xref: /freebsd/tools/regression/ipsec/ipsec.t (revision cbb3ec25236ba72f91cbdf23f8b78b9d1af0cedf)
1#!/bin/sh
2#
3# IPsec regression test.
4#
5# This test sets up tunnels on the localhost (lo0) interface
6# with various ciphers by using the setkey(8) command and then
7# attempts to ping each end of the tunnel.
8# The test says which pings worked and which failed.
9#
10# Expected Output: No failures
11
12ipbase="127.255"
13netif="lo0"
14spi="10000"
15
16echo "1..414"
17
18#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
19
20ifconfig $netif alias ${ipbase}.0.1/24
21ifconfig $netif alias ${ipbase}.1.1/24
22
23i=1
24
25for ecipher in \
26    des-cbc:12345678 \
27    3des-cbc:012345678901234567890123 \
28    blowfish-cbc:0123456789012345 \
29    blowfish-cbc:01234567890123456789 \
30    blowfish-cbc:012345678901234567890123 \
31    blowfish-cbc:0123456789012345678901234567 \
32    blowfish-cbc:01234567890123456789012345678901 \
33    blowfish-cbc:012345678901234567890123456789012345 \
34    blowfish-cbc:0123456789012345678901234567890123456789 \
35    blowfish-cbc:01234567890123456789012345678901234567890123 \
36    blowfish-cbc:012345678901234567890123456789012345678901234567 \
37    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
38    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
39    cast128-cbc:0123456789012345 \
40    aes-ctr:01234567890123456789\
41    aes-ctr:0123456789012345678901234567\
42    aes-ctr:012345678901234567890123456789012345\
43    camellia-cbc:0123456789012345\
44    camellia-cbc:012345678901234567890123\
45    camellia-cbc:01234567890123456789012345678901\
46    rijndael-cbc:0123456789012345 \
47    rijndael-cbc:012345678901234567890123 \
48    rijndael-cbc:01234567890123456789012345678901; do
49
50	ealgo=${ecipher%%:*}
51	ekey=${ecipher##*:}
52
53	for acipher in \
54	    hmac-md5:0123456789012345 \
55	    hmac-sha1:01234567890123456789 \
56	    hmac-ripemd160:01234567890123456789 \
57	    hmac-sha2-256:01234567890123456789012345678901 \
58	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
59	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
60
61		aalgo=${acipher%%:*}
62		akey=${acipher##*:}
63
64		setkey -F
65		setkey -FP
66
67		(echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
68		 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69
70		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
71		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in  ipsec esp/transport//require;"
72		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in  ipsec esp/transport//require;"
73		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
74		) | setkey -c >/dev/null 2>&1
75		if [ $? -eq 0 ]; then
76			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
77		else
78			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
79		fi
80		i=$((i+1))
81
82		ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
83		if [ $? -eq 0 ]; then
84			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
85		else
86			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
87		fi
88		i=$((i+1))
89		ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
90		if [ $? -eq 0 ]; then
91			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
92		else
93			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
94		fi
95		i=$((i+1))
96	done
97done
98
99setkey -F
100setkey -FP
101
102ifconfig $netif -alias ${ipbase}.0.1
103ifconfig $netif -alias ${ipbase}.1.1
104