1# $NetBSD: t_ipsec_esp_keys.sh,v 1.4 2023/06/19 08:28:09 knakahara Exp $ 2# 3# Copyright (c) 2017 Internet Initiative Japan Inc. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25# POSSIBILITY OF SUCH DAMAGE. 26# 27 28SOCK_LOCAL=unix://ipsec_local 29 30DEBUG=${DEBUG:-false} 31 32test_esp_valid_keys_common() 33{ 34 local ealgo=$1 35 local key= 36 local tmpfile=./tmp 37 local len= 38 39 rump_server_crypto_start $SOCK_LOCAL netipsec 40 41 export RUMP_SERVER=$SOCK_LOCAL 42 43 for len in $(get_valid_keylengths $ealgo); do 44 key=$(generate_key $len) 45 cat > $tmpfile <<-EOF 46 add 10.0.0.1 10.0.0.2 esp 10000 -E $ealgo $key; 47 EOF 48 $DEBUG && cat $tmpfile 49 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 50 atf_check -s exit:0 -o match:'10.0.0.1 10.0.0.2' \ 51 $HIJACKING setkey -D 52 # TODO: more detail checks 53 54 cat > $tmpfile <<-EOF 55 delete 10.0.0.1 10.0.0.2 esp 10000; 56 EOF 57 $DEBUG && cat $tmpfile 58 atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile 59 atf_check -s exit:0 -o match:'No SAD entries.' \ 60 $HIJACKING setkey -D 61 done 62 63 rm -f $tmpfile 64} 65 66add_test_valid_keys() 67{ 68 local ealgo=$1 69 local _ealgo=$(echo $ealgo | sed 's/-//g') 70 local name= desc= 71 72 name="ipsec_esp_${_ealgo}_valid_keys" 73 desc="Tests ESP ($ealgo) valid keys" 74 75 atf_test_case ${name} cleanup 76 eval " 77 ${name}_head() { 78 atf_set descr \"$desc\" 79 atf_set require.progs rump_server setkey 80 } 81 ${name}_body() { 82 test_esp_valid_keys_common $ealgo 83 } 84 ${name}_cleanup() { 85 \$DEBUG && dump 86 cleanup 87 } 88 " 89 atf_add_test_case ${name} 90} 91 92test_esp_invalid_keys_common() 93{ 94 local ealgo=$1 95 local key= 96 local tmpfile=./tmp 97 local len= 98 99 rump_server_crypto_start $SOCK_LOCAL netipsec 100 101 export RUMP_SERVER=$SOCK_LOCAL 102 103 for len in $(get_invalid_keylengths $ealgo); do 104 key=$(generate_key $len) 105 cat > $tmpfile <<-EOF 106 add 10.0.0.1 10.0.0.2 esp 10000 -E $ealgo $key; 107 EOF 108 $DEBUG && cat $tmpfile 109 if [ $ealgo = null ]; then 110 # null doesn't accept any keys 111 atf_check -s exit:0 \ 112 -o match:'syntax error' -e ignore \ 113 $HIJACKING setkey -c < $tmpfile 114 else 115 atf_check -s exit:0 \ 116 -o match:'Invalid (key length|argument)' -e ignore \ 117 $HIJACKING setkey -c < $tmpfile 118 fi 119 atf_check -s exit:0 -o match:'No SAD entries.' \ 120 $HIJACKING setkey -D 121 done 122 123 rm -f $tmpfile 124} 125 126add_test_invalid_keys() 127{ 128 local ealgo=$1 129 local _ealgo=$(echo $ealgo | sed 's/-//g') 130 local name= desc= 131 132 name="ipsec_esp_${_ealgo}_invalid_keys" 133 desc="Tests ESP ($ealgo) invalid keys" 134 135 atf_test_case ${name} cleanup 136 eval " \ 137 ${name}_head() { \ 138 atf_set \"descr\" \"$desc\"; \ 139 atf_set \"require.progs\" \"rump_server\" \"setkey\"; \ 140 }; \ 141 ${name}_body() { \ 142 test_esp_invalid_keys_common $ealgo; \ 143 }; \ 144 ${name}_cleanup() { \ 145 $DEBUG && dump; \ 146 cleanup; \ 147 } \ 148 " 149 atf_add_test_case ${name} 150} 151 152atf_init_test_cases() 153{ 154 155 for ealgo in $ESP_ENCRYPTION_ALGORITHMS; do 156 add_test_valid_keys $ealgo 157 add_test_invalid_keys $ealgo 158 done 159} 160