xref: /freebsd/tools/regression/ipsec/ipsec.t (revision 963e8efffe4ab97233102e0e25f95061b6fefbe3) 
1#!/bin/sh
2# $FreeBSD$
3
4ipbase="127.255"
5netif="lo0"
6spi="10000"
7
8echo "1..306"
9
10#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
11
12ifconfig $netif alias ${ipbase}.0.1/24
13ifconfig $netif alias ${ipbase}.1.1/24
14
15i=1
16
17for ecipher in \
18    des-cbc:12345678 \
19    3des-cbc:012345678901234567890123 \
20    blowfish-cbc:0123456789012345 \
21    blowfish-cbc:01234567890123456789 \
22    blowfish-cbc:012345678901234567890123 \
23    blowfish-cbc:0123456789012345678901234567 \
24    blowfish-cbc:01234567890123456789012345678901 \
25    blowfish-cbc:012345678901234567890123456789012345 \
26    blowfish-cbc:0123456789012345678901234567890123456789 \
27    blowfish-cbc:01234567890123456789012345678901234567890123 \
28    blowfish-cbc:012345678901234567890123456789012345678901234567 \
29    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
30    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
31    cast128-cbc:0123456789012345 \
32    rijndael-cbc:0123456789012345 \
33    rijndael-cbc:012345678901234567890123 \
34    rijndael-cbc:01234567890123456789012345678901; do
35
36	ealgo=${ecipher%%:*}
37	ekey=${ecipher##*:}
38
39	for acipher in \
40	    hmac-md5:0123456789012345 \
41	    hmac-sha1:01234567890123456789 \
42	    hmac-ripemd160:01234567890123456789 \
43	    hmac-sha2-256:01234567890123456789012345678901 \
44	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
45	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
46
47		aalgo=${acipher%%:*}
48		akey=${acipher##*:}
49
50		setkey -F
51		setkey -FP
52
53		(echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
54		 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
55
56		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
57		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in  ipsec esp/transport//require;"
58		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in  ipsec esp/transport//require;"
59		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
60		) | setkey -c >/dev/null 2>&1
61		if [ $? -eq 0 ]; then
62			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
63		else
64			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
65		fi
66		i=$((i+1))
67
68		ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
69		if [ $? -eq 0 ]; then
70			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
71		else
72			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
73		fi
74		i=$((i+1))
75		ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
76		if [ $? -eq 0 ]; then
77			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
78		else
79			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
80		fi
81		i=$((i+1))
82	done
83done
84
85setkey -F
86setkey -FP
87
88ifconfig $netif -alias ${ipbase}.0.1
89ifconfig $netif -alias ${ipbase}.1.1
90