168349Sobrien#!/bin/sh
268349Sobrien# $FreeBSD: releng/11.0/tools/regression/ipsec/ipsec6.t 167893 2007-03-26 07:40:51Z gnn $
368349Sobrien#
468349Sobrien# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
568349Sobrien# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
668349Sobrien# aka those generated with ping6(8), across the tunnel.
768349Sobrien#
868349Sobrien# This test should ONLY be used as a smoke test to verify that nothing
968349Sobrien# drastic has been broken, it is insufficient for true protocol conformance
1068349Sobrien# testing.
1168349Sobrien#
1268349Sobrien# Expected Output: No failures.
1368349Sobrien
1468349Sobriennetif="lo0"
1568349Sobrienspi="10000"
1668349Sobrien
17159764Sobrienecho "1..414"
18159764Sobrien
19159764Sobrien#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20159764Sobrien
21159764Sobrienifconfig $netif inet6 alias 1::1
22159764Sobrienifconfig $netif inet6 alias 2::1
23159764Sobrien
24159764Sobrieni=1
25159764Sobrien
26159764Sobrienfor ecipher in \
27159764Sobrien    des-cbc:12345678 \
28159764Sobrien    3des-cbc:012345678901234567890123 \
29159764Sobrien    blowfish-cbc:0123456789012345 \
30159764Sobrien    blowfish-cbc:01234567890123456789 \
31159764Sobrien    blowfish-cbc:012345678901234567890123 \
32159764Sobrien    blowfish-cbc:0123456789012345678901234567 \
33159764Sobrien    blowfish-cbc:01234567890123456789012345678901 \
34159764Sobrien    blowfish-cbc:012345678901234567890123456789012345 \
35159764Sobrien    blowfish-cbc:0123456789012345678901234567890123456789 \
36159764Sobrien    blowfish-cbc:01234567890123456789012345678901234567890123 \
37159764Sobrien    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38159764Sobrien    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39103373Sobrien    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40103373Sobrien    cast128-cbc:0123456789012345 \
41103373Sobrien    aes-ctr:01234567890123456789\
42159764Sobrien    aes-ctr:0123456789012345678901234567\
43159764Sobrien    aes-ctr:012345678901234567890123456789012345\
44159764Sobrien    camellia-cbc:0123456789012345\
45159764Sobrien    camellia-cbc:012345678901234567890123\
46159764Sobrien    camellia-cbc:01234567890123456789012345678901\
4769216Sobrien    rijndael-cbc:0123456789012345 \
4869216Sobrien    rijndael-cbc:012345678901234567890123 \
49103373Sobrien    rijndael-cbc:01234567890123456789012345678901; do
50103373Sobrien
51103373Sobrien	ealgo=${ecipher%%:*}
52103373Sobrien	ekey=${ecipher##*:}
53103373Sobrien
54103373Sobrien	for acipher in \
55103373Sobrien	    hmac-md5:0123456789012345 \
56103373Sobrien	    hmac-sha1:01234567890123456789 \
57103373Sobrien	    hmac-ripemd160:01234567890123456789 \
5869216Sobrien	    hmac-sha2-256:01234567890123456789012345678901 \
5969216Sobrien	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
60103373Sobrien	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
61103373Sobrien
62103373Sobrien		aalgo=${acipher%%:*}
63103373Sobrien		akey=${acipher##*:}
64103373Sobrien
65103373Sobrien		setkey -F
66103373Sobrien		setkey -FP
67103373Sobrien
68103373Sobrien		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
6968349Sobrien		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70103373Sobrien
7168349Sobrien		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
7268349Sobrien		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
7374784Sobrien		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
7474784Sobrien		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
7568349Sobrien		) | setkey -c >/dev/null 2>&1
7668349Sobrien		if [ $? -eq 0 ]; then
7768349Sobrien			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
7868349Sobrien		else
79133359Sobrien			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
8068349Sobrien		fi
8168349Sobrien		i=$((i+1))
8268349Sobrien
8368349Sobrien		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
8475937Sobrien		if [ $? -eq 0 ]; then
8568349Sobrien			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86133359Sobrien		else
8768349Sobrien			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
8868349Sobrien		fi
8968349Sobrien		i=$((i+1))
9068349Sobrien		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
9168349Sobrien		if [ $? -eq 0 ]; then
9268349Sobrien			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
9368349Sobrien		else
9468349Sobrien			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
95159764Sobrien		fi
9668349Sobrien		i=$((i+1))
9768349Sobrien	done
9868349Sobriendone
9984685Sobrien
10068349Sobriensetkey -F
101139368Sobriensetkey -FP
102111658Sobrien
10368349Sobrienifconfig $netif inet6 1::1 delete
10468349Sobrienifconfig $netif inet6 2::1 delete
10568349Sobrien