Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +1688 −1215 Original line number Diff line number Diff line Loading @@ -1186,18 +1186,28 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { [] ipPort.receive(mw_createChildSaReq( p_addrIut, [] ipPort.receive(mw_createChildSaReqRekeyIke( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, vc_ikeSad[0].messageID, p_iFlag, mw_encryptedPLL(mw_createChildSaReqRekeyIkePLL))) -> value v_ipv6Packet { tc_wait.stop; vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1; // store new SPI values in vc_ikeSad[1] // Values in vc_ikeSad[0] are still needed to delete original IKE_SA! if (p_iFlag == c_iFlagInitiator) { vc_ikeSad[1].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.ikev2Header.initiatorSpi; vc_ikeSad[1].spiResponder := int2oct((oct2int(vc_ikeSad[0].spiResponder) + 1), 8) } else { vc_ikeSad[1].spiResponder := v_ipv6Packet.ipv6Payload.ikeMsg.ikev2Header.responderSpi; vc_ikeSad[1].spiInitiator := int2oct((oct2int(vc_ikeSad[0].spiInitiator) + 1), 8) } v_ret := f_analyzeCreateChildSaReqRekeyIke(v_ipv6Packet); } Loading @@ -1212,7 +1222,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_waitForCreateChildSaReqRekeyIke /* * @desc Test Node waits for INFORMATIONAL request * @desc Test Node waits for INFORMATIONAL request with specific payload * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder Loading Loading @@ -1253,6 +1263,45 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } // end f_waitForInformationalReq /* * @desc Test Node waits for INFORMATIONAL request with any or no payload * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder */ function f_waitForInformationalReq_Any( template Ipv6Address p_addrIut, template Ipv6Address p_addrTn, UInt1 p_iFlag) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; tc_wait.start; alt { [] ipPort.receive(mw_informationalReq_Any( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, p_iFlag, vc_ikeSad[0].messageID)) { tc_wait.stop; vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1; } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForInformationalReq: ERROR: tc_wait.timeout **** "); } } // end alt return v_ret; } // end f_waitForInformationalReq } // end group receiveRequests group receiveResponses Loading @@ -1260,12 +1309,12 @@ module LibIpv6_Rfc4306Ikev2_Functions { { /* * @desc Test Node waits for IKE_SA_INIT response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node */ function f_waitForIkeSaInitRsp( template Ipv6Address p_src, template Ipv6Address p_dst template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { Loading @@ -1282,8 +1331,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { [] ipPort.receive(mw_ikeSaInitRsp( p_src, p_dst, [] ipPort.receive(mw_ikeSaInitRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1410,8 +1459,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected IKE_SA_INIT response with a Notify payload is received [] ipPort.receive(mw_ikeSaInitRsp( p_src, p_dst, [] ipPort.receive(mw_ikeSaInitRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1595,12 +1644,12 @@ module LibIpv6_Rfc4306Ikev2_Functions { /* * @desc Test Node waits for IKE_AUTH response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node */ function f_waitForIkeAuthRsp( template Ipv6Address p_src, template Ipv6Address p_dst template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { Loading @@ -1616,8 +1665,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { // Transport mode, Notify payload indicating 'UseTransportMode' is included in IKE_AUTH response [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1636,8 +1685,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // Tunnel mode, Notify payload indicating 'UseTransportMode' is not included in IKE_AUTH response [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1654,8 +1703,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected IKE_AUTH response with a Notify payload is received [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1827,13 +1876,13 @@ module LibIpv6_Rfc4306Ikev2_Functions { /* * @desc Test Node waits for CREATE_CHILD_SA response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder */ function f_waitForCreateChildSaRsp( template Ipv6Address p_src, template Ipv6Address p_dst, template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag ) runs on LibIpv6Node Loading @@ -1850,8 +1899,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { // Transport mode, Notify payload indicating 'UseTransportMode' is included in CREATE_CHILD_SA response [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1871,8 +1920,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // Tunnel mode, Notify payload indicating 'UseTransportMode' is not included in CREATE_CHILD_SA response [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1890,8 +1939,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected CREATE_CHILD_SA response with a Notify payload is received [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1933,10 +1982,10 @@ module LibIpv6_Rfc4306Ikev2_Functions { * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder * @param p_IkePayloadList list of payloads to be received */ function f_waitForInformationalRsp( in template Ipv6Address p_addrIut, in template Ipv6Address p_addrTn, function f_waitForInformationalRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, in template IkePayloadList p_IkePayloadList) template IkePayloadList p_IkePayloadList) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; Loading Loading @@ -3001,6 +3050,326 @@ group sendResponses { return e_success; } // end f_sendIkeAuthRsp /* * @desc Test Node builds CREATE_CHILD_SA response * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag i flag IKEv2 header indicating initiator or responder * @param p_protocolId chosen security protocol, AH or ESP */ function f_createAndSendCreateChildSaRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_error; var IkePayload v_securityAssociationPL; var SaTransform v_saTransformEncr; if (p_protocolId == c_protocolId_esp) { // Build Security Association payload for ESP v_saTransformEncr := valueof ( m_saTransform ( c_moreTransform, c_transformTypeEncr, m_transformId_encr(vc_sad[c_saIni].espEncryptionAlgo), omit ) ); if( vc_sad[c_saIni].espEncryptionAlgo == e_encr_cast or vc_sad[c_saIni].espEncryptionAlgo == e_encr_blowfish or vc_sad[c_saIni].espEncryptionAlgo == e_encr_aesCbc or vc_sad[c_saIni].espEncryptionAlgo == e_encr_aesCtr) { vc_sad[c_saIni].espEncrKeyLen := f_getEncrKeyLen(vc_sad[c_saIni].espEncryptionAlgo); v_saTransformEncr.saTransformAttributeList := valueof( m_saTransformAttributeList_1Elem( m_saTransformAttribute(vc_sad[c_saIni].espEncrKeyLen) ) ); } // Security Association payload for ESP v_securityAssociationPL := valueof (m_securityAssociationPL( c_tsInitiatorPL, m_saProposalIke( c_lastProposal, c_proposalNr1, c_protocolId_esp, c_spiSize4, c_3Transforms, int2oct(vc_sad[c_saRes].spi,c_spiSize4), m_saTransformList_4Elem ( v_saTransformEncr, m_saTransform ( c_moreTransform, c_transformTypeInteg, m_transformId_integ(vc_sad[c_saIni].espIntegrityAlgo), omit//Attribute ), m_saTransform ( c_moreTransform, c_transformTypeEsn, m_transformId_esn(vc_sad[c_saIni].extentedSequenceNumbers), omit//Attribute ), // Value may be None, if no Key Exchange Payload was included in the CREATE_CHILD_SA request m_saTransform ( c_lastTransform, c_transformTypeDh, m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup), omit//Attribute ) ) ) )); } else { // Build Security Association payload for AH v_securityAssociationPL := valueof (m_securityAssociationPL( c_tsInitiatorPL, m_saProposalIke( c_lastProposal, c_proposalNr1, c_protocolId_ah, c_spiSize4, c_2Transforms, int2oct(vc_sad[c_saRes].spi,c_spiSize4), m_saTransformList_3Elem ( m_saTransform ( c_moreTransform, c_transformTypeInteg, m_transformId_integ(vc_sad[c_saIni].ahIntegrityAlgo), omit//Attribute ), m_saTransform ( c_moreTransform, c_transformTypeEsn, m_transformId_esn(vc_sad[c_saIni].extentedSequenceNumbers), omit//Attribute ), // Value may be None, if no Key Exchange Payload was included in the CREATE_CHILD_SA request m_saTransform ( c_lastTransform, c_transformTypeDh, m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup), omit//Attribute ) ) ) )); } // Key Exchange payload was included in the CREATE_CHILD_SA request and must be in CREATE_CHILD_SA response if (vc_ikeSad[0].diffieHellmanGroup != e_none) { // Transport mode, Notify payload requesting 'UseTransportMode' is included in CREATE_CHILD_SA response if(vc_sad[c_saIni].ipSecProtocolMode == e_transportMode) { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_notifyPL, m_ikePlList_6Elem( m_notifyPL( c_keyExchangePL, 0, //c_protocolId_none, c_notifyUseTransportMode ), m_keyExchangePL ( c_noncePL, vc_ikeSad[0].diffieHellmanGroup, fx_dHKeyToSend( vc_ikeSad[0].diffieHellmanGroup, vc_ikeSad[0].diffieHellmanPrivKey ) ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } // Tunnel mode, Notify payload requesting 'UseTransportMode' is not included in CREATE_CHILD_SA response else { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_keyExchangePL, m_ikePlList_5Elem( m_keyExchangePL ( c_noncePL, vc_ikeSad[0].diffieHellmanGroup, fx_dHKeyToSend( vc_ikeSad[0].diffieHellmanGroup, vc_ikeSad[0].diffieHellmanPrivKey ) ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } } // Key Exchange payload was not included in the CREATE_CHILD_SA request and need not be in CREATE_CHILD_SA response else { // Transport mode, Notify payload requesting 'UseTransportMode' is included in CREATE_CHILD_SA response if(vc_sad[c_saIni].ipSecProtocolMode == e_transportMode) { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_notifyPL, m_ikePlList_5Elem( m_notifyPL( c_noncePL, 0, //c_protocolId_none, c_notifyUseTransportMode ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } // Tunnel mode, Notify payload requesting 'UseTransportMode' is not included in CREATE_CHILD_SA response else { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_noncePL, m_ikePlList_4Elem( m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } } return v_ret ; } // end f_createAndSendCreateChildSaRspRekeySa /* * @desc Test Node builds CREATE_CHILD_SA response for rekeying an SA * @param p_addrIut address of IUT Loading @@ -3020,6 +3389,12 @@ group sendResponses { var FncRetCode v_ret := e_error; var IkePayload v_securityAssociationPL; var SaTransform v_saTransformEncr; var octetstring v_spi; if (p_iFlag == c_iFlagInitiator) {v_spi := int2oct(vc_sad[c_saIni].spi, 4);} else {v_spi := int2oct(vc_sad[c_saRes].spi, 4);} if (p_protocolId == c_protocolId_esp) { Loading Loading @@ -3143,10 +3518,11 @@ group sendResponses { 0, //c_protocolId_none, c_notifyUseTransportMode ), m_notifyPL( m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_keyExchangePL ( c_noncePL, Loading Loading @@ -3198,10 +3574,11 @@ group sendResponses { m_encryptedPL( c_notifyPL, m_ikePlList_6Elem( m_notifyPL( m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_keyExchangePL ( c_noncePL, Loading Loading @@ -3261,10 +3638,11 @@ group sendResponses { 0, //c_protocolId_none, c_notifyUseTransportMode ), m_notifyPL( c_noncePL, m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_noncePL ( c_saPL, Loading Loading @@ -3308,10 +3686,11 @@ group sendResponses { m_encryptedPL( c_notifyPL, m_ikePlList_5Elem( m_notifyPL( c_noncePL, m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_noncePL ( c_saPL, Loading Loading @@ -3351,8 +3730,7 @@ group sendResponses { function f_createAndSendCreateChildSaRspRekeyIke( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId UInt8 p_iFlag ) runs on LibIpv6Node return FncRetCode { Loading Loading @@ -3383,8 +3761,8 @@ group sendResponses { p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, vc_ikeSad[1].spiInitiator, vc_ikeSad[1].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, Loading Loading @@ -3479,7 +3857,7 @@ group sendResponses { * @param p_nextPayload payload type of payload to be sent in INFORMATIONAL response * @param p_payload template of payload to be sent in INFORMATIONAL response */ function f_createAndSendInfoRes( function f_createAndSendInfoRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, Loading Loading @@ -3559,7 +3937,7 @@ group establishSAFns_active { if (v_ret != e_success) { return v_ret;} // wait for IKE_SA_INIT response v_ret := f_waitForIkeSaInitRsp(p_addrIut,p_addrTn); v_ret := f_waitForIkeSaInitRsp(p_addrTn,p_addrIut); if (v_ret != e_success) { return v_ret;} //fill keyLen Loading Loading @@ -3602,7 +3980,7 @@ group establishSAFns_active { if (v_ret != e_success) { return v_ret;} // wait for IKE_AUTH response v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); v_ret := f_waitForIkeAuthRsp(p_addrTn,p_addrIut); if (v_ret != e_success) { return v_ret;} if (p_protocolId == c_protocolEsp) { Loading Loading @@ -3638,20 +4016,40 @@ group establishSAFns_active { } // end f_sndAuthReqAndWaitForRsp function f_createIkeSaAndFirstChildSa( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, in UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; v_ret := f_sndSaInitReqAndWaitForRsp( p_addrTn, p_addrIut ); if(v_ret != e_success) {return v_ret;} v_ret := f_sndAuthReqAndWaitForRsp( p_addrTn, p_addrIut, p_protocolId ); return v_ret; } // end f_createIkeSaAndFirstChildSa function f_sndChildSaReqAndWaitForRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, in UInt8 p_protocolId UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_sndChildSaReqAndWaitForRsp: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} v_ret := f_createAndSendCreateChildSaReq( p_addrTn, p_addrIut, Loading @@ -3666,13 +4064,9 @@ group establishSAFns_active { {v_iFlag := c_iFlagResponder;} // wait for CreateChild response v_ret := f_waitForCreateChildSaRsp(p_addrIut, p_addrTn, v_iFlag); v_ret := f_waitForCreateChildSaRsp(p_addrTn,p_addrIut,v_iFlag); if (v_ret != e_success) { return v_ret;} // no key values are set //protocolId, p_iflag not needed return v_ret; } // end f_sndChildSaReqAndWaitForRsp Loading Loading @@ -3703,8 +4097,8 @@ group establishSAFns_active { else {v_iFlag := c_iFlagResponder;} // wait for CreateChild response v_ret := f_waitForInformationalRsp(p_addrIut, p_addrTn, v_iFlag, {p_mw_payload}); // wait for Informational response v_ret := f_waitForInformationalRsp(p_addrTn,p_addrIut,v_iFlag,{p_mw_payload}); if (v_ret != e_success) { return v_ret;} return v_ret; Loading @@ -3723,7 +4117,7 @@ group establishSAFns_passive { return FncRetCode { var FncRetCode v_ret := e_success; v_ret := f_waitForIkeSaInitReq(p_addrIut,p_addrTn); v_ret := f_waitForIkeSaInitReq(p_addrTn,p_addrIut); if(v_ret != e_success) { return v_ret;} v_ret := f_createAndSendSaInitRsp(p_addrTn,p_addrIut); Loading Loading @@ -3764,7 +4158,7 @@ group establishSAFns_passive { var FncRetCode v_ret := e_success; var UInt8 v_protocolId; v_ret := f_waitForIkeAuthReq(p_addrIut,p_addrTn,v_protocolId); v_ret := f_waitForIkeAuthReq(p_addrTn,p_addrIut,v_protocolId); if(v_ret != e_success) { return v_ret;} if(v_protocolId == c_protocolId_esp) Loading Loading @@ -3818,6 +4212,85 @@ group establishSAFns_passive { } // end f_rcvAuthReqAndRsp function f_rcvChildSaReqAndRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForCreateChildSaReq(p_addrTn,p_addrIut,p_iFlag); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendCreateChildSaRsp(p_addrTn,p_addrIut,v_iFlag,p_protocolId); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvChildSaReqAndRsp function f_rcvInformationalReqAndRsp_WithPL( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, template IkePayload p_mw_payload, UInt8 p_nextPayload, template IkePayload p_m_payload ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForInformationalReq(p_addrTn,p_addrIut,p_iFlag,{p_mw_payload}); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendInfoRsp(p_addrTn,p_addrIut,v_iFlag,p_nextPayload,p_m_payload); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvInformationalReqAndRsp_WithPL function f_rcvInformationalReqAndRsp_AnyPL( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForInformationalReq_Any(p_addrTn,p_addrIut,p_iFlag); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendInfoRsp(p_addrTn,p_addrIut,v_iFlag,c_noNextPL,omit); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvInformationalReqAndRsp_AnyPL } // end group establishSAFns_passive group deleteSAFns { Loading ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +112 −0 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Functions.ttcn +1688 −1215 Original line number Diff line number Diff line Loading @@ -1186,18 +1186,28 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { [] ipPort.receive(mw_createChildSaReq( p_addrIut, [] ipPort.receive(mw_createChildSaReqRekeyIke( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, vc_ikeSad[0].messageID, p_iFlag, mw_encryptedPLL(mw_createChildSaReqRekeyIkePLL))) -> value v_ipv6Packet { tc_wait.stop; vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1; // store new SPI values in vc_ikeSad[1] // Values in vc_ikeSad[0] are still needed to delete original IKE_SA! if (p_iFlag == c_iFlagInitiator) { vc_ikeSad[1].spiInitiator := v_ipv6Packet.ipv6Payload.ikeMsg.ikev2Header.initiatorSpi; vc_ikeSad[1].spiResponder := int2oct((oct2int(vc_ikeSad[0].spiResponder) + 1), 8) } else { vc_ikeSad[1].spiResponder := v_ipv6Packet.ipv6Payload.ikeMsg.ikev2Header.responderSpi; vc_ikeSad[1].spiInitiator := int2oct((oct2int(vc_ikeSad[0].spiInitiator) + 1), 8) } v_ret := f_analyzeCreateChildSaReqRekeyIke(v_ipv6Packet); } Loading @@ -1212,7 +1222,7 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // end f_waitForCreateChildSaReqRekeyIke /* * @desc Test Node waits for INFORMATIONAL request * @desc Test Node waits for INFORMATIONAL request with specific payload * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder Loading Loading @@ -1253,6 +1263,45 @@ module LibIpv6_Rfc4306Ikev2_Functions { return v_ret; } // end f_waitForInformationalReq /* * @desc Test Node waits for INFORMATIONAL request with any or no payload * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder */ function f_waitForInformationalReq_Any( template Ipv6Address p_addrIut, template Ipv6Address p_addrTn, UInt1 p_iFlag) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; tc_wait.start; alt { [] ipPort.receive(mw_informationalReq_Any( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, p_iFlag, vc_ikeSad[0].messageID)) { tc_wait.stop; vc_ikeSad[0].messageID := vc_ikeSad[0].messageID + 1; } [] tc_wait.timeout { v_ret := e_timeout; log("**** f_waitForInformationalReq: ERROR: tc_wait.timeout **** "); } } // end alt return v_ret; } // end f_waitForInformationalReq } // end group receiveRequests group receiveResponses Loading @@ -1260,12 +1309,12 @@ module LibIpv6_Rfc4306Ikev2_Functions { { /* * @desc Test Node waits for IKE_SA_INIT response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node */ function f_waitForIkeSaInitRsp( template Ipv6Address p_src, template Ipv6Address p_dst template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { Loading @@ -1282,8 +1331,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { [] ipPort.receive(mw_ikeSaInitRsp( p_src, p_dst, [] ipPort.receive(mw_ikeSaInitRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1410,8 +1459,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected IKE_SA_INIT response with a Notify payload is received [] ipPort.receive(mw_ikeSaInitRsp( p_src, p_dst, [] ipPort.receive(mw_ikeSaInitRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1595,12 +1644,12 @@ module LibIpv6_Rfc4306Ikev2_Functions { /* * @desc Test Node waits for IKE_AUTH response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node */ function f_waitForIkeAuthRsp( template Ipv6Address p_src, template Ipv6Address p_dst template Ipv6Address p_addrTn, template Ipv6Address p_addrIut ) runs on LibIpv6Node return FncRetCode { Loading @@ -1616,8 +1665,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { // Transport mode, Notify payload indicating 'UseTransportMode' is included in IKE_AUTH response [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1636,8 +1685,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // Tunnel mode, Notify payload indicating 'UseTransportMode' is not included in IKE_AUTH response [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1654,8 +1703,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected IKE_AUTH response with a Notify payload is received [] ipPort.receive(mw_ikeAuthRsp( p_src, p_dst, [] ipPort.receive(mw_ikeAuthRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1827,13 +1876,13 @@ module LibIpv6_Rfc4306Ikev2_Functions { /* * @desc Test Node waits for CREATE_CHILD_SA response * @param p_src address of IUT * @param p_dst address of test node * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder */ function f_waitForCreateChildSaRsp( template Ipv6Address p_src, template Ipv6Address p_dst, template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag ) runs on LibIpv6Node Loading @@ -1850,8 +1899,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { tc_wait.start; alt { // Transport mode, Notify payload indicating 'UseTransportMode' is included in CREATE_CHILD_SA response [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1871,8 +1920,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // Tunnel mode, Notify payload indicating 'UseTransportMode' is not included in CREATE_CHILD_SA response [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading @@ -1890,8 +1939,8 @@ module LibIpv6_Rfc4306Ikev2_Functions { } // A unexpected CREATE_CHILD_SA response with a Notify payload is received [] ipPort.receive(mw_createChildSaRsp( p_src, p_dst, [] ipPort.receive(mw_createChildSaRsp( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, Loading Loading @@ -1933,10 +1982,10 @@ module LibIpv6_Rfc4306Ikev2_Functions { * @param p_iFlag IKEv2 flag IKEv2 header indicating initiator or responder * @param p_IkePayloadList list of payloads to be received */ function f_waitForInformationalRsp( in template Ipv6Address p_addrIut, in template Ipv6Address p_addrTn, function f_waitForInformationalRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, in template IkePayloadList p_IkePayloadList) template IkePayloadList p_IkePayloadList) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; Loading Loading @@ -3001,6 +3050,326 @@ group sendResponses { return e_success; } // end f_sendIkeAuthRsp /* * @desc Test Node builds CREATE_CHILD_SA response * @param p_addrIut address of IUT * @param p_addrTn address of test node * @param p_iFlag i flag IKEv2 header indicating initiator or responder * @param p_protocolId chosen security protocol, AH or ESP */ function f_createAndSendCreateChildSaRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_error; var IkePayload v_securityAssociationPL; var SaTransform v_saTransformEncr; if (p_protocolId == c_protocolId_esp) { // Build Security Association payload for ESP v_saTransformEncr := valueof ( m_saTransform ( c_moreTransform, c_transformTypeEncr, m_transformId_encr(vc_sad[c_saIni].espEncryptionAlgo), omit ) ); if( vc_sad[c_saIni].espEncryptionAlgo == e_encr_cast or vc_sad[c_saIni].espEncryptionAlgo == e_encr_blowfish or vc_sad[c_saIni].espEncryptionAlgo == e_encr_aesCbc or vc_sad[c_saIni].espEncryptionAlgo == e_encr_aesCtr) { vc_sad[c_saIni].espEncrKeyLen := f_getEncrKeyLen(vc_sad[c_saIni].espEncryptionAlgo); v_saTransformEncr.saTransformAttributeList := valueof( m_saTransformAttributeList_1Elem( m_saTransformAttribute(vc_sad[c_saIni].espEncrKeyLen) ) ); } // Security Association payload for ESP v_securityAssociationPL := valueof (m_securityAssociationPL( c_tsInitiatorPL, m_saProposalIke( c_lastProposal, c_proposalNr1, c_protocolId_esp, c_spiSize4, c_3Transforms, int2oct(vc_sad[c_saRes].spi,c_spiSize4), m_saTransformList_4Elem ( v_saTransformEncr, m_saTransform ( c_moreTransform, c_transformTypeInteg, m_transformId_integ(vc_sad[c_saIni].espIntegrityAlgo), omit//Attribute ), m_saTransform ( c_moreTransform, c_transformTypeEsn, m_transformId_esn(vc_sad[c_saIni].extentedSequenceNumbers), omit//Attribute ), // Value may be None, if no Key Exchange Payload was included in the CREATE_CHILD_SA request m_saTransform ( c_lastTransform, c_transformTypeDh, m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup), omit//Attribute ) ) ) )); } else { // Build Security Association payload for AH v_securityAssociationPL := valueof (m_securityAssociationPL( c_tsInitiatorPL, m_saProposalIke( c_lastProposal, c_proposalNr1, c_protocolId_ah, c_spiSize4, c_2Transforms, int2oct(vc_sad[c_saRes].spi,c_spiSize4), m_saTransformList_3Elem ( m_saTransform ( c_moreTransform, c_transformTypeInteg, m_transformId_integ(vc_sad[c_saIni].ahIntegrityAlgo), omit//Attribute ), m_saTransform ( c_moreTransform, c_transformTypeEsn, m_transformId_esn(vc_sad[c_saIni].extentedSequenceNumbers), omit//Attribute ), // Value may be None, if no Key Exchange Payload was included in the CREATE_CHILD_SA request m_saTransform ( c_lastTransform, c_transformTypeDh, m_transformId_dh(vc_ikeSad[0].diffieHellmanGroup), omit//Attribute ) ) ) )); } // Key Exchange payload was included in the CREATE_CHILD_SA request and must be in CREATE_CHILD_SA response if (vc_ikeSad[0].diffieHellmanGroup != e_none) { // Transport mode, Notify payload requesting 'UseTransportMode' is included in CREATE_CHILD_SA response if(vc_sad[c_saIni].ipSecProtocolMode == e_transportMode) { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_notifyPL, m_ikePlList_6Elem( m_notifyPL( c_keyExchangePL, 0, //c_protocolId_none, c_notifyUseTransportMode ), m_keyExchangePL ( c_noncePL, vc_ikeSad[0].diffieHellmanGroup, fx_dHKeyToSend( vc_ikeSad[0].diffieHellmanGroup, vc_ikeSad[0].diffieHellmanPrivKey ) ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } // Tunnel mode, Notify payload requesting 'UseTransportMode' is not included in CREATE_CHILD_SA response else { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_keyExchangePL, m_ikePlList_5Elem( m_keyExchangePL ( c_noncePL, vc_ikeSad[0].diffieHellmanGroup, fx_dHKeyToSend( vc_ikeSad[0].diffieHellmanGroup, vc_ikeSad[0].diffieHellmanPrivKey ) ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } } // Key Exchange payload was not included in the CREATE_CHILD_SA request and need not be in CREATE_CHILD_SA response else { // Transport mode, Notify payload requesting 'UseTransportMode' is included in CREATE_CHILD_SA response if(vc_sad[c_saIni].ipSecProtocolMode == e_transportMode) { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_notifyPL, m_ikePlList_5Elem( m_notifyPL( c_noncePL, 0, //c_protocolId_none, c_notifyUseTransportMode ), m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } // Tunnel mode, Notify payload requesting 'UseTransportMode' is not included in CREATE_CHILD_SA response else { v_ret := f_sendCreateChildSaRsp ( m_createChildSaRsp ( p_addrIut, p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, m_ikePlList_1Elem( m_encryptedPL( c_noncePL, m_ikePlList_4Elem( m_noncePL ( c_saPL, vc_ikeSad[0].nR ), v_securityAssociationPL, m_tsInitiatorPL( c_tsResponderPL, m_trafficSelectorList_1Elem ( vc_sad[c_saIni].trafficSelector ) ), m_tsResponderPL( c_noNextPL, m_trafficSelectorList_1Elem ( vc_sad[c_saRes].trafficSelector ) ) ) ) ) ) ); } } return v_ret ; } // end f_createAndSendCreateChildSaRspRekeySa /* * @desc Test Node builds CREATE_CHILD_SA response for rekeying an SA * @param p_addrIut address of IUT Loading @@ -3020,6 +3389,12 @@ group sendResponses { var FncRetCode v_ret := e_error; var IkePayload v_securityAssociationPL; var SaTransform v_saTransformEncr; var octetstring v_spi; if (p_iFlag == c_iFlagInitiator) {v_spi := int2oct(vc_sad[c_saIni].spi, 4);} else {v_spi := int2oct(vc_sad[c_saRes].spi, 4);} if (p_protocolId == c_protocolId_esp) { Loading Loading @@ -3143,10 +3518,11 @@ group sendResponses { 0, //c_protocolId_none, c_notifyUseTransportMode ), m_notifyPL( m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_keyExchangePL ( c_noncePL, Loading Loading @@ -3198,10 +3574,11 @@ group sendResponses { m_encryptedPL( c_notifyPL, m_ikePlList_6Elem( m_notifyPL( m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_keyExchangePL ( c_noncePL, Loading Loading @@ -3261,10 +3638,11 @@ group sendResponses { 0, //c_protocolId_none, c_notifyUseTransportMode ), m_notifyPL( c_noncePL, m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_noncePL ( c_saPL, Loading Loading @@ -3308,10 +3686,11 @@ group sendResponses { m_encryptedPL( c_notifyPL, m_ikePlList_5Elem( m_notifyPL( c_noncePL, m_notifyPL_SPI( c_keyExchangePL, p_protocolId, c_notifyRekeySa c_notifyRekeySa, v_spi ), m_noncePL ( c_saPL, Loading Loading @@ -3351,8 +3730,7 @@ group sendResponses { function f_createAndSendCreateChildSaRspRekeyIke( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId UInt8 p_iFlag ) runs on LibIpv6Node return FncRetCode { Loading Loading @@ -3383,8 +3761,8 @@ group sendResponses { p_addrTn, vc_ikeSad[0].udpIutPort, vc_ikeSad[0].udpTnPort, vc_ikeSad[0].spiInitiator, vc_ikeSad[0].spiResponder, vc_ikeSad[1].spiInitiator, vc_ikeSad[1].spiResponder, c_encryptedPL, p_iFlag, vc_ikeSad[0].messageID, Loading Loading @@ -3479,7 +3857,7 @@ group sendResponses { * @param p_nextPayload payload type of payload to be sent in INFORMATIONAL response * @param p_payload template of payload to be sent in INFORMATIONAL response */ function f_createAndSendInfoRes( function f_createAndSendInfoRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, Loading Loading @@ -3559,7 +3937,7 @@ group establishSAFns_active { if (v_ret != e_success) { return v_ret;} // wait for IKE_SA_INIT response v_ret := f_waitForIkeSaInitRsp(p_addrIut,p_addrTn); v_ret := f_waitForIkeSaInitRsp(p_addrTn,p_addrIut); if (v_ret != e_success) { return v_ret;} //fill keyLen Loading Loading @@ -3602,7 +3980,7 @@ group establishSAFns_active { if (v_ret != e_success) { return v_ret;} // wait for IKE_AUTH response v_ret := f_waitForIkeAuthRsp(p_addrIut, p_addrTn); v_ret := f_waitForIkeAuthRsp(p_addrTn,p_addrIut); if (v_ret != e_success) { return v_ret;} if (p_protocolId == c_protocolEsp) { Loading Loading @@ -3638,20 +4016,40 @@ group establishSAFns_active { } // end f_sndAuthReqAndWaitForRsp function f_createIkeSaAndFirstChildSa( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, in UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; v_ret := f_sndSaInitReqAndWaitForRsp( p_addrTn, p_addrIut ); if(v_ret != e_success) {return v_ret;} v_ret := f_sndAuthReqAndWaitForRsp( p_addrTn, p_addrIut, p_protocolId ); return v_ret; } // end f_createIkeSaAndFirstChildSa function f_sndChildSaReqAndWaitForRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, in UInt8 p_protocolId UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; if ((p_protocolId != c_protocolEsp) and (p_protocolId != c_protocolAh)) { log("**** f_sndChildSaReqAndWaitForRsp: ERROR: Invalid protocol Id, only ESP and AH allowed here !**** "); return e_error;} v_ret := f_createAndSendCreateChildSaReq( p_addrTn, p_addrIut, Loading @@ -3666,13 +4064,9 @@ group establishSAFns_active { {v_iFlag := c_iFlagResponder;} // wait for CreateChild response v_ret := f_waitForCreateChildSaRsp(p_addrIut, p_addrTn, v_iFlag); v_ret := f_waitForCreateChildSaRsp(p_addrTn,p_addrIut,v_iFlag); if (v_ret != e_success) { return v_ret;} // no key values are set //protocolId, p_iflag not needed return v_ret; } // end f_sndChildSaReqAndWaitForRsp Loading Loading @@ -3703,8 +4097,8 @@ group establishSAFns_active { else {v_iFlag := c_iFlagResponder;} // wait for CreateChild response v_ret := f_waitForInformationalRsp(p_addrIut, p_addrTn, v_iFlag, {p_mw_payload}); // wait for Informational response v_ret := f_waitForInformationalRsp(p_addrTn,p_addrIut,v_iFlag,{p_mw_payload}); if (v_ret != e_success) { return v_ret;} return v_ret; Loading @@ -3723,7 +4117,7 @@ group establishSAFns_passive { return FncRetCode { var FncRetCode v_ret := e_success; v_ret := f_waitForIkeSaInitReq(p_addrIut,p_addrTn); v_ret := f_waitForIkeSaInitReq(p_addrTn,p_addrIut); if(v_ret != e_success) { return v_ret;} v_ret := f_createAndSendSaInitRsp(p_addrTn,p_addrIut); Loading Loading @@ -3764,7 +4158,7 @@ group establishSAFns_passive { var FncRetCode v_ret := e_success; var UInt8 v_protocolId; v_ret := f_waitForIkeAuthReq(p_addrIut,p_addrTn,v_protocolId); v_ret := f_waitForIkeAuthReq(p_addrTn,p_addrIut,v_protocolId); if(v_ret != e_success) { return v_ret;} if(v_protocolId == c_protocolId_esp) Loading Loading @@ -3818,6 +4212,85 @@ group establishSAFns_passive { } // end f_rcvAuthReqAndRsp function f_rcvChildSaReqAndRsp( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt8 p_iFlag, UInt8 p_protocolId ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForCreateChildSaReq(p_addrTn,p_addrIut,p_iFlag); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendCreateChildSaRsp(p_addrTn,p_addrIut,v_iFlag,p_protocolId); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvChildSaReqAndRsp function f_rcvInformationalReqAndRsp_WithPL( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag, template IkePayload p_mw_payload, UInt8 p_nextPayload, template IkePayload p_m_payload ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForInformationalReq(p_addrTn,p_addrIut,p_iFlag,{p_mw_payload}); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendInfoRsp(p_addrTn,p_addrIut,v_iFlag,p_nextPayload,p_m_payload); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvInformationalReqAndRsp_WithPL function f_rcvInformationalReqAndRsp_AnyPL( template Ipv6Address p_addrTn, template Ipv6Address p_addrIut, UInt1 p_iFlag ) runs on LibIpv6Node return FncRetCode { var FncRetCode v_ret := e_success; var UInt1 v_iFlag; v_ret := f_waitForInformationalReq_Any(p_addrTn,p_addrIut,p_iFlag); if(v_ret != e_success) { return v_ret;} if (p_iFlag == c_iFlagResponder) {v_iFlag := c_iFlagInitiator;} else {v_iFlag := c_iFlagResponder;} v_ret := f_createAndSendInfoRsp(p_addrTn,p_addrIut,v_iFlag,c_noNextPL,omit); if(v_ret != e_success) { return v_ret;} return v_ret; } // end f_rcvInformationalReqAndRsp_AnyPL } // end group establishSAFns_passive group deleteSAFns { Loading
ttcn3/EtsiLibrary/LibIpv6/LibSec/LibIpv6_Rfc4306Ikev2_Templates.ttcn +112 −0 File changed.Preview size limit exceeded, changes collapsed. Show changes
