ipsec.t revision 167763 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/ipsec/ipsec.t 167763 2007-03-21 09:39:51Z gnn $
3#
4# IPsec regression test.
5#
6# This test sets up tunnels on the localhost (lo0) interface 
7# with various ciphers by using the setkey(8) command and then 
8# attempts to ping each end of the tunnel.
9# The test says which pings worked and which failed.      
10#
11# Expected Output: No failures
12
13ipbase="127.255"
14netif="lo0"
15spi="10000"
16
17echo "1..306"
18
19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20
21ifconfig $netif alias ${ipbase}.0.1/24
22ifconfig $netif alias ${ipbase}.1.1/24
23
24i=1
25
26for ecipher in \
27    des-cbc:12345678 \
28    3des-cbc:012345678901234567890123 \
29    blowfish-cbc:0123456789012345 \
30    blowfish-cbc:01234567890123456789 \
31    blowfish-cbc:012345678901234567890123 \
32    blowfish-cbc:0123456789012345678901234567 \
33    blowfish-cbc:01234567890123456789012345678901 \
34    blowfish-cbc:012345678901234567890123456789012345 \
35    blowfish-cbc:0123456789012345678901234567890123456789 \
36    blowfish-cbc:01234567890123456789012345678901234567890123 \
37    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40    cast128-cbc:0123456789012345 \
41    rijndael-cbc:0123456789012345 \
42    rijndael-cbc:012345678901234567890123 \
43    rijndael-cbc:01234567890123456789012345678901; do
44
45	ealgo=${ecipher%%:*}
46	ekey=${ecipher##*:}
47
48	for acipher in \
49	    hmac-md5:0123456789012345 \
50	    hmac-sha1:01234567890123456789 \
51	    hmac-ripemd160:01234567890123456789 \
52	    hmac-sha2-256:01234567890123456789012345678901 \
53	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
54	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
55
56		aalgo=${acipher%%:*}
57		akey=${acipher##*:}
58
59		setkey -F
60		setkey -FP
61
62		(echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
63		 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
64
65		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
66		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in  ipsec esp/transport//require;"
67		 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in  ipsec esp/transport//require;"
68		 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
69		) | setkey -c >/dev/null 2>&1
70		if [ $? -eq 0 ]; then
71			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
72		else
73			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
74		fi
75		i=$((i+1))
76
77		ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
78		if [ $? -eq 0 ]; then
79			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
80		else
81			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
82		fi
83		i=$((i+1))
84		ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
85		if [ $? -eq 0 ]; then
86			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
87		else
88			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
89		fi
90		i=$((i+1))
91	done
92done
93
94setkey -F
95setkey -FP
96
97ifconfig $netif -alias ${ipbase}.0.1
98ifconfig $netif -alias ${ipbase}.1.1
99