1#!/usr/bin/ksh 2 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13 14# 15# Copyright (c) 2017 Joyent, Inc. 16# 17 18if [[ `id -u` -ne 0 ]]; then 19 echo "Need to be root or have effective UID of root." 20 exit 255 21fi 22 23# 24# Two birds with one stone. 25# 26# 1.) Add some simple SAs. 27# 2.) Run C programs that use SADB_UPDATE to alter the SAs' KM cookies. 28# 29# This tests both SADB_UPDATE of an SA's KM cookie, and the C programs can 30# test (or not) cookie/cookie64 and the IKEv1 exception. 31# 32 33# Add two simple SAs. Will delete them first, out of paranoia. 34 35ipseckey 2>&1 >/dev/null <<EOF 36delete ah spi 0x2112 dst 127.0.0.1 37delete ah spi 0x5150 dst 127.0.0.1 38add ah spi 0x2112 dst 127.0.0.1 authalg md5 authkey \ 39 1234567890abcdeffedcba0987654321 40add ah spi 0x5150 dst 127.0.0.1 authalg md5 authkey \ 41 abcdef01234567890123456789abcdef 42EOF 43 44# Run programs to see if UPDATE on their KM cookies works. Both test 45# programs take an SPI value, and assume dst=127.0.0.1. 46 47TESTPATH=/opt/os-tests/tests/pf_key 48 49# Test IKEv1, including masking of the reserved 32-bits. 50$TESTPATH/kmc-updater 0x2112 51if [[ $? != 0 ]]; then 52 echo "IKEv1 32-bit KMC test failed." 53 exit 1 54fi 55echo "Passed IKEv1 32-bit KMC test." 56 57# Test a different one, using all 64-bits. 58$TESTPATH/kmc-updater 0x5150 64 59if [[ $? != 0 ]]; then 60 echo "64-bit KMC test failed." 61 exit 1 62fi 63echo "Passed 64-bit KMC test." 64 65ipseckey delete ah spi 0x2112 dst 127.0.0.1 66ipseckey delete ah spi 0x5150 dst 127.0.0.1 67 68exit 0 69