Loading ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_CommonRfcs_Functions.ttcn +6 −5 Original line number Diff line number Diff line Loading @@ -349,7 +349,7 @@ group ipSecFns { } //in units of octets function f_getIntegrKeyLen( in IntegrityAlgo p_integrityAlgo) function f_getIntegrKeyLen( in template IntegrityAlgo p_integrityAlgo) return UInt8 { if(p_integrityAlgo == e_auth_hmacMd5_96){ Loading Loading @@ -495,6 +495,7 @@ group ipSecFns { } else if(p_encryptionAlgo == e_encr_null) { v_keyLen := 0; return ''O; } else { log("**** f_getIvLen: Error: Unknown encryption algorithm ****"); Loading Loading @@ -552,7 +553,7 @@ group ipSecFns { } //in units of octets function f_getIntegrBlockSize(IntegrityAlgo p_integrityAlgo) function f_getIntegrBlockSize(in template IntegrityAlgo p_integrityAlgo) runs on LibIpv6Node return UInt8 { Loading Loading @@ -740,7 +741,7 @@ group ipSecFns { //TODO v_ahIntegrBlockSize // SAD for ESP and AH Tests vc_sad[0] := { vc_sad[c_saIni] := { spi := PX_SPI/*f_createSpi()*/, seqNr := c_uInt32Zero, // AH Integrity Loading Loading @@ -770,7 +771,7 @@ group ipSecFns { trafficSelector:= omit } vc_sad[0] := { vc_sad[c_saRes] := { spi := PX_SPI/*f_createSpi()*/, seqNr := c_uInt32Zero, // AH Integrity Loading ttcn3/EtsiLibrary/LibIpv6/LibMultiRfcs/LibIpv6_MultiRfcs_Functions.ttcn +11 −11 Original line number Diff line number Diff line Loading @@ -335,7 +335,7 @@ group IcmpAndEspFns { var FncRetCode v_ret := e_error; var EchoReply v_msg; if (vc_sad[0].ipSecProtocolMode == e_transportMode) { if (vc_sad[c_saRes].ipSecProtocolMode == e_transportMode) { v_ret := f_sendEchoRequest ( m_echoRequest_esp ( Loading @@ -344,8 +344,8 @@ group IcmpAndEspFns { p_paramsIut.gla, m_extHdrList_1Elem ( m_extHdr_espHeader( vc_sad[0].spi, vc_sad[0].seqNr, vc_sad[c_saRes].spi, vc_sad[c_saRes].seqNr, m_espIpDatagram( omit, m_ipv6Payload_echoRequestMsg( Loading @@ -355,7 +355,7 @@ group IcmpAndEspFns { c_icmpHdr)) ) ); //increment SA-based seqNr vc_sad[0].seqNr := vc_sad[0].seqNr + 1; vc_sad[c_saRes].seqNr := vc_sad[c_saRes].seqNr + 1; if (v_ret != e_success) {return v_ret;} tc_ac.start; Loading @@ -367,7 +367,7 @@ group IcmpAndEspFns { p_paramsTn.gla, m_extHdrList_1Elem ( mw_extHdr_espHeader( vc_sad[0].spi, vc_sad[c_saIni].spi, ?, m_espIpDatagram( omit, Loading @@ -379,7 +379,7 @@ group IcmpAndEspFns { )) -> value v_msg { tc_ac.stop; //Save seqNr of IN SAD vc_sad[0].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; vc_sad[c_saIni].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; v_ret := e_success; } [] tc_ac.timeout{ Loading @@ -396,8 +396,8 @@ group IcmpAndEspFns { p_paramsTunnelEnd.gla, m_extHdrList_1Elem ( m_extHdr_espHeader( vc_sad[0].spi, vc_sad[0].seqNr, vc_sad[c_saRes].spi, vc_sad[c_saRes].seqNr, m_espIpDatagram( m_extHdrList_1Elem( m_extHdr_tunneledHeader ( Loading @@ -411,7 +411,7 @@ group IcmpAndEspFns { c_tunneledIpHdr)) ) ); //increment SA-based seqNr vc_sad[0].seqNr := vc_sad[0].seqNr + 1; vc_sad[c_saRes].seqNr := vc_sad[c_saRes].seqNr + 1; if (v_ret != e_success) {return v_ret;} tc_ac.start; Loading @@ -423,7 +423,7 @@ group IcmpAndEspFns { p_paramsTunnelStart.gla, mw_extHdrList_1Elem_superSet ( mw_extHdr_espHeader( vc_sad[0].spi, vc_sad[c_saIni].spi, ?, m_espIpDatagram( m_extHdrList_1Elem( Loading @@ -439,7 +439,7 @@ group IcmpAndEspFns { )) -> value v_msg { tc_ac.stop; //Save seqNr of IN SAD vc_sad[0].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; vc_sad[c_saIni].seqNr := v_msg.extHdrList[c_saIni].espHeader.seqNbr; v_ret := e_success; } [] tc_ac.timeout{ Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +70 −93 Original line number Diff line number Diff line Loading @@ -423,19 +423,19 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_calculateAUTH /* * @desc Function that sets the key values in vc_sad * @desc Function that sets the key values in vc_sad for CHILDSA * @param p_ikeSa data of negotiated IKE SA * @param p_sa data of negotiated ESP or AH SA, key values will be set by this function * @param p_protocolId ESP or AH */ function f_setKeys(in IkeSa p_ikeSad, inout Sa p_sadIni, inout Sa p_sadRes, in UInt8 p_protocolId) function f_setChildKeys(in IkeSa p_ikeSad, inout Sa p_sadIni, inout Sa p_sadRes, in UInt8 p_protocolId) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var EncIntKeys v_encIntKeys; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_setKeys: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); { log("**** f_setChildKeys: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} if (p_protocolId == c_protocolEsp) Loading Loading @@ -466,7 +466,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { } return v_ret } // end f_setKeys } // end f_setChildKeys /* * @desc Function that copies data from one Sad to another Loading Loading @@ -1989,17 +1989,22 @@ group establishSAFns_active { } // end f_sndSaInitReqAndWaitForRsp function f_sndAuthReqAndWaitForRsp_forEsp( function f_sndAuthReqAndWaitForRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut template Ipv6Address p_addrIut, in UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_sndAuthReqAndWaitForRsp: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} v_ret := f_createAndSendAuthReq( p_addrTn, p_addrIut, c_protocolId_esp p_protocolId ); if (v_ret != e_success) { return v_ret;} Loading @@ -2007,6 +2012,7 @@ group establishSAFns_active { v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); if (v_ret != e_success) { return v_ret;} if (p_protocolId == c_protocolEsp) { //fill keyLen vc_sad[c_saIni].espEncrKeyLen := f_getEncrKeyLen(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espIntegrKeyLen := f_getIntegrKeyLen(vc_sad[c_saIni].espIntegrityAlgo); Loading @@ -2015,58 +2021,29 @@ group establishSAFns_active { vc_sad[c_saIni].espIv := f_getIv(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espEncrBlockSize := f_getEncrBlockSize(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espIntegrBlockSize := f_getIntegrBlockSize(vc_sad[c_saIni].espIntegrityAlgo); // copy data to SA of responder f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); // set key values v_ret := f_setKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); return v_ret; } // end f_sndAuthReqAndWaitForRsp_forEsp function f_sndAuthReqAndWaitForRsp_forAh( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; v_ret := f_createAndSendAuthReq( p_addrTn, p_addrIut, c_protocolId_ah ); if (v_ret != e_success) { return v_ret;} // wait for IKE_AUTH response v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); if (v_ret != e_success) { return v_ret;} } //AH else { //fill keyLen vc_sad[c_saIni].ahIntegrKeyLen := f_getIntegrKeyLen(vc_sad[c_saIni].ahIntegrityAlgo); //fill icv and pad length vc_sad[c_saIni].ahIcvLen := f_getIcvLen(vc_sad[c_saIni].ahIntegrityAlgo); vc_sad[c_saIni].ahIcvPadLen := f_getIcvPadLen(vc_sad[c_saIni].ahIntegrityAlgo); } // copy data to SA of responder f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],p_protocolId); // set key values v_ret := f_setKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); v_ret := f_setChildKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],p_protocolId); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); if (v_ret != e_success) { return v_ret;} return v_ret; } // end f_sndAuthReqAndWaitForRsp_forAh } // end f_sndAuthReqAndWaitForRsp } // end establishSAFns_active Loading Loading @@ -2139,7 +2116,7 @@ group establishSAFns_passive { f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); // set key values v_ret := f_setKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); v_ret := f_setChildKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); Loading @@ -2159,7 +2136,7 @@ group establishSAFns_passive { f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); // set key values v_ret := f_setKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); v_ret := f_setChildKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); Loading Loading
ttcn3/EtsiLibrary/LibIpv6/LibCommonRfcs/LibIpv6_CommonRfcs_Functions.ttcn +6 −5 Original line number Diff line number Diff line Loading @@ -349,7 +349,7 @@ group ipSecFns { } //in units of octets function f_getIntegrKeyLen( in IntegrityAlgo p_integrityAlgo) function f_getIntegrKeyLen( in template IntegrityAlgo p_integrityAlgo) return UInt8 { if(p_integrityAlgo == e_auth_hmacMd5_96){ Loading Loading @@ -495,6 +495,7 @@ group ipSecFns { } else if(p_encryptionAlgo == e_encr_null) { v_keyLen := 0; return ''O; } else { log("**** f_getIvLen: Error: Unknown encryption algorithm ****"); Loading Loading @@ -552,7 +553,7 @@ group ipSecFns { } //in units of octets function f_getIntegrBlockSize(IntegrityAlgo p_integrityAlgo) function f_getIntegrBlockSize(in template IntegrityAlgo p_integrityAlgo) runs on LibIpv6Node return UInt8 { Loading Loading @@ -740,7 +741,7 @@ group ipSecFns { //TODO v_ahIntegrBlockSize // SAD for ESP and AH Tests vc_sad[0] := { vc_sad[c_saIni] := { spi := PX_SPI/*f_createSpi()*/, seqNr := c_uInt32Zero, // AH Integrity Loading Loading @@ -770,7 +771,7 @@ group ipSecFns { trafficSelector:= omit } vc_sad[0] := { vc_sad[c_saRes] := { spi := PX_SPI/*f_createSpi()*/, seqNr := c_uInt32Zero, // AH Integrity Loading
ttcn3/EtsiLibrary/LibIpv6/LibMultiRfcs/LibIpv6_MultiRfcs_Functions.ttcn +11 −11 Original line number Diff line number Diff line Loading @@ -335,7 +335,7 @@ group IcmpAndEspFns { var FncRetCode v_ret := e_error; var EchoReply v_msg; if (vc_sad[0].ipSecProtocolMode == e_transportMode) { if (vc_sad[c_saRes].ipSecProtocolMode == e_transportMode) { v_ret := f_sendEchoRequest ( m_echoRequest_esp ( Loading @@ -344,8 +344,8 @@ group IcmpAndEspFns { p_paramsIut.gla, m_extHdrList_1Elem ( m_extHdr_espHeader( vc_sad[0].spi, vc_sad[0].seqNr, vc_sad[c_saRes].spi, vc_sad[c_saRes].seqNr, m_espIpDatagram( omit, m_ipv6Payload_echoRequestMsg( Loading @@ -355,7 +355,7 @@ group IcmpAndEspFns { c_icmpHdr)) ) ); //increment SA-based seqNr vc_sad[0].seqNr := vc_sad[0].seqNr + 1; vc_sad[c_saRes].seqNr := vc_sad[c_saRes].seqNr + 1; if (v_ret != e_success) {return v_ret;} tc_ac.start; Loading @@ -367,7 +367,7 @@ group IcmpAndEspFns { p_paramsTn.gla, m_extHdrList_1Elem ( mw_extHdr_espHeader( vc_sad[0].spi, vc_sad[c_saIni].spi, ?, m_espIpDatagram( omit, Loading @@ -379,7 +379,7 @@ group IcmpAndEspFns { )) -> value v_msg { tc_ac.stop; //Save seqNr of IN SAD vc_sad[0].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; vc_sad[c_saIni].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; v_ret := e_success; } [] tc_ac.timeout{ Loading @@ -396,8 +396,8 @@ group IcmpAndEspFns { p_paramsTunnelEnd.gla, m_extHdrList_1Elem ( m_extHdr_espHeader( vc_sad[0].spi, vc_sad[0].seqNr, vc_sad[c_saRes].spi, vc_sad[c_saRes].seqNr, m_espIpDatagram( m_extHdrList_1Elem( m_extHdr_tunneledHeader ( Loading @@ -411,7 +411,7 @@ group IcmpAndEspFns { c_tunneledIpHdr)) ) ); //increment SA-based seqNr vc_sad[0].seqNr := vc_sad[0].seqNr + 1; vc_sad[c_saRes].seqNr := vc_sad[c_saRes].seqNr + 1; if (v_ret != e_success) {return v_ret;} tc_ac.start; Loading @@ -423,7 +423,7 @@ group IcmpAndEspFns { p_paramsTunnelStart.gla, mw_extHdrList_1Elem_superSet ( mw_extHdr_espHeader( vc_sad[0].spi, vc_sad[c_saIni].spi, ?, m_espIpDatagram( m_extHdrList_1Elem( Loading @@ -439,7 +439,7 @@ group IcmpAndEspFns { )) -> value v_msg { tc_ac.stop; //Save seqNr of IN SAD vc_sad[0].seqNr := v_msg.extHdrList[0].espHeader.seqNbr; vc_sad[c_saIni].seqNr := v_msg.extHdrList[c_saIni].espHeader.seqNbr; v_ret := e_success; } [] tc_ac.timeout{ Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +70 −93 Original line number Diff line number Diff line Loading @@ -423,19 +423,19 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_calculateAUTH /* * @desc Function that sets the key values in vc_sad * @desc Function that sets the key values in vc_sad for CHILDSA * @param p_ikeSa data of negotiated IKE SA * @param p_sa data of negotiated ESP or AH SA, key values will be set by this function * @param p_protocolId ESP or AH */ function f_setKeys(in IkeSa p_ikeSad, inout Sa p_sadIni, inout Sa p_sadRes, in UInt8 p_protocolId) function f_setChildKeys(in IkeSa p_ikeSad, inout Sa p_sadIni, inout Sa p_sadRes, in UInt8 p_protocolId) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var EncIntKeys v_encIntKeys; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_setKeys: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); { log("**** f_setChildKeys: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} if (p_protocolId == c_protocolEsp) Loading Loading @@ -466,7 +466,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { } return v_ret } // end f_setKeys } // end f_setChildKeys /* * @desc Function that copies data from one Sad to another Loading Loading @@ -1989,17 +1989,22 @@ group establishSAFns_active { } // end f_sndSaInitReqAndWaitForRsp function f_sndAuthReqAndWaitForRsp_forEsp( function f_sndAuthReqAndWaitForRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut template Ipv6Address p_addrIut, in UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_sndAuthReqAndWaitForRsp: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} v_ret := f_createAndSendAuthReq( p_addrTn, p_addrIut, c_protocolId_esp p_protocolId ); if (v_ret != e_success) { return v_ret;} Loading @@ -2007,6 +2012,7 @@ group establishSAFns_active { v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); if (v_ret != e_success) { return v_ret;} if (p_protocolId == c_protocolEsp) { //fill keyLen vc_sad[c_saIni].espEncrKeyLen := f_getEncrKeyLen(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espIntegrKeyLen := f_getIntegrKeyLen(vc_sad[c_saIni].espIntegrityAlgo); Loading @@ -2015,58 +2021,29 @@ group establishSAFns_active { vc_sad[c_saIni].espIv := f_getIv(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espEncrBlockSize := f_getEncrBlockSize(vc_sad[c_saIni].espEncryptionAlgo); vc_sad[c_saIni].espIntegrBlockSize := f_getIntegrBlockSize(vc_sad[c_saIni].espIntegrityAlgo); // copy data to SA of responder f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); // set key values v_ret := f_setKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); return v_ret; } // end f_sndAuthReqAndWaitForRsp_forEsp function f_sndAuthReqAndWaitForRsp_forAh( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; v_ret := f_createAndSendAuthReq( p_addrTn, p_addrIut, c_protocolId_ah ); if (v_ret != e_success) { return v_ret;} // wait for IKE_AUTH response v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); if (v_ret != e_success) { return v_ret;} } //AH else { //fill keyLen vc_sad[c_saIni].ahIntegrKeyLen := f_getIntegrKeyLen(vc_sad[c_saIni].ahIntegrityAlgo); //fill icv and pad length vc_sad[c_saIni].ahIcvLen := f_getIcvLen(vc_sad[c_saIni].ahIntegrityAlgo); vc_sad[c_saIni].ahIcvPadLen := f_getIcvPadLen(vc_sad[c_saIni].ahIntegrityAlgo); } // copy data to SA of responder f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],p_protocolId); // set key values v_ret := f_setKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); v_ret := f_setChildKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],p_protocolId); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); if (v_ret != e_success) { return v_ret;} return v_ret; } // end f_sndAuthReqAndWaitForRsp_forAh } // end f_sndAuthReqAndWaitForRsp } // end establishSAFns_active Loading Loading @@ -2139,7 +2116,7 @@ group establishSAFns_passive { f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); // set key values v_ret := f_setKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); v_ret := f_setChildKeys(vc_ikeSad[0],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_esp); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); Loading @@ -2159,7 +2136,7 @@ group establishSAFns_passive { f_copySecurityData(vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); // set key values v_ret := f_setKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); v_ret := f_setChildKeys(vc_ikeSad[c_saIni],vc_sad[c_saIni],vc_sad[c_saRes],c_protocolId_ah); if (v_ret != e_success) { return v_ret;} v_ret := fx_setSecurityParameters(vc_sad); Loading
