From patchwork Thu Aug 21 12:30:34 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robbie King X-Patchwork-Id: 35764 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pd0-f199.google.com (mail-pd0-f199.google.com [209.85.192.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 5C2ED2055D for ; Thu, 21 Aug 2014 12:31:57 +0000 (UTC) Received: by mail-pd0-f199.google.com with SMTP id v10sf68840024pde.6 for ; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:list-id:list-unsubscribe:list-archive :list-post:list-help:list-subscribe:mime-version:errors-to:sender :x-original-sender:x-original-authentication-results:mailing-list :content-type:content-transfer-encoding; bh=l4H7T8Jg59/D6SNh4QsmvG6QXoVjghPLEDqv8tLq7A8=; b=E/czP/j5DoWN3BSalSuYccxHIC3RF9csTqkOk0gxYhG9QQNUmB4p1C7WSl20vwLgTm hShoW2b1JzXX19cdJqU8cMbWzlC4t/5o7eVsWUWD1Q27VVvPUGOKxWTo6IMYI4yrJ1H4 GFQ8umsQfgAL950998zOHcUDhg7HZg/S/HKnwa8CyMSVtLX108KQhygFQp7PVMgR3wmW FsXadGLtOoDoFB0UBHOjmTcUvy3Xdxgq1mOAA484wwTL1b3C7O2w3SZ752UJRdge7Tkp 17vhb3zfOmFag3DAHsymqNBQhtENub8gJ/+RWB2lTU0cUaqb/9R1Rf5nH9S1VLJb5OI0 wmAA== X-Gm-Message-State: ALoCoQm2Xq6ulP8nmYsSJ22uzJ3NQ440qHBYgbNlYcQXSPjK9ovyRA4cd7vxMO8LmQC5aACkyrPR X-Received: by 10.66.147.227 with SMTP id tn3mr5046342pab.4.1408624316705; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.105.247 with SMTP id c110ls120554qgf.5.gmail; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-Received: by 10.220.247.3 with SMTP id ma3mr39065673vcb.29.1408624316473; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) Received: from mail-vc0-x231.google.com (mail-vc0-x231.google.com [2607:f8b0:400c:c03::231]) by mx.google.com with ESMTPS id x5si12260419vcy.51.2014.08.21.05.31.56 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 21 Aug 2014 05:31:56 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 2607:f8b0:400c:c03::231 as permitted sender) client-ip=2607:f8b0:400c:c03::231; Received: by mail-vc0-f177.google.com with SMTP id hy4so10445771vcb.22 for ; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-Received: by 10.52.245.101 with SMTP id xn5mr21482685vdc.32.1408624316382; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.45.67 with SMTP id uj3csp131560vcb; Thu, 21 Aug 2014 05:31:56 -0700 (PDT) X-Received: by 10.140.50.133 with SMTP id s5mr46613473qga.33.1408624315936; Thu, 21 Aug 2014 05:31:55 -0700 (PDT) Received: from ip-10-141-164-156.ec2.internal (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTPS id w35si38432040qge.36.2014.08.21.05.31.55 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 21 Aug 2014 05:31:55 -0700 (PDT) Received-SPF: none (google.com: lng-odp-bounces@lists.linaro.org does not designate permitted sender hosts) client-ip=54.225.227.206; Received: from localhost ([127.0.0.1] helo=ip-10-141-164-156.ec2.internal) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XKRX0-0004hO-HZ; Thu, 21 Aug 2014 12:31:54 +0000 Received: from alln-iport-8.cisco.com ([173.37.142.95]) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XKRVu-0004Yb-Qe for lng-odp@lists.linaro.org; Thu, 21 Aug 2014 12:30:46 +0000 X-IronPort-AV: E=Sophos;i="5.01,909,1400025600"; d="scan'208";a="71172768" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-8.cisco.com with ESMTP; 21 Aug 2014 12:30:41 +0000 Received: from cpp-rtpbld-55.cisco.com (cpp-rtpbld-55.cisco.com [172.18.5.199]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s7LCUft8026557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Aug 2014 12:30:41 GMT Received: from cpp-rtpbld-55.cisco.com (localhost.localdomain [127.0.0.1]) by cpp-rtpbld-55.cisco.com (8.13.8/8.13.8) with ESMTP id s7LCUeqB012524; Thu, 21 Aug 2014 08:30:41 -0400 Received: (from robking@localhost) by cpp-rtpbld-55.cisco.com (8.13.8/8.13.8/Submit) id s7LCUete012523; Thu, 21 Aug 2014 08:30:40 -0400 From: Robbie King To: lng-odp@lists.linaro.org Date: Thu, 21 Aug 2014 08:30:34 -0400 Message-Id: <1408624238-12430-10-git-send-email-robking@cisco.com> X-Mailer: git-send-email 1.9.2 In-Reply-To: <1408624238-12430-1-git-send-email-robking@cisco.com> References: <1408624238-12430-1-git-send-email-robking@cisco.com> X-Topics: patch Subject: [lng-odp] [PATCH 09/13] IPsec example SA DB X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: lng-odp-bounces@lists.linaro.org Sender: lng-odp-bounces@lists.linaro.org X-Original-Sender: robking@cisco.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 2607:f8b0:400c:c03::231 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org; dkim=fail header.i=@cisco.com Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Signed-off-by: Robbie King --- example/ipsec/odp_ipsec_sa_db.c | 162 +++++++++++++++++++++++++++++++++++++++ example/ipsec/odp_ipsec_sa_db.h | 77 ++++++++++++++++++ 2 files changed, 239 insertions(+), 0 deletions(-) create mode 100644 example/ipsec/odp_ipsec_sa_db.c create mode 100644 example/ipsec/odp_ipsec_sa_db.h diff --git a/example/ipsec/odp_ipsec_sa_db.c b/example/ipsec/odp_ipsec_sa_db.c new file mode 100644 index 0000000..f7c0f3c --- /dev/null +++ b/example/ipsec/odp_ipsec_sa_db.c @@ -0,0 +1,162 @@ +/* Copyright (c) 2014, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include + +#include +#include +#include + +#include + +/** Global pointer to sa db */ +static sa_db_t *sa_db; + +void init_sa_db(void) +{ + sa_db = odp_shm_reserve("shm_sa_db", + sizeof(sa_db_t), + ODP_CACHE_LINE_SIZE); + if (sa_db == NULL) { + ODP_ERR("Error: shared mem alloc failed.\n"); + exit(EXIT_FAILURE); + } + memset(sa_db, 0, sizeof(*sa_db)); +} + +int create_sa_db_entry(char *input, bool cipher) +{ + int pos; + char *local, *str, *save; + sa_db_entry_t *entry = &sa_db->array[sa_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= sa_db->index) + return -1; + + /* Make a local copy */ + local = malloc(strlen(input) + 1); + if (local == NULL) + return -1; + strcpy(local, input); + + /* Set cipher versus auth */ + entry->alg.cipher = cipher; + + /* count the number of tokens separated by ',' */ + for (str = local, save = NULL, pos = 0;; str = NULL, pos++) { + char *token = strtok_r(str, ":", &save); + + /* Check for no more tokens */ + if (token == NULL) + break; + + /* Parse based on postion */ + switch (pos) { + case 0: + parse_ipv4_string(token, &entry->src_ip, NULL); + break; + case 1: + parse_ipv4_string(token, &entry->dst_ip, NULL); + break; + case 2: + if (cipher) { + if (0 == strcmp(token, "3des")) { + entry->alg.u.cipher = + ODP_CIPHER_ALG_3DES_CBC; + entry->block_len = 8; + entry->iv_len = 8; + } else { + entry->alg.u.cipher = + ODP_CIPHER_ALG_NULL; + } + } else { + if (0 == strcmp(token, "md5")) { + entry->alg.u.auth = + ODP_AUTH_ALG_MD5_96; + entry->icv_len = 12; + } else { + entry->alg.u.auth = ODP_AUTH_ALG_NULL; + } + } + break; + case 3: + entry->spi = strtol(token, NULL, 16); + break; + case 4: + parse_key_string(token, + &entry->key, + &entry->alg); + break; + default: + return -1; + } + } + + /* Verify all positions filled */ + if (5 != pos) + return -1; + + /* Add route to the list */ + sa_db->index++; + entry->next = sa_db->list; + sa_db->list = entry; + + return 0; +} + +void dump_sa_db(void) +{ + sa_db_entry_t *entry; + + printf("\n" + "Security association table\n" + "--------------------------\n"); + + for (entry = sa_db->list; NULL != entry; entry = entry->next) { + uint32_t idx; + char src_ip_str[32]; + char dst_ip_str[32]; + uint8_t *p = entry->key.data; + + + printf(" %s %s %s %X %d ", + entry->alg.cipher ? "esp" : "ah ", + ipv4_addr_str(src_ip_str, entry->src_ip), + ipv4_addr_str(dst_ip_str, entry->dst_ip), + entry->spi, + entry->alg.cipher ? + (int)entry->alg.u.cipher : + (int)entry->alg.u.auth); + + /* Brute force key display */ + for (idx = 0; idx < entry->key.length; idx++) + printf("%02X", *p++); + + printf("\n"); + } +} + +sa_db_entry_t *find_sa_db_entry(ip_addr_range_t *src, + ip_addr_range_t *dst, + bool cipher) +{ + sa_db_entry_t *entry = NULL; + + /* Scan all entries and return first match */ + for (entry = sa_db->list; NULL != entry; entry = entry->next) { + if (cipher != entry->alg.cipher) + continue; + if (!match_ip_range(entry->src_ip, src)) + continue; + if (!match_ip_range(entry->dst_ip, dst)) + continue; + break; + } + return entry; +} + diff --git a/example/ipsec/odp_ipsec_sa_db.h b/example/ipsec/odp_ipsec_sa_db.h new file mode 100644 index 0000000..fa9180a --- /dev/null +++ b/example/ipsec/odp_ipsec_sa_db.h @@ -0,0 +1,77 @@ +/* Copyright (c) 2014, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_SA_DB_H_ +#define ODP_IPSEC_SA_DB_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/** + * Security Assocation (SA) data base entry + */ +typedef struct sa_db_entry_s { + struct sa_db_entry_s *next; /**< Next entry on list */ + uint32_t src_ip; /**< Source IPv4 address */ + uint32_t dst_ip; /**< Desitnation IPv4 address */ + uint32_t spi; /**< Security Parameter Index */ + ipsec_alg_t alg; /**< Cipher/auth algorithm */ + ipsec_key_t key; /**< Cipher/auth key */ + uint32_t block_len; /**< Cipher block length */ + uint32_t iv_len; /**< Initialization Vector length */ + uint32_t icv_len; /**< Integrity Check Value length */ +} sa_db_entry_t; + +/** + * Security Assocation (SA) data base global structure + */ +typedef struct sa_db_s { + uint32_t index; /**< Index of next available entry */ + sa_db_entry_t *list; /**< List of active entries */ + sa_db_entry_t array[MAX_DB]; /**< Entry storage */ +} sa_db_t; + +/** Initialize SA database global control structure */ +void init_sa_db(void); + +/** + * Create an SA DB entry + * + * String is of the format "SrcIP:DstIP:Alg:SPI:Key" + * + * @param input Pointer to string describing SA + * @param cipher TRUE if cipher else FALSE for auth + * + * @return 0 if successful else -1 + */ +int create_sa_db_entry(char *input, bool cipher); +/** + * Display the SA DB + */ +void dump_sa_db(void); + +/** + * Find a matching SA DB entry + * + * @param src Pointer to source subnet/range + * @param dst Pointer to destination subnet/range + * @param cipher TRUE if cipher else FALSE for auth + * + * @return pointer to SA DB entry else NULL + */ +sa_db_entry_t *find_sa_db_entry(ip_addr_range_t *src, + ip_addr_range_t *dst, + bool cipher); + +#ifdef __cplusplus +} +#endif + +#endif +