../../guestbin/swan-prep
west #
 # run the parser tests
west #
 ../../guestbin/algparse.sh 'ipsec algparse' algparse*.txt > /dev/null
ipsec algparse -v1 -pfs -t # algparse.v1.pfs.txt
ipsec algparse -v1 -t # algparse.v1.txt
ipsec algparse -v2 -pfs -t # algparse.v2.pfs.txt
ipsec algparse -v2 -t # algparse.v2.txt
ipsec algparse -v # algparse.v.txt
west #
 # run the algorithm tests
west #
 ipsec algparse -ta > /dev/null
west #
 # check pluto is starting in the correct mode
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 grep ^FIPS /tmp/pluto.log
FIPS Mode: NO
FIPS mode disabled for pluto daemon
FIPS HMAC integrity support [disabled]
west #
 # check pluto algorithm list
west #
 sed -n -e '/^|/d' -e ':algs / algorithms:/ { :alg ; p ; n ; /^  / b alg ; b algs }' /tmp/pluto.log
Encryption algorithms:
  AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
  AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
  AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
  3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
  CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
  CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
  AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
  AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
  AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
  AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
  AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
  NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
  NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
  CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Hash algorithms:
  MD5                               IKEv1: IKE         IKEv2:                  NSS         
  SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
  SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
  SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
  SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
  IDENTITY                          IKEv1:             IKEv2:             FIPS             
PRF algorithms:
  HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
  HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
  HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
  HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
  HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
  AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Integrity algorithms:
  HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
  HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
  HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
  HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
  HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
  HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
  AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
  AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
  NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
DH algorithms:
  NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
  MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
  MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
  MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
  MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
  MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
  MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
  DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
  DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
  DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
  DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
IPCOMP algorithms:
  DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS             
  LZS                               IKEv1:             IKEv2:     ESP AH  FIPS             
  LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS             
west #
 
