blob: 8bec827fe48ff97747e2d98a03e31a6853b931e0 [file] [log] [blame]
///////////////////////////////////////////////////////////////////////////////
// //
// Copyright (c) 2000-2018 Ericsson Telecom AB //
// //
// All rights reserved. This program and the accompanying materials //
// are made available under the terms of the Eclipse Public License v2.0 //
// which accompanies this distribution, and is available at //
// https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html //
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
// Module: EPTF_CLL_Transport_IPsecHandler_Functions
//
// Purpose:
// This module contains the implementation of IPsec functionality of the Transport.
//
// Module depends on:
// <EPTF_CLL_Transport_IPsecHandler_Definitions>
// <TCCIPsec_Functions>
// <TCCIPsec_XFRM_Definitions>
// <TCCConversion_Functions>
// <EPTF_CLL_HashMapStr2Int_Functions>
// <EPTF_CLL_Base_Functions>
// <EPTF_CLL_HashMap_Functions>
//
// Current Owner:
// Jozsef Gyurusi (ETHJGI)
//
// Detailed Comments:
// This module contains the interface functions for the EPTF_Transport_IPsecHandler.
// Public functions:
// <f_EPTF_Transport_IPsecHandler_init_CT>
// <f_EPTF_Transport_IPsecHandler_initialized>
// <f_EPTF_Transport_IPsecHandler_createSA>
// <f_EPTF_Transport_IPsecHandler_createSP>
// <f_EPTF_Transport_IPsecHandler_deleteSA>
// <f_EPTF_Transport_IPsecHandler_deleteSP>
// <f_EPTF_Transport_IPsecHandler_flushSA>
// <f_EPTF_Transport_IPsecHandler_flushSP>
// <f_EPTF_Transport_IPsecHandler_allocate_SPI>
//
///////////////////////////////////////////////////////////////
module EPTF_CLL_Transport_IPsecHandler_Functions {
import from EPTF_CLL_Transport_IPsecHandler_Definitions all;
import from TCCIPsec_XFRM_Definitions all;
import from EPTF_CLL_HashMapStr2Int_Functions all;
import from EPTF_CLL_Base_Functions all;
import from EPTF_CLL_HashMap_Functions all;
import from EPTF_CLL_FBQ_Definitions all;
import from EPTF_CLL_FBQ_Functions all;
import from EPTF_CLL_Transport_IPsecHandler_Logging_Client_Functions all;
import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Definitions all;
import from TCCConversion_Functions all; // f_convertIPAddrToBinary
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_init_CT
//
// Purpose:
// Init function for the Transport_IPSecHandler
//
// Parameters:
// pl_selfName - *in* - *charstring* - The name of the component
// pl_LoggingIPSecServer_CT - *in* - *EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT* - Logging Server component reference
// - default is null -> events are not sent to logging server
//
// Return Value:
// -
//
// Errors:
// -
//
// Detailed Comments:
// This function should be called before using any other function in this module.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_init_CT(
in charstring pl_selfName,
in EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT pl_LoggingIPSecServer_CT := null
) runs on EPTF_Transport_IPsecHandler_CT {
if (v_EPTF_Transport_IPsecHandler_initialized) {
return;
}
f_EPTF_Base_init_CT(pl_selfName);
f_EPTF_HashMap_init_CT(pl_selfName);
f_EPTF_CLL_Transport_IPsecHandler_Logging_Client_init(pl_selfName, pl_LoggingIPSecServer_CT);
f_EPTF_FBQ_init_CT(pl_selfName);
v_EPTF_Transport_IPsecHandler_saHashMapId := f_EPTF_str2int_HashMap_New(c_EPTF_Transport_IPsecHandler_saHashMapName);
v_SAAddInfo_List := {};
f_EPTF_FBQ_initFreeBusyQueue(v_Transport_IPsecHandler_saFBQId);
v_EPTF_Transport_IPsecHandler_spHashMapId := f_EPTF_str2int_HashMap_New(c_EPTF_Transport_IPsecHandler_spHashMapName);
v_SPAddInfo_List := {};
f_EPTF_FBQ_initFreeBusyQueue(v_Transport_IPsecHandler_spFBQId);
f_EPTF_Base_registerCleanup(refers(f_EPTF_Transport_IPsecHandler_cleanup));
v_EPTF_Transport_IPsecHandler_initialized := true;
return;
}
private function f_EPTF_Transport_IPsecHandler_cleanup() runs on EPTF_Transport_IPsecHandler_CT {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return;
}
f_EPTF_str2int_HashMap_Delete(c_EPTF_Transport_IPsecHandler_saHashMapName);
v_SAAddInfo_List := {};
v_Transport_IPsecHandler_saFBQId := c_EPTF_emptyFreeBusyQueue;
f_EPTF_str2int_HashMap_Delete(c_EPTF_Transport_IPsecHandler_spHashMapName);
v_SPAddInfo_List := {};
v_Transport_IPsecHandler_spFBQId := c_EPTF_emptyFreeBusyQueue;
v_EPTF_Transport_IPsecHandler_initialized := false;
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_initialized
//
// Purpose:
// Function to check if <f_EPTF_Transport_IPsecHandler_init_CT> was called
//
// Parameters:
// -
//
// Return Value:
// *boolean* - true if <f_EPTF_Transport_IPsecHandler_init_CT> was called, false if not
//
// Errors:
// -
//
// Detailed Comments:
// -
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_initialized() runs on EPTF_Transport_IPsecHandler_CT return boolean {
return v_EPTF_Transport_IPsecHandler_initialized;
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_createSA
//
// Purpose:
// Function to create a new Security Association (SA) for IPsec
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// pl_sa_info - *in* - <SAAddInfo> - Information to add SA
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_add_sa>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_createSA(
in SAAddInfo pl_sa_info
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_info.src.ip_address))&"_"&log2str(pl_sa_info.src.port_number)&"_"&
log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_info.dst.ip_address))&"_"&log2str(pl_sa_info.dst.port_number)
var integer vl_sa_info_id;
if(not f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_saHashMapId, vl_connectionIdStr, vl_sa_info_id)) {
vl_sa_info_id := f_EPTF_FBQ_getOrCreateFreeSlot(v_Transport_IPsecHandler_saFBQId);
f_EPTF_FBQ_moveFromFreeToBusyTail(vl_sa_info_id, v_Transport_IPsecHandler_saFBQId);
f_EPTF_str2int_HashMap_Insert(v_EPTF_Transport_IPsecHandler_saHashMapId,vl_connectionIdStr,vl_sa_info_id);
}
f_EPTF_CLL_Transport_IPsecHandler_Logging_Client_LogSAAddInfo(pl_sa_info);
// record found, store data:
v_SAAddInfo_List[vl_sa_info_id] := pl_sa_info;
return f_XFRM_add_sa(pl_sa_info);
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_createSP
//
// Purpose:
// Function to create a new Security Policy (SP) for IPsec
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// pl_sp_info - *in* - <SPAddInfo> - Information to add SP
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_add_policy>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_createSP(
in SPAddInfo pl_sp_info
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_info.src.ip_address))&"_"&log2str(pl_sp_info.src.port_number)&"_"&
log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_info.dst.ip_address))&"_"&log2str(pl_sp_info.dst.port_number)
var integer vl_sp_info_id;
if(not f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_spHashMapId, vl_connectionIdStr, vl_sp_info_id)) {
vl_sp_info_id := f_EPTF_FBQ_getOrCreateFreeSlot(v_Transport_IPsecHandler_spFBQId);
f_EPTF_FBQ_moveFromFreeToBusyTail(vl_sp_info_id, v_Transport_IPsecHandler_spFBQId);
f_EPTF_str2int_HashMap_Insert(v_EPTF_Transport_IPsecHandler_spHashMapId,vl_connectionIdStr,vl_sp_info_id);
}
// record found, store data:
v_SPAddInfo_List[vl_sp_info_id] := pl_sp_info;
return f_XFRM_add_policy(pl_sp_info);
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_deleteSA
//
// Purpose:
// Function to delete an existing Security Association (SA) for IPsec
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// pl_sa_del_info - *in* - <SADelInfo> - Information to delete SA
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_delete_sa>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_deleteSA(
in SADelInfo pl_sa_del_info
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_del_info.src.ip_address))&"_"&log2str(pl_sa_del_info.src.port_number)&"_"&
log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_del_info.dst.ip_address))&"_"&log2str(pl_sa_del_info.dst.port_number)
var integer vl_sa_info_id;
var XFRM_Result vl_result := {
result := 0,
msg := ""
}
if(f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_saHashMapId, vl_connectionIdStr, vl_sa_info_id)) {
f_EPTF_str2int_HashMap_Erase(v_EPTF_Transport_IPsecHandler_saHashMapId,vl_connectionIdStr);
f_EPTF_FBQ_moveFromBusyToFreeTail(vl_sa_info_id, v_Transport_IPsecHandler_saFBQId);
vl_result := f_XFRM_delete_sa(pl_sa_del_info);
} else {
vl_result := {
result := 1,
msg := "f_EPTF_Transport_IPsecHandler_deleteSA: Cannot delete SA: SA is not found for del info: "&log2str(pl_sa_del_info)
}
}
return vl_result;
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_deleteSP
//
// Purpose:
// Function to delete an existing Security Policy (SP) for IPsec
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// pl_sp_del_info - *in* - <SPDelInfo> - Information to delete SP
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_delete_policy>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_deleteSP(
in SPDelInfo pl_sp_del_info
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_del_info.src.ip_address))&"_"&log2str(pl_sp_del_info.src.port_number)&"_"&
log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_del_info.dst.ip_address))&"_"&log2str(pl_sp_del_info.dst.port_number)
var integer vl_sp_info_id;
var XFRM_Result vl_result := {
result := 0,
msg := ""
}
if(f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_spHashMapId, vl_connectionIdStr, vl_sp_info_id)) {
f_EPTF_str2int_HashMap_Erase(v_EPTF_Transport_IPsecHandler_spHashMapId,vl_connectionIdStr);
f_EPTF_FBQ_moveFromBusyToFreeTail(vl_sp_info_id, v_Transport_IPsecHandler_spFBQId);
vl_result := f_XFRM_delete_policy(pl_sp_del_info);
} else {
vl_result := {
result := 1,
msg := "f_EPTF_Transport_IPsecHandler_deleteSP: Cannot delete SP: SP is not found for del info: "&log2str(pl_sp_del_info)
}
}
return vl_result;
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_flushSA
//
// Purpose:
// Function to delete all SA from the kernel
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// -
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_flush_sa>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_flushSA(
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
return f_XFRM_flush_sa()
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_flushSP
//
// Purpose:
// Function to delete all SP from the kernel
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// -
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_flush_policy>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_flushSP(
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
return f_XFRM_flush_policy();
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_allocate_SPI
//
// Purpose:
// Function to get a free SPI from the kernel
// using the XFRM API of TCCUsefulFunctions
//
// Parameters:
// -
//
// Return Value:
// *XFRM_Result* - the result
//
// Errors:
// -
//
// Detailed Comments:
// This function calls the TCC useful function <f_XFRM_allocate_SPI>.
///////////////////////////////////////////////////////////
public function f_EPTF_Transport_IPsecHandler_allocate_SPI(
in AllocSPI_Info pl_AllocSPI_info,
inout integer pl_spi
) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result {
if (not v_EPTF_Transport_IPsecHandler_initialized) {
return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."};
}
return f_XFRM_allocate_SPI(pl_AllocSPI_info, pl_spi);
}
///////////////////////////////////////////////////////////
// Function: f_EPTF_Transport_IPsecHandler_getBinaryAddress
//
// Purpose:
// Return the binary representation of an address
//
// Parameters:
// - pl_charAddr - *in* <charstring> - address in charstring
//
// Return Value:
// *octetstring* - address in octetstring
//
// Errors:
//
// Detailed Comments:
// If the pl_charAddr is an IP address, then binary form of the IP address
// is set into pl_octAddr.
// If the pl_charAddr is a hostname, then char2oct(pl_charAddr)
// is set into pl_octAddr.
// If the pl_charAddr is empty, then pl_octAddr will be ''O
///////////////////////////////////////////////////////////
private function f_EPTF_Transport_IPsecHandler_getBinaryAddress(in charstring pl_charAddr) return octetstring {
var octetstring vl_octAddr := f_convertIPAddrToBinary(pl_charAddr);
// if hostname was in the pl_charAddr, then put the hostname in pl_octAddr with char2oct
if(vl_octAddr == ''O) { vl_octAddr := char2oct(pl_charAddr); }
return vl_octAddr;
}
} // module