xref: /freebsd/tools/regression/ipsec/ipsec.t (revision d93a896ef95946b0bf1219866fcb324b78543444)
1#!/bin/sh
2# $FreeBSD$
3#
4# IPsec regression test.
5#
6# This test sets up tunnels on the localhost (lo0) interface
7# with various ciphers by using the setkey(8) command and then
8# attempts to ping each end of the tunnel.
9# The test says which pings worked and which failed.
10#
11# Expected Output: No failures
12
13ipbase="127.255"
14netif="lo0"
15spi="10000"
16
17echo "1..414"
18
19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20
21ifconfig $netif alias ${ipbase}.0.1/24
22ifconfig $netif alias ${ipbase}.1.1/24
23
24i=1
25
26for ecipher in \
27    des-cbc:12345678 \
28    3des-cbc:012345678901234567890123 \
29    blowfish-cbc:0123456789012345 \
30    blowfish-cbc:01234567890123456789 \
31    blowfish-cbc:012345678901234567890123 \
32    blowfish-cbc:0123456789012345678901234567 \
33    blowfish-cbc:01234567890123456789012345678901 \
34    blowfish-cbc:012345678901234567890123456789012345 \
35    blowfish-cbc:0123456789012345678901234567890123456789 \
36    blowfish-cbc:01234567890123456789012345678901234567890123 \
37    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40    cast128-cbc:0123456789012345 \
41    aes-ctr:01234567890123456789\
42    aes-ctr:0123456789012345678901234567\
43    aes-ctr:012345678901234567890123456789012345\
44    camellia-cbc:0123456789012345\
45    camellia-cbc:012345678901234567890123\
46    camellia-cbc:01234567890123456789012345678901\
47    rijndael-cbc:0123456789012345 \
48    rijndael-cbc:012345678901234567890123 \
49    rijndael-cbc:01234567890123456789012345678901; do
50
51	ealgo=${ecipher%%:*}
52	ekey=${ecipher##*:}
53
54	for acipher in \
55	    hmac-md5:0123456789012345 \
56	    hmac-sha1:01234567890123456789 \
57	    hmac-ripemd160:01234567890123456789 \
58	    hmac-sha2-256:01234567890123456789012345678901 \
59	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
60	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
61
62		aalgo=${acipher%%:*}
63		akey=${acipher##*:}
64
65		setkey -F
66		setkey -FP
67
68		(echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69		 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70
71		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
72		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in  ipsec esp/transport//require;"
73		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in  ipsec esp/transport//require;"
74		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
75		) | setkey -c >/dev/null 2>&1
76		if [ $? -eq 0 ]; then
77			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
78		else
79			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
80		fi
81		i=$((i+1))
82
83		ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
84		if [ $? -eq 0 ]; then
85			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86		else
87			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
88		fi
89		i=$((i+1))
90		ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
91		if [ $? -eq 0 ]; then
92			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
93		else
94			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
95		fi
96		i=$((i+1))
97	done
98done
99
100setkey -F
101setkey -FP
102
103ifconfig $netif -alias ${ipbase}.0.1
104ifconfig $netif -alias ${ipbase}.1.1
105