xref: /freebsd/tools/regression/ipsec/ipsec6.t (revision d439598dd0d341b0c0b77151ba904e09c42f8421)
1#!/bin/sh
2#
3# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
4# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,
5# aka those generated with ping6(8), across the tunnel.
6#
7# This test should ONLY be used as a smoke test to verify that nothing
8# drastic has been broken, it is insufficient for true protocol conformance
9# testing.
10#
11# Expected Output: No failures.
12
13netif="lo0"
14spi="10000"
15
16echo "1..414"
17
18#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
19
20ifconfig $netif inet6 alias 1::1
21ifconfig $netif inet6 alias 2::1
22
23i=1
24
25for ecipher in \
26    des-cbc:12345678 \
27    3des-cbc:012345678901234567890123 \
28    blowfish-cbc:0123456789012345 \
29    blowfish-cbc:01234567890123456789 \
30    blowfish-cbc:012345678901234567890123 \
31    blowfish-cbc:0123456789012345678901234567 \
32    blowfish-cbc:01234567890123456789012345678901 \
33    blowfish-cbc:012345678901234567890123456789012345 \
34    blowfish-cbc:0123456789012345678901234567890123456789 \
35    blowfish-cbc:01234567890123456789012345678901234567890123 \
36    blowfish-cbc:012345678901234567890123456789012345678901234567 \
37    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
38    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
39    cast128-cbc:0123456789012345 \
40    aes-ctr:01234567890123456789\
41    aes-ctr:0123456789012345678901234567\
42    aes-ctr:012345678901234567890123456789012345\
43    camellia-cbc:0123456789012345\
44    camellia-cbc:012345678901234567890123\
45    camellia-cbc:01234567890123456789012345678901\
46    rijndael-cbc:0123456789012345 \
47    rijndael-cbc:012345678901234567890123 \
48    rijndael-cbc:01234567890123456789012345678901; do
49
50	ealgo=${ecipher%%:*}
51	ekey=${ecipher##*:}
52
53	for acipher in \
54	    hmac-md5:0123456789012345 \
55	    hmac-sha1:01234567890123456789 \
56	    hmac-ripemd160:01234567890123456789 \
57	    hmac-sha2-256:01234567890123456789012345678901 \
58	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
59	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
60
61		aalgo=${acipher%%:*}
62		akey=${acipher##*:}
63
64		setkey -F
65		setkey -FP
66
67		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
68		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69
70		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
71		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
72		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
73		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
74		) | setkey -c >/dev/null 2>&1
75		if [ $? -eq 0 ]; then
76			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
77		else
78			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
79		fi
80		i=$((i+1))
81
82		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
83		if [ $? -eq 0 ]; then
84			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
85		else
86			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
87		fi
88		i=$((i+1))
89		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
90		if [ $? -eq 0 ]; then
91			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
92		else
93			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
94		fi
95		i=$((i+1))
96	done
97done
98
99setkey -F
100setkey -FP
101
102ifconfig $netif inet6 1::1 delete
103ifconfig $netif inet6 2::1 delete
104