ipsec6.t revision 167763 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/ipsec/ipsec6.t 167763 2007-03-21 09:39:51Z gnn $
3#
4# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
5# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
6# aka those generated with ping6(8), across the tunnel.
7#
8# This test should ONLY be used as a smoke test to verify that nothing
9# drastic has been broken, it is insufficient for true protocol conformance
10# testing.
11#
12# Expected Output: No failures.
13
14ipbase="1"
15netif="lo0"
16spi="10000"
17
18echo "1..306"
19
20#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
21
22ifconfig $netif inet6 alias ${ipbase}::1/128
23ifconfig $netif inet6 alias ${ipbase}::2/128
24
25i=1
26
27for ecipher in \
28    des-cbc:12345678 \
29    3des-cbc:012345678901234567890123 \
30    blowfish-cbc:0123456789012345 \
31    blowfish-cbc:01234567890123456789 \
32    blowfish-cbc:012345678901234567890123 \
33    blowfish-cbc:0123456789012345678901234567 \
34    blowfish-cbc:01234567890123456789012345678901 \
35    blowfish-cbc:012345678901234567890123456789012345 \
36    blowfish-cbc:0123456789012345678901234567890123456789 \
37    blowfish-cbc:01234567890123456789012345678901234567890123 \
38    blowfish-cbc:012345678901234567890123456789012345678901234567 \
39    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
40    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
41    cast128-cbc:0123456789012345 \
42    rijndael-cbc:0123456789012345 \
43    rijndael-cbc:012345678901234567890123 \
44    rijndael-cbc:01234567890123456789012345678901; do
45
46	ealgo=${ecipher%%:*}
47	ekey=${ecipher##*:}
48
49	for acipher in \
50	    hmac-md5:0123456789012345 \
51	    hmac-sha1:01234567890123456789 \
52	    hmac-ripemd160:01234567890123456789 \
53	    hmac-sha2-256:01234567890123456789012345678901 \
54	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
55	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
56
57		aalgo=${acipher%%:*}
58		akey=${acipher##*:}
59
60		setkey -F
61		setkey -FP
62
63		(echo "add -6 ${ipbase}::1 ${ipbase}::2 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
64		 echo "add -6 ${ipbase}::2 ${ipbase}::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
65
66		 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P out ipsec esp/transport//require;"
67		 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P in  ipsec esp/transport//require;"
68		 echo "spdadd -6 ${ipbase}::1 ${ipbase}::2 any -P in  ipsec esp/transport//require;"
69		 echo "spdadd -6 ${ipbase}::2 ${ipbase}::1 any -P out ipsec esp/transport//require;"
70		) | setkey -c >/dev/null 2>&1
71		if [ $? -eq 0 ]; then
72			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
73		else
74			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
75		fi
76		i=$((i+1))
77
78		ping6 -c 1 -i 1 -S ${ipbase}::1 ${ipbase}::2 >/dev/null
79		if [ $? -eq 0 ]; then
80			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
81		else
82			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
83		fi
84		i=$((i+1))
85		ping6 -c 1 -i 1 -S ${ipbase}::2 ${ipbase}::1 >/dev/null
86		if [ $? -eq 0 ]; then
87			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
88		else
89			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
90		fi
91		i=$((i+1))
92	done
93done
94
95setkey -F
96setkey -FP
97
98ifconfig $netif inet6 ${ipbase}::1 delete
99ifconfig $netif inet6 ${ipbase}::2 delete
100