tools/regression/ipsec/ipsec.t

   1 #!/bin/sh
   2 # $FreeBSD$
   3 #
   4 # IPsec regression test.
   5 #
   6 # This test sets up tunnels on the localhost (lo0) interface
   7 # with various ciphers by using the setkey(8) command and then
   8 # attempts to ping each end of the tunnel.
   9 # The test says which pings worked and which failed.
  10 #
  11 # Expected Output: No failures
  12
  13 ipbase="127.255"
  14 netif="lo0"
  15 spi="10000"
  16
  17 echo "1..414"
  18
  19 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
  20
  21 ifconfig $netif alias ${ipbase}.0.1/24
  22 ifconfig $netif alias ${ipbase}.1.1/24
  23
  24 i=1
  25
  26 for ecipher in \
  27     des-cbc:12345678 \
  28     3des-cbc:012345678901234567890123 \
  29     blowfish-cbc:0123456789012345 \
  30     blowfish-cbc:01234567890123456789 \
  31     blowfish-cbc:012345678901234567890123 \
  32     blowfish-cbc:0123456789012345678901234567 \
  33     blowfish-cbc:01234567890123456789012345678901 \
  34     blowfish-cbc:012345678901234567890123456789012345 \
  35     blowfish-cbc:0123456789012345678901234567890123456789 \
  36     blowfish-cbc:01234567890123456789012345678901234567890123 \
  37     blowfish-cbc:012345678901234567890123456789012345678901234567 \
  38     blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
  39     blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
  40     cast128-cbc:0123456789012345 \
  41     aes-ctr:01234567890123456789\
  42     aes-ctr:0123456789012345678901234567\
  43     aes-ctr:012345678901234567890123456789012345\
  44     camellia-cbc:0123456789012345\
  45     camellia-cbc:012345678901234567890123\
  46     camellia-cbc:01234567890123456789012345678901\
  47     rijndael-cbc:0123456789012345 \
  48     rijndael-cbc:012345678901234567890123 \
  49     rijndael-cbc:01234567890123456789012345678901; do
  50
  51         ealgo=${ecipher%%:*}
  52         ekey=${ecipher##*:}
  53
  54         for acipher in \
  55             hmac-md5:0123456789012345 \
  56             hmac-sha1:01234567890123456789 \
  57             hmac-ripemd160:01234567890123456789 \
  58             hmac-sha2-256:01234567890123456789012345678901 \
  59             hmac-sha2-384:012345678901234567890123456789012345678901234567 \
  60             hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
  61
  62                 aalgo=${acipher%%:*}
  63                 akey=${acipher##*:}
  64
  65                 setkey -F
  66                 setkey -FP
  67
  68                 (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
  69                  echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
  70
  71                  echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
  72                  echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in  ipsec esp/transport//require;"
  73                  echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in  ipsec esp/transport//require;"
  74                  echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
  75                 ) | setkey -c >/dev/null 2>&1
  76                 if [ $? -eq 0 ]; then
  77                         echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
  78                 else
  79                         echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
  80                 fi
  81                 i=$((i+1))
  82
  83                 ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
  84                 if [ $? -eq 0 ]; then
  85                         echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
  86                 else
  87                         echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
  88                 fi
  89                 i=$((i+1))
  90                 ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
  91                 if [ $? -eq 0 ]; then
  92                         echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
  93                 else
  94                         echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
  95                 fi
  96                 i=$((i+1))
  97         done
  98 done
  99
 100 setkey -F
 101 setkey -FP
 102
 103 ifconfig $netif -alias ${ipbase}.0.1
 104 ifconfig $netif -alias ${ipbase}.1.1