#
# This isn't actually a shell script. It just looks like one.
# Some tools other than /bin/sh process it. 
#
# See doc/src/makecheck.html#TESTLIST for the format.
# test-kind	directory-containing-test	expectation	[PR#]


# basic pluto test - bring up your basic CONN between eastnet-westnet.
umlplutotest	basic-pluto-01	good
umlplutotest	basic-pluto-02	good
umlXhost	basic-pluto-03	good

# fails due to refineconnection bug.
umlplutotest	basic-pluto-06	bad
umlplutotest	pluto-ipcmp-01	good
umlplutotest	bad-updown-01	good

# pluto-unit-01 - pluto vs. pluto, without KLIPS
# This runs in a single UML, so ctltest is appropriate
ctltest	pluto-unit-01	good
ctltest	pluto-unit-02	good

# regression test for --dontrekey responder with short SA lifetimes:
# ought to somehow notify other side.
# Also a unit test.
ctltest	pluto-dontreky-expiry-01 good

# test food groups
# these set up a food group, then run a ping from sunrise-sunset

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-clear-01	good
# oe peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-clear-02	bad

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-clear-or-oe-01	good

# oe peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-clear-or-oe-02	bad

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-never-01	good

# oe peer
# This test is disabled, since no packets should ever arrive at west, so
# it could never reply. A test of replies needs to be done instead.
# 
#umlplutotest	food-groups-never-02	bad

# oe peer
# OE TEMP DISABLED umlplutotest	food-groups-oe-or-clear-01	good

# clear peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-oe-or-clear-02	bad

# oe peer
# OE TEMP DISABLED umlplutotest	food-groups-oe-or-die-01	good

# clear peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-oe-or-die-02	bad

# Foodgroups bug: used to forget name of target when target is
# preserved across --listen.
# OE TEMP DISABLED umlplutotest	food-groups-bug-01	good

# bug: OE should not be attempted if our private key is missing
# OE TEMP DISABLED umlplutotest	oe-fail-without-private-key-01	good

# bug: pluto and _pluto_adns can deadlock in a flood
# OE TEMP DISABLED umlplutotest	oe-flood-deadlock-01	good

# Foodgroups orderly transition: policy groups must be transitioned properly
# when changed
# umlplutotest	food-groups-orderly-transition-01	good

# RFC 3706 DPD test
umlplutotest	dpd-01	good

# RFC 3706 DPD test
umlplutotest	dpd-02	good

# RFC 3706 DPD test
umlplutotest	dpd-03	good

# RFC 3706 DPD test
umlplutotest	dpd-04	good

# RFC 3706 DPD test
umlplutotest	dpd-05	good

# RFC 3706 DPD test
umlplutotest	dpd-06	good

# RFC 3706 DPD test
umlplutotest	dpd-07	good

# Delete SA test.
umlplutotest	delete-sa-01	good

#
# oe-snat-01 - do Source address NAT and then OE
#
# OE TEMP DISABLED umlplutotest	oe-snat-01	good

#
# oe-fail-without-resp-client-txt-01 - when responding using an OE 
# connection, checks that there is a TXT (and possibly KEY) record 
# that delegates this security gateway to act for the client on our 
# side.
# OE TEMP DISABLED umlplutotest	oe-fail-without-resp-client-txt-01	good

#
# whack --status output should be sorted.
#
ctltest		whack-status-01		good

#
# co-terminal-02 - wavesec+OE, with wavesec started first
#
# OE TEMP DISABLED umlXhost	co-terminal-02		good

#
# co-terminal-03 - wavesec+OE, with OE started first
#
# OE TEMP DISABLED umlXhost	co-terminal-03		good

#
# tests of OE from road warriors (no gateways)
# full OE test
#
# OE TEMP DISABLED umlXhost	oe-road-01		good

#
# FQDN OE test with TXT RR, no KEY
#
# OE TEMP DISABLED umlXhost	oe-road-02		good

#
# FQDN OE test with TXT, mangled
#
# OE TEMP DISABLED umlXhost	oe-road-03		good

#
# FQDN OE test with KEY, no TXT
#
# OE TEMP DISABLED umlXhost	oe-road-04		good

#
# test for using %dns in VPN conns
ctltest	 	vpn-dns-01		good

#
# tests of OE from road warriors (no gateways)
# full OE test
#
# OE TEMP DISABLED umlXhost	myid-road-01		good

#
# FQDN OE test with TXT RR, no KEY
#
# OE TEMP DISABLED umlXhost	myid-road-02		good

#
# FQDN OE test with TXT, mangled
#
# OE TEMP DISABLED umlXhost	myid-road-03		good

#
# FQDN OE test with KEY, no TXT
#
# OE TEMP DISABLED umlXhost	myid-road-04		good

#
# FQDN OE with trailing dot
#
# OE TEMP DISABLED umlXhost	myid-road-05		good

#
# a test of rekeying an OE connection
#
# OE TEMP DISABLED umlXhost	pluto-rekey-01		good

#
# a test of using X.509 keys
#
# incomplete test - disabled
#umlplutotest	x509-pluto-01		good

#
# a test of sending and validating an X.509 cert
#
# incomplete test - disabled
#umlXhost	x509-pluto-02		good

# a test of sending and validating an X.509 cert
#
# incomplete test - disabled
#umlplutotest	x509-pluto-03		good

# a test for using nss with X.509 cert
#
# incomplete test - disabled
#umlplutotest	x509-nss-01		good

#
# Test of XAUTH client to XAUTH server
umlXhost	xauth-pluto-03		good

#
# Test of NAT traversal
umlXhost	nat-pluto-01		good

#
# Test of NAT traversal, for extruded IP
umlXhost	nat-pluto-02		good

#
# Test of NAT traversal, forced on
umlXhost	nat-pluto-03		good

# Test of NAT traversal, with subnetwithin/vhost overlap
umlXhost	nat-pluto-04		good

# Test of NAT traversal, not yet debugged?
umlXhost	nat-pluto-05		bad

# Test of NAT traversal with non-port 500 origins.
umlXhost	nat-pluto-06		good

# Test of NAT traversal, with IP address change during negotiation.
umlXhost	nat-pluto-07		good

# Test of NAT traversal, using vnet: syntax
umlXhost	nat-pluto-08		good

# Test of NAT traversal, using vnet: syntax with an added subnet per-conn
umlXhost	nat-pluto-09		good

#
# Test of NAT traversal w/DPD
umlXhost	nat-dpd-pluto-01	good

# Test of NAT traversal, with Aggressive Mode client
umlXhost	nat-aggr-01		good


#
# a test of using AES with pluto
#
umlplutotest	basic-pluto-04		good

# 
# a test of sending and validating an X.509 cert
# when the responder has leftca=%any
#
umlplutotest	x509-pluto-04		good

# 
# a test of sending and validating an X.509 cert
# when the responder only a leftca="" value, and
# no leftid=
#
umlplutotest	x509-pluto-05		good

# 
# a test of sending and validating an X.509 cert
# when the responder has the wrong DN.
#
umlXhost	x509-pluto-06		good

#
# a test case of PSK with aggressive mode
umlXhost	psk-pluto-01		good

#
# a test case of PSK with aggressive mode, with missing PSKs
umlXhost	psk-pluto-02		bad

#
# a test case of xauth/psk/aggressive/algo 
umlXhost	xauth-pluto-04		good

#
# a test case of xauth/psk/aggressive/algo/modecfg
umlXhost	xauth-pluto-05		good

#
# a test case of xauth/psk/aggressive/algo/modecfg/pfs
umlXhost	xauth-pluto-06		good

#
# a test case of xauth using xauthname= in ipsec.conf 
umlXhost	xauth-pluto-10		good

#
# a test case of xauth using xauthname= in ipsec.conf and XAUTH password in ipsec.secrets
umlXhost	xauth-pluto-11		good


#
# a test of using AES with pluto, with pfs=yes
#
umlplutotest	basic-pluto-05		good

#
# a test case of xauth/psk/aggressive/algo/modecfg/pfs
# in client pull mode rather than server push.
#
umlplutotest	xauth-pluto-07		good

#
# a test case of xauth/psk/aggressive/algo/modecfg/pfs
# in client pull mode, *WITH* DPD enabled.
#
umlXhost	xauth-pluto-08		good

#
# Aggressive Mode Pluto Tests
#
umlplutotest	aggr-pluto-01		good
umlplutotest	aggr-pluto-02		good
umlplutotest	aggr-pluto-03		good
umlplutotest	aggr-pluto-04-cookies	good

#
# Aggressive Mode Unit Tests
ctltest	aggr-unit-01			good
ctltest	aggr-unit-02			good





# 
# a testcase with pfs=yes connecting to pfs=no
#
umlplutotest	basic-pluto-09		good

# 
# a testcase with esp=null-md5
# will normally fail, do not run it.
#
umlplutotest	basic-pluto-10		skip

#
# test cases of what happens to X.509 based authorization system
# when certain error conditions are met or parts of the CA are
# missing or CRL's expired, etc.
# 
#
umlplutotest	fail-x509-01		good
umlplutotest	fail-x509-02		good

# not implemented yet
#umlplutotest	fail-x509-03		good
#umlplutotest	fail-x509-04		good
#umlplutotest	fail-x509-05		good

umlplutotest	fail-x509-06		good
umlplutotest	fail-x509-07		good
umlplutotest	fail-x509-08		good
umlplutotest	fail-x509-09		good
umlplutotest	fail-x509-10		good
umlplutotest	fail-x509-11		good
umlplutotest	fail-x509-12		good

#
# this tests rekeys (--down/--up) when behind a NAT. a --replace
# may cancel things that the --down/--up may not. This also
# tests that the responder is happy with us doing that.
#
umlplutotest	pluto-rekey-02		good

#
# this tests psk with main mode.
umlXhost	psk-pluto-03		good

# this tests psk with main mode.
umlXhost	psk-pluto-04		good

#
# a test of using AES with pluto, twofish for phase2
#
umlplutotest	basic-pluto-07		good

#
# a test of using twofish with pluto, twofish for phase2
#
umlplutotest	basic-pluto-08		bad

# 
# a test of using aes256 for phase 1 and phase 2,
# with appropriate modp group
umlplutotest    algo-pluto-01          good
umlplutotest    algo-pluto-02          good
umlplutotest    algo-pluto-03          good
umlplutotest    algo-pluto-04          good
umlplutotest    algo-pluto-05          good
umlplutotest    algo-pluto-06          good

umlplutotest    algo-pluto-09          good
#
# tests for usnig multiple subnets using conn aliases
#
umlXhost	multinet-01		good
umlXhost	multinet-02		good
umlXhost	multinet-03		good
umlXhost	multinet-04		good

# transport mode related tests
umlplutotest	transport-01		good
umlplutotest	transport-02		good
umlplutotest	transport-03		bad

#
umlplutotest	protoport-01		good
umlplutotest	protoport-02		good

# Testing algo loading of proper algo sizes
umlplutotest	ike-algo-02		good

# Tests below require testing infrastructure with netkey support
umlplutotest    algo-pluto-07			good
umlplutotest    netkey-pluto-01			good
umlplutotest    netkey-pluto-02			good
umlplutotest    netkey-pluto-03-sourceip        good
umlplutotest    netkey-pluto-04			good
umlplutotest    netkey-pluto-05			good
# sourceip tests
umlplutotest	sourceip-01			good
umlplutotest	sourceip-02			good

#################################################################
# IPv6 tests
#################################################################
umlplutotest	ipv6-v6-through-v6-klips-klips		good
umlplutotest	ipv6-v6-through-v6-netkey-netkey	good
umlplutotest	ipv6-v6-through-v6-klips-netkey		good
umlplutotest	ipv6-v4-through-v6-klips-klips		good
umlplutotest	ipv6-v6-through-v4-klips-klips		good

#################################################################
# IKEv2 tests
#################################################################
umlplutotest	ikev2-01-fallback-ikev1			good
umlplutotest	ikev2-02-responder-send-notify		good
umlplutotest	ikev2-03-basic-rawrsa			good
umlplutotest	ikev2-04-basic-x509			good
umlplutotest	ikev2-05-basic-psk			good
umlplutotest	ikev2-06-6msg				good
umlplutotest	ikev2-07-biddown			good
umlplutotest	ikev2-08-delete-notify			good

umlplutotest	ikev2-x509-01		good
umlplutotest	ikev2-x509-02		good

# modp tests for checking if we deal with sending different KE's
umlplutotest	ikev2-algo-01-modp2048-initiator	good
umlplutotest	ikev2-algo-02-modp2048-responder	good
umlplutotest	ikev2-algo-03-aes-ccm			good
umlplutotest	ikev2-algo-04-aes-gcm			good

# Various corner case tests for IKEv2
umlplutotest	ikev2-major-version-initiator		good
umlplutotest	ikev2-major-version-responder		good
umlplutotest	ikev2-minor-version-initiator		good
umlplutotest	ikev2-minor-version-responder		good
umlplutotest	ikev2-isakmp-reserved-flags-01		good
umlplutotest	ikev2-isakmp-reserved-flags-02		good
umlplutotest	ikev2-allow-narrow-01			good
umlplutotest	ikev2-allow-narrow-02			good
umlplutotest	ikev2-allow-narrow-03			good
umlplutotest	ikev2-allow-narrow-04			good
umlplutotest	ikev2-no-nhelpers-01			good

#################################################################
# Interop tests
#################################################################
umlplutotest    interop-ikev2-racoon-01-noconn			good
umlplutotest    interop-ikev2-racoon-02-psk-responder		good
umlplutotest    interop-ikev2-racoon-03-psk-initiator		good
umlplutotest    interop-ikev2-racoon-04-x509-responder		good
umlplutotest    interop-ikev2-racoon-05-x509-initiator		good

umlplutotest    interop-ikev2-strongswan-01-noconn		good
umlplutotest    interop-ikev2-strongswan-02-psk-responder	good
umlplutotest    interop-ikev2-strongswan-03-psk-initiator	good
umlplutotest    interop-ikev2-strongswan-04-x509-responder	good
umlplutotest    interop-ikev2-strongswan-05-x509-initiator	good

#################################################################
# Specific bug tests
#################################################################
# trying out bug #888
umlplutotest	phase1-expire-01-reconnect-klips		good
umlplutotest	phase1-expire-02-reconnect-netkey		good
