Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +420 −0 Original line number Diff line number Diff line Loading @@ -16,7 +16,427 @@ module LibIpv6_Rfc4306Ikev2_Functions { import from LibCommon_VerdictControl { type FncRetCode }; import from LibCommon_Time all; //LibIpv6 import from LibIpv6_Interface_TypesAndValues all ; import from LibIpv6_Interface_Templates all; import from LibIpv6_Interface_Functions all; import from LibIpv6_CommonRfcs_TypesAndValues all; import from LibIpv6_CommonRfcs_Templates all; import from LibIpv6_CommonRfcs_Functions all; import from LibIpv6_ExternalFunctions all; import from LibIpv6_ModuleParameters all ; import from LibIpv6_Rfc4306Ikev2_TypesAndValues all; import from LibIpv6_Rfc4306Ikev2_Templates all; //AtsIpv6 import from AtsIpv6_TestSystem all; import from AtsIpv6_TestConfiguration_TypesAndValues all; import from AtsIpv6_ModuleParameters all ; group fillIkeSa { /* * @desc Fills IkeSa with PIXIT values */ function f_fillIkeSaFromPixit() runs on Ipv6Node { vc_ikeSad[0].spiInitiator := PX_IKE_SPI; // vc_ikeSad[0].spiResponder := ; fill from IKE Header vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with data from one Security Association proposal * @param p_SaProposal received SA proposal */ function f_fillIkeSaFromSaProposal(in SaProposal p_SaProposal) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; // vc_ikeSad[0].spiInitiator := ; fill from IKE Header vc_ikeSad[0].spiResponder := PX_IKE_SPI vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; v_ret := e_success ; return v_ret; } // end f_fillIkeSaFromSaProposal } // end group fillIkeSa group handlePayloads { /* * @desc Finds one payload from a list of payloads * @param p_ikePayloadList received list of payloads * @param p_nextPayload next payload field from IKE header or encrypted payload header * @param p_searchedPayload payload identifier of searched-for payload * @param out p_ikePayload searched payload */ function f_getPayload( in IkePayloadList p_ikePayloadList, in UInt8 p_nextPayload, in UInt8 p_searchedPayload, out IkePayload p_ikePayload) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret := e_timeout; var UInt8 v_nextPayload := p_nextPayload; var integer i; for(i := 0; (i < sizeof(p_ikePayloadList) and (v_ret != e_success) and (v_ret != e_error)); i:= i + 1) { // next payload is Security Association if(v_nextPayload == c_securityAssociation) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].securityAssociation.nextPayload; } } // next payload is Key Exchange else if(v_nextPayload == c_keyExchange) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].keyExchange.nextPayload; } } // next payload is Identification Initiator else if(v_nextPayload == c_idInitiator) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].idInitiator.nextPayload; } } // next payload is Identification Responder else if(v_nextPayload == c_idResponder) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].idResponder.nextPayload; } } // next payload is Certificate else if(v_nextPayload == c_certificate) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].certificate.nextPayload; } } // next payload is Certificate Request else if(v_nextPayload == c_certificateRequest) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].certificateRequest.nextPayload; } } // next payload is Authentication else if(v_nextPayload == c_authentication) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].authentication.nextPayload; } } // next payload is Nonce else if(v_nextPayload == c_nonce) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].nonce.nextPayload; } } // next payload is Notify else if(v_nextPayload == c_notify) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].notify.nextPayload; } } // next payload is Delete else if(v_nextPayload == c_delete) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].delete.nextPayload; } } // next payload is Vendor Id else if(v_nextPayload == c_vendorId) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].vendorId.nextPayload; } } // next payload is Traffic Selector Initiator else if(v_nextPayload == c_tsInitiator) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].tsInitiator.nextPayload; } } // next payload is Traffic Selector Responder else if(v_nextPayload == c_tsResponder) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].tsResponder.nextPayload; } } // next payload is Configuration else if(v_nextPayload == c_configuration) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].configuration.nextPayload; } } // next payload is Extensible Authentication else if(v_nextPayload == c_extensibleAuth) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].extensibleAuth.nextPayload; } } // no payload or only encrypted payload received else { log("**** f_getPayload: ERROR: Payload not found in payload list **** "); v_ret := e_error } } return v_ret; } //end f_getPayload } // end group handlePayloads group receiveRequests { /* * @desc Test Node waits for IKE_SA_INIT request * @param p_src address of IUT * @param p_dst address of test node */ function f_waitForIkeSaInitreq( in template Ipv6Address p_src, in template Ipv6Address p_dst) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // UDP ports var UInt16 v_udpSourcePort; var UInt16 v_udpDestPort; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // payload data var NonceData v_nonceData; var UInt16 v_dhGroup; var octetstring v_keyExchangeData; var SaProposalList v_saProposalList; var SaProposal v_saPreferredProposal; tc_wait.start; alt { [] ipPort.receive(mw_ikeSaInitReq( p_src, p_dst, mw_ikeSaInitReqPLL)) -> value v_ipv6Packet { tc_wait.stop; v_udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; v_udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.initiatorSpi; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_nonce,v_ikePayload); if (v_ret == e_success) { v_nonceData := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchange,v_ikePayload); if (v_ret == e_success) { v_keyExchangeData := v_ikePayload.keyExchange.data; v_dhGroup := v_ikePayload.keyExchange.dhGroup; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_securityAssociation,v_ikePayload); if (v_ret == e_success) { v_saProposalList := v_ikePayload.securityAssociation.saProposalList; v_saPreferredProposal := v_ikePayload.securityAssociation.saProposalList[0] } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForIkeSaInitreq: ERROR: tc_wait.timeout **** "); return v_ret; } } // end alt return v_ret; } //end f_waitForIkeSaInitreq } // end group receiveRequests group receiveResponses { } // end group receiveResponses group sendRequests { } // end group sendRequests group sendResponses { function f_sendIkeSaInitres(in template IkeSaInitResponse p_IkeSaInitres) runs on Ipv6Node return FncRetCode { var IkeSaInitResponse v_ipPkt; v_ipPkt := valueof(p_IkeSaInitres); //set Extension Header /* if (ispresent(v_ipPkt.extHdrList)) { if(f_setExtensionHeaders( v_ipPkt.extHdrList, v_ipPkt.ipv6Hdr.sourceAddress, v_ipPkt.ipv6Hdr.destinationAddress, v_ipPkt) != e_success) { log(" **** f_sendHaAddrDreq: Error when calculating length of extension headers ****"); return e_error; } }*/ //calc payloadLen // v_ipPkt.ipv6Hdr.payloadLength := fx_payloadLength (v_ipPkt); //set checksum to zero // v_ipPkt.ipv6Payload.homeAgentAddrDiscRequestMsg.checksum := c_2ZeroBytes; //calc checksum // v_ipPkt.ipv6Payload.homeAgentAddrDiscRequestMsg.checksum := fx_icmpv6Checksum(v_ipPkt); //send ipPort.send(v_ipPkt); return e_success; } // end f_sendIkeSaInitres } // end group sendResponses } // end module LibIpv6_Rfc4306Ikev2_Functions ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +238 −1 Original line number Diff line number Diff line Loading @@ -11,6 +11,243 @@ import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; //LibIpv6 import from LibIpv6_Interface_TypesAndValues all; import from LibIpv6_Interface_Templates all; import from LibIpv6_CommonRfcs_TypesAndValues all; import from LibIpv6_CommonRfcs_Templates all; import from LibIpv6_ExternalFunctions all; import from LibIpv6_ModuleParameters all ; import from LibIpv6_Rfc2463Icmpv6_TypesAndValues all; import from LibIpv6_Rfc4306Ikev2_TypesAndValues all; group ikeSaInitRequestTemplates { template IkeSaInitRequest mw_ikeSaInitReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header initiatorSpi := ?, responderSpi := c_zeroResponderSpi, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := ?, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := ?, messageID := c_uInt32Zero, messageLength := ?, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeSaInitRequest m_ikeSaInitReq ( template Ipv6Address p_src, template Ipv6Address p_dst, UInt16 p_udpsourcePort, UInt16 p_udpdestPort, UInt8 p_nextPayload, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := p_udpsourcePort, destPort := p_udpdestPort, msgLength := c_uInt16Zero, checksum := c_uInt16Zero, padding := omit, // IKEv2 Header initiatorSpi := c_8ZeroBytes, responderSpi := c_zeroResponderSpi, nextPayload := p_nextPayload, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := 0, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := 0, messageID := c_uInt32Zero, messageLength := c_uInt32Zero, // IKEv2 Payloads payloadList := p_ikepayloads }} } }//end group ikeSaInitRequestTemplates group ikeSaInitResponseTemplates { template IkeSaInitResponse mw_ikeSaInitRes ( template Ipv6Address p_src, template Ipv6Address p_dst, Oct8 p_initiatorSpi, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header initiatorSpi := p_initiatorSpi, responderSpi := ?, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := ?, rFlag := c_rFlagResponse, vFlag := c_vFlag, iFlag := c_iFlagResponder, threeXFlags := ?, messageID := 1, messageLength := ?, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeSaInitResponse m_ikeSaInitRes ( template Ipv6Address p_src, template Ipv6Address p_dst, UInt16 p_udpsourcePort, UInt16 p_udpdestPort, Oct8 p_initiatorSpi, UInt8 p_nextPayload, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := p_udpsourcePort, destPort := p_udpdestPort, msgLength := c_uInt16Zero, checksum := c_uInt16Zero, padding := omit, // IKEv2 Header initiatorSpi := p_initiatorSpi, responderSpi := c_8ZeroBytes, nextPayload := p_nextPayload, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := 0, rFlag := c_rFlagResponse, vFlag := c_vFlag, iFlag := c_iFlagResponder, threeXFlags := 0, messageID := 1, messageLength := c_uInt32Zero, // IKEv2 Payloads payloadList := p_ikepayloads }} } }//end group ikeSaInitResponseTemplates group ikeSaInitRequestPayloadListTemplates { template IkePayloadList mw_ikeSaInitReqPLL := superset ({securityAssociation := mw_securityAssociationPL},{nonce := mw_noncePL},{keyExchange := mw_keyExchangePL}); }//end group ikeSaInitRequestPayloadListTemplates group ikeSecurityAssociationPayloadTemplates { template SecurityAssociationPayload mw_securityAssociationPL := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, saProposalList := superset(mw_saProposalIke) }; template SecurityAssociationPayload m_securityAssociationPL (UInt8 p_nextPayload, SaProposal p_saProposal) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved := c_uInt7Zero, payloadLength := c_uInt16Zero, saProposalList := {p_saProposal} }; }//end group ikeSecurityAssociationPayloadPayloadTemplates group IkeRfc4306SaProposalTemplates { template SaProposal mw_saProposalIke := { lastProposal := ?, reserved := ?, proposalLength := ?, proposalNumber := ?, protocolId := c_protocolIke, spiSize := c_uInt8Zero, numberOfTransforms := ?, spi := omit, saTransformList := ? } }//end group IkeRfc4306SaProposalTemplates group ikeKeyExchangePayloadTemplates { template KeyExchangePayload mw_keyExchangePL := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, dhGroup := ?, reserved2 := ?, data := ? }; template KeyExchangePayload m_keyExchangePL (UInt8 p_nextPayload, UInt16 p_dhGroup, octetstring p_data) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved1 := c_uInt7Zero, payloadLength := (lengthof(p_data) + 4), dhGroup := p_dhGroup, reserved2 := c_uInt8Zero, data := p_data }; }//end group ikeKeyExchangePayloadTemplates group ikeNoncePayloadTemplates { template NoncePayload mw_noncePL := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, data := ? } template NoncePayload m_noncePL (UInt8 p_nextPayload, NonceData p_data) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved := c_uInt7Zero, payloadLength := lengthof(p_data), data := p_data } }//end group ikeNoncePayloadTemplates } // end module LibIpv6_Rfc4306Ikev2_Templates Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +420 −0 Original line number Diff line number Diff line Loading @@ -16,7 +16,427 @@ module LibIpv6_Rfc4306Ikev2_Functions { import from LibCommon_VerdictControl { type FncRetCode }; import from LibCommon_Time all; //LibIpv6 import from LibIpv6_Interface_TypesAndValues all ; import from LibIpv6_Interface_Templates all; import from LibIpv6_Interface_Functions all; import from LibIpv6_CommonRfcs_TypesAndValues all; import from LibIpv6_CommonRfcs_Templates all; import from LibIpv6_CommonRfcs_Functions all; import from LibIpv6_ExternalFunctions all; import from LibIpv6_ModuleParameters all ; import from LibIpv6_Rfc4306Ikev2_TypesAndValues all; import from LibIpv6_Rfc4306Ikev2_Templates all; //AtsIpv6 import from AtsIpv6_TestSystem all; import from AtsIpv6_TestConfiguration_TypesAndValues all; import from AtsIpv6_ModuleParameters all ; group fillIkeSa { /* * @desc Fills IkeSa with PIXIT values */ function f_fillIkeSaFromPixit() runs on Ipv6Node { vc_ikeSad[0].spiInitiator := PX_IKE_SPI; // vc_ikeSad[0].spiResponder := ; fill from IKE Header vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; } // end f_fillIkeSaFromPIXIT SaProposal /* * @desc Fills IkeSa with data from one Security Association proposal * @param p_SaProposal received SA proposal */ function f_fillIkeSaFromSaProposal(in SaProposal p_SaProposal) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; // vc_ikeSad[0].spiInitiator := ; fill from IKE Header vc_ikeSad[0].spiResponder := PX_IKE_SPI vc_ikeSad[0].messageID := 0; vc_ikeSad[0].ikeEncryptionAlgo := PX_IKE_ENCALGO; // p_ikeSa.ikeEncryptionKey := ; ToDo!!! vc_ikeSad[0].ikePseudoRandomFunction := PX_IKE_PSEUDORANDOM_FCT; vc_ikeSad[0].ikeIntegrityAlgo := PX_IKE_INTALGO; // p_ikeSa.ikeIntegrityKey := ; ToDo!!! vc_ikeSad[0].diffieHellmanGroup := PX_IKE_DIFFIEHELLMAN_GROUP; vc_ikeSad[0].diffieHellmanPrivKey := PX_IKE_DIFFIEHELLMAN_PRIVKEY; v_ret := e_success ; return v_ret; } // end f_fillIkeSaFromSaProposal } // end group fillIkeSa group handlePayloads { /* * @desc Finds one payload from a list of payloads * @param p_ikePayloadList received list of payloads * @param p_nextPayload next payload field from IKE header or encrypted payload header * @param p_searchedPayload payload identifier of searched-for payload * @param out p_ikePayload searched payload */ function f_getPayload( in IkePayloadList p_ikePayloadList, in UInt8 p_nextPayload, in UInt8 p_searchedPayload, out IkePayload p_ikePayload) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret := e_timeout; var UInt8 v_nextPayload := p_nextPayload; var integer i; for(i := 0; (i < sizeof(p_ikePayloadList) and (v_ret != e_success) and (v_ret != e_error)); i:= i + 1) { // next payload is Security Association if(v_nextPayload == c_securityAssociation) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].securityAssociation.nextPayload; } } // next payload is Key Exchange else if(v_nextPayload == c_keyExchange) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].keyExchange.nextPayload; } } // next payload is Identification Initiator else if(v_nextPayload == c_idInitiator) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].idInitiator.nextPayload; } } // next payload is Identification Responder else if(v_nextPayload == c_idResponder) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].idResponder.nextPayload; } } // next payload is Certificate else if(v_nextPayload == c_certificate) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].certificate.nextPayload; } } // next payload is Certificate Request else if(v_nextPayload == c_certificateRequest) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].certificateRequest.nextPayload; } } // next payload is Authentication else if(v_nextPayload == c_authentication) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].authentication.nextPayload; } } // next payload is Nonce else if(v_nextPayload == c_nonce) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].nonce.nextPayload; } } // next payload is Notify else if(v_nextPayload == c_notify) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].notify.nextPayload; } } // next payload is Delete else if(v_nextPayload == c_delete) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].delete.nextPayload; } } // next payload is Vendor Id else if(v_nextPayload == c_vendorId) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].vendorId.nextPayload; } } // next payload is Traffic Selector Initiator else if(v_nextPayload == c_tsInitiator) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].tsInitiator.nextPayload; } } // next payload is Traffic Selector Responder else if(v_nextPayload == c_tsResponder) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].tsResponder.nextPayload; } } // next payload is Configuration else if(v_nextPayload == c_configuration) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].configuration.nextPayload; } } // next payload is Extensible Authentication else if(v_nextPayload == c_extensibleAuth) { if(v_nextPayload == p_searchedPayload) { p_ikePayload := p_ikePayloadList[i]; v_ret := e_success ; } else { v_nextPayload := p_ikePayloadList[i].extensibleAuth.nextPayload; } } // no payload or only encrypted payload received else { log("**** f_getPayload: ERROR: Payload not found in payload list **** "); v_ret := e_error } } return v_ret; } //end f_getPayload } // end group handlePayloads group receiveRequests { /* * @desc Test Node waits for IKE_SA_INIT request * @param p_src address of IUT * @param p_dst address of test node */ function f_waitForIkeSaInitreq( in template Ipv6Address p_src, in template Ipv6Address p_dst) runs on Ipv6Node return FncRetCode { var FncRetCode v_ret; var Ipv6Packet v_ipv6Packet; // UDP ports var UInt16 v_udpSourcePort; var UInt16 v_udpDestPort; // next payload from IKE header var UInt8 v_nextPayload; // list of payloads var IkePayloadList v_ikePayloadList; var IkePayload v_ikePayload; // payload data var NonceData v_nonceData; var UInt16 v_dhGroup; var octetstring v_keyExchangeData; var SaProposalList v_saProposalList; var SaProposal v_saPreferredProposal; tc_wait.start; alt { [] ipPort.receive(mw_ikeSaInitReq( p_src, p_dst, mw_ikeSaInitReqPLL)) -> value v_ipv6Packet { tc_wait.stop; v_udpSourcePort := v_ipv6Packet.ipv6Payload.ikeMsg.sourcePort; v_udpDestPort := v_ipv6Packet.ipv6Payload.ikeMsg.destPort; vc_ikeSad[0].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.initiatorSpi; v_nextPayload := v_ipv6Packet.ipv6Payload.ikeMsg.nextPayload; v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_nonce,v_ikePayload); if (v_ret == e_success) { v_nonceData := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** ") } // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchange,v_ikePayload); if (v_ret == e_success) { v_keyExchangeData := v_ikePayload.keyExchange.data; v_dhGroup := v_ikePayload.keyExchange.dhGroup; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** ") } // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_securityAssociation,v_ikePayload); if (v_ret == e_success) { v_saProposalList := v_ikePayload.securityAssociation.saProposalList; v_saPreferredProposal := v_ikePayload.securityAssociation.saProposalList[0] } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForIkeSaInitreq: ERROR: tc_wait.timeout **** "); return v_ret; } } // end alt return v_ret; } //end f_waitForIkeSaInitreq } // end group receiveRequests group receiveResponses { } // end group receiveResponses group sendRequests { } // end group sendRequests group sendResponses { function f_sendIkeSaInitres(in template IkeSaInitResponse p_IkeSaInitres) runs on Ipv6Node return FncRetCode { var IkeSaInitResponse v_ipPkt; v_ipPkt := valueof(p_IkeSaInitres); //set Extension Header /* if (ispresent(v_ipPkt.extHdrList)) { if(f_setExtensionHeaders( v_ipPkt.extHdrList, v_ipPkt.ipv6Hdr.sourceAddress, v_ipPkt.ipv6Hdr.destinationAddress, v_ipPkt) != e_success) { log(" **** f_sendHaAddrDreq: Error when calculating length of extension headers ****"); return e_error; } }*/ //calc payloadLen // v_ipPkt.ipv6Hdr.payloadLength := fx_payloadLength (v_ipPkt); //set checksum to zero // v_ipPkt.ipv6Payload.homeAgentAddrDiscRequestMsg.checksum := c_2ZeroBytes; //calc checksum // v_ipPkt.ipv6Payload.homeAgentAddrDiscRequestMsg.checksum := fx_icmpv6Checksum(v_ipPkt); //send ipPort.send(v_ipPkt); return e_success; } // end f_sendIkeSaInitres } // end group sendResponses } // end module LibIpv6_Rfc4306Ikev2_Functions
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +238 −1 Original line number Diff line number Diff line Loading @@ -11,6 +11,243 @@ import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; //LibIpv6 import from LibIpv6_Interface_TypesAndValues all; import from LibIpv6_Interface_Templates all; import from LibIpv6_CommonRfcs_TypesAndValues all; import from LibIpv6_CommonRfcs_Templates all; import from LibIpv6_ExternalFunctions all; import from LibIpv6_ModuleParameters all ; import from LibIpv6_Rfc2463Icmpv6_TypesAndValues all; import from LibIpv6_Rfc4306Ikev2_TypesAndValues all; group ikeSaInitRequestTemplates { template IkeSaInitRequest mw_ikeSaInitReq ( template Ipv6Address p_src, template Ipv6Address p_dst, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header initiatorSpi := ?, responderSpi := c_zeroResponderSpi, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := ?, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := ?, messageID := c_uInt32Zero, messageLength := ?, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeSaInitRequest m_ikeSaInitReq ( template Ipv6Address p_src, template Ipv6Address p_dst, UInt16 p_udpsourcePort, UInt16 p_udpdestPort, UInt8 p_nextPayload, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := p_udpsourcePort, destPort := p_udpdestPort, msgLength := c_uInt16Zero, checksum := c_uInt16Zero, padding := omit, // IKEv2 Header initiatorSpi := c_8ZeroBytes, responderSpi := c_zeroResponderSpi, nextPayload := p_nextPayload, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := 0, rFlag := c_rFlagRequest, vFlag := c_vFlag, iFlag := c_iFlagInitiator, threeXFlags := 0, messageID := c_uInt32Zero, messageLength := c_uInt32Zero, // IKEv2 Payloads payloadList := p_ikepayloads }} } }//end group ikeSaInitRequestTemplates group ikeSaInitResponseTemplates { template IkeSaInitResponse mw_ikeSaInitRes ( template Ipv6Address p_src, template Ipv6Address p_dst, Oct8 p_initiatorSpi, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := (c_udpPort500,c_udpPort4500), destPort := (c_udpPort500,c_udpPort4500), msgLength := ?, checksum := ?, padding := c_4ZeroBytes ifpresent, // IKEv2 Header initiatorSpi := p_initiatorSpi, responderSpi := ?, nextPayload := ?, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := ?, rFlag := c_rFlagResponse, vFlag := c_vFlag, iFlag := c_iFlagResponder, threeXFlags := ?, messageID := 1, messageLength := ?, // IKEv2 Payloads payloadList := p_ikepayloads }} } template IkeSaInitResponse m_ikeSaInitRes ( template Ipv6Address p_src, template Ipv6Address p_dst, UInt16 p_udpsourcePort, UInt16 p_udpdestPort, Oct8 p_initiatorSpi, UInt8 p_nextPayload, template IkePayloadList p_ikepayloads) := { ipv6Hdr := mw_ipHdr_nextHdr_srcDst(c_noNextHdr, p_src, p_dst), extHdrList := omit, ipv6Payload := { ikeMsg := { sourcePort := p_udpsourcePort, destPort := p_udpdestPort, msgLength := c_uInt16Zero, checksum := c_uInt16Zero, padding := omit, // IKEv2 Header initiatorSpi := p_initiatorSpi, responderSpi := c_8ZeroBytes, nextPayload := p_nextPayload, majorVersion := c_ikeMajorVersion2, minorVersion := c_ikeMinorVersion0, exchangeType := c_ikeSaInit, twoXFlags := 0, rFlag := c_rFlagResponse, vFlag := c_vFlag, iFlag := c_iFlagResponder, threeXFlags := 0, messageID := 1, messageLength := c_uInt32Zero, // IKEv2 Payloads payloadList := p_ikepayloads }} } }//end group ikeSaInitResponseTemplates group ikeSaInitRequestPayloadListTemplates { template IkePayloadList mw_ikeSaInitReqPLL := superset ({securityAssociation := mw_securityAssociationPL},{nonce := mw_noncePL},{keyExchange := mw_keyExchangePL}); }//end group ikeSaInitRequestPayloadListTemplates group ikeSecurityAssociationPayloadTemplates { template SecurityAssociationPayload mw_securityAssociationPL := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, saProposalList := superset(mw_saProposalIke) }; template SecurityAssociationPayload m_securityAssociationPL (UInt8 p_nextPayload, SaProposal p_saProposal) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved := c_uInt7Zero, payloadLength := c_uInt16Zero, saProposalList := {p_saProposal} }; }//end group ikeSecurityAssociationPayloadPayloadTemplates group IkeRfc4306SaProposalTemplates { template SaProposal mw_saProposalIke := { lastProposal := ?, reserved := ?, proposalLength := ?, proposalNumber := ?, protocolId := c_protocolIke, spiSize := c_uInt8Zero, numberOfTransforms := ?, spi := omit, saTransformList := ? } }//end group IkeRfc4306SaProposalTemplates group ikeKeyExchangePayloadTemplates { template KeyExchangePayload mw_keyExchangePL := { nextPayload := ?, criticalFlag := 0, reserved1 := ?, payloadLength := ?, dhGroup := ?, reserved2 := ?, data := ? }; template KeyExchangePayload m_keyExchangePL (UInt8 p_nextPayload, UInt16 p_dhGroup, octetstring p_data) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved1 := c_uInt7Zero, payloadLength := (lengthof(p_data) + 4), dhGroup := p_dhGroup, reserved2 := c_uInt8Zero, data := p_data }; }//end group ikeKeyExchangePayloadTemplates group ikeNoncePayloadTemplates { template NoncePayload mw_noncePL := { nextPayload := ?, criticalFlag := 0, reserved := ?, payloadLength := ?, data := ? } template NoncePayload m_noncePL (UInt8 p_nextPayload, NonceData p_data) := { nextPayload := p_nextPayload, criticalFlag := 0, reserved := c_uInt7Zero, payloadLength := lengthof(p_data), data := p_data } }//end group ikeNoncePayloadTemplates } // end module LibIpv6_Rfc4306Ikev2_Templates
