1d8d6b92abe58107b6b5f202bdbcdfaf7a05a845
[keystone-rtos/netapi.git] / ti / runtime / netapi / test / net_test_sa_utils.c
1 /******************************************
2  * File: net_test_sa_utils.c
3  * Purpose: net_test application security associations utilities
4  **************************************************************
5  * FILE:  net_test_sa_utils.c
6  * 
7  * DESCRIPTION:  net_test application security associations utilities
8  * 
9  * REVISION HISTORY:
10  *
11  *  Copyright (c) Texas Instruments Incorporated 2013
12  * 
13  *  Redistribution and use in source and binary forms, with or without 
14  *  modification, are permitted provided that the following conditions 
15  *  are met:
16  *
17  *    Redistributions of source code must retain the above copyright 
18  *    notice, this list of conditions and the following disclaimer.
19  *
20  *    Redistributions in binary form must reproduce the above copyright
21  *    notice, this list of conditions and the following disclaimer in the 
22  *    documentation and/or other materials provided with the   
23  *    distribution.
24  *
25  *    Neither the name of Texas Instruments Incorporated nor the names of
26  *    its contributors may be used to endorse or promote products derived
27  *    from this software without specific prior written permission.
28  *
29  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
30  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
31  *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
32  *  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 
33  *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
34  *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
35  *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36  *  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37  *  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
38  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
39  *  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41  *****************************************/
43 #include "net_test.h"
45 #include <signal.h>
46 #include <pthread.h>
48 #include <ti/drv/sa/salld.h>
49 #include <ti/drv/pa/pa.h>
51 extern NETAPI_T netapi_handle;
52 extern netTestConfig_t netTestCfg;
53 extern netTestConfig_t config;
54 extern netTestSA_t sa_info[];
55 extern NETCP_CFG_IPSEC_POLICY_T rx_policy[];
57 /* pktio channels externs */
58 extern PKTIO_HANDLE_T *netcp_rx_chan;
59 extern PKTIO_HANDLE_T *netcp_rx_chan2;
60 extern PKTIO_HANDLE_T *netcp_tx_chan;
61 extern PKTIO_HANDLE_T *netcp_tx_chan_ah;
62 extern PKTIO_HANDLE_T *netcp_sb_tx_chan;
63 extern PKTIO_HANDLE_T *netcp_sb_rx_chan;
64 extern PKTIO_CFG_T our_chan_cfg;
65 extern PKTIO_CFG_T netcp_rx_cfg;
66 extern PKTIO_CFG_T netcp_rx_cfg2;
67 extern PKTIO_CFG_T netcp_tx_cfg;
68 extern PKTIO_CFG_T netcp_sb_rx_cfg;
69 extern PKTIO_CFG_T netcp_sb_tx_cfg;
70 /* end pktio channels externs */
72 extern Trie *p_trie_sa_rx;
73 extern Trie *p_trie_sa_tx;
77 void  netTest_utilBuildSADB(int i)
78 {
79     long tmp_spi;
80     long tmp_tunnel;
81     if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA1) &&
82         (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CBC))
83     {
84         /* static configuration, will not change */
85         sa_info[i].tx_payload_info.aadSize = 0;
86         sa_info[i].tx_payload_info.pAad = NULL;
87         sa_info[i].tx_payload_info.pAuthIV = NULL;
88         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
89                                                 netTest_IP_HEADER_LEN;
90         
91         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
92                                                netTest_IP_HEADER_LEN +
93                                                netTest_ESP_HEADER_LEN +
94                                                netTest_AES_CBC_IV_LEN;
96         /* dynamic configuration, will  be calculated on the fly */
97         sa_info[i].tx_payload_info.authSize = 0;
98         sa_info[i].tx_payload_info.encSize = 0;
99         sa_info[i].tx_payload_info.pEncIV = 0;
101         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
102         sa_info[i].authMode = netTestCfg.sa[i].authMode;
103         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
104         sa_info[i].auth_tag_size = netTest_ICV_LEN;
106         sa_info[i].iv_len=16;
107         sa_info[i].bl=16;
109         sa_info[i].tx_pkt_info.enetPort = 0;
110         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
111         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
112         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
113         sa_info[i].tx_pkt_info.startOffset = 0;
114         sa_info[i].tx_pkt_info.lpbackPass = 0;
115         sa_info[i].tx_pkt_info.ploadLen = 0; 
116         sa_info[i].tx_pkt_info.pPkt = NULL;
117         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
118         sa_info[i].tx_pkt_info.saPayloadLen = 0;
119         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
120        
121         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
122                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
123                                          NWAL_TX_FLAG1_META_DATA_VALID ;
124         sa_info[i].dir =netTestCfg.sa[i].dir;
125         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
126         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
127         sa_info[i].spi =tmp_spi;
128         sa_info[i].tunnel_id = tmp_tunnel;
129         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
130         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
132         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
133         {
134             trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
135         }
136         else
137         {
138            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
139         }
140     }
141     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
142              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
143     {
144         /* static configuration, will not change */
145         sa_info[i].tx_payload_info.aadSize = 0;
146         sa_info[i].tx_payload_info.pAad = NULL;
147         sa_info[i].tx_payload_info.pAuthIV = NULL;
148         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
149                                                 netTest_IP_HEADER_LEN;
151         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
152                                                netTest_IP_HEADER_LEN +
153                                                netTest_ESP_HEADER_LEN +
154                                                netTest_AES_CTR_IV_LEN;
156         /* dynamic configuration, will  be calculated on the fly */
157         sa_info[i].tx_payload_info.authSize = 0;
158         sa_info[i].tx_payload_info.encSize = 0;
159         sa_info[i].tx_payload_info.pEncIV = 0;
161         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
162         sa_info[i].authMode = netTestCfg.sa[i].authMode;
163         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
164         sa_info[i].auth_tag_size = netTest_ICV_LEN;
165         sa_info[i].iv_len=8;
166         sa_info[i].bl=8;
168         sa_info[i].tx_pkt_info.enetPort = 0;
169         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
170         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
171         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
172         sa_info[i].tx_pkt_info.startOffset = 0;
173         sa_info[i].tx_pkt_info.lpbackPass = 0;
174         sa_info[i].tx_pkt_info.ploadLen = 0;
175         sa_info[i].tx_pkt_info.pPkt = NULL;
176         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
177         sa_info[i].tx_pkt_info.saPayloadLen = 0;
178         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
180         sa_info[i].key_params = &netTestCfg.key_params[i];
182         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
183         sa_info[i].dir =netTestCfg.sa[i].dir;
184         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
185         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
186         sa_info[i].spi =tmp_spi;
187         sa_info[i].tunnel_id = tmp_tunnel;
188         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
189         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
190         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
191         {
192            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
193         }
194         else
195         {
196            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
197         }
198     }
199     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
200              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_3DES_CBC))
201     {
202         /* static configuration, will not change */
203         sa_info[i].tx_payload_info.aadSize = 0;
204         sa_info[i].tx_payload_info.pAad = NULL;
205         sa_info[i].tx_payload_info.pAuthIV = NULL;
206         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
207                                                 netTest_IP_HEADER_LEN;
209         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
210                                                netTest_IP_HEADER_LEN +
211                                                netTest_ESP_HEADER_LEN +
212                                                netTest_3DES_CBC_IV_LEN;
214         /* dynamic configuration, will  be calculated on the fly */
215         sa_info[i].tx_payload_info.authSize = 0;
216         sa_info[i].tx_payload_info.encSize = 0;
217         sa_info[i].tx_payload_info.pEncIV = 0;
219         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
220         sa_info[i].authMode = netTestCfg.sa[i].authMode;
221         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
222         sa_info[i].auth_tag_size = netTest_ICV_LEN;
224         sa_info[i].iv_len=8;
225         sa_info[i].bl=8;
227         sa_info[i].tx_pkt_info.enetPort = 0;
228         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
229         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
230         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
231         sa_info[i].tx_pkt_info.startOffset = 0;
232         sa_info[i].tx_pkt_info.lpbackPass = 0;
233         sa_info[i].tx_pkt_info.ploadLen = 0;
234         sa_info[i].tx_pkt_info.pPkt = NULL;
235         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
236         sa_info[i].tx_pkt_info.saPayloadLen = 0;
237         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
238        
239         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
240                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
241                                          NWAL_TX_FLAG1_META_DATA_VALID ;
243         sa_info[i].dir =netTestCfg.sa[i].dir;
244         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
245         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
246         sa_info[i].spi =tmp_spi;
247         sa_info[i].tunnel_id = tmp_tunnel;
248         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
249         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
250         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
251         {
252            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
253         }
254         else
255         {
256            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
257         }
258     }
259     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_MD5) &&
260              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
261     {
262         /* static configuration, will not change */
263         sa_info[i].tx_payload_info.aadSize = 0;
264         sa_info[i].tx_payload_info.pAad = NULL;
265         sa_info[i].tx_payload_info.pAuthIV = NULL;
266         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN;
268         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
269                                                        netTest_IP_HEADER_LEN +
270                                                        netTest_NULL_ESP_HEADER_LEN +
271                                                        netTest_NULL_IV_LEN +
272                                                        24;
273         sa_info[i].iv_len=0;
274         sa_info[i].bl=4;
276         /* dynamic configuration, will  be calculated on the fly */
277         sa_info[i].tx_payload_info.authSize = 0;
278         sa_info[i].tx_payload_info.encSize = 0;
279         sa_info[i].tx_payload_info.pEncIV = 0;
281         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
282         sa_info[i].authMode = netTestCfg.sa[i].authMode;
283         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
284         sa_info[i].auth_tag_size = netTest_ICV_LEN;
286         sa_info[i].tx_pkt_info.enetPort = 0;
287         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
288         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
289         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
290         sa_info[i].tx_pkt_info.startOffset = 0;
291         sa_info[i].tx_pkt_info.lpbackPass = 0;
292         sa_info[i].tx_pkt_info.ploadLen = 0;
293         sa_info[i].tx_pkt_info.pPkt = NULL;
294         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN;
295         sa_info[i].tx_pkt_info.saPayloadLen = 0;
296         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
297         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_AH_CRYPTO |
298                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
299                                          NWAL_TX_FLAG1_META_DATA_VALID;
300         sa_info[i].dir =netTestCfg.sa[i].dir;
301         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
302         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
303         sa_info[i].spi =tmp_spi;
304         sa_info[i].tunnel_id = tmp_tunnel;
305         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
306         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
307         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
308         {
309            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
310         }
311         else
312         {
313            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
314         }
315     }
316     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
317              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_GCM))
318     {
319         /* static configuration, will not change */
320         sa_info[i].tx_payload_info.aadSize = 0;
321         sa_info[i].tx_payload_info.pAad = NULL;
322         sa_info[i].tx_payload_info.pAuthIV = NULL;
323         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
324                                                 netTest_IP_HEADER_LEN;
326         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
327                                                        netTest_IP_HEADER_LEN +
328                                                        netTest_ESP_HEADER_LEN +
329                                                        netTest_AES_GCM_IV_LEN;
331         sa_info[i].iv_len=0;
332         sa_info[i].bl=4;
334         /* dynamic configuration, will  be calculated on the fly */
335         sa_info[i].tx_payload_info.authSize = 0;
336         sa_info[i].tx_payload_info.encSize = 0;
337         sa_info[i].tx_payload_info.pEncIV = 0;
339         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
340         sa_info[i].authMode = netTestCfg.sa[i].authMode;
341         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
342         sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
344         sa_info[i].tx_pkt_info.enetPort = 0;
345         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
346         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
347         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
348         sa_info[i].tx_pkt_info.startOffset = 0;
349         sa_info[i].tx_pkt_info.lpbackPass = 0;
350         sa_info[i].tx_pkt_info.ploadLen = 0;
351         sa_info[i].tx_pkt_info.pPkt = NULL;
352         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
353         sa_info[i].tx_pkt_info.saPayloadLen = 0;
354         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
355        
356         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
357                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
358                                          NWAL_TX_FLAG1_META_DATA_VALID;
360         sa_info[i].dir =netTestCfg.sa[i].dir;
361         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
362         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
363         sa_info[i].spi =tmp_spi;
364         sa_info[i].tunnel_id = tmp_tunnel;
365         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
366         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
367         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
368         {
369            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
370         }
371         else
372         {
373            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
374         }
375     }
376     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
377              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CCM))
378     {
379         /* static configuration, will not change */
380         sa_info[i].tx_payload_info.aadSize = 0;
381         sa_info[i].tx_payload_info.pAad = NULL;
382         sa_info[i].tx_payload_info.pAuthIV = NULL;
383         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
384                                                 netTest_IP_HEADER_LEN;
386         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
387                                                        netTest_IP_HEADER_LEN +
388                                                        netTest_ESP_HEADER_LEN +
389                                                        netTest_AES_CCM_IV_LEN;
391         sa_info[i].iv_len=0;
392         sa_info[i].bl=4;
394         /* dynamic configuration, will  be calculated on the fly */
395         sa_info[i].tx_payload_info.authSize = 0;
396         sa_info[i].tx_payload_info.encSize = 0;
397         sa_info[i].tx_payload_info.pEncIV = 0;
399         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
400         sa_info[i].authMode = netTestCfg.sa[i].authMode;
401         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
402         sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
404         sa_info[i].tx_pkt_info.enetPort = 0;
405         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
406         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
407         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
408         sa_info[i].tx_pkt_info.startOffset = 0;
409         sa_info[i].tx_pkt_info.lpbackPass = 0;
410         sa_info[i].tx_pkt_info.ploadLen = 0;
411         sa_info[i].tx_pkt_info.pPkt = NULL;
412         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
413         sa_info[i].tx_pkt_info.saPayloadLen = 0;
414         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
415        
416         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
417                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
418                                          NWAL_TX_FLAG1_META_DATA_VALID;
419         
420         sa_info[i].dir =netTestCfg.sa[i].dir;
421         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
422         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
423         sa_info[i].spi =tmp_spi;
424         sa_info[i].tunnel_id = tmp_tunnel;
425         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
426         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
427         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
428         {
429            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
430         }
431         else
432         {
433            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
434         }
435     }
436     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_AES_XCBC) &&
437              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
438     {
439         /* static configuration, will not change */
440         sa_info[i].tx_payload_info.aadSize = 0;
441         sa_info[i].tx_payload_info.pAad = NULL;
442         sa_info[i].tx_payload_info.pAuthIV = NULL;
443         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
444                                                 netTest_IP_HEADER_LEN;
446         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
447                                                        netTest_IP_HEADER_LEN +
448                                                        netTest_ESP_HEADER_LEN +
449                                                        netTest_NULL_IV_LEN;
451         sa_info[i].iv_len=0;
452         sa_info[i].bl=4;
454         /* dynamic configuration, will  be calculated on the fly */
455         sa_info[i].tx_payload_info.authSize = 0;
456         sa_info[i].tx_payload_info.encSize = 0;
457         //sa_info[i].tx_payload_info.ploadLen = 0;
458         sa_info[i].tx_payload_info.pEncIV = 0;
460         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
461         sa_info[i].authMode = netTestCfg.sa[i].authMode;
462         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
463         sa_info[i].auth_tag_size = netTest_ICV_LEN;
465         sa_info[i].tx_pkt_info.enetPort = 0;
466         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
467         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
468         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
469         sa_info[i].tx_pkt_info.startOffset = 0;
470         sa_info[i].tx_pkt_info.lpbackPass = 0;
471         sa_info[i].tx_pkt_info.ploadLen = 0;
472         sa_info[i].tx_pkt_info.pPkt = NULL;
473         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
474         sa_info[i].tx_pkt_info.saPayloadLen = 0;
475         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
476        
477         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
478                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM|
479                                          NWAL_TX_FLAG1_META_DATA_VALID;
480         
481         sa_info[i].dir =netTestCfg.sa[i].dir;
482         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
483         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
484         sa_info[i].spi =tmp_spi;
485         sa_info[i].tunnel_id = tmp_tunnel;
486         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
487         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
488         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
489         {
490            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
491         }
492         else
493         {
494            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
495         }
496     }
497     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_GMAC) &&
498              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
499     {
500         /* static configuration, will not change */
501         sa_info[i].tx_payload_info.aadSize = 0;
502         sa_info[i].tx_payload_info.pAad = NULL;
503         sa_info[i].tx_payload_info.pAuthIV = NULL;
504         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
505                                                 netTest_IP_HEADER_LEN;
507         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
508                                                        netTest_IP_HEADER_LEN +
509                                                        netTest_ESP_HEADER_LEN +
510                                                        netTest_AES_GMAC_IV_LEN;
512         sa_info[i].iv_len=0;
513         sa_info[i].bl=4;
515         /* dynamic configuration, will  be calculated on the fly */
516         sa_info[i].tx_payload_info.authSize = 0;
517         sa_info[i].tx_payload_info.encSize = 0;
518         sa_info[i].tx_payload_info.pEncIV = 0;
519         sa_info[i].tx_payload_info.pAuthIV = 0;
521         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
522         sa_info[i].authMode = netTestCfg.sa[i].authMode;
523         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
524         sa_info[i].auth_tag_size = netTest_AES_GMAC_ICV_LEN;
526         sa_info[i].tx_pkt_info.enetPort = 0;
527         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
528         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
529         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
530         sa_info[i].tx_pkt_info.startOffset = 0;
531         sa_info[i].tx_pkt_info.lpbackPass = 0;
532         sa_info[i].tx_pkt_info.ploadLen = 0;
533         sa_info[i].tx_pkt_info.pPkt = NULL;
534         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
535         sa_info[i].tx_pkt_info.saPayloadLen = 0;
536         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
537        
538         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
539                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
540                                          NWAL_TX_FLAG1_META_DATA_VALID;
541         
542         sa_info[i].dir =netTestCfg.sa[i].dir;
543         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
544         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
545         sa_info[i].spi =tmp_spi;
546         sa_info[i].tunnel_id = tmp_tunnel;
547         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
548         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
549         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
550         {
551            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
552         }
553         else
554         {
555            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
556         }
557     }
558     else
559         netapi_Log("netTest_utilBuildSADB(): invalid encryption/authentication combination selected\n");
562 int netTest_utilCreateSecAssoc(void)
564     nwal_RetValue       nwalRetVal;
565     int err,i;
566     nwalSaIpSecId_t  nwalSaIpSecId;
567     uint32_t saId;
568     for (i=0; i < netTestCfg.num_sa;i++)
569     {
570         err = 0;
571         if(netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
572         {
573             netTest_utilBuildSADB(i);
574             saId = i;
575             sa_info[i].rx_tunnel = netapi_secAddSA(
576             netapi_handle,
577             netTestCfg.ipsec_if_no, //iface #0 
578             &netTestCfg.sa[i],
579             &netTestCfg.key_params[i],
580             netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
581                 NULL,  //use default route 
582             &(sa_info[i].rx_data_mode_handle),
583             &(sa_info[i].rx_inflow_mode_handle),
584             (void*) saId,
585             &err);
586             if (err)
587             {
588                 netapi_Log("addRxSa failed %d\n",err);
589                 exit(1);
590             }
593             if (netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_INFLOW)
594             {
595                 //assume inner and outer ip is the same
596                 rx_policy[i]= netapi_secAddRxPolicy( netapi_handle,
597                              sa_info[i].rx_tunnel,  //link to tunnel above
598                              4,         //ipv4
599                              &netTestCfg.sa[i].src,
600                              &netTestCfg.sa[i].dst,
601                             NULL,  // no qualifiers
602                             NULL,  //default route
603                             NULL, //user_data
604                              &err);
605                 if (err)
606                 {
607                     netapi_Log("addSaPolicy failed  %d, for index %d\n",err,i); 
608                     exit(1);
609                 }
610             }
611             else
612             {
613                 rx_policy[i] = 0;
614             }
615         }
616         //tx SA security stuff
617         if(netTestCfg.sa[i].dir == NWAL_SA_DIR_OUTBOUND)
618         {
619             netTest_utilBuildSADB(i);
620             saId = i;
621             sa_info[i].tx_tunnel = netapi_secAddSA( netapi_handle,
622                  0, //iface #0 
623                  &netTestCfg.sa[i],
624                  &netTestCfg.key_params[i],
625                 netTestCfg.ipsec_mode_tx == IPSEC_MODE_TX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
626                 NULL,  //use default route 
627                 &(sa_info[i].tx_data_mode_handle),
628                 &(sa_info[i].tx_inflow_mode_handle),
629                 (void*)saId,
630                 &err);
631             if (err) {netapi_Log("addTxSa failed %d\n",err); exit(1);}
632         }
633     }
637 void netTest_utilDeleteSecAssoc()
639     int err,i;
640     for (i=0; i < netTestCfg.num_sa;i++)
641     {
642         err = 0;
643         if(sa_info[i].dir == NWAL_SA_DIR_INBOUND)
644         {
645             if (rx_policy[i])
646                 netapi_secDelRxPolicy(netapi_handle, rx_policy[i], &err);
647             if (err == 0) netapi_Log("polcicy deleted  %d\n", i );
648                 //delete tunnels
649             netapi_secDelSA(netapi_handle, 0, sa_info[i].rx_tunnel, &err);
650         }
651         
652         if(sa_info[i].dir == NWAL_SA_DIR_OUTBOUND)
653         {
654             netapi_secDelSA(netapi_handle, 0, sa_info[i].tx_tunnel, &err);
655         }
656     }