-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathcbc_auth
More file actions
executable file
·63 lines (54 loc) · 1.24 KB
/
cbc_auth
File metadata and controls
executable file
·63 lines (54 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
#
# aes-cbc (rfc3602) + hmac-[md5,sha1,sha256]-96,128 example.
#
print_usage_and_die() {
echo "usage:"
echo " cbc_auth [auth]"
echo ""
echo " auth = md5, sha1, sha256"
echo ""
echo "examples:"
echo " ./scripts/ip-xfrm/hmac_auth sha256 128"
echo " ./scripts/ip-xfrm/hmac_auth sha256 96"
echo " ./scripts/ip-xfrm/hmac_auth sha1"
echo " ./scripts/ip-xfrm/hmac_auth md5"
exit 1
}
alg=sha1
ip_proto=tcp
len=96
if [ $# -eq 0 ]; then
print_usage_and_die
fi
if [ $# -eq 1 ]; then
alg=$1
fi
if [ $# -eq 2 ]; then
alg=$1
len=$2
fi
# State
# ipv4
sudo ip xfrm state add \
src 10.10.10.1 dst 10.10.10.2 \
proto esp \
spi 0x764f47c9 \
mode transport \
replay-window 64 \
auth-trunc $alg 0x01010101010101010101010101010101 $len \
enc aes 0x03030303030303030303030303030303 \
sel src 10.10.10.1 dst 10.10.10.2
sudo ip xfrm state add \
src 10.10.10.2 dst 10.10.10.1 \
proto esp \
spi 0x49ebfdd4 \
mode transport \
replay-window 64 \
auth-trunc $alg 0x02020202020202020202020202020202 $len \
enc aes 0x04040404040404040404040404040404 \
sel src 10.10.10.2 dst 10.10.10.1
# Policies
# ipv4
sudo ip xfrm policy add \
dst 10.10.10.2 proto $ip_proto dir out tmpl proto esp spi 0x764f47c9 mode transport