From 50a7942c418595f8a6df8c986580e908b897ed93 Mon Sep 17 00:00:00 2001
From: Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>
Date: Mon, 22 Dec 2008 14:08:46 +0000
Subject: add regression test for aes-{128,192,256} being used with main and
 quick mode.

---
 regress/sbin/ipsecctl/Makefile |   4 +-
 regress/sbin/ipsecctl/ike60.in |   3 ++
 regress/sbin/ipsecctl/ike60.ok | 108 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 113 insertions(+), 2 deletions(-)
 create mode 100644 regress/sbin/ipsecctl/ike60.in
 create mode 100644 regress/sbin/ipsecctl/ike60.ok

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index 339b0ed7ba7..0153dc7698e 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.51 2008/07/01 14:08:39 bluhm Exp $
+# $OpenBSD: Makefile,v 1.52 2008/12/22 14:08:45 hshoexer Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -19,7 +19,7 @@ IKEFAIL=1 3 4 5 6 8 9 10 11 12
 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKETESTS+=16 17 18 19 20 21 22 23
 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40
-IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59
+IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
 
 IKEDELTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKEDELTESTS+=16 17 18 19 20 21 22 23
diff --git a/regress/sbin/ipsecctl/ike60.in b/regress/sbin/ipsecctl/ike60.in
new file mode 100644
index 00000000000..11d3b51077e
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike60.in
@@ -0,0 +1,3 @@
+ike from egress to any main enc aes-128 quick enc aes-128
+ike from egress to any main enc aes-192 quick enc aes-192
+ike from egress to any main enc aes-256 quick enc aes-256
diff --git a/regress/sbin/ipsecctl/ike60.ok b/regress/sbin/ipsecctl/ike60.ok
new file mode 100644
index 00000000000..e9f653d90d9
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike60.ok
@@ -0,0 +1,108 @@
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-128-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-128-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-128-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-128-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-192-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-192-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-192-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-192-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-256-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-256-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-256-SHA-RSA_SIG force
+C set [from-sk0-to-0.0.0.0/0]:Phase=2 force
+C set [from-sk0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-sk0-to-0.0.0.0/0]:Configuration=phase2-from-sk0-to-0.0.0.0/0 force
+C set [from-sk0-to-0.0.0.0/0]:Local-ID=from-sk0 force
+C set [from-sk0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-sk0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-sk0-to-0.0.0.0/0]:Suites=QM-ESP-AES-256-SHA2-256-PFS-SUITE force
+C set [from-sk0]:ID-type=IPV4_ADDR force
+C set [from-sk0]:Address=sk0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-sk0-to-0.0.0.0/0
-- 
cgit v1.2.3