xref: /freebsd/tools/regression/ipsec/ipsec6.t (revision dd41de95a84d979615a2ef11df6850622bf6184e) 
1#!/bin/sh
2# $FreeBSD$
3#
4# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
5# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,
6# aka those generated with ping6(8), across the tunnel.
7#
8# This test should ONLY be used as a smoke test to verify that nothing
9# drastic has been broken, it is insufficient for true protocol conformance
10# testing.
11#
12# Expected Output: No failures.
13
14netif="lo0"
15spi="10000"
16
17echo "1..414"
18
19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20
21ifconfig $netif inet6 alias 1::1
22ifconfig $netif inet6 alias 2::1
23
24i=1
25
26for ecipher in \
27    des-cbc:12345678 \
28    3des-cbc:012345678901234567890123 \
29    blowfish-cbc:0123456789012345 \
30    blowfish-cbc:01234567890123456789 \
31    blowfish-cbc:012345678901234567890123 \
32    blowfish-cbc:0123456789012345678901234567 \
33    blowfish-cbc:01234567890123456789012345678901 \
34    blowfish-cbc:012345678901234567890123456789012345 \
35    blowfish-cbc:0123456789012345678901234567890123456789 \
36    blowfish-cbc:01234567890123456789012345678901234567890123 \
37    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40    cast128-cbc:0123456789012345 \
41    aes-ctr:01234567890123456789\
42    aes-ctr:0123456789012345678901234567\
43    aes-ctr:012345678901234567890123456789012345\
44    camellia-cbc:0123456789012345\
45    camellia-cbc:012345678901234567890123\
46    camellia-cbc:01234567890123456789012345678901\
47    rijndael-cbc:0123456789012345 \
48    rijndael-cbc:012345678901234567890123 \
49    rijndael-cbc:01234567890123456789012345678901; do
50
51	ealgo=${ecipher%%:*}
52	ekey=${ecipher##*:}
53
54	for acipher in \
55	    hmac-md5:0123456789012345 \
56	    hmac-sha1:01234567890123456789 \
57	    hmac-ripemd160:01234567890123456789 \
58	    hmac-sha2-256:01234567890123456789012345678901 \
59	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
60	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
61
62		aalgo=${acipher%%:*}
63		akey=${acipher##*:}
64
65		setkey -F
66		setkey -FP
67
68		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70
71		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
72		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
73		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
74		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
75		) | setkey -c >/dev/null 2>&1
76		if [ $? -eq 0 ]; then
77			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
78		else
79			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
80		fi
81		i=$((i+1))
82
83		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
84		if [ $? -eq 0 ]; then
85			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86		else
87			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
88		fi
89		i=$((i+1))
90		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
91		if [ $? -eq 0 ]; then
92			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
93		else
94			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
95		fi
96		i=$((i+1))
97	done
98done
99
100setkey -F
101setkey -FP
102
103ifconfig $netif inet6 1::1 delete
104ifconfig $netif inet6 2::1 delete
105