latest changes committed

	import from LibIpv6_ModuleParameters all ;

	import from LibIpv6_CommonRfcs_TypesAndValues all;

	import from LibIpv6_CommonRfcs_Templates all;

	import from LibIpv6_Rfc4306Ikev2_TypesAndValues all;

	group calcPrefixFns {

	}//end function f_isPresentBindingRefreshAdviceOption

group ipSecFns {

	//in units of octets

	function f_getIcvLen(IntegrityAlgo p_integrityAlgo)

	runs on LibIpv6Node

	return UInt8 {

		if(p_integrityAlgo == e_sha1) {

			return 20;

		}

		else if (p_integrityAlgo == e_hmac_sha1_64){

			return 8;

		}

		else if(p_integrityAlgo == e_null) {

			return 0;	

		}

		return 12;

	}

	//in units of octets

	function f_getIcvPadLen(IntegrityAlgo p_integrityAlgo)

	runs on LibIpv6Node

	return UInt8 {

		if(p_integrityAlgo == e_sha1) {

			return 0;

		}

		else if (p_integrityAlgo == e_hmac_sha1_64){

			return 4;

		}

		else if(p_integrityAlgo == e_null) {

			//ICV is omit, but padding is needed

			return 4;	

		}

		return 0;

	}

	//in units of octets

	function f_checkIntegrityKeyLen(IntegrityAlgo p_integrityAlgo, UInt8 p_keyLen)

	runs on LibIpv6Node

	return boolean {

		if((p_integrityAlgo == e_sha1) and (p_keyLen != 20)) {

			return false;

		}

		else if ((p_integrityAlgo == e_sha1_96) and (p_keyLen != 20)){

			return false;

		}

		else if ((p_integrityAlgo == e_hmac_sha1_64) and (p_keyLen != 20)){

			return false;

		}

		else if ((p_integrityAlgo == e_hmac_sha1_96) and (p_keyLen != 20)){

			return false;

		}

		else if((p_integrityAlgo == e_hmac_md5_96) and (p_keyLen != 16)) {

			return false;	

		}

		return true;

	}

	//in units of octets

	function f_getEncryptionIvLen(EncryptionAlgo p_encryptionAlgo)

	runs on LibIpv6Node

	return UInt8 {

		if(p_encryptionAlgo == e_tripleDes_cbc) {

			return 8;

		}

		else if (p_encryptionAlgo == e_aes_cbc){

			return 16;

		}

		else if(p_encryptionAlgo == e_aes_ctr) {

			return 8;	

		}

		else if(p_encryptionAlgo == e_des_cbc) {

			return 8;	

		}

		return 0;

	}

	//in units of octets

	function f_checkEncryptionKeyLen(EncryptionAlgo p_encryptionAlgo, UInt8 p_keyLen)

	runs on LibIpv6Node

	return boolean {

		if((p_encryptionAlgo == e_tripleDes_cbc) and (p_keyLen != 24)){

			return false;

		}

		else if ((p_encryptionAlgo == e_aes_cbc) and ((p_keyLen < 0) or (p_keyLen > 32))){

			return false;

		}

		else if((p_encryptionAlgo == e_aes_ctr) 

				and (p_keyLen != 20) and (p_keyLen != 28) and (p_keyLen != 36)){

			return false;	

		}

		else if((p_encryptionAlgo == e_des_cbc) and (p_keyLen != 8)){

			return false;	

		}

		return true;

	}

	/*

	 * @desc 	This generates Security Parameters Index

	 * @return 	Security Parameters Index

	*/

	function f_createSpi()

	runs on LibIpv6Node

	return UInt32 {

		var Oct4 v_spi := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 4);

		return oct2int(v_spi);

	}//end f_createSpi

	/*

	 * @desc 	This generates a secret key

	 * @return 	Secret key

	*/

	function f_createSecretKey()

	runs on LibIpv6Node

	return octetstring {

		var Oct20 v_key := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 20);

		return v_key;

	}//end f_createSecretKey

	function f_init_ipSecParams()

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret := e_error;

		//IKE

		//smu 2007 to do once alogs are aligned 

//		if( f_checkEncryptionKeyLen(PX_IKE_ENCALGO,lengthof(PX_IKE_ENC_KEY)) != true) {

//			log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected encryption algorithm ****");

//			return e_error;

//		}

//		if( f_checkIntegrityKeyLen(PX_INTEGRITY_ALGO, lengthof(PX_INTEGRITY_KEY)) != true) {

//			log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected integrity algorithm ****");

//			return e_error;

//		}

		//smu 2007 add check for prf

		vc_ikeSad[c_saOut] := {

			spiInitiator := PX_IKE_SPI,

			spiResponder := PX_IKE_SPI,

			messageID := 0,

			ikeEncryptionAlgo := PX_IKE_ENCALGO,

			ikeEncryptionKey := PX_IKE_ENC_KEY,

			ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT,

			ikeIntegrityAlgo := PX_IKE_INTALGO,

			ikeIntegrityKey := PX_IKE_INT_KEY,

			diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP,

			diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY,

			diffieHellmanSharedSecret := '00'O,

			sevenSecrets := omit,

			nI := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16),

			nR := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16),

			proposalNr := 1,//smu not needed anymore delete

			udpSourcePort := PX_UDP_PORT_IUT_1,

			udpDestPort := PX_UDP_PORT_HS02

		}

		vc_ikeSad[c_saIn] := {

			spiInitiator := PX_IKE_SPI,

			spiResponder := PX_IKE_SPI,

			messageID := 0,

			ikeEncryptionAlgo := PX_IKE_ENCALGO,

			ikeEncryptionKey := PX_IKE_ENC_KEY,

			ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT,

			ikeIntegrityAlgo := PX_IKE_INTALGO,

			ikeIntegrityKey := PX_IKE_INT_KEY,

			diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP,

			diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY,

			diffieHellmanSharedSecret := '00'O,

			sevenSecrets := omit,

			nI := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16),

			nR := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16),

			proposalNr := 1,//smu not needed anymore delete

			udpSourcePort := PX_UDP_PORT_HS02,

			udpDestPort := PX_UDP_PORT_IUT_1

		}

		//ESP - AH

		if( f_checkEncryptionKeyLen(PX_ENCRYPTION_ALGO,lengthof(PX_ESP_ENCR_KEY)) != true) {

			log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected encryption algorithm ****");

			return e_error;

		}

		if( f_checkIntegrityKeyLen(PX_INTEGRITY_ALGO, lengthof(PX_INTEGRITY_KEY)) != true) {

			log("**** f_init_ipSecParams: ERROR: Incorrect key length for the selected integrity algorithm ****");

			return e_error;

		}

		// SAD-OUT

		vc_sad[c_saOut] := {

			spi := PX_SPI/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		// SAD-IN

		vc_sad[c_saIn] := {

			spi := PX_SPI/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		// SAD-OUT

		vc_sad[c_saRrpOut] := {

			spi := c_saRrpOut/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		// SAD-IN

		vc_sad[c_saRrpIn] := {

			spi := c_saRrpIn/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		// SAD-OUT

		vc_sad[c_saCnOut] := {

			spi := c_saCnOut/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		// SAD-IN

		vc_sad[c_saCnIn] := {

			spi := c_saCnIn/*f_createSpi()*/,

			seqNr := c_uInt32Zero,

			// AH Integrity

			ahIntegrityAlgo := PX_INTEGRITY_ALGO,

			ahIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			icvLen := f_getIcvLen(PX_INTEGRITY_ALGO),

			icvPadLen := f_getIcvPadLen(PX_INTEGRITY_ALGO),

			// ESP encryption

			espEncryptionAlgo := PX_ENCRYPTION_ALGO,

			espEncryptionKey := PX_ESP_ENCR_KEY/*f_createSecretKey()*/,

			// ESP integrity

			espIntegrityAlgo := PX_INTEGRITY_ALGO,

			espIntegrityKey := PX_INTEGRITY_KEY/*f_createSecretKey()*/,

			// Combined mode

			espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,

			espCombinedModeKey := PX_COMBINED_MODE_KEY/*f_createSecretKey()*/,

			// Protocol mode

			ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE

		}

		return v_ret;

	}//end f_init_ipSecParams

	group fillIkeSa

	{

	/*

	 * @desc  Fills IkeSa with PIXIT values

	*/

	function f_initIkeSa()

	runs on LibIpv6Node

	{

		vc_ikeSad[c_saOut].spiInitiator := PX_IKE_SPI; 

		vc_ikeSad[0].spiResponder := PX_IKE_SPI;

		vc_ikeSad[c_saOut].messageID := 0; 

		vc_ikeSad[c_saOut].ikeEncryptionAlgo := PX_IKE_ENCALGO; 

		vc_ikeSad[c_saOut].ikeEncryptionKey := PX_IKE_ENC_KEY;

		vc_ikeSad[c_saOut].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; 

		vc_ikeSad[c_saOut].ikeIntegrityAlgo := PX_IKE_INTALGO; 

		vc_ikeSad[c_saOut].ikeIntegrityKey := PX_IKE_INT_KEY;

		vc_ikeSad[c_saOut].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; 

		vc_ikeSad[c_saOut].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY;

		vc_ikeSad[c_saOut].nI := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16);

		vc_ikeSad[c_saOut].nR := int2oct(float2int(int2float(20000-5000)*rnd())+5000, 16);

		vc_ikeSad[c_saOut].proposalNr := 1;//smu not needed anymore delete

	} // end f_fillIkeSaFromPIXIT SaProposal

	/*

	 * @desc  Fills IkeSa with PIXIT values

	*/

	function f_fillIkeSaFromPixit()

	runs on LibIpv6Node

	{

		vc_ikeSad[0].spiInitiator := PX_IKE_SPI; 

		// vc_ikeSad[0].spiResponder := ; fill from IKE Header

		vc_ikeSad[0].messageID := 0; 

		vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; 

		// p_ikeSa.ikeEncryptionKey := ; ToDo!!!

		vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; 

		vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; 

		// p_ikeSa.ikeIntegrityKey := ; ToDo!!!

		vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; 

		vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; 

	} // end f_fillIkeSaFromPIXIT SaProposal

	/*

	 * @desc  Fills IkeSa with data from one Security Association proposal

 	 * @param p_SaProposal received SA proposal

	*/

	function f_fillIkeSaFromSaProposal(in SaProposal p_SaProposal)

	runs on LibIpv6Node

	return FncRetCode

	{

		var FncRetCode v_ret;

		// vc_ikeSad[0].spiInitiator := ; fill from IKE Header

		vc_ikeSad[0].spiResponder := PX_IKE_SPI;

		vc_ikeSad[0].messageID := 0; 

		vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; 

		// p_ikeSa.ikeEncryptionKey := ; ToDo!!!

		vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; 

		vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; 

		// p_ikeSa.ikeIntegrityKey := ; ToDo!!!

		vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; 

		vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; 

		v_ret := e_success ;

		return v_ret;

	} // end f_fillIkeSaFromSaProposal

} // end group fillIkeSa

}//end ipSecFns

} // end module LibIpv6_CommonRfcs_Functions

	return Ipv6Address;

	/* @desc    This external function calculates the payload length

	 *			of a IPv6 packet

	 *			of a IPv6 packet. If ESP Hdr i sused, then payload is encrypted before calculation of the length.

	 * @param   p_msg Ipv6 packet

	 * @return  payload length in bytes

	*/

	 * @param   p_ikepayload payload portion of IKE message

	 * @return  length of IKE message in bytes

	*/

	external function fx_ikepayloadLength( in template IkePayloadList p_ikepayload ) 

	external function fx_ikePayloadListLength( in template IkePayloadList p_ikepayload ) 

	return UInt32;

	/* @desc	This external function calculates the checksum for any

	 * @param  p_ikemessage IKE message 

	 * @return checksum value 

	*/

	external function fx_udpikeChecksum( in template IkeMsg p_ikemessage) 

	return Oct2;

	//external function fx_udpikeChecksum( in template IkeMsg p_ikemessage) 

	//return Oct2;

	/* @desc	This external function implements the negotiated

	 *         	pseudo random function and calcutes pseudo random value

	 * @param 	p_ikePayload Ike Payload to be encoded to octetstring

	 * @return 	octetstring

	*/

	//SMU 2007 to be deleted

	external function fx_ikePLToOct(IkePayload p_ikePayload)

	return octetstring;

	 * @param 	p_saProposal SaProposal to be encoded to octetstring

	 * @return 	octetstring

	*/

	//SMU 2007 to be deleted

	external function fx_saProposalToOct(SaProposal p_saProposal)

	return octetstring;

	 * @param 	p_transform Transform to be encoded to octetstring

	 * @return 	octetstring

	*/

	//SMU 2007 to be deleted

	external function fx_saTransformToOct(SaTransform p_saTransform)

	return octetstring;

	 * @param 	p_ikev2Header Ikev2Header to be encoded to octetstring

	 * @return 	octetstring

	*/

	//SMU 2007 if PS does not use, then delete

	external function fx_ikev2HeaderToOct(Ikev2Header p_ikev2Header)

	return octetstring;

	/* @desc 	This external function runs the IkePayloadList through Codec and returns 

	 *			the octetstring representing the IkePayloadList

	 *			

	 * @param 	p_ikePayloadList IkePayloadList to be encoded to octetstring

	 * @return 	octetstring

	*/

	external function fx_ikePayloadListToOct(IkePayloadList p_ikePayloadList)

	return octetstring;

	/* @desc 	This external function runs the Ipv6Payload through Codec and returns 

	 *			the octetstring representing the IkePayloadList

	 *			the octetstring representing the Ipv6Payload

	 *			

	 * @param 	p_ipv6Payload Ipv6Payload to be encoded to octetstring

	 * @return 	octetstring

	*/

	//SMU 2007 to be deleted

	external function fx_ipv6PayloadToOct(Ipv6Payload p_ipv6Payload)

	return octetstring;

	/* @desc    This external function calculates the payload length

	 *			of the IKE encrypted payload. Before calculating the lenght, the payload is encrypted in the test adapter.

	 * @param   p_msg Ipv6 packet

	 * @return  payload length in bytes

	*/

	external function fx_ikeEncPayloadLength( in template EncryptedPayload p_msg ) 

	return UInt16;

	external function fx_ikePayloadListToOct(in IkePayloadList p_ikePayloadList)

	return octetstring;

}// end module LibIpv6_ExternalFunctions

			timer tc_wait:= PX_TWAIT;

			var MipSec vc_mobileSec;

			var Sad vc_sad;

			var IkeSad vc_ikeSad;

			timer tc_loop := PX_LOOP ;

		}

		type port Ipv6Port message {

	}//end group rfc4303Esp_ExtHdrTypesAndValues

	type enumerated IpSecControl {

		e_useIKEforSecParamsSetup (0),

		e_manualSecParamsSetup (1)

	}

} // end extensionHeaders

	*/

	modulepar {octetstring PX_IKE_DIFFIEHELLMAN_PRIVKEY := '0123456789ABCDEF'O}

	/*

	 * @desc Are Sec Params configured manually or is IKE used to setup Sec Params?

	*/

	modulepar {IpSecControl PX_IPSEC_CONTROL := e_useIKEforSecParamsSetup }

	/*

	 * @desc Which pre-shared secret shall be used for calculating the AUTH value?

    */