refactor esp sa lists into separate test example file.

Author: philljj

src/test/esp_sa_list.c

@@ -0,0 +1,70 @@
+/* Static pre-defined SA lists for testing.*/
+
+static struct wolfIP_esp_sa test_in_sa_list[WOLFIP_ESP_NUM_SA] =
+{
+    {
+        {0x2f, 0xa9, 0xd8, 0xc8}, /* spi */
+        0x010A0A0A, /* src */
+        0x020A0A0A, /* dst */
+        0,0, /* oseq, seq */
+        0, /* iv len */
+        0, {0}, 0, /* null enc */
+        ESP_AUTH_SHA256_RFC4868,
+        {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+         0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+        16,
+        ESP_ICVLEN_HMAC_128
+    },
+    {
+        {0x76, 0x4f, 0x47, 0xc9}, /* spi */
+        0x010A0A0A, /* src */
+        0x020A0A0A, /* dst */
+        0,0, /* oseq, seq */
+        ESP_128_IV_LEN, /* iv len */
+        ESP_ENC_CBC_AES,
+        {0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
+         0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03},
+        16,
+        ESP_AUTH_SHA256_RFC4868,
+        {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+         0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+        16,
+        ESP_ICVLEN_HMAC_128
+    },
+};
+
+static struct wolfIP_esp_sa test_out_sa_list[WOLFIP_ESP_NUM_SA] =
+{
+    {
+        {0xf6, 0xe9, 0xb8, 0x0d}, /* spi */
+        0x020A0A0A, /* src */
+        0x030A0A0A, /* dst */
+        0,0, /* oseq, seq */
+        0, /* iv len */
+        0, {0}, 0, /* null enc */
+        ESP_AUTH_SHA256_RFC4868,
+        {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
+         0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
+        16,
+        ESP_ICVLEN_HMAC_128
+    },
+
+    {
+        {0x49, 0xeb, 0xfd, 0xd4}, /* spi */
+        0x020A0A0A, /* src */
+        0x010A0A0A, /* dst */
+        0,0, /* oseq, seq */
+        ESP_128_IV_LEN, /* iv len */
+        ESP_ENC_CBC_AES,
+        {0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
+         0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04},
+        16,
+        ESP_AUTH_SHA256_RFC4868,
+        {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
+         0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
+        16,
+        ESP_ICVLEN_HMAC_128
+    },
+
+};
+

src/test/test_linux_eventloop.c

@@ -30,6 +30,11 @@
 #include "config.h"
 #include "wolfip.h"
 
+#if defined(WOLFIP_ESP)
+    #include "wolfesp.h"
+    #include "esp_sa_list.c"
+#endif
+
 #define TEST_SIZE (4 * 1024)
 
 #define BUFFER_SIZE TEST_SIZE
@@ -464,6 +469,11 @@ int main(int argc, char **argv)
     inet_pton(AF_INET, WOLFIP_IP, &srv_ip);
 #endif
 
+#if defined(WOLFIP_ESP)
+    esp_load_sa_list(test_in_sa_list, 2, 1);
+    esp_load_sa_list(test_out_sa_list, 2, 0);
+#endif
+
     /* Server side test */
     test_wolfip_echoserver(s, srv_ip);
 

src/wolfesp.c

@@ -1,144 +1,50 @@
 #if defined(WOLFIP_ESP) && !defined(WOLFESP_SRC)
 #define WOLFESP_SRC
 
-#define ESP_SPI_LEN          4
-#define ESP_SEQ_LEN          4
-#define ESP_PADDING_LEN      1
-#define ESP_NEXT_HEADER_LEN  1
-#define ESP_ICV_ALIGNMENT    4
-/* hmac-[sha256, sha1, md5]-96*/
-#define ESP_ICVLEN_HMAC_96   12
-#define ESP_ICVLEN_HMAC_128  16
-#define WOLFIP_ESP_NUM_SA    2
-
-/* aes-128 */
-#define ESP_128_KEY_LEN            16
-#define ESP_128_IV_LEN             16
-
-typedef enum {
-  ESP_ENC_NONE = 0,
-  ESP_ENC_CBC_AES,
-  ESP_ENC_CBC_DES3,
-  ESP_ENC_GCM_RFC4106,
-  ESP_ENC_GCM_RFC4543, /* placeholder to indicate gmac auth. */
-} esp_enc_t;
-
-typedef enum {
-  ESP_AUTH_NONE = 0,
-  ESP_AUTH_MD5_RFC2403,    /* hmac(md5)-96 */
-  ESP_AUTH_SHA1_RFC2404,   /* hmac(sha1)-96 */
-  ESP_AUTH_SHA256_RFC4868, /* hmac(sha256)-N, N=96,128  */
-  ESP_AUTH_GCM_RFC4106,    /* placeholder to indicate gcm auth. */
-  ESP_AUTH_GCM_RFC4543     /* rfc4543 gmac */
-} esp_auth_t;
-
-/* Minimal ESP Security Association structure.
- * Supports only transport mode.
- * */
-struct wolfIP_esp_sa {
-    uint8_t    spi[ESP_SPI_LEN]; /* security parameter index */
-    ip4        src; /* ip src and dst in network byte order */
-    ip4        dst;
-    uint32_t   oseq; /* outbound sequence number */
-    uint32_t   seq; /* inbound sequence number */
-    uint8_t    iv_len;
-    esp_enc_t  enc;
-    uint8_t    enc_key[32];
-    uint8_t    enc_key_len;
-    esp_auth_t auth;
-    uint8_t    auth_key[32];
-    uint8_t    auth_key_len;
-    uint8_t    icv_len;
-};
+#include "wolfesp.h"
 
 static WC_RNG  wc_rng;
 static uint8_t rng_inited = 0;
 
-static void
+int
 esp_init(void)
 {
+    int ret = 0;
+
     if (rng_inited == 0) {
-        int ret = wc_InitRng_ex(&wc_rng, NULL, INVALID_DEVID);
+        ret = wc_InitRng_ex(&wc_rng, NULL, INVALID_DEVID);
 
         if (ret) {
             printf("error: wc_InitRng_ex returned: %d\n", ret);
         }
-
-        rng_inited = 1;
+        else {
+            rng_inited = 1;
+        }
     }
 
-    return;
+    return ret;
 }
 
-/* Static pre-defined SA lists.*/
 
-struct wolfIP_esp_sa in_sa_list[WOLFIP_ESP_NUM_SA] =
-{
-    {
-        {0x2f, 0xa9, 0xd8, 0xc8}, /* spi */
-        0x010A0A0A, /* src */
-        0x020A0A0A, /* dst */
-        0,0, /* oseq, seq */
-        0, /* iv len */
-        0, {0}, 0, /* null enc */
-        ESP_AUTH_SHA256_RFC4868,
-        {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-         0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
-        16,
-        ESP_ICVLEN_HMAC_128
-    },
-    {
-        {0x76, 0x4f, 0x47, 0xc9}, /* spi */
-        0x010A0A0A, /* src */
-        0x020A0A0A, /* dst */
-        0,0, /* oseq, seq */
-        ESP_128_IV_LEN, /* iv len */
-        ESP_ENC_CBC_AES,
-        {0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
-         0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03},
-        16,
-        ESP_AUTH_SHA256_RFC4868,
-        {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-         0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
-        16,
-        ESP_ICVLEN_HMAC_128
-    },
-};
-
-struct wolfIP_esp_sa out_sa_list[WOLFIP_ESP_NUM_SA] =
+static struct wolfIP_esp_sa * in_sa_list = NULL;
+static struct wolfIP_esp_sa * out_sa_list = NULL;
+static uint16_t               in_sa_num = 0;
+static uint16_t               out_sa_num = 0;
+
+void
+esp_load_sa_list(struct wolfIP_esp_sa * sa_list, uint16_t num, uint16_t in)
 {
-    {
-        {0xf6, 0xe9, 0xb8, 0x0d}, /* spi */
-        0x020A0A0A, /* src */
-        0x030A0A0A, /* dst */
-        0,0, /* oseq, seq */
-        0, /* iv len */
-        0, {0}, 0, /* null enc */
-        ESP_AUTH_SHA256_RFC4868,
-        {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
-         0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
-        16,
-        ESP_ICVLEN_HMAC_128
-    },
+    if (in == 1) {
+        in_sa_list = sa_list;
+        in_sa_num = num;
+    }
+    else {
+        out_sa_list = sa_list;
+        out_sa_num = num;
+    }
 
-    {
-        {0x49, 0xeb, 0xfd, 0xd4}, /* spi */
-        0x020A0A0A, /* src */
-        0x010A0A0A, /* dst */
-        0,0, /* oseq, seq */
-        ESP_128_IV_LEN, /* iv len */
-        ESP_ENC_CBC_AES,
-        {0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
-         0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04},
-        16,
-        ESP_AUTH_SHA256_RFC4868,
-        {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
-         0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02},
-        16,
-        ESP_ICVLEN_HMAC_128
-    },
-
-};
+    return;
+}
 
 #ifdef WOLFIP_DEBUG_ESP
     #ifdef WOLFIP_DEBUG_ESP_VERBOSE
@@ -617,7 +523,7 @@ static int esp_unwrap(struct wolfIP *s, struct wolfIP_ip_packet *ip,
     memcpy(&seq, ip->data + ESP_SPI_LEN, sizeof(seq));
     seq = ee32(seq);
 
-    for (size_t i = 0; i < WOLFIP_ESP_NUM_SA; ++i) {
+    for (size_t i = 0; i < in_sa_num; ++i) {
         if (memcmp(spi, in_sa_list[i].spi, sizeof(spi)) == 0) {
             #ifdef WOLFIP_DEBUG_ESP
             printf("info: found sa: 0x%02x%02x%02x%02x\n",
@@ -762,7 +668,7 @@ static int esp_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
     struct wolfIP_esp_sa * esp_sa = NULL;
 
     /* TODO: priority, tcp/udp port-filtering? */
-    for (size_t i = 0; i < WOLFIP_ESP_NUM_SA; ++i) {
+    for (size_t i = 0; i < out_sa_num; ++i) {
         if (ip->dst == out_sa_list[i].dst) {
             esp_sa = &out_sa_list[i];
             #ifdef WOLFIP_DEBUG_ESP

wolfesp.h

@@ -0,0 +1,66 @@
+#ifndef WOLFESP_H
+#define WOLFESP_H
+
+#define ESP_SPI_LEN          4
+#define ESP_SEQ_LEN          4
+#define ESP_PADDING_LEN      1
+#define ESP_NEXT_HEADER_LEN  1
+#define ESP_ICV_ALIGNMENT    4
+/* hmac-[sha256, sha1, md5]-96*/
+#define ESP_ICVLEN_HMAC_96   12
+#define ESP_ICVLEN_HMAC_128  16
+#define WOLFIP_ESP_NUM_SA    2
+
+/* aes-128 */
+#define ESP_128_KEY_LEN            16
+#define ESP_128_IV_LEN             16
+
+/* gcm */
+#define ESP_GCM_RFC4106_SALT_LEN   4
+#define ESP_GCM_RFC4106_IV_LEN     8
+#define ESP_GCM_RFC4106_NONCE_LEN (ESP_GCM_RFC4106_SALT_LEN \
+
+typedef enum {
+  ESP_ENC_NONE = 0,
+  ESP_ENC_CBC_AES,
+  ESP_ENC_CBC_DES3,
+  ESP_ENC_GCM_RFC4106,
+  ESP_ENC_GCM_RFC4543, /* placeholder to indicate gmac auth. */
+} esp_enc_t;
+
+typedef enum {
+  ESP_AUTH_NONE = 0,
+  ESP_AUTH_MD5_RFC2403,    /* hmac(md5)-96 */
+  ESP_AUTH_SHA1_RFC2404,   /* hmac(sha1)-96 */
+  ESP_AUTH_SHA256_RFC4868, /* hmac(sha256)-N, N=96,128  */
+  ESP_AUTH_GCM_RFC4106,    /* placeholder to indicate gcm auth. */
+  ESP_AUTH_GCM_RFC4543     /* rfc4543 gmac */
+} esp_auth_t;
+
+/* Minimal ESP Security Association structure.
+ * Supports only transport mode.
+ * */
+struct wolfIP_esp_sa {
+    uint8_t    spi[ESP_SPI_LEN]; /* security parameter index */
+    ip4        src; /* ip src and dst in network byte order */
+    ip4        dst;
+    uint32_t   oseq; /* outbound sequence number */
+    uint32_t   seq; /* inbound sequence number */
+    uint8_t    iv_len;
+    esp_enc_t  enc;
+    uint8_t    enc_key[32];
+    uint8_t    enc_key_len;
+    esp_auth_t auth;
+    uint8_t    auth_key[32];
+    uint8_t    auth_key_len;
+    uint8_t    icv_len;
+    #if 0
+    uint8_t    pre_iv[ESP_GCM_RFC4106_IV_LEN]; /* unique salt that is xor'ed with
+                                                * oseq to generate the iv. */
+    #endif
+};
+
+int  esp_init(void);
+void esp_load_sa_list(struct wolfIP_esp_sa * sa_list, uint16_t num, uint16_t in);
+
+#endif /* !WOLFESP_H */