1167763Sgnn#!/bin/sh
2167763Sgnn# $FreeBSD$
3167763Sgnn#
4167763Sgnn# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
5167763Sgnn# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
6167763Sgnn# aka those generated with ping6(8), across the tunnel.
7167763Sgnn#
8167763Sgnn# This test should ONLY be used as a smoke test to verify that nothing
9167763Sgnn# drastic has been broken, it is insufficient for true protocol conformance
10167763Sgnn# testing.
11167763Sgnn#
12167763Sgnn# Expected Output: No failures.
13167763Sgnn
14167763Sgnnnetif="lo0"
15167763Sgnnspi="10000"
16167763Sgnn
17167893Sgnnecho "1..414"
18167763Sgnn
19167763Sgnn#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20167763Sgnn
21167866Sgnnifconfig $netif inet6 alias 1::1
22167866Sgnnifconfig $netif inet6 alias 2::1
23167763Sgnn
24167763Sgnni=1
25167763Sgnn
26167763Sgnnfor ecipher in \
27167763Sgnn    des-cbc:12345678 \
28167763Sgnn    3des-cbc:012345678901234567890123 \
29167763Sgnn    blowfish-cbc:0123456789012345 \
30167763Sgnn    blowfish-cbc:01234567890123456789 \
31167763Sgnn    blowfish-cbc:012345678901234567890123 \
32167763Sgnn    blowfish-cbc:0123456789012345678901234567 \
33167763Sgnn    blowfish-cbc:01234567890123456789012345678901 \
34167763Sgnn    blowfish-cbc:012345678901234567890123456789012345 \
35167763Sgnn    blowfish-cbc:0123456789012345678901234567890123456789 \
36167763Sgnn    blowfish-cbc:01234567890123456789012345678901234567890123 \
37167763Sgnn    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38167763Sgnn    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39167763Sgnn    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40167763Sgnn    cast128-cbc:0123456789012345 \
41167893Sgnn    aes-ctr:01234567890123456789\
42167893Sgnn    aes-ctr:0123456789012345678901234567\
43167893Sgnn    aes-ctr:012345678901234567890123456789012345\
44167893Sgnn    camellia-cbc:0123456789012345\
45167893Sgnn    camellia-cbc:012345678901234567890123\
46167893Sgnn    camellia-cbc:01234567890123456789012345678901\
47167763Sgnn    rijndael-cbc:0123456789012345 \
48167763Sgnn    rijndael-cbc:012345678901234567890123 \
49167763Sgnn    rijndael-cbc:01234567890123456789012345678901; do
50167763Sgnn
51167763Sgnn	ealgo=${ecipher%%:*}
52167763Sgnn	ekey=${ecipher##*:}
53167763Sgnn
54167763Sgnn	for acipher in \
55167763Sgnn	    hmac-md5:0123456789012345 \
56167763Sgnn	    hmac-sha1:01234567890123456789 \
57167763Sgnn	    hmac-ripemd160:01234567890123456789 \
58167763Sgnn	    hmac-sha2-256:01234567890123456789012345678901 \
59167763Sgnn	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
60167763Sgnn	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
61167763Sgnn
62167763Sgnn		aalgo=${acipher%%:*}
63167763Sgnn		akey=${acipher##*:}
64167763Sgnn
65167763Sgnn		setkey -F
66167763Sgnn		setkey -FP
67167763Sgnn
68167866Sgnn		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69167866Sgnn		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70167763Sgnn
71167866Sgnn		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
72167866Sgnn		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
73167866Sgnn		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
74167866Sgnn		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
75167763Sgnn		) | setkey -c >/dev/null 2>&1
76167763Sgnn		if [ $? -eq 0 ]; then
77167763Sgnn			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
78167763Sgnn		else
79167763Sgnn			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
80167763Sgnn		fi
81167763Sgnn		i=$((i+1))
82167763Sgnn
83167866Sgnn		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
84167763Sgnn		if [ $? -eq 0 ]; then
85167763Sgnn			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86167763Sgnn		else
87167763Sgnn			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
88167763Sgnn		fi
89167763Sgnn		i=$((i+1))
90167866Sgnn		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
91167763Sgnn		if [ $? -eq 0 ]; then
92167763Sgnn			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
93167763Sgnn		else
94167763Sgnn			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
95167763Sgnn		fi
96167763Sgnn		i=$((i+1))
97167763Sgnn	done
98167763Sgnndone
99167763Sgnn
100167763Sgnnsetkey -F
101167763Sgnnsetkey -FP
102167763Sgnn
103167866Sgnnifconfig $netif inet6 1::1 delete
104167866Sgnnifconfig $netif inet6 2::1 delete
105