197403Sobrien# $NetBSD: t_interoperability.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $ 297403Sobrien# 3169691Skan# Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com> 497403Sobrien# All rights reserved. 597403Sobrien# 697403Sobrien# Redistribution and use in source and binary forms, with or without 797403Sobrien# modification, are permitted provided that the following conditions 897403Sobrien# are met: 997403Sobrien# 1. Redistributions of source code must retain the above copyright 1097403Sobrien# notice, this list of conditions and the following disclaimer. 1197403Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1297403Sobrien# notice, this list of conditions and the following disclaimer in the 1397403Sobrien# documentation and/or other materials provided with the distribution. 1497403Sobrien# 1597403Sobrien# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 1697403Sobrien# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 1797403Sobrien# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18169691Skan# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 1997403Sobrien# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2097403Sobrien# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2197403Sobrien# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2297403Sobrien# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2397403Sobrien# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2497403Sobrien# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2597403Sobrien# POSSIBILITY OF SUCH DAMAGE. 2697403Sobrien# 2797403Sobrien 2897403SobrienBUS=bus 2997403SobrienSOCK_LOCAL=unix://wg_local 3097403SobrienSOCK_PEER=unix://wg_peer 3197403Sobrien 3297403Sobrien 3397403Sobrienatf_test_case wg_interoperability_basic cleanup 3497403Sobrienwg_interoperability_basic_head() 3597403Sobrien{ 3697403Sobrien 3797403Sobrien atf_set "descr" "tests of interoperability with the WireGuard protocol" 3897403Sobrien atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 3997403Sobrien} 4097403Sobrien 4197403Sobrien# 4297403Sobrien# Set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test. 4397403Sobrien# Also to run the test, the following setups are required on the host and a peer. 4497403Sobrien# 4597403Sobrien# [Host] 4697403Sobrien# ifconfig bridge0 create 4797403Sobrien# ifconfig tap0 create 4897403Sobrien# brconfig bridge0 add tap0 4997403Sobrien# brconfig bridge0 add <external-interface> 5097403Sobrien# ifconfig tap0 up 5197403Sobrien# ifconfig bridge0 up 5297403Sobrien# 5397403Sobrien# [Peer] 5497403Sobrien# ip addr add 10.0.0.2/24 dev <external-interface> 5597403Sobrien# ip link add wg0 type wireguard 5697403Sobrien# ip addr add 10.0.1.2/24 dev wg0 5797403Sobrien# privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 58169691Skan# ip link set wg0 up 5997403Sobrien# echo $privkey > /tmp/private-key 6097403Sobrien# wg set wg0 listen-port 52428 6197403Sobrien# wg set wg0 private-key /tmp/private-key 62132720Skan# pubkey="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 6397403Sobrien# wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.1.1/32 6497403Sobrien# 65132720Skanwg_interoperability_basic_body() 6697403Sobrien{ 6797403Sobrien local ifconfig="atf_check -s exit:0 rump.ifconfig" 68169691Skan local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 69169691Skan local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 7097403Sobrien local key_priv_local= 7197403Sobrien local key_pub_local= 7297403Sobrien local key_priv_peer= 7397403Sobrien local key_pub_peer= 7497403Sobrien local ip_local=10.0.0.3 7597403Sobrien local ip_peer=10.0.0.2 7697403Sobrien local ip_wg_local=10.0.1.1 7797403Sobrien local ip_wg_peer=10.0.1.2 7897403Sobrien local port=52428 7997403Sobrien local outfile=./out 80132720Skan 81132720Skan if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 82132720Skan atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 83132720Skan fi 8497403Sobrien 8597403Sobrien export RUMP_SERVER=$SOCK_LOCAL 86169691Skan rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 87169691Skan atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 88169691Skan atf_check -s exit:0 rump.ifconfig virt0 create 89169691Skan atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 90169691Skan atf_check -s exit:0 rump.ifconfig virt0 up 91169691Skan 92132720Skan $ping $ip_peer 9397403Sobrien 9497403Sobrien key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 95132720Skan key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 96132720Skan key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 97132720Skan key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 98132720Skan 9997403Sobrien setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 10097403Sobrien add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 101132720Skan 102169691Skan $ping $ip_wg_peer 103169691Skan 104169691Skan export RUMP_SERVER=$SOCK_LOCAL 10597403Sobrien $ifconfig wg0 destroy 10697403Sobrien} 10797403Sobrien 10897403Sobrienwg_interoperability_basic_cleanup() 10997403Sobrien{ 11097403Sobrien 11197403Sobrien $DEBUG && dump 11297403Sobrien cleanup 11397403Sobrien} 11497403Sobrien 11597403Sobrienatf_test_case wg_interoperability_cookie cleanup 11697403Sobrienwg_interoperability_cookie_head() 11797403Sobrien{ 11897403Sobrien 11997403Sobrien atf_set "descr" "tests of interoperability with the WireGuard protocol" 12097403Sobrien atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 121132720Skan} 122132720Skan 123132720Skanwg_interoperability_cookie_body() 12497403Sobrien{ 12597403Sobrien local ifconfig="atf_check -s exit:0 rump.ifconfig" 126132720Skan local ping="atf_check -s exit:0 -o ignore rump.ping -n -c 3 -w 3" 127132720Skan local ping_fail="atf_check -s not-exit:0 -o ignore rump.ping -n -c 1 -w 3" 128132720Skan local key_priv_local= 12997403Sobrien local key_pub_local= 13097403Sobrien local key_priv_peer= 13197403Sobrien local key_pub_peer= 13297403Sobrien local ip_local=10.0.0.3 13397403Sobrien local ip_peer=10.0.0.2 134132720Skan local ip_wg_local=10.0.1.1 13597403Sobrien local ip_wg_peer=10.0.1.2 136169691Skan local port=52428 137169691Skan local outfile=./out 138169691Skan local rekey_timeout=5 # default 139169691Skan 14097403Sobrien if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then 141169691Skan atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test" 142169691Skan fi 143169691Skan 144169691Skan export RUMP_SERVER=$SOCK_LOCAL 145169691Skan rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 146169691Skan atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 147169691Skan atf_check -s exit:0 rump.ifconfig virt0 create 148169691Skan atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24 149169691Skan atf_check -s exit:0 rump.ifconfig virt0 up 150169691Skan 15197403Sobrien $ping $ip_peer 152169691Skan 15397403Sobrien key_priv_local="aK3TbzUNDO4aeDRX54x8bOG+NaKuqXKt7Hwq0Uz69Wo=" 15497403Sobrien key_pub_local="2iWFzywbDvYu2gQW5Q7/z/g5/Cv4bDDd6L3OKXLOwxs=" 15597403Sobrien key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 15697403Sobrien key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 15797403Sobrien 15897403Sobrien setup_wg_common wg0 inet $ip_wg_local 24 $port "$key_priv_local" 15997403Sobrien 16097403Sobrien # Emulate load to send back a cookie on receiving a response message 16197403Sobrien atf_check -s exit:0 -o ignore \ 16297403Sobrien rump.sysctl -w net.wg.force_underload=1 16397403Sobrien 16497403Sobrien add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32 165132720Skan 16697403Sobrien # ping fails because we don't accept a response message and send a cookie 16797403Sobrien $ping_fail $ip_wg_peer 16897403Sobrien 169132720Skan # Wait for retrying an initialization that works because the peer 17097403Sobrien # send a response message with the cookie we sent 17197403Sobrien atf_check -s exit:0 sleep $rekey_timeout 17297403Sobrien 17397403Sobrien # So ping works 174169691Skan $ping $ip_wg_peer 175169691Skan 176169691Skan export RUMP_SERVER=$SOCK_LOCAL 177169691Skan $ifconfig wg0 destroy 17897403Sobrien} 17997403Sobrien 18097403Sobrienwg_interoperability_cookie_cleanup() 18197403Sobrien{ 18297403Sobrien 18397403Sobrien $DEBUG && dump 18497403Sobrien cleanup 18597403Sobrien} 18697403Sobrien 18797403Sobrienatf_test_case wg_userspace_basic cleanup 18897403Sobrienwg_userspace_basic_head() 18997403Sobrien{ 19097403Sobrien 19197403Sobrien atf_set "descr" "tests of userspace implementation of wg(4)" 19297403Sobrien atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen" 19397403Sobrien} 19497403Sobrien 19597403Sobrien# 19697403Sobrien# Set ATF_NET_IF_WG_USERSPACE=yes to run the test. 19797403Sobrien# Also to run the test, the following setups are required on the host and a peer. 19897403Sobrien# 19997403Sobrien# [Host] 200132720Skan# ifconfig bridge0 create 20197403Sobrien# ifconfig tap0 create 202169691Skan# brconfig bridge0 add tap0 203169691Skan# brconfig bridge0 add <external-interface> 204169691Skan# ifconfig tap0 up 205169691Skan# ifconfig bridge0 up 20697403Sobrien# 20797403Sobrien# [Peer] 208132720Skan# ip addr add 10.0.0.2/24 dev <external-interface> 209132720Skan# ip link add wg0 type wireguard 210132720Skan# ip addr add 10.0.4.2/24 dev wg0 211132720Skan# privkey="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 212132720Skan# ip link set wg0 up 213132720Skan# echo $privkey > /tmp/private-key 214132720Skan# wg set wg0 listen-port 52428 215132720Skan# wg set wg0 private-key /tmp/private-key 21697403Sobrien# pubkey="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 217169691Skan# wg set wg0 peer $pubkey endpoint 10.0.0.3:52428 allowed-ips 10.0.4.1/32 218169691Skan# 21997403Sobrienwg_userspace_basic_body() 22097403Sobrien{ 22197403Sobrien local ifconfig="atf_check -s exit:0 rump.ifconfig" 22297403Sobrien local ping="atf_check -s exit:0 -o ignore ping -n -c 3 -w 3" 223132720Skan local ping_fail="atf_check -s not-exit:0 -o ignore ping -n -c 1 -w 3" 22497403Sobrien local key_priv_local= 225132720Skan local key_pub_local= 22697403Sobrien local key_priv_peer= 22797403Sobrien local key_pub_peer= 22897403Sobrien local ip_local=10.0.0.3 22997403Sobrien local ip_peer=10.0.0.2 230132720Skan local ip_wg_local=10.0.4.1 231132720Skan local ip_wg_peer=10.0.4.2 232132720Skan local port_local=52429 233132720Skan local port_peer=52428 234132720Skan local outfile=./out 235132720Skan 23697403Sobrien if [ "$ATF_NET_IF_WG_USERSPACE" != yes ]; then 23797403Sobrien atf_skip "set ATF_NET_IF_WG_USERSPACE=yes to run the test" 23897403Sobrien fi 23997403Sobrien 24097403Sobrien export RUMP_SERVER=$SOCK_LOCAL 241132720Skan rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6 24297403Sobrien atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0 243132720Skan 24497403Sobrien $DEBUG && netstat -nr -f inet 24597403Sobrien 24697403Sobrien $ping $ip_peer 24797403Sobrien 248132720Skan key_priv_local="6B0dualfIAiEG7/jFGOIHrJMhuypq87xCER/0ieIpE4=" 249132720Skan key_pub_local="6mQ4lUO3oq5O8FfGW52CFXNbmh5iFT1XMqPzpdrc0nE=" 250132720Skan key_priv_peer="EF9D8AOkmxjlkiRFqBnfJS+RJJHbUy02u+VkGlBr9Eo=" 251132720Skan key_pub_peer="2ZM9RvDmMZS/Nuh8OaVaJrwFbO57/WJgeU+JoQ//nko=" 252132720Skan 25397403Sobrien setup_wg_common wg0 inet $ip_wg_local 24 $port_local "$key_priv_local" tun0 25497403Sobrien add_peer wg0 peer0 $key_pub_peer $ip_peer:$port_peer $ip_wg_peer/32 25597403Sobrien 25697403Sobrien $DEBUG && rump.ifconfig wg0 25797403Sobrien $DEBUG && ifconfig tun0 25897403Sobrien $DEBUG && netstat -nr -f inet 25997403Sobrien 260102782Skan $ping $ip_wg_peer 261102782Skan 262102782Skan export RUMP_SERVER=$SOCK_LOCAL 263102782Skan $ifconfig wg0 destroy 264102782Skan} 265169691Skan 266169691Skanwg_userspace_basic_cleanup() 267132720Skan{ 268132720Skan 269132720Skan $DEBUG && dump 27097403Sobrien cleanup 27197403Sobrien} 272132720Skan 273132720Skanatf_init_test_cases() 274132720Skan{ 275132720Skan 27697403Sobrien atf_add_test_case wg_interoperability_basic 27797403Sobrien atf_add_test_case wg_interoperability_cookie 27897403Sobrien atf_add_test_case wg_userspace_basic 27997403Sobrien} 280169691Skan