1159239Spjd#!/bin/sh 2159239Spjd# $FreeBSD$ 3167763Sgnn# 4167763Sgnn# IPsec regression test. 5167763Sgnn# 6167763Sgnn# This test sets up tunnels on the localhost (lo0) interface 7167763Sgnn# with various ciphers by using the setkey(8) command and then 8167763Sgnn# attempts to ping each end of the tunnel. 9167763Sgnn# The test says which pings worked and which failed. 10167763Sgnn# 11167763Sgnn# Expected Output: No failures 12159239Spjd 13159239Spjdipbase="127.255" 14159239Spjdnetif="lo0" 15159239Spjdspi="10000" 16159239Spjd 17167893Sgnnecho "1..414" 18159239Spjd 19159239Spjd#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 20159239Spjd 21159239Spjdifconfig $netif alias ${ipbase}.0.1/24 22159239Spjdifconfig $netif alias ${ipbase}.1.1/24 23159239Spjd 24159239Spjdi=1 25159239Spjd 26159239Spjdfor ecipher in \ 27159239Spjd des-cbc:12345678 \ 28159239Spjd 3des-cbc:012345678901234567890123 \ 29159239Spjd blowfish-cbc:0123456789012345 \ 30159239Spjd blowfish-cbc:01234567890123456789 \ 31159239Spjd blowfish-cbc:012345678901234567890123 \ 32159239Spjd blowfish-cbc:0123456789012345678901234567 \ 33159239Spjd blowfish-cbc:01234567890123456789012345678901 \ 34159239Spjd blowfish-cbc:012345678901234567890123456789012345 \ 35159239Spjd blowfish-cbc:0123456789012345678901234567890123456789 \ 36159239Spjd blowfish-cbc:01234567890123456789012345678901234567890123 \ 37159239Spjd blowfish-cbc:012345678901234567890123456789012345678901234567 \ 38159239Spjd blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ 39159239Spjd blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ 40159239Spjd cast128-cbc:0123456789012345 \ 41167893Sgnn aes-ctr:01234567890123456789\ 42167893Sgnn aes-ctr:0123456789012345678901234567\ 43167893Sgnn aes-ctr:012345678901234567890123456789012345\ 44167893Sgnn camellia-cbc:0123456789012345\ 45167893Sgnn camellia-cbc:012345678901234567890123\ 46167893Sgnn camellia-cbc:01234567890123456789012345678901\ 47159239Spjd rijndael-cbc:0123456789012345 \ 48159239Spjd rijndael-cbc:012345678901234567890123 \ 49159239Spjd rijndael-cbc:01234567890123456789012345678901; do 50159239Spjd 51159239Spjd ealgo=${ecipher%%:*} 52159239Spjd ekey=${ecipher##*:} 53159239Spjd 54159239Spjd for acipher in \ 55159239Spjd hmac-md5:0123456789012345 \ 56159239Spjd hmac-sha1:01234567890123456789 \ 57159239Spjd hmac-ripemd160:01234567890123456789 \ 58159239Spjd hmac-sha2-256:01234567890123456789012345678901 \ 59159239Spjd hmac-sha2-384:012345678901234567890123456789012345678901234567 \ 60159239Spjd hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do 61159239Spjd 62159239Spjd aalgo=${acipher%%:*} 63159239Spjd akey=${acipher##*:} 64159239Spjd 65159239Spjd setkey -F 66159239Spjd setkey -FP 67159239Spjd 68159239Spjd (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 69159239Spjd echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" 70159239Spjd 71159239Spjd echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;" 72159239Spjd echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;" 73159239Spjd echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;" 74159239Spjd echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;" 75159239Spjd ) | setkey -c >/dev/null 2>&1 76159239Spjd if [ $? -eq 0 ]; then 77159239Spjd echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 78159239Spjd else 79159239Spjd echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" 80159239Spjd fi 81159239Spjd i=$((i+1)) 82159239Spjd 83159239Spjd ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null 84159239Spjd if [ $? -eq 0 ]; then 85159239Spjd echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 86159239Spjd else 87159239Spjd echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" 88159239Spjd fi 89159239Spjd i=$((i+1)) 90159239Spjd ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null 91159239Spjd if [ $? -eq 0 ]; then 92159239Spjd echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 93159239Spjd else 94159239Spjd echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" 95159239Spjd fi 96159239Spjd i=$((i+1)) 97159239Spjd done 98159239Spjddone 99159239Spjd 100159239Spjdsetkey -F 101159239Spjdsetkey -FP 102159239Spjd 103159239Spjdifconfig $netif -alias ${ipbase}.0.1 104159239Spjdifconfig $netif -alias ${ipbase}.1.1 105