-11 21:34:59 +02:00
Andreas Steffen 1486fe786a Use bold font to display key size 2013-10-11 21:23:10 +02:00
Andreas Steffen fcf355036f Added swid_directory option 2013-10-11 20:59:24 +02:00
Andreas Steffen 3bd4536185 Added tnc/tnccs-11-supplicant scenario 2013-10-11 20:18:59 +02:00
Tobias Brunner d14ba7e7fd testing: Add libipsec/host2host-cert scenario 2013-10-11 18:04:48 +02:00
Tobias Brunner ca28e13fe8 testing: Add ikev2/net2net-dnscert scenario 2013-10-11 15:45:42 +02:00
Martin Willi fa7815538f testing: Add an IKEv1 host2host AH transport mode test case 2013-10-11 10:15:22 +02:00
Martin Willi ef4560121d testing: Add an IKEv1 net2net AH test case 2013-10-11 10:15:22 +02:00
Martin Willi 80a82b8d67 testing: Add an IKEv2 host2host AH transport mode test case 2013-10-11 10:15:22 +02:00
Martin Willi 850bab6d58 testing: Add an IKEv2 net2net AH test case 2013-10-11 10:15:22 +02:00
Andreas Steffen 2c4d772a79 Implemented TCG/PB-PDP_Referral message 2013-09-17 21:57:08 +02:00
Andreas Steffen 97346f2a7e Added ikev1/config-payload-push scenario 2013-09-07 08:23:58 +02:00
Andreas Steffen 9b8137fdd3 Added tags table and some tag samples 2013-09-05 11:29:23 +02:00
Andreas Steffen 86f00e6aff Added regids table and some sample reqid data 2013-09-02 12:00:47 +02:00
Andreas Steffen 6fc5cc003d Pull dave for OS info 2013-09-02 12:00:46 +02:00
Andreas Steffen 03d673620d Cleaned configuration files in PT-TLS client scenario 2013-08-22 17:24:20 +02:00
Andreas Steffen aff4367907 Flush iptables rules on alice 2013-08-19 12:20:57 +02:00
Andreas Steffen f859645b12 Fixes in tnc scenarios 2013-08-19 11:44:51 +02:00
Andreas Steffen 10c7ca2399 Added tnc/tnccs-20-pt-tls scenario 2013-08-19 11:36:23 +02:00
Martin Willi 2cfe88aacb testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi 9d75f04eee testing: add a testcase for plain XAuth RADIUS authentication 2013-07-29 09:00:49 +02:00
Andreas Steffen 2b1ac51c9c fixed typo 2013-07-19 20:07:32 +02:00
Andreas Steffen 645e9291f0 updated some TNC scenarios 2013-07-19 19:36:07 +02:00
Tobias Brunner 9e7a45bec2 testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
Andreas Steffen 0a013e1af5 Override policy recommendation in enforcement 2013-07-11 10:34:00 +02:00
Andreas Steffen 9e0182b922 openssl plugin can replace random, hmac, and gcm plugins 2013-07-10 20:38:07 +02:00
Andreas Steffen 3910fb3715 Added openssl-ikev2/net2net-pkcs12 scenario 2013-07-10 20:25:49 +02:00
Andreas Steffen 49a26e5b57 Added ikev2/net2net-pkcs12 scenario 2013-07-10 20:17:44 +02:00
Andreas Steffen 3b569df215 conntrack -F makes ikev2/nat-rw scenario to work always 2013-07-10 17:50:25 +02:00
Andreas Steffen 9844f240f8 Register packages under Debian 7.0 x86_64 2013-07-04 22:53:41 +02:00
Tobias Brunner 1d728758ed Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case 2013-07-01 13:48:21 +02:00
Andreas Steffen bb802daacc Fixed libipsec/rw-suite-b scenario 2013-07-01 12:32:45 +02:00
Andreas Steffen 3405156f97 Added libipsec/rw-suite-b scenario 2013-07-01 11:04:14 +02:00
Andreas Steffen 156e552caf Added libipsec/net2net-cert scenario 2013-06-29 22:23:45 +02:00
Reto Buerki 1cfefd38a2 Add type=transport to tkm/host2host-* connections
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
Andreas Steffen b1f1e5e5f2 5.1.0 changes for test cases 2013-06-29 00:07:15 +02:00
Tobias Brunner 50daffb784 dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses 2013-06-28 17:00:29 +02:00
Tobias Brunner 87692be215 Load any type (RSA/ECDSA) of public key via left|rightsigkey 2013-05-07 17:08:31 +02:00
Tobias Brunner fa1d3d39dc left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Andreas Steffen 0f499f41dc Use attest database in tnc/tnccs-20-os scenario 2013-04-21 16:31:23 +02:00
Andreas Steffen 1b912ad384 check for successful activation of FIPS mode 2013-04-19 18:46:52 +02:00
Andreas Steffen 545df30c18 Added openssl-ikev2/rw-cpa scenario 2013-04-19 18:34:35 +02:00
Andreas Steffen 8d384fb7df disable reauth, too 2013-04-15 20:21:27 +02:00
Andreas Steffen 654c88bca8 Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers 2013-04-14 19:57:49 +02:00
Andreas Steffen 2a4915e87a cleaned up XML code in tnccs-11 plugin 2013-04-04 17:12:07 +02:00
Andreas Steffen 8f72ba4aff Added Framed-IP-Address information to RADIUS accounting records 2013-03-22 23:52:01 +01:00
Andreas Steffen 0b6c43f038 Added ikev2/rw-eap-framed-ip-radius scenario 2013-03-22 19:08:42 +01:00
Andreas Steffen 1eada67bcb Added ikev2/ip-two-pools-v4v6-db scenario 2013-03-22 12:18:43 +01:00
Reto Buerki 8484f2bc5c Implement multiple-clients integration test
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
Reto Buerki a520e4a010 Implement net2net-xfrmproxy integration test 2013-03-19 15:23:50 +01:00
Reto Buerki 847d320950 Implement net2net-initiator integration test 2013-03-19 15:23:50 +01:00
Reto Buerki d8b2064a34 Add xfrm_proxy integration test 2013-03-19 15:23:50 +01:00
Reto Buerki 3150dbd3e3 Add TKM responder integration test 2013-03-19 15:23:50 +01:00
Reto Buerki 117375ed00 Add initial TKM integration test
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
Andreas Steffen f7580a5a67 added openssl-ikev2/alg-aes-gcm scenario 2013-03-03 11:43:52 +01:00
Andreas Steffen 81419b9748 use DNs in tnc/tnccs-20-tls scenario 2013-03-03 10:47:17 +01:00
Andreas Steffen f0c102cbfa Added ikev2/rw-dnssec scenario 2013-02-19 12:25:01 +01:00
Andreas Steffen 1d4ff25fb8 Added ikev2/net2net-dnssec scenario 2013-02-19 12:25:01 +01:00
Andreas Steffen 5374fe3a09 added ikev1/net2net-fragmentation scenario 2013-02-12 23:01:48 +01:00
Andreas Steffen 7d355f853d use EAP identity in tnc/tnccs-20-pdp scenario 2013-02-12 20:41:37 +01:00
Tobias Brunner 812cd9c18a Removed UML from description of ikev2/default-keys test 2013-01-17 16:56:02 +01:00
Tobias Brunner b1169a880a Updated comments in test.conf of all tests 2013-01-17 16:56:02 +01:00
Tobias Brunner 7699a928f7 Renamed $UMLHOSTS to $VIRTHOSTS 2013-01-17 16:56:02 +01:00
Reto Buerki 88bffacfdc Drop vim swap file 2013-01-17 16:55:04 +01:00
Reto Buerki c25f850601 Drop obsolete Gentoo dhcpd init script 2013-01-17 16:55:03 +01:00
Reto Buerki 530f7b8421 No need to enable ip_forward in pretest files
It is enabled by default now.
2013-01-17 16:55:03 +01:00
Andreas Steffen 44e533b88e converted ha/both-active iptables scenario 2013-01-17 16:55:03 +01:00
Andreas Steffen 5c09942d54 converted all ipv6 iptables/ip6tables scenarios 2013-01-17 16:55:03 +01:00
Andreas Steffen a0ffe67fab converted all p2pnat iptables scenarios 2013-01-17 16:55:02 +01:00
Andreas Steffen 472a411aa8 converted all tnc iptables scenarios 2013-01-17 16:55:02 +01:00
Andreas Steffen cedc96c2c4 implemented ip6tables.rules 2013-01-17 16:55:02 +01:00
Andreas Steffen 136f74161b converted all sql iptables scenarios 2013-01-17 16:55:02 +01:00
Andreas Steffen 6fff9d9ace converted all pfkey iptables scenarios 2013-01-17 16:55:01 +01:00
Andreas Steffen 8fbb9458d6 converted all openssl-ikev2 iptables scenarios 2013-01-17 16:55:01 +01:00
Andreas Steffen 44047e7adb converted all openssl-ikev1 iptables scenarios 2013-01-17 16:55:01 +01:00
Andreas Steffen 61ab7db386 converted all gcrypt-ikev2 iptables scenarios 2013-01-17 16:55:01 +01:00
Andreas Steffen 1dc14281fc converted all af-alg iptables scenarios 2013-01-17 16:55:01 +01:00
Andreas Steffen ac09da8e50 added ikev1/nat-virtual-ip scenario 2013-01-17 16:55:00 +01:00
Andreas Steffen ca0128588f converted all ikev1 iptables scenarios 2013-01-17 16:55:00 +01:00
Andreas Steffen d815235d17 use iptables-restore in all ikev2 firewall scenarios 2013-01-17 16:55:00 +01:00
Andreas Steffen 28b7db2b3c Updated mark_update script in several IKEv2 scenarios 2013-01-17 16:55:00 +01:00
Andreas Steffen 9b4477d5b8 activated iptables in some ikev2 scenarios 2013-01-17 16:55:00 +01:00
Andreas Steffen 8e75e8dfa7 Fixed NO evaltest in tnc/tnccs-20-pdp scenario 2013-01-17 16:54:59 +01:00
Andreas Steffen 9c36018cc7 Disable IPv4 forwarding on carol in order to pass tnc/tnccs-20-os scenario 2013-01-17 16:54:59 +01:00
Reto Buerki 602ba2f6d1 Adjust ikev2/farp test to qemu network interfaces 2013-01-17 16:54:58 +01:00
Reto Buerki 7fa92110e8 Adjust ikev2/dhcp tests to qemu network interfaces 2013-01-17 16:54:57 +01:00
Reto Buerki 76ccd25a05 Add expect-connection guest image script
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.

The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00