99 lines
3.1 KiB
Bash
99 lines
3.1 KiB
Bash
#!/bin/sh
|
|
# $FreeBSD$
|
|
#
|
|
# IPsec regression test.
|
|
#
|
|
# This test sets up tunnels on the localhost (lo0) interface
|
|
# with various ciphers by using the setkey(8) command and then
|
|
# attempts to ping each end of the tunnel.
|
|
# The test says which pings worked and which failed.
|
|
#
|
|
# Expected Output: No failures
|
|
|
|
ipbase="127.255"
|
|
netif="lo0"
|
|
spi="10000"
|
|
|
|
echo "1..306"
|
|
|
|
#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
|
|
|
|
ifconfig $netif alias ${ipbase}.0.1/24
|
|
ifconfig $netif alias ${ipbase}.1.1/24
|
|
|
|
i=1
|
|
|
|
for ecipher in \
|
|
des-cbc:12345678 \
|
|
3des-cbc:012345678901234567890123 \
|
|
blowfish-cbc:0123456789012345 \
|
|
blowfish-cbc:01234567890123456789 \
|
|
blowfish-cbc:012345678901234567890123 \
|
|
blowfish-cbc:0123456789012345678901234567 \
|
|
blowfish-cbc:01234567890123456789012345678901 \
|
|
blowfish-cbc:012345678901234567890123456789012345 \
|
|
blowfish-cbc:0123456789012345678901234567890123456789 \
|
|
blowfish-cbc:01234567890123456789012345678901234567890123 \
|
|
blowfish-cbc:012345678901234567890123456789012345678901234567 \
|
|
blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
|
|
blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
|
|
cast128-cbc:0123456789012345 \
|
|
rijndael-cbc:0123456789012345 \
|
|
rijndael-cbc:012345678901234567890123 \
|
|
rijndael-cbc:01234567890123456789012345678901; do
|
|
|
|
ealgo=${ecipher%%:*}
|
|
ekey=${ecipher##*:}
|
|
|
|
for acipher in \
|
|
hmac-md5:0123456789012345 \
|
|
hmac-sha1:01234567890123456789 \
|
|
hmac-ripemd160:01234567890123456789 \
|
|
hmac-sha2-256:01234567890123456789012345678901 \
|
|
hmac-sha2-384:012345678901234567890123456789012345678901234567 \
|
|
hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
|
|
|
|
aalgo=${acipher%%:*}
|
|
akey=${acipher##*:}
|
|
|
|
setkey -F
|
|
setkey -FP
|
|
|
|
(echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
|
|
echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
|
|
|
|
echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
|
|
echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;"
|
|
echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;"
|
|
echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
|
|
) | setkey -c >/dev/null 2>&1
|
|
if [ $? -eq 0 ]; then
|
|
echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
else
|
|
echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
fi
|
|
i=$((i+1))
|
|
|
|
ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
|
|
if [ $? -eq 0 ]; then
|
|
echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
else
|
|
echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
fi
|
|
i=$((i+1))
|
|
ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
|
|
if [ $? -eq 0 ]; then
|
|
echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
else
|
|
echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
|
|
fi
|
|
i=$((i+1))
|
|
done
|
|
done
|
|
|
|
setkey -F
|
|
setkey -FP
|
|
|
|
ifconfig $netif -alias ${ipbase}.0.1
|
|
ifconfig $netif -alias ${ipbase}.1.1
|