1e28ea9bc844c186d81642c9d506940508245e97
[keystone-rtos/netapi.git] / ti / runtime / netapi / test / net_test_sa_utils.c
1 /******************************************
2  * File: net_test_sa_utils.c
3  * Purpose: net_test application security associations utilities
4  **************************************************************
5  * FILE:  net_test_sa_utils.c
6  * 
7  * DESCRIPTION:  net_test application security associations utilities
8  * 
9  * REVISION HISTORY:
10  *
11  *  Copyright (c) Texas Instruments Incorporated 2013
12  * 
13  *  Redistribution and use in source and binary forms, with or without 
14  *  modification, are permitted provided that the following conditions 
15  *  are met:
16  *
17  *    Redistributions of source code must retain the above copyright 
18  *    notice, this list of conditions and the following disclaimer.
19  *
20  *    Redistributions in binary form must reproduce the above copyright
21  *    notice, this list of conditions and the following disclaimer in the 
22  *    documentation and/or other materials provided with the   
23  *    distribution.
24  *
25  *    Neither the name of Texas Instruments Incorporated nor the names of
26  *    its contributors may be used to endorse or promote products derived
27  *    from this software without specific prior written permission.
28  *
29  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
30  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
31  *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
32  *  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 
33  *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
34  *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
35  *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36  *  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37  *  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
38  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
39  *  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41  *****************************************/
43 #include "net_test.h"
45 #include <signal.h>
46 #include <pthread.h>
48 #include <ti/drv/sa/salld.h>
49 #include <ti/drv/pa/pa.h>
51 extern NETAPI_T netapi_handle;
52 extern netTestConfig_t netTestCfg;
53 extern netTestConfig_t config;
54 extern netTestSA_t sa_info[];
55 extern NETCP_CFG_IPSEC_POLICY_T rx_policy[];
57 /* pktio channels externs */
58 extern PKTIO_HANDLE_T *netcp_rx_chan;
59 extern PKTIO_HANDLE_T *netcp_rx_chan2;
60 extern PKTIO_HANDLE_T *netcp_tx_chan;
61 extern PKTIO_HANDLE_T *netcp_tx_chan_ah;
62 extern PKTIO_HANDLE_T *netcp_sb_tx_chan;
63 extern PKTIO_HANDLE_T *netcp_sb_rx_chan;
64 extern PKTIO_CFG_T our_chan_cfg;
65 extern PKTIO_CFG_T netcp_rx_cfg;
66 extern PKTIO_CFG_T netcp_rx_cfg2;
67 extern PKTIO_CFG_T netcp_tx_cfg;
68 extern PKTIO_CFG_T netcp_sb_rx_cfg;
69 extern PKTIO_CFG_T netcp_sb_tx_cfg;
70 /* end pktio channels externs */
72 extern Trie *p_trie_sa_rx;
73 extern Trie *p_trie_sa_tx;
77 void  netTest_utilBuildSADB(int i)
78 {
79     long tmp_spi;
80     long tmp_tunnel;
81     if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA1) &&
82         (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CBC))
83     {
84         /* static configuration, will not change */
85         sa_info[i].tx_payload_info.aadSize = 0;
86         sa_info[i].tx_payload_info.pAad = NULL;
87         sa_info[i].tx_payload_info.pAuthIV = NULL;
88         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
89                                                 netTest_IP_HEADER_LEN;
90         
91         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
92                                                netTest_IP_HEADER_LEN +
93                                                netTest_ESP_HEADER_LEN +
94                                                netTest_AES_CBC_IV_LEN;
96         /* dynamic configuration, will  be calculated on the fly */
97         sa_info[i].tx_payload_info.authSize = 0;
98         sa_info[i].tx_payload_info.encSize = 0;
99         sa_info[i].tx_payload_info.pEncIV = 0;
101         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
102         sa_info[i].authMode = netTestCfg.sa[i].authMode;
103         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
104         sa_info[i].auth_tag_size = netTest_ICV_LEN;
106         sa_info[i].iv_len=16;
107         sa_info[i].bl=16;
109         sa_info[i].tx_pkt_info.enetPort = 0;
110         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
111         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
112         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
113         sa_info[i].tx_pkt_info.startOffset = 0;
114         sa_info[i].tx_pkt_info.lpbackPass = 0;
115         sa_info[i].tx_pkt_info.ploadLen = 0; 
116         sa_info[i].tx_pkt_info.pPkt = NULL;
117         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
118         sa_info[i].tx_pkt_info.saPayloadLen = 0;
119         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
120        
121         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
122                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
123                                          NWAL_TX_FLAG1_META_DATA_VALID ;
124         sa_info[i].dir =netTestCfg.sa[i].dir;
125         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
126         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
127         sa_info[i].spi =tmp_spi;
128         sa_info[i].tunnel_id = tmp_tunnel;
129         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
130         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
132         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
133         {
134             trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
135         }
136         else
137         {
138            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
139         }
140     }
141     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
142              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
143     {
144         /* static configuration, will not change */
145         sa_info[i].tx_payload_info.aadSize = 0;
146         sa_info[i].tx_payload_info.pAad = NULL;
147         sa_info[i].tx_payload_info.pAuthIV = NULL;
148         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
149                                                 netTest_IP_HEADER_LEN;
151         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
152                                                netTest_IP_HEADER_LEN +
153                                                netTest_ESP_HEADER_LEN +
154                                                netTest_AES_CTR_IV_LEN;
155         /* dynamic configuration, will  be calculated on the fly */
156         sa_info[i].tx_payload_info.authSize = 0;
157         sa_info[i].tx_payload_info.encSize = 0;
158         sa_info[i].tx_payload_info.pEncIV = 0;
160         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
161         sa_info[i].authMode = netTestCfg.sa[i].authMode;
162         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
163         sa_info[i].auth_tag_size = 0;
164         sa_info[i].iv_len=8;
165         sa_info[i].bl=8;
167         sa_info[i].tx_pkt_info.enetPort = 0;
168         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
169         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
170         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
171         sa_info[i].tx_pkt_info.startOffset = 0;
172         sa_info[i].tx_pkt_info.lpbackPass = 0;
173         sa_info[i].tx_pkt_info.ploadLen = 0;
174         sa_info[i].tx_pkt_info.pPkt = NULL;
175         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
176         sa_info[i].tx_pkt_info.startOffset = 0;
177         sa_info[i].tx_pkt_info.lpbackPass = 0;
178         sa_info[i].tx_pkt_info.ploadLen = 0;
179         sa_info[i].tx_pkt_info.pPkt = NULL;
180         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
181         sa_info[i].tx_pkt_info.saPayloadLen = 0;
182         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
184         sa_info[i].key_params = &netTestCfg.key_params[i];
186         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
187         sa_info[i].dir =netTestCfg.sa[i].dir;
188         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
189         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
190         sa_info[i].spi =tmp_spi;
191         sa_info[i].tunnel_id = tmp_tunnel;
192         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
193         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
194         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
195         {
196            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
197         }
198         else
199         {
200            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
201         }
202     }
203     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
204              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
205     {
206         /* static configuration, will not change */
207         sa_info[i].tx_payload_info.aadSize = 0;
208         sa_info[i].tx_payload_info.pAad = NULL;
209         sa_info[i].tx_payload_info.pAuthIV = NULL;
210         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
211                                                 netTest_IP_HEADER_LEN;
213         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
214                                                netTest_IP_HEADER_LEN +
215                                                netTest_ESP_HEADER_LEN +
216                                                netTest_AES_CTR_IV_LEN;
218         /* dynamic configuration, will  be calculated on the fly */
219         sa_info[i].tx_payload_info.authSize = 0;
220         sa_info[i].tx_payload_info.encSize = 0;
221         sa_info[i].tx_payload_info.pEncIV = 0;
223         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
224         sa_info[i].authMode = netTestCfg.sa[i].authMode;
225         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
226         sa_info[i].auth_tag_size = netTest_ICV_LEN;
227         sa_info[i].iv_len=8;
228         sa_info[i].bl=8;
230         sa_info[i].tx_pkt_info.enetPort = 0;
231         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
232         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
233         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
234         sa_info[i].tx_pkt_info.startOffset = 0;
235         sa_info[i].tx_pkt_info.lpbackPass = 0;
236         sa_info[i].tx_pkt_info.ploadLen = 0;
237         sa_info[i].tx_pkt_info.pPkt = NULL;
238         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
239         sa_info[i].tx_pkt_info.saPayloadLen = 0;
240         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
242         sa_info[i].key_params = &netTestCfg.key_params[i];
244         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
245         sa_info[i].dir =netTestCfg.sa[i].dir;
246         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
247         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
248         sa_info[i].spi =tmp_spi;
249         sa_info[i].tunnel_id = tmp_tunnel;
250         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
251         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
252         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
253         {
254            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
255         }
256         else
257         {
258            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
259         }
260     }
261     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
262              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_3DES_CBC))
263     {
264         /* static configuration, will not change */
265         sa_info[i].tx_payload_info.aadSize = 0;
266         sa_info[i].tx_payload_info.pAad = NULL;
267         sa_info[i].tx_payload_info.pAuthIV = NULL;
268         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
269                                                 netTest_IP_HEADER_LEN;
271         sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
272                                                netTest_IP_HEADER_LEN +
273                                                netTest_ESP_HEADER_LEN +
274                                                netTest_3DES_CBC_IV_LEN;
276         /* dynamic configuration, will  be calculated on the fly */
277         sa_info[i].tx_payload_info.authSize = 0;
278         sa_info[i].tx_payload_info.encSize = 0;
279         sa_info[i].tx_payload_info.pEncIV = 0;
281         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
282         sa_info[i].authMode = netTestCfg.sa[i].authMode;
283         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
284         sa_info[i].auth_tag_size = netTest_ICV_LEN;
286         sa_info[i].iv_len=8;
287         sa_info[i].bl=8;
289         sa_info[i].tx_pkt_info.enetPort = 0;
290         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
291         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
292         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
293         sa_info[i].tx_pkt_info.startOffset = 0;
294         sa_info[i].tx_pkt_info.lpbackPass = 0;
295         sa_info[i].tx_pkt_info.ploadLen = 0;
296         sa_info[i].tx_pkt_info.pPkt = NULL;
297         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
298         sa_info[i].tx_pkt_info.saPayloadLen = 0;
299         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
300        
301         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
302                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
303                                          NWAL_TX_FLAG1_META_DATA_VALID ;
305         sa_info[i].dir =netTestCfg.sa[i].dir;
306         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
307         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
308         sa_info[i].spi =tmp_spi;
309         sa_info[i].tunnel_id = tmp_tunnel;
310         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
311         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
312         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
313         {
314            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
315         }
316         else
317         {
318            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
319         }
320     }
321     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_MD5) &&
322              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
323     {
324         /* static configuration, will not change */
325         sa_info[i].tx_payload_info.aadSize = 0;
326         sa_info[i].tx_payload_info.pAad = NULL;
327         sa_info[i].tx_payload_info.pAuthIV = NULL;
328         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN;
330         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
331                                                        netTest_IP_HEADER_LEN +
332                                                        netTest_NULL_ESP_HEADER_LEN +
333                                                        netTest_NULL_IV_LEN +
334                                                        24;
335         sa_info[i].iv_len=0;
336         sa_info[i].bl=4;
338         /* dynamic configuration, will  be calculated on the fly */
339         sa_info[i].tx_payload_info.authSize = 0;
340         sa_info[i].tx_payload_info.encSize = 0;
341         sa_info[i].tx_payload_info.pEncIV = 0;
343         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
344         sa_info[i].authMode = netTestCfg.sa[i].authMode;
345         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
346         sa_info[i].auth_tag_size = netTest_ICV_LEN;
348         sa_info[i].tx_pkt_info.enetPort = 0;
349         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
350         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
351         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
352         sa_info[i].tx_pkt_info.startOffset = 0;
353         sa_info[i].tx_pkt_info.lpbackPass = 0;
354         sa_info[i].tx_pkt_info.ploadLen = 0;
355         sa_info[i].tx_pkt_info.pPkt = NULL;
356         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN;
357         sa_info[i].tx_pkt_info.saPayloadLen = 0;
358         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
359         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_AH_CRYPTO |
360                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
361                                          NWAL_TX_FLAG1_META_DATA_VALID;
362         sa_info[i].dir =netTestCfg.sa[i].dir;
363         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
364         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
365         sa_info[i].spi =tmp_spi;
366         sa_info[i].tunnel_id = tmp_tunnel;
367         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
368         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
369         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
370         {
371            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
372         }
373         else
374         {
375            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
376         }
377     }
378     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
379              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_GCM))
380     {
381         /* static configuration, will not change */
382         sa_info[i].tx_payload_info.aadSize = 0;
383         sa_info[i].tx_payload_info.pAad = NULL;
384         sa_info[i].tx_payload_info.pAuthIV = NULL;
385         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
386                                                 netTest_IP_HEADER_LEN;
388         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
389                                                        netTest_IP_HEADER_LEN +
390                                                        netTest_ESP_HEADER_LEN +
391                                                        netTest_AES_GCM_IV_LEN;
393         sa_info[i].iv_len=0;
394         sa_info[i].bl=4;
396         /* dynamic configuration, will  be calculated on the fly */
397         sa_info[i].tx_payload_info.authSize = 0;
398         sa_info[i].tx_payload_info.encSize = 0;
399         sa_info[i].tx_payload_info.pEncIV = 0;
401         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
402         sa_info[i].authMode = netTestCfg.sa[i].authMode;
403         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
404         sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
406         sa_info[i].tx_pkt_info.enetPort = 0;
407         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
408         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
409         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
410         sa_info[i].tx_pkt_info.startOffset = 0;
411         sa_info[i].tx_pkt_info.lpbackPass = 0;
412         sa_info[i].tx_pkt_info.ploadLen = 0;
413         sa_info[i].tx_pkt_info.pPkt = NULL;
414         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
415         sa_info[i].tx_pkt_info.saPayloadLen = 0;
416         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
417        
418         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
419                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
420                                          NWAL_TX_FLAG1_META_DATA_VALID;
422         sa_info[i].dir =netTestCfg.sa[i].dir;
423         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
424         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
425         sa_info[i].spi =tmp_spi;
426         sa_info[i].tunnel_id = tmp_tunnel;
427         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
428         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
429         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
430         {
431            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
432         }
433         else
434         {
435            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
436         }
437     }
438     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
439              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
440     {
441         /* static configuration, will not change */
442         sa_info[i].tx_payload_info.aadSize = 0;
443         sa_info[i].tx_payload_info.pAad = NULL;
444         sa_info[i].tx_payload_info.pAuthIV = NULL;
445         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
446                                                 netTest_IP_HEADER_LEN;
447          sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
448                                                        netTest_IP_HEADER_LEN +
449                                                        netTest_ESP_HEADER_LEN;
451         sa_info[i].iv_len=0;
452         sa_info[i].bl=0;
454         /* dynamic configuration, will  be calculated on the fly */
455         sa_info[i].tx_payload_info.authSize = 0;
456         sa_info[i].tx_payload_info.encSize = 0;
457         sa_info[i].tx_payload_info.pEncIV = 0;
459         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
460         sa_info[i].authMode = netTestCfg.sa[i].authMode;
461         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
462         sa_info[i].auth_tag_size = 0;
464         sa_info[i].tx_pkt_info.enetPort = 0;
465         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
466         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
467         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
468         sa_info[i].tx_pkt_info.startOffset = 0;
469         sa_info[i].tx_pkt_info.lpbackPass = 0;
470         sa_info[i].tx_pkt_info.ploadLen = 0;
471         sa_info[i].tx_pkt_info.pPkt = NULL;
472         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
473         sa_info[i].tx_pkt_info.saPayloadLen = 0;
474         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
475         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
476                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
477                                          NWAL_TX_FLAG1_META_DATA_VALID;
479         sa_info[i].dir =netTestCfg.sa[i].dir;
480         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
481         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
482         sa_info[i].spi =tmp_spi;
483         sa_info[i].tunnel_id = tmp_tunnel;
484         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
485         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
486         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
487         {
488            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
489         }
490         else
491         {
492            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
493         }
495     }
496     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
497              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CCM))
498     {
499         /* static configuration, will not change */
500         sa_info[i].tx_payload_info.aadSize = 0;
501         sa_info[i].tx_payload_info.pAad = NULL;
502         sa_info[i].tx_payload_info.pAuthIV = NULL;
503         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
504                                                 netTest_IP_HEADER_LEN;
506         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
507                                                        netTest_IP_HEADER_LEN +
508                                                        netTest_ESP_HEADER_LEN +
509                                                        netTest_AES_CCM_IV_LEN;
511         sa_info[i].iv_len=0;
512         sa_info[i].bl=4;
514         /* dynamic configuration, will  be calculated on the fly */
515         sa_info[i].tx_payload_info.authSize = 0;
516         sa_info[i].tx_payload_info.encSize = 0;
517         sa_info[i].tx_payload_info.pEncIV = 0;
519         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
520         sa_info[i].authMode = netTestCfg.sa[i].authMode;
521         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
522         sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
524         sa_info[i].tx_pkt_info.enetPort = 0;
525         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
526         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
527         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
528         sa_info[i].tx_pkt_info.startOffset = 0;
529         sa_info[i].tx_pkt_info.lpbackPass = 0;
530         sa_info[i].tx_pkt_info.ploadLen = 0;
531         sa_info[i].tx_pkt_info.pPkt = NULL;
532         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
533         sa_info[i].tx_pkt_info.saPayloadLen = 0;
534         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
535        
536         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
537                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
538                                          NWAL_TX_FLAG1_META_DATA_VALID;
539         
540         sa_info[i].dir =netTestCfg.sa[i].dir;
541         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
542         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
543         sa_info[i].spi =tmp_spi;
544         sa_info[i].tunnel_id = tmp_tunnel;
545         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
546         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
547         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
548         {
549            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
550         }
551         else
552         {
553            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
554         }
555     }
556     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_AES_XCBC) &&
557              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
558     {
559         /* static configuration, will not change */
560         sa_info[i].tx_payload_info.aadSize = 0;
561         sa_info[i].tx_payload_info.pAad = NULL;
562         sa_info[i].tx_payload_info.pAuthIV = NULL;
563         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
564                                                 netTest_IP_HEADER_LEN;
566         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
567                                                        netTest_IP_HEADER_LEN +
568                                                        netTest_ESP_HEADER_LEN +
569                                                        netTest_NULL_IV_LEN;
571         sa_info[i].iv_len=0;
572         sa_info[i].bl=4;
574         /* dynamic configuration, will  be calculated on the fly */
575         sa_info[i].tx_payload_info.authSize = 0;
576         sa_info[i].tx_payload_info.encSize = 0;
577         //sa_info[i].tx_payload_info.ploadLen = 0;
578         sa_info[i].tx_payload_info.pEncIV = 0;
580         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
581         sa_info[i].authMode = netTestCfg.sa[i].authMode;
582         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
583         sa_info[i].auth_tag_size = netTest_ICV_LEN;
585         sa_info[i].tx_pkt_info.enetPort = 0;
586         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
587         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
588         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
589         sa_info[i].tx_pkt_info.startOffset = 0;
590         sa_info[i].tx_pkt_info.lpbackPass = 0;
591         sa_info[i].tx_pkt_info.ploadLen = 0;
592         sa_info[i].tx_pkt_info.pPkt = NULL;
593         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
594         sa_info[i].tx_pkt_info.saPayloadLen = 0;
595         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
596        
597         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
598                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM|
599                                          NWAL_TX_FLAG1_META_DATA_VALID;
600         
601         sa_info[i].dir =netTestCfg.sa[i].dir;
602         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
603         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
604         sa_info[i].spi =tmp_spi;
605         sa_info[i].tunnel_id = tmp_tunnel;
606         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
607         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
608         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
609         {
610            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
611         }
612         else
613         {
614            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
615         }
616     }
617     else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_GMAC) &&
618              (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
619     {
620         /* static configuration, will not change */
621         sa_info[i].tx_payload_info.aadSize = 0;
622         sa_info[i].tx_payload_info.pAad = NULL;
623         sa_info[i].tx_payload_info.pAuthIV = NULL;
624         sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
625                                                 netTest_IP_HEADER_LEN;
627         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
628                                                        netTest_IP_HEADER_LEN +
629                                                        netTest_ESP_HEADER_LEN +
630                                                        netTest_AES_GMAC_IV_LEN;
632         sa_info[i].iv_len=0;
633         sa_info[i].bl=4;
635         /* dynamic configuration, will  be calculated on the fly */
636         sa_info[i].tx_payload_info.authSize = 0;
637         sa_info[i].tx_payload_info.encSize = 0;
638         sa_info[i].tx_payload_info.pEncIV = 0;
639         sa_info[i].tx_payload_info.pAuthIV = 0;
641         sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
642         sa_info[i].authMode = netTestCfg.sa[i].authMode;
643         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
644         sa_info[i].auth_tag_size = netTest_AES_GMAC_ICV_LEN;
646         sa_info[i].tx_pkt_info.enetPort = 0;
647         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
648         sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
649         sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
650         sa_info[i].tx_pkt_info.startOffset = 0;
651         sa_info[i].tx_pkt_info.lpbackPass = 0;
652         sa_info[i].tx_pkt_info.ploadLen = 0;
653         sa_info[i].tx_pkt_info.pPkt = NULL;
654         sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN  + netTest_IP_HEADER_LEN;
655         sa_info[i].tx_pkt_info.saPayloadLen = 0;
656         sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
657        
658         sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
659                                          NWAL_TX_FLAG1_DO_UDP_CHKSUM |
660                                          NWAL_TX_FLAG1_META_DATA_VALID;
661         
662         sa_info[i].dir =netTestCfg.sa[i].dir;
663         tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
664         tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
665         sa_info[i].spi =tmp_spi;
666         sa_info[i].tunnel_id = tmp_tunnel;
667         sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
668         sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
669         if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
670         {
671            trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
672         }
673         else
674         {
675            trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
676         }
677     }
678     else
679         netapi_Log("netTest_utilBuildSADB(): invalid encryption/authentication combination selected\n");
682 int netTest_utilCreateSecAssoc(void)
684     nwal_RetValue       nwalRetVal;
685     int err,i;
686     nwalSaIpSecId_t  nwalSaIpSecId;
687     uint32_t saId;
688     for (i=0; i < netTestCfg.num_sa;i++)
689     {
690         err = 0;
691         if(netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
692         {
693             netTest_utilBuildSADB(i);
694             saId = i;
695             sa_info[i].rx_tunnel = netapi_secAddSA(
696             netapi_handle,
697             netTestCfg.ipsec_if_no, //iface #0 
698             &netTestCfg.sa[i],
699             &netTestCfg.key_params[i],
700             netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
701                 NULL,  //use default route 
702             &(sa_info[i].rx_data_mode_handle),
703             &(sa_info[i].rx_inflow_mode_handle),
704             (void*) saId,
705             &err);
706             if (err)
707             {
708                 netapi_Log("addRxSa failed %d\n",err);
709                 exit(1);
710             }
713             if (netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_INFLOW)
714             {
715                 //assume inner and outer ip is the same
716                 rx_policy[i]= netapi_secAddRxPolicy( netapi_handle,
717                              sa_info[i].rx_tunnel,  //link to tunnel above
718                              4,         //ipv4
719                              &netTestCfg.sa[i].src,
720                              &netTestCfg.sa[i].dst,
721                             NULL,  // no qualifiers
722                             NULL,  //default route
723                             NULL, //user_data
724                              &err);
725                 if (err)
726                 {
727                     netapi_Log("addSaPolicy failed  %d, for index %d\n",err,i); 
728                     exit(1);
729                 }
730             }
731             else
732             {
733                 rx_policy[i] = 0;
734             }
735         }
736         //tx SA security stuff
737         if(netTestCfg.sa[i].dir == NWAL_SA_DIR_OUTBOUND)
738         {
739             netTest_utilBuildSADB(i);
740             saId = i;
741             sa_info[i].tx_tunnel = netapi_secAddSA( netapi_handle,
742                  0, //iface #0 
743                  &netTestCfg.sa[i],
744                  &netTestCfg.key_params[i],
745                 netTestCfg.ipsec_mode_tx == IPSEC_MODE_TX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
746                 NULL,  //use default route 
747                 &(sa_info[i].tx_data_mode_handle),
748                 &(sa_info[i].tx_inflow_mode_handle),
749                 (void*)saId,
750                 &err);
751             if (err) {netapi_Log("addTxSa failed %d\n",err); exit(1);}
752         }
753     }
757 void netTest_utilDeleteSecAssoc()
759     int err,i;
760     for (i=0; i < netTestCfg.num_sa;i++)
761     {
762         err = 0;
763         if(sa_info[i].dir == NWAL_SA_DIR_INBOUND)
764         {
765             if (rx_policy[i])
766                 netapi_secDelRxPolicy(netapi_handle, rx_policy[i], &err);
767             if (err == 0) netapi_Log("polcicy deleted  %d\n", i );
768                 //delete tunnels
769             netapi_secDelSA(netapi_handle, 0, sa_info[i].rx_tunnel, &err);
770         }
771         
772         if(sa_info[i].dir == NWAL_SA_DIR_OUTBOUND)
773         {
774             netapi_secDelSA(netapi_handle, 0, sa_info[i].tx_tunnel, &err);
775         }
776     }