1 /******************************************
2 * File: net_test_sa_utils.c
3 * Purpose: net_test application security associations utilities
4 **************************************************************
5 * FILE: net_test_sa_utils.c
6 *
7 * DESCRIPTION: net_test application security associations utilities
8 *
9 * REVISION HISTORY:
10 *
11 * Copyright (c) Texas Instruments Incorporated 2013
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 *
20 * Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the
23 * distribution.
24 *
25 * Neither the name of Texas Instruments Incorporated nor the names of
26 * its contributors may be used to endorse or promote products derived
27 * from this software without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
30 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
31 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
32 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
33 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
34 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
35 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
38 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
39 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 *****************************************/
43 #include "net_test.h"
45 #include <signal.h>
46 #include <pthread.h>
48 #include <ti/drv/sa/salld.h>
49 #include <ti/drv/pa/pa.h>
51 extern NETAPI_T netapi_handle;
52 extern netTestConfig_t netTestCfg;
53 extern netTestConfig_t config;
54 extern netTestSA_t sa_info[];
55 extern NETCP_CFG_IPSEC_POLICY_T rx_policy[];
57 /* pktio channels externs */
58 extern PKTIO_HANDLE_T *netcp_rx_chan;
59 extern PKTIO_HANDLE_T *netcp_rx_chan2;
60 extern PKTIO_HANDLE_T *netcp_tx_chan;
61 extern PKTIO_HANDLE_T *netcp_tx_chan_ah;
62 extern PKTIO_HANDLE_T *netcp_sb_tx_chan;
63 extern PKTIO_HANDLE_T *netcp_sb_rx_chan;
64 extern PKTIO_CFG_T our_chan_cfg;
65 extern PKTIO_CFG_T netcp_rx_cfg;
66 extern PKTIO_CFG_T netcp_rx_cfg2;
67 extern PKTIO_CFG_T netcp_tx_cfg;
68 extern PKTIO_CFG_T netcp_sb_rx_cfg;
69 extern PKTIO_CFG_T netcp_sb_tx_cfg;
70 /* end pktio channels externs */
72 extern Trie *p_trie_sa_rx;
73 extern Trie *p_trie_sa_tx;
77 void netTest_utilBuildSADB(int i)
78 {
79 long tmp_spi;
80 long tmp_tunnel;
81 if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA1) &&
82 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CBC))
83 {
84 /* static configuration, will not change */
85 sa_info[i].tx_payload_info.aadSize = 0;
86 sa_info[i].tx_payload_info.pAad = NULL;
87 sa_info[i].tx_payload_info.pAuthIV = NULL;
88 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
89 netTest_IP_HEADER_LEN;
91 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
92 netTest_IP_HEADER_LEN +
93 netTest_ESP_HEADER_LEN +
94 netTest_AES_CBC_IV_LEN;
96 /* dynamic configuration, will be calculated on the fly */
97 sa_info[i].tx_payload_info.authSize = 0;
98 sa_info[i].tx_payload_info.encSize = 0;
99 sa_info[i].tx_payload_info.pEncIV = 0;
101 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
102 sa_info[i].authMode = netTestCfg.sa[i].authMode;
103 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
104 sa_info[i].auth_tag_size = netTest_ICV_LEN;
106 sa_info[i].iv_len=16;
107 sa_info[i].bl=16;
109 sa_info[i].tx_pkt_info.enetPort = 0;
110 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
111 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
112 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
113 sa_info[i].tx_pkt_info.startOffset = 0;
114 sa_info[i].tx_pkt_info.lpbackPass = 0;
115 sa_info[i].tx_pkt_info.ploadLen = 0;
116 sa_info[i].tx_pkt_info.pPkt = NULL;
117 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
118 sa_info[i].tx_pkt_info.saPayloadLen = 0;
119 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
121 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
122 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
123 NWAL_TX_FLAG1_META_DATA_VALID ;
124 sa_info[i].dir =netTestCfg.sa[i].dir;
125 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
126 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
127 sa_info[i].spi =tmp_spi;
128 sa_info[i].tunnel_id = tmp_tunnel;
129 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
130 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
132 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
133 {
134 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
135 }
136 else
137 {
138 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
139 }
140 }
141 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
142 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
143 {
144 /* static configuration, will not change */
145 sa_info[i].tx_payload_info.aadSize = 0;
146 sa_info[i].tx_payload_info.pAad = NULL;
147 sa_info[i].tx_payload_info.pAuthIV = NULL;
148 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
149 netTest_IP_HEADER_LEN;
151 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
152 netTest_IP_HEADER_LEN +
153 netTest_ESP_HEADER_LEN +
154 netTest_AES_CTR_IV_LEN;
155 /* dynamic configuration, will be calculated on the fly */
156 sa_info[i].tx_payload_info.authSize = 0;
157 sa_info[i].tx_payload_info.encSize = 0;
158 sa_info[i].tx_payload_info.pEncIV = 0;
160 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
161 sa_info[i].authMode = netTestCfg.sa[i].authMode;
162 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
163 sa_info[i].auth_tag_size = 0;
164 sa_info[i].iv_len=8;
165 sa_info[i].bl=8;
167 sa_info[i].tx_pkt_info.enetPort = 0;
168 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
169 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
170 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
171 sa_info[i].tx_pkt_info.startOffset = 0;
172 sa_info[i].tx_pkt_info.lpbackPass = 0;
173 sa_info[i].tx_pkt_info.ploadLen = 0;
174 sa_info[i].tx_pkt_info.pPkt = NULL;
175 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
176 sa_info[i].tx_pkt_info.startOffset = 0;
177 sa_info[i].tx_pkt_info.lpbackPass = 0;
178 sa_info[i].tx_pkt_info.ploadLen = 0;
179 sa_info[i].tx_pkt_info.pPkt = NULL;
180 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
181 sa_info[i].tx_pkt_info.saPayloadLen = 0;
182 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
184 sa_info[i].key_params = &netTestCfg.key_params[i];
186 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
187 sa_info[i].dir =netTestCfg.sa[i].dir;
188 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
189 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
190 sa_info[i].spi =tmp_spi;
191 sa_info[i].tunnel_id = tmp_tunnel;
192 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
193 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
194 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
195 {
196 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
197 }
198 else
199 {
200 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
201 }
202 }
203 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
204 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
205 {
206 /* static configuration, will not change */
207 sa_info[i].tx_payload_info.aadSize = 0;
208 sa_info[i].tx_payload_info.pAad = NULL;
209 sa_info[i].tx_payload_info.pAuthIV = NULL;
210 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
211 netTest_IP_HEADER_LEN;
213 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
214 netTest_IP_HEADER_LEN +
215 netTest_ESP_HEADER_LEN +
216 netTest_AES_CTR_IV_LEN;
218 /* dynamic configuration, will be calculated on the fly */
219 sa_info[i].tx_payload_info.authSize = 0;
220 sa_info[i].tx_payload_info.encSize = 0;
221 sa_info[i].tx_payload_info.pEncIV = 0;
223 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
224 sa_info[i].authMode = netTestCfg.sa[i].authMode;
225 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
226 sa_info[i].auth_tag_size = netTest_ICV_LEN;
227 sa_info[i].iv_len=8;
228 sa_info[i].bl=8;
230 sa_info[i].tx_pkt_info.enetPort = 0;
231 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
232 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
233 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
234 sa_info[i].tx_pkt_info.startOffset = 0;
235 sa_info[i].tx_pkt_info.lpbackPass = 0;
236 sa_info[i].tx_pkt_info.ploadLen = 0;
237 sa_info[i].tx_pkt_info.pPkt = NULL;
238 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
239 sa_info[i].tx_pkt_info.saPayloadLen = 0;
240 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
242 sa_info[i].key_params = &netTestCfg.key_params[i];
244 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
245 sa_info[i].dir =netTestCfg.sa[i].dir;
246 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
247 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
248 sa_info[i].spi =tmp_spi;
249 sa_info[i].tunnel_id = tmp_tunnel;
250 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
251 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
252 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
253 {
254 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
255 }
256 else
257 {
258 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
259 }
260 }
261 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_SHA2_256) &&
262 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_3DES_CBC))
263 {
264 /* static configuration, will not change */
265 sa_info[i].tx_payload_info.aadSize = 0;
266 sa_info[i].tx_payload_info.pAad = NULL;
267 sa_info[i].tx_payload_info.pAuthIV = NULL;
268 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
269 netTest_IP_HEADER_LEN;
271 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
272 netTest_IP_HEADER_LEN +
273 netTest_ESP_HEADER_LEN +
274 netTest_3DES_CBC_IV_LEN;
276 /* dynamic configuration, will be calculated on the fly */
277 sa_info[i].tx_payload_info.authSize = 0;
278 sa_info[i].tx_payload_info.encSize = 0;
279 sa_info[i].tx_payload_info.pEncIV = 0;
281 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
282 sa_info[i].authMode = netTestCfg.sa[i].authMode;
283 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
284 sa_info[i].auth_tag_size = netTest_ICV_LEN;
286 sa_info[i].iv_len=8;
287 sa_info[i].bl=8;
289 sa_info[i].tx_pkt_info.enetPort = 0;
290 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
291 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
292 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
293 sa_info[i].tx_pkt_info.startOffset = 0;
294 sa_info[i].tx_pkt_info.lpbackPass = 0;
295 sa_info[i].tx_pkt_info.ploadLen = 0;
296 sa_info[i].tx_pkt_info.pPkt = NULL;
297 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
298 sa_info[i].tx_pkt_info.saPayloadLen = 0;
299 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
301 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
302 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
303 NWAL_TX_FLAG1_META_DATA_VALID ;
305 sa_info[i].dir =netTestCfg.sa[i].dir;
306 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
307 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
308 sa_info[i].spi =tmp_spi;
309 sa_info[i].tunnel_id = tmp_tunnel;
310 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
311 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
312 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
313 {
314 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
315 }
316 else
317 {
318 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
319 }
320 }
321 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_HMAC_MD5) &&
322 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
323 {
324 /* static configuration, will not change */
325 sa_info[i].tx_payload_info.aadSize = 0;
326 sa_info[i].tx_payload_info.pAad = NULL;
327 sa_info[i].tx_payload_info.pAuthIV = NULL;
328 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN;
330 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
331 netTest_IP_HEADER_LEN +
332 netTest_NULL_ESP_HEADER_LEN +
333 netTest_NULL_IV_LEN +
334 24;
335 sa_info[i].iv_len=0;
336 sa_info[i].bl=4;
338 /* dynamic configuration, will be calculated on the fly */
339 sa_info[i].tx_payload_info.authSize = 0;
340 sa_info[i].tx_payload_info.encSize = 0;
341 sa_info[i].tx_payload_info.pEncIV = 0;
343 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
344 sa_info[i].authMode = netTestCfg.sa[i].authMode;
345 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
346 sa_info[i].auth_tag_size = netTest_ICV_LEN;
348 sa_info[i].tx_pkt_info.enetPort = 0;
349 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
350 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
351 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
352 sa_info[i].tx_pkt_info.startOffset = 0;
353 sa_info[i].tx_pkt_info.lpbackPass = 0;
354 sa_info[i].tx_pkt_info.ploadLen = 0;
355 sa_info[i].tx_pkt_info.pPkt = NULL;
356 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN;
357 sa_info[i].tx_pkt_info.saPayloadLen = 0;
358 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
359 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_AH_CRYPTO |
360 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
361 NWAL_TX_FLAG1_META_DATA_VALID;
362 sa_info[i].dir =netTestCfg.sa[i].dir;
363 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
364 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
365 sa_info[i].spi =tmp_spi;
366 sa_info[i].tunnel_id = tmp_tunnel;
367 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
368 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
369 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
370 {
371 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
372 }
373 else
374 {
375 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
376 }
377 }
378 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
379 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_GCM))
380 {
381 /* static configuration, will not change */
382 sa_info[i].tx_payload_info.aadSize = 0;
383 sa_info[i].tx_payload_info.pAad = NULL;
384 sa_info[i].tx_payload_info.pAuthIV = NULL;
385 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
386 netTest_IP_HEADER_LEN;
388 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
389 netTest_IP_HEADER_LEN +
390 netTest_ESP_HEADER_LEN +
391 netTest_AES_GCM_IV_LEN;
393 sa_info[i].iv_len=0;
394 sa_info[i].bl=4;
396 /* dynamic configuration, will be calculated on the fly */
397 sa_info[i].tx_payload_info.authSize = 0;
398 sa_info[i].tx_payload_info.encSize = 0;
399 sa_info[i].tx_payload_info.pEncIV = 0;
401 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
402 sa_info[i].authMode = netTestCfg.sa[i].authMode;
403 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
404 sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
406 sa_info[i].tx_pkt_info.enetPort = 0;
407 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
408 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
409 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
410 sa_info[i].tx_pkt_info.startOffset = 0;
411 sa_info[i].tx_pkt_info.lpbackPass = 0;
412 sa_info[i].tx_pkt_info.ploadLen = 0;
413 sa_info[i].tx_pkt_info.pPkt = NULL;
414 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
415 sa_info[i].tx_pkt_info.saPayloadLen = 0;
416 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
418 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
419 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
420 NWAL_TX_FLAG1_META_DATA_VALID;
422 sa_info[i].dir =netTestCfg.sa[i].dir;
423 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
424 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
425 sa_info[i].spi =tmp_spi;
426 sa_info[i].tunnel_id = tmp_tunnel;
427 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
428 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
429 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
430 {
431 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
432 }
433 else
434 {
435 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
436 }
437 }
438 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
439 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
440 {
441 /* static configuration, will not change */
442 sa_info[i].tx_payload_info.aadSize = 0;
443 sa_info[i].tx_payload_info.pAad = NULL;
444 sa_info[i].tx_payload_info.pAuthIV = NULL;
445 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
446 netTest_IP_HEADER_LEN;
447 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
448 netTest_IP_HEADER_LEN +
449 netTest_ESP_HEADER_LEN;
451 sa_info[i].iv_len=0;
452 sa_info[i].bl=0;
454 /* dynamic configuration, will be calculated on the fly */
455 sa_info[i].tx_payload_info.authSize = 0;
456 sa_info[i].tx_payload_info.encSize = 0;
457 sa_info[i].tx_payload_info.pEncIV = 0;
459 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
460 sa_info[i].authMode = netTestCfg.sa[i].authMode;
461 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
462 sa_info[i].auth_tag_size = 0;
464 sa_info[i].tx_pkt_info.enetPort = 0;
465 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
466 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
467 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
468 sa_info[i].tx_pkt_info.startOffset = 0;
469 sa_info[i].tx_pkt_info.lpbackPass = 0;
470 sa_info[i].tx_pkt_info.ploadLen = 0;
471 sa_info[i].tx_pkt_info.pPkt = NULL;
472 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
473 sa_info[i].tx_pkt_info.saPayloadLen = 0;
474 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
475 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
476 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
477 NWAL_TX_FLAG1_META_DATA_VALID;
479 sa_info[i].dir =netTestCfg.sa[i].dir;
480 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
481 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
482 sa_info[i].spi =tmp_spi;
483 sa_info[i].tunnel_id = tmp_tunnel;
484 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
485 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
486 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
487 {
488 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
489 }
490 else
491 {
492 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
493 }
495 }
496 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_NULL) &&
497 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_AES_CCM))
498 {
499 /* static configuration, will not change */
500 sa_info[i].tx_payload_info.aadSize = 0;
501 sa_info[i].tx_payload_info.pAad = NULL;
502 sa_info[i].tx_payload_info.pAuthIV = NULL;
503 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
504 netTest_IP_HEADER_LEN;
506 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
507 netTest_IP_HEADER_LEN +
508 netTest_ESP_HEADER_LEN +
509 netTest_AES_CCM_IV_LEN;
511 sa_info[i].iv_len=0;
512 sa_info[i].bl=4;
514 /* dynamic configuration, will be calculated on the fly */
515 sa_info[i].tx_payload_info.authSize = 0;
516 sa_info[i].tx_payload_info.encSize = 0;
517 sa_info[i].tx_payload_info.pEncIV = 0;
519 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
520 sa_info[i].authMode = netTestCfg.sa[i].authMode;
521 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
522 sa_info[i].auth_tag_size = netTest_AES_GCM_CCM_ICV_LEN;
524 sa_info[i].tx_pkt_info.enetPort = 0;
525 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
526 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
527 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
528 sa_info[i].tx_pkt_info.startOffset = 0;
529 sa_info[i].tx_pkt_info.lpbackPass = 0;
530 sa_info[i].tx_pkt_info.ploadLen = 0;
531 sa_info[i].tx_pkt_info.pPkt = NULL;
532 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
533 sa_info[i].tx_pkt_info.saPayloadLen = 0;
534 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
536 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
537 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
538 NWAL_TX_FLAG1_META_DATA_VALID;
540 sa_info[i].dir =netTestCfg.sa[i].dir;
541 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
542 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
543 sa_info[i].spi =tmp_spi;
544 sa_info[i].tunnel_id = tmp_tunnel;
545 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
546 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
547 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
548 {
549 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
550 }
551 else
552 {
553 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
554 }
555 }
556 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_AES_XCBC) &&
557 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
558 {
559 /* static configuration, will not change */
560 sa_info[i].tx_payload_info.aadSize = 0;
561 sa_info[i].tx_payload_info.pAad = NULL;
562 sa_info[i].tx_payload_info.pAuthIV = NULL;
563 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
564 netTest_IP_HEADER_LEN;
566 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
567 netTest_IP_HEADER_LEN +
568 netTest_ESP_HEADER_LEN +
569 netTest_NULL_IV_LEN;
571 sa_info[i].iv_len=0;
572 sa_info[i].bl=4;
574 /* dynamic configuration, will be calculated on the fly */
575 sa_info[i].tx_payload_info.authSize = 0;
576 sa_info[i].tx_payload_info.encSize = 0;
577 //sa_info[i].tx_payload_info.ploadLen = 0;
578 sa_info[i].tx_payload_info.pEncIV = 0;
580 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
581 sa_info[i].authMode = netTestCfg.sa[i].authMode;
582 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
583 sa_info[i].auth_tag_size = netTest_ICV_LEN;
585 sa_info[i].tx_pkt_info.enetPort = 0;
586 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
587 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
588 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
589 sa_info[i].tx_pkt_info.startOffset = 0;
590 sa_info[i].tx_pkt_info.lpbackPass = 0;
591 sa_info[i].tx_pkt_info.ploadLen = 0;
592 sa_info[i].tx_pkt_info.pPkt = NULL;
593 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
594 sa_info[i].tx_pkt_info.saPayloadLen = 0;
595 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
597 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
598 NWAL_TX_FLAG1_DO_UDP_CHKSUM|
599 NWAL_TX_FLAG1_META_DATA_VALID;
601 sa_info[i].dir =netTestCfg.sa[i].dir;
602 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
603 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
604 sa_info[i].spi =tmp_spi;
605 sa_info[i].tunnel_id = tmp_tunnel;
606 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
607 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
608 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
609 {
610 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
611 }
612 else
613 {
614 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
615 }
616 }
617 else if ((netTestCfg.sa[i].authMode== NWAL_SA_AALG_GMAC) &&
618 (netTestCfg.sa[i].cipherMode == NWAL_SA_EALG_NULL))
619 {
620 /* static configuration, will not change */
621 sa_info[i].tx_payload_info.aadSize = 0;
622 sa_info[i].tx_payload_info.pAad = NULL;
623 sa_info[i].tx_payload_info.pAuthIV = NULL;
624 sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN +
625 netTest_IP_HEADER_LEN;
627 sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
628 netTest_IP_HEADER_LEN +
629 netTest_ESP_HEADER_LEN +
630 netTest_AES_GMAC_IV_LEN;
632 sa_info[i].iv_len=0;
633 sa_info[i].bl=4;
635 /* dynamic configuration, will be calculated on the fly */
636 sa_info[i].tx_payload_info.authSize = 0;
637 sa_info[i].tx_payload_info.encSize = 0;
638 sa_info[i].tx_payload_info.pEncIV = 0;
639 sa_info[i].tx_payload_info.pAuthIV = 0;
641 sa_info[i].cipherMode = netTestCfg.sa[i].cipherMode;
642 sa_info[i].authMode = netTestCfg.sa[i].authMode;
643 sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
644 sa_info[i].auth_tag_size = netTest_AES_GMAC_ICV_LEN;
646 sa_info[i].tx_pkt_info.enetPort = 0;
647 sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
648 sa_info[i].tx_pkt_info.l4HdrLen = netTest_UDP_HEADER_LEN;
649 sa_info[i].tx_pkt_info.l4OffBytes = sa_info[i].inner_ip_offset + netTest_IP_HEADER_LEN;
650 sa_info[i].tx_pkt_info.startOffset = 0;
651 sa_info[i].tx_pkt_info.lpbackPass = 0;
652 sa_info[i].tx_pkt_info.ploadLen = 0;
653 sa_info[i].tx_pkt_info.pPkt = NULL;
654 sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
655 sa_info[i].tx_pkt_info.saPayloadLen = 0;
656 sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
658 sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO |
659 NWAL_TX_FLAG1_DO_UDP_CHKSUM |
660 NWAL_TX_FLAG1_META_DATA_VALID;
662 sa_info[i].dir =netTestCfg.sa[i].dir;
663 tmp_spi = netTest_utilHtonl((long)(netTestCfg.sa[i].spi));
664 tmp_tunnel = netTest_utilHtonl((long)(netTestCfg.tunnel_id[i]));
665 sa_info[i].spi =tmp_spi;
666 sa_info[i].tunnel_id = tmp_tunnel;
667 sa_info[i].src = *((long *)&netTestCfg.sa[i].src.ipv4[0]);
668 sa_info[i].dst = *((long *)&netTestCfg.sa[i].dst.ipv4[0]);
669 if (netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
670 {
671 trie_insert(p_trie_sa_rx,(char *)&tmp_spi,4, (void *) &sa_info[i]);
672 }
673 else
674 {
675 trie_insert(p_trie_sa_tx,(char *)&tmp_tunnel,4, (void *) &sa_info[i]);
676 }
677 }
678 else
679 netapi_Log("netTest_utilBuildSADB(): invalid encryption/authentication combination selected\n");
681 }
682 int netTest_utilCreateSecAssoc(void)
683 {
684 nwal_RetValue nwalRetVal;
685 int err,i;
686 nwalSaIpSecId_t nwalSaIpSecId;
687 uint32_t saId;
688 for (i=0; i < netTestCfg.num_sa;i++)
689 {
690 err = 0;
691 if(netTestCfg.sa[i].dir == NWAL_SA_DIR_INBOUND)
692 {
693 netTest_utilBuildSADB(i);
694 saId = i;
695 sa_info[i].rx_tunnel = netapi_secAddSA(
696 netapi_handle,
697 netTestCfg.ipsec_if_no, //iface #0
698 &netTestCfg.sa[i],
699 &netTestCfg.key_params[i],
700 netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
701 NULL, //use default route
702 &(sa_info[i].rx_data_mode_handle),
703 &(sa_info[i].rx_inflow_mode_handle),
704 (void*) saId,
705 &err);
706 if (err)
707 {
708 netapi_Log("addRxSa failed %d\n",err);
709 exit(1);
710 }
713 if (netTestCfg.ipsec_mode_rx == IPSEC_MODE_RX_INFLOW)
714 {
715 //assume inner and outer ip is the same
716 rx_policy[i]= netapi_secAddRxPolicy( netapi_handle,
717 sa_info[i].rx_tunnel, //link to tunnel above
718 4, //ipv4
719 &netTestCfg.sa[i].src,
720 &netTestCfg.sa[i].dst,
721 NULL, // no qualifiers
722 NULL, //default route
723 NULL, //user_data
724 &err);
725 if (err)
726 {
727 netapi_Log("addSaPolicy failed %d, for index %d\n",err,i);
728 exit(1);
729 }
730 }
731 else
732 {
733 rx_policy[i] = 0;
734 }
735 }
736 //tx SA security stuff
737 if(netTestCfg.sa[i].dir == NWAL_SA_DIR_OUTBOUND)
738 {
739 netTest_utilBuildSADB(i);
740 saId = i;
741 sa_info[i].tx_tunnel = netapi_secAddSA( netapi_handle,
742 0, //iface #0
743 &netTestCfg.sa[i],
744 &netTestCfg.key_params[i],
745 netTestCfg.ipsec_mode_tx == IPSEC_MODE_TX_SIDEBAND ? NETAPI_SEC_SA_SIDEBAND: NETAPI_SEC_SA_INFLOW,
746 NULL, //use default route
747 &(sa_info[i].tx_data_mode_handle),
748 &(sa_info[i].tx_inflow_mode_handle),
749 (void*)saId,
750 &err);
751 if (err) {netapi_Log("addTxSa failed %d\n",err); exit(1);}
752 }
753 }
754 }
757 void netTest_utilDeleteSecAssoc()
758 {
759 int err,i;
760 for (i=0; i < netTestCfg.num_sa;i++)
761 {
762 err = 0;
763 if(sa_info[i].dir == NWAL_SA_DIR_INBOUND)
764 {
765 if (rx_policy[i])
766 netapi_secDelRxPolicy(netapi_handle, rx_policy[i], &err);
767 if (err == 0) netapi_Log("polcicy deleted %d\n", i );
768 //delete tunnels
769 netapi_secDelSA(netapi_handle, 0, sa_info[i].rx_tunnel, &err);
770 }
772 if(sa_info[i].dir == NWAL_SA_DIR_OUTBOUND)
773 {
774 netapi_secDelSA(netapi_handle, 0, sa_info[i].tx_tunnel, &err);
775 }
776 }
777 }