From e6aaac3752f8c69f055b1543d78593381b86f80b Mon Sep 17 00:00:00 2001 From: Tinku Mannan Date: Tue, 21 May 2013 16:15:35 -0400 Subject: [PATCH] Adding scripts/configuration files to test IPSEC wit TransportNet Lib test apps --- .../netapi/tools/ipsec_tools/aes_ccm.sh | 8 +++ .../netapi/tools/ipsec_tools/aes_ccm.txt | 1 + .../netapi/tools/ipsec_tools/aes_gcm.sh | 8 +++ .../netapi/tools/ipsec_tools/aes_gcm.txt | 1 + .../netapi/tools/ipsec_tools/aes_xcbc.txt | 1 + .../tools/ipsec_tools/hmac-sha1_aes-cbc.txt | 1 + .../ipsec_tools/hmac-sha256_aes-ctr.conf | 15 ++++++ .../tools/ipsec_tools/hmac-sha256_aes_ctr.txt | 1 + .../netapi/tools/ipsec_tools/hmac_md5_ah.txt | 1 + .../netapi/tools/ipsec_tools/sectest.sh | 50 +++++++++++++++++++ .../tools/ipsec_tools/setkey_aes_xcbc.conf | 15 ++++++ .../tools/ipsec_tools/setkey_hmac-md5_ah.conf | 15 ++++++ .../ipsec_tools/setkey_hmac-sha1_aes-cbc.conf | 15 ++++++ .../tools/ipsec_tools/setkeycleanup.conf | 4 ++ 14 files changed, 136 insertions(+) create mode 100755 ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh create mode 100644 ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt create mode 100755 ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh create mode 100644 ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt create mode 100644 ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt create mode 100644 ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt create mode 100644 ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf create mode 100644 ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt create mode 100644 ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt create mode 100755 ti/runtime/netapi/tools/ipsec_tools/sectest.sh create mode 100644 ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf create mode 100644 ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf create mode 100644 ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf create mode 100644 ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh new file mode 100755 index 0000000..9cf2590 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.sh @@ -0,0 +1,8 @@ + +sudo ip xfrm state add src 192.168.1.10 dst 192.168.1.100 proto esp spi 0x66666666 mode tunnel reqid 100 replay-window 64 aead "rfc4309(ccm(aes))" 0x00112233445566778899aabbccddeeff001122 128; + +sudo ip xfrm policy add dir out src 192.168.1.10 dst 192.168.1.100 proto udp tmpl src 192.168.1.10 dst 192.168.1.100 proto esp mode tunnel reqid 100; + +sudo ip xfrm state add src 192.168.1.100 dst 192.168.1.10 proto esp spi 0x66666666 mode tunnel reqid 100 replay-window 64 aead "rfc4309(ccm(aes))" 0x00112233445566778899aabbccddeeff001122 128; + +sudo ip xfrm policy add dir in src 192.168.1.100 dst 192.168.1.10 proto udp tmpl src 192.168.1.100 dst 192.168.1.10 proto esp mode tunnel reqid 100; diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt new file mode 100644 index 0000000..a79bfbe --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/aes_ccm.txt @@ -0,0 +1 @@ +Cipher: aes-ccm loopback sucess. diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh new file mode 100755 index 0000000..c5ac88a --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.sh @@ -0,0 +1,8 @@ + +sudo ip xfrm state add src 192.168.1.10 dst 192.168.1.100 proto esp spi 0x55555555 mode tunnel reqid 100 replay-window 64 aead "rfc4106(gcm(aes))" 0x00112233445566778899aabbccddeeff00112233 128; + +sudo ip xfrm policy add dir out src 192.168.1.10 dst 192.168.1.100 proto udp tmpl src 192.168.1.10 dst 192.168.1.100 proto esp mode tunnel reqid 100; + +sudo ip xfrm state add src 192.168.1.100 dst 192.168.1.10 proto esp spi 0x55555555 mode tunnel reqid 100 replay-window 64 aead "rfc4106(gcm(aes))" 0x00112233445566778899aabbccddeeff00112233 128; + +sudo ip xfrm policy add dir in src 192.168.1.100 dst 192.168.1.10 proto udp tmpl src 192.168.1.100 dst 192.168.1.10 proto esp mode tunnel reqid 100; diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt new file mode 100644 index 0000000..366162e --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/aes_gcm.txt @@ -0,0 +1 @@ +Cipher: aes-gcm loopback sucess. diff --git a/ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt b/ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt new file mode 100644 index 0000000..e167ddc --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/aes_xcbc.txt @@ -0,0 +1 @@ +Cipher: aes-xcbc-mac loopback sucess. diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt new file mode 100644 index 0000000..c6f2bdf --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha1_aes-cbc.txt @@ -0,0 +1 @@ +Cipher: aes-cbc, Authentication: hmac-sha1 loopback sucess. diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf new file mode 100644 index 0000000..3696745 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes-ctr.conf @@ -0,0 +1,15 @@ +#!/mnt/host/netbench/setkey -f +#pc->shannon +flush; +spdflush; +add -4 192.168.1.10 192.168.1.100 esp 0x22222222 -m tunnel -E aes-ctr 0x00112233445566778899aabbccddeeff00112233 -A hmac-sha256 0x000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F; + +spdadd 192.168.1.10 192.168.1.100 any -P out ipsec + esp/tunnel/192.168.1.10-192.168.1.100/require; + + +add -4 192.168.1.100 192.168.1.10 esp 0x22222222 -m tunnel -E aes-ctr 0x00112233445566778899aabbccddeeff00112233 -A hmac-sha256 0x000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F; + +spdadd 192.168.1.100 192.168.1.10 any -P in ipsec + esp/tunnel/192.168.1.100-192.168.1.10/require; + diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt new file mode 100644 index 0000000..27aa0b9 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/hmac-sha256_aes_ctr.txt @@ -0,0 +1 @@ +Cipher: aes-ctr, Authentication: hmac-sha256 loopback sucess. diff --git a/ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt b/ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt new file mode 100644 index 0000000..2fb415f --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/hmac_md5_ah.txt @@ -0,0 +1 @@ +Cipher: NULL, Autentication: hmac_md5 loopback sucess for AH mode. diff --git a/ti/runtime/netapi/tools/ipsec_tools/sectest.sh b/ti/runtime/netapi/tools/ipsec_tools/sectest.sh new file mode 100755 index 0000000..61786e3 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/sectest.sh @@ -0,0 +1,50 @@ +if [ $# -ne 2 ]; then + echo "Usage ./sectest.sh " + exit +fi +sudo setkey -f setkeycleanup.conf +sudo setkey -f setkey_hmac-sha1_aes-cbc.conf +echo "Sending packet with hmac-sha1_aes-cbc" +../udpif S hmac-sha1_aes-cbc.txt $1 $2 +sleep 1 +# +echo "Cleaning up SAD entries" +sudo setkey -f setkeycleanup.conf +echo "Sending packet with aes_gcm" +./aes_gcm.sh +../udpif S aes_gcm.txt $1 $2 +sleep 1 +# +echo "Cleaning up SAD entries" +sudo setkey -f setkeycleanup.conf +echo "Sending packet with aes_ccm" +./aes_ccm.sh +../udpif S aes_ccm.txt $1 $2 +sleep 1 +# +echo "Cleaning up SAD entries" +sudo setkey -f setkeycleanup.conf +echo "Sending packet with aes_xcbc" +sudo setkey -f setkey_aes_xcbc.conf +../udpif S aes_xcbc.txt $1 $2 +sleep 1 +# +echo "Cleaning up SAD entries" +sudo setkey -f setkeycleanup.conf +echo "Sending packet with hmac-sha256_aes-ctr" +sudo setkey -f hmac-sha256_aes-ctr.conf +../udpif S hmac-sha256_aes_ctr.txt $1 $2 +sleep 1 +# +echo "Cleaning up SAD entries" +sudo setkey -f setkeycleanup.conf +echo "Sending packet with hmac-md5 AH mode" +sudo setkey -f setkey_hmac-md5_ah.conf +../udpif S hmac_md5_ah.txt $1 $2 +sleep 1 + +sudo setkey -f setkeycleanup.conf + +#sudo setkey -f setkeycleanup.conf +#sudo setkey -f setkey_3des_cbc.conf +#./udpif S 3des_cbc.txt $1 $2 diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf new file mode 100644 index 0000000..915ac4c --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/setkey_aes_xcbc.conf @@ -0,0 +1,15 @@ +#!/mnt/host/netbench/setkey -f +#pc->shannon +flush; +spdflush; +add -4 192.168.1.10 192.168.1.100 esp 0x77777777 -m tunnel -E null -A aes-xcbc-mac 0x000102030405060708090a0b0c0d0e0f; + +spdadd 192.168.1.10 192.168.1.100 any -P out ipsec + esp/tunnel/192.168.1.10-192.168.1.100/require; + + +add -4 192.168.1.100 192.168.1.10 esp 0x77777777 -m tunnel -E null -A aes-xcbc-mac 0x000102030405060708090a0b0c0d0e0f; + +spdadd 192.168.1.100 192.168.1.10 any -P in ipsec + esp/tunnel/192.168.1.100-192.168.1.10/require; + diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf new file mode 100644 index 0000000..bd05fa0 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-md5_ah.conf @@ -0,0 +1,15 @@ +#!/mnt/host/netbench/setkey -f +#pc->shannon +flush; +spdflush; +add -4 192.168.1.10 192.168.1.100 ah 0x44444444 -m tunnel -E null -A hmac-md5 0x000102030405060708090a0b0c0d0e0f; + +spdadd 192.168.1.10 192.168.1.100 any -P out ipsec + ah/tunnel/192.168.1.10-192.168.1.100/require; + + +add -4 192.168.1.100 192.168.1.10 ah 0x44444444 -m tunnel -E null -A hmac-md5 0x000102030405060708090a0b0c0d0e0f; + +spdadd 192.168.1.100 192.168.1.10 any -P in ipsec + ah/tunnel/192.168.1.100-192.168.1.10/require; + diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf new file mode 100644 index 0000000..d65b144 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/setkey_hmac-sha1_aes-cbc.conf @@ -0,0 +1,15 @@ +#!/mnt/host/netbench/setkey -f +#pc->shannon +flush; +spdflush; +add -4 192.168.1.10 192.168.1.100 esp 0x11111111 -m tunnel -E rijndael-cbc 0x55112233445566778899aabbccddeeff00112233445566778899aabbccddeeff -A hmac-sha1 0x000102030405060708090a0b0c0d0e0f10111213; + +spdadd 192.168.1.10 192.168.1.100 any -P out ipsec + esp/tunnel/192.168.1.10-192.168.1.100/require; + + +add -4 192.168.1.100 192.168.1.10 esp 0x11111111 -m tunnel -E rijndael-cbc 0x55112233445566778899aabbccddeeff00112233445566778899aabbccddeeff -A hmac-sha1 0x000102030405060708090a0b0c0d0e0f10111213; + +spdadd 192.168.1.100 192.168.1.10 any -P in ipsec + esp/tunnel/192.168.1.100-192.168.1.10/require; + diff --git a/ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf b/ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf new file mode 100644 index 0000000..05a0dc4 --- /dev/null +++ b/ti/runtime/netapi/tools/ipsec_tools/setkeycleanup.conf @@ -0,0 +1,4 @@ +#!/mnt/host/netbench/setkey -f +#pc->shannon +flush; +spdflush; -- 2.39.2