Newer
Older
/*
* @desc This sends a IPv6 packet with MipExtHdr - CareOfTest
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendCot(template CareOfTest p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var CareOfTest v_ipPkt;
v_ipPkt := valueof(p_msg);
//calc payloadLen
v_ipPkt.ipv6Hdr.payloadLength := fx_payloadLength (v_ipPkt);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt,
v_ipPkt.ipv6Hdr.sourceAddress,
v_ipPkt.ipv6Hdr.destinationAddress) != e_success) {
log(" **** f_sendCoti: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendCot
/*
* @desc This sends a IPv6 packet with MipExtHdr - Fast Nbr Adv
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
tepelmann
committed
function f_sendFastNbrAdv(template FastNeighborAdvertisement p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
tepelmann
committed
var FastNeighborAdvertisement v_ipPkt;
//calc payloadLen
v_ipPkt.ipv6Hdr.payloadLength := fx_payloadLength (v_ipPkt);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt,
v_ipPkt.ipv6Hdr.sourceAddress,
v_ipPkt.ipv6Hdr.destinationAddress) != e_success) {
log(" **** f_sendFastNbrAdv: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendFastNbrAdv
}//end group rfc3775Mipv6_ExtHdrFunctions
group rfc4303Esp_ExtHdrFunctions {
// if( (f_getEncryptionIvLen(PX_ENCRYPTION_ALGO) != 0) and (f_getEncryptionIvLen(PX_ENCRYPTION_ALGO) != lengthof(PX_IV))) {
// v_ret := e_error;
// log("**** fx_setSecurityParameters: ERROR: Incorrect IV length for the selected encryption algorithm ****");
// }
berge
committed
if( f_checkEncryptionKeyLen(PX_ENCRYPTION_ALGO,lengthof(PX_ESP_ENCR_KEY)) != true) {
log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected encryption algorithm ****");
return e_error;
berge
committed
}
if( f_checkIntegrityKeyLen(PX_INTEGRITY_ALGO, lengthof(PX_INTEGRITY_KEY)) != true) {
log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected integrity algorithm ****");
return e_error;
berge
committed
}
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
// SAD-OUT
vc_sad[c_saOut] := {
spi := PX_SPI/*f_createSpi()*/,
seqNr := c_uInt32Zero,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
// SAD-IN
vc_sad[c_saIn] := {
spi := PX_SPI/*f_createSpi()*/,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
// SAD-OUT
vc_sad[c_saRrpOut] := {
spi := c_saRrpOut/*f_createSpi()*/,
seqNr := c_uInt32Zero,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
// SAD-IN
vc_sad[c_saRrpIn] := {
spi := c_saRrpIn/*f_createSpi()*/,
seqNr := c_uInt32Zero,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
// SAD-OUT
vc_sad[c_saCnOut] := {
spi := c_saCnOut/*f_createSpi()*/,
seqNr := c_uInt32Zero,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
// SAD-IN
vc_sad[c_saCnIn] := {
spi := c_saCnIn/*f_createSpi()*/,
seqNr := c_uInt32Zero,
// AH Integrity
ahIntegrityAlgo := PX_INTEGRITY_ALGO,
ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),
icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),
// ESP encryption
espEncryptionAlgo := PX_ENCRYPTION_ALGO,
espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,
// ESP integrity
espIntegrityAlgo := PX_INTEGRITY_ALGO,
espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,
// Combined mode
espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,
// Protocol mode
ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE
}
//TODO chose in function of PX_SPI the SAD to be used for testing
// v_ret := fx_setSecurityParameters(Sad:{vc_sad[c_saOut]});
v_ret := fx_setSecurityParameters(vc_sad);
if (v_ret != e_success) {log("f_init_ipSecParams: Error when setting security parameters");}
return v_ret;
function f_getIcvLen(IntegrityAlgo p_integrityAlgo)
runs on LibIpv6Node
return UInt8 {
if(p_integrityAlgo == e_sha1) {
return 20;
}
else if (p_integrityAlgo == e_hmac_sha1_64){
return 8;
}
else if(p_integrityAlgo == e_null) {
return 0;
}
return 12;
}
function f_getIcvPadLen(IntegrityAlgo p_integrityAlgo)
runs on LibIpv6Node
return UInt8 {
if(p_integrityAlgo == e_sha1) {
return 0;
}
else if (p_integrityAlgo == e_hmac_sha1_64){
return 4;
}
return 0;
}
berge
committed
//in units of octets
function f_checkIntegrityKeyLen(IntegrityAlgo p_integrityAlgo, UInt8 p_keyLen)
runs on LibIpv6Node
return boolean {
if((p_integrityAlgo == e_sha1) and (p_keyLen != 20)) {
return false;
}
else if ((p_integrityAlgo == e_sha1_96) and (p_keyLen != 20)){
return false;
}
berge
committed
else if ((p_integrityAlgo == e_hmac_sha1_64) and (p_keyLen != 20)){
return false;
}
else if ((p_integrityAlgo == e_hmac_sha1_96) and (p_keyLen != 20)){
return false;
}
berge
committed
else if((p_integrityAlgo == e_hmac_md5_96) and (p_keyLen != 16)) {
return false;
}
return true;
}
berge
committed
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
//in units of octets
function f_getEncryptionIvLen(EncryptionAlgo p_encryptionAlgo)
runs on LibIpv6Node
return UInt8 {
if(p_encryptionAlgo == e_tripleDes_cbc) {
return 8;
}
else if (p_encryptionAlgo == e_aes_cbc){
return 16;
}
else if(p_encryptionAlgo == e_aes_ctr) {
return 8;
}
else if(p_encryptionAlgo == e_des_cbc) {
return 8;
}
return 0;
}
//in units of octets
function f_checkEncryptionKeyLen(EncryptionAlgo p_encryptionAlgo, UInt8 p_keyLen)
runs on LibIpv6Node
return boolean {
if((p_encryptionAlgo == e_tripleDes_cbc) and (p_keyLen != 24)){
return false;
}
else if ((p_encryptionAlgo == e_aes_cbc) and ((p_keyLen < 0) or (p_keyLen > 32))){
berge
committed
return false;
}
else if((p_encryptionAlgo == e_aes_ctr)
and (p_keyLen != 20) and (p_keyLen != 28) and (p_keyLen != 36)){
return false;
}
else if((p_encryptionAlgo == e_des_cbc) and (p_keyLen != 8)){
return false;
}
return true;
}
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
/*
* @desc This generates Security Parameters Index
* @return Security Parameters Index
*/
function f_createSpi()
runs on LibIpv6Node
return UInt32 {
var Oct4 v_spi := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 4);
return oct2int(v_spi);
}//end f_createSpi
/*
* @desc This generates a secret key
* @return Secret key
*/
function f_createSecretKey()
runs on LibIpv6Node
return octetstring {
var Oct20 v_key := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 20);
return v_key;
}//end f_createSecretKey
/*
* @desc
* This function is used when sending messages.
* @param p_msg ExtensionHeaderList to be treated
* @return execution status
*/
function f_getOriginalIpv6Packet( in Ipv6Packet p_ipv6Packet,
in EspHeader p_espHeader,
out Ipv6Packet p_originalIpv6Packet)
runs on LibIpv6Node
return FncRetCode {
var UInt8 i;
var boolean v_loop := true;
if (not(ispresent(p_espHeader.espPayload.espIpDatagram.extHdrList))
and not(ispresent(p_espHeader.espPayload.espIpDatagram.ipv6Payload))) {
log("**** f_setEspHeader: EspHeader.espPayload.espIpDatagram received that does neither contain extHdrList not ipv6Payload => EspHeader is not constructed correctly ****") ;
return e_error;
}
//Build original packet
p_originalIpv6Packet.ipv6Hdr := p_ipv6Packet.ipv6Hdr;
if (ispresent(p_espHeader.espPayload.espIpDatagram.extHdrList)) {
p_originalIpv6Packet.extHdrList := p_espHeader.espPayload.espIpDatagram.extHdrList;
}
if (ispresent(p_espHeader.espPayload.espIpDatagram.ipv6Payload)) {
p_originalIpv6Packet.ipv6Payload := p_espHeader.espPayload.espIpDatagram.ipv6Payload;
}
// is a tunneledIpv6Hdr in the extHdrList? If yes, then it becomes the Ipv6Hdr of the original packet
if (ispresent(p_espHeader.espPayload.espIpDatagram.extHdrList)) {
for (i:=0; i<sizeof(p_espHeader.espPayload.espIpDatagram.extHdrList) and v_loop ;i:=i+1) {
if (ischosen(p_espHeader.espPayload.espIpDatagram.extHdrList[i].tunneledIpv6)) {
p_originalIpv6Packet.ipv6Hdr := p_espHeader.espPayload.espIpDatagram.extHdrList[i].tunneledIpv6;
v_loop := false;
}
else {
p_originalIpv6Packet.extHdrList[i] := p_espHeader.espPayload.espIpDatagram.extHdrList[i];
}
}
}
p_originalIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (p_originalIpv6Packet);
return e_success;
}//end f_setEspHeader
* This function is used when sending messages.
* @param p_msg ExtensionHeaderList to be treated
* @return execution status
*/
/* function f_setEspHeader( in Ipv6Packet p_ipv6Packet,
inout EspHeader p_espHeader)
runs on LibIpv6Node
return FncRetCode {
var Ipv6Header v_originalIpv6Hdr;
var EchoRequest v_originalEchoRequest;
var EchoReply v_originalEchoReply;
//treat MipHdr and other ext
if (ispresent(p_espHeader.espPayload.espIpDatagram.extHdrList)) {
}
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
if (ispresent(p_espHeader.espPayload.espIpDatagram.ipv6Payload)) {
if (ischosen(p_espHeader.espPayload.espIpDatagram.ipv6Payload.echoRequestMsg)) {
if (ischosen(p_espHeader.espPayload.espIpDatagram.extHdrList[0].tunneledIpv6)) {//tunnelMode
v_originalIpv6Hdr := p_espHeader.espPayload.espIpDatagram.extHdrList[0].tunneledIpv6;
}
else { //transportMode
v_originalIpv6Hdr := p_ipv6Packet.ipv6Hdr;
}
//build original packet
v_originalEchoRequest := {
ipv6Hdr := v_originalIpv6Hdr,
extHdrList := omit,
ipv6Payload := p_espHeader.espPayload.espIpDatagram.ipv6Payload
}
//calc checksum
if (v_originalEchoRequest.ipv6Payload.echoRequestMsg.checksum != c_2ZeroBytes) {
//calc checksum
v_originalEchoRequest.ipv6Payload.echoRequestMsg.checksum := fx_icmpv6Checksum(v_originalEchoRequest);
}
//assign checksum
p_espHeader.espPayload.espIpDatagram.ipv6Payload.echoRequestMsg.checksum := v_originalEchoRequest.ipv6Payload.echoRequestMsg.checksum;
}
else if (ischosen(p_espHeader.espPayload.espIpDatagram.ipv6Payload.echoReplyMsg)) {
if (ischosen(p_espHeader.espPayload.espIpDatagram.extHdrList[0].tunneledIpv6)) {//tunnelMode
v_originalIpv6Hdr := p_espHeader.espPayload.espIpDatagram.extHdrList[0].tunneledIpv6;
}
else { //transportMode
v_originalIpv6Hdr := p_ipv6Packet.ipv6Hdr;
}
//build original packet
v_originalEchoReply := {
ipv6Hdr := v_originalIpv6Hdr,
extHdrList := omit,
ipv6Payload := p_espHeader.espPayload.espIpDatagram.ipv6Payload
}
//calc checksum
if (v_originalEchoReply.ipv6Payload.echoReplyMsg.checksum != c_2ZeroBytes) {
//calc checksum
v_originalEchoReply.ipv6Payload.echoReplyMsg.checksum := fx_icmpv6Checksum(v_originalEchoReply);
}
//assign checksum
p_espHeader.espPayload.espIpDatagram.ipv6Payload.echoReplyMsg.checksum := v_originalEchoReply.ipv6Payload.echoReplyMsg.checksum;
}