1 #!/usr/bin/ksh
2
3 #
4 # This file and its contents are supplied under the terms of the
5 # Common Development and Distribution License ("CDDL"), version 1.0.
6 # You may only use this file in accordance with the terms of version
7 # 1.0 of the CDDL.
8 #
9 # A full copy of the text of the CDDL should have accompanied this
10 # source. A copy of the CDDL is also available via the Internet at
11 # http://www.illumos.org/license/CDDL.
12 #
13
14 #
15 # Copyright (c) 2017 Joyent, Inc.
16 #
17
18 if [[ `id -u` -ne 0 ]]; then
19 echo "Need to be root or have effective UID of root."
20 exit 255
21 fi
22
23 #
24 # Two birds with one stone.
25 #
26 # 1.) Add some simple SAs.
27 # 2.) Run C programs that use SADB_UPDATE to alter the SAs' KM cookies.
28 #
29 # This tests both SADB_UPDATE of an SA's KM cookie, and the C programs can
30 # test (or not) cookie/cookie64 and the IKEv1 exception.
31 #
32
33 # Add two simple SAs. Will delete them first, out of paranoia.
34
35 ipseckey 2>&1 >/dev/null <<EOF
36 delete ah spi 0x2112 dst 127.0.0.1
37 delete ah spi 0x5150 dst 127.0.0.1
38 add ah spi 0x2112 dst 127.0.0.1 authalg md5 authkey \
39 1234567890abcdeffedcba0987654321
40 add ah spi 0x5150 dst 127.0.0.1 authalg md5 authkey \
41 abcdef01234567890123456789abcdef
42 EOF
43
44 # Run programs to see if UPDATE on their KM cookies works. Both test
45 # programs take an SPI value, and assume dst=127.0.0.1.
46
47 TESTPATH=/opt/os-tests/tests/pf_key
48
49 # Test IKEv1, including masking of the reserved 32-bits.
50 $TESTPATH/kmc-updater 0x2112
51 if [[ $? != 0 ]]; then
52 echo "IKEv1 32-bit KMC test failed."
53 exit 1
54 fi
55 echo "Passed IKEv1 32-bit KMC test."
56
57 # Test a different one, using all 64-bits.
58 $TESTPATH/kmc-updater 0x5150 64
59 if [[ $? != 0 ]]; then
60 echo "64-bit KMC test failed."
61 exit 1
62 fi
63 echo "Passed 64-bit KMC test."
64
65 ipseckey delete ah spi 0x2112 dst 127.0.0.1
66 ipseckey delete ah spi 0x5150 dst 127.0.0.1
67
68 exit 0