1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
west #
echo "initdone"
initdone
west #
sed -i "s/seedbits=.*$/seedbits=520/" /etc/ipsec.conf
west #
ipsec start
Redirecting to: [initsystem]
west #
../../guestbin/wait-until-pluto-started
west #
ipsec stop
Redirecting to: [initsystem]
west #
grep -E "bits random|bytes from|seeded" /tmp/pluto.log
| need 520 bits random for extra seeding of the NSS PRNG
| read 65 bytes from /dev/random for NSS PRNG
seeded 65 bytes into the NSS PRNG
west #
sed -i "s/seedbits=.*$/seedbits=1024/" /etc/ipsec.conf
west #
ipsec start
Redirecting to: [initsystem]
west #
../../guestbin/wait-until-pluto-started
west #
ipsec stop
Redirecting to: [initsystem]
west #
grep -E "bits random|bytes from|seeded" /tmp/pluto.log
| need 1024 bits random for extra seeding of the NSS PRNG
| read 128 bytes from /dev/random for NSS PRNG
seeded 128 bytes into the NSS PRNG
west #
sed -i "s/seedbits=.*$/seedbits=2048/" /etc/ipsec.conf
west #
ipsec start
Redirecting to: [initsystem]
west #
../../guestbin/wait-until-pluto-started
west #
sleep 10
west #
# this ping should fail due to the type=block connection
west #
../../guestbin/ping-once.sh --error 192.1.2.23
connect: Operation not permitted
west #
ipsec stop
Redirecting to: [initsystem]
west #
grep -E "bits random|bytes from|seeded" /tmp/pluto.log
| need 2048 bits random for extra seeding of the NSS PRNG
| read 256 bytes from /dev/random for NSS PRNG
seeded 256 bytes into the NSS PRNG
west #
test -f PATH/libexec/ipsec/pluto && PLUTOBIN="PATH/libexec/ipsec/pluto"
west #
test -f PATH/libexec/ipsec/pluto && PLUTOBIN="PATH/libexec/ipsec/pluto"
west #
/testing/guestbin/checksec.sh --file $PLUTOBIN
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH PATH/libexec/ipsec/pluto
west #
|
