#
# This isn't actually a shell script. It just looks like one.
# Some tools other than /bin/sh process it. 
#

# test-kind	directory-containing-test	expectation	[PR#]

# test-kind:
#  umlplutotest - not yet converted, will not be run with 'make check'
#  kvmplutotest - coverted to use KVM, will be run with 'make check'
#  skiptest - skip this test
#  hwtest - connect to physical test machines, not KVM [FUTURE]

# expectation:
#  good - output matches known output
#  bad  - output should NOT match [only for unit tests, not pluto test]
#  wip  - this test still need work. 

# basic pluto test - bring up your basic CONN between eastnet-westnet.
kvmplutotest	basic-pluto-01	good
kvmplutotest	basic-pluto-02	bad
kvmplutotest	basic-pluto-03	good

kvmplutotest	pluto-ipcmp-01	good

# pluto-unit-01 - pluto vs. pluto, without KLIPS
# This runs in a single UML, so ctltest is appropriate
ctltest	pluto-unit-01	good
ctltest	pluto-unit-02	good

# regression test for --dontrekey responder with short SA lifetimes:
# ought to somehow notify other side.
# Also a unit test.
ctltest	pluto-dontreky-expiry-01 good

# test food groups
# these set up a food group, then run a ping from sunrise-sunset

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-clear-01	good
# oe peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-clear-02	bad

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-clear-or-oe-01	good

# oe peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-clear-or-oe-02	bad

# clear peer
# OE TEMP DISABLED umlplutotest	food-groups-never-01	good

# oe peer
# This test is disabled, since no packets should ever arrive at west, so
# it could never reply. A test of replies needs to be done instead.
# 
#umlplutotest	food-groups-never-02	bad

# oe peer
# OE TEMP DISABLED umlplutotest	food-groups-oe-or-clear-01	good

# clear peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-oe-or-clear-02	bad

# oe peer
# OE TEMP DISABLED umlplutotest	food-groups-oe-or-die-01	good

# clear peer
#
# this test is disabled because the OE peer (west) is not 
# properly configured yet.
#umlplutotest	food-groups-oe-or-die-02	bad

# Foodgroups bug: used to forget name of target when target is
# preserved across --listen.
# OE TEMP DISABLED umlplutotest	food-groups-bug-01	good

# bug: OE should not be attempted if our private key is missing
# OE TEMP DISABLED umlplutotest	oe-fail-without-private-key-01	good

# bug: pluto and _pluto_adns can deadlock in a flood
# OE TEMP DISABLED umlplutotest	oe-flood-deadlock-01	good

# Foodgroups orderly transition: policy groups must be transitioned properly
# when changed
# umlplutotest	food-groups-orderly-transition-01	good

# RFC 3706 DPD test
kvmplutotest	dpd-01	good
kvmplutotest	dpd-01-netkey	good
kvmplutotest	dpd-02	good
kvmplutotest	dpd-02-reverse	good
kvmplutotest	dpd-03	good
kvmplutotest	dpd-04	good
kvmplutotest	dpd-05	good
kvmplutotest	dpd-06	good
kvmplutotest	dpd-07	good
kvmplutotest	dpd-08	good

# Delete SA test.
kvmplutotest	delete-sa-01	good

#
# oe-snat-01 - do Source address NAT and then OE
#
# OE TEMP DISABLED umlplutotest	oe-snat-01	good

#
# oe-fail-without-resp-client-txt-01 - when responding using an OE 
# connection, checks that there is a TXT (and possibly KEY) record 
# that delegates this security gateway to act for the client on our 
# side.
# OE TEMP DISABLED umlplutotest	oe-fail-without-resp-client-txt-01	good

#
# whack --status output should be sorted.
#
ctltest		whack-status-01		good

#
# co-terminal-02 - wavesec+OE, with wavesec started first
#
# OE TEMP DISABLED umlXhost	co-terminal-02		good

#
# co-terminal-03 - wavesec+OE, with OE started first
#
# OE TEMP DISABLED umlXhost	co-terminal-03		good

#
# tests of OE from road warriors (no gateways)
# full OE test
#
# OE TEMP DISABLED umlXhost	oe-road-01		good

#
# FQDN OE test with TXT RR, no KEY
#
# OE TEMP DISABLED umlXhost	oe-road-02		good

#
# FQDN OE test with TXT, mangled
#
# OE TEMP DISABLED umlXhost	oe-road-03		good

#
# FQDN OE test with KEY, no TXT
#
# OE TEMP DISABLED umlXhost	oe-road-04		good

#
# test for using %dns in VPN conns
ctltest	 	vpn-dns-01		good

#
# tests of OE from road warriors (no gateways)
# full OE test
#
# OE TEMP DISABLED umlXhost	myid-road-01		good

#
# FQDN OE test with TXT RR, no KEY
#
# OE TEMP DISABLED umlXhost	myid-road-02		good

#
# FQDN OE test with TXT, mangled
#
# OE TEMP DISABLED umlXhost	myid-road-03		good

#
# FQDN OE test with KEY, no TXT
#
# OE TEMP DISABLED umlXhost	myid-road-04		good

#
# FQDN OE with trailing dot
#
# OE TEMP DISABLED umlXhost	myid-road-05		good

#
# a test of rekeying an OE connection
#
# OE TEMP DISABLED umlXhost	pluto-rekey-01		good

#
# a test of using X.509 keys
#
# incomplete test - disabled
#umlplutotest	x509-pluto-01		good

#umlplutotest	x509-pluto-frag-01		good
#
#
# a test of sending and validating an X.509 cert
#
# incomplete test - disabled
#umlXhost	x509-pluto-02		good

# a test of sending and validating an X.509 cert
#
# incomplete test - disabled
#umlplutotest	x509-pluto-03		good

# NSS tests 
# a test for using nss with X.509 cert
#
# incomplete test - disabled
#umlplutotest	x509-nss-01		good

umlplutotest	nss-leftrsasigkey2-01	good


#
# Test of NAT traversal
umlXhost	nat-pluto-01		good

#
# Test of NAT traversal, for extruded IP
umlXhost	nat-pluto-02		good

#
# Test of NAT traversal, forced on
umlXhost	nat-pluto-03		good

# Test of NAT traversal, with subnetwithin/vhost overlap
umlXhost	nat-pluto-04		good

# Test of NAT traversal, not yet debugged?
umlXhost	nat-pluto-05		bad

# Test of NAT traversal with non-port 500 origins.
umlXhost	nat-pluto-06		good

# Test of NAT traversal, with IP address change during negotiation.
umlXhost	nat-pluto-07		good

# Test of NAT traversal, using vnet: syntax
umlXhost	nat-pluto-08		good

# Test of NAT traversal, using vnet: syntax with an added subnet per-conn
umlXhost	nat-pluto-09		good

kvmplutotest	nat-pluto-10		good

#
# Test of NAT traversal w/DPD
umlXhost	nat-dpd-pluto-01	good

# Test of NAT traversal, with Aggressive Mode client
umlXhost	nat-aggr-01		good


#
# a test of using AES with pluto
#
kvmplutotest	basic-pluto-04		good

# 
# a test of sending and validating an X.509 cert
# when the responder has leftca=%any
#
umlplutotest	x509-pluto-04		good

# 
# a test of sending and validating an X.509 cert
# when the responder only a leftca="" value, and
# no leftid=
#
umlplutotest	x509-pluto-05		good

# 
# a test of sending and validating an X.509 cert
# when the responder has the wrong DN.
#
umlXhost	x509-pluto-06		good

#
# a test case of PSK with aggressive mode
kvmplutotest	psk-pluto-01		good
kvmplutotest	psk-pluto-02		bad

kvmplutotest	xauth-pluto-03		good
kvmplutotest	xauth-pluto-04		good
kvmplutotest	xauth-pluto-05		good
kvmplutotest	xauth-pluto-06		good
kvmplutotest	xauth-pluto-07		good
kvmplutotest	xauth-pluto-08		good

umlplutotest	xauth-pluto-09		good

umlXhost	xauth-pluto-10		good
umlXhost	xauth-pluto-11		good
kvmplutotest	xauth-pluto-12		good
kvmplutotest	xauth-pluto-13		good
kvmplutotest	xauth-pluto-14		good
kvmplutotest	xauth-pluto-15		good
kvmplutotest	xauth-pluto-16		good
skiptest	xauth-pluto-17		wip
kvmplutotest	xauth-pluto-18		good
kvmplutotest	xauth-pluto-19		good




#
# Aggressive Mode Pluto Tests
#
umlplutotest	aggr-pluto-01		good
umlplutotest	aggr-pluto-02		good
umlplutotest	aggr-pluto-03		good
umlplutotest	aggr-pluto-04-cookies	good

#
# Aggressive Mode Unit Tests
ctltest	aggr-unit-01			good
ctltest	aggr-unit-02			good





# 
# a testcase with pfs=yes connecting to pfs=no
#
kvmplutotest	basic-pluto-09		good

#
# test cases of what happens to X.509 based authorization system
# when certain error conditions are met or parts of the CA are
# missing or CRL's expired, etc.
# 
#
umlplutotest	fail-x509-01		good
umlplutotest	fail-x509-02		good

# not implemented yet
#umlplutotest	fail-x509-03		good
#umlplutotest	fail-x509-04		good
#umlplutotest	fail-x509-05		good

umlplutotest	fail-x509-06		good
umlplutotest	fail-x509-07		good
umlplutotest	fail-x509-08		good
umlplutotest	fail-x509-09		good
umlplutotest	fail-x509-10		good
umlplutotest	fail-x509-11		good
umlplutotest	fail-x509-12		good

#
# this tests rekeys (--down/--up) when behind a NAT. a --replace
# may cancel things that the --down/--up may not. This also
# tests that the responder is happy with us doing that.
#
kvmplutotest	pluto-rekey-02		good

kvmplutotest	psk-pluto-03		good
kvmplutotest	psk-pluto-04		good
kvmplutotest	psk-pluto-05		good
kvmplutotest	psk-pluto-06		good

#
# tests using alternative ESP algorithms
#
kvmplutotest	netkey-algo-twofish-01	good
kvmplutotest	klips-algo-twofish-01	good
kvmplutotest	netkey-algo-serpent-01	good
kvmplutotest	klips-algo-serpent-01	good
kvmplutotest	netkey-algo-camellia-01	good
kvmplutotest	netkey-algo-cast-01	good
kvmplutotest	netkey-algo-null-01	good
kvmplutotest	netkey-algo-null-02	good

#
# a test of using twofish with pluto, twofish for phase2
#
umlplutotest	basic-pluto-08		bad

# 
# a test of using aes256 for phase 1 and phase 2,
# with appropriate modp group
kvmplutotest    algo-pluto-01          good
kvmplutotest    algo-pluto-02          good
kvmplutotest    algo-pluto-03          good
kvmplutotest    algo-pluto-04          good
umlplutotest    algo-pluto-05          good
umlplutotest    algo-pluto-06          good
umlplutotest    algo-pluto-07          good
kvmplutotest    algo-pluto-08          good
kvmplutotest    algo-pluto-09          good
kvmplutotest    algo-pluto-10          good
#
# tests for usnig multiple subnets using conn aliases
#
umlXhost	multinet-01		good
umlXhost	multinet-02		good
umlXhost	multinet-03		good
umlXhost	multinet-04		good

# transport mode related tests
umlplutotest	transport-01		good
umlplutotest	transport-02		good
umlplutotest	transport-03		bad

#
umlplutotest	protoport-01		good
umlplutotest	protoport-02		good

# Testing algo loading of proper algo sizes
umlplutotest	ike-algo-02		good

# Tests below require testing infrastructure with netkey support
kvmplutotest    algo-pluto-07			good
kvmplutotest    netkey-pluto-01			good
kvmplutotest    netkey-pluto-02			good
kvmplutotest    netkey-pluto-02			good
umlplutotest    netkey-pluto-04			good
umlplutotest    netkey-pluto-05			good
umlplutotest    netkey-psk-pluto-06		good
umlplutotest	netkey-psk-vhost-01		good
umlplutotest	netkey-psk-vhost-02		good
umlplutotest	netkey-psk-vhost-03		good
umlplutotest	netkey-psk-vhost-04		good
# Selinux / secure labeling tests (require netkey and selinux)
kvmplutotest    loopback-pluto-01		good
kvmplutotest    loopback-pluto-02		good
kvmplutotest    loopback-pluto-03		good
kvmplutotest    loopback-pluto-04		good
kvmplutotest    loopback-pluto-05		good
kvmplutotest    loopback-pluto-06		good
kvmplutotest    labeled-ipsec-01		good

# compress tests, some use netkey
umlplutotest    compress-pluto-01		good
umlplutotest    compress-pluto-02		bad
umlplutotest    compress-pluto-03		good
umlplutotest    compress-pluto-04		good

# sourceip tests
umlplutotest	sourceip-01			good
umlplutotest	sourceip-02			good

#################################################################
# IPv6 tests
#################################################################
kvmplutotest	ipv6-v6-through-v6-klips-klips		incomplete	
umlplutotest	ipv6-v6-through-v6-netkey-netkey	good
umlplutotest	ipv6-v6-through-v6-klips-netkey		good
umlplutotest	ipv6-v4-through-v6-klips-klips		good
umlplutotest	ipv6-v6-through-v4-klips-klips		good
kvmplutotest	ipv6-transport-mode-01-klips-klips	incomplete
kvmplutotest	ipv6-transport-mode-02-netkey-netkey	incomplete
kvmplutotest	ipv6-transport-mode-03-klips-netkey	incomplete
kvmplutotest	ipv6-tunnel-mode-01-klips-klips		incomplete
kvmplutotest	ipv6-tunnel-mode-02-netkey-netkey	incomplete
kvmplutotest	ipv6-tunnel-mode-03-klips-netkey	incomplete
kvmplutotest	ipv6-transport-ts-mode-04-netkey-netkey	incomplete
kvmplutotest	ipv6-tunnel-mode-03-rw			good
kvmplutotest	ipv6-tunnel-mode-04-rw			good


#################################################################
# IKEv2 tests
#################################################################
kvmplutotest	ikev2-01-fallback-ikev1			good
kvmplutotest	ikev2-02-responder-send-notify		good
kvmplutotest	ikev2-03-basic-rawrsa			good
kvmplutotest	ikev2-04-basic-x509			good
kvmplutotest	ikev2-05-basic-psk			good
umlplutotest	ikev2-06-6msg				good
umlplutotest	ikev2-07-biddown			good
umlplutotest	ikev2-08-delete-notify			good
kvmplutotest	ikev2-09-rw-rsa				good
kvmplutotest	ikev2-11-simple-psk			good
kvmplutotest	ikev2-12-x509-ikev1			bad
kvmplutotest	ikev2-12-transport-psk			good
kvmplutotest	ikev2-13-ah				good
kvmplutotest	ikev2-14-missing-ke			good
kvmplutotest	ikev2-15-fuzzer				good

umlplutotest	ikev2-x509-01		good
umlplutotest	ikev2-x509-02		good

# modp tests for checking if we deal with sending different KE's
kvmplutotest	ikev2-algo-01-modp2048-initiator	good
kvmplutotest	ikev2-algo-02-modp2048-responder	good
kvmplutotest	ikev2-algo-03-aes-ccm			good
kvmplutotest	ikev2-algo-04-aes-gcm			good
kvmplutotest	netkey-algo-aes_gcm-01			good
kvmplutotest	netkey-algo-aes_ccm-01			good

# various ESP SHA2 tests (sha2/sha2_128/sha2_192/sha2_256)
kvmplutotest	ikev2-algo-sha2-01			good
kvmplutotest	ikev2-algo-sha2-02			good
kvmplutotest	ikev2-algo-sha2-03			good
kvmplutotest	ikev2-algo-sha2-04			good
kvmplutotest	ikev2-algo-sha2-05			bad

# various IKE SHA2 tests (sha2/sha2_128/sha2_192/sha2_256)
kvmplutotest	ikev2-algo-ike-sha2-01			good
kvmplutotest	ikev2-algo-ike-sha2-02			good
kvmplutotest	ikev2-algo-ike-sha2-03			good
kvmplutotest	ikev1-algo-ike-sha2-01			good
kvmplutotest	ikev1-algo-ike-sha2-02			good
kvmplutotest	ikev1-algo-ike-sha2-03			good

# Various corner case tests for IKEv2
kvmplutotest	ikev2-major-version-initiator		good
kvmplutotest	ikev2-major-version-responder		good
kvmplutotest	ikev2-minor-version-initiator		good
kvmplutotest	ikev2-minor-version-responder		good
kvmplutotest	ikev2-isakmp-reserved-flags-01		good
kvmplutotest	ikev2-isakmp-reserved-flags-02		good
kvmplutotest	ikev2-allow-narrow-01			good
kvmplutotest	ikev2-allow-narrow-02			good
kvmplutotest	ikev2-allow-narrow-03			good
kvmplutotest	ikev2-allow-narrow-04			good
kvmplutotest	ikev2-allow-narrow-05			good
kvmplutotest	ikev2-allow-narrow-06			good
kvmplutotest	ikev2-allow-narrow-07			good

kvmplutotest	ikev2-no-nhelpers-01			good

#################################################################
# Interop tests
#################################################################
umlplutotest    interop-ikev2-racoon-01-noconn			good
kvmplutotest    interop-ikev2-racoon-02-psk-responder		good
umlplutotest    interop-ikev2-racoon-03-psk-initiator		good
umlplutotest    interop-ikev2-racoon-04-x509-responder		good
umlplutotest    interop-ikev2-racoon-05-x509-initiator		good

kvmplutotest	interop-ikev1-strongswan-02-psk-responder	good
kvmplutotest	interop-ikev1-strongswan-03-psk-initiator	good
kvmplutotest	interop-ikev1-strongswan-04-psk-aes-gcm		good
kvmplutotest	interop-ikev1-strongswan-04-psk-aes-ccm		good

umlplutotest    interop-ikev2-strongswan-01-noconn		good
kvmplutotest    interop-ikev2-strongswan-02-psk-responder	good
kvmplutotest    interop-ikev2-strongswan-03-psk-initiator	good
kvmplutotest    interop-ikev2-strongswan-04-x509-responder	good
kvmplutotest	interop-ikev2-strongswan-05-psk-aes		good
kvmplutotest	interop-ikev2-strongswan-05-psk-md5		good
kvmplutotest	interop-ikev2-strongswan-06-aes192		good
kvmplutotest	interop-ikev2-strongswan-07-strongswan		good
kvmplutotest	interop-ikev2-strongswan-08-nonat		good
kvmplutotest	interop-ikev2-strongswan-09-psk-aes-ccm		good
kvmplutotest	interop-ikev2-strongswan-09-psk-aes-gcm		good
kvmplutotest	interop-ikev2-strongswan-10-nat-initiator	good
kvmplutotest	interop-ikev2-strongswan-11-nat-initiator	good
kvmplutotest	interop-ikev2-strongswan-12-ah-initiator	good

skiptest	interop-racoon-iphone4s-nonat		incomplete
skiptest	interop-racoon-iphone5-nonat		incomplete

#################################################################
# DNSSEC tests
#################################################################

kvmplutotest	dnssec-pluto-01					good

#################################################################
# Specific bug tests
#################################################################
# trying out bug #888
umlplutotest	phase1-expire-01-reconnect-klips		good
umlplutotest	phase1-expire-02-reconnect-netkey		good

umlplutotest	x509-pluto-frag-00			good
umlplutotest	x509-pluto-frag-01			good
umlplutotest	x509-pluto-frag-02			good
umlplutotest	x509-pluto-frag-03			good
umlplutotest	x509-pluto-frag-04			good

kvmplutotest	replay-authip-01			good

