f_sndSaInitReqAndWaitForRsp and f_sndAuthReqAndWaitForRsp_forEsp updated (466b5b90) · Commits · TTCN-3 Libraries / LibIPv6

ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_CommonRfcs_Functions.ttcn

+12 −12

Original line number	Diff line number	Diff line
		@@ -608,8 +608,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo
		@@ -637,8 +637,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo
		@@ -663,8 +663,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo
		@@ -689,8 +689,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo
		@@ -715,8 +715,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo
		@@ -741,8 +741,8 @@ group ipSecFns {
		espIntegrityKey := PX_INTEGRITY_KEY/f_createSecretKey()/,
		espIntegrKeyLen := omit,
		// Combined mode
		espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		//espCombinedModeAlgo := PX_COMBINED_MODE_ALGO,
		//espCombinedModeKey := PX_COMBINED_MODE_KEY/f_createSecretKey()/,
		// Protocol mode
		ipSecProtocolMode := PX_IP_SEC_PROTOCOL_MODE,
		extentedSequenceNumbers := e_extentedSequenceNumbersNo

ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_ExternalFunctions.ttcn

+2 −1

Original line number	Diff line number	Diff line
		@@ -157,6 +157,7 @@
		* SK_er = prf (p_first, SK_ei \| p_second \| 0x05)
		* SK_pi = prf (p_first, SK_er \| p_second \| 0x06)
		* SK_pr = prf (p_first, SK_pi \| p_second \| 0x07)
		* The key lenghts of Encryption Key, Integrity Key and PRF Key must be set in IkeSa before fx_pseudoRandomPlus is called.
		* @param p_prf negotiated PseudoRandomFunction
		* choice is:
		* e_prfHmacMd5(1),
		@@ -166,7 +167,7 @@
		* @param p_first, p_second input values to pseudo random function
		* @return pseudo random value
		*/
		external function fx_pseudoRandomPlus( in PseudoRandomFunction p_prf,
		external function fx_pseudoRandomPlus( in IkeSa p_ikeSa,
		in octetstring p_first,
		in octetstring p_second )
		return SevenSecrets;

ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_ModuleParameters.ttcn

+2 −2

Original line number	Diff line number	Diff line
		@@ -54,7 +54,7 @@ module LibIpv6_ModuleParameters {
		/*
		* @desc Which Algo mode shall be used for Integrity in vc_sad[c_saOut]?
		*/
		modulepar { CombinedModeAlgo PX_COMBINED_MODE_ALGO := e_null }
		// modulepar { CombinedModeAlgo PX_COMBINED_MODE_ALGO := e_null }

		/*
		* @desc Which SPI shall be used for testing?
		@@ -79,7 +79,7 @@ module LibIpv6_ModuleParameters {
		/*
		* @desc Key for combined mode in vc_sad[c_saOut]
		*/
		modulepar {octetstring PX_COMBINED_MODE_KEY := 'B1B2B3B4'O}
		// modulepar {octetstring PX_COMBINED_MODE_KEY := 'B1B2B3B4'O}

		group ikeSecurity
		{

ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn

+168 −107

Original line number	Diff line number	Diff line
		@@ -373,7 +373,7 @@ module LibIpv6_Rfc4306Ikev2_Functions {
		(p_IkeSa.nI & p_IkeSa.nR), // concatenated nonces -- check 2.14 for details!!!
		p_IkeSa.diffieHellmanSharedSecret);

		v_sevenSecrets := fx_pseudoRandomPlus(p_IkeSa.ikePseudoRandomFunction,
		v_sevenSecrets := fx_pseudoRandomPlus(p_IkeSa,
		v_sKYSEED,
		(p_IkeSa.nI & p_IkeSa.nR & // concatenated nonces -- check 2.14 for details!!!
		p_IkeSa.spiInitiator & p_IkeSa.spiResponder));
		@@ -1101,8 +1101,7 @@ group establishSAFns_active {
		or vc_ikeSad[0].ikeEncryptionAlgo == e_encr_aesCtr) {

		v_ret := f_getEncrKeyLen(vc_ikeSad[0].ikeEncryptionAlgo, vc_ikeSad[0].ikeEncrKeyLen);
		if(v_ret != e_success) {f_selfOrClientSyncAndVerdict(c_prDone, v_ret);}

		if (v_ret != e_success) { return v_ret;}
		v_saTransformEncr.saTransformAttributeList := valueof(
		m_saTransformAttributeList_1Elem(
		m_saTransformAttribute(vc_ikeSad[0].ikeEncrKeyLen)
		@@ -1169,44 +1168,71 @@ group establishSAFns_active {
		)
		)
		);
		if (v_ret != e_success) { return v_ret;}
		}
		else {

		//TODO tunnel mode
		}

		if (v_ret == e_success)
		// wait for IKE_SA_INIT response
		{ v_ret := f_waitForIkeSaInitRsp(p_addrIut,p_addrTn); }
		else
		{ log("** f_sndSaInitReqAndWaitForRsp: ERROR: Call of f_sendIkeSaInitReq failed ** "); }
		v_ret := f_waitForIkeSaInitRsp(p_addrIut,p_addrTn);
		if (v_ret != e_success) { return v_ret;}

		if (v_ret == e_success)
		// set security parameters before using pseudo random function!
		{ v_ret := fx_setIkeSecurityParameters(vc_ikeSad[0]); }
		else
		{ log("** f_sndSaInitReqAndWaitForRsp: ERROR: Call of f_waitForIkeSaInitres failed ** "); }
		//fill keyLen
		v_ret := f_getEncrKeyLen(vc_ikeSad[0].ikeEncryptionAlgo, vc_ikeSad[0].ikeEncrKeyLen);
		if (v_ret != e_success) { return v_ret;}
		v_ret := f_getIntegrKeyLen(vc_ikeSad[0].ikeIntegrityAlgo, vc_ikeSad[0].ikeIntegrKeyLen);
		if (v_ret != e_success) { return v_ret;}
		v_ret := f_getPrfKeyLen(vc_ikeSad[0].ikePseudoRandomFunction, vc_ikeSad[0].prfKeyLen);
		if (v_ret != e_success) { return v_ret;}

		if (v_ret == e_success)
		// calculate and store the seven secrets
		{ vc_ikeSad[0].sevenSecrets := f_calculateSevenSecrets(vc_ikeSad[0]); }
		else
		{ log("** f_sndSaInitReqAndWaitForRsp: ERROR: Call of fx_setIkeSecurityParameters failed ** "); }
		vc_ikeSad[0].sevenSecrets := f_calculateSevenSecrets(vc_ikeSad[0]);

		v_ret := fx_setIkeSecurityParameters(vc_ikeSad[0]);

		return v_ret;

		}//end f_sndSaInitReqAndWaitForRsp

		function f_sndAuthReqAndWaitForRsp_forEsp(
		in template Ipv6Address p_src,
		in template Ipv6Address p_dst)
		template Ipv6Address p_addrTn,
		template Ipv6Address p_addrIut,
		template Ipv6Address p_addrTunnelStart,
		template Ipv6Address p_addrTunnelEnd)
		runs on LibIpv6Node return FncRetCode {
		var FncRetCode v_ret := e_error;

		var SaTransform v_saTransformEncr := valueof (
		m_saTransform (
		c_moreTransform,
		c_transformTypeEncr,
		m_transformId_encr(vc_sad[c_saOut].espEncryptionAlgo),
		omit
		)
		);

		if( vc_sad[c_saOut].espEncryptionAlgo == e_encr_cast
		or vc_sad[c_saOut].espEncryptionAlgo == e_encr_blowfish
		or vc_sad[c_saOut].espEncryptionAlgo == e_encr_aesCbc
		or vc_sad[c_saOut].espEncryptionAlgo == e_encr_aesCtr) {

		v_ret := f_getEncrKeyLen(vc_sad[c_saOut].espEncryptionAlgo, vc_sad[c_saOut].espEncrKeyLen);
		if (v_ret != e_success) { return v_ret;}
		v_saTransformEncr.saTransformAttributeList := valueof(
		m_saTransformAttributeList_1Elem(
		m_saTransformAttribute(vc_sad[c_saOut].espEncrKeyLen)
		)
		);
		}

		if (vc_sad[c_saOut].ipSecProtocolMode == e_transportMode) {

		v_ret := f_sendIkeAuthReq (
		m_ikeAuthReq (
		p_src,
		p_dst,
		p_addrTn,
		p_addrIut,
		PX_UDP_PORT_HS02,
		PX_UDP_PORT_IUT_1,
		vc_ikeSad[0].spiInitiator,
		@@ -1219,7 +1245,7 @@ group establishSAFns_active {
		m_ikePlList_4Elem(
		m_idInitiatorPL (
		c_authenticationPL,
		p_src
		p_addrTn
		),
		m_authPL (
		c_authenticationPL,
		@@ -1235,12 +1261,7 @@ group establishSAFns_active {
		c_2Transforms,
		omit,//spiInitiator
		m_saTransformList_2Elem (
		m_saTransform (
		c_moreTransform,
		c_transformTypeEncr,
		m_transformId_encr(vc_sad[c_saOut].espEncryptionAlgo),
		omit//Attribute SMU check needed to add key
		),
		v_saTransformEncr,
		m_saTransform (
		c_moreTransform,
		c_transformTypeInteg,
		@@ -1255,13 +1276,13 @@ group establishSAFns_active {
		m_trafficSelectorList_2Elem (
		m_icmpv6Ts(
		c_echoRequestMsg,
		p_src,
		p_dst
		p_addrTn,
		p_addrIut
		),
		m_icmpv6Ts(
		c_echoReplyMsg,
		p_src,
		p_dst
		p_addrTn,
		p_addrIut
		)
		)
		)
		@@ -1270,12 +1291,23 @@ group establishSAFns_active {
		)
		)
		);
		if (v_ret != e_success) { return v_ret;}
		}
		else {
		//tunnel todo
		}

		if (v_ret == e_success)
		// wait for IKE_AUTH response
		{ v_ret := f_waitForIkeAuthRsp(p_dst,p_src); }
		else
		{ log("** f_sndAuthReqAndWaitForRsp_forEsp: ERROR: Call of f_sendIkeAuthReq failed ** "); }
		v_ret := f_waitForIkeAuthRsp(p_addrTn,p_addrIut);//todo make it for tunnel mode as well
		if (v_ret != e_success) { return v_ret;}

		//fill keyLen
		v_ret := f_getEncrKeyLen(vc_sad[c_saOut].espEncryptionAlgo, vc_sad[c_saOut].espEncrKeyLen);
		if (v_ret != e_success) { return v_ret;}
		v_ret := f_getIntegrKeyLen(vc_sad[c_saOut].espIntegrityAlgo, vc_sad[c_saOut].espIntegrKeyLen);
		if (v_ret != e_success) { return v_ret;}

		v_ret := fx_setSecurityParameters(vc_sad);

		return v_ret;

		@@ -1297,13 +1329,25 @@ group establishSAFns_passive {
		if (vc_sad[c_saOut].ipSecProtocolMode == e_transportMode) {

		v_ret := f_waitForIkeSaInitReq(p_addrIut,p_addrTn);
		if(v_ret != e_success) {f_selfOrClientSyncAndVerdict(c_prDone, v_ret);}
		if(v_ret != e_success) { return v_ret;}

		v_ret := fx_setIkeSecurityParameters(vc_ikeSad[0]);
		if(v_ret != e_success) {log("** f_rcvSaInitReqAndRsp: ERROR: Call of fx_setIkeSecurityParameters failed ** "); f_selfOrClientSyncAndVerdict(c_prDone, v_ret);}
		var SaTransform v_saTransformEncr := valueof (
		m_saTransform (
		c_moreTransform,
		c_transformTypeEncr,
		m_transformId_encr(vc_ikeSad[0].ikeEncryptionAlgo),
		omit
		)
		);

		// calculate and store the seven secrets
		vc_ikeSad[0].sevenSecrets := f_calculateSevenSecrets(vc_ikeSad[0]);
		//add key len if a variable key len is stored in IkeSa
		if(ispresent(vc_ikeSad[0].ikeEncrKeyLen)) {
		v_saTransformEncr.saTransformAttributeList := valueof(
		m_saTransformAttributeList_1Elem(
		m_saTransformAttribute(vc_ikeSad[0].ikeEncrKeyLen)
		)
		);
		}

		v_ret := f_sendIkeSaInitRsp (
		m_ikeSaInitRsp (
		@@ -1326,12 +1370,7 @@ group establishSAFns_passive {
		c_4Transforms,
		omit,//spiInitiator
		m_saTransformList_4Elem (
		m_saTransform (
		c_moreTransform,
		c_transformTypeEncr,
		m_transformId_encr(vc_ikeSad[0].ikeEncryptionAlgo),
		omit//Attribute SMU check needed to add key
		),
		v_saTransformEncr,
		m_saTransform (
		c_moreTransform,
		c_transformTypeInteg,
		@@ -1374,6 +1413,28 @@ group establishSAFns_passive {
		//TODO tunnel mode
		}

		//fill keyLen
		// if the variable key length is not been used, then
		// the fixed key len is saved to IkeSa
		if( not(vc_ikeSad[0].ikeEncryptionAlgo == e_encr_cast
		or vc_ikeSad[0].ikeEncryptionAlgo == e_encr_blowfish
		or vc_ikeSad[0].ikeEncryptionAlgo == e_encr_aesCbc
		or vc_ikeSad[0].ikeEncryptionAlgo == e_encr_aesCtr)) {

		//fill keyLen
		v_ret := f_getEncrKeyLen(vc_ikeSad[0].ikeEncryptionAlgo, vc_ikeSad[0].ikeEncrKeyLen);
		}
		// there is no variable key length for integrity and PRF
		// now the fixed key len is saved to IkeSa
		v_ret := f_getIntegrKeyLen(vc_ikeSad[0].ikeIntegrityAlgo, vc_ikeSad[0].ikeIntegrKeyLen);
		v_ret := f_getPrfKeyLen(vc_ikeSad[0].ikePseudoRandomFunction, vc_ikeSad[0].prfKeyLen);

		// calculate and store the seven secrets
		vc_ikeSad[0].sevenSecrets := f_calculateSevenSecrets(vc_ikeSad[0]);

		v_ret := fx_setIkeSecurityParameters(vc_ikeSad[0]);
		if(v_ret != e_success) {log("** f_rcvSaInitReqAndRsp: ERROR: Call of fx_setIkeSecurityParameters failed ** "); f_selfOrClientSyncAndVerdict(c_prDone, v_ret);}

		return v_ret;

		}//end f_rcvSaInitReqAndRsp

ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_TypesAndValues.ttcn

+2 −2

Original line number	Diff line number	Diff line
		@@ -1043,8 +1043,8 @@
		IntegrityAlgo espIntegrityAlgo optional,
		octetstring espIntegrityKey,
		UInt16 espIntegrKeyLen optional,
		CombinedModeAlgo espCombinedModeAlgo,
		octetstring espCombinedModeKey,
		//CombinedModeAlgo espCombinedModeAlgo,
		//octetstring espCombinedModeKey,
		IpSecProtocolMode ipSecProtocolMode,
		ExtentedSequenceNumbers extentedSequenceNumbers
		}