diff options
Diffstat (limited to 'testsuite/ipsec01/test_main.c')
-rw-r--r-- | testsuite/ipsec01/test_main.c | 258 |
1 files changed, 258 insertions, 0 deletions
diff --git a/testsuite/ipsec01/test_main.c b/testsuite/ipsec01/test_main.c new file mode 100644 index 00000000..4bce3be7 --- /dev/null +++ b/testsuite/ipsec01/test_main.c @@ -0,0 +1,258 @@ +/* + * Copyright (c) 2018 embedded brains GmbH. All rights reserved. + * + * embedded brains GmbH + * Dornierstr. 4 + * 82178 Puchheim + * Germany + * <rtems@embedded-brains.de> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define TEST_NAME "LIBBSD IPSEC 1" + +#include <stdio.h> +#include <stdlib.h> + +#include <rtems/bsd/modules.h> +#ifdef RTEMS_BSD_MODULE_NETIPSEC + +#include <assert.h> +#include <fcntl.h> +#include <string.h> +#include <unistd.h> + +#include <machine/rtems-bsd-commands.h> +#include <machine/rtems-bsd-rc-conf.h> + +#include <rtems/bsd/bsd.h> +#include <rtems/bsd/test/network-config.h> +#include <rtems/console.h> +#include <rtems/shell.h> + + +#define IPSEC_LOC_INT "10.10.1.1" +#define IPSEC_LOC_NET "10.10.1.0/24" +#define IPSEC_LOC_EXT "192.168.10.1" +#define IPSEC_REM_INT "172.24.0.1" +#define IPSEC_REM_NET "172.24.0.0/24" +#define IPSEC_REM_EXT "192.168.10.10" +#define RACOON_PSK_FILE "/etc/racoon_psk.txt" +#define RACOON_CONFIG_FILE "/etc/racoon.conf" +#define SETKEY_CONFIG_FILE "/etc/setkey.conf" +#define RC_CONF "/etc/rc.conf" + +static const char racoon_psk[] = + IPSEC_REM_EXT " mysecretkey\n"; +static const char racoon_config[] = + "path pre_shared_key \"" RACOON_PSK_FILE "\";\n" + "log debug;\n" + "\n" + "padding # options are not to be changed\n" + "{\n" + " maximum_length 20;\n" + " randomize off;\n" + " strict_check off;\n" + " exclusive_tail off;\n" + "}\n" + "\n" + "listen # address [port] that racoon will listen on\n" + "{\n" + " isakmp " IPSEC_LOC_EXT "[500];\n" + "}\n" + "\n" + "remote " IPSEC_REM_EXT " [500]\n" + "{\n" + " exchange_mode main;\n" + " my_identifier address " IPSEC_LOC_EXT ";\n" + " peers_identifier address " IPSEC_REM_EXT ";\n" + " proposal_check obey;\n" + "\n" + " proposal {\n" + " encryption_algorithm 3des;\n" + " hash_algorithm md5;\n" + " authentication_method pre_shared_key;\n" + " lifetime time 3600 sec;\n" + " dh_group 2;\n" + " }\n" + "}\n" + "\n" + "sainfo (address " IPSEC_LOC_NET " any address " IPSEC_REM_NET " any)\n" + "{\n" + " pfs_group 2;\n" + " lifetime time 28800 sec;\n" + " encryption_algorithm 3des;\n" + " authentication_algorithm hmac_md5;\n" + " compression_algorithm deflate;\n" + "}\n"; +static const char setkey_config[] = + "flush;\n" + "spdflush;\n" + "spdadd " IPSEC_LOC_NET " " IPSEC_REM_NET " any -P out ipsec esp/tunnel/" IPSEC_LOC_EXT "-" IPSEC_REM_EXT"/use;\n" + "spdadd " IPSEC_REM_NET " " IPSEC_LOC_NET " any -P in ipsec esp/tunnel/" IPSEC_REM_EXT "-" IPSEC_LOC_EXT"/use;\n"; +static const char rc_conf[] = + "cloned_interfaces=\"gif0\"\n" + "ifconfig_gif0=\"10.10.1.1 172.24.0.1 tunnel 192.168.10.1 192.168.10.10\"\n" + "ike_enable=\"YES\"\n" + "ike_program=\"racoon\"\n" + "ike_flags=\"-F -f /etc/racoon.conf\"\n" + "ike_priority=\"250\"\n" + "\n" + "ipsec_enable=\"YES\"\n" + "ipsec_file=\"/etc/setkey.conf\"\n" + "\n" + "ifconfig_" NET_CFG_INTERFACE_0 "=\"inet " IPSEC_LOC_EXT " netmask 255.255.255.0\"\n"; + +static const struct { + const char *name; + const char *content; +} init_files[] = { + {.name = RACOON_PSK_FILE, .content = racoon_psk}, + {.name = RACOON_CONFIG_FILE, .content = racoon_config}, + {.name = SETKEY_CONFIG_FILE, .content = setkey_config}, + {.name = RC_CONF, .content = rc_conf}, +}; + +static void +prepare_files() +{ + size_t i; + struct stat sb; + int rv; + int fd; + size_t written; + + /* Create /etc if necessary */ + rv = mkdir("/etc", S_IRWXU | S_IRWXG | S_IRWXO); + /* ignore errors, check the dir after. */ + assert(stat("/etc", &sb) == 0); + assert(S_ISDIR(sb.st_mode)); + + /* Create files */ + for(i = 0; i < (sizeof(init_files)/sizeof(init_files[0])); ++i) { + const char *content; + size_t len; + + content = init_files[i].content; + len = strlen(content); + + fd = open(init_files[i].name, O_WRONLY | O_CREAT, + S_IRWXU | S_IRWXG | S_IRWXO); + assert(fd != -1); + + written = write(fd, content, len); + assert(written == len); + + rv = close(fd); + assert(rv == 0); + } +} + +static void +test_main(void) +{ + int rv; + rtems_status_code sc; + + rv = rtems_bsd_run_rc_conf(RC_CONF, 15, true); + assert(rv == 0); + + /* Wait for initial racoon messages. */ + sleep(2); + puts("--------------------------------------------------"); + puts("Everything should be prepared now."); + puts("As soon as you communicate with someone in " IPSEC_REM_NET + " the IPSEC connection should be established."); + puts("--------------------------------------------------"); + + sc = rtems_shell_init("SHLL", 32 * 1024, 1, CONSOLE_DEVICE_NAME, + false, true, NULL); + assert(sc == RTEMS_SUCCESSFUL); + + exit(0); +} + +#define DEFAULT_EARLY_INITIALIZATION + +static void +early_initialization(void) +{ + prepare_files(); +} + +#include <machine/rtems-bsd-sysinit.h> + +#define RTEMS_BSD_CONFIG_IPSEC +/* Software crypto should work on all devices. */ +RTEMS_BSD_DEFINE_NEXUS_DEVICE(cryptosoft, 0, 0, NULL); +#define RTEMS_BSD_CONFIG_BSP_CONFIG + +#include <rtems/bsd/test/default-init.h> + +#define CONFIGURE_SHELL_COMMANDS_INIT +#include <rtems/netcmds-config.h> + +#define CONFIGURE_SHELL_USER_COMMANDS \ + &rtems_shell_ARP_Command, \ + &rtems_shell_HOSTNAME_Command, \ + &rtems_shell_PING_Command, \ + &rtems_shell_ROUTE_Command, \ + &rtems_shell_NETSTAT_Command, \ + &rtems_shell_SYSCTL_Command, \ + &rtems_shell_IFCONFIG_Command, \ + &rtems_shell_VMSTAT_Command + +#define CONFIGURE_SHELL_COMMAND_CPUINFO +#define CONFIGURE_SHELL_COMMAND_CPUUSE +#define CONFIGURE_SHELL_COMMAND_PERIODUSE +#define CONFIGURE_SHELL_COMMAND_STACKUSE +#define CONFIGURE_SHELL_COMMAND_PROFREPORT + +#define CONFIGURE_SHELL_COMMAND_CP +#define CONFIGURE_SHELL_COMMAND_PWD +#define CONFIGURE_SHELL_COMMAND_LS +#define CONFIGURE_SHELL_COMMAND_LN +#define CONFIGURE_SHELL_COMMAND_LSOF +#define CONFIGURE_SHELL_COMMAND_CHDIR +#define CONFIGURE_SHELL_COMMAND_CD +#define CONFIGURE_SHELL_COMMAND_MKDIR +#define CONFIGURE_SHELL_COMMAND_RMDIR +#define CONFIGURE_SHELL_COMMAND_CAT +#define CONFIGURE_SHELL_COMMAND_MV +#define CONFIGURE_SHELL_COMMAND_RM +#define CONFIGURE_SHELL_COMMAND_MALLOC_INFO + +#include <rtems/shellconfig.h> + +#else /* RTEMS_BSD_MODULE_NETIPSEC */ + +static void +test_main(void) +{ + puts("IPSec not enabled in the current build set."); + exit(0); +} + +#include <rtems/bsd/test/default-init.h> + +#endif /* RTEMS_BSD_MODULE_NETIPSEC */ |