Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
/*
* @author STF 276
* @version $Id$
* @desc This module specifies functions definitions
* based on the IPv6 meta message type.
*
*/
module LibIpv6_Interface_Functions {
//LibCommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
import from LibCommon_VerdictControl { type FncRetCode };
//LibIpv6
import from LibIpv6_Interface_TypesAndValues all;
import from LibIpv6_Interface_Templates all;
import from LibIpv6_ModuleParameters all;
import from LibIpv6_ExternalFunctions all;
import from LibIpv6_CommonRfcs_Functions all;
import from LibIpv6_CommonRfcs_TypesAndValues all;
import from LibIpv6_Rfc4306Ikev2_TypesAndValues all;
group rfc2460Root_Functions {
group ipv6Packets {
/*
* @desc This sends a General IPv6 packet
* from an IPv6 node to any NUT.
* A General IPv6 packet is used in the case where only Extension headers
* need to be sent.
* @remark Time limit is defined by module parameter PX_TAC (see comp type)
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendGeneralIpv6(template Ipv6Packet p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var Ipv6Packet v_ipPkt;
v_ipPkt := valueof(p_msg);
//calc payloadLen
v_ipPkt.ipv6Hdr.payloadLength := fx_payloadLength (v_ipPkt);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendGeneralIpv6: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendGeneralIpv6
group extHdrFns {
/*
* @desc This goes through the extension header list and calculates length, checksum
* and other specific functions of the different extension headers
* @param p_ipv6Packet IPv6 packet to be processed
* @return execution status
*/
function f_setExtensionHeaders( inout Ipv6Packet p_ipv6Packet)
runs on LibIpv6Node
return FncRetCode {
var FncRetCode v_ret := e_success;
var UInt8 i, j;
var UInt8 v_authHdrIndex := 0;
var UInt8 v_spi := 0;
var Ipv6Address v_pseudoSrcAddr := c_16ZeroBytes;
var Ipv6Address v_pseudoDstAddr := c_16ZeroBytes;
var boolean v_loop := true;
var Ipv6Packet v_innerIpv6Packet;
var Ipv6Packet v_tempIpv6Packet;
var Ipv6Packet v_activeIpv6Packet := p_ipv6Packet;
v_pseudoDstAddr := v_activeIpv6Packet.ipv6Hdr.destinationAddress;
v_pseudoSrcAddr := v_activeIpv6Packet.ipv6Hdr.sourceAddress;
//calc payloadLen of IPv6packet
if (v_activeIpv6Packet.ipv6Hdr.payloadLength == c_uInt16Zero ) {
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
}
// Browse the differents extension headers and search for specific fields to be computed
if (ispresent(v_activeIpv6Packet.extHdrList)) {
for (i:=0; v_loop and i<sizeof(v_activeIpv6Packet.extHdrList) ;i:=i+1) {
// Authentication Header has to be processed only when all the other fields are correct
// Only the first auth header will be processed
if (ischosen(v_activeIpv6Packet.extHdrList[i].authHeader) and v_authHdrIndex == 0) {
// Remember to process this auth header later
v_authHdrIndex := i;
}
// Process Home Address Destination Option, non-recursive
// Change the pseudo-source address
if (ischosen(v_activeIpv6Packet.extHdrList[i].destinationOptionHeader)) {
for (j:=0; j<sizeof(v_activeIpv6Packet.extHdrList[i].destinationOptionHeader.destOptionList);j:=j+1) {
if (ischosen(v_activeIpv6Packet.extHdrList[i].destinationOptionHeader.destOptionList[j].homeAddressOption)) {
v_pseudoSrcAddr := v_activeIpv6Packet.extHdrList[i].destinationOptionHeader.destOptionList[j].homeAddressOption.homeAddress;
}
}
}
// Proccess Routing Header Type 2, non-recursive
// Change the pseudo-destination address
else if (ischosen(v_activeIpv6Packet.extHdrList[i].routingHeader) and (v_activeIpv6Packet.extHdrList[i].routingHeader.routingType == c_routeHdrType2)) {
if (ischosen(v_activeIpv6Packet.extHdrList[i].routingHeader.routingHeaderData.rtHdrDataHomeAddress)) {
v_pseudoDstAddr := v_activeIpv6Packet.extHdrList[i].routingHeader.routingHeaderData.rtHdrDataHomeAddress;
}
}
// Process Mobile Header, non-recursive
// Compute Mip header length and checksum, and some other mip specific fields
// Update global packet's payload length
else if (ischosen(v_activeIpv6Packet.extHdrList[i].mobileHeader)) {
v_ret := f_setMobileHeader( v_activeIpv6Packet.ipv6Hdr.sourceAddress,
v_activeIpv6Packet.ipv6Hdr.destinationAddress,
v_pseudoSrcAddr,
v_pseudoDstAddr,
v_activeIpv6Packet.extHdrList[i].mobileHeader);
// update packet payloadLen
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
}
// Process Tunneled Header, recursive
// Recursively process the tunneled packet.
// Outter packet has to be updated once the recursion call returns
else if (ischosen(v_activeIpv6Packet.extHdrList[i].tunneledIpv6)) {
// extract inner packet
v_innerIpv6Packet.ipv6Hdr := v_activeIpv6Packet.extHdrList[i].tunneledIpv6;
for (j:=0; (i+j+1)<sizeof(v_activeIpv6Packet.extHdrList) ;j:=j+1) {
v_innerIpv6Packet.extHdrList[j] := v_activeIpv6Packet.extHdrList[i+1];
}
if (ispresent(v_activeIpv6Packet.ipv6Payload)) {
v_innerIpv6Packet.ipv6Payload := v_activeIpv6Packet.ipv6Payload;
}
// recursive call, inner packet can still contain other headers
f_setExtensionHeaders( v_innerIpv6Packet );
// include recursion results into the active packet
v_activeIpv6Packet.extHdrList[i].tunneledIpv6.payloadLength := v_innerIpv6Packet.ipv6Hdr.payloadLength;
if (ispresent(v_innerIpv6Packet.extHdrList)) {
for (j:=0; j<sizeof(v_innerIpv6Packet.extHdrList) ;j:=j+1) {
v_activeIpv6Packet.extHdrList[i+1] := v_innerIpv6Packet.extHdrList[j];
}
}
if (ispresent(v_innerIpv6Packet.ipv6Payload)) {
v_activeIpv6Packet.ipv6Payload := v_innerIpv6Packet.ipv6Payload;
}
// Update the active packet
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
// Stop processing extension headers :
// the remaining extension headers belong to the inner packet,
// and have already been processed by the recursive call
v_loop := false;
}
// Process ESP Header, recursive
// Build the orignal, ESP-less, inner packet and process it recursively
// Active packet has to be updated once the recursion call returns
else if (ischosen(v_activeIpv6Packet.extHdrList[i].espHeader)) {
var integer v_idx := -1;
if (f_getSaBySpi(vc_sad, v_activeIpv6Packet.extHdrList[i].espHeader.spi, v_idx) == e_error) {
return e_error;
}
// set IV if needed.
// Payload length may change.
if (vc_sad[v_idx].espEncryptionAlgo == e_encr_null) {
v_activeIpv6Packet.extHdrList[i].espHeader.espPayload.iv := omit;
}
else {
v_activeIpv6Packet.extHdrList[i].espHeader.espPayload.iv := vc_sad[v_idx].espIv;
//int2oct(128, f_getEncryptionIvLen(vc_sad[v_idx].espEncryptionAlgo));
}
v_ret := f_getOriginalIpv6Packet(
v_activeIpv6Packet,
v_activeIpv6Packet.extHdrList[i].espHeader,
v_innerIpv6Packet);
v_innerIpv6Packet.ipv6Hdr.destinationAddress := v_pseudoDstAddr;
v_innerIpv6Packet.ipv6Hdr.sourceAddress := v_pseudoSrcAddr;
if (v_ret == e_success) {
// recursive call, inner packet can still contain other headers
f_setExtensionHeaders( v_innerIpv6Packet );
// include recursion results into the active packet
if (ispresent(v_innerIpv6Packet.extHdrList)) {
v_activeIpv6Packet.extHdrList[i].espHeader.espPayload.espIpDatagram.extHdrList := v_innerIpv6Packet.extHdrList
}
if (ispresent(v_innerIpv6Packet.ipv6Payload)) {
v_activeIpv6Packet.extHdrList[i].espHeader.espPayload.espIpDatagram.ipv6Payload := v_innerIpv6Packet.ipv6Payload;
}
// Update the active packet
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
// Stop processing extension headers :
// the remaining extension headers belong to the inner packet,
// and have already been processed by the recursive call
v_loop := false;
}
}
}//end for
}
// all extension headers have been processed
// Is there still a payload to be processed and which has not been already processed in a recursive call?
if (v_loop==true and ispresent(v_activeIpv6Packet.ipv6Payload)) {
// IKE message specific processing
if(ischosen(v_activeIpv6Packet.ipv6Payload.ikeMsg)) {
if (vc_ikeSad[0].udpTnPort == c_udpPort4500) {
v_activeIpv6Packet.ipv6Payload.ikeMsg.padding := c_4ZeroBytes;
}
if(ischosen(v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted)) {
// set IV if needed.
if (f_getEncryptionIvLen(vc_ikeSad[0].ikeEncryptionAlgo) == 0) {
v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.iv := omit;
}
else {
if (ispresent(vc_ikeSad[0].ikeIv)) {
v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.iv := vc_ikeSad[0].ikeIv;
}
else {
log("**** Errro: no IV provided.****");
v_ret := e_error;
}
}
//Payload length
if(v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadLength == 0) {
v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadLength := fx_ikeEncPayloadLength(v_activeIpv6Packet);//.ipv6Payload.ikeMsg.payloadList[0].encrypted);
}
v_activeIpv6Packet.ipv6Payload.ikeMsg.ikev2Header.messageLength := c_ikev2HeaderLen + lengthof(fx_ikePayloadListToOct(v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList));
}
if(v_activeIpv6Packet.ipv6Payload.ikeMsg.msgLength == 0) {
//calc payloadLen of UDP msg
v_activeIpv6Packet.ipv6Payload.ikeMsg.msgLength := 8 + f_getLenPadding(v_activeIpv6Packet.ipv6Payload.ikeMsg)
//lengthof(fx_ikev2HeaderToOct(v_activeIpv6Packet.ipv6Payload.ikeMsg.ikev2Header))
//+ lengthof(fx_ikePayloadListToOct(v_activeIpv6Packet.ipv6Payload.ikeMsg.payloadList));
+ v_activeIpv6Packet.ipv6Payload.ikeMsg.ikev2Header.messageLength;
}
}
// Update the active packet
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
// Compute payload checksum (Icmpv6, UDP, ...)
v_ret := f_calcIpv6PayloadChecksum(v_pseudoSrcAddr, v_pseudoDstAddr, v_activeIpv6Packet.ipv6Payload);
}
// Proccess Authentication, non-recursive
// Compute ICV and ICV-Padding
if ( ispresent(v_activeIpv6Packet.extHdrList)
and v_authHdrIndex<sizeof(v_activeIpv6Packet.extHdrList)
and ischosen(v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader)) {
//Set Dummy ICV of correct length
var integer v_idx := -1;
if (f_getSaBySpi(vc_sad, v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.securityParametersIndex, v_idx) == e_error) {
return e_error;
}
if (vc_sad[v_idx].ahIcvLen == 0) {
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.icv := omit;
}
else {
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.icv := int2oct(0, vc_sad[v_idx].ahIcvLen);
}
// Check ICV padding
if (vc_sad[v_idx].ahIcvPadLen == 0) {
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.icvPadding := omit;
}
else {
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.icvPadding := int2oct(0, vc_sad[v_idx].ahIcvPadLen);
}
// Update AuthHeader payloadLen
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.payloadLen := (12 + vc_sad[v_idx].ahIcvLen
+ vc_sad[v_idx].ahIcvPadLen) / 4 - 2;
//Update IPv6 payload based on the calculated ICV + padding
v_activeIpv6Packet.ipv6Hdr.payloadLength := fx_payloadLength (v_activeIpv6Packet);
//compute icv
if (vc_sad[v_idx].ahIcvLen != 0) {
// work on a temporary copy in order to be able to zero mutable fields
v_tempIpv6Packet := v_activeIpv6Packet;
//zero mutable fields
v_tempIpv6Packet.ipv6Hdr.flowLabel := 0;
v_tempIpv6Packet.ipv6Hdr.hopLimit := 0;
// Compute ICV
v_activeIpv6Packet.extHdrList[v_authHdrIndex].authHeader.icv :=
fx_mac( vc_sad[v_idx].ahIntegrityAlgo , vc_sad[v_idx].ahIntegrityKey, fx_encodeMessage(v_tempIpv6Packet));
}
}
p_ipv6Packet := v_activeIpv6Packet;
return v_ret;
}//end f_setExtensionHeaders
}//end group extHdrFns
/*
* @desc Compute the payload checksum
* @param p_srcAddr Source address, needed to create pseudo header
* @param p_dstAddr Destination address, needed to create pseudo header
* @param p_ipv6Payload Payload used for computing checksum
* @return execution status
*/
function f_calcIpv6PayloadChecksum( in template Ipv6Address p_srcAddr,
in template Ipv6Address p_dstAddr,
inout Ipv6Payload p_ipv6Payload)
return FncRetCode {
if(ischosen(p_ipv6Payload.echoReplyMsg)) {
if(p_ipv6Payload.echoReplyMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.echoReplyMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.echoRequestMsg)) {
if(p_ipv6Payload.echoRequestMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.echoRequestMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.nbrAdvMsg)) {
if(p_ipv6Payload.nbrAdvMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.nbrAdvMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.nbrSolMsg)) {
if(p_ipv6Payload.nbrSolMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.nbrSolMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.routerAdvMsg)) {
if(p_ipv6Payload.routerAdvMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.routerAdvMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.routerSolMsg)) {
if(p_ipv6Payload.routerSolMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.routerSolMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.redirectMsg)) {
if(p_ipv6Payload.redirectMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.redirectMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.parameterProblemMsg)) {
if(p_ipv6Payload.parameterProblemMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.parameterProblemMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.timeExceededMsg)) {
if(p_ipv6Payload.timeExceededMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.timeExceededMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.packetTooBigMsg)) {
if(p_ipv6Payload.packetTooBigMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.packetTooBigMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.destinationUnreachableMsg)) {
if(p_ipv6Payload.destinationUnreachableMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.destinationUnreachableMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.mobileRouterAdvMsg)) {
if(p_ipv6Payload.mobileRouterAdvMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.mobileRouterAdvMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.homeAgentAddrDiscRequestMsg)) {
if(p_ipv6Payload.homeAgentAddrDiscRequestMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.homeAgentAddrDiscRequestMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.homeAgentAddrDiscReplyMsg)) {
if(p_ipv6Payload.homeAgentAddrDiscReplyMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.homeAgentAddrDiscReplyMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.mobilePrefixSolMsg)) {
if(p_ipv6Payload.mobilePrefixSolMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.mobilePrefixSolMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.mobilePrefixAdvMsg)) {
if(p_ipv6Payload.mobilePrefixAdvMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.mobilePrefixAdvMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.otherIcmpv6Msg)) {
if(p_ipv6Payload.otherIcmpv6Msg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.otherIcmpv6Msg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_icmpHdr);
}
}
else if(ischosen(p_ipv6Payload.ikeMsg)) {
if(p_ipv6Payload.ikeMsg.checksum == c_2ZeroBytes) {
//calc checksum
p_ipv6Payload.ikeMsg.checksum := fx_calcPayloadChecksum (p_srcAddr, p_dstAddr, p_ipv6Payload, c_udpHdr);
}
}
return e_success;
}//end f_calcIpv6PayloadChecksum
} //end group ipv6Packets
}//end group rfc2460Root_Functions
group rfc3775Mipv6_ExtHdrFunctions {
/*
* @desc This goes through the Mip header and calculates length, checksum
* and other specific functions of the different messages.
* This function is used when sending messages.
* @param p_srcAddr Packet Real Source Address
* @param p_dstAddr Packet Real Destination Address
* @param p_pseudoSrcAddr Packet Pseudo Source Address
* @param p_pseudoDstAddr Packet Pseudo Destination Address
* @param p_mobileHeader MobileHeader to be treated
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
* @return execution status
*/
function f_setMobileHeader( in Ipv6Address p_srcAddr,
in Ipv6Address p_dstAddr,
in Ipv6Address p_pseudoSrcAddr,
in Ipv6Address p_pseudoDstAddr,
inout MobileHeader p_mobileHeader)
runs on LibIpv6Node
return FncRetCode {
var MobileHeader v_mobileHeader := valueof(p_mobileHeader);
var Ipv6Address v_homeAddress := c_16ZeroBytes ;
if (ischosen(p_mobileHeader.mobileMessage.bindingUpdateMsg)) {//Authorization data is only needed for BU sent to CN=IUT
var UInt8 v_position := 0;
//Concept of including bindingAuthentication
// specifiy on template level all options
// 1) if authenticator == c_20ZeroBytes then value is calculated in f_setMobileHeader
// 2) if authenticator != c_20ZeroBytes then no value is calculated in f_setMobileHeader,
// because it's assumed that the correct value was set on template level
// 3) same applies to nonceIndex etc
// Process Nonce Indices
if (f_isPresentNonceIndicesInBU(p_mobileHeader.mobileMessage.bindingUpdateMsg, v_position) == e_success) {
// Fill Home Nonce Index only when set to c_uInt16Zero
if (p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileOptNonceIndices.homeNonceIndex == c_uInt16Zero ) {
if(vc_mobileSec.mnSimuParams.receivedHomeNonceIndex != c_uInt16Zero) {
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileOptNonceIndices.homeNonceIndex
:= vc_mobileSec.mnSimuParams.receivedHomeNonceIndex;
}
else {
log("f_setMobileHeader: Info: NonceIndices included in Binding Update, but mnSimuParams.receivedHomeNonceIndex not initialized");
}
}
// Fill Care-Of Nonce Index only when set to c_uInt16Zero
if (p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileOptNonceIndices.careOfNonceIndex == c_uInt16Zero) {
if(vc_mobileSec.mnSimuParams.receivedCareOfNonceIndex != c_uInt16Zero) {
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileOptNonceIndices.careOfNonceIndex
:= vc_mobileSec.mnSimuParams.receivedCareOfNonceIndex;
}
else {
log("f_setMobileHeader: Info: NonceIndices included in Binding Update, but mnSimuParams.receivedCareOfNonceIndex not initialized");
}
}
} // end Process Nonce Indices
if (f_isPresentBindingAuthorizationDataOptionInBU(p_mobileHeader.mobileMessage.bindingUpdateMsg, v_position) == e_success) {
if(vc_mobileSec.mnSimuParams.receivedHomeKeygenToken != c_64ZeroBits
and vc_mobileSec.mnSimuParams.receivedCareOfKeygenToken != c_64ZeroBits) {
// kbm is different if BU is sent for de-registration
if (p_mobileHeader.mobileMessage.bindingUpdateMsg.lifeTime != 0) {
vc_mobileSec.mnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.mnSimuParams.receivedHomeKeygenToken)
& bit2oct(vc_mobileSec.mnSimuParams.receivedCareOfKeygenToken));
}
else {
vc_mobileSec.mnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.mnSimuParams.receivedHomeKeygenToken));
}
//set Authenticator option with dummy Authenticator
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileBindingAuthorizationData := {
mobileOptType := 5,
mobileOptLen := 12,
authenticator := c_12ZeroBytes}
//calculate the mipHeaderLength over the dummy Authenticator
//modified by AMB to easily send packets with wrong mobileHdrLen
//calc mobileHeaderLen
if (p_mobileHeader.headerLen == c_uInt8Zero ) {
p_mobileHeader.headerLen := fx_mipHeaderLength(p_mobileHeader) ;
}
//set Authenticator to omit in order to calc the authenticator
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileBindingAuthorizationData.authenticator := omit;
// compute authenticator
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileBindingAuthorizationData.authenticator
:= fx_mac( e_auth_hmacSha1_96/*e_hmac_sha1_96*/, vc_mobileSec.mnSimuParams.kbm,
p_srcAddr //careOfaddr
& p_dstAddr //cnAddr
& fx_mipHdrToOct(p_mobileHeader) );
}
else {
log("f_setMobileHeader: Error: BindingAuthorizationDataOption included in Binding Update, but receivedHomeKeygenToken/receivedCareOfKeygenToken not initialized");
return e_error;
}
}
}
else if (ischosen(p_mobileHeader.mobileMessage.bindingAckMsg)) {
var UInt8 v_position := 0;
//Concept of including bindingAuthentication
// specifiy on template level all options
// 1) if authenticator == c_20ZeroBytes then value is calculated in f_setMobileHeader
// 2) if authenticator != c_20ZeroBytes then no value is calculated in f_setMobileHeader,
// because it's assumed that the correct value was set on template level
// 3) same applies to nonceIndex etc
// Process Nonce Indices
if (f_isPresentNonceIndicesInBA(p_mobileHeader.mobileMessage.bindingAckMsg, v_position) == e_success) {
// Fill Home Nonce Index only when set to c_uInt16Zero
if (p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileOptNonceIndices.homeNonceIndex == c_uInt16Zero ) {
if(vc_mobileSec.cnSimuParams.nonceIndex != c_uInt16Zero) {
p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileOptNonceIndices.homeNonceIndex
:= vc_mobileSec.cnSimuParams.nonceIndex;
}
else {
log("f_setMobileHeader: Info: NonceIndices included in Binding Ack, but cnSimuParams.nonceIndex not initialized");
}
}
// Fill Care-Of Nonce Index only when set to c_uInt16Zero
if (p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileOptNonceIndices.careOfNonceIndex == c_uInt16Zero) {
if(vc_mobileSec.cnSimuParams.nonceIndex != c_uInt16Zero) {
p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileOptNonceIndices.careOfNonceIndex
:= vc_mobileSec.cnSimuParams.nonceIndex;
}
else {
log("f_setMobileHeader: Info: NonceIndices included in Binding Ack, but cnSimuParams.nonceIndex not initialized");
}
}
} // end Process Nonce Indices
if (f_isPresentBindingAuthorizationDataOptionInBA(p_mobileHeader.mobileMessage.bindingAckMsg, v_position) == e_success) {
if(vc_mobileSec.cnSimuParams.homeKeygenToken != c_64ZeroBits
and vc_mobileSec.cnSimuParams.careOfKeygenToken != c_64ZeroBits) {
// kbm is different if BA is sent for de-registration
if (p_mobileHeader.mobileMessage.bindingAckMsg.lifeTime != 0) {
vc_mobileSec.cnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.cnSimuParams.homeKeygenToken)
& bit2oct(vc_mobileSec.cnSimuParams.careOfKeygenToken));
}
else {
vc_mobileSec.cnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.cnSimuParams.homeKeygenToken));
}
//set Authenticator option with dummy Authenticator
p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileBindingAuthorizationData := {
mobileOptType := 5,
mobileOptLen := 12,
authenticator := c_12ZeroBytes}
//calculate the mipHeaderLength over the dummy Authenticator
//modified by AMB to easily send packets with wrong mobileHdrLen
//calc mobileHeaderLen
if (p_mobileHeader.headerLen == c_uInt8Zero ) {
p_mobileHeader.headerLen := fx_mipHeaderLength(p_mobileHeader) ;
}
//set Authenticator to omit in order to calc the authenticator
p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileBindingAuthorizationData.authenticator := omit;
// compute authenticator
p_mobileHeader.mobileMessage.bindingAckMsg.mobileOptions[v_position].mobileBindingAuthorizationData.authenticator
:= fx_mac( e_auth_hmacSha1_96/*e_hmac_sha1_96*/, vc_mobileSec.cnSimuParams.kbm,
p_dstAddr //cnAddr /!\ inverted /!\
& p_srcAddr //careOfaddr /!\ for BA /!\
& fx_mipHdrToOct(p_mobileHeader) );
}
else {
log("f_setMobileHeader: Error: BindingAuthorizationDataOption included in Binding Ack, but HomeKeygenToken/CareOfKeygenToken not initialized");
return e_error;
}
}
}
// calc mobileHeaderLen only when set to c_uInt8Zero
if (p_mobileHeader.headerLen == c_uInt8Zero ) {
p_mobileHeader.headerLen := fx_mipHeaderLength(p_mobileHeader);
}
// calc mipChecksum only when set to c_2ZeroBytes
if (p_mobileHeader.checksum == c_2ZeroBytes) {
p_mobileHeader.checksum := fx_mipHeaderChecksum ( p_pseudoSrcAddr,
p_pseudoDstAddr,
p_mobileHeader);
}
return e_success;
}
/*
* @desc Checks that the Authenticator of a mobile message is correct
* @param p_srcAddr Source address of the received packet
* @param p_dstAddr Destination address of the received packet
* @param p_mobileHeader Mobile Header of the received packet
* @param p_receivedAuthenticator Received Authenticator to be compared with the computed value
* @return execution status
*/
function f_checkAuthenticator ( in Ipv6Address p_srcAddr,
in Ipv6Address p_dstAddr,
in MobileHeader p_mobileHeader,
in octetstring p_receivedAuthenticator)
runs on LibIpv6Node
return FncRetCode {
var UInt8 v_position := 0;
var octetstring v_computedAuthenticator;
if (f_isPresentBindingAuthorizationDataOptionInBU(p_mobileHeader.mobileMessage.bindingUpdateMsg, v_position) == e_success) {
p_mobileHeader.checksum := c_2ZeroBytes;
if (p_mobileHeader.mobileMessage.bindingUpdateMsg.lifeTime != 0) {
vc_mobileSec.cnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.cnSimuParams.homeKeygenToken)
& bit2oct(vc_mobileSec.cnSimuParams.careOfKeygenToken));
}
else {
vc_mobileSec.cnSimuParams.kbm := fx_mac( e_auth_sha1/*e_sha1*/, c_1ZeroByte,
bit2oct(vc_mobileSec.cnSimuParams.homeKeygenToken));
}
//set Authenticator option with dummy Authenticator
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileBindingAuthorizationData := {
mobileOptType := 5,
mobileOptLen := 12,
authenticator := c_12ZeroBytes}
//calculate the mipHeaderLength over the dummy Authenticator
p_mobileHeader.headerLen := fx_mipHeaderLength(p_mobileHeader) ;
//set Authenticator to omit in order to calc the authenticator
p_mobileHeader.mobileMessage.bindingUpdateMsg.mobileOptions[v_position].mobileBindingAuthorizationData.authenticator := omit;
v_computedAuthenticator := fx_mac( e_auth_hmacSha1_96/*e_hmac_sha1_96*/, vc_mobileSec.cnSimuParams.kbm,
p_srcAddr //careOfaddr
& p_dstAddr //cnAddr
& fx_mipHdrToOct(p_mobileHeader) );
if (p_receivedAuthenticator != v_computedAuthenticator) {
return e_error;
}
return e_success;
}
else {
log("f_checkAuthenticator: Error: This packet does not contain any Binding Update");
return e_error;
}
} //end function f_checkAuthenticator
/*
* @desc This goes through the BindingAck and
* checks if a NonceIndicesOption is present.
* @param p_bindingAck Binding Acknowledgement to be treated
* @param v_position Position of the NonceIndicesOption in the MobileOptionList
* @return execution status
*/
function f_isPresentNonceIndicesInBA( in BindingAckMsg p_bindingAck,
inout UInt8 v_position)
runs on LibIpv6Node
return FncRetCode {
var FncRetCode v_ret := e_error;
var UInt8 i;
//select ext hdrs that need special calculation
for (i:=0; i<sizeof(p_bindingAck.mobileOptions) and (v_ret != e_success); i:=i+1) {
if (ischosen(p_bindingAck.mobileOptions[i].mobileOptNonceIndices)) {
v_position := i;
v_ret := e_success;
}
}
return v_ret;
}//end function f_isPresentNonceIndicesInBA
/*
* @desc This goes through the BindingAck and
* checks if a AuthorizationDataOption is present.
* @param p_bindingAck Binding Acknowledgement to be treated
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
* @param v_position Position of the AuthorizationDataOption in the MobileOptionList
* @return execution status
*/
function f_isPresentBindingAuthorizationDataOptionInBA( in BindingAckMsg p_bindingAck,
inout UInt8 v_position)
runs on LibIpv6Node
return FncRetCode {
var FncRetCode v_ret := e_error;
var UInt8 i;
//select ext hdrs that need special calculation
for (i:=0; i<sizeof(p_bindingAck.mobileOptions) and (v_ret != e_success); i:=i+1) {
if (ischosen(p_bindingAck.mobileOptions[i].mobileBindingAuthorizationData)) {
v_position := i;
v_ret := e_success;
}
}
return v_ret;
}//end function f_isPresentBindingAuthorizationDataOptionInBA
/*
* @desc This goes through the BindingUpdate and
* checks if a NonceIndicesOption is present.
* @param p_bindingUpdate Binding Update to be treated
* @param v_position Position of the NonceIndicesOption in the MobileOptionList
* @return execution status
*/
function f_isPresentNonceIndicesInBU( in BindingUpdateMsg p_bindingUpdate,
inout UInt8 v_position)
runs on LibIpv6Node
return FncRetCode {
var FncRetCode v_ret := e_error;
var UInt8 i;
//select ext hdrs that need special calculation
for (i:=0; i<sizeof(p_bindingUpdate.mobileOptions) and (v_ret != e_success); i:=i+1) {
if (ischosen(p_bindingUpdate.mobileOptions[i].mobileOptNonceIndices)) {
v_position := i;
v_ret := e_success;
}
}
return v_ret;
}//end function f_isPresentNonceIndicesInBU
/*
* @desc This goes through the BindingUpdate and
* checks if a AuthorizationDataOption is present.
* @param p_bindingUpdate Binding Update to be treated
* @param v_position Position of the AuthorizationDataOption in the MobileOptionList
* @return execution status
*/
function f_isPresentBindingAuthorizationDataOptionInBU( in BindingUpdateMsg p_bindingUpdate,
inout UInt8 v_position)
runs on LibIpv6Node
return FncRetCode {
var FncRetCode v_ret := e_error;
var UInt8 i;
//select ext hdrs that need special calculation
for (i:=0; i<sizeof(p_bindingUpdate.mobileOptions) and (v_ret != e_success); i:=i+1) {
if (ischosen(p_bindingUpdate.mobileOptions[i].mobileBindingAuthorizationData)) {
v_position := i;
v_ret := e_success;
}
}
return v_ret;
}//end function f_isPresentBindingAuthorizationDataOptionInBU
/*
* @desc This sends a IPv6 packet with MipExtHdr - Binding Update
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendBu(template BindingUpdate p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var BindingUpdate v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendBu: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendBu
/*
* @desc This sends a IPv6 packet with MipExtHdr - Binding Acknowledgement
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendBa(template BindingAcknowledgement p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var BindingAcknowledgement v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendBa: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendBa
/*
* @desc This sends a IPv6 packet with MipExtHdr - Binding Error
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendBe(template BindingError p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var BindingError v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendBe: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendBe
/*
* @desc This sends a IPv6 packet with MipExtHdr - Binding Refresh Request
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendBr(template BindingRefreshRequest p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var BindingRefreshRequest v_ipPkt;
v_ipPkt := valueof(p_msg);
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendBr: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendBr
/*
* @desc This sends a IPv6 packet with MipExtHdr - Home Test
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendHot(template HomeTest p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var HomeTest v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendHot: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendHot
/*
* @desc This sends a IPv6 packet with MipExtHdr - Home Test Init
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendHoti(template HomeTestInit p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var HomeTestInit v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendHoti: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendHoti
/*
* @desc This sends a IPv6 packet with MipExtHdr - CareOfTestInit
* from an IPv6 node to any NUT.
*
* @remark
* @param p_msg MIPHeader to be sent
* @return execution status
*/
function f_sendCoti(template CareOfTestInit p_msg)
runs on LibIpv6Node
return FncRetCode {
//Variables
var CareOfTestInit v_ipPkt;
v_ipPkt := valueof(p_msg);
//set extensionHeaders
if(f_setExtensionHeaders( v_ipPkt ) != e_success) {
log(" **** f_sendCoti: Error when calculating length of extension headers ****");
return e_error;
}
//send
ipPort.send(v_ipPkt);
return e_success;
}//end f_sendCoti
/*
* @desc This sends a IPv6 packet with MipExtHdr - CareOfTest