Adding scripts/configuration files to test IPSEC wit TransportNet Lib test apps
authorTinku Mannan <tmannan@ti.com>
Tue, 21 May 2013 20:15:35 +0000 (16:15 -0400)
committerTinku Mannan <tmannan@ti.com>
Tue, 21 May 2013 20:15:35 +0000 (16:15 -0400)
14 files changed:
ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh [new file with mode: 0755]
ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh [new file with mode: 0755]
ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/sectest.sh [new file with mode: 0755]
ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf [new file with mode: 0644]
ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf [new file with mode: 0644]

diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh
new file mode 100755 (executable)
index 0000000..9cf2590
--- /dev/null
@@ -0,0 +1,8 @@
+
+sudo ip xfrm state add src 192.168.1.10 dst 192.168.1.100 proto esp spi 0x66666666 mode tunnel reqid 100 replay-window 64 aead "rfc4309(ccm(aes))" 0x00112233445566778899aabbccddeeff001122 128;
+
+sudo ip xfrm policy add dir out src 192.168.1.10 dst 192.168.1.100 proto udp tmpl src 192.168.1.10 dst 192.168.1.100 proto esp mode tunnel reqid 100;
+
+sudo ip xfrm state add src 192.168.1.100 dst 192.168.1.10 proto esp spi 0x66666666 mode tunnel reqid 100 replay-window 64 aead "rfc4309(ccm(aes))" 0x00112233445566778899aabbccddeeff001122 128;
+
+sudo ip xfrm policy add dir in src 192.168.1.100 dst 192.168.1.10 proto udp tmpl src 192.168.1.100 dst 192.168.1.10 proto esp mode tunnel reqid 100;
diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt
new file mode 100644 (file)
index 0000000..a79bfbe
--- /dev/null
@@ -0,0 +1 @@
+Cipher: aes-ccm loopback sucess.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh
new file mode 100755 (executable)
index 0000000..c5ac88a
--- /dev/null
@@ -0,0 +1,8 @@
+
+sudo ip xfrm state add src 192.168.1.10 dst 192.168.1.100 proto esp spi 0x55555555 mode tunnel reqid 100 replay-window 64 aead "rfc4106(gcm(aes))" 0x00112233445566778899aabbccddeeff00112233 128;
+
+sudo ip xfrm policy add dir out src 192.168.1.10 dst 192.168.1.100 proto udp tmpl src 192.168.1.10 dst 192.168.1.100 proto esp mode tunnel reqid 100;
+
+sudo ip xfrm state add src 192.168.1.100 dst 192.168.1.10 proto esp spi 0x55555555 mode tunnel reqid 100 replay-window 64 aead "rfc4106(gcm(aes))" 0x00112233445566778899aabbccddeeff00112233 128;
+
+sudo ip xfrm policy add dir in src 192.168.1.100 dst 192.168.1.10 proto udp tmpl src 192.168.1.100 dst 192.168.1.10 proto esp mode tunnel reqid 100;
diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt
new file mode 100644 (file)
index 0000000..366162e
--- /dev/null
@@ -0,0 +1 @@
+Cipher: aes-gcm loopback sucess.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt
new file mode 100644 (file)
index 0000000..e167ddc
--- /dev/null
@@ -0,0 +1 @@
+Cipher: aes-xcbc-mac loopback sucess.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt
new file mode 100644 (file)
index 0000000..c6f2bdf
--- /dev/null
@@ -0,0 +1 @@
+Cipher: aes-cbc, Authentication: hmac-sha1 loopback sucess.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf
new file mode 100644 (file)
index 0000000..3696745
--- /dev/null
@@ -0,0 +1,15 @@
+#!/mnt/host/netbench/setkey -f
+#pc->shannon
+flush;
+spdflush;
+add -4 192.168.1.10 192.168.1.100 esp 0x22222222 -m tunnel -E aes-ctr 0x00112233445566778899aabbccddeeff00112233 -A hmac-sha256 0x000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F;
+
+spdadd 192.168.1.10 192.168.1.100 any -P out ipsec
+       esp/tunnel/192.168.1.10-192.168.1.100/require;
+
+
+add -4 192.168.1.100 192.168.1.10 esp 0x22222222 -m tunnel -E aes-ctr 0x00112233445566778899aabbccddeeff00112233 -A hmac-sha256 0x000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F; 
+                                                                                
+spdadd 192.168.1.100 192.168.1.10 any -P in ipsec
+        esp/tunnel/192.168.1.100-192.168.1.10/require;
+
diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt
new file mode 100644 (file)
index 0000000..27aa0b9
--- /dev/null
@@ -0,0 +1 @@
+Cipher: aes-ctr, Authentication: hmac-sha256 loopback sucess.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt
new file mode 100644 (file)
index 0000000..2fb415f
--- /dev/null
@@ -0,0 +1 @@
+Cipher: NULL, Autentication: hmac_md5 loopback sucess for AH mode.
diff --git a/ti/runtime/netapi/tools/ipsec_tools/sectest.sh b/ti/runtime/netapi/tools/ipsec_tools/sectest.sh
new file mode 100755 (executable)
index 0000000..61786e3
--- /dev/null
@@ -0,0 +1,50 @@
+if [ $# -ne 2 ]; then
+    echo "Usage ./sectest.sh <dest udp port> <dest ip address>"
+    exit
+fi
+sudo setkey -f setkeycleanup.conf
+sudo setkey -f setkey_hmac-sha1_aes-cbc.conf
+echo "Sending packet with hmac-sha1_aes-cbc"
+../udpif S hmac-sha1_aes-cbc.txt $1 $2 
+sleep 1
+#
+echo "Cleaning up SAD entries"
+sudo setkey -f setkeycleanup.conf
+echo "Sending packet with aes_gcm"
+./aes_gcm.sh
+../udpif S aes_gcm.txt $1 $2 
+sleep 1
+#
+echo "Cleaning up SAD entries"
+sudo setkey -f setkeycleanup.conf
+echo "Sending packet with aes_ccm"
+./aes_ccm.sh
+../udpif S aes_ccm.txt $1 $2
+sleep 1
+#
+echo "Cleaning up SAD entries"
+sudo setkey -f setkeycleanup.conf
+echo "Sending packet with aes_xcbc"
+sudo setkey -f setkey_aes_xcbc.conf
+../udpif S aes_xcbc.txt $1 $2
+sleep 1
+#
+echo "Cleaning up SAD entries"
+sudo setkey -f setkeycleanup.conf
+echo "Sending packet with hmac-sha256_aes-ctr"
+sudo setkey -f hmac-sha256_aes-ctr.conf 
+../udpif S hmac-sha256_aes_ctr.txt $1 $2
+sleep 1
+#
+echo "Cleaning up SAD entries"
+sudo setkey -f setkeycleanup.conf
+echo "Sending packet with hmac-md5 AH mode"
+sudo setkey -f setkey_hmac-md5_ah.conf 
+../udpif S hmac_md5_ah.txt $1 $2
+sleep 1
+
+sudo setkey -f setkeycleanup.conf
+
+#sudo setkey -f setkeycleanup.conf
+#sudo setkey -f setkey_3des_cbc.conf 
+#./udpif S 3des_cbc.txt $1   $2
diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf
new file mode 100644 (file)
index 0000000..915ac4c
--- /dev/null
@@ -0,0 +1,15 @@
+#!/mnt/host/netbench/setkey -f
+#pc->shannon
+flush;
+spdflush;
+add -4 192.168.1.10 192.168.1.100 esp 0x77777777 -m tunnel -E null -A aes-xcbc-mac 0x000102030405060708090a0b0c0d0e0f;
+
+spdadd 192.168.1.10 192.168.1.100 any -P out ipsec
+       esp/tunnel/192.168.1.10-192.168.1.100/require;
+
+
+add -4 192.168.1.100 192.168.1.10 esp 0x77777777 -m tunnel -E null -A aes-xcbc-mac 0x000102030405060708090a0b0c0d0e0f; 
+                                                                                
+spdadd 192.168.1.100 192.168.1.10 any -P in ipsec
+        esp/tunnel/192.168.1.100-192.168.1.10/require;
+
diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf
new file mode 100644 (file)
index 0000000..bd05fa0
--- /dev/null
@@ -0,0 +1,15 @@
+#!/mnt/host/netbench/setkey -f
+#pc->shannon
+flush;
+spdflush;
+add -4 192.168.1.10 192.168.1.100 ah 0x44444444 -m tunnel -E null -A hmac-md5 0x000102030405060708090a0b0c0d0e0f;
+
+spdadd 192.168.1.10 192.168.1.100 any -P out ipsec
+       ah/tunnel/192.168.1.10-192.168.1.100/require;
+
+
+add -4 192.168.1.100 192.168.1.10 ah 0x44444444 -m tunnel -E null -A hmac-md5 0x000102030405060708090a0b0c0d0e0f; 
+                                                                                
+spdadd 192.168.1.100 192.168.1.10 any -P in ipsec
+        ah/tunnel/192.168.1.100-192.168.1.10/require;
+
diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf
new file mode 100644 (file)
index 0000000..d65b144
--- /dev/null
@@ -0,0 +1,15 @@
+#!/mnt/host/netbench/setkey -f
+#pc->shannon
+flush;
+spdflush;
+add -4 192.168.1.10 192.168.1.100 esp 0x11111111 -m tunnel -E rijndael-cbc 0x55112233445566778899aabbccddeeff00112233445566778899aabbccddeeff -A hmac-sha1 0x000102030405060708090a0b0c0d0e0f10111213;
+
+spdadd 192.168.1.10 192.168.1.100 any -P out ipsec
+       esp/tunnel/192.168.1.10-192.168.1.100/require;
+
+
+add -4 192.168.1.100 192.168.1.10 esp 0x11111111 -m tunnel -E rijndael-cbc 0x55112233445566778899aabbccddeeff00112233445566778899aabbccddeeff -A hmac-sha1 0x000102030405060708090a0b0c0d0e0f10111213;
+                                                                                
+spdadd 192.168.1.100 192.168.1.10 any  -P in ipsec
+        esp/tunnel/192.168.1.100-192.168.1.10/require;
+
diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf b/ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf
new file mode 100644 (file)
index 0000000..05a0dc4
--- /dev/null
@@ -0,0 +1,4 @@
+#!/mnt/host/netbench/setkey -f
+#pc->shannon
+flush;
+spdflush;