# # This isn't actually a shell script. It just looks like one. # Some tools other than /bin/sh process it. # # test-kind directory-containing-test expectation [PR#] # test-kind: # umlplutotest - not yet converted, will not be run with 'make check' # kvmplutotest - coverted to use KVM, will be run with 'make check' # skiptest - skip this test # hwtest - connect to physical test machines, not KVM [FUTURE] # expectation: # good - output matches known output # bad - output should NOT match [only for unit tests, not pluto test] # wip - this test still need work. # basic pluto test - bring up your basic CONN between eastnet-westnet. kvmplutotest basic-pluto-01 good kvmplutotest basic-pluto-02 good kvmplutotest basic-pluto-03 good kvmplutotest basic-pluto-07 good ################################################################# # IKEv2 tests ################################################################# kvmplutotest ikev2-01-fallback-ikev1 good kvmplutotest ikev2-02-responder-send-notify good kvmplutotest ikev2-03-basic-rawrsa good kvmplutotest ikev2-04-basic-x509 good kvmplutotest ikev2-05-basic-psk good kvmplutotest ikev2-06-6msg good umlplutotest ikev2-07-biddown good kvmplutotest ikev2-08-delete-notify good kvmplutotest ikev2-delete-01 good kvmplutotest ikev2-delete-02 good kvmplutotest ikev2-09-rw-rsa good kvmplutotest ikev2-11-simple-psk good kvmplutotest ikev2-12-x509-ikev1 bad kvmplutotest ikev2-12-x509-ikev1-rw bad kvmplutotest ikev2-12-transport-psk good kvmplutotest ikev2-13-ah good kvmplutotest ikev2-14-missing-ke good kvmplutotest ikev2-15-fuzzer good kvmplutotest ikev2-17-rekey good kvmplutotest ikev2-18-x509-alias good kvmplutotest ikev2-19-x509-auto-start good kvmplutotest ikev2-24-cryptoload wip kvmplutotest ikev1-cryptoload-01 wip kvmplutotest ikev2-03-basic-rawrsa-nhelpers0 good kvmplutotest ikev2-04-basic-x509-nhelpers0 good kvmplutotest ikev2-05-basic-psk-nhelpers0 good umlplutotest ikev2-x509-01 good umlplutotest ikev2-x509-02 good # modp tests for checking if we deal with sending different KE's kvmplutotest ikev2-algo-01-modp2048-initiator good kvmplutotest ikev2-algo-02-modp2048-responder good kvmplutotest ikev2-algo-03-aes-ccm good kvmplutotest ikev2-algo-04-aes-gcm good kvmplutotest ikev2-algo-05-aes-default good kvmplutotest ikev2-algo-06-aes-aes_cbc good kvmplutotest ikev2-algo-07-aes_ctr good kvmplutotest ikev2-algo-08-cast good kvmplutotest ikev2-algo-09-camellia good kvmplutotest netkey-algo-aes_gcm-01 good kvmplutotest netkey-algo-aes_ccm-01 good # various ESP SHA2 tests (sha2/sha2_128/sha2_192/sha2_256) kvmplutotest ikev2-algo-sha2-01 good kvmplutotest ikev2-algo-sha2-02 good kvmplutotest ikev2-algo-sha2-03 good kvmplutotest ikev2-algo-sha2-04 good kvmplutotest ikev2-algo-sha2-05 wip kvmplutotest ikev1-algo-esp-sha2-05 wip kvmplutotest ikev2-algo-sha2-06 good kvmplutotest ikev2-algo-sha2-07 good # various IKE SHA2 tests (sha2/sha2_128/sha2_192/sha2_256) kvmplutotest ikev2-algo-ike-sha2-01 good kvmplutotest ikev2-algo-ike-sha2-02 good kvmplutotest ikev2-algo-ike-sha2-03 good kvmplutotest ikev1-algo-ike-sha2-01 good kvmplutotest ikev1-algo-ike-sha2-02 good kvmplutotest ikev1-algo-ike-sha2-03 good kvmplutotest ikev1-algo-05-aes-aes good kvmplutotest ikev1-algo-04-mismatch good kvmplutotest ikev1-algo-05-3des-sha2 good # Various corner case tests for IKEv2 kvmplutotest ikev2-major-version-initiator good kvmplutotest ikev2-major-version-responder good kvmplutotest ikev2-minor-version-initiator good kvmplutotest ikev2-minor-version-responder good kvmplutotest ikev2-isakmp-reserved-flags-01 good kvmplutotest ikev2-isakmp-reserved-flags-02 good kvmplutotest ikev2-allow-narrow-01 good kvmplutotest ikev2-allow-narrow-02 good kvmplutotest ikev2-allow-narrow-03 good kvmplutotest ikev2-allow-narrow-04 good kvmplutotest ikev2-allow-narrow-05 good kvmplutotest ikev2-allow-narrow-06 good kvmplutotest ikev2-allow-narrow-07 good kvmplutotest ikev2-no-nhelpers-01 good kvmplutotest pluto-ipcmp-01 good # pluto-unit-01 - pluto vs. pluto, without KLIPS # This runs in a single UML, so ctltest is appropriate ctltest pluto-unit-01 good ctltest pluto-unit-02 good # regression test for --dontrekey responder with short SA lifetimes: # ought to somehow notify other side. # Also a unit test. ctltest pluto-dontreky-expiry-01 good # test food groups # these set up a food group, then run a ping from sunrise-sunset # clear peer # OE TEMP DISABLED umlplutotest food-groups-clear-01 good # oe peer # # this test is disabled because the OE peer (west) is not # properly configured yet. #umlplutotest food-groups-clear-02 bad # clear peer # OE TEMP DISABLED umlplutotest food-groups-clear-or-oe-01 good # oe peer # # this test is disabled because the OE peer (west) is not # properly configured yet. #umlplutotest food-groups-clear-or-oe-02 bad # clear peer # OE TEMP DISABLED umlplutotest food-groups-never-01 good # oe peer # This test is disabled, since no packets should ever arrive at west, so # it could never reply. A test of replies needs to be done instead. # #umlplutotest food-groups-never-02 bad # oe peer # OE TEMP DISABLED umlplutotest food-groups-oe-or-clear-01 good # clear peer # # this test is disabled because the OE peer (west) is not # properly configured yet. #umlplutotest food-groups-oe-or-clear-02 bad # oe peer # OE TEMP DISABLED umlplutotest food-groups-oe-or-die-01 good # clear peer # # this test is disabled because the OE peer (west) is not # properly configured yet. #umlplutotest food-groups-oe-or-die-02 bad # Foodgroups bug: used to forget name of target when target is # preserved across --listen. # OE TEMP DISABLED umlplutotest food-groups-bug-01 good # bug: OE should not be attempted if our private key is missing # OE TEMP DISABLED umlplutotest oe-fail-without-private-key-01 good # bug: pluto and _pluto_adns can deadlock in a flood # OE TEMP DISABLED umlplutotest oe-flood-deadlock-01 good # Foodgroups orderly transition: policy groups must be transitioned properly # when changed # umlplutotest food-groups-orderly-transition-01 good # RFC 3706 DPD test kvmplutotest dpd-01 good kvmplutotest dpd-01-netkey good kvmplutotest dpd-02 good kvmplutotest dpd-02-reverse good kvmplutotest dpd-03 good kvmplutotest dpd-04 good kvmplutotest dpd-05 good kvmplutotest dpd-06 good kvmplutotest dpd-07 good kvmplutotest dpd-08 wip kvmplutotest dpd-08-netkey wip # Delete SA test. kvmplutotest delete-sa-01 good # # oe-snat-01 - do Source address NAT and then OE # # OE TEMP DISABLED umlplutotest oe-snat-01 good # # oe-fail-without-resp-client-txt-01 - when responding using an OE # connection, checks that there is a TXT (and possibly KEY) record # that delegates this security gateway to act for the client on our # side. # OE TEMP DISABLED umlplutotest oe-fail-without-resp-client-txt-01 good # # whack --status output should be sorted. # ctltest whack-status-01 good # # co-terminal-02 - wavesec+OE, with wavesec started first # # OE TEMP DISABLED umlXhost co-terminal-02 good # # co-terminal-03 - wavesec+OE, with OE started first # # OE TEMP DISABLED umlXhost co-terminal-03 good # # tests of OE from road warriors (no gateways) # full OE test # # OE TEMP DISABLED umlXhost oe-road-01 good # # FQDN OE test with TXT RR, no KEY # # OE TEMP DISABLED umlXhost oe-road-02 good # # FQDN OE test with TXT, mangled # # OE TEMP DISABLED umlXhost oe-road-03 good # # FQDN OE test with KEY, no TXT # # OE TEMP DISABLED umlXhost oe-road-04 good # # test for using %dns in VPN conns ctltest vpn-dns-01 good # # tests of OE from road warriors (no gateways) # full OE test # # OE TEMP DISABLED umlXhost myid-road-01 good # # FQDN OE test with TXT RR, no KEY # # OE TEMP DISABLED umlXhost myid-road-02 good # # FQDN OE test with TXT, mangled # # OE TEMP DISABLED umlXhost myid-road-03 good # # FQDN OE test with KEY, no TXT # # OE TEMP DISABLED umlXhost myid-road-04 good # # FQDN OE with trailing dot # # OE TEMP DISABLED umlXhost myid-road-05 good # # a test of rekeying an OE connection # # OE TEMP DISABLED umlXhost pluto-rekey-01 good # # a test of using X.509 keys # kvmplutotest x509-pluto-01 good #umlplutotest x509-pluto-frag-01 good # # # a test of sending and validating an X.509 cert # # incomplete test - disabled #umlXhost x509-pluto-02 good # a test of sending and validating an X.509 cert # # incomplete test - disabled #umlplutotest x509-pluto-03 good # NSS tests # a test for using nss with X.509 cert # # incomplete test - disabled #umlplutotest x509-nss-01 good umlplutotest nss-leftrsasigkey2-01 good kvmplutotest nat-pluto-01 good kvmplutotest nat-pluto-02 good kvmplutotest nat-pluto-03 good kvmplutotest nat-pluto-04 good kvmplutotest nat-pluto-06 good kvmplutotest nat-pluto-07 good kvmplutotest nat-pluto-08 good kvmplutotest nat-pluto-09 good kvmplutotest nat-pluto-10 good # # Test of NAT traversal w/DPD umlXhost nat-dpd-pluto-01 good # Test of NAT traversal, with Aggressive Mode client umlXhost nat-aggr-01 good # # a test of using AES with pluto # kvmplutotest basic-pluto-04 good # CAP_DAC_OVERRIDE kvmplutotest basic-pluto-06 wip # a test of sending and validating an X.509 cert # when the responder has leftca=%any # umlplutotest x509-pluto-04 good # # a test of sending and validating an X.509 cert # when the responder only a leftca="" value, and # no leftid= # umlplutotest x509-pluto-05 good # # a test of sending and validating an X.509 cert # when the responder has the wrong DN. # umlXhost x509-pluto-06 good # # a test case of PSK with aggressive mode kvmplutotest psk-pluto-01 good kvmplutotest psk-pluto-02 bad kvmplutotest xauth-pluto-03 good kvmplutotest xauth-pluto-04 good kvmplutotest xauth-pluto-05 good kvmplutotest xauth-pluto-05-netkey good kvmplutotest xauth-pluto-06 good kvmplutotest xauth-pluto-07 good kvmplutotest xauth-pluto-08 good kvmplutotest xauth-pluto-09 good umlXhost xauth-pluto-10 good umlXhost xauth-pluto-11 good kvmplutotest xauth-pluto-12 good kvmplutotest xauth-pluto-13 good kvmplutotest xauth-pluto-14 good kvmplutotest xauth-pluto-15 good kvmplutotest xauth-pluto-16 good skiptest xauth-pluto-17 wip kvmplutotest xauth-pluto-18 good kvmplutotest xauth-pluto-19 good # # Aggressive Mode Pluto Tests # umlplutotest aggr-pluto-01 good umlplutotest aggr-pluto-02 good umlplutotest aggr-pluto-03 good umlplutotest aggr-pluto-04-cookies good # # Aggressive Mode Unit Tests ctltest aggr-unit-01 good ctltest aggr-unit-02 good # # a testcase with pfs=yes connecting to pfs=no # kvmplutotest basic-pluto-09 good kvmplutotest basic-pluto-10 wip kvmplutotest basic-pluto-01-valgrind good kvmplutotest basic-pluto-11 good # passthrough protoport tests kvmplutotest basic-pluto-12 wip kvmplutotest basic-pluto-12-netkey wip # # test cases of what happens to X.509 based authorization system # when certain error conditions are met or parts of the CA are # missing or CRL's expired, etc. # # umlplutotest fail-x509-01 good umlplutotest fail-x509-02 good # not implemented yet #umlplutotest fail-x509-03 good #umlplutotest fail-x509-04 good #umlplutotest fail-x509-05 good umlplutotest fail-x509-06 good umlplutotest fail-x509-07 good umlplutotest fail-x509-08 good umlplutotest fail-x509-09 good umlplutotest fail-x509-10 good umlplutotest fail-x509-11 good umlplutotest fail-x509-12 good # # this tests rekeys (--down/--up) when behind a NAT. a --replace # may cancel things that the --down/--up may not. This also # tests that the responder is happy with us doing that. # kvmplutotest pluto-rekey-02 good kvmplutotest psk-pluto-03 good kvmplutotest psk-pluto-04 good kvmplutotest psk-pluto-05 good kvmplutotest psk-pluto-06 good # # tests using alternative ESP algorithms # kvmplutotest netkey-algo-twofish-01 good kvmplutotest klips-algo-twofish-01 good kvmplutotest netkey-algo-serpent-01 good kvmplutotest klips-algo-serpent-01 good kvmplutotest netkey-algo-camellia-01 good kvmplutotest netkey-algo-cast-01 good kvmplutotest klips-algo-cast-01 good kvmplutotest netkey-algo-null-01 good kvmplutotest netkey-algo-null-02 good # # a test of using twofish with pluto, twofish for phase2 # umlplutotest basic-pluto-08 bad # # a test of using aes256 for phase 1 and phase 2, # with appropriate modp group kvmplutotest algo-pluto-01 good kvmplutotest algo-pluto-02 good kvmplutotest algo-pluto-03 good kvmplutotest algo-pluto-04 good umlplutotest algo-pluto-05 good umlplutotest algo-pluto-06 good kvmplutotest algo-pluto-08 good kvmplutotest algo-pluto-09 good kvmplutotest algo-pluto-10 good kvmplutotest algo-pluto-11 good kvmplutotest algo-pluto-12-aes-default good kvmplutotest algo-pluto-13-invalid-3des good # # tests for usnig multiple subnets using conn aliases # umlXhost multinet-01 good umlXhost multinet-02 good umlXhost multinet-03 good umlXhost multinet-04 good # transport mode related tests umlplutotest transport-01 good umlplutotest transport-02 good umlplutotest transport-03 bad kvmplutotest nat-transport-02 wip kvmplutotest ah-pluto-01 good kvmplutotest ah-pluto-02 good kvmplutotest ah-pluto-03 good kvmplutotest ah-pluto-04 good kvmplutotest ah-pluto-05 good kvmplutotest ah-pluto-09 good kvmplutotest ah-pluto-10 good kvmplutotest ah-pluto-11 good kvmplutotest interop-ikev1-strongswan-10-ah-initiator-sha256 good kvmplutotest interop-ikev1-strongswan-11-ah-initiator-sha512 good kvmplutotest interop-ikev2-strongswan-16-ah-initiator-sha512 good kvmplutotest interop-ikev2-strongswan-17-ah-initiator-sha256 good # kernel does not yet support these algo's kvmplutotest ah-pluto-06 wip kvmplutotest ah-pluto-07 wip kvmplutotest ah-pluto-08 wip umlplutotest protoport-01 good umlplutotest protoport-02 good # Tests below require testing infrastructure with netkey support kvmplutotest algo-pluto-07 good kvmplutotest netkey-pluto-01 good kvmplutotest netkey-pluto-02 good umlplutotest netkey-pluto-04 good umlplutotest netkey-pluto-05 good umlplutotest netkey-psk-pluto-06 good umlplutotest netkey-psk-vhost-01 good umlplutotest netkey-psk-vhost-02 good umlplutotest netkey-psk-vhost-03 good umlplutotest netkey-psk-vhost-04 good # Selinux / secure labeling tests (require netkey and selinux) kvmplutotest loopback-pluto-01 good kvmplutotest loopback-pluto-02 good kvmplutotest loopback-pluto-03 good kvmplutotest loopback-pluto-04 good kvmplutotest loopback-pluto-05 good kvmplutotest loopback-pluto-06 good kvmplutotest labeled-ipsec-01 good # compress tests, some use netkey kvmplutotest compress-pluto-01 good kvmplutotest compress-pluto-02 good kvmplutotest compress-pluto-netkey-03 good umlplutotest compress-pluto-netkey-klips-04 good # sourceip tests umlplutotest sourceip-01 good umlplutotest sourceip-02 good ################################################################# # IPv6 tests ################################################################# kvmplutotest ipv6-v6-through-v6-klips-klips incomplete umlplutotest ipv6-v6-through-v6-netkey-netkey good umlplutotest ipv6-v6-through-v6-klips-netkey good umlplutotest ipv6-v4-through-v6-klips-klips good umlplutotest ipv6-v6-through-v4-klips-klips good kvmplutotest ipv6-transport-mode-01-klips-klips incomplete kvmplutotest ipv6-transport-mode-02-netkey-netkey incomplete kvmplutotest ipv6-transport-mode-03-klips-netkey incomplete kvmplutotest ipv6-tunnel-mode-01-klips-klips incomplete kvmplutotest ipv6-tunnel-mode-02-netkey-netkey incomplete kvmplutotest ipv6-tunnel-mode-03-klips-netkey incomplete kvmplutotest ipv6-transport-ts-mode-04-netkey-netkey incomplete kvmplutotest ipv6-tunnel-mode-03-rw good kvmplutotest ipv6-tunnel-mode-04-rw good ################################################################# # Interop tests ################################################################# umlplutotest interop-ikev2-racoon-01-noconn good kvmplutotest interop-ikev2-racoon-02-psk-responder good umlplutotest interop-ikev2-racoon-03-psk-initiator good umlplutotest interop-ikev2-racoon-04-x509-responder good umlplutotest interop-ikev2-racoon-05-x509-initiator good kvmplutotest interop-ikev1-strongswan-02-psk-responder good kvmplutotest interop-ikev1-strongswan-03-psk-initiator good kvmplutotest interop-ikev1-strongswan-04-psk-aes-gcm good kvmplutotest interop-ikev1-strongswan-04-psk-aes-ccm good kvmplutotest interop-ikev1-strongswan-07-cast128 good # below is a strongswan-strongswan test case that seems to prove CAST # is broken for netkey/xfrm in strongswan itself too - kernel changed? kvmplutotest interop-ikev1-strongswan-08-strongswan-cast good umlplutotest interop-ikev2-strongswan-01-noconn good kvmplutotest interop-ikev2-strongswan-02-psk-responder good kvmplutotest interop-ikev2-strongswan-03-psk-initiator good kvmplutotest interop-ikev2-strongswan-04-x509-responder good kvmplutotest interop-ikev2-strongswan-05-psk-aes good kvmplutotest interop-ikev2-strongswan-05-psk-md5 good kvmplutotest interop-ikev2-strongswan-06-aes192 good kvmplutotest interop-ikev2-strongswan-07-strongswan good kvmplutotest interop-ikev2-strongswan-09-psk-aes-ccm good kvmplutotest interop-ikev2-strongswan-09-psk-aes-gcm good kvmplutotest interop-ikev2-strongswan-10-nat-initiator wip kvmplutotest interop-ikev2-strongswan-11-nat-initiator wip kvmplutotest interop-ikev2-strongswan-12-nat-responder wip kvmplutotest interop-ikev2-strongswan-13-ah-initiator wip kvmplutotest interop-ikev2-strongswan-14-delete-sa wip kvmplutotest interop-ikev2-strongswan-15-create_child_sa wip # strongswan still broken in v5.1.1 kvmplutotest interop-ikev2-strongswan-18-psk-cast wip skiptest interop-racoon-iphone4s-nonat incomplete skiptest interop-racoon-iphone5-nonat incomplete ################################################################# # DNSSEC tests ################################################################# kvmplutotest dnssec-pluto-01 good ################################################################# # Specific bug tests ################################################################# # trying out bug #888 umlplutotest phase1-expire-01-reconnect-klips good umlplutotest phase1-expire-02-reconnect-netkey good umlplutotest x509-pluto-frag-00 good umlplutotest x509-pluto-frag-01 good umlplutotest x509-pluto-frag-02 good umlplutotest x509-pluto-frag-03 good umlplutotest x509-pluto-frag-04 good kvmplutotest replay-authip-01 good kvmplutotest l2tp-01 good kvmplutotest l2tp-02 good kvmplutotest l2tp-02-netkey good kvmplutotest ikeport-01 wip ################################################################# # passthrough tests ################################################################# kvmplutotest netkey-passthrough-ipxfrm wip kvmplutotest netkey-passthrough-00 wip kvmplutotest netkey-passthrough-01 wip kvmplutotest netkey-passthrough-02 wip kvmplutotest netkey-passthrough-03 wip kvmplutotest klips-passthrough-00 wip