| /////////////////////////////////////////////////////////////////////////////// |
| // // |
| // Copyright (c) 2000-2018 Ericsson Telecom AB // |
| // // |
| // All rights reserved. This program and the accompanying materials // |
| // are made available under the terms of the Eclipse Public License v2.0 // |
| // which accompanies this distribution, and is available at // |
| // https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html // |
| /////////////////////////////////////////////////////////////////////////////// |
| |
| /////////////////////////////////////////////////////////// |
| // Module: EPTF_CLL_Transport_IPsecHandler_Functions |
| // |
| // Purpose: |
| // This module contains the implementation of IPsec functionality of the Transport. |
| // |
| // Module depends on: |
| // <EPTF_CLL_Transport_IPsecHandler_Definitions> |
| // <TCCIPsec_Functions> |
| // <TCCIPsec_XFRM_Definitions> |
| // <TCCConversion_Functions> |
| // <EPTF_CLL_HashMapStr2Int_Functions> |
| // <EPTF_CLL_Base_Functions> |
| // <EPTF_CLL_HashMap_Functions> |
| // |
| // Current Owner: |
| // Jozsef Gyurusi (ETHJGI) |
| // |
| // Detailed Comments: |
| // This module contains the interface functions for the EPTF_Transport_IPsecHandler. |
| // Public functions: |
| // <f_EPTF_Transport_IPsecHandler_init_CT> |
| // <f_EPTF_Transport_IPsecHandler_initialized> |
| // <f_EPTF_Transport_IPsecHandler_createSA> |
| // <f_EPTF_Transport_IPsecHandler_createSP> |
| // <f_EPTF_Transport_IPsecHandler_deleteSA> |
| // <f_EPTF_Transport_IPsecHandler_deleteSP> |
| // <f_EPTF_Transport_IPsecHandler_flushSA> |
| // <f_EPTF_Transport_IPsecHandler_flushSP> |
| // <f_EPTF_Transport_IPsecHandler_allocate_SPI> |
| // |
| /////////////////////////////////////////////////////////////// |
| |
| module EPTF_CLL_Transport_IPsecHandler_Functions { |
| |
| import from EPTF_CLL_Transport_IPsecHandler_Definitions all; |
| import from TCCIPsec_XFRM_Definitions all; |
| import from EPTF_CLL_HashMapStr2Int_Functions all; |
| import from EPTF_CLL_Base_Functions all; |
| import from EPTF_CLL_HashMap_Functions all; |
| import from EPTF_CLL_FBQ_Definitions all; |
| import from EPTF_CLL_FBQ_Functions all; |
| import from EPTF_CLL_Transport_IPsecHandler_Logging_Client_Functions all; |
| import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Definitions all; |
| import from TCCConversion_Functions all; // f_convertIPAddrToBinary |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_init_CT |
| // |
| // Purpose: |
| // Init function for the Transport_IPSecHandler |
| // |
| // Parameters: |
| // pl_selfName - *in* - *charstring* - The name of the component |
| // pl_LoggingIPSecServer_CT - *in* - *EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT* - Logging Server component reference |
| // - default is null -> events are not sent to logging server |
| // |
| // Return Value: |
| // - |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function should be called before using any other function in this module. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_init_CT( |
| in charstring pl_selfName, |
| in EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT pl_LoggingIPSecServer_CT := null |
| ) runs on EPTF_Transport_IPsecHandler_CT { |
| if (v_EPTF_Transport_IPsecHandler_initialized) { |
| return; |
| } |
| |
| f_EPTF_Base_init_CT(pl_selfName); |
| f_EPTF_HashMap_init_CT(pl_selfName); |
| f_EPTF_CLL_Transport_IPsecHandler_Logging_Client_init(pl_selfName, pl_LoggingIPSecServer_CT); |
| f_EPTF_FBQ_init_CT(pl_selfName); |
| |
| v_EPTF_Transport_IPsecHandler_saHashMapId := f_EPTF_str2int_HashMap_New(c_EPTF_Transport_IPsecHandler_saHashMapName); |
| v_SAAddInfo_List := {}; |
| f_EPTF_FBQ_initFreeBusyQueue(v_Transport_IPsecHandler_saFBQId); |
| |
| v_EPTF_Transport_IPsecHandler_spHashMapId := f_EPTF_str2int_HashMap_New(c_EPTF_Transport_IPsecHandler_spHashMapName); |
| v_SPAddInfo_List := {}; |
| f_EPTF_FBQ_initFreeBusyQueue(v_Transport_IPsecHandler_spFBQId); |
| |
| f_EPTF_Base_registerCleanup(refers(f_EPTF_Transport_IPsecHandler_cleanup)); |
| |
| v_EPTF_Transport_IPsecHandler_initialized := true; |
| return; |
| } |
| |
| private function f_EPTF_Transport_IPsecHandler_cleanup() runs on EPTF_Transport_IPsecHandler_CT { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return; |
| } |
| |
| f_EPTF_str2int_HashMap_Delete(c_EPTF_Transport_IPsecHandler_saHashMapName); |
| v_SAAddInfo_List := {}; |
| v_Transport_IPsecHandler_saFBQId := c_EPTF_emptyFreeBusyQueue; |
| f_EPTF_str2int_HashMap_Delete(c_EPTF_Transport_IPsecHandler_spHashMapName); |
| v_SPAddInfo_List := {}; |
| v_Transport_IPsecHandler_spFBQId := c_EPTF_emptyFreeBusyQueue; |
| |
| v_EPTF_Transport_IPsecHandler_initialized := false; |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_initialized |
| // |
| // Purpose: |
| // Function to check if <f_EPTF_Transport_IPsecHandler_init_CT> was called |
| // |
| // Parameters: |
| // - |
| // |
| // Return Value: |
| // *boolean* - true if <f_EPTF_Transport_IPsecHandler_init_CT> was called, false if not |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // - |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_initialized() runs on EPTF_Transport_IPsecHandler_CT return boolean { |
| return v_EPTF_Transport_IPsecHandler_initialized; |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_createSA |
| // |
| // Purpose: |
| // Function to create a new Security Association (SA) for IPsec |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // pl_sa_info - *in* - <SAAddInfo> - Information to add SA |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_add_sa>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_createSA( |
| in SAAddInfo pl_sa_info |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_info.src.ip_address))&"_"&log2str(pl_sa_info.src.port_number)&"_"& |
| log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_info.dst.ip_address))&"_"&log2str(pl_sa_info.dst.port_number) |
| var integer vl_sa_info_id; |
| if(not f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_saHashMapId, vl_connectionIdStr, vl_sa_info_id)) { |
| vl_sa_info_id := f_EPTF_FBQ_getOrCreateFreeSlot(v_Transport_IPsecHandler_saFBQId); |
| f_EPTF_FBQ_moveFromFreeToBusyTail(vl_sa_info_id, v_Transport_IPsecHandler_saFBQId); |
| f_EPTF_str2int_HashMap_Insert(v_EPTF_Transport_IPsecHandler_saHashMapId,vl_connectionIdStr,vl_sa_info_id); |
| } |
| |
| f_EPTF_CLL_Transport_IPsecHandler_Logging_Client_LogSAAddInfo(pl_sa_info); |
| |
| // record found, store data: |
| v_SAAddInfo_List[vl_sa_info_id] := pl_sa_info; |
| return f_XFRM_add_sa(pl_sa_info); |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_createSP |
| // |
| // Purpose: |
| // Function to create a new Security Policy (SP) for IPsec |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // pl_sp_info - *in* - <SPAddInfo> - Information to add SP |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_add_policy>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_createSP( |
| in SPAddInfo pl_sp_info |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_info.src.ip_address))&"_"&log2str(pl_sp_info.src.port_number)&"_"& |
| log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_info.dst.ip_address))&"_"&log2str(pl_sp_info.dst.port_number) |
| var integer vl_sp_info_id; |
| if(not f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_spHashMapId, vl_connectionIdStr, vl_sp_info_id)) { |
| vl_sp_info_id := f_EPTF_FBQ_getOrCreateFreeSlot(v_Transport_IPsecHandler_spFBQId); |
| f_EPTF_FBQ_moveFromFreeToBusyTail(vl_sp_info_id, v_Transport_IPsecHandler_spFBQId); |
| f_EPTF_str2int_HashMap_Insert(v_EPTF_Transport_IPsecHandler_spHashMapId,vl_connectionIdStr,vl_sp_info_id); |
| } |
| |
| // record found, store data: |
| v_SPAddInfo_List[vl_sp_info_id] := pl_sp_info; |
| return f_XFRM_add_policy(pl_sp_info); |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_deleteSA |
| // |
| // Purpose: |
| // Function to delete an existing Security Association (SA) for IPsec |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // pl_sa_del_info - *in* - <SADelInfo> - Information to delete SA |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_delete_sa>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_deleteSA( |
| in SADelInfo pl_sa_del_info |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_del_info.src.ip_address))&"_"&log2str(pl_sa_del_info.src.port_number)&"_"& |
| log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sa_del_info.dst.ip_address))&"_"&log2str(pl_sa_del_info.dst.port_number) |
| var integer vl_sa_info_id; |
| var XFRM_Result vl_result := { |
| result := 0, |
| msg := "" |
| } |
| if(f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_saHashMapId, vl_connectionIdStr, vl_sa_info_id)) { |
| f_EPTF_str2int_HashMap_Erase(v_EPTF_Transport_IPsecHandler_saHashMapId,vl_connectionIdStr); |
| f_EPTF_FBQ_moveFromBusyToFreeTail(vl_sa_info_id, v_Transport_IPsecHandler_saFBQId); |
| vl_result := f_XFRM_delete_sa(pl_sa_del_info); |
| } else { |
| vl_result := { |
| result := 1, |
| msg := "f_EPTF_Transport_IPsecHandler_deleteSA: Cannot delete SA: SA is not found for del info: "&log2str(pl_sa_del_info) |
| } |
| } |
| return vl_result; |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_deleteSP |
| // |
| // Purpose: |
| // Function to delete an existing Security Policy (SP) for IPsec |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // pl_sp_del_info - *in* - <SPDelInfo> - Information to delete SP |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_delete_policy>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_deleteSP( |
| in SPDelInfo pl_sp_del_info |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| var charstring vl_connectionIdStr := log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_del_info.src.ip_address))&"_"&log2str(pl_sp_del_info.src.port_number)&"_"& |
| log2str(f_EPTF_Transport_IPsecHandler_getBinaryAddress(pl_sp_del_info.dst.ip_address))&"_"&log2str(pl_sp_del_info.dst.port_number) |
| var integer vl_sp_info_id; |
| var XFRM_Result vl_result := { |
| result := 0, |
| msg := "" |
| } |
| if(f_EPTF_str2int_HashMap_Find(v_EPTF_Transport_IPsecHandler_spHashMapId, vl_connectionIdStr, vl_sp_info_id)) { |
| f_EPTF_str2int_HashMap_Erase(v_EPTF_Transport_IPsecHandler_spHashMapId,vl_connectionIdStr); |
| f_EPTF_FBQ_moveFromBusyToFreeTail(vl_sp_info_id, v_Transport_IPsecHandler_spFBQId); |
| vl_result := f_XFRM_delete_policy(pl_sp_del_info); |
| } else { |
| vl_result := { |
| result := 1, |
| msg := "f_EPTF_Transport_IPsecHandler_deleteSP: Cannot delete SP: SP is not found for del info: "&log2str(pl_sp_del_info) |
| } |
| } |
| return vl_result; |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_flushSA |
| // |
| // Purpose: |
| // Function to delete all SA from the kernel |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // - |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_flush_sa>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_flushSA( |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| return f_XFRM_flush_sa() |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_flushSP |
| // |
| // Purpose: |
| // Function to delete all SP from the kernel |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // - |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_flush_policy>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_flushSP( |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| return f_XFRM_flush_policy(); |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_allocate_SPI |
| // |
| // Purpose: |
| // Function to get a free SPI from the kernel |
| // using the XFRM API of TCCUsefulFunctions |
| // |
| // Parameters: |
| // - |
| // |
| // Return Value: |
| // *XFRM_Result* - the result |
| // |
| // Errors: |
| // - |
| // |
| // Detailed Comments: |
| // This function calls the TCC useful function <f_XFRM_allocate_SPI>. |
| /////////////////////////////////////////////////////////// |
| public function f_EPTF_Transport_IPsecHandler_allocate_SPI( |
| in AllocSPI_Info pl_AllocSPI_info, |
| inout integer pl_spi |
| ) runs on EPTF_Transport_IPsecHandler_CT return XFRM_Result { |
| if (not v_EPTF_Transport_IPsecHandler_initialized) { |
| return {1,%definitionId&": IPSec is not initialized in Transport. The function f_EPTF_Transport_IPsecHandler_init_CT should have been called."}; |
| } |
| |
| return f_XFRM_allocate_SPI(pl_AllocSPI_info, pl_spi); |
| } |
| |
| /////////////////////////////////////////////////////////// |
| // Function: f_EPTF_Transport_IPsecHandler_getBinaryAddress |
| // |
| // Purpose: |
| // Return the binary representation of an address |
| // |
| // Parameters: |
| // - pl_charAddr - *in* <charstring> - address in charstring |
| // |
| // Return Value: |
| // *octetstring* - address in octetstring |
| // |
| // Errors: |
| // |
| // Detailed Comments: |
| // If the pl_charAddr is an IP address, then binary form of the IP address |
| // is set into pl_octAddr. |
| // If the pl_charAddr is a hostname, then char2oct(pl_charAddr) |
| // is set into pl_octAddr. |
| // If the pl_charAddr is empty, then pl_octAddr will be ''O |
| /////////////////////////////////////////////////////////// |
| private function f_EPTF_Transport_IPsecHandler_getBinaryAddress(in charstring pl_charAddr) return octetstring { |
| var octetstring vl_octAddr := f_convertIPAddrToBinary(pl_charAddr); |
| // if hostname was in the pl_charAddr, then put the hostname in pl_octAddr with char2oct |
| if(vl_octAddr == ''O) { vl_octAddr := char2oct(pl_charAddr); } |
| return vl_octAddr; |
| } |
| |
| } // module |