Skip to content

Commit f97a8ae

Browse files
philljjdanielinux
philljj
authored and
danielinux
committed
esp: esp_transport_wrap refactor, and test cleanup.
1 parent 664e9a0 commit f97a8ae

5 files changed

Lines changed: 58 additions & 83 deletions

File tree

Makefile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ CFLAGS+=-g -ggdb -Wdeclaration-after-statement
44
EXTRA_CFLAGS?=
55
CFLAGS+=$(EXTRA_CFLAGS)
66
LDFLAGS+=-pthread
7-
# additional debug flags:
7+
# debug flags:
8+
# CFLAGS+=-DDEBUG
89
# CFLAGS+=-DDEBUG_TAP
910
# CFLAGS+=-DDEBUG_ETH
1011
# CFLAGS+=-DDEBUG_IP

src/test/esp/esp_server.c

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -80,8 +80,8 @@ int main(int argc, char * argv[])
8080
}
8181

8282
switch (esp_mode) {
83-
#if defined(WOLFSSL_AESGCM_STREAM)
8483
case 0:
84+
#if defined(WOLFSSL_AESGCM_STREAM)
8585
err = wolfIP_esp_sa_new_gcm(1, in_sa_gcm, atoip4(HOST_STACK_IP),
8686
atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4106,
8787
in_enc_key, sizeof(in_enc_key));
@@ -91,8 +91,11 @@ int main(int argc, char * argv[])
9191
atoip4(HOST_STACK_IP), ESP_ENC_GCM_RFC4106,
9292
out_enc_key, sizeof(out_enc_key));
9393
if (err) { return err; }
94-
break;
94+
#else
95+
printf("error: gcm stream not built in\n");
96+
err = -1;
9597
#endif /* WOLFSSL_AESGCM_STREAM */
98+
break;
9699
case 1:
97100
err = wolfIP_esp_sa_new_cbc_hmac(1, in_sa_cbc, atoip4(HOST_STACK_IP),
98101
atoip4(WOLFIP_IP),
@@ -110,8 +113,8 @@ int main(int argc, char * argv[])
110113
ESP_ICVLEN_HMAC_128);
111114
if (err) { return err; }
112115
break;
113-
#ifndef NO_DES3
114116
case 2:
117+
#ifndef NO_DES3
115118
err = wolfIP_esp_sa_new_des3_hmac(1, in_sa_des3, atoip4(HOST_STACK_IP),
116119
atoip4(WOLFIP_IP),
117120
in_enc_key, ESP_AUTH_SHA256_RFC4868,
@@ -125,8 +128,11 @@ int main(int argc, char * argv[])
125128
out_auth_key, sizeof(out_auth_key),
126129
ESP_ICVLEN_HMAC_128);
127130
if (err) { return err; }
128-
break;
131+
#else
132+
printf("error: des3 not built in\n");
133+
err = -1;
129134
#endif /* !NO_DES3 */
135+
break;
130136
case 3:
131137
err = wolfIP_esp_sa_new_gcm(1, in_sa_gmac, atoip4(HOST_STACK_IP),
132138
atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4543,
@@ -143,6 +149,7 @@ int main(int argc, char * argv[])
143149
break;
144150
}
145151
}
152+
if (err) { return err; }
146153

147154
// Create a socket
148155
if ((server_fd = socket(AF_INET, type, 0)) < 0) {

src/test/esp/test_esp.c

Lines changed: 40 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -532,38 +532,10 @@ int main(int argc, char **argv)
532532
}
533533
}
534534

535-
wolfIP_init_static(&s);
536-
tapdev = wolfIP_getdev(s);
537-
if (!tapdev) {
538-
perror("wolfIP_getdev");
539-
return 1;
540-
}
541-
542-
inet_aton(HOST_STACK_IP, &host_stack_ip);
543-
if (tap_init(tapdev, "wtcp0", host_stack_ip.s_addr) < 0) {
544-
perror("tap init");
545-
return 2;
546-
}
547-
{
548-
#if !defined(__FreeBSD__) && !defined(__APPLE__)
549-
char cmd[128];
550-
snprintf(cmd, sizeof(cmd), "tcpdump -i %s -w test.pcap &",
551-
tapdev->ifname);
552-
system(cmd);
553-
#else
554-
(void)tapdev;
555-
#endif
556-
}
557-
558-
wolfIP_ipconfig_set(s, atoip4(WOLFIP_IP), atoip4("255.255.255.0"),
559-
atoip4(HOST_STACK_IP));
560-
printf("IP: manually configured\n");
561-
inet_pton(AF_INET, WOLFIP_IP, &srv_ip);
562-
563535
if (!disable_ipsec) {
564536
switch (mode) {
565-
#if defined(WOLFSSL_AESGCM_STREAM)
566537
case 0:
538+
#if defined(WOLFSSL_AESGCM_STREAM)
567539
err = wolfIP_esp_sa_new_gcm(1, in_sa_gcm, atoip4(HOST_STACK_IP),
568540
atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4106,
569541
in_enc_key, sizeof(in_enc_key));
@@ -573,8 +545,11 @@ int main(int argc, char **argv)
573545
atoip4(HOST_STACK_IP), ESP_ENC_GCM_RFC4106,
574546
out_enc_key, sizeof(out_enc_key));
575547
if (err) { return err; }
576-
break;
548+
#else
549+
printf("error: gcm stream not built in\n");
550+
err = -1;
577551
#endif /* WOLFSSL_AESGCM_STREAM */
552+
break;
578553
case 1:
579554
err = wolfIP_esp_sa_new_cbc_hmac(1, in_sa_cbc, atoip4(HOST_STACK_IP),
580555
atoip4(WOLFIP_IP),
@@ -592,8 +567,8 @@ int main(int argc, char **argv)
592567
ESP_ICVLEN_HMAC_128);
593568
if (err) { return err; }
594569
break;
595-
#ifndef NO_DES3
596570
case 2:
571+
#ifndef NO_DES3
597572
err = wolfIP_esp_sa_new_des3_hmac(1, in_sa_des3, atoip4(HOST_STACK_IP),
598573
atoip4(WOLFIP_IP),
599574
in_enc_key, ESP_AUTH_SHA256_RFC4868,
@@ -607,8 +582,11 @@ int main(int argc, char **argv)
607582
out_auth_key, sizeof(out_auth_key),
608583
ESP_ICVLEN_HMAC_128);
609584
if (err) { return err; }
610-
break;
585+
#else
586+
printf("error: des3 not built in\n");
587+
err = -1;
611588
#endif /* !NO_DES3 */
589+
break;
612590
case 3:
613591
err = wolfIP_esp_sa_new_gcm(1, in_sa_gmac, atoip4(HOST_STACK_IP),
614592
atoip4(WOLFIP_IP), ESP_ENC_GCM_RFC4543,
@@ -625,6 +603,36 @@ int main(int argc, char **argv)
625603
break;
626604
}
627605
}
606+
if (err) { return err; }
607+
608+
/* init wolfip now. */
609+
wolfIP_init_static(&s);
610+
tapdev = wolfIP_getdev(s);
611+
if (!tapdev) {
612+
perror("wolfIP_getdev");
613+
return 1;
614+
}
615+
616+
inet_aton(HOST_STACK_IP, &host_stack_ip);
617+
if (tap_init(tapdev, "wtcp0", host_stack_ip.s_addr) < 0) {
618+
perror("tap init");
619+
return 2;
620+
}
621+
{
622+
#if !defined(__FreeBSD__) && !defined(__APPLE__)
623+
char cmd[128];
624+
snprintf(cmd, sizeof(cmd), "tcpdump -i %s -w test.pcap &",
625+
tapdev->ifname);
626+
system(cmd);
627+
#else
628+
(void)tapdev;
629+
#endif
630+
}
631+
632+
wolfIP_ipconfig_set(s, atoip4(WOLFIP_IP), atoip4("255.255.255.0"),
633+
atoip4(HOST_STACK_IP));
634+
printf("IP: manually configured\n");
635+
inet_pton(AF_INET, WOLFIP_IP, &srv_ip);
628636

629637
/* Server side test */
630638
test_wolfip_echoserver(s, srv_ip);

src/test/unit/unit_esp.c

Lines changed: 0 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -937,13 +937,7 @@ static void do_roundtrip_cbc_hmac(uint8_t *enc_key, uint8_t enc_key_len,
937937
/* --- Wrap --- */
938938
ret = esp_transport_wrap(ip, &ip_len);
939939
ck_assert_int_eq(ret, 0);
940-
941-
/* esp_send normally fixes these up; we must do it manually. */
942940
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
943-
ip->proto = 0x32U; /* IP proto = ESP */
944-
ip->len = ee16(ip_len);
945-
ip->csum = 0U;
946-
iphdr_set_checksum(ip);
947941

948942
/* --- Unwrap --- */
949943
ret = esp_transport_unwrap(ip, &frame_len);
@@ -1047,12 +1041,7 @@ START_TEST(test_roundtrip_des3_sha256)
10471041

10481042
ret = esp_transport_wrap(ip, &ip_len);
10491043
ck_assert_int_eq(ret, 0);
1050-
10511044
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1052-
ip->proto = 0x32U;
1053-
ip->len = ee16(ip_len);
1054-
ip->csum = 0U;
1055-
iphdr_set_checksum(ip);
10561045

10571046
ret = esp_transport_unwrap(ip, &frame_len);
10581047
ck_assert_int_eq(ret, 0);
@@ -1099,12 +1088,7 @@ START_TEST(test_roundtrip_aes_gcm_rfc4106)
10991088

11001089
ret = esp_transport_wrap(ip, &ip_len);
11011090
ck_assert_int_eq(ret, 0);
1102-
11031091
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1104-
ip->proto = 0x32U;
1105-
ip->len = ee16(ip_len);
1106-
ip->csum = 0U;
1107-
iphdr_set_checksum(ip);
11081092

11091093
ret = esp_transport_unwrap(ip, &frame_len);
11101094
ck_assert_int_eq(ret, 0);
@@ -1149,12 +1133,7 @@ START_TEST(test_roundtrip_aes_gmac_rfc4543)
11491133

11501134
ret = esp_transport_wrap(ip, &ip_len);
11511135
ck_assert_int_eq(ret, 0);
1152-
11531136
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1154-
ip->proto = 0x32U;
1155-
ip->len = ee16(ip_len);
1156-
ip->csum = 0U;
1157-
iphdr_set_checksum(ip);
11581137

11591138
ret = esp_transport_unwrap(ip, &frame_len);
11601139
ck_assert_int_eq(ret, 0);
@@ -1204,12 +1183,7 @@ static void do_icv_tamper(void)
12041183

12051184
ret = esp_transport_wrap(ip, &ip_len);
12061185
ck_assert_int_eq(ret, 0);
1207-
12081186
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1209-
ip->proto = 0x32U;
1210-
ip->len = ee16(ip_len);
1211-
ip->csum = 0U;
1212-
iphdr_set_checksum(ip);
12131187

12141188
/* esp_len = ip_len - IP_HEADER_LEN. The ICV occupies the last
12151189
* ESP_ICVLEN_HMAC_128 (16) bytes of ip->data[0..esp_len-1]. */
@@ -1264,12 +1238,7 @@ START_TEST(test_ciphertext_tamper_cbc_sha256)
12641238

12651239
ret = esp_transport_wrap(ip, &ip_len);
12661240
ck_assert_int_eq(ret, 0);
1267-
12681241
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1269-
ip->proto = 0x32U;
1270-
ip->len = ee16(ip_len);
1271-
ip->csum = 0U;
1272-
iphdr_set_checksum(ip);
12731242

12741243
ip->data[ct_offset] ^= 0x01U; /* single bit flip in ciphertext */
12751244

@@ -1364,12 +1333,7 @@ START_TEST(test_ip_recv_esp_transport_delivers_udp_payload)
13641333

13651334
ret = esp_transport_wrap(ip, &ip_len);
13661335
ck_assert_int_eq(ret, 0);
1367-
13681336
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1369-
ip->proto = 0x32U;
1370-
ip->len = ee16(ip_len);
1371-
ip->csum = 0U;
1372-
iphdr_set_checksum(ip);
13731337

13741338
ip_recv(&s, 0, ip, frame_len);
13751339

@@ -1413,12 +1377,7 @@ START_TEST(test_ip_recv_esp_transport_unwrap_failure_drops_packet)
14131377

14141378
ret = esp_transport_wrap(ip, &ip_len);
14151379
ck_assert_int_eq(ret, 0);
1416-
14171380
frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
1418-
ip->proto = 0x32U;
1419-
ip->len = ee16(ip_len);
1420-
ip->csum = 0U;
1421-
iphdr_set_checksum(ip);
14221381

14231382
esp_len = frame_len - ETH_HEADER_LEN - IP_HEADER_LEN;
14241383
ip->data[esp_len - 1U] ^= 0xFFU;

src/wolfesp.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1694,6 +1694,11 @@ esp_transport_wrap(struct wolfIP_ip_packet *ip, uint16_t * ip_len)
16941694
wolfIP_print_esp(esp_sa, ip->data, payload_len, pad_len, ip->proto);
16951695
#endif /* DEBUG_ESP */
16961696

1697+
/* update len, set proto to ESP 0x32 (50), recalculate iphdr checksum. */
1698+
ip->len = ee16(*ip_len);
1699+
ip->proto = 0x32;
1700+
ip->csum = 0;
1701+
iphdr_set_checksum(ip);
16971702
return 0;
16981703
}
16991704

@@ -1739,11 +1744,6 @@ esp_send(struct wolfIP_ll_dev * ll_dev, const struct wolfIP_ip_packet *ip,
17391744
return esp_rc;
17401745
}
17411746

1742-
/* update len, set proto to ESP 0x32 (50), recalculate iphdr checksum. */
1743-
esp->len = ee16(ip_final_len);
1744-
esp->proto = 0x32;
1745-
esp->csum = 0;
1746-
iphdr_set_checksum(esp);
17471747
/* send it */
17481748
ll_dev->send(ll_dev, esp, ip_final_len + ETH_HEADER_LEN);
17491749
return 0;

0 commit comments

Comments
 (0)