Home | History | Annotate | Line # | Download | only in ipsec 
      1 #	$NetBSD: t_ipsec_esp_keys.sh,v 1.4 2023/06/19 08:28:09 knakahara Exp $
      2 #
      3 # Copyright (c) 2017 Internet Initiative Japan Inc.
      4 # All rights reserved.
      5 #
      6 # Redistribution and use in source and binary forms, with or without
      7 # modification, are permitted provided that the following conditions
      8 # are met:
      9 # 1. Redistributions of source code must retain the above copyright
     10 #    notice, this list of conditions and the following disclaimer.
     11 # 2. Redistributions in binary form must reproduce the above copyright
     12 #    notice, this list of conditions and the following disclaimer in the
     13 #    documentation and/or other materials provided with the distribution.
     14 #
     15 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
     16 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
     17 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     18 # PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
     19 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     20 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     21 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     22 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
     23 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     24 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     25 # POSSIBILITY OF SUCH DAMAGE.
     26 #
     27 
     28 SOCK_LOCAL=unix://ipsec_local
     29 
     30 DEBUG=${DEBUG:-false}
     31 
     32 test_esp_valid_keys_common()
     33 {
     34 	local ealgo=$1
     35 	local key=
     36 	local tmpfile=./tmp
     37 	local len=
     38 
     39 	rump_server_crypto_start $SOCK_LOCAL netipsec
     40 
     41 	export RUMP_SERVER=$SOCK_LOCAL
     42 
     43 	for len in $(get_valid_keylengths $ealgo); do
     44 		key=$(generate_key $len)
     45 		cat > $tmpfile <<-EOF
     46 		add 10.0.0.1 10.0.0.2 esp 10000 -E $ealgo $key;
     47 		EOF
     48 		$DEBUG && cat $tmpfile
     49 		atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
     50 		atf_check -s exit:0 -o match:'10.0.0.1 10.0.0.2' \
     51 		    $HIJACKING setkey -D
     52 		# TODO: more detail checks
     53 
     54 		cat > $tmpfile <<-EOF
     55 		delete 10.0.0.1 10.0.0.2 esp 10000;
     56 		EOF
     57 		$DEBUG && cat $tmpfile
     58 		atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
     59 		atf_check -s exit:0 -o match:'No SAD entries.' \
     60 		    $HIJACKING setkey -D
     61 	done
     62 
     63 	rm -f $tmpfile
     64 }
     65 
     66 add_test_valid_keys()
     67 {
     68 	local ealgo=$1
     69 	local _ealgo=$(echo $ealgo | sed 's/-//g')
     70 	local name= desc=
     71 
     72 	name="ipsec_esp_${_ealgo}_valid_keys"
     73 	desc="Tests ESP ($ealgo) valid keys"
     74 
     75 	atf_test_case ${name} cleanup
     76 	eval "
     77 	    ${name}_head() {
     78 	        atf_set descr \"$desc\"
     79 	        atf_set require.progs rump_server setkey
     80 	    }
     81 	    ${name}_body() {
     82 	        test_esp_valid_keys_common $ealgo
     83 	    }
     84 	    ${name}_cleanup() {
     85 	        \$DEBUG && dump
     86 	        cleanup
     87 	    }
     88 	"
     89 	atf_add_test_case ${name}
     90 }
     91 
     92 test_esp_invalid_keys_common()
     93 {
     94 	local ealgo=$1
     95 	local key=
     96 	local tmpfile=./tmp
     97 	local len=
     98 
     99 	rump_server_crypto_start $SOCK_LOCAL netipsec
    100 
    101 	export RUMP_SERVER=$SOCK_LOCAL
    102 
    103 	for len in $(get_invalid_keylengths $ealgo); do
    104 		key=$(generate_key $len)
    105 		cat > $tmpfile <<-EOF
    106 		add 10.0.0.1 10.0.0.2 esp 10000 -E $ealgo $key;
    107 		EOF
    108 		$DEBUG && cat $tmpfile
    109 		if [ $ealgo = null ]; then
    110 			# null doesn't accept any keys
    111 			atf_check -s exit:0 \
    112 			    -o match:'syntax error' -e ignore \
    113 			    $HIJACKING setkey -c < $tmpfile
    114 		else
    115 			atf_check -s exit:0 \
    116 			    -o match:'Invalid (key length|argument)' -e ignore \
    117 			    $HIJACKING setkey -c < $tmpfile
    118 		fi
    119 		atf_check -s exit:0 -o match:'No SAD entries.' \
    120 		    $HIJACKING setkey -D
    121 	done
    122 
    123 	rm -f $tmpfile
    124 }
    125 
    126 add_test_invalid_keys()
    127 {
    128 	local ealgo=$1
    129 	local _ealgo=$(echo $ealgo | sed 's/-//g')
    130 	local name= desc=
    131 
    132 	name="ipsec_esp_${_ealgo}_invalid_keys"
    133 	desc="Tests ESP ($ealgo) invalid keys"
    134 
    135 	atf_test_case ${name} cleanup
    136 	eval "								\
    137 	    ${name}_head() {						\
    138 	        atf_set \"descr\" \"$desc\";				\
    139 	        atf_set \"require.progs\" \"rump_server\" \"setkey\";	\
    140 	    };								\
    141 	    ${name}_body() {						\
    142 	        test_esp_invalid_keys_common $ealgo;			\
    143 	    };								\
    144 	    ${name}_cleanup() {						\
    145 	        $DEBUG && dump;						\
    146 	        cleanup;						\
    147 	    }								\
    148 	"
    149 	atf_add_test_case ${name}
    150 }
    151 
    152 atf_init_test_cases()
    153 {
    154 
    155 	for ealgo in $ESP_ENCRYPTION_ALGORITHMS; do
    156 		add_test_valid_keys $ealgo
    157 		add_test_invalid_keys $ealgo
    158 	done
    159 }
    160