[src/bouyer-socketcan]: src/tests/net/ipsec 79006

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/bouyer-socketcan]: src/tests/net/ipsec 79006
From: ozaki-r <ozaki-r%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 07:29:37 +0000
details:   https://anonhg.NetBSD.org/src/rev/072998791284
branches:  bouyer-socketcan
changeset: 820867:072998791284
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Fri Apr 14 02:56:50 2017 +0000

description:
79006

diffstat:

 tests/net/ipsec/Makefile             |   14 +
 tests/net/ipsec/algorithms.sh        |  160 +++++++++++++++++++++
 tests/net/ipsec/t_ipsec_ah_keys.sh   |  159 +++++++++++++++++++++
 tests/net/ipsec/t_ipsec_esp_keys.sh  |  159 +++++++++++++++++++++
 tests/net/ipsec/t_ipsec_sysctl.sh    |  161 +++++++++++++++++++++
 tests/net/ipsec/t_ipsec_transport.sh |  258 +++++++++++++++++++++++++++++++++++
 6 files changed, 911 insertions(+), 0 deletions(-)

diffs (truncated from 935 to 300 lines):

diff -r a00c687fd9a7 -r 072998791284 tests/net/ipsec/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/ipsec/Makefile  Fri Apr 14 02:56:50 2017 +0000
@@ -0,0 +1,14 @@
+# $NetBSD: Makefile,v 1.1.2.2 2017/04/14 02:56:50 ozaki-r Exp $
+#
+
+.include <bsd.own.mk>
+
+TESTSDIR=      ${TESTSBASE}/net/ipsec
+
+.for name in ipsec_ah_keys ipsec_esp_keys ipsec_sysctl ipsec_transport \
+    ipsec_tunnel
+TESTS_SH+=             t_${name}
+TESTS_SH_SRC_t_${name}=        ../net_common.sh ./algorithms.sh t_${name}.sh
+.endfor
+
+.include <bsd.test.mk>
diff -r a00c687fd9a7 -r 072998791284 tests/net/ipsec/algorithms.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/ipsec/algorithms.sh     Fri Apr 14 02:56:50 2017 +0000
@@ -0,0 +1,160 @@
+#      $NetBSD: algorithms.sh,v 1.1.2.2 2017/04/14 02:56:50 ozaki-r Exp $
+#
+# Copyright (c) 2017 Internet Initiative Japan Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+ESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \
+    des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac"
+
+# Valid key lengths of ESP encription algorithms
+#    des-cbc         64
+#    3des-cbc        192
+#    null            0 to 2048     XXX only accept 0 length
+#    blowfish-cbc    40 to 448
+#    cast128-cbc     40 to 128
+#    des-deriv       64
+#    3des-deriv      192           XXX not implemented
+#    rijndael-cbc    128/192/256
+#    twofish-cbc     0 to 256      XXX not supported
+#    aes-ctr         160/224/288
+#    camellia-cbc    128/192/256
+#    aes-gcm-16      160/224/288
+#    aes-gmac        160/224/288
+valid_keys_descbc="64"
+invalid_keys_descbc="56 72"
+valid_keys_3descbc="192"
+invalid_keys_3descbc="184 200"
+#valid_keys_null="0 2048"
+valid_keys_null="0"
+invalid_keys_null="8"
+valid_keys_blowfishcbc="40 448"
+invalid_keys_blowfishcbc="32 456"
+valid_keys_cast128cbc="40 128"
+invalid_keys_cast128cbc="32 136"
+valid_keys_desderiv="64"
+invalid_keys_desderiv="56 72"
+#valid_keys_3desderiv="192"
+#invalid_keys_3desderiv="184 200"
+valid_keys_rijndaelcbc="128 192 256"
+invalid_keys_rijndaelcbc="120 136 184 200 248 264"
+#valid_keys_twofishcbc="0 256"
+#invalid_keys_twofishcbc="264"
+valid_keys_aesctr="160 224 288"
+invalid_keys_aesctr="152 168 216 232 280 296"
+valid_keys_camelliacbc="128 192 256"
+invalid_keys_camelliacbc="120 136 184 200 248 264"
+valid_keys_aesgcm16="160 224 288"
+invalid_keys_aesgcm16="152 168 216 232 280 296"
+valid_keys_aesgmac="160 224 288"
+invalid_keys_aesgmac="152 168 216 232 280 296"
+
+AH_AUTHENTICATION_ALGORITHMS="hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 null \
+    hmac-sha256 hmac-sha384 hmac-sha512 hmac-ripemd160 aes-xcbc-mac"
+
+# Valid key lengths of AH authentication algorithms
+#    hmac-md5        128
+#    hmac-sha1       160
+#    keyed-md5       128
+#    keyed-sha1      160
+#    null            0 to 2048
+#    hmac-sha256     256
+#    hmac-sha384     384
+#    hmac-sha512     512
+#    hmac-ripemd160  160
+#    aes-xcbc-mac    128
+#    tcp-md5         8 to 640  XXX not enabled in rump kernels
+valid_keys_hmacmd5="128"
+invalid_keys_hmacmd5="120 136"
+valid_keys_hmacsha1="160"
+invalid_keys_hmacsha1="152 168"
+valid_keys_keyedmd5="128"
+invalid_keys_keyedmd5="120 136"
+valid_keys_keyedsha1="160"
+invalid_keys_keyedsha1="152 168"
+#valid_keys_null="0 2048"
+valid_keys_null="0"
+invalid_keys_null="8"
+valid_keys_hmacsha256="256"
+invalid_keys_hmacsha256="248 264"
+valid_keys_hmacsha384="384"
+invalid_keys_hmacsha384="376 392"
+valid_keys_hmacsha512="512"
+invalid_keys_hmacsha512="504 520"
+valid_keys_hmacripemd160="160"
+invalid_keys_hmacripemd160="152 168"
+valid_keys_aesxcbcmac="128"
+invalid_keys_aesxcbcmac="120 136"
+#valid_keys_tcpmd5="8 640"
+#invalid_keys_tcpmd5="648"
+
+get_one_valid_keylen()
+{
+       local algo=$1
+       local _algo=$(echo $algo | sed 's/-//g')
+       local len=
+       local keylengths=
+
+       eval keylengths="\$valid_keys_${_algo}"
+
+       for len in $(echo $keylengths); do
+               break;
+       done
+
+       echo $len
+}
+
+get_valid_keylengths()
+{
+       local algo=$1
+       local _algo=$(echo $algo | sed 's/-//g')
+
+       eval keylengths="\$valid_keys_${_algo}"
+       echo $keylengths
+}
+
+get_invalid_keylengths()
+{
+       local algo=$1
+       local _algo=$(echo $algo | sed 's/-//g')
+
+       eval keylengths="\$invalid_keys_${_algo}"
+       echo $keylengths
+}
+
+generate_key()
+{
+       local keylen=$(($1 / 8))
+       local key=
+
+       while [ $keylen -gt 0 ]; do
+               key="${key}a"
+               keylen=$((keylen - 1))
+       done
+       if [ ! -z "$key" ]; then
+               key="\"$key\""
+       fi
+
+       echo $key
+}
diff -r a00c687fd9a7 -r 072998791284 tests/net/ipsec/t_ipsec_ah_keys.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/net/ipsec/t_ipsec_ah_keys.sh        Fri Apr 14 02:56:50 2017 +0000
@@ -0,0 +1,159 @@
+#      $NetBSD: t_ipsec_ah_keys.sh,v 1.1.2.2 2017/04/14 02:56:50 ozaki-r Exp $
+#
+# Copyright (c) 2017 Internet Initiative Japan Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+SOCK_LOCAL=unix://ipsec_local
+
+DEBUG=${DEBUG:-false}
+
+test_ah_valid_keys_common()
+{
+       local aalgo=$1
+       local key=
+       local tmpfile=./tmp
+       local len=
+
+       rump_server_crypto_start $SOCK_LOCAL netipsec
+
+       export RUMP_SERVER=$SOCK_LOCAL
+
+       for len in $(get_valid_keylengths $aalgo); do
+               key=$(generate_key $len)
+               cat > $tmpfile <<-EOF
+               add 10.0.0.1 10.0.0.2 ah 10000 -A $aalgo $key;
+               EOF
+               $DEBUG && cat $tmpfile
+               atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+               atf_check -s exit:0 -o match:'10.0.0.1 10.0.0.2' \
+                   $HIJACKING setkey -D
+               # TODO: more detail checks
+
+               cat > $tmpfile <<-EOF
+               delete 10.0.0.1 10.0.0.2 ah 10000;
+               EOF
+               $DEBUG && cat $tmpfile
+               atf_check -s exit:0 -o empty $HIJACKING setkey -c < $tmpfile
+               atf_check -s exit:0 -o match:'No SAD entries.' \
+                   $HIJACKING setkey -D
+       done
+
+       rm -f $tmpfile
+}
+
+add_test_valid_keys()
+{
+       local aalgo=$1
+       local _aalgo=$(echo $aalgo | sed 's/-//g')
+       local name= desc=
+
+       name="ipsec_ah_${_aalgo}_valid_keys"
+       desc="Tests AH ($aalgo) valid keys"
+
+       atf_test_case ${name} cleanup
+       eval "                                                          \
+           ${name}_head() {                                            \
+               atf_set \"descr\" \"$desc\";                            \
+               atf_set \"require.progs\" \"rump_server\" \"setkey\";   \
+           };                                                          \
+           ${name}_body() {                                            \
+               test_ah_valid_keys_common $aalgo;                       \
+           };                                                          \
+           ${name}_cleanup() {                                         \
+               $DEBUG && dump;                                         \
+               cleanup;                                                \
+           }                                                           \
+       "
+       atf_add_test_case ${name}
+}
+
+test_ah_invalid_keys_common()
+{
+       local aalgo=$1
+       local key=
+       local tmpfile=./tmp
+       local len=
+
+       rump_server_crypto_start $SOCK_LOCAL netipsec
+
+       export RUMP_SERVER=$SOCK_LOCAL
+
+       for len in $(get_invalid_keylengths $aalgo); do
+               key=$(generate_key $len)
+               cat > $tmpfile <<-EOF
+               add 10.0.0.1 10.0.0.2 ah 10000 -A $aalgo $key;
+               EOF
+               $DEBUG && cat $tmpfile
+               if [ $aalgo = null ]; then
+                       # null doesn't accept any keys
+                       atf_check -s exit:0 \
+                           -o match:'syntax error' -e ignore \
+                           $HIJACKING setkey -c < $tmpfile
+               else
Prev by Date: [src/bouyer-socketcan]: src/external/bsd/bc/bin 2109098
Next by Date: [src/bouyer-socketcan]: src/external/bsd/dhcpcd/dist 2552819
Previous by Thread: [src/bouyer-socketcan]: src/external/bsd/bc/bin 2109098
Next by Thread: [src/bouyer-socketcan]: src/external/bsd/dhcpcd/dist 2552819
Indexes:
Home | Main Index | Thread Index | Old Index