Skip to content

Commit 562fc2e

Browse files
committed
esp: support dynamic load of esp for tests.
1 parent 3dccea8 commit 562fc2e

9 files changed

Lines changed: 278 additions & 148 deletions

File tree

.github/workflows/linux.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
- name: Run standalone "IPsec esp" test
3535
run: |
3636
sudo ./tools/ip-xfrm/rfc4106 128
37-
sudo ./build/test-esp
37+
sudo ./build/test-esp -m 0
3838
sudo killall tcpdump || true
3939
sudo ./tools/ip-xfrm/delete_all
4040

src/test/esp_sa_list.c

Lines changed: 0 additions & 103 deletions
This file was deleted.

src/test/test_esp.c

Lines changed: 101 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,16 +31,22 @@
3131
#include <sys/select.h>
3232
#include <sys/socket.h>
3333
#include <sys/types.h>
34+
#include <unistd.h>
35+
/* wolfip includes */
3436
#include "config.h"
3537
#include "wolfip.h"
3638
#include "wolfesp.h"
3739

40+
static void __attribute__((noreturn)) print_usage_and_die(void);
41+
#if 0
3842
#include "esp_sa_list.c"
43+
#endif
3944

4045
#define TEST_SIZE (12 * 1024)
4146

4247
#define BUFFER_SIZE TEST_SIZE
4348

49+
static int disable_ipsec = 0;
4450
static int listen_fd = -1, client_fd = -1;
4551
static int exit_ok = 0, exit_count = 0;
4652
static uint8_t buf[TEST_SIZE];
@@ -51,9 +57,34 @@ static int closed = 0;
5157
static int conn_fd = -1;
5258
static int client_connected = 0;
5359
/* "Test pattern - -" 16 chars without trailing null. */
54-
static const uint8_t test_pattern[16] = {0x54, 0x65, 0x73, 0x74, 0x20, 0x70,
55-
0x61, 0x74, 0x74, 0x65, 0x72, 0x6e,
56-
0x20, 0x2d, 0x20, 0x2d};
60+
static const uint8_t test_pattern[16] =
61+
{0x54, 0x65, 0x73, 0x74, 0x20, 0x70,
62+
0x61, 0x74, 0x74, 0x65, 0x72, 0x6e,
63+
0x20, 0x2d, 0x20, 0x2d};
64+
static uint8_t in_sa_gcm[ESP_SPI_LEN] = {0x01, 0x01, 0x01, 0x01};
65+
static uint8_t out_sa_gcm[ESP_SPI_LEN] = {0x02, 0x02, 0x02, 0x02};
66+
static uint8_t in_sa_cbc[ESP_SPI_LEN] = {0x03, 0x03, 0x03, 0x03};
67+
static uint8_t out_sa_cbc[ESP_SPI_LEN] = {0x04, 0x04, 0x04, 0x04};
68+
/* 32 byte key + 4 byte nonce*/
69+
static uint8_t in_enc_key[36] =
70+
{0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
71+
0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
72+
0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
73+
0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
74+
0x0a, 0x0b, 0x0c, 0x0d};
75+
static uint8_t out_enc_key[36] =
76+
{0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
77+
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
78+
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
79+
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
80+
0x0a, 0x0b, 0x0c, 0x0d};
81+
82+
static uint8_t in_auth_key[16] =
83+
{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
84+
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
85+
static uint8_t out_auth_key[16] =
86+
{0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
87+
0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02};
5788

5889

5990
/* wolfIP: server side callback. */
@@ -494,14 +525,36 @@ int main(int argc, char **argv)
494525
struct in_addr host_stack_ip;
495526
uint32_t srv_ip = 0;
496527
int err = 0;
528+
int opt = 0;
529+
int mode = 0; /* 0 aead example, 1 cbc-auth example*/
530+
531+
while ((opt = getopt(argc, argv, "pm:?")) != -1) {
532+
switch (opt) {
533+
case 'p':
534+
disable_ipsec = 1;
535+
break;
536+
case 'm':
537+
mode = atoi(optarg);
538+
break;
539+
case '?':
540+
print_usage_and_die();
541+
break;
542+
default: /* '?' */
543+
fprintf(stderr, "Usage: %s [-t nsecs] [-n] name\n",
544+
argv[0]);
545+
exit(EXIT_FAILURE);
546+
}
547+
}
497548

498549
(void)argc;
499550
(void)argv;
500551

501-
err = wolfIP_esp_init();
502-
if (err) {
503-
perror("esp_init");
504-
return 2;
552+
if (!disable_ipsec) {
553+
err = wolfIP_esp_init();
554+
if (err) {
555+
perror("esp_init");
556+
return 2;
557+
}
505558
}
506559

507560
wolfIP_init_static(&s);
@@ -532,8 +585,36 @@ int main(int argc, char **argv)
532585
printf("IP: manually configured\n");
533586
inet_pton(AF_INET, WOLFIP_IP, &srv_ip);
534587

535-
wolfIP_esp_load_sa_list(test_in_sa_list, WOLFIP_ESP_NUM_SA, 1);
536-
wolfIP_esp_load_sa_list(test_out_sa_list, WOLFIP_ESP_NUM_SA, 0);
588+
if (!disable_ipsec) {
589+
switch (mode) {
590+
case 0:
591+
err = wolfIP_esp_sa_new_aead(1, in_sa_gcm, atoip4(HOST_STACK_IP),
592+
atoip4(WOLFIP_IP),
593+
in_enc_key, sizeof(in_enc_key));
594+
595+
err = wolfIP_esp_sa_new_aead(0, out_sa_gcm, atoip4(WOLFIP_IP),
596+
atoip4(HOST_STACK_IP),
597+
out_enc_key, sizeof(out_enc_key));
598+
break;
599+
600+
case 1:
601+
err = wolfIP_esp_sa_new_cbc_sha256(1, in_sa_cbc, atoip4(HOST_STACK_IP),
602+
atoip4(WOLFIP_IP),
603+
in_enc_key, sizeof(in_enc_key) - 4,
604+
in_auth_key, sizeof(in_auth_key),
605+
ESP_ICVLEN_HMAC_128);
606+
607+
err = wolfIP_esp_sa_new_cbc_sha256(0, out_sa_cbc, atoip4(WOLFIP_IP),
608+
atoip4(HOST_STACK_IP),
609+
out_enc_key, sizeof(out_enc_key - 4),
610+
out_auth_key, sizeof(out_auth_key),
611+
ESP_ICVLEN_HMAC_128);
612+
break;
613+
614+
default:
615+
break;
616+
}
617+
}
537618

538619
/* Server side test */
539620
test_wolfip_echoserver(s, srv_ip);
@@ -546,3 +627,14 @@ int main(int argc, char **argv)
546627
#endif
547628
return 0;
548629
}
630+
631+
static void
632+
print_usage_and_die(void)
633+
{
634+
printf("./test-esp [-m <mode>] [-p]\n");
635+
printf("\n");
636+
printf("options:\n");
637+
printf(" -p force plaintext (disable ipsec)\n");
638+
printf(" -m <mode> 0 aead (default), 1 cbc auth\n");
639+
exit(1);
640+
}

0 commit comments

Comments
 (0)