Work on passive establishment of SAs

		} // end alt

		return v_ret;

	} //end f_waitForIkeSaInitReq

	/*

	 * @desc  Test Node analyzes IKE_AUTH request

 	 * @param p_ipv6Packet complete IPv6 packet

	*/

	function f_analyzeIkeAuthReq(in template Ipv6Packet p_ipv6Packet)

	function f_analyzeIkeAuthReq(in template Ipv6Packet p_ipv6Packet, out UInt8 p_protocolId)

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret;

		// list of payloads

		var IkePayloadList v_ikePayloadList;

		var IkePayload v_ikePayload;

		// SA protoocol ID

		var UInt8 v_protocolId;

		// transform

		var SaTransform v_saTransform;

		v_ret_local := f_getPayload(v_ikePayloadList,v_nextPayload,c_saPL,v_ikePayload);

		if (v_ret_local == e_success)

		{ 	

			v_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId;

			p_protocolId := v_ikePayload.securityAssociation.saProposalList[0].protocolId;

			// put data from first proposal into vc_Sad

			vc_sad[c_saIn].spi := oct2int(v_ikePayload.securityAssociation.saProposalList[0].spi);

			if (v_protocolId == c_protocolEsp)

			if (p_protocolId == c_protocolEsp)

			{

				// store encryption algorithm

				v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList,

				{ log("**** f_analyzeIkeAuthReq: WARNING: No ESP integrity algorithm transform in 1st proposal of Security Association payload **** ") }

			}

			if (v_protocolId == c_protocolAh)

			if (p_protocolId == c_protocolAh)

			{

				// store AH integrity algorithm

			 	v_ret_local := f_getTransformOfType(v_ikePayload.securityAssociation.saProposalList,

		  v_ret := e_error;}

		return v_ret;

	} //end f_analyzeIkeAuthReq

	/*

	 * @param p_dst address of test node

	*/

	function f_waitForIkeAuthReq(	in template Ipv6Address p_src,

									in template Ipv6Address p_dst)

									in template Ipv6Address p_dst,

									out UInt8 p_protocolId)

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret;

		var Ipv6Packet v_ipv6Packet;

		var UInt8 v_protocolId;

		tc_wait.start;

		alt {

				{

					tc_wait.stop;

					vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1;

					v_ret := f_analyzeIkeAuthReq(v_ipv6Packet);

					v_ret := f_analyzeIkeAuthReq(v_ipv6Packet,v_protocolId);

					p_protocolId := v_protocolId;

					vc_sad[c_saIn].ipSecProtocolMode := e_transportMode;

				}

				{

					tc_wait.stop;

					vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1;

					v_ret := f_analyzeIkeAuthReq(v_ipv6Packet);

					v_ret := f_analyzeIkeAuthReq(v_ipv6Packet,v_protocolId);

					p_protocolId := v_protocolId;

					vc_sad[c_saIn].ipSecProtocolMode := e_tunnelMode;

				}

		} // end alt

		return v_ret;

	} //end f_waitForIkeAuthReq

	} // end group receiveRequests

		} // end alt

		return v_ret;

	} //end f_waitForIkeSaInitRsp

	/*

		  v_ret := e_error;}

		return v_ret;

	} // End f_analyzeIkeAuthRsp

	/*

		} // end alt

		return v_ret;

	} //end f_waitForIkeAuthRsp

	} // end group receiveResponses

		if (v_ret != e_success) { return v_ret;}

		return v_ret;

	}

	} //end f_createAndSendIkeSaInitReq

	function f_sendIkeSaInitReq(in template IkeSaInitRequest p_ikeSaInitRequest)

	runs on LibIpv6Node

			return e_error;

		}

		// fill padding field with '00000000'O for UDP port 4500

		if(vc_ikeSad[0].udpTnPort == c_udpPort4500) {

			v_ipPkt.ipv6Payload.ikeMsg.padding := c_4ZeroBytes;

		}

		//send

		ipPort.send(v_ipPkt);

		vc_ikeSad[0].ikePayloadList := v_ipPkt.ipv6Payload.ikeMsg.payloadList;

		return e_success;

	} // end f_createAndSendIkeSaInitReq

	} // end f_sendIkeSaInitReq

	function f_createAndSendAuthReq(

		template Ipv6Address p_addrTn,

		if (v_ret != e_success) { return v_ret;}

		return v_ret ;

	}//end f_createAndSendAuthReq

	function f_sendIkeAuthReq(in template IkeAuthRequest p_ikeAuthRequest)

			return e_error;

		}

		// fill padding field with '00000000'O for UDP port 4500

		if(vc_ikeSad[0].udpTnPort == c_udpPort4500) {

			v_ipPkt.ipv6Payload.ikeMsg.padding := c_4ZeroBytes;

		}

		//send

		ipPort.send(v_ipPkt);

		return e_success;

	} // end f_sendIkeAuthReq

} // end group sendRequests

group sendResponses {

	function f_sendIkeSaInitRsp(in template IkeSaInitResponse p_IkeSaInitres)

	function f_createAndSendSaInitRsp(

		template Ipv6Address p_addrTn,

		template Ipv6Address p_addrIut

	)

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret := e_error;

		var SaTransform v_saTransformEncr := valueof (

			m_saTransform (

				c_moreTransform,

				c_transformTypeEncr,

				m_transformId_encr(vc_ikeSad[0].ikeEncryptionAlgo),

				omit

			)

		);

		//add key len if a variable key len is stored in IkeSa

		if(ispresent(vc_ikeSad[0].ikeEncrKeyLen)) {

			v_saTransformEncr.saTransformAttributeList := valueof(

				m_saTransformAttributeList_1Elem(

					m_saTransformAttribute(vc_ikeSad[0].ikeEncrKeyLen)

				)

			);

		}

		v_ret := f_sendIkeSaInitRsp (

			m_ikeSaInitRsp (

				p_addrTn,

				p_addrIut,

				PX_UDP_PORT_HS02,

				PX_UDP_PORT_IUT_1,

				vc_ikeSad[0].spiInitiator,

				vc_ikeSad[0].spiResponder,

				c_saPL,

				vc_ikeSad[0].messageID,

				m_ikePlList_3Elem(

					m_securityAssociationPL(

						c_keyExchangePL,

						m_saProposalIke(

							c_lastProposal,

							c_proposalNr1,

							c_protocolId_ike,

							c_spiSize0,

							c_4Transforms,

							omit,//spiInitiator

							m_saTransformList_4Elem (

								v_saTransformEncr,

								m_saTransform (

									c_moreTransform,

									c_transformTypeInteg,

									m_transformId_integ(vc_ikeSad[0].ikeIntegrityAlgo),

									omit//Attribute

								),

								m_saTransform (

									c_moreTransform,

									c_transformTypePrf,

									m_transformId_prf(vc_ikeSad[0].ikePseudoRandomFunction),

									omit//Attribute

								),

								m_saTransform (

									c_lastTransform,

									c_transformTypeDh,

									m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup),

									omit//Attribute

								)

							)

						)

					),

					m_keyExchangePL (

						c_noncePL,

						vc_ikeSad[0].diffieHellmanGroup,

						fx_dHKeyToSend( 

							vc_ikeSad[0].diffieHellmanGroup,

							vc_ikeSad[0].diffieHellmanPrivKey

						) 

					),

					m_noncePL (	

						c_noNextPL,

						vc_ikeSad[0].nR

					)

				)

			)

		);

		if (v_ret != e_success) { return v_ret;}

		return v_ret;

	} //end f_createAndSendIkeSaInitRsp

	function f_sendIkeSaInitRsp(in template IkeSaInitResponse p_IkeSaInitRsp)

	runs on LibIpv6Node

	return FncRetCode {

		var IkeSaInitResponse v_ipPkt;

		v_ipPkt := valueof(p_IkeSaInitres);

		v_ipPkt := valueof(p_IkeSaInitRsp);

		if(f_setExtensionHeaders(v_ipPkt) != e_success) {

			log(" **** f_sendIkeSaInitRsp: Error when calculating length ****");

			return e_error;

		}

		// fill padding field with '00000000'O for UDP port 4500

		if(vc_ikeSad[0].udpTnPort == c_udpPort4500) {

			v_ipPkt.ipv6Payload.ikeMsg.padding := c_4ZeroBytes;

		}

		//send

		ipPort.send(v_ipPkt);

		return e_success;

		// Save IKEv2 header and payload list in ikeSad for later use in AUTH calculation

		vc_ikeSad[0].ikev2Header := v_ipPkt.ipv6Payload.ikeMsg.ikev2Header;

		vc_ikeSad[0].ikePayloadList := v_ipPkt.ipv6Payload.ikeMsg.payloadList;

		return e_success;

	} // end f_sendIkeSaInitRsp

	function f_createAndSendAuthRsp(

		template Ipv6Address p_addrTn,

		template Ipv6Address p_addrIut,

		UInt8 p_protocolId

	)

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret := e_error;

		var SaTransform v_saTransformEncr := valueof (

			m_saTransform (

				c_moreTransform,

				c_transformTypeEncr,

				m_transformId_encr(vc_sad[c_saIn].espEncryptionAlgo),

				omit

			)

		);

		if(	vc_sad[c_saIn].espEncryptionAlgo == e_encr_cast

			or vc_sad[c_saIn].espEncryptionAlgo == e_encr_blowfish

			or vc_sad[c_saIn].espEncryptionAlgo == e_encr_aesCbc

			or vc_sad[c_saIn].espEncryptionAlgo == e_encr_aesCtr) {

			v_ret := f_getEncrKeyLen(vc_sad[c_saIn].espEncryptionAlgo, vc_sad[c_saIn].espEncrKeyLen);

			if (v_ret != e_success) { return v_ret;}

			v_saTransformEncr.saTransformAttributeList := valueof(

				m_saTransformAttributeList_1Elem(

					m_saTransformAttribute(vc_sad[c_saIn].espEncrKeyLen)

				)

			);

		}

		v_ret := f_sendIkeAuthRsp (

			m_ikeAuthRsp (

				p_addrIut,

				p_addrTn,

				PX_UDP_PORT_IUT_1,

				PX_UDP_PORT_HS02,

				vc_ikeSad[0].spiInitiator,

				vc_ikeSad[0].spiResponder,

				c_encryptedPL,

				vc_ikeSad[0].messageID,

				m_ikePlList_1Elem(

					m_encryptedPL(

						c_notifyPL,

						m_ikePlList_6Elem(

							m_notifyPL(

								c_idInitiatorPL, 

								0, //c_protocolId_none, 

								c_notifyUseTransportMode

							),							

							m_idInitiatorPL (	

								c_authenticationPL,

								p_addrTn

							),

							m_authPL (	

								c_saPL,

								f_calculateAUTH(vc_ikeSad[0],c_initiator)

							),

							m_securityAssociationPL(

								c_tsInitiatorPL,

								m_saProposalIke(

									c_lastProposal,

									c_proposalNr1,

									c_protocolId_esp,

									c_spiSize4,

									c_2Transforms,

									int2oct(vc_sad[c_saIn].spi,c_spiSize4),

									m_saTransformList_2Elem (

										v_saTransformEncr,

										m_saTransform (

											c_lastTransform,

											c_transformTypeInteg,

											m_transformId_integ(vc_sad[c_saIn].espIntegrityAlgo),

											omit//Attribute

										)

									)

								)

							),

							m_tsInitiatorPL(

								c_tsResponderPL,

								m_trafficSelectorList_1Elem (

									m_icmpv6Ts(

										oct2int(int2oct(c_echoRequestMsg,2) & int2oct(c_icmpCode0,2)),

										oct2int(int2oct(c_echoRequestMsg,2) & int2oct(c_icmpCode0,2)),

										p_addrTn,

										p_addrTn

									)

								)

							),

							m_tsResponderPL(

								c_noNextPL,

								m_trafficSelectorList_1Elem (

									m_icmpv6Ts(

										oct2int(int2oct(c_echoRequestMsg,2) & int2oct(c_icmpCode0,2)),

										oct2int(int2oct(c_echoRequestMsg,2) & int2oct(c_icmpCode0,2)),

										p_addrIut,

										p_addrIut

									)

								)

							)	

						)

					)

				)

			)

		);

		if (v_ret != e_success) { return v_ret;}

		return v_ret ;

	}//end f_createAndSendAuthRsp

	function f_sendIkeAuthRsp(in template IkeAuthResponse p_IkeAuthRsp)

	runs on LibIpv6Node

	return FncRetCode {

		var IkeSaInitResponse v_ipPkt;

		v_ipPkt := valueof(p_IkeAuthRsp);

		if(f_setExtensionHeaders(v_ipPkt) != e_success) {

			log(" **** f_sendIkeAuthRsp: Error when calculating length ****");

			return e_error;

		}

		// fill padding field with '00000000'O for UDP port 4500

		if(vc_ikeSad[0].udpTnPort == c_udpPort4500) {

			v_ipPkt.ipv6Payload.ikeMsg.padding := c_4ZeroBytes;

		}

		//send

		ipPort.send(v_ipPkt);

		return e_success;

	} // end f_sendIkeAuthRsp

} // end group sendResponses

group establishSAFns_active {

	return FncRetCode {

		var FncRetCode v_ret := e_error;

		if (vc_sad[c_saOut].ipSecProtocolMode == e_transportMode) {

		v_ret := f_waitForIkeSaInitReq(p_addrIut,p_addrTn);

		if(v_ret != e_success) { return v_ret;}

			var SaTransform v_saTransformEncr := valueof (

				m_saTransform (

					c_moreTransform,

					c_transformTypeEncr,

					m_transformId_encr(vc_ikeSad[0].ikeEncryptionAlgo),

					omit

				)

			);

			//add key len if a variable key len is stored in IkeSa

			if(ispresent(vc_ikeSad[0].ikeEncrKeyLen)) {

				v_saTransformEncr.saTransformAttributeList := valueof(

					m_saTransformAttributeList_1Elem(

						m_saTransformAttribute(vc_ikeSad[0].ikeEncrKeyLen)

					)

				);

			}

			v_ret := f_sendIkeSaInitRsp (

				m_ikeSaInitRsp (

					p_addrTn,

					p_addrIut,

					PX_UDP_PORT_HS02,

					PX_UDP_PORT_IUT_1,

					vc_ikeSad[0].spiInitiator,

					vc_ikeSad[0].spiResponder,

					c_saPL,

					vc_ikeSad[0].messageID,

					m_ikePlList_3Elem(

						m_securityAssociationPL(

							c_keyExchangePL,

							m_saProposalIke(

								c_lastProposal,

								c_proposalNr1,

								c_protocolId_ike,

								c_spiSize0,

								c_4Transforms,

								omit,//spiInitiator

								m_saTransformList_4Elem (

									v_saTransformEncr,

									m_saTransform (

										c_moreTransform,

										c_transformTypeInteg,

										m_transformId_integ(vc_ikeSad[0].ikeIntegrityAlgo),

										omit//Attribute

									),

									m_saTransform (

										c_moreTransform,

										c_transformTypePrf,

										m_transformId_prf(vc_ikeSad[0].ikePseudoRandomFunction),

										omit//Attribute

									),

									m_saTransform (

										c_lastTransform,

										c_transformTypeDh,

										m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup),

										omit//Attribute

									)

								)

							)

						),

						m_keyExchangePL (

							c_noncePL,

							vc_ikeSad[0].diffieHellmanGroup,

							fx_dHKeyToSend( 

								vc_ikeSad[0].diffieHellmanGroup,

								vc_ikeSad[0].diffieHellmanPrivKey

							) 

						),

						m_noncePL (	

							c_noNextPL,

							vc_ikeSad[0].nR

						)

					)

				)

			);

		}

		else {

		//TODO tunnel mode	

		}

		v_ret := f_createAndSendSaInitRsp(p_addrTn,p_addrIut);

		if(v_ret != e_success) { return v_ret;}

		//fill keyLen

		// if the variable key length is not been used, then

	}//end f_rcvSaInitReqAndRsp

	function f_rcvAuthReqAndRsp(

		template Ipv6Address p_addrTn,

		template Ipv6Address p_addrIut

	)

	runs on LibIpv6Node

	return FncRetCode {

		var FncRetCode v_ret := e_error;

		var UInt8 v_protocolId;

		v_ret := f_waitForIkeAuthReq(p_addrIut,p_addrTn,v_protocolId);

		if(v_ret != e_success) { return v_ret;}

		v_ret := f_createAndSendAuthRsp(p_addrTn,p_addrIut,v_protocolId);

		if(v_ret != e_success) { return v_ret;}

		return v_ret;

}//end group establishSAFns_passive

	}//end f_rcvAuthReqAndRsp	

}//end group establishSAFns_passive

} // end module LibIpv6_Rfc4306Ikev2_Functions

				payloadList   := p_ikepayloads

			}}

		}

		template IkeAuthResponse m_ikeAuthRsp (	template Ipv6Address p_src,

												template Ipv6Address p_dst,

												UInt16 p_udpsourcePort,

												UInt16 p_udpdestPort,

												Oct8 p_initiatorSpi,

												Oct8 p_responderSpi,

												UInt8 p_nextPayload,

												UInt32 p_messageID,

												template IkePayloadList p_ikepayloads) := {

			ipv6Hdr :=  mw_ipHdr_nextHdr_srcDst(c_udpHdr, p_src, p_dst),

			extHdrList        := omit,

			ipv6Payload       := { ikeMsg := {

				sourcePort    := p_udpsourcePort, 

				destPort      := p_udpdestPort,

				msgLength     := c_uInt16Zero,																																								

				checksum      := c_2ZeroBytes,

				padding       := omit,

				// IKEv2 Header

				ikev2Header := {

					initiatorSpi  := p_initiatorSpi,

					responderSpi  := p_responderSpi,

					nextPayload   := p_nextPayload,

					majorVersion  := c_ikeMajorVersion2,

					minorVersion  := c_ikeMinorVersion0,

					exchangeType  := c_ikeAuth,

					twoXFlags     := 0,

					rFlag         := c_rFlagResponse,

					vFlag         := c_vFlag,

					iFlag         := c_iFlagResponder,

					threeXFlags   := 0,

					messageID     := p_messageID,

					messageLength := c_uInt32Zero

				},

				// IKEv2 Payloads

				payloadList   := p_ikepayloads

			}}

		}

	}//end group ikeAuthResponseTemplates

	group payLoadListTemplates {