Loading ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_Interface_TypesAndValues.ttcn +3 −1 Original line number Diff line number Diff line Loading @@ -1263,7 +1263,9 @@ module LibIpv6_Interface_TypesAndValues { SevenSecrets sevenSecrets, octetstring nI,//new smu nonce octetstring nR,//new smu nonce UInt8 proposalNr//new smu nonce UInt8 proposalNr,//new smu nonce UInt16 udpSourcePort, // new PS udp port UInt16 udpDestPort // new PS udp port } with { variant "TODO"; Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +159 −17 Original line number Diff line number Diff line Loading @@ -343,6 +343,126 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } //end f_getPayload /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfType(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfType /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfTypeAndCheck(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfTypeAndCheck /* * @desc Finds one transform from a list of transforms * @param p_numberOfTransforms number of transforms in list * @param p_saTransformList received list of transforms * @param p_searchedTransformType transform identifier of searched-for transform * @param out p_transform searched payload */ function f_getTransform( in SaTransformList p_saTransformList, in UInt8 p_numberOfTransforms, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret := e_timeout; var integer i; if (sizeof(p_saTransformList) != p_numberOfTransforms) {log("**** f_getTransform: ERROR: Transform number does not match '# of Transforms' field **** "); return e_error; } for(i := 0; (i < p_numberOfTransforms and v_ret != e_success); i:= i + 1) { // transform is searched-for transform if(p_saTransformList[i].transformType == p_searchedtransformType) { p_saTransform := p_saTransformList[i]; v_ret := e_success; } // searched-for transform was not found in transform list else if (i == (p_numberOfTransforms - 1)) { v_ret := e_error; // searched-for transform may still be in another proposal with same Id p_saTransform := p_saTransformList[0]; // put any value into out parameter to avoid errors } } return v_ret; } // end f_getTransform } // end group handlePayloads group receiveRequests Loading @@ -358,20 +478,13 @@ module LibIpv6_Rfc4306Ikev2_Functions { return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // UDP ports var UInt16 v_udpSourcePort; var UInt16 v_udpDestPort; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // payload data var NonceData v_nonceData; var UInt16 v_dhGroup; var octetstring v_keyExchangeData; var SaProposalList v_saProposalList; var SaProposal v_saPreferredProposal; // transform var SaTransform v_saTransform; tc_wait.start; alt { Loading @@ -381,32 +494,61 @@ module LibIpv6_Rfc4306Ikev2_Functions { { tc_wait.stop; v_udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; v_udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; vc_ikeSad[0].udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.initiatorSpi; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) { v_nonceData := v_ikePayload.nonce.data; } { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) { v_keyExchangeData := v_ikePayload.keyExchange.data; vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; } { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, PX_IKE_DIFFIEHELLMAN_PRIVKEY, v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) { v_saProposalList := v_ikePayload.securityAssociation.saProposalList; v_saPreferredProposal := v_ikePayload.securityAssociation.saProposalList[0] } // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** ") } // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** ") } // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** ") } } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } Loading Loading
ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_Interface_TypesAndValues.ttcn +3 −1 Original line number Diff line number Diff line Loading @@ -1263,7 +1263,9 @@ module LibIpv6_Interface_TypesAndValues { SevenSecrets sevenSecrets, octetstring nI,//new smu nonce octetstring nR,//new smu nonce UInt8 proposalNr//new smu nonce UInt8 proposalNr,//new smu nonce UInt16 udpSourcePort, // new PS udp port UInt16 udpDestPort // new PS udp port } with { variant "TODO"; Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +159 −17 Original line number Diff line number Diff line Loading @@ -343,6 +343,126 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } //end f_getPayload /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfType(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfType /* * @desc Gets one transform of a specific transform type from the preferred (1st) SA proposal * @param p_saProposalList received list of SA proposals * @param p_transformType searched for transfer type * @param p_saTransform output parameter carrying the transform of type p_transformType */ function f_getTransformOfTypeAndCheck(in SaProposalList p_saProposalList, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var integer i; v_ret := f_getTransform(p_saProposalList[0].saTransformList, p_saProposalList[0].numberOfTransforms, p_searchedtransformType, p_saTransform); // transform was not found in first porposal but there is/are further proposal(s) with Id 1 if (v_ret == e_error and p_saProposalList[0].lastProposal != c_uInt8Zero) { for(i := 1; (v_ret != e_success); i:= i + 1) {if (p_saProposalList[i].proposalNumber == 1) {v_ret := f_getTransform(p_saProposalList[i].saTransformList, p_saProposalList[i].numberOfTransforms, p_searchedtransformType, p_saTransform);} else {log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); return e_error;}} } // transform was not found in first porposal and there is no further proposal if (v_ret == e_error and p_saProposalList[0].lastProposal == c_uInt8Zero) {return e_error; log("**** f_storeIKETransforms: ERROR: No transform of this type found in 1st proposal **** "); } return v_ret; } // end f_getTransformOfTypeAndCheck /* * @desc Finds one transform from a list of transforms * @param p_numberOfTransforms number of transforms in list * @param p_saTransformList received list of transforms * @param p_searchedTransformType transform identifier of searched-for transform * @param out p_transform searched payload */ function f_getTransform( in SaTransformList p_saTransformList, in UInt8 p_numberOfTransforms, in UInt8 p_searchedtransformType, out SaTransform p_saTransform) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret := e_timeout; var integer i; if (sizeof(p_saTransformList) != p_numberOfTransforms) {log("**** f_getTransform: ERROR: Transform number does not match '# of Transforms' field **** "); return e_error; } for(i := 0; (i < p_numberOfTransforms and v_ret != e_success); i:= i + 1) { // transform is searched-for transform if(p_saTransformList[i].transformType == p_searchedtransformType) { p_saTransform := p_saTransformList[i]; v_ret := e_success; } // searched-for transform was not found in transform list else if (i == (p_numberOfTransforms - 1)) { v_ret := e_error; // searched-for transform may still be in another proposal with same Id p_saTransform := p_saTransformList[0]; // put any value into out parameter to avoid errors } } return v_ret; } // end f_getTransform } // end group handlePayloads group receiveRequests Loading @@ -358,20 +478,13 @@ module LibIpv6_Rfc4306Ikev2_Functions { return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // UDP ports var UInt16 v_udpSourcePort; var UInt16 v_udpDestPort; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // payload data var NonceData v_nonceData; var UInt16 v_dhGroup; var octetstring v_keyExchangeData; var SaProposalList v_saProposalList; var SaProposal v_saPreferredProposal; // transform var SaTransform v_saTransform; tc_wait.start; alt { Loading @@ -381,32 +494,61 @@ module LibIpv6_Rfc4306Ikev2_Functions { { tc_wait.stop; v_udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; v_udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; vc_ikeSad[0].udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.initiatorSpi; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) { v_nonceData := v_ikePayload.nonce.data; } { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) { v_keyExchangeData := v_ikePayload.keyExchange.data; vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; } { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, PX_IKE_DIFFIEHELLMAN_PRIVKEY, v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) { v_saProposalList := v_ikePayload.securityAssociation.saProposalList; v_saPreferredProposal := v_ikePayload.securityAssociation.saProposalList[0] } // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.ikeEncryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** ") } // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunctions; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** ") } // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** ") } } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } Loading
