ipsec6.t revision 167866 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/ipsec/ipsec6.t 167866 2007-03-24 13:47:16Z gnn $
3#
4# IPv6 IPsec test based on ipsec.t, in this same directory, which tests
5# IPsec by setting up a set of tunnels and then sending ICMPv6 packets,   
6# aka those generated with ping6(8), across the tunnel.
7#
8# This test should ONLY be used as a smoke test to verify that nothing
9# drastic has been broken, it is insufficient for true protocol conformance
10# testing.
11#
12# Expected Output: No failures.
13
14netif="lo0"
15spi="10000"
16
17echo "1..306"
18
19#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20
21ifconfig $netif inet6 alias 1::1
22ifconfig $netif inet6 alias 2::1
23
24i=1
25
26for ecipher in \
27    des-cbc:12345678 \
28    3des-cbc:012345678901234567890123 \
29    blowfish-cbc:0123456789012345 \
30    blowfish-cbc:01234567890123456789 \
31    blowfish-cbc:012345678901234567890123 \
32    blowfish-cbc:0123456789012345678901234567 \
33    blowfish-cbc:01234567890123456789012345678901 \
34    blowfish-cbc:012345678901234567890123456789012345 \
35    blowfish-cbc:0123456789012345678901234567890123456789 \
36    blowfish-cbc:01234567890123456789012345678901234567890123 \
37    blowfish-cbc:012345678901234567890123456789012345678901234567 \
38    blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39    blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40    cast128-cbc:0123456789012345 \
41    rijndael-cbc:0123456789012345 \
42    rijndael-cbc:012345678901234567890123 \
43    rijndael-cbc:01234567890123456789012345678901; do
44
45	ealgo=${ecipher%%:*}
46	ekey=${ecipher##*:}
47
48	for acipher in \
49	    hmac-md5:0123456789012345 \
50	    hmac-sha1:01234567890123456789 \
51	    hmac-ripemd160:01234567890123456789 \
52	    hmac-sha2-256:01234567890123456789012345678901 \
53	    hmac-sha2-384:012345678901234567890123456789012345678901234567 \
54	    hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
55
56		aalgo=${acipher%%:*}
57		akey=${acipher##*:}
58
59		setkey -F
60		setkey -FP
61
62		(echo "add -6 1::1 2::1 esp $spi            -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
63		 echo "add -6 2::1 1::1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
64
65		 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
66		 echo "spdadd -6 2::1 1::1 any -P in  ipsec esp/transport//require;"
67		 echo "spdadd -6 1::1 2::1 any -P in  ipsec esp/transport//require;"
68		 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
69		) | setkey -c >/dev/null 2>&1
70		if [ $? -eq 0 ]; then
71			echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
72		else
73			echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
74		fi
75		i=$((i+1))
76
77		ping6 -c 1 -i 1 -S 1::1 2::1 >/dev/null
78		if [ $? -eq 0 ]; then
79			echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
80		else
81			echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
82		fi
83		i=$((i+1))
84		ping6 -c 1 -i 1 -S 2::1 1::1 >/dev/null
85		if [ $? -eq 0 ]; then
86			echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
87		else
88			echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
89		fi
90		i=$((i+1))
91	done
92done
93
94setkey -F
95setkey -FP
96
97ifconfig $netif inet6 1::1 delete
98ifconfig $netif inet6 2::1 delete
99