[Swan-dev] Merging algorithm tests?

Andrew Cagney andrew.cagney at gmail.com
Wed Mar 15 14:35:38 UTC 2017


For the DH19/DH20/DH21, since the test objective was to just
demonstrate a basic crypto suite interop, i grouped everything
reducing the number of tests (the convention seems to be one test per
crypto suite).  For instance, ikev2-algo-ike-dh-ecp-01's westrun.sh
looks like:

../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh19 -I 192.0.1.254
192.0.2.254
../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh20 -I 192.0.1.254
192.0.2.254
../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh21 -I 192.0.1.254
192.0.2.254

this seems to work remarkably well(1)(2).  I'm now wondering if this
is a better more general approach for crypto suite interop tests like
this.

(1) my implementation is simple (I suspect there's a way to do this
directly with whack; but that means learning whack :-)
(2) anyone know a way to do this with strongswan as the initiator?


More information about the Swan-dev mailing list