adapted pfkey alg and esp scenarios

testing/tests/pfkey/alg-aes-xcbc/description.txt

@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-modp2048!</b>
-in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>.
+in ipsec.conf. The same cipher suite is used for IKE.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.

testing/tests/pfkey/alg-aes-xcbc/evaltest.dat

@@ -1,9 +1,12 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES
+moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
 moon::ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
+

testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf

@@ -11,8 +11,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
-	ike=aes256-aesxcbc-modp2048!
+	ike=aes128-aesxcbc-modp2048!
-	esp=aes256-aesxcbc-modp2048!
+	esp=aes128-aesxcbc-modp2048!
 
 conn home
 	left=PH_IP_CAROL

testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf

@@ -11,8 +11,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
-	ike=aes256-aesxcbc-modp2048!
+	ike=aes128-aesxcbc-modp2048!
-	esp=aes256-aesxcbc-modp2048!
+	esp=aes128-aesxcbc-modp2048!
 
 conn rw
 	left=PH_IP_MOON

testing/tests/pfkey/alg-aes-xcbc/test.conf

@@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes

testing/tests/pfkey/esp-alg-null/evaltest.dat

@@ -1,7 +1,9 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
 carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
 moon::ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES

testing/tests/pfkey/esp-alg-null/test.conf

@@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes