Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +121 −88 Original line number Original line Diff line number Diff line Loading @@ -56,50 +56,6 @@ module LibIpv6_Rfc4306Ikev2_Functions { vc_ikeSad[c_saOut].proposalNr := 1;//smu not needed anymore delete vc_ikeSad[c_saOut].proposalNr := 1;//smu not needed anymore delete } // end f_fillIkeSaFromPIXIT SaProposal } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with PIXIT values */ function f_fillIkeSaFromPixit() runs on Ipv6Node { vc_ikeSad[0].spiInitiator := PX_IKE_SPI; // vc_ikeSad[0].spiResponder := ; fill from IKE Header vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with data from one Security Association proposal * @param p_SaProposal received SA proposal */ function f_fillIkeSaFromSaProposal(in SaProposal p_SaProposal) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; // vc_ikeSad[0].spiInitiator := ; fill from IKE Header vc_ikeSad[0].spiResponder := PX_IKE_SPI; vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; v_ret := e_success ; return v_ret; } // end f_fillIkeSaFromSaProposal } // end group fillIkeSa } // end group fillIkeSa group handlePayloads group handlePayloads Loading Loading @@ -384,45 +340,6 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_getTransformOfType } // end f_getTransformOfType /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfTypeAndCheck(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfTypeAndCheck /* /* * @desc Finds one transform from a list of transforms * @desc Finds one transform from a list of transforms * @param p_numberOfTransforms number of transforms in list * @param p_numberOfTransforms number of transforms in list Loading Loading @@ -506,7 +423,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } // get Key exchange payload data // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); Loading @@ -518,7 +435,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayload.keyExchange.data); v_ikePayload.keyExchange.data); } } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } // get Security Association payload proposal data // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); Loading @@ -531,7 +448,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } // store pseudo random function // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, Loading @@ -539,7 +456,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } // store integrity algorithm // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, Loading @@ -547,7 +464,17 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } } } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } Loading @@ -565,6 +492,112 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; return v_ret; } //end f_waitForIkeSaInitreq } //end f_waitForIkeSaInitreq /* * @desc Test Node waits for IKE_AUTH request * @param p_src address of IUT * @param p_dst address of test node */ function f_waitForIkeAuthreq( in template Ipv6Address p_src, in template Ipv6Address p_dst) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // transform var SaTransform v_saTransform; tc_wait.start; alt { [] ipPort.receive(mw_ikeAuthReq( p_src, p_dst, mw_encryptedPLL(mw_ikeAuthReqPLL))) -> value v_ipv6Packet { tc_wait.stop; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, PX_IKE_DIFFIEHELLMAN_PRIVKEY, v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForIkeSaInitreq: ERROR: tc_wait.timeout **** "); return v_ret; } } // end alt return v_ret; } //end f_waitForIkeAuthreq } // end group receiveRequests } // end group receiveRequests group receiveResponses group receiveResponses Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +592 −485 Original line number Original line Diff line number Diff line Loading @@ -173,6 +173,37 @@ group ikeAuthRequestTemplates { group ikeAuthRequestTemplates { template IkeAuthRequest mw_ikeAuthReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_udpHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header ikev2Header := { initiatorSpi := ?, responderSpi := c_zeroResponderSpi, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeAuth, twoXFlags := ?, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := ?, messageID := c_uInt32Zero, messageLength := ? }, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeAuthRequest m_ikeAuthReq ( template Ipv6Address p_src, template IkeAuthRequest m_ikeAuthReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template Ipv6Address p_dst, Loading Loading @@ -214,18 +245,24 @@ } } } } }//end group ikeAuthRequestTemplates }//end group payLoadListTemplates group ikeSaInitRequestPayloadListTemplates { group payLoadListTemplates { template IkePayloadList mw_ikeSaInitReqPLL := template IkePayloadList mw_ikeSaInitReqPLL := superset ( mw_securityAssociationPL, mw_noncePL, mw_keyExchangePL); superset ( mw_securityAssociationIkePL, mw_noncePL, mw_keyExchangePL); template IkePayloadList mw_encryptedPLL(template IkePayloadList p_ikepayloads) := { mw_encryptedPL(p_ikepayloads) }; }//end group ikeSaInitRequestPayloadListTemplates template IkePayloadList mw_ikeAuthReqPLL := superset ( mw_securityAssociationPL, mw_identificationPL, mw_trafficSelectorPL, mw_trafficSelectorPL, mw_authPL); }//end group payLoadListTemplates group ikeSecurityAssociationPayloadTemplates { group ikeSecurityAssociationPayloadTemplates { template IkePayload mw_securityAssociationPL := { template IkePayload mw_securityAssociationIkePL := { securityAssociation := { securityAssociation := { nextPayload := ?, nextPayload := ?, criticalFlag := 0, criticalFlag := 0, Loading @@ -235,6 +272,16 @@ } } } } template IkePayload mw_securityAssociationPL := { securityAssociation := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, saProposalList := superset(mw_saProposal) } } template IkePayload m_securityAssociationPL (UInt8 p_nextPayload, template IkePayload m_securityAssociationPL (UInt8 p_nextPayload, template SaProposal p_saProposal) := { template SaProposal p_saProposal) := { securityAssociation := { securityAssociation := { Loading Loading @@ -282,7 +329,17 @@ saTransformList := ? saTransformList := ? } } template SaProposal mw_saProposal := { lastProposal := ?, reserved := ?, proposalLength := ?, proposalNumber := ?, protocolId := (c_protocolAh,c_protocolEsp), spiSize := 4, numberOfTransforms := ?, spi := ?, saTransformList := ? } }//end group IkeRfc4306SaProposalTemplates }//end group IkeRfc4306SaProposalTemplates Loading Loading @@ -481,6 +538,18 @@ group payloadTemplates { group identificationPLTmplts { group identificationPLTmplts { template IkePayload mw_identificationPL := { idInitiator := { nextPayload := ?, criticalFlag := ?, reserved1 := ?, payloadLength := ?, idType := c_identificationIpv6Addr, reserved2 := ?, data := ? } } template IkePayload m_idInitiatorPL( template IkePayload m_idInitiatorPL( UInt8 p_nextPayload, UInt8 p_nextPayload, template octetstring p_data) := { template octetstring p_data) := { Loading @@ -499,6 +568,18 @@ group payloadTemplates { group authPLTmplts { group authPLTmplts { template IkePayload mw_authPL := { authentication := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, authMethod := ?, reserved2 := ?, data := ? } } template IkePayload m_authPL( template IkePayload m_authPL( UInt8 p_nextPayload, UInt8 p_nextPayload, octetstring p_data) := { octetstring p_data) := { Loading @@ -517,6 +598,18 @@ group payloadTemplates { group trafficSelectionPLTmplts { group trafficSelectionPLTmplts { template IkePayload mw_trafficSelectorPL := { tsInitiator := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, numberOfTs := ?, reserved2 := ?, trafficSelectorList := ? } } template IkePayload m_tsInitiatorPL( template IkePayload m_tsInitiatorPL( UInt8 p_nextPayload, UInt8 p_nextPayload, template TrafficSelectorList p_trafficSelectorList) := { template TrafficSelectorList p_trafficSelectorList) := { Loading Loading @@ -558,6 +651,20 @@ group trafficSelectionPLTmplts { group encrPLTmplts { group encrPLTmplts { template IkePayload mw_encryptedPL (template IkePayloadList p_payloadList) := { encrypted:= { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, iv := ?, payloadList := p_payloadList, padding := ?, padLength := ?, integrityChecksumData := ? } } template IkePayload m_encryptedPL ( template IkePayload m_encryptedPL ( UInt8 p_nextPayload, UInt8 p_nextPayload, template IkePayloadList p_payloadList template IkePayloadList p_payloadList Loading Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +121 −88 Original line number Original line Diff line number Diff line Loading @@ -56,50 +56,6 @@ module LibIpv6_Rfc4306Ikev2_Functions { vc_ikeSad[c_saOut].proposalNr := 1;//smu not needed anymore delete vc_ikeSad[c_saOut].proposalNr := 1;//smu not needed anymore delete } // end f_fillIkeSaFromPIXIT SaProposal } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with PIXIT values */ function f_fillIkeSaFromPixit() runs on Ipv6Node { vc_ikeSad[0].spiInitiator := PX_IKE_SPI; // vc_ikeSad[0].spiResponder := ; fill from IKE Header vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with data from one Security Association proposal * @param p_SaProposal received SA proposal */ function f_fillIkeSaFromSaProposal(in SaProposal p_SaProposal) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; // vc_ikeSad[0].spiInitiator := ; fill from IKE Header vc_ikeSad[0].spiResponder := PX_IKE_SPI; vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; v_ret := e_success ; return v_ret; } // end f_fillIkeSaFromSaProposal } // end group fillIkeSa } // end group fillIkeSa group handlePayloads group handlePayloads Loading Loading @@ -384,45 +340,6 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_getTransformOfType } // end f_getTransformOfType /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfTypeAndCheck(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfTypeAndCheck /* /* * @desc Finds one transform from a list of transforms * @desc Finds one transform from a list of transforms * @param p_numberOfTransforms number of transforms in list * @param p_numberOfTransforms number of transforms in list Loading Loading @@ -506,7 +423,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } // get Key exchange payload data // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); Loading @@ -518,7 +435,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayload.keyExchange.data); v_ikePayload.keyExchange.data); } } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } // get Security Association payload proposal data // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); Loading @@ -531,7 +448,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } // store pseudo random function // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, Loading @@ -539,7 +456,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } // store integrity algorithm // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, Loading @@ -547,7 +464,17 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_ret == e_success) if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } } } else else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } Loading @@ -565,6 +492,112 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; return v_ret; } //end f_waitForIkeSaInitreq } //end f_waitForIkeSaInitreq /* * @desc Test Node waits for IKE_AUTH request * @param p_src address of IUT * @param p_dst address of test node */ function f_waitForIkeAuthreq( in template Ipv6Address p_src, in template Ipv6Address p_dst) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // transform var SaTransform v_saTransform; tc_wait.start; alt { [] ipPort.receive(mw_ikeAuthReq( p_src, p_dst, mw_encryptedPLL(mw_ikeAuthReqPLL))) -> value v_ipv6Packet { tc_wait.stop; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, PX_IKE_DIFFIEHELLMAN_PRIVKEY, v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForIkeSaInitreq: ERROR: tc_wait.timeout **** "); return v_ret; } } // end alt return v_ret; } //end f_waitForIkeAuthreq } // end group receiveRequests } // end group receiveRequests group receiveResponses group receiveResponses Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +592 −485 Original line number Original line Diff line number Diff line Loading @@ -173,6 +173,37 @@ group ikeAuthRequestTemplates { group ikeAuthRequestTemplates { template IkeAuthRequest mw_ikeAuthReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_udpHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header ikev2Header := { initiatorSpi := ?, responderSpi := c_zeroResponderSpi, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeAuth, twoXFlags := ?, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := ?, messageID := c_uInt32Zero, messageLength := ? }, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeAuthRequest m_ikeAuthReq ( template Ipv6Address p_src, template IkeAuthRequest m_ikeAuthReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template Ipv6Address p_dst, Loading Loading @@ -214,18 +245,24 @@ } } } } }//end group ikeAuthRequestTemplates }//end group payLoadListTemplates group ikeSaInitRequestPayloadListTemplates { group payLoadListTemplates { template IkePayloadList mw_ikeSaInitReqPLL := template IkePayloadList mw_ikeSaInitReqPLL := superset ( mw_securityAssociationPL, mw_noncePL, mw_keyExchangePL); superset ( mw_securityAssociationIkePL, mw_noncePL, mw_keyExchangePL); template IkePayloadList mw_encryptedPLL(template IkePayloadList p_ikepayloads) := { mw_encryptedPL(p_ikepayloads) }; }//end group ikeSaInitRequestPayloadListTemplates template IkePayloadList mw_ikeAuthReqPLL := superset ( mw_securityAssociationPL, mw_identificationPL, mw_trafficSelectorPL, mw_trafficSelectorPL, mw_authPL); }//end group payLoadListTemplates group ikeSecurityAssociationPayloadTemplates { group ikeSecurityAssociationPayloadTemplates { template IkePayload mw_securityAssociationPL := { template IkePayload mw_securityAssociationIkePL := { securityAssociation := { securityAssociation := { nextPayload := ?, nextPayload := ?, criticalFlag := 0, criticalFlag := 0, Loading @@ -235,6 +272,16 @@ } } } } template IkePayload mw_securityAssociationPL := { securityAssociation := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, saProposalList := superset(mw_saProposal) } } template IkePayload m_securityAssociationPL (UInt8 p_nextPayload, template IkePayload m_securityAssociationPL (UInt8 p_nextPayload, template SaProposal p_saProposal) := { template SaProposal p_saProposal) := { securityAssociation := { securityAssociation := { Loading Loading @@ -282,7 +329,17 @@ saTransformList := ? saTransformList := ? } } template SaProposal mw_saProposal := { lastProposal := ?, reserved := ?, proposalLength := ?, proposalNumber := ?, protocolId := (c_protocolAh,c_protocolEsp), spiSize := 4, numberOfTransforms := ?, spi := ?, saTransformList := ? } }//end group IkeRfc4306SaProposalTemplates }//end group IkeRfc4306SaProposalTemplates Loading Loading @@ -481,6 +538,18 @@ group payloadTemplates { group identificationPLTmplts { group identificationPLTmplts { template IkePayload mw_identificationPL := { idInitiator := { nextPayload := ?, criticalFlag := ?, reserved1 := ?, payloadLength := ?, idType := c_identificationIpv6Addr, reserved2 := ?, data := ? } } template IkePayload m_idInitiatorPL( template IkePayload m_idInitiatorPL( UInt8 p_nextPayload, UInt8 p_nextPayload, template octetstring p_data) := { template octetstring p_data) := { Loading @@ -499,6 +568,18 @@ group payloadTemplates { group authPLTmplts { group authPLTmplts { template IkePayload mw_authPL := { authentication := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, authMethod := ?, reserved2 := ?, data := ? } } template IkePayload m_authPL( template IkePayload m_authPL( UInt8 p_nextPayload, UInt8 p_nextPayload, octetstring p_data) := { octetstring p_data) := { Loading @@ -517,6 +598,18 @@ group payloadTemplates { group trafficSelectionPLTmplts { group trafficSelectionPLTmplts { template IkePayload mw_trafficSelectorPL := { tsInitiator := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, numberOfTs := ?, reserved2 := ?, trafficSelectorList := ? } } template IkePayload m_tsInitiatorPL( template IkePayload m_tsInitiatorPL( UInt8 p_nextPayload, UInt8 p_nextPayload, template TrafficSelectorList p_trafficSelectorList) := { template TrafficSelectorList p_trafficSelectorList) := { Loading Loading @@ -558,6 +651,20 @@ group trafficSelectionPLTmplts { group encrPLTmplts { group encrPLTmplts { template IkePayload mw_encryptedPL (template IkePayloadList p_payloadList) := { encrypted:= { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, iv := ?, payloadList := p_payloadList, padding := ?, padLength := ?, integrityChecksumData := ? } } template IkePayload m_encryptedPL ( template IkePayload m_encryptedPL ( UInt8 p_nextPayload, UInt8 p_nextPayload, template IkePayloadList p_payloadList template IkePayloadList p_payloadList Loading
