net test changes to implmenent low level NWAL APIs for TX crypto
authorTinku Mannan <tmannan@ti.com>
Wed, 14 Nov 2012 22:30:18 +0000 (17:30 -0500)
committerTinku Mannan <tmannan@ti.com>
Wed, 14 Nov 2012 22:30:18 +0000 (17:30 -0500)
ti/runtime/netapi/netapi_tune.h
ti/runtime/netapi/netcp_cfg.h
ti/runtime/netapi/src/netapi_sec.c
ti/runtime/netapi/test/net_test.c
ti/runtime/netapi/test/net_test.h

index d341dce1b9d0b78983015edaecfaf6c922d4ad24..a60263af5b9626ad350929d55f7a075802f4e26e 100755 (executable)
 * @def  TUNE_NETAPI_MAX_SA
 *       This defines the maximum number of security associations
 */
-#define TUNE_NETAPI_MAX_SA 8   //rx&tx combined (so MAX_SA/4 tunnels typically)
+#define TUNE_NETAPI_MAX_SA 64   //rx&tx combined (so MAX_SA/4 tunnels typically)
 
 /**
  * @ingroup tune_parameters
  * @def  TUNE_NETAPI_MAX_POLICY
  *      This defines the maximum number of security policies.
 */
-#define TUNE_NETAPI_MAX_POLICY 8  //rx policies
+#define TUNE_NETAPI_MAX_POLICY 64  //rx policies
 
 #endif
index 84bc14ff052ff8222b512c1446dbe709113e9d36..70fba462d83034cf3d3a880997cd2efa0c7c30c3 100755 (executable)
@@ -512,6 +512,7 @@ typedef struct NETCP_CFG_CLASSIFIER_Tag
  * @def NETCP_CFG_CLASS_TYPE_L4
  * @ingroup cfg_constants
  *      This defines classifier type to be Class L4. Class L4 classifiers specifiy the L4 protocol information of the packets to matched;  the L2,L3 portions of the classifier are implied by supplied handles from the mac interface create and IP Add APIs
+ */
 #define NETCP_CFG_CLASS_TYPE_L4  0
 
 /**
index 388e2e19052489a86ccd1ed8e4494c157f3fd486..624623783b7127fdad4e6fbbc354fa42eb5b10f6 100755 (executable)
@@ -64,7 +64,7 @@ NetapiNwalTransInfo_t *pTransInfo;
 nwal_TransID_t     trans_id;
 unsigned int appId = NETAPI_NETCP_MATCH_IPSEC | iface_no;
 int tunnelId;
-nwalSaIpSecId_t  saInfo;
+nwalSaIpSecId_t  nwalSaIpSecId;
 int have_to_wait=1;
 nwalCreateSAParams_t    createParam =
 {
@@ -80,10 +80,10 @@ nwalCreateSAParams_t    createParam =
         NWAL_SA_DIR_INBOUND,
         0,
         0,
-        NWAL_SA_AALG_HMAC_SHA1,                     /* update from input */
-        NWAL_SA_EALG_AES_CTR,                       /* update from input */
+        NWAL_SA_AALG_HMAC_SHA1,  //update
+        NWAL_SA_EALG_AES_CTR, //update
         { 0x00},      /* remMacAddr:  NA */
-        12,                                                         /* update from input, mac size */
+        12, /* macSize */
         NWAL_MATCH_ACTION_CONTINUE_NEXT_ROUTE,       /* Continue parsing to next route for match */
         NWAL_NEXT_ROUTE_FAIL_ACTION_HOST,            /* For next route fail action by default is route to host */
         CPPI_PARAM_NOT_SPECIFIED,                    /* Use default flow configured to NWAL  if packet is routed to host */
@@ -115,10 +115,11 @@ nwalCreateSAParams_t    createParam =
     pTransInfo->netapi_handle = h;
 
     /* build SA parameters */
-    saInfo.spi = sa_info->spi;
-    memcpy(&saInfo.dst, &sa_info->dst, sizeof( nwalIpAddr_t));
-    memcpy(&saInfo.src, &sa_info->src, sizeof( nwalIpAddr_t));
-    saInfo.proto = sa_info->proto;
+     memset(&nwalSaIpSecId, 0, sizeof(nwalSaIpSecId_t));
+    nwalSaIpSecId.spi = sa_info->spi;
+    memcpy(&nwalSaIpSecId.dst, &sa_info->dst, sizeof( nwalIpAddr_t));
+    memcpy(&nwalSaIpSecId.src, &sa_info->src, sizeof( nwalIpAddr_t));
+    nwalSaIpSecId.proto = sa_info->proto;
     createParam.macHandle = mac_handle;
     createParam.ipType = sa_info->ipType;
     //memcpy(&createParam.saIpSecParam.src,&sa_info->src, sizeof(nwalIpAddr_t));
@@ -129,17 +130,11 @@ nwalCreateSAParams_t    createParam =
     createParam.saIpSecParam.cipherMode = sa_info->cipherMode;
     createParam.saIpSecParam.esnLo = sa_info->esnLo;
     createParam.saIpSecParam.esnHi = sa_info->esnHi;
-    if ((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) || (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))
-    {
-       createParam.saIpSecParam.macSize = 16;
-    }
-    if  ((sa_info->authMode == NWAL_SA_AALG_NULL) && 
-        (!((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) || 
-           (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))))
-    {
-        createParam.saIpSecParam.replayWindow = 0;
-        createParam.saIpSecParam.macSize = 0;
-    }
+     if  (sa_info->authMode == NWAL_SA_AALG_NULL)
+     {
+            createParam.saIpSecParam.replayWindow = 0;
+            createParam.saIpSecParam.macSize = 0;
+     }
     memcpy(&createParam.keyParam,key_params,sizeof(nwalSecKeyParams_t));
 
     if (route != NULL)
@@ -153,7 +148,7 @@ nwalCreateSAParams_t    createParam =
     retValue = nwal_setSecAssoc (((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
                                   trans_id,
                                  (nwal_AppId) appId,
-                                  &saInfo,
+                                  &nwalSaIpSecId,
                                   &createParam,
                                   &pTransInfo->handle);
     if(retValue == nwal_TRANS_COMPLETE)
@@ -203,19 +198,6 @@ nwalCreateSAParams_t    createParam =
         dmSaParam.dmSaParam.macSize=12;        /**todo: pass in or deduce */
         dmSaParam.dmSaParam.aadSize=0;        /**todo: pass in or deduce */
         dmSaParam.dmSaParam.enc1st =  (sa_info->dir ==NWAL_SA_DIR_OUTBOUND) ? nwal_TRUE : nwal_FALSE;  //encypt 1st for outbound
-        if ((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) || (sa_info->cipherMode == NWAL_SA_EALG_AES_CCM))
-        {
-            dmSaParam.dmSaParam.macSize = 16;
-            dmSaParam.dmSaParam.aadSize=8;
-            /* Enc1st needs to always be true for combined mode algorithms */
-            dmSaParam.dmSaParam.enc1st = nwal_TRUE;
-        }
-       else
-        {
-            dmSaParam.dmSaParam.macSize=12;        /**todo: pass in or deduce */
-            dmSaParam.dmSaParam.aadSize=0;        /**todo: pass in or deduce */
-        }
-
        if  (sa_info->authMode == NWAL_SA_AALG_NULL)
        {
             dmSaParam.dmSaParam.enc1st = nwal_TRUE;
@@ -242,7 +224,7 @@ nwalCreateSAParams_t    createParam =
                            tunnelId,
                          (sa_info->dir ==   NWAL_SA_DIR_INBOUND) ? TRUE: FALSE,
                           inflow_mode,
-                          &saInfo, &createParam,
+                          &nwalSaIpSecId, &createParam,
                           *p_inflow_mode_handle,
                           *p_data_mode_handle);
     return  (appId);
index cb32319e0f6f3b525684212714b72b203cf6748e..5c79d8a2e3e750606864030966eec7da6c77b2c2 100755 (executable)
  *  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
  *****************************************/
-//#define NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
+#define NET_TEST_ENABLE_INFLOW_LOW_LEVEL_API
+#ifdef NET_TEST_ENABLE_INFLOW_LOW_LEVEL_API
+#define NWAL_ENABLE_SA
+#endif
+#define NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
 #ifdef NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
 #define NWAL_ENABLE_SA
 #endif
@@ -331,7 +335,7 @@ NETCP_CFG_CLASSIFIER_T class_0_cfg=
 {
    NETCP_CFG_CLASS_TYPE_L4,
    {
-       {0,0, NWAL_APP_PLOAD_PROTO_UDP, {2500}}
+       .c_l4={0,0, NWAL_APP_PLOAD_PROTO_UDP, {2500}}
    }
 };
 
@@ -339,7 +343,7 @@ NETCP_CFG_CLASSIFIER_T class_1_cfg=
 {
    NETCP_CFG_CLASS_TYPE_L4,
    {
-        {0,0, NWAL_APP_PLOAD_PROTO_UDP, {2502}}
+       .c_l4= {0,0, NWAL_APP_PLOAD_PROTO_UDP, {2502}}
    }
 };
 
@@ -351,7 +355,7 @@ NETCP_CFG_CLASSIFIER_T class_2_cfg=
 {
    NETCP_CFG_CLASS_TYPE_L3_L4,
    {
-        {0,  4 ,0/*fill in below*/ , NULL, NULL,          //L2/L3
+        .c_l3_l4={0,  4 ,0/*fill in below*/ , NULL, NULL,          //L2/L3
            NWAL_APP_PLOAD_PROTO_UDP, {2504}}   //L4
    }
 };
@@ -359,7 +363,7 @@ NETCP_CFG_CLASSIFIER_T class_2_cfg=
 PKTIO_CONTROL_T zap_channel_control={PKTIO_CLEAR, NULL};
 
 /* security objects. (for loopback mode) */
-netTestSA_t sa_info[6];
+netTestSA_t sa_info[7];
 int netapi_algorithm_set = 0;
 int netapi_sec_sa_mode = 2;
 /* tmannan-end */
@@ -461,7 +465,7 @@ NETAPI_SEC_SA_INFO_T rx_sa [7] = {
     { 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* Src IP (them) -> set below */
     { 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* dst IP (us)-> set below*/
     64,/* replayWindow */
-    NWAL_SA_AALG_GMAC,
+    NWAL_SA_AALG_AES_XCBC,
     NWAL_SA_EALG_NULL,
     0,0  //na
 }
@@ -555,7 +559,7 @@ NETAPI_SEC_SA_INFO_T tx_sa[7]= {
     { 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* Src IP (them) -> set below */
     { 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* dst IP (us)-> set below*/
     64,/* replayWindow */
-    NWAL_SA_AALG_GMAC,
+    NWAL_SA_AALG_AES_XCBC,
     NWAL_SA_EALG_NULL,
     0,0  //na
 }
@@ -563,7 +567,7 @@ NETAPI_SEC_SA_INFO_T tx_sa[7]= {
 
 static nwalSecKeyParams_t ourTXKeyParams[7] ={
 {
-    16, /* encKeySize: CTR 16 bytes Encryption Key and 4 bytes Salt : 24 bytes:NWAL_SA_EALG_3DES_CBC and 0 bytes Salt*/
+    32, /* encKeySize: CTR 16 bytes Encryption Key and 4 bytes Salt : 24 bytes:NWAL_SA_EALG_3DES_CBC and 0 bytes Salt*/
     20, /* macKeySize: 16 bytes NWAL_SA_AALG_HMAC_SHA1 */
     NULL, //set below
     NULL, //set below
@@ -600,7 +604,7 @@ static nwalSecKeyParams_t ourTXKeyParams[7] ={
 },
 {
     0, /* encKeySize: CTR 16 bytes Encryption Key and 3 bytes Salt : 24 bytes:NWAL_SA_EALG_AES_CTR and 0 bytes Salt*/
-    24, /* macKeySize 0*/
+    16, /* macKeySize 0*/
     NULL, //set below
     NULL, //set below
 }
@@ -609,7 +613,7 @@ static nwalSecKeyParams_t ourTXKeyParams[7] ={
 /* these keys are for aes-ctr and hmac sha2_256 */
 static nwalSecKeyParams_t ourRXKeyParams[7] ={
 {
-    16, /* encKeySize: CTR 16 bytes Encryption Key and 4 bytes Salt : 24 bytes:NWAL_SA_EALG_3DES_CBC and 0 bytes Salt*/
+    32, /* encKeySize: CTR 16 bytes Encryption Key and 4 bytes Salt : 24 bytes:NWAL_SA_EALG_3DES_CBC and 0 bytes Salt*/
     20, /* macKeySize: 16 bytes NWAL_SA_AALG_HMAC_SHA1 */
     NULL, //set below
     NULL, //set below
@@ -646,7 +650,7 @@ static nwalSecKeyParams_t ourRXKeyParams[7] ={
 },
 {
     0, /* encKeySize: CTR 16 bytes Encryption Key and 3 bytes Salt : 24 bytes:NWAL_SA_EALG_AES_CTR and 0 bytes Salt*/
-    24, /* macKeySize 0*/
+    16, /* macKeySize 0*/
     NULL, //set below
     NULL, //set below
 }
@@ -1257,7 +1261,35 @@ if (len <1500)
            /* post it to netcp tx channel*/
            meta.u.tx_meta=&meta_tx;
            if (stats.sec_tx<20) dump_descr((long *) tip, stats.sec_tx);
-           pktio_send(netcp_tx_chan,tip,&meta,&err);
+#ifdef NET_TEST_ENABLE_INFLOW_LOW_LEVEL_API
+#if 0
+        nwal_mCmdSetCrypPort (tip,
+                                          &p_sa_info->tx_psCmdInfo,
+                                         p_sa_info->tx_pkt_info.saOffBytes,
+                                         meta_tx.saPayloadLen,
+                p_sa_info->swInfo0, 
+                p_sa_info->swInfo1, 
+                NWAL_ENET_PORT_UNKNOWN);
+#endif
+                nwal_mCmdSetL4CkSumCrypPort(tip,
+                 &p_sa_info->tx_psCmdInfo,
+                meta_tx.l4OffBytes, 
+                meta_tx.ploadLen + meta_tx.l4HdrLen, 
+                meta_tx.pseudoHdrChecksum, 
+                p_sa_info->tx_pkt_info.saOffBytes, 
+                meta_tx.saPayloadLen, 
+                p_sa_info->swInfo0, 
+                p_sa_info->swInfo1, 
+                NWAL_ENET_PORT_UNKNOWN);
+
+                pPloadDesc = Pktlib_getDescFromPacket(tip);
+                pPloadDesc = Qmss_osalConvertDescVirtToPhy(pPloadDesc);
+                Qmss_queuePushDescSizeRaw(p_sa_info->tx_psCmdInfo.txQueue,
+                                           pPloadDesc,
+                                           NWAL_DESC_SIZE);
+#else
+               pktio_send(netcp_tx_chan,tip,&meta,&err);
+#endif
            stats.tx +=1;
            stats.sec_tx +=1;
      }
@@ -1544,12 +1576,6 @@ Cppi_HostDesc*          pPloadDesc;
                     meta_tx.encSize = len - p_sa_info->tx_payload_info.encOffset -p_sa_info->auth_tag_size;
                     meta_tx.authSize = len - meta_tx.authOffset - p_sa_info->auth_tag_size;
 
-#if 0
-            printf("recv_cb(): encOffset %d\n", meta_tx.encOffset);
-            printf("recv_cb():authOffset %d\n", meta_tx.authOffset);
-            printf("recv_cb(): encSize %d\n", meta_tx.encSize);
-            printf("recv_cb(): authSize %d\n", meta_tx.authSize);
-#endif
 
             if (p_sa_info->cipherMode ==  NWAL_SA_EALG_AES_CTR)
             {
@@ -1912,7 +1938,7 @@ dump_poll_stats();
                                    tx_sa[i].cipherMode);
         }
     }
-netapi_dump_internal_heap_stats();
+//netapi_dump_internal_heap_stats();
 }
 
 //******************************************************
@@ -2407,7 +2433,7 @@ void  build_sa_db(int i)
         tmp_spi = htonl((long)(tx_sa[i].spi));
          trie_insert(p_trie_sa,(char *)&tmp_spi,4, (void *) &sa_info[i]); //asociate with tx sa SPI
     }
-    else if ((tx_sa[i].authMode == NWAL_SA_AALG_GMAC) && (rx_sa[i].cipherMode == NWAL_SA_EALG_NULL))
+    else if ((tx_sa[i].authMode == NWAL_SA_AALG_AES_XCBC) && (rx_sa[i].cipherMode == NWAL_SA_EALG_NULL))
     {
         /* static configuration, will not change */
         sa_info[i].tx_payload_info.aadSize = 0;
@@ -2419,7 +2445,7 @@ void  build_sa_db(int i)
         sa_info[i].tx_payload_info.encOffset =         netTest_MAC_HEADER_LEN +
                                                                      netTest_IP_HEADER_LEN +
                                                                     netTest_ESP_HEADER_LEN +
-                                                                    netTest_AES_GMAC_IV_LEN;
+                                                                    netTest_NULL_IV_LEN;
 #ifdef EXPERIMENTAL
         sa_info[i].iv_len=0;
         sa_info[i].bl=4;
@@ -2437,9 +2463,9 @@ void  build_sa_db(int i)
         sa_info[i].tx_payload_info.pPkt = 0;
 
         sa_info[i].cipherMode = NWAL_SA_EALG_NULL;
-        sa_info[i].authMode = NWAL_SA_AALG_GMAC;
+        sa_info[i].authMode = NWAL_SA_AALG_AES_XCBC;
         sa_info[i].inner_ip_offset = sa_info[i].tx_payload_info.encOffset;
-        sa_info[i].auth_tag_size = netTest_AES_GMAC_ICV_LEN;  /* icv or mac size,. always 12 except for AES_CCM/AES_GCM , GMAC*/
+        sa_info[i].auth_tag_size = netTest_ICV_LEN;  /* icv or mac size,. always 12 except for AES_CCM/AES_GCM , GMAC*/
 
         sa_info[i].tx_pkt_info.enetPort = 0;
         sa_info[i].tx_pkt_info.ipOffBytes = sa_info[i].tx_payload_info.encOffset;
@@ -2715,7 +2741,7 @@ int main(int argc, char **argv)
  
     FILE * fpr = NULL;
 
-
+nwalSaIpSecId_t  nwalSaIpSecId;
 
     err= getrlimit(RLIMIT_STACK,&rl);
     if (!err) printf(" stack limit = %d\n",rl.rlim_cur); else printf("getrlimit failed\n");
@@ -3058,7 +3084,40 @@ if (err) {printf("addTxSa failed %d\n",err); exit(1);}
                                  sa_info[i].tx_data_mode_handle,
                                  &sa_info[i].tx_dmPSCmdInfo);
     }
+#endif
 
+#ifdef NET_TEST_ENABLE_INFLOW_LOW_LEVEL_API
+    if(config.ipsec_mode_tx == IPSEC_MODE_TX_INFLOW)
+    {
+        memset(&nwalSaIpSecId, 0, sizeof(nwalSaIpSecId_t));
+        nwalSaIpSecId.spi = tx_sa[i].spi;
+        memcpy(&(nwalSaIpSecId.src), &config.local_ipsec_ip,sizeof( nwalIpAddr_t));
+        memcpy(&(nwalSaIpSecId.dst), &config.remote_ipsec_ip,sizeof( nwalIpAddr_t));
+        nwalSaIpSecId.proto= tx_sa[i].proto;
+
+        nwalRetVal = nwal_initPSCmdInfo(PKTIO_GET_NWAL_INSTANCE(netcp_tx_chan), 
+                                                            &sa_info[i].tx_pkt_info,
+                                                            &sa_info[i].tx_psCmdInfo);
+
+        if (nwalRetVal == nwal_OK)
+        {
+             if (nwal_getSecAssoc(PKTIO_GET_NWAL_INSTANCE(netcp_tx_chan),
+                                &nwalSaIpSecId, 
+                                NWAL_SA_DIR_OUTBOUND,
+                                &(sa_info[i].tx_inflow_mode_handle),
+                                &sa_info[i].swInfo0,
+                               &sa_info[i].swInfo1) != nwal_TRUE)
+            {
+                printf("main: nwal_getSecAssoc failed\n");
+                exit (1);
+            }
+       }
+        else
+        {
+                printf("main: nwal_initPSCmdInfo failed\n");
+                exit (1);
+         }
+    }
 #endif
     }
 
index 74702ed116d5a4e43aff8fb23100ae18196213e6..dbb9d90b7e874f8d24812c0a72d8a023077b90cc 100755 (executable)
@@ -41,7 +41,7 @@
 /* ============================================================= */
 
 
-#define MAX_SEC_INDEX                   6
+#define MAX_SEC_INDEX                   7
 
 
 //IPSEC MODE(only choose one rx and one tx)
@@ -113,6 +113,11 @@ typedef struct {
     nwalTxDmPSCmdInfo_t     rx_dmPSCmdInfo;
     nwalTxDmPSCmdInfo_t     tx_dmPSCmdInfo;
 #endif
+#ifdef NET_TEST_ENABLE_INFLOW_LOW_LEVEL_API
+    nwalTxPSCmdInfo_t          tx_psCmdInfo;
+    uint32_t                           swInfo0;
+    uint32_t                           swInfo1;
+#endif
 } netTestSA_t;