1 /******************************************
2 * File: net_test_sa_utils.c
3 * Purpose: net_test application security associations utilities
4 **************************************************************
5 * FILE: net_test_sa_utils.c
6 *
7 * DESCRIPTION: net_test application security associations utilities
8 *
9 * REVISION HISTORY:
10 *
11 * Copyright (c) Texas Instruments Incorporated 2013
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 *
20 * Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the
23 * distribution.
24 *
25 * Neither the name of Texas Instruments Incorporated nor the names of
26 * its contributors may be used to endorse or promote products derived
27 * from this software without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
30 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
31 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
32 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
33 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
34 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
35 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
38 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
39 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 *****************************************/
43 #include "net_test.h"
45 #include <signal.h>
46 #include <pthread.h>
48 #include <ti/drv/sa/salld.h>
49 #include <ti/drv/pa/pa.h>
51 extern NETAPI_T netapi_handle;
52 extern netTestConfig_t netTestCfg;
53 extern netTestConfig_t config;
54 extern netTestSA_t sa_info[];
55 extern NETCP_CFG_IPSEC_POLICY_T rx_policy[];
57 /* pktio channels externs */
58 extern PKTIO_HANDLE_T *netcp_rx_chan;
59 extern PKTIO_HANDLE_T *netcp_rx_chan2;
60 extern PKTIO_HANDLE_T *netcp_tx_chan;
61 extern PKTIO_HANDLE_T *netcp_tx_chan_ah;
62 extern PKTIO_HANDLE_T *netcp_sb_tx_chan;
63 extern PKTIO_HANDLE_T *netcp_sb_rx_chan;
64 extern PKTIO_CFG_T our_chan_cfg;
65 extern PKTIO_CFG_T netcp_rx_cfg;
66 extern PKTIO_CFG_T netcp_rx_cfg2;
67 extern PKTIO_CFG_T netcp_tx_cfg;
68 extern PKTIO_CFG_T netcp_sb_rx_cfg;
69 extern PKTIO_CFG_T netcp_sb_tx_cfg;
70 /* end pktio channels externs */
72 extern Trie *p_trie_sa_rx;
73 extern Trie *p_trie_sa_tx;
77 void netTest_utilBuildSADB(int i)
78 {
79 long tmp_spi;
80 long tmp_tunnel;
81 if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA1) &&
82 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CBC))
83 {
84 /* static configuration, will not change */
85 sa_info[i].tx_payload_info.aadSize = 0;
86 sa_info[i].tx_payload_info.pAad = NULL;
87 sa_info[i].tx_payload_info.pAuthIV = NULL;
88 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
89 netTest_IP_HEADER_LEN;
91 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
92 netTest_IP_HEADER_LEN +
93 netTest_ESP_HEADER_LEN +
94 netTest_AES_CBC_IV_LEN;
96 /* dynamic configuration, will be calculated on the fly */
97 sa_info[i].tx_payload_info.authSize = 0;
98 sa_info[i].tx_payload_info.encSize = 0;
99 sa_info[i].tx_payload_info.pEncIV = 0;
101 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
102 sa_info[i].authMode = netTestCfg.sa[i].authMode;
103 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
104 sa_info[i].auth_tag_size = netTest_ICV_LEN;
106 sa_info[i].iv_len=16;
107 sa_info[i].bl=16;
109 sa_info[i].tx_pkt_info.enetPort = 0;
110 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
111 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
112 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
113 sa_info[i].tx_pkt_info.startOffset = 0;
114 sa_info[i].tx_pkt_info.lpbackPass = 0;
115 sa_info[i].tx_pkt_info.ploadLen = 0;
116 sa_info[i].tx_pkt_info.pPkt = NULL;
117 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
118 sa_info[i].tx_pkt_info.saPayloadLen = 0;
119 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
121 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
122 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
123 NWAL_TX_FLAG1_META_DATA_VALID ;
124 sa_info[i].dir =netTestCfg.sa[i].dir;
125 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
126 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
127 sa_info[i].spi =tmp_spi;
128 sa_info[i].tunnel_id = tmp_tunnel;
129 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
130 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
132 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
133 {
134 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
135 }
136 else
137 {
138 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
139 }
140 }
141 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
142 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
143 {
144 /* static configuration, will not change */
145 sa_info[i].tx_payload_info.aadSize = 0;
146 sa_info[i].tx_payload_info.pAad = NULL;
147 sa_info[i].tx_payload_info.pAuthIV = NULL;
148 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
149 netTest_IP_HEADER_LEN;
151 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
152 netTest_IP_HEADER_LEN +
153 netTest_ESP_HEADER_LEN +
154 netTest_AES_CTR_IV_LEN;
156 /* dynamic configuration, will be calculated on the fly */
157 sa_info[i].tx_payload_info.authSize = 0;
158 sa_info[i].tx_payload_info.encSize = 0;
159 sa_info[i].tx_payload_info.pEncIV = 0;
161 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
162 sa_info[i].authMode = netTestCfg.sa[i].authMode;
163 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
164 sa_info[i].auth_tag_size = netTest_ICV_LEN;
165 sa_info[i].iv_len=8;
166 sa_info[i].bl=8;
168 sa_info[i].tx_pkt_info.enetPort = 0;
169 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
170 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
171 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
172 sa_info[i].tx_pkt_info.startOffset = 0;
173 sa_info[i].tx_pkt_info.lpbackPass = 0;
174 sa_info[i].tx_pkt_info.ploadLen = 0;
175 sa_info[i].tx_pkt_info.pPkt = NULL;
176 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
177 sa_info[i].tx_pkt_info.saPayloadLen = 0;
178 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
180 sa_info[i].key_params = &netTestCfg.key_params[i];
182 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
183 sa_info[i].dir =netTestCfg.sa[i].dir;
184 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
185 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
186 sa_info[i].spi =tmp_spi;
187 sa_info[i].tunnel_id = tmp_tunnel;
188 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
189 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
190 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
191 {
192 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
193 }
194 else
195 {
196 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
197 }
198 }
199 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
200 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_3DES_CBC))
201 {
202 /* static configuration, will not change */
203 sa_info[i].tx_payload_info.aadSize = 0;
204 sa_info[i].tx_payload_info.pAad = NULL;
205 sa_info[i].tx_payload_info.pAuthIV = NULL;
206 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
207 netTest_IP_HEADER_LEN;
209 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
210 netTest_IP_HEADER_LEN +
211 netTest_ESP_HEADER_LEN +
212 netTest_3DES_CBC_IV_LEN;
214 /* dynamic configuration, will be calculated on the fly */
215 sa_info[i].tx_payload_info.authSize = 0;
216 sa_info[i].tx_payload_info.encSize = 0;
217 sa_info[i].tx_payload_info.pEncIV = 0;
219 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
220 sa_info[i].authMode = netTestCfg.sa[i].authMode;
221 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
222 sa_info[i].auth_tag_size = netTest_ICV_LEN;
224 sa_info[i].iv_len=8;
225 sa_info[i].bl=8;
227 sa_info[i].tx_pkt_info.enetPort = 0;
228 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
229 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
230 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
231 sa_info[i].tx_pkt_info.startOffset = 0;
232 sa_info[i].tx_pkt_info.lpbackPass = 0;
233 sa_info[i].tx_pkt_info.ploadLen = 0;
234 sa_info[i].tx_pkt_info.pPkt = NULL;
235 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
236 sa_info[i].tx_pkt_info.saPayloadLen = 0;
237 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
239 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
240 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
241 NWAL_TX_FLAG1_META_DATA_VALID ;
243 sa_info[i].dir =netTestCfg.sa[i].dir;
244 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
245 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
246 sa_info[i].spi =tmp_spi;
247 sa_info[i].tunnel_id = tmp_tunnel;
248 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
249 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
250 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
251 {
252 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
253 }
254 else
255 {
256 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
257 }
258 }
259 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_MD5) &&
260 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
261 {
262 /* static configuration, will not change */
263 sa_info[i].tx_payload_info.aadSize = 0;
264 sa_info[i].tx_payload_info.pAad = NULL;
265 sa_info[i].tx_payload_info.pAuthIV = NULL;
266 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN;
268 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
269 netTest_IP_HEADER_LEN +
270 netTest_NULL_ESP_HEADER_LEN +
271 netTest_NULL_IV_LEN +
272 24;
273 sa_info[i].iv_len=0;
274 sa_info[i].bl=4;
276 /* dynamic configuration, will be calculated on the fly */
277 sa_info[i].tx_payload_info.authSize = 0;
278 sa_info[i].tx_payload_info.encSize = 0;
279 sa_info[i].tx_payload_info.pEncIV = 0;
281 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
282 sa_info[i].authMode = netTestCfg.sa[i].authMode;
283 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
284 sa_info[i].auth_tag_size = netTest_ICV_LEN;
286 sa_info[i].tx_pkt_info.enetPort = 0;
287 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
288 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
289 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
290 sa_info[i].tx_pkt_info.startOffset = 0;
291 sa_info[i].tx_pkt_info.lpbackPass = 0;
292 sa_info[i].tx_pkt_info.ploadLen = 0;
293 sa_info[i].tx_pkt_info.pPkt = NULL;
294 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN;
295 sa_info[i].tx_pkt_info.saPayloadLen = 0;
296 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
297 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_AH_CRYPTO |
298 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
299 NWAL_TX_FLAG1_META_DATA_VALID;
300 sa_info[i].dir =netTestCfg.sa[i].dir;
301 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
302 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
303 sa_info[i].spi =tmp_spi;
304 sa_info[i].tunnel_id = tmp_tunnel;
305 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
306 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
307 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
308 {
309 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
310 }
311 else
312 {
313 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
314 }
315 }
316 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
317 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_GCM))
318 {
319 /* static configuration, will not change */
320 sa_info[i].tx_payload_info.aadSize = 0;
321 sa_info[i].tx_payload_info.pAad = NULL;
322 sa_info[i].tx_payload_info.pAuthIV = NULL;
323 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
324 netTest_IP_HEADER_LEN;
326 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
327 netTest_IP_HEADER_LEN +
328 netTest_ESP_HEADER_LEN +
329 netTest_AES_GCM_IV_LEN;
331 sa_info[i].iv_len=0;
332 sa_info[i].bl=4;
334 /* dynamic configuration, will be calculated on the fly */
335 sa_info[i].tx_payload_info.authSize = 0;
336 sa_info[i].tx_payload_info.encSize = 0;
337 sa_info[i].tx_payload_info.pEncIV = 0;
339 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
340 sa_info[i].authMode = netTestCfg.sa[i].authMode;
341 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
342 sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
344 sa_info[i].tx_pkt_info.enetPort = 0;
345 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
346 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
347 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
348 sa_info[i].tx_pkt_info.startOffset = 0;
349 sa_info[i].tx_pkt_info.lpbackPass = 0;
350 sa_info[i].tx_pkt_info.ploadLen = 0;
351 sa_info[i].tx_pkt_info.pPkt = NULL;
352 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
353 sa_info[i].tx_pkt_info.saPayloadLen = 0;
354 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
356 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
357 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
358 NWAL_TX_FLAG1_META_DATA_VALID;
360 sa_info[i].dir =netTestCfg.sa[i].dir;
361 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
362 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
363 sa_info[i].spi =tmp_spi;
364 sa_info[i].tunnel_id = tmp_tunnel;
365 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
366 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
367 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
368 {
369 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
370 }
371 else
372 {
373 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
374 }
375 }
376 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
377 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CCM))
378 {
379 /* static configuration, will not change */
380 sa_info[i].tx_payload_info.aadSize = 0;
381 sa_info[i].tx_payload_info.pAad = NULL;
382 sa_info[i].tx_payload_info.pAuthIV = NULL;
383 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
384 netTest_IP_HEADER_LEN;
386 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
387 netTest_IP_HEADER_LEN +
388 netTest_ESP_HEADER_LEN +
389 netTest_AES_CCM_IV_LEN;
391 sa_info[i].iv_len=0;
392 sa_info[i].bl=4;
394 /* dynamic configuration, will be calculated on the fly */
395 sa_info[i].tx_payload_info.authSize = 0;
396 sa_info[i].tx_payload_info.encSize = 0;
397 sa_info[i].tx_payload_info.pEncIV = 0;
399 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
400 sa_info[i].authMode = netTestCfg.sa[i].authMode;
401 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
402 sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
404 sa_info[i].tx_pkt_info.enetPort = 0;
405 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
406 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
407 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
408 sa_info[i].tx_pkt_info.startOffset = 0;
409 sa_info[i].tx_pkt_info.lpbackPass = 0;
410 sa_info[i].tx_pkt_info.ploadLen = 0;
411 sa_info[i].tx_pkt_info.pPkt = NULL;
412 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
413 sa_info[i].tx_pkt_info.saPayloadLen = 0;
414 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
416 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
417 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
418 NWAL_TX_FLAG1_META_DATA_VALID;
420 sa_info[i].dir =netTestCfg.sa[i].dir;
421 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
422 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
423 sa_info[i].spi =tmp_spi;
424 sa_info[i].tunnel_id = tmp_tunnel;
425 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
426 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
427 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
428 {
429 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
430 }
431 else
432 {
433 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
434 }
435 }
436 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_AES_XCBC) &&
437 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
438 {
439 /* static configuration, will not change */
440 sa_info[i].tx_payload_info.aadSize = 0;
441 sa_info[i].tx_payload_info.pAad = NULL;
442 sa_info[i].tx_payload_info.pAuthIV = NULL;
443 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
444 netTest_IP_HEADER_LEN;
446 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
447 netTest_IP_HEADER_LEN +
448 netTest_ESP_HEADER_LEN +
449 netTest_NULL_IV_LEN;
451 sa_info[i].iv_len=0;
452 sa_info[i].bl=4;
454 /* dynamic configuration, will be calculated on the fly */
455 sa_info[i].tx_payload_info.authSize = 0;
456 sa_info[i].tx_payload_info.encSize = 0;
457 //sa_info[i].tx_payload_info.ploadLen = 0;
458 sa_info[i].tx_payload_info.pEncIV = 0;
460 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
461 sa_info[i].authMode = netTestCfg.sa[i].authMode;
462 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
463 sa_info[i].auth_tag_size = netTest_ICV_LEN;
465 sa_info[i].tx_pkt_info.enetPort = 0;
466 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
467 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
468 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
469 sa_info[i].tx_pkt_info.startOffset = 0;
470 sa_info[i].tx_pkt_info.lpbackPass = 0;
471 sa_info[i].tx_pkt_info.ploadLen = 0;
472 sa_info[i].tx_pkt_info.pPkt = NULL;
473 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
474 sa_info[i].tx_pkt_info.saPayloadLen = 0;
475 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
477 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
478 NWAL_TX_FLAG1_DO_UDP_CHKSUM|
479 NWAL_TX_FLAG1_META_DATA_VALID;
481 sa_info[i].dir =netTestCfg.sa[i].dir;
482 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
483 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
484 sa_info[i].spi =tmp_spi;
485 sa_info[i].tunnel_id = tmp_tunnel;
486 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
487 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
488 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
489 {
490 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
491 }
492 else
493 {
494 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
495 }
496 }
497 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_GMAC) &&
498 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
499 {
500 /* static configuration, will not change */
501 sa_info[i].tx_payload_info.aadSize = 0;
502 sa_info[i].tx_payload_info.pAad = NULL;
503 sa_info[i].tx_payload_info.pAuthIV = NULL;
504 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
505 netTest_IP_HEADER_LEN;
507 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
508 netTest_IP_HEADER_LEN +
509 netTest_ESP_HEADER_LEN +
510 netTest_AES_GMAC_IV_LEN;
512 sa_info[i].iv_len=0;
513 sa_info[i].bl=4;
515 /* dynamic configuration, will be calculated on the fly */
516 sa_info[i].tx_payload_info.authSize = 0;
517 sa_info[i].tx_payload_info.encSize = 0;
518 sa_info[i].tx_payload_info.pEncIV = 0;
519 sa_info[i].tx_payload_info.pAuthIV = 0;
521 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
522 sa_info[i].authMode = netTestCfg.sa[i].authMode;
523 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
524 sa_info[i].auth_tag_size = netTest_AES_GMAC_ICV_LEN;
526 sa_info[i].tx_pkt_info.enetPort = 0;
527 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
528 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
529 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
530 sa_info[i].tx_pkt_info.startOffset = 0;
531 sa_info[i].tx_pkt_info.lpbackPass = 0;
532 sa_info[i].tx_pkt_info.ploadLen = 0;
533 sa_info[i].tx_pkt_info.pPkt = NULL;
534 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
535 sa_info[i].tx_pkt_info.saPayloadLen = 0;
536 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
538 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
539 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
540 NWAL_TX_FLAG1_META_DATA_VALID;
542 sa_info[i].dir =netTestCfg.sa[i].dir;
543 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
544 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
545 sa_info[i].spi =tmp_spi;
546 sa_info[i].tunnel_id = tmp_tunnel;
547 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
548 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
549 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
550 {
551 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
552 }
553 else
554 {
555 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
556 }
557 }
558 else
559 netapi_Log("netTest_utilBuildSADB(): invalid encryption/authentication combination selected\n");
561 }
562 int netTest_utilCreateSecAssoc(void)
563 {
564 nwal_RetValue nwalRetVal;
565 int err,i;
566 nwalSaIpSecId_t nwalSaIpSecId;
567 uint32_t saId;
568 for (i=0; i < netTestCfg.num_sa;i++)
569 {
570 err = 0;
571 if(netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
572 {
573 netTest_utilBuildSADB(i);
574 saId = i;
575 sa_info[i].rx_tunnel = netapi_secAddSA(
576 netapi_handle,
577 netTestCfg.ipsec_if_no, //iface #0
578 &netTestCfg.sa[i],
579 &netTestCfg.key_params[i],
580 netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
581 NULL, //use default route
582 &(sa_info[i].rx_data_mode_handle),
583 &(sa_info[i].rx_inflow_mode_handle),
584 (void*) saId,
585 &err);
586 if (err)
587 {
588 netapi_Log("addRxSa failed %d\n",err);
589 exit(1);
590 }
593 if (netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_INFLOW)
594 {
595 //assume inner and outer ip is the same
596 rx_policy[i]= netapi_secAddRxPolicy( netapi_handle,
597 sa_info[i].rx_tunnel, //link to tunnel above
598 4, //ipv4
599 &netTestCfg.sa[i].src,
600 &netTestCfg.sa[i].dst,
601 NULL, // no qualifiers
602 NULL, //default route
603 NULL, //user_data
604 &err);
605 if (err)
606 {
607 netapi_Log("addSaPolicy failed %d, for index %d\n",err,i);
608 exit(1);
609 }
610 }
611 else
612 {
613 rx_policy[i] = 0;
614 }
615 }
616 //tx SA security stuff
617 if(netTestCfg.sa[i].dir == NWAL_SA_DIR_OUTBOUND)
618 {
619 netTest_utilBuildSADB(i);
620 saId = i;
621 sa_info[i].tx_tunnel = netapi_secAddSA( netapi_handle,
622 0, //iface #0
623 &netTestCfg.sa[i],
624 &netTestCfg.key_params[i],
625 netTestCfg.ipsec_mode_tx == IPSEC_MODE_TX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
626 NULL, //use default route
627 &(sa_info[i].tx_data_mode_handle),
628 &(sa_info[i].tx_inflow_mode_handle),
629 (void*)saId,
630 &err);
631 if (err) {netapi_Log("addTxSa failed %d\n",err); exit(1);}
632 }
633 }
634 }
637 void netTest_utilDeleteSecAssoc()
638 {
639 int err,i;
640 for (i=0; i < netTestCfg.num_sa;i++)
641 {
642 err = 0;
643 if(sa_info[i].dir == NWAL_SA_DIR_INBOUND)
644 {
645 if (rx_policy[i])
646 netapi_secDelRxPolicy(netapi_handle, rx_policy[i], &err);
647 if (err == 0) netapi_Log("polcicy deleted %d\n", i );
648 //delete tunnels
649 netapi_secDelSA(netapi_handle, 0, sa_info[i].rx_tunnel, &err);
650 }
652 if(sa_info[i].dir == NWAL_SA_DIR_OUTBOUND)
653 {
654 netapi_secDelSA(netapi_handle, 0, sa_info[i].tx_tunnel, &err);
655 }
656 }
657 }