3 # IPv6 IPsec test based on ipsec.t, in this same directory, which tests
4 # IPsec by setting up a set of tunnels and then sending ICMPv6 packets,
5 # aka those generated with ping6(8), across the tunnel.
7 # This test should ONLY be used as a smoke test to verify that nothing
8 # drastic has been broken, it is insufficient for true protocol conformance
11 # Expected Output: No failures.
18 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20 ifconfig $netif inet6 alias 1::1
21 ifconfig $netif inet6 alias 2::1
27 3des-cbc:012345678901234567890123 \
28 blowfish-cbc:0123456789012345 \
29 blowfish-cbc:01234567890123456789 \
30 blowfish-cbc:012345678901234567890123 \
31 blowfish-cbc:0123456789012345678901234567 \
32 blowfish-cbc:01234567890123456789012345678901 \
33 blowfish-cbc:012345678901234567890123456789012345 \
34 blowfish-cbc:0123456789012345678901234567890123456789 \
35 blowfish-cbc:01234567890123456789012345678901234567890123 \
36 blowfish-cbc:012345678901234567890123456789012345678901234567 \
37 blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
38 blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
39 cast128-cbc:0123456789012345 \
40 aes-ctr:01234567890123456789\
41 aes-ctr:0123456789012345678901234567\
42 aes-ctr:012345678901234567890123456789012345\
43 camellia-cbc:0123456789012345\
44 camellia-cbc:012345678901234567890123\
45 camellia-cbc:01234567890123456789012345678901\
46 rijndael-cbc:0123456789012345 \
47 rijndael-cbc:012345678901234567890123 \
48 rijndael-cbc:01234567890123456789012345678901; do
54 hmac-md5:0123456789012345 \
55 hmac-sha1:01234567890123456789 \
56 hmac-ripemd160:01234567890123456789 \
57 hmac-sha2-256:01234567890123456789012345678901 \
58 hmac-sha2-384:012345678901234567890123456789012345678901234567 \
59 hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
67 (echo "add -6 1::1 2::1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
68 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
71 echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;"
72 echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;"
73 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
74 ) | setkey -c >/dev/null 2>&1
76 echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
78 echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
82 ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
84 echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86 echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
89 ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
91 echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
93 echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
102 ifconfig $netif inet6 1::1 delete
103 ifconfig $netif inet6 2::1 delete