ipsec.t revision 159239
1159239Spjd#!/bin/sh 2159239Spjd# $FreeBSD: head/tools/regression/ipsec/ipsec.t 159239 2006-06-04 22:06:17Z pjd $ 3159239Spjd 4159239Spjdipbase="127.255" 5159239Spjdnetif="lo0" 6159239Spjdspi="10000" 7159239Spjd 8159239Spjdecho "1..306" 9159239Spjd 10159239Spjd#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 11159239Spjd 12159239Spjdifconfig $netif alias ${ipbase}.0.1/24 13159239Spjdifconfig $netif alias ${ipbase}.1.1/24 14159239Spjd 15159239Spjdi=1 16159239Spjd 17159239Spjdfor ecipher in \ 18159239Spjd des-cbc:12345678 \ 19159239Spjd 3des-cbc:012345678901234567890123 \ 20159239Spjd blowfish-cbc:0123456789012345 \ 21159239Spjd blowfish-cbc:01234567890123456789 \ 22159239Spjd blowfish-cbc:012345678901234567890123 \ 23159239Spjd blowfish-cbc:0123456789012345678901234567 \ 24159239Spjd blowfish-cbc:01234567890123456789012345678901 \ 25159239Spjd blowfish-cbc:012345678901234567890123456789012345 \ 26159239Spjd blowfish-cbc:0123456789012345678901234567890123456789 \ 27159239Spjd blowfish-cbc:01234567890123456789012345678901234567890123 \ 28159239Spjd blowfish-cbc:012345678901234567890123456789012345678901234567 \ 29159239Spjd blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 30159239Spjd blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 31159239Spjd cast128-cbc:0123456789012345 \ 32159239Spjd rijndael-cbc:0123456789012345 \ 33159239Spjd rijndael-cbc:012345678901234567890123 \ 34159239Spjd rijndael-cbc:01234567890123456789012345678901; do 35159239Spjd 36159239Spjd ealgo=${ecipher%%:*} 37159239Spjd ekey=${ecipher##*:} 38159239Spjd 39159239Spjd for acipher in \ 40159239Spjd hmac-md5:0123456789012345 \ 41159239Spjd hmac-sha1:01234567890123456789 \ 42159239Spjd hmac-ripemd160:01234567890123456789 \ 43159239Spjd hmac-sha2-256:01234567890123456789012345678901 \ 44159239Spjd hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 45159239Spjd hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 46159239Spjd 47159239Spjd aalgo=${acipher%%:*} 48159239Spjd akey=${acipher##*:} 49159239Spjd 50159239Spjd setkey -F 51159239Spjd setkey -FP 52159239Spjd 53159239Spjd (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 54159239Spjd echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 55159239Spjd 56159239Spjd echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;" 57159239Spjd echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;" 58159239Spjd echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;" 59159239Spjd echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;" 60159239Spjd ) | setkey -c >/dev/null 2>&1 61159239Spjd if [ $? -eq 0 ]; then 62159239Spjd echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 63159239Spjd else 64159239Spjd echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 65159239Spjd fi 66159239Spjd i=$((i+1)) 67159239Spjd 68159239Spjd ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null 69159239Spjd if [ $? -eq 0 ]; then 70159239Spjd echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 71159239Spjd else 72159239Spjd echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 73159239Spjd fi 74159239Spjd i=$((i+1)) 75159239Spjd ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null 76159239Spjd if [ $? -eq 0 ]; then 77159239Spjd echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 78159239Spjd else 79159239Spjd echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 80159239Spjd fi 81159239Spjd i=$((i+1)) 82159239Spjd done 83159239Spjddone 84159239Spjd 85159239Spjdsetkey -F 86159239Spjdsetkey -FP 87159239Spjd 88159239Spjdifconfig $netif -alias ${ipbase}.0.1 89159239Spjdifconfig $netif -alias ${ipbase}.1.1 90