Add tests for SA grouped in bundles.

5 files changed, 60 insertions, 2 deletions

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index 4b31265f2fe..c084c455918 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.60 2017/03/23 13:57:07 bluhm Exp $
+# $OpenBSD: Makefile,v 1.61 2017/03/23 17:12:27 bluhm Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -12,7 +12,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
 IPSECTESTS+=51 52 53 54 55 56 57 58
 TCPMD5TESTS=1 2 3
-SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
 SAFAIL=1 2 3
 IPSECFAIL=1 2 3
 IKEFAIL=1 3 4 5 6 8 9 11 12 13 14
diff --git a/regress/sbin/ipsecctl/sa25.in b/regress/sbin/ipsecctl/sa25.in
new file mode 100644
index 00000000000..b63a628e5f4
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa25.in
@@ -0,0 +1,10 @@
+# group the sa bundle if from and to are identical
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000 \
+	authkey file "DIR/ak256:DIR/ak256" \
+	enckey file "DIR/ek128:DIR/ek128"
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x2a000000:0x2b000000 \
+	authkey file "DIR/ak256:DIR/ak256"
+ah transport from 3.3.3.3 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
+	authkey file "DIR/ak256:DIR/ak256"
+ah transport from 1.1.1.1 to 3.3.3.3 spi 0x4a000000:0x4b000000 \
+	authkey file "DIR/ak256:DIR/ak256"
diff --git a/regress/sbin/ipsecctl/sa25.ok b/regress/sbin/ipsecctl/sa25.ok
new file mode 100644
index 00000000000..7a9b2aa2d2a
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa25.ok
@@ -0,0 +1,20 @@
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x1a000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+esp transport from 2.2.2.2 to 1.1.1.1 spi 0x1b000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x2a000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group esp to 2.2.2.2 spi 0x1a000000 with ah to 2.2.2.2 spi 0x2a000000]
+ah transport from 2.2.2.2 to 1.1.1.1 spi 0x2b000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group esp to 1.1.1.1 spi 0x1b000000 with ah to 1.1.1.1 spi 0x2b000000]
+ah transport from 3.3.3.3 to 2.2.2.2 spi 0x3a000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ah transport from 2.2.2.2 to 3.3.3.3 spi 0x3b000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ah transport from 1.1.1.1 to 3.3.3.3 spi 0x4a000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ah transport from 3.3.3.3 to 1.1.1.1 spi 0x4b000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
diff --git a/regress/sbin/ipsecctl/sa26.in b/regress/sbin/ipsecctl/sa26.in
new file mode 100644
index 00000000000..de20ce5ee0a
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa26.in
@@ -0,0 +1,8 @@
+# group all kind of sa bundles
+ipip tunnel from 1.1.1.1 to 2.2.2.2 spi 0x1a000000:0x1b000000
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x2a00:0x2b00
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000:0x3b000000 \
+	authkey file "DIR/ak256:DIR/ak256" \
+	enckey file "DIR/ek128:DIR/ek128"
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000:0x4b000000 \
+	authkey file "DIR/ak256:DIR/ak256"
diff --git a/regress/sbin/ipsecctl/sa26.ok b/regress/sbin/ipsecctl/sa26.ok
new file mode 100644
index 00000000000..9a70a502dcc
--- /dev/null
+++ b/regress/sbin/ipsecctl/sa26.ok
@@ -0,0 +1,20 @@
+ipip from 1.1.1.1 to 2.2.2.2 spi 0x1a000000
+ipip from 2.2.2.2 to 1.1.1.1 spi 0x1b000000
+ipcomp transport from 1.1.1.1 to 2.2.2.2 spi 0x00002a00 comp deflate
+[group ipip to 2.2.2.2 spi 0x1a000000 with ipcomp to 2.2.2.2 spi 0x00002a00]
+ipcomp transport from 2.2.2.2 to 1.1.1.1 spi 0x00002b00 comp deflate
+[group ipip to 1.1.1.1 spi 0x1b000000 with ipcomp to 1.1.1.1 spi 0x00002b00]
+esp transport from 1.1.1.1 to 2.2.2.2 spi 0x3a000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipcomp to 2.2.2.2 spi 0x00002a00 with esp to 2.2.2.2 spi 0x3a000000]
+esp transport from 2.2.2.2 to 1.1.1.1 spi 0x3b000000 auth hmac-sha2-256 enc aes \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
+[group ipcomp to 1.1.1.1 spi 0x00002b00 with esp to 1.1.1.1 spi 0x3b000000]
+ah transport from 1.1.1.1 to 2.2.2.2 spi 0x4a000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group esp to 2.2.2.2 spi 0x3a000000 with ah to 2.2.2.2 spi 0x4a000000]
+ah transport from 2.2.2.2 to 1.1.1.1 spi 0x4b000000 auth hmac-sha2-256 \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+[group esp to 1.1.1.1 spi 0x3b000000 with ah to 1.1.1.1 spi 0x4b000000]