Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +156 −101 Original line number Diff line number Diff line Loading @@ -433,6 +433,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading @@ -458,15 +459,16 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); v_ret := e_error;} // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, Loading @@ -474,49 +476,55 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.encryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunction; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} v_ret := e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } Loading @@ -542,6 +550,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -571,30 +580,34 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Identification payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_idInitiatorPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_idInitiatorPL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].iDi := v_ikePayload.idInitiator.data; } else { log("**** f_waitForAurhreq: ERROR: No Identification payload in payload list **** "); } { log("**** f_waitForAurhreq: ERROR: No Identification payload in payload list **** "); v_ret := e_error;} // get Traffic selector initiator payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector initiator payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector initiator payload in payload list **** "); v_ret := e_error;} // get Traffic selector responder payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector responder payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector responder payload in payload list **** "); v_ret := e_error;} // get Authentication payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Authentication payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Authentication payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) { v_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId; // put data from first proposal into vc_Sad Loading @@ -603,36 +616,48 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_protocolId == c_protocolEsp) { // store encryption algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].espEncryptionAlgo := v_saTransform.transformId.encryptionAlgo; } else { log("**** f_waitForIkeAuthtreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store optional ESP integrity algorithm, if present v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret_local == e_success) {vc_sad[c_saIn].espIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeAuthtreq: WARINING: No ESP integrity algorithm transform in 1st proposal of Security Association payload **** ") } } if (v_protocolId == c_protocolAh) { // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, // store AH integrity algorithm v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].ahIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeAuthtreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No AH integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } // store extended sequence numbers v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEsn,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].extentedSequenceNumbers := v_saTransform.transformId.extentedSequenceNumbers; } else { log("**** f_waitForIkeAuthtreq: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthreq: ERROR: No Security Association payload in payload list **** "); } { log("**** f_waitForIkeAuthreq: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } [] tc_wait.timeout Loading Loading @@ -662,6 +687,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -689,72 +715,79 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].nR := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitres: ERROR: No Nonce payload in payload list **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Nonce payload in payload list **** "); v_ret := e_error;} // get and check Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret_local == e_success) { if (vc_ikeSad[0].diffieHellmanGroup != v_ikePayload.keyExchange.dhGroup) { v_ret := e_error; log("**** f_waitForIkeSaInitres: ERROR: Key Exchange payload indicates wrong Diffie-Hellman group **** "); } } else { log("**** f_waitForIkeSaInitres: ERROR: No Key Exchange payload in payload list **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Key Exchange payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) // put data from first proposal into vc_ikeSad // check encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikeEncryptionAlgo != v_saTransform.transformId.encryptionAlgo) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong encryption algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikePseudoRandomFunction != v_saTransform.transformId.pseudoRandomFunction) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong pseudo random function **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikeIntegrityAlgo != v_saTransform.transformId.integAlgorithms) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong integrity algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong Diffie-Hellman group **** "); return e_error;}} v_ret := e_error;}} else { log("**** f_waitForIkeSaInitres: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitres: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } Loading @@ -768,7 +801,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } //end f_waitForIkeSaInitreq } //end f_waitForIkeSaInitres /* * @desc Test Node waits for IKE_AUTH response Loading @@ -780,6 +813,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -809,30 +843,34 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Identification payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_idResponderPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_idResponderPL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].iDr := v_ikePayload.idInitiator.data; } else { log("**** f_waitForAurhres: ERROR: No Identification payload in payload list **** "); } { log("**** f_waitForAurhres: ERROR: No Identification payload in payload list **** "); v_ret := e_error;} // get Traffic selector initiator payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector initiator payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector initiator payload in payload list **** "); v_ret := e_error;} // get Traffic selector responder payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector responder payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector responder payload in payload list **** "); v_ret := e_error;} // get Authentication payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Authentication payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Authentication payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) { v_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId; // put data from first proposal into vc_Sad Loading @@ -841,45 +879,62 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_protocolId == c_protocolEsp) { // check encryption algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_sad[c_saIn].espEncryptionAlgo != v_saTransform.transformId.encryptionAlgo) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong encryption algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check optional ESP integrity algorithm, if present if (ispresent(vc_sad[c_saIn].espIntegrityAlgo)) {v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret_local == e_success) { if(vc_sad[c_saIn].espIntegrityAlgo != v_saTransform.transformId.integAlgorithms) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong ESP integrity algorithm **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No ESP integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;}} } if (v_protocolId == c_protocolAh) { // check integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, // check AH integrity algorithm v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if(vc_sad[c_saIn].ahIntegrityAlgo != v_saTransform.transformId.integAlgorithms) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong integrity algorithm **** "); return e_error;} {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong AH integrity algorithm **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No AH integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } // check extended sequence numbers v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEsn,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_sad[c_saIn].extentedSequenceNumbers != v_saTransform.transformId.extentedSequenceNumbers) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong extented sequence numbers **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthres: ERROR: No Security Association payload in payload list **** "); } { log("**** f_waitForIkeAuthres: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } [] tc_wait.timeout Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_TypesAndValues.ttcn +1 −1 Original line number Diff line number Diff line Loading @@ -1038,7 +1038,7 @@ UInt icvPadLen, EncryptionAlgo espEncryptionAlgo, octetstring espEncryptionKey, IntegrityAlgo espIntegrityAlgo, IntegrityAlgo espIntegrityAlgo optional, octetstring espIntegrityKey, CombinedModeAlgo espCombinedModeAlgo, octetstring espCombinedModeKey, Loading Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +156 −101 Original line number Diff line number Diff line Loading @@ -433,6 +433,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading @@ -458,15 +459,16 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].nI := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Nonce payload in payload list **** "); v_ret := e_error;} // get Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].diffieHellmanGroup := v_ikePayload.keyExchange.dhGroup; // calculate shared Diffie-Hellman secret vc_ikeSad[0].diffieHellmanSharedSecret := fx_dHSharedSecret(vc_ikeSad[0].diffieHellmanGroup, Loading @@ -474,49 +476,55 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayload.keyExchange.data); } else { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Key Exchange payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) // put data from first proposal into vc_ikeSad // store encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikeEncryptionAlgo := v_saTransform.transformId.encryptionAlgo; } else { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikePseudoRandomFunction := v_saTransform.transformId.pseudoRandomFunction; } else { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_ikeSad[0].ikeIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitreq: ERROR: Diffie-Hellman transform carries value different to value from Key Exchange payload **** "); return e_error;}} v_ret := e_error;}} else { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitreq: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitreq: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } Loading @@ -542,6 +550,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -571,30 +580,34 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Identification payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_idInitiatorPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_idInitiatorPL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].iDi := v_ikePayload.idInitiator.data; } else { log("**** f_waitForAurhreq: ERROR: No Identification payload in payload list **** "); } { log("**** f_waitForAurhreq: ERROR: No Identification payload in payload list **** "); v_ret := e_error;} // get Traffic selector initiator payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector initiator payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector initiator payload in payload list **** "); v_ret := e_error;} // get Traffic selector responder payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector responder payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Traffic selector responder payload in payload list **** "); v_ret := e_error;} // get Authentication payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Authentication payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthreq: ERROR: No Authentication payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) { v_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId; // put data from first proposal into vc_Sad Loading @@ -603,36 +616,48 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_protocolId == c_protocolEsp) { // store encryption algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].espEncryptionAlgo := v_saTransform.transformId.encryptionAlgo; } else { log("**** f_waitForIkeAuthtreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // store optional ESP integrity algorithm, if present v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret_local == e_success) {vc_sad[c_saIn].espIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeAuthtreq: WARINING: No ESP integrity algorithm transform in 1st proposal of Security Association payload **** ") } } if (v_protocolId == c_protocolAh) { // store integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, // store AH integrity algorithm v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].ahIntegrityAlgo := v_saTransform.transformId.integAlgorithms; } else { log("**** f_waitForIkeAuthtreq: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No AH integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } // store extended sequence numbers v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEsn,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {vc_sad[c_saIn].extentedSequenceNumbers := v_saTransform.transformId.extentedSequenceNumbers; } else { log("**** f_waitForIkeAuthtreq: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtreq: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthreq: ERROR: No Security Association payload in payload list **** "); } { log("**** f_waitForIkeAuthreq: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } [] tc_wait.timeout Loading Loading @@ -662,6 +687,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -689,72 +715,79 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList; // get Nonce payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_noncePL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].nR := v_ikePayload.nonce.data; } else { log("**** f_waitForIkeSaInitres: ERROR: No Nonce payload in payload list **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Nonce payload in payload list **** "); v_ret := e_error;} // get and check Key exchange payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_keyExchangePL,v_ikePayload); if (v_ret_local == e_success) { if (vc_ikeSad[0].diffieHellmanGroup != v_ikePayload.keyExchange.dhGroup) { v_ret := e_error; log("**** f_waitForIkeSaInitres: ERROR: Key Exchange payload indicates wrong Diffie-Hellman group **** "); } } else { log("**** f_waitForIkeSaInitres: ERROR: No Key Exchange payload in payload list **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Key Exchange payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) // put data from first proposal into vc_ikeSad // check encryption algorithm { v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikeEncryptionAlgo != v_saTransform.transformId.encryptionAlgo) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong encryption algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check pseudo random function v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypePrf,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikePseudoRandomFunction != v_saTransform.transformId.pseudoRandomFunction) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong pseudo random function **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No pseudo random function transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_ikeSad[0].ikeIntegrityAlgo != v_saTransform.transformId.integAlgorithms) { log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong integrity algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check Diffie-Hellman group v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeDh,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) {if(vc_ikeSad[0].diffieHellmanGroup != v_saTransform.transformId.diffieHellman) {log("**** f_waitForIkeSaInitres: ERROR: Security Association payload indicates wrong Diffie-Hellman group **** "); return e_error;}} v_ret := e_error;}} else { log("**** f_waitForIkeSaInitres: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeSaInitres: ERROR: No Diffie-Hellman transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeSaInitres: ERROR: No Security Association payload in payload list **** ") } { log("**** f_waitForIkeSaInitres: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } Loading @@ -768,7 +801,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } //end f_waitForIkeSaInitreq } //end f_waitForIkeSaInitres /* * @desc Test Node waits for IKE_AUTH response Loading @@ -780,6 +813,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret; var FncRetCode v_ret_local; var Ipv6Packet v_ipv6Packet; // next payload from IKE header var UInt8 v_nextPayload; Loading Loading @@ -809,30 +843,34 @@ module LibIpv6_Rfc4306Ikev2_Functions { v_ikePayloadList := v_ipv6Packet.ipv6Payload.ikeMsg.payloadList[0].encrypted.payloadList; // get Identification payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_idResponderPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_idResponderPL,v_ikePayload); if (v_ret_local == e_success) { vc_ikeSad[0].iDr := v_ikePayload.idInitiator.data; } else { log("**** f_waitForAurhres: ERROR: No Identification payload in payload list **** "); } { log("**** f_waitForAurhres: ERROR: No Identification payload in payload list **** "); v_ret := e_error;} // get Traffic selector initiator payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector initiator payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsInitiatorPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector initiator payload in payload list **** "); v_ret := e_error;} // get Traffic selector responder payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector responder payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_tsResponderPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Traffic selector responder payload in payload list **** "); v_ret := e_error;} // get Authentication payload data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Authentication payload in payload list **** "); } v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_authenticationPL,v_ikePayload); if (v_ret_local == e_error) { log("**** f_waitForIkeAuthres: ERROR: No Authentication payload in payload list **** "); v_ret := e_error;} // get Security Association payload proposal data v_ret := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret == e_success) v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload); if (v_ret_local == e_success) { v_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId; // put data from first proposal into vc_Sad Loading @@ -841,45 +879,62 @@ module LibIpv6_Rfc4306Ikev2_Functions { if (v_protocolId == c_protocolEsp) { // check encryption algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEncr,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_sad[c_saIn].espEncryptionAlgo != v_saTransform.transformId.encryptionAlgo) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong encryption algorithm **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No encryption algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} // check optional ESP integrity algorithm, if present if (ispresent(vc_sad[c_saIn].espIntegrityAlgo)) {v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret_local == e_success) { if(vc_sad[c_saIn].espIntegrityAlgo != v_saTransform.transformId.integAlgorithms) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong ESP integrity algorithm **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No ESP integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;}} } if (v_protocolId == c_protocolAh) { // check integrity algorithm v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, // check AH integrity algorithm v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeInteg,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if(vc_sad[c_saIn].ahIntegrityAlgo != v_saTransform.transformId.integAlgorithms) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong integrity algorithm **** "); return e_error;} {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong AH integrity algorithm **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No integrity algorithm transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No AH integrity algorithm transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } // check extended sequence numbers v_ret := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList, c_transformTypeEsn,v_saTransform); if (v_ret == e_success) if (v_ret_local == e_success) { if (vc_sad[c_saIn].extentedSequenceNumbers != v_saTransform.transformId.extentedSequenceNumbers) {log("**** f_waitForIkeAuthres: ERROR: Security Association payload indicates wrong extented sequence numbers **** "); return e_error;} v_ret := e_error;} } else { log("**** f_waitForIkeAuthtres: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); } { log("**** f_waitForIkeAuthtres: ERROR: No extended sequence numbers transform in 1st proposal of Security Association payload **** "); v_ret := e_error;} } else { log("**** f_waitForIkeAuthres: ERROR: No Security Association payload in payload list **** "); } { log("**** f_waitForIkeAuthres: ERROR: No Security Association payload in payload list **** "); v_ret := e_error;} } [] tc_wait.timeout Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_TypesAndValues.ttcn +1 −1 Original line number Diff line number Diff line Loading @@ -1038,7 +1038,7 @@ UInt icvPadLen, EncryptionAlgo espEncryptionAlgo, octetstring espEncryptionKey, IntegrityAlgo espIntegrityAlgo, IntegrityAlgo espIntegrityAlgo optional, octetstring espIntegrityKey, CombinedModeAlgo espCombinedModeAlgo, octetstring espCombinedModeKey, Loading
