Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorerititan2016-11-17 04:14:09 -0500
committererititan2016-11-17 04:14:09 -0500
commit1ace4e762242d547e09785e1e43771ab492eac73 (patch)
tree6cbc0bbd183dacd8a2ddf54797ec7b8d6c97bbac
parent0f1d3db1476fb05377b139d4f840ecb8f06f97d9 (diff)
downloadtitan.ProtocolModules.EAP-1ace4e762242d547e09785e1e43771ab492eac73.tar.gz
titan.ProtocolModules.EAP-1ace4e762242d547e09785e1e43771ab492eac73.tar.xz
titan.ProtocolModules.EAP-1ace4e762242d547e09785e1e43771ab492eac73.zip
R4E
-rw-r--r--EAP_CNL113722.tpd29
-rw-r--r--src/EAP.grp24
-rw-r--r--src/EAP_EncDec.cc845
-rw-r--r--src/EAP_Types.ttcn907
4 files changed, 1805 insertions, 0 deletions
diff --git a/EAP_CNL113722.tpd b/EAP_CNL113722.tpd
new file mode 100644
index 0000000..c870c8b
--- /dev/null
+++ b/EAP_CNL113722.tpd
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<TITAN_Project_File_Information version="1.0">
+ <ProjectName>EAP_CNL113722</ProjectName>
+ <Folders>
+ <FolderResource projectRelativePath="src" relativeURI="src"/>
+ </Folders>
+ <Files>
+ <FileResource projectRelativePath="EAP_CNL113722.tpd" relativeURI="EAP_CNL113722.tpd"/>
+ <FileResource projectRelativePath="src/EAP.grp" relativeURI="src/EAP.grp"/>
+ <FileResource projectRelativePath="src/EAP_EncDec.cc" relativeURI="src/EAP_EncDec.cc"/>
+ <FileResource projectRelativePath="src/EAP_Types.ttcn" relativeURI="src/EAP_Types.ttcn"/>
+ </Files>
+ <ActiveConfiguration>Default</ActiveConfiguration>
+ <Configurations>
+ <Configuration name="Default">
+ <ProjectProperties>
+ <MakefileSettings>
+ <generateInternalMakefile>true</generateInternalMakefile>
+ <GNUMake>true</GNUMake>
+ <incrementalDependencyRefresh>true</incrementalDependencyRefresh>
+ <targetExecutable>bin/EAP_CNL113722</targetExecutable>
+ </MakefileSettings>
+ <LocalBuildSettings>
+ <workingDirectory>bin</workingDirectory>
+ </LocalBuildSettings>
+ </ProjectProperties>
+ </Configuration>
+ </Configurations>
+</TITAN_Project_File_Information>
diff --git a/src/EAP.grp b/src/EAP.grp
new file mode 100644
index 0000000..044929d
--- /dev/null
+++ b/src/EAP.grp
@@ -0,0 +1,24 @@
+<!--
+///////////////////////////////////////////////////////////////////////////////
+//
+// Copyright (c) 2000-2016 Ericsson Telecom AB
+//
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// which accompanies this distribution, and is available at
+// http://www.eclipse.org/legal/epl-v10.html
+///////////////////////////////////////////////////////////////////////////////
+//
+// File: EPTF_Radius.grp
+// Description: FileGroup file for EAP
+// Rev: R4E
+// Prodnr: CNL 113 722
+// Updated: 2012-06-13
+// Contact: http://ttcn.ericsson.se
+///////////////////////////////////////////////////////////////////////////////
+-->
+<!DOCTYPE TITAN_GUI_FileGroup_file>
+ <File_Group name="EAP" >
+ <File path="EAP_EncDec.cc" />
+ <File path="EAP_Types.ttcn" />
+ </File_Group>
diff --git a/src/EAP_EncDec.cc b/src/EAP_EncDec.cc
new file mode 100644
index 0000000..178416b
--- /dev/null
+++ b/src/EAP_EncDec.cc
@@ -0,0 +1,845 @@
+///////////////////////////////////////////////////////////////////////////////
+//
+// Copyright (c) 2000-2016 Ericsson Telecom AB
+//
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// which accompanies this distribution, and is available at
+// http://www.eclipse.org/legal/epl-v10.html
+///////////////////////////////////////////////////////////////////////////////
+//
+// File: EAP_EncDec.cc
+// Rev: R4E
+// Prodnr: CNL 113 722
+// Updated: 2014-01-24
+// Contact: http://ttcn.ericsson.se
+// Reference: RFC 3748(Extensible Authentication Protocol)
+// RFC 4187(EAP-AKA)
+// RFC 5448(EAP-AKA')
+// RFC 4186(EAP-SIM)
+// RFC 5281(EAP-TTLS)
+///////////////////////////////////////////////////////////////////////////////
+
+
+
+
+#include "EAP_Types.hh"
+#include <stdint.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+
+namespace EAP__Types {
+
+OCTETSTRING enc__PDU__EAP(const PDU__EAP& pdu)
+{
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Encoding PDU_EAP: ");
+ pdu.log();
+ TTCN_Logger::end_event();
+ }
+
+ TTCN_EncDec::error_type_t err;
+ TTCN_Buffer buf;
+ buf.clear();
+ TTCN_EncDec::clear_error();
+ TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_WARNING);
+ pdu.encode(PDU__EAP_descr_, buf, TTCN_EncDec::CT_RAW);
+ err = TTCN_EncDec::get_last_error_type();
+ if(err != TTCN_EncDec::ET_NONE)
+ TTCN_warning("Encoding error: %s\n", TTCN_EncDec::get_error_str());
+
+ OCTETSTRING ret_val(buf.get_len(), buf.get_data());
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("PDU_EAP after encoding: ");
+ ret_val.log();
+ TTCN_Logger::end_event();
+ }
+
+ return ret_val;
+}
+
+PDU__EAP dec__PDU__EAP(const OCTETSTRING& stream)
+{
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Decoding PDU_EAP: ");
+ stream.log();
+ TTCN_Logger::end_event();
+ }
+
+ TTCN_EncDec::error_type_t err;
+ TTCN_EncDec::clear_error();
+ TTCN_Buffer buf;
+ buf.put_os(stream);
+ PDU__EAP ret_val;
+ TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_WARNING);
+ ret_val.decode(PDU__EAP_descr_, buf, TTCN_EncDec::CT_RAW);
+ err = TTCN_EncDec::get_last_error_type();
+ if(err != TTCN_EncDec::ET_NONE)
+ TTCN_warning("Decoding error: %s\n", TTCN_EncDec::get_error_str());
+
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Decoded PDU_EAP: ");
+ ret_val.log();
+ TTCN_Logger::end_event();
+ }
+
+ return ret_val;
+}
+
+OCTETSTRING enc__AKA__Attrib(const EAP__AKA__Attrib__List& pdu)
+{
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Encoding EAP_AKA_Attrib_List: ");
+ pdu.log();
+ TTCN_Logger::end_event();
+ }
+
+ TTCN_EncDec::error_type_t err;
+ TTCN_Buffer buf;
+ buf.clear();
+ TTCN_EncDec::clear_error();
+ TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_WARNING);
+ pdu.encode(EAP__AKA__Attrib__List_descr_, buf, TTCN_EncDec::CT_RAW);
+ err = TTCN_EncDec::get_last_error_type();
+ if(err != TTCN_EncDec::ET_NONE)
+ TTCN_warning("Encoding error: %s\n", TTCN_EncDec::get_error_str());
+
+ OCTETSTRING ret_val(buf.get_len(), buf.get_data());
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("EAP_AKA_Attrib_List after encoding: ");
+ ret_val.log();
+ TTCN_Logger::end_event();
+ }
+
+ return ret_val;
+}
+
+EAP__AKA__Attrib__List dec__AKA__Attrib(const OCTETSTRING& stream)
+{
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Decoding EAP_AKA_Attrib_List: ");
+ stream.log();
+ TTCN_Logger::end_event();
+ }
+
+ TTCN_EncDec::error_type_t err;
+ TTCN_EncDec::clear_error();
+ TTCN_Buffer buf;
+ buf.put_os(stream);
+ EAP__AKA__Attrib__List ret_val;
+ TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_WARNING);
+ ret_val.decode(EAP__AKA__Attrib__List_descr_, buf, TTCN_EncDec::CT_RAW);
+ err = TTCN_EncDec::get_last_error_type();
+ if(err != TTCN_EncDec::ET_NONE)
+ TTCN_warning("Decoding error: %s\n", TTCN_EncDec::get_error_str());
+
+ if(TTCN_Logger::log_this_event(TTCN_DEBUG)) {
+ TTCN_Logger::begin_event(TTCN_DEBUG);
+ TTCN_Logger::log_event("Decoded EAP_AKA_Attrib_List: ");
+ ret_val.log();
+ TTCN_Logger::end_event();
+ }
+
+ return ret_val;
+}
+
+
+typedef unsigned char u8;
+
+
+void sha1_vector(size_t num_elem, const unsigned char *addr[], const size_t *len, unsigned char *mac)
+{
+ SHA_CTX ctx;
+ SHA_Init(&ctx);
+
+ size_t i;
+
+ for (i = 0; i < num_elem; i++) {
+
+ SHA1_Update(&ctx, addr[i], len[i]);
+ }
+
+ SHA1_Final(mac, &ctx);
+}
+
+
+OCTETSTRING eap__sim__derive__mk(const OCTETSTRING& identity,
+ const OCTETSTRING& nonce_mt, const INTEGER& selected_version,
+ const OCTETSTRING& ver_list,
+ const OCTETSTRING& kc)
+{
+ unsigned char mk[20];
+
+ unsigned char sel_ver[2];
+ const unsigned char *addr[5];
+ size_t len[5];
+
+ addr[0] = (const unsigned char*)identity;
+
+ len[0] = identity.lengthof();
+
+ addr[1] = (const unsigned char*)kc;
+
+ len[1] = kc.lengthof();
+
+ addr[2] = (const unsigned char*)nonce_mt;
+
+ len[2] = nonce_mt.lengthof();
+
+ addr[3] = (const unsigned char*)ver_list;
+
+ len[3] = ver_list.lengthof();
+
+ addr[4] = sel_ver;
+
+ len[4] = 2;
+
+ sel_ver[0] = ((unsigned short) (selected_version)) >> 8;
+ sel_ver[1] = ((unsigned short) (selected_version)) & 0xff;
+
+
+ /* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
+ sha1_vector(5, addr, len, mk);
+
+ OCTETSTRING mk_value(20,mk);
+ return mk_value;
+}
+
+#define bswap_32(a) ((((unsigned int) (a) << 24) & 0xff000000) | \
+ (((unsigned int) (a) << 8) & 0xff0000) | \
+ (((unsigned int) (a) >> 8) & 0xff00) | \
+ (((unsigned int) (a) >> 24) & 0xff))
+
+#ifdef __linux__
+#define host_to_be32(n) ((unsigned int) bswap_32((n)))
+#else
+#define host_to_be32(n) (n)
+#endif
+
+
+
+OCTETSTRING fips186__2__prf(const OCTETSTRING& input /**const unsigned char *seed, size_t seed_len, unsigned char *x, size_t xlen*/)
+{
+ const unsigned char* seed=(const unsigned char*)input;
+ size_t seed_len=input.lengthof();
+ size_t xlen=160;
+ unsigned char x[xlen];
+
+ unsigned char xkey[64];
+ unsigned int _t[5];
+ int i, j, m, k;
+ unsigned char *xpos = x;
+
+ unsigned int carry;
+
+ if (seed_len > sizeof(xkey))
+ seed_len = sizeof(xkey);
+
+
+ /* FIPS 186-2 + change notice 1 */
+
+ memcpy(xkey, seed, seed_len);
+
+ memset(xkey + seed_len, 0, 64 - seed_len);
+
+ SHA_CTX ctx;
+
+ m = xlen / 40;
+
+ for (j = 0; j < m; j++) {
+ /* XSEED_j = 0 */
+ for (i = 0; i < 2; i++) {
+ /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+ /* w_i = G(t, XVAL) */
+
+ SHA_Init(&ctx);
+
+ SHA1_Transform(&ctx , xkey);
+
+ _t[0] = host_to_be32(ctx.h0);
+ _t[1] = host_to_be32(ctx.h1);
+ _t[2] = host_to_be32(ctx.h2);
+ _t[3] = host_to_be32(ctx.h3);
+ _t[4] = host_to_be32(ctx.h4);
+
+ memcpy(xpos, _t, 20);
+
+
+ /* XKEY = (1 + XKEY + w_i) mod 2^b */
+ carry = 1;
+
+ for (k = 19; k >= 0; k--) {
+ carry += xkey[k] + xpos[k];
+
+ xkey[k] = carry & 0xff;
+
+ carry >>= 8;
+ }
+
+ xpos += 20;
+
+ }
+ /* x_j = w_0|w_1 */
+ }
+
+ OCTETSTRING output(xlen,x);
+ return output;
+}
+
+
+
+OCTETSTRING eap__aka__derive__mk(const OCTETSTRING& p_identity, const OCTETSTRING& p_ik, const OCTETSTRING& p_ck)
+{
+ unsigned char mk[20];
+
+ const u8 *identity=(const u8 *)p_identity;
+ size_t identity_len=p_identity.lengthof();
+ const u8 *ik=(const u8 *)p_ik;
+ const u8 *ck=(const u8 *)p_ck;
+
+
+
+ const u8 *addr[3];
+
+ size_t len[3];
+
+ addr[0] = identity;
+
+ len[0] = identity_len;
+
+ addr[1] = ik;
+
+ len[1] = 16;
+
+ addr[2] = ck;
+
+ len[2] = 16;
+
+ /* MK = SHA1(Identity|IK|CK) */
+ sha1_vector(3, addr, len, mk);
+
+ OCTETSTRING mk_value(20,mk);
+ return mk_value;
+}
+
+//Added for EPC
+
+
+#define EAP_AKA_IK_LEN 16
+#define EAP_AKA_CK_LEN 16
+#define EAP_SIM_K_ENCR_LEN 16
+#define EAP_AKA_PRIME_K_AUT_LEN 32
+#define EAP_AKA_PRIME_K_RE_LEN 32
+#define EAP_MSK_LEN 64
+#define EAP_EMSK_LEN 64
+#define SHA256_MAC_LEN 32
+#define SHA256_CHECKCODE_LEN 32
+
+
+
+
+/**
+ * sha256_vector - SHA256 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ * Returns: 0 on success, -1 of failure
+ */
+int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+
+ SHA256_CTX ctx;
+ size_t i;
+
+ SHA256_Init(&ctx);
+ for (i = 0; i < num_elem; i++) {
+ SHA256_Update(&ctx, addr[i], len[i]);
+ }
+ if (SHA256_Final(mac, &ctx))
+ return -1;
+ return 0;
+
+}
+
+/**
+ * hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104)
+ * @key: Key for HMAC operations
+ * @key_len: Length of the key in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash (32 bytes)
+ */
+void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
+ unsigned char tk[32];
+ const u8 *_addr[6];
+ size_t _len[6], i;
+
+ if (num_elem > 5) {
+ /*
+ * Fixed limit on the number of fragments to avoid having to
+ * allocate memory (which could fail).
+ */
+ return;
+ }
+
+ /* if key is longer than 64 bytes reset it to key = SHA256(key) */
+ if (key_len > 64) {
+ sha256_vector(1, &key, &key_len, tk);
+ key = tk;
+ key_len = 32;
+ }
+
+ /* the HMAC_SHA256 transform looks like:
+ *
+ * SHA256(K XOR opad, SHA256(K XOR ipad, text))
+ *
+ * where K is an n byte key
+ * ipad is the byte 0x36 repeated 64 times
+ * opad is the byte 0x5c repeated 64 times
+ * and text is the data being protected */
+
+ /* start out by storing key in ipad */
+ memset(k_pad, 0, sizeof(k_pad));
+ memcpy(k_pad, key, key_len);
+ /* XOR key with ipad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x36;
+
+ /* perform inner SHA256 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ for (i = 0; i < num_elem; i++) {
+ _addr[i + 1] = addr[i];
+ _len[i + 1] = len[i];
+ }
+ sha256_vector(1 + num_elem, _addr, _len, mac);
+
+ memset(k_pad, 0, sizeof(k_pad));
+ memcpy(k_pad, key, key_len);
+ /* XOR key with opad values */
+ for (i = 0; i < 64; i++)
+ k_pad[i] ^= 0x5c;
+
+ /* perform outer SHA256 */
+ _addr[0] = k_pad;
+ _len[0] = 64;
+ _addr[1] = mac;
+ _len[1] = SHA256_MAC_LEN;
+ sha256_vector(2, _addr, _len, mac);
+}
+
+
+static void prf_prime(const u8 *k, const char *seed1,
+ const u8 *seed2, size_t seed2_len,
+ const u8 *seed3, size_t seed3_len,
+ u8 *res, size_t res_len)
+{
+ const u8 *addr[5];
+ size_t len[5];
+ u8 hash[SHA256_MAC_LEN];
+ u8 iter;
+ /*
+ * PRF'(K,S) = T1 | T2 | T3 | T4 | ...
+ * T1 = HMAC-SHA-256 (K, S | 0x01)
+ * T2 = HMAC-SHA-256 (K, T1 | S | 0x02)
+ * T3 = HMAC-SHA-256 (K, T2 | S | 0x03)
+ * T4 = HMAC-SHA-256 (K, T3 | S | 0x04)
+ * ...
+ */
+
+ addr[0] = hash;
+ len[0] = 0;
+ addr[1] = (const u8 *) seed1;
+ len[1] = strlen(seed1);
+ addr[2] = seed2;
+ len[2] = seed2_len;
+ addr[3] = seed3;
+ len[3] = seed3_len;
+ addr[4] = &iter;
+ len[4] = 1;
+
+ iter = 0;
+ while (res_len) {
+ size_t hlen;
+ iter++;
+ hmac_sha256_vector(k, 32, 5, addr, len, hash);
+ len[0] = SHA256_MAC_LEN;
+ hlen = res_len > SHA256_MAC_LEN ? SHA256_MAC_LEN : res_len;
+ memcpy(res, hash, hlen);
+ res += hlen;
+ res_len -= hlen;
+ }
+
+}
+
+OCTETSTRING eap__akaprime__derive__mk(const OCTETSTRING& p_identity, const OCTETSTRING& p_ik, const OCTETSTRING& p_ck)
+{
+ OCTETSTRING mk;
+
+ //const char *identity=oct2str(p_identity).c_str();
+ //const char *identity=(const char *)oct2str(p_identity);
+ //char *identity=oct2str(p_identity);
+
+ //size_t identity_len=p_identity.lengthof();
+
+ const u8 *identity=(const u8 *)p_identity;
+ size_t identity_len=p_identity.lengthof();
+ const u8 *ik=(const u8 *)p_ik;
+ const u8 *ck=(const u8 *)p_ck;
+
+ //char *ik=oct2str(p_ik);
+ //char *ck=oct2str(p_ck);
+ //const unsigned char *ik=(const unsigned char *)p_ik;
+
+ //const unsigned char *ck=(const unsigned char *)p_ck;
+
+ uint8_t key[EAP_AKA_IK_LEN + EAP_AKA_CK_LEN];
+ uint8_t keys[EAP_SIM_K_ENCR_LEN + EAP_AKA_PRIME_K_AUT_LEN +
+ EAP_AKA_PRIME_K_RE_LEN + EAP_MSK_LEN + EAP_EMSK_LEN];
+ // uint8_t *pos;
+
+ memset(key, 0, sizeof(key));
+ memset(keys, 0, sizeof(keys));
+ memcpy(key, ik, EAP_AKA_IK_LEN);
+ memcpy(key + EAP_AKA_IK_LEN, ck, EAP_AKA_CK_LEN);
+
+ prf_prime(key, "EAP-AKA'", (const uint8_t*)identity, identity_len, NULL, 0,
+ keys, sizeof(keys));
+ OCTETSTRING mk_value(208,keys);
+ return mk_value;
+}
+
+OCTETSTRING Calculate__AT__CheckCode(const OCTETSTRING& rcv_eappayload_octstring,const OCTETSTRING& send_eappayload_octstring)
+{
+ const u8 *addr;
+ size_t len;
+ u8 hash[SHA256_CHECKCODE_LEN];
+
+ OCTETSTRING eappayload1=rcv_eappayload_octstring+send_eappayload_octstring;
+
+ const u8* eappayload=(const u8 *)eappayload1;
+
+ addr=eappayload;
+
+ len=eappayload1.lengthof();;
+
+ sha256_vector(1, &addr, &len, hash);
+
+ OCTETSTRING output(32,hash);
+
+ return output;
+
+}
+
+
+const unsigned char * change_ByteOrder(unsigned int in)
+{
+ static unsigned char out[4] ;
+ out[0] = (unsigned char)((in & 0xFF000000) >> 24);
+ out[1] = (unsigned char)((in & 0x00FF0000) >> 16);
+ out[2] = (unsigned char)((in & 0x0000FF00) >> 8);
+ out[3] = (unsigned char)(in & 0x000000FF);
+ return out;
+} // change_ByteOrder
+
+
+OCTETSTRING f__calc__Kaut(const OCTETSTRING& input, OCTETSTRING& Kencr)
+{
+ unsigned char xval[64];
+ unsigned char xkey[SHA_DIGEST_LENGTH];
+ SHA1((const unsigned char*)input, input.lengthof(), xkey);
+ unsigned char dummy[128];
+ unsigned char x_out[80];//40 bytes for each (m) iteration
+ int m = 2;
+
+ for(int j = 0; j < m; j++){
+ for(int i = 0; i < 2; i++){
+ memcpy(xval, xkey, 20);//xval = xkey mod 2^160
+ memset(xval + 20, 0, 44);//padding xval to 64 bytes
+
+ SHA_CTX c;
+ SHA1_Init(&c);
+ SHA1_Update(&c, xval, 64);
+
+ memcpy(x_out + j * 40 + i * 20, change_ByteOrder(c.h0), 4);
+ memcpy(x_out + j * 40 + i * 20 + 4, change_ByteOrder(c.h1), 4);
+ memcpy(x_out + j * 40 + i * 20 + 8, change_ByteOrder(c.h2), 4);
+ memcpy(x_out + j * 40 + i * 20 + 12, change_ByteOrder(c.h3), 4);
+ memcpy(x_out + j * 40 + i * 20 + 16, change_ByteOrder(c.h4), 4);//w_i
+
+ BIGNUM * bn1 = BN_new();
+ BIGNUM * bn2 = BN_new();
+ BIGNUM * bn3 = BN_new();
+ if(!bn1 || !bn2 || !bn3)
+ TTCN_error("Key generation failed");
+
+ BN_bin2bn(xkey, 20, bn1);//xkey
+
+ BN_one(bn2);//1
+
+ BN_add(bn3, bn1, bn2);//bn3 = xkey + 1
+
+ BN_bin2bn(x_out + j * 40, 20, bn2);//w_i
+
+ BN_add(bn1, bn3, bn2);//bn1 = xkey + 1 + w_i
+
+ BN_bn2bin(bn1, dummy);
+ for(int k = 0; k < 20; k++){
+ if(BN_num_bytes(bn1) - 1 - k < 0)
+ xkey[19 - k] = '\0';
+ else
+ xkey[19 - k] = dummy[BN_num_bytes(bn1) - 1 - k];
+ }//xkey = (xkey + 1 + w_i) mod 2 ^ 160
+
+ BN_free(bn1);
+ BN_free(bn2);
+ BN_free(bn3);
+ }
+ }
+
+ Kencr = OCTETSTRING(16, x_out);
+ OCTETSTRING Kaut = OCTETSTRING(16, x_out + 16);
+ // PMK = OCTETSTRING(32, x_out + 32);
+
+ return Kaut;
+}
+
+OCTETSTRING f__calc__AKA__Keys(const OCTETSTRING& pl_eap_identity, const OCTETSTRING& pl_AKA_K,const OCTETSTRING& pl_rand,OCTETSTRING& pl_AK,OCTETSTRING& pl_Kaut,OCTETSTRING& pl_Kencr)
+{
+ const OCTETSTRING& xdout = pl_AKA_K ^ pl_rand;
+ const OCTETSTRING& IK = xdout <<= 2;
+ const OCTETSTRING& CK = xdout <<= 1;
+ pl_AK = OCTETSTRING(6, ((const unsigned char*)xdout) + 3);
+ pl_Kaut = f__calc__Kaut(pl_eap_identity + IK + CK,pl_Kencr);
+ return xdout;
+}
+
+
+void f__get__ServersPublicKey(const OCTETSTRING& pl_certificate, OCTETSTRING& pl_modules, OCTETSTRING& pl_exponent)
+{
+ X509 *x;
+ const unsigned char *cert = (const unsigned char *)pl_certificate;
+
+ x = NULL;
+
+ d2i_X509(&x, &cert, pl_certificate.lengthof());
+ // X509_print_fp(stdout, x);
+
+ if (x != NULL)
+ {
+ unsigned char *pkd = x->cert_info->key->public_key->data;
+
+ if(pkd != NULL)
+ {
+ //int structlength = 0;
+ int structlengthlength = 0;
+ int moduleslength = 0;
+ int moduleslengthlength = 0;
+ int exponentlength = 0;
+ int exponentlengthlength = 0;
+ if(pkd[1] & 0x80)
+ {
+ structlengthlength = (pkd[1] & 0x7f);
+ //structlength = oct2int((OCTETSTRING(structlengthlength, (const unsigned char *)(pkd + 2))));
+ }
+ //else
+ //{
+ //structlength = pkd[1];
+ //}
+ //type,length,type
+ if(pkd[structlengthlength + 3] & 0x80)
+ {
+ moduleslengthlength = (pkd[structlengthlength + 3] & 0x7f);
+ moduleslength = oct2int((OCTETSTRING(moduleslengthlength, (const unsigned char *)(pkd + structlengthlength + 4))));
+ }
+ else
+ {
+ moduleslength = pkd[structlengthlength + 3];
+ }
+ pl_modules = (OCTETSTRING(moduleslength, (const unsigned char *)(pkd + 4 + structlengthlength + moduleslengthlength)));
+
+ if(pkd[moduleslength + structlengthlength + moduleslengthlength + 5] & 0x80)
+ {
+ exponentlengthlength = (pkd[moduleslength + structlengthlength + moduleslengthlength + 5] & 0x7f);
+ exponentlength = oct2int((OCTETSTRING(exponentlengthlength, (const unsigned char *)(pkd + moduleslength + structlengthlength + moduleslengthlength + 6))));
+ }
+ else
+ {
+ exponentlength = pkd[moduleslength + structlengthlength + moduleslengthlength + 5];
+ }
+ pl_exponent = (OCTETSTRING(exponentlength, (const unsigned char *)(pkd + 6 + structlengthlength + moduleslengthlength + moduleslength + exponentlengthlength)));
+ }
+ }
+}
+#define MAX_MESSAGE_LENGTH 4096
+
+
+
+
+
+
+void hmac_sha1(
+ unsigned char *key,
+ int key_length,
+ unsigned char *data,
+ int data_length,
+ unsigned char *digest
+ )
+
+{
+ int b = 64; /* blocksize */
+ unsigned char ipad = 0x36;
+
+ unsigned char opad = 0x5c;
+
+ unsigned char k0[64];
+ unsigned char k0xorIpad[64];
+ unsigned char step7data[64];
+ unsigned char step5data[MAX_MESSAGE_LENGTH+128];
+ unsigned char step8data[64+20];
+ int i;
+
+ for (i=0; i<64; i++)
+ {
+ k0[i] = 0x00;
+ }
+
+
+
+ if (key_length != b) /* Step 1 */
+ {
+ /* Step 2 */
+ if (key_length > b)
+ {
+ SHA1(key, key_length, digest);
+ for (i=0;i<20;i++)
+ {
+ k0[i]=digest[i];
+ }
+ }
+ else if (key_length < b) /* Step 3 */
+ {
+ for (i=0; i<key_length; i++)
+ {
+ k0[i] = key[i];
+ }
+ }
+ }
+ else
+ {
+ for (i=0;i<b;i++)
+ {
+ k0[i] = key[i];
+ }
+ }
+ /* Step 4 */
+ for (i=0; i<64; i++)
+ {
+ k0xorIpad[i] = k0[i] ^ ipad;
+ }
+ /* Step 5 */
+ for (i=0; i<64; i++)
+ {
+ step5data[i] = k0xorIpad[i];
+ }
+ for (i=0;i<data_length;i++)
+ {
+ step5data[i+64] = data[i];
+ }
+
+ /* Step 6 */
+ SHA1(step5data, data_length+b, digest);
+
+ /* Step 7 */
+ for (i=0; i<64; i++)
+ {
+ step7data[i] = k0[i] ^ opad;
+ }
+
+
+ /* Step 8 */
+ for (i=0;i<64;i++)
+ {
+ step8data[i] = step7data[i];
+ }
+ for (i=0;i<20;i++)
+ {
+ step8data[i+64] = digest[i];
+ }
+
+
+ /* Step 9 */
+ SHA1(step8data, b+20, digest);
+
+}
+
+
+
+OCTETSTRING f__prf(const OCTETSTRING& pl_key, const OCTETSTRING& pl_prefix,
+ const OCTETSTRING& pl_data, const INTEGER& result_length_inOctets)
+{
+ unsigned char *key = (unsigned char*)(const unsigned char*)pl_key;
+ int key_length = pl_key.lengthof();
+ const unsigned char *prefix = (const unsigned char*)pl_prefix;
+ int prefix_length = pl_prefix.lengthof();
+ const unsigned char *data = (const unsigned char*)pl_data;
+ int data_length = pl_data.lengthof();
+ unsigned char r[MAX_MESSAGE_LENGTH*2+128];
+ int r_length;
+ unsigned char hmac_sha_result[20];
+ unsigned char input_data[MAX_MESSAGE_LENGTH*2+128];
+ int input_data_length;
+ int i,j;
+ r_length = 0;
+
+ for (i=0; i<((result_length_inOctets*8+159)/160); i++)
+ {
+ for (j=0;j<prefix_length;j++)
+ {
+ input_data[j] = prefix[j];
+ }
+ input_data[prefix_length]= 0x00;
+ for (j=0;j<data_length;j++)
+ {
+ input_data[prefix_length+j+1] = data[j];
+ }
+ input_data_length = prefix_length + data_length + 1;
+
+ input_data[input_data_length] = (unsigned char)i;
+ input_data_length++;
+ input_data[input_data_length] = 0x00;
+ OCTETSTRING vl_input(input_data_length,input_data);
+ hmac_sha1(key, key_length, input_data, input_data_length,hmac_sha_result);
+ for (j=0; j<20; j++)
+ {
+ r[r_length+j] = hmac_sha_result[j];
+ }
+ r_length = r_length+20;
+ }
+ OCTETSTRING result(result_length_inOctets,r);
+ return result;
+}
+
+
+
+
+
+}
diff --git a/src/EAP_Types.ttcn b/src/EAP_Types.ttcn
new file mode 100644
index 0000000..c6ecc45
--- /dev/null
+++ b/src/EAP_Types.ttcn
@@ -0,0 +1,907 @@
+///////////////////////////////////////////////////////////////////////////////
+//
+// Copyright (c) 2000-2016 Ericsson Telecom AB
+//
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// which accompanies this distribution, and is available at
+// http://www.eclipse.org/legal/epl-v10.html
+///////////////////////////////////////////////////////////////////////////////
+//
+// File: EAP_Types.ttcn
+// Rev: R4E
+// Prodnr: CNL 113 722
+// Updated: 2014-01-24
+// Contact: http://ttcn.ericsson.se
+// Reference: RFC 3748(Extensible Authentication Protocol)
+// RFC 4187(EAP-AKA)
+// RFC 5448(EAP-AKA')
+// RFC 4186(EAP-SIM)
+// RFC 5281(EAP-TTLS)
+///////////////////////////////////////////////////////////////////////////////
+
+
+module EAP_Types
+{
+
+ external function enc_PDU_EAP(in PDU_EAP pdu) return octetstring;
+
+ external function dec_PDU_EAP(in octetstring stream) return PDU_EAP;
+
+ external function enc_AKA_Attrib(in EAP_AKA_Attrib_List pdu) return octetstring;
+
+ external function dec_AKA_Attrib(in octetstring stream) return EAP_AKA_Attrib_List;
+
+
+ external function eap_sim_derive_mk(octetstring identity,octetstring nonce_mt,integer selected_version,octetstring ver_list,octetstring kc) return octetstring;
+ external function fips186_2_prf(octetstring input) return octetstring;
+
+ external function eap_aka_derive_mk(octetstring identity,octetstring ik,octetstring ck) return octetstring;
+
+ //external function eap_aka_prime_derive_keys(octetstring identity,integer len,octetstring ik,octetstring ck,octetstring k_encr,octetstring k_aut, octetstring k_re, octetstring msk, octetstring emsk);
+ external function eap_akaprime_derive_mk(octetstring identity,octetstring ik,octetstring ck) return octetstring;
+ external function Calculate_AT_CheckCode(octetstring rcveap,octetstring sendeap) return octetstring;
+ external function f_calc_Kaut(in octetstring input,inout octetstring kencr) return octetstring;
+ external function f_calc_AKA_Keys(in octetstring pl_eap_identity, in octetstring pl_AKA_K,in octetstring pl_rand, inout octetstring pl_AK,inout octetstring pl_Kaut,inout octetstring pl_Kencr) return octetstring
+
+
+external function f_enc_eap_sim_attrib_list(in EAP_SIM_Attrib_List pdu) return octetstring
+with { extension "prototype(convert)" extension "encode(RAW)" }
+
+external function f_dec_eap_sim_attrib_list(in octetstring stream) return EAP_SIM_Attrib_List
+with { extension "prototype(convert)" extension "decode(RAW)" }
+
+external function f_enc_eap_aka_attrib_list(in EAP_AKA_Attrib_List pdu) return octetstring
+with { extension "prototype(convert)" extension "encode(RAW)" }
+
+external function f_dec_eap_aka_attrib_list(in octetstring stream) return EAP_AKA_Attrib_List
+with { extension "prototype(convert)" extension "decode(RAW)" }
+
+external function f_enc_tls_handshakeData(in TLS_HandshakeData_t pdu) return octetstring
+with { extension "prototype(convert)" extension "encode(RAW)" }
+
+external function f_dec_tls_handshakeData(in octetstring stream) return TLS_HandshakeData_t
+with { extension "prototype(convert)" extension "decode(RAW)" }
+
+
+external function f_get_ServersPublicKey(in octetstring certificate,out octetstring key, out octetstring exponent);
+external function f_prf(in octetstring p_key,in octetstring p_prefix, in octetstring p_data, in integer p_outLength) return octetstring;
+
+ //
+ // Basic type definitions
+ //
+
+ type integer U_INT8 (0..255) with {
+ variant "FIELDLENGTH(8)"
+ variant "BYTEORDER(last)"
+ }
+
+ type integer U_INT16 (0..65535) with {
+ variant "FIELDLENGTH(16)"
+ variant "BYTEORDER(last)"
+ }
+
+ type integer U_INT24 (0..16777215) with {
+ variant "FIELDLENGTH(24)"
+ variant "BYTEORDER(last)"
+ }
+
+ type integer U_INT32 (0..4294967296) with {
+ variant "FIELDLENGTH(32)"
+ variant "BYTEORDER(last)"
+ }
+
+ type integer U_INT64 with {
+ variant "FIELDLENGTH(64)"
+ variant "BYTEORDER(last)"
+ }
+
+ type integer S_INT32 with {
+ variant "FIELDLENGTH(32)"
+ variant "BYTEORDER(last)"
+ variant "COMP(2scompl)"
+ }
+
+ type octetstring OCTET_1 length(1)
+ type octetstring OCTET_2 length(2)
+ type octetstring OCTET_3 length(3)
+ type octetstring OCTET_4 length(4)
+ type octetstring OCTET_6 length(6)
+ type octetstring OCTET_8 length(8)
+ type octetstring OCTET_12 length(12)
+ type octetstring OCTET_14 length(14)
+ type octetstring OCTET_16 length(16)
+ type octetstring OCTET_20 length(20)
+ type octetstring OCTET_28 length(28)
+ type octetstring OCTET_32 length(32)
+ type bitstring BIT1 length(1) with { variant "FIELDLENGTH(1)" };
+ type bitstring BIT2 length(2) with { variant "FIELDLENGTH(2)" };
+ type bitstring BIT3 length(3) with { variant "FIELDLENGTH(3)" };
+ type bitstring BIT5 length(5) with { variant "FIELDLENGTH(5)" };
+ type bitstring BIT7 length(7) with { variant "FIELDLENGTH(7)" };
+
+//================================================
+ type enumerated EAP_Packet_Code
+ {
+ Request_Code (1),
+ Response_Code (2),
+ Success_Code (3),
+ Failure_Code (4),
+ Unknown_Code (5)
+ }with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type enumerated EAP_Packet_Type
+ {
+ EAP_Identity (1),
+ EAP_Notification (2),
+ EAP_Nak (3),
+ EAP_Md5_Challenge (4),
+ EAP_One_Time_Password (5),
+ EAP_Generic_Token_Card (6),
+ EAP_Tls (13),
+ EAP_Sim (18),
+ EAP_Ttls (21),
+ EAP_Aka (23),
+ EAP_AkaPrime (50)
+ }with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type record At_Void_t
+ {
+ U_INT16 reserved
+ }
+
+ type record At_Padding_t
+ {
+ octetstring reserved
+ }
+
+ type record At_Short_t
+ {
+ U_INT16 data_value
+ }
+
+ type record At_Long_t
+ {
+ U_INT16 reserved,
+ OCTET_16 data_value
+ }
+
+ type record At_Checkcode_t
+ {
+ U_INT16 reserved,
+ OCTET_32 data_value optional
+ }
+
+ type record of OCTET_16 octet16_list;
+
+ type record At_Long_Rand_t
+ {
+ U_INT16 reserved,
+ octet16_list data_value
+ }
+
+ type record At_Long_w_Length_t
+ {
+ U_INT16 actual_length,
+ octetstring data_value
+ }with {
+ variant(actual_length) "LENGTHTO(data_value)"
+ }
+
+ type record At_Long_w_Length_Res_t
+ {
+ U_INT16 actual_length,
+ octetstring data_value
+ }with {
+ variant(actual_length) "LENGTHTO(data_value)"
+ variant(actual_length) "UNIT(bits)"
+ }
+
+ type record of U_INT16 integer16_list;
+
+ type record At_List_t
+ {
+ U_INT16 actual_length,
+ integer16_list data_value
+ }with {
+ variant(actual_length) "LENGTHTO(data_value)"
+ }
+
+ type record At_AKA_Auts_t
+ {
+ OCTET_14 data_value
+ }
+
+ type record At_Encr_Data_t
+ {
+ U_INT16 reserved,
+ octetstring data_value
+ }
+
+
+ // AKA Attributes
+
+ type At_Long_t At_Data_AKA_Rand;
+ type At_Checkcode_t At_Data_AKA_Checkcode;
+ type At_Long_t At_Data_AKA_Autn;
+ type At_Padding_t At_Data_AKA_Padding;
+ type At_Long_t At_Data_AKA_Mac;
+ type At_Long_t At_Data_AKA_Iv;
+ type At_Long_w_Length_t At_Data_AKA_Identity;
+ type At_Long_w_Length_Res_t At_Data_AKA_Res;
+ type At_Void_t At_Data_AKA_Result_Ind;
+ type At_Short_t At_Data_AKA_Notification;
+ type At_Short_t At_Data_AKA_Client_Error_Code;
+ type At_AKA_Auts_t At_Data_AKA_Auts;
+ type At_Encr_Data_t At_Data_AKA_Encr_Data;
+ type At_Void_t At_Data_AKA_PermanentIdReq;
+ type At_Void_t At_Data_AKA_AnyIdReq;
+ type At_Void_t At_Data_AKA_FullauthIdReq;
+ type At_Long_w_Length_t At_Data_AKA_NextPseudonym;
+ type At_Long_w_Length_t At_Data_AKA_NextReauthId;
+ type At_Short_t At_Data_AKA_Counter;
+ type At_Void_t At_Data_AKA_Counter_Too_Small;
+ type At_Long_t At_Data_AKA_NonceS;
+
+
+ type union EAP_AKA_Attribute_Data {
+ At_Data_AKA_PermanentIdReq at_data_AKA_PermanentIdReq,
+ At_Data_AKA_Rand at_data_AKA_Rand,
+ At_Data_AKA_Checkcode at_data_AKA_Checkcode,
+ At_Data_AKA_Autn at_data_AKA_Autn,
+ At_Data_AKA_Padding at_data_AKA_Padding,
+ At_Data_AKA_Mac at_data_AKA_Mac,
+ At_Data_AKA_Iv at_data_AKA_Iv,
+ At_Data_AKA_Identity at_data_AKA_Identity,
+ At_Data_AKA_Res at_data_AKA_Res,
+ At_Data_AKA_Result_Ind at_data_AKA_Result_Ind,
+ At_Data_AKA_Notification at_data_AKA_Notification,
+ At_Data_AKA_Client_Error_Code at_data_AKA_Client_Error_Code,
+ At_Data_AKA_Auts at_data_AKA_Auts,
+ At_Data_AKA_NextPseudonym at_data_AKA_NextPseudonym,
+ At_Data_AKA_NextReauthId at_data_AKA_NextReauthId,
+ At_Data_AKA_Encr_Data at_data_AKA_Encr_Data,
+ At_Data_AKA_Counter at_data_AKA_Counter,
+ At_Data_AKA_Counter_Too_Small at_data_AKA_Counter_Too_Small,
+ At_Data_AKA_NonceS at_data_AKA_NonceS
+ }
+
+ type record EAP_AKA_Attrib_t
+ {
+ EAP_AKA_Attribute_Type attrib_type,
+ U_INT8 attrib_length,
+ EAP_AKA_Attribute_Data attrib_value optional
+ } with {
+ variant (attrib_value) "CROSSTAG(
+ at_data_AKA_PermanentIdReq, attrib_type=At_AKA_Permanent_Id_Req;
+ at_data_AKA_Rand, attrib_type=At_AKA_Rand;
+ at_data_AKA_Checkcode, attrib_type=At_AKA_Checkcode;
+ at_data_AKA_Autn, attrib_type=At_AKA_Autn;
+ at_data_AKA_Padding, attrib_type=At_AKA_Padding;
+ at_data_AKA_Mac, attrib_type=At_AKA_Mac;
+ at_data_AKA_Iv, attrib_type=At_AKA_Iv;
+ at_data_AKA_Identity, attrib_type=At_AKA_Identity;
+ at_data_AKA_Res, attrib_type=At_AKA_Res;
+ at_data_AKA_Result_Ind, attrib_type=At_AKA_Result_Ind;
+ at_data_AKA_Notification, attrib_type=At_AKA_Notification;
+ at_data_AKA_Client_Error_Code, attrib_type=At_AKA_Client_Error_Code;
+ at_data_AKA_Auts, attrib_type=At_AKA_Auts;
+ at_data_AKA_NextPseudonym, attrib_type=At_AKA_Next_Pseudonym;
+ at_data_AKA_NextReauthId, attrib_type=At_AKA_Next_Reauth_Id;
+ at_data_AKA_Encr_Data, attrib_type=At_AKA_Encr_Data;
+ at_data_AKA_Counter, attrib_type=At_AKA_Counter;
+ at_data_AKA_Counter_Too_Small, attrib_type=At_AKA_Counter_Too_Small;
+ at_data_AKA_NonceS, attrib_type=At_AKA_Nonce_S)"
+ variant(attrib_length) "LENGTHTO(attrib_type,attrib_length,attrib_value)"
+ variant(attrib_length) "UNIT(dword32)"
+ variant "PADDING(dword32)"
+ }
+
+
+ // AKA' Attributes
+
+ type At_Long_w_Length_t At_Data_AKAPrime_KDF_INPUT;
+ type At_Short_t At_Data_AKAPrime_KDF;
+
+ type union EAP_AKAPrime_Attribute_Data {
+ At_Data_AKA_PermanentIdReq at_data_AKA_PermanentIdReq,
+ At_Data_AKA_Rand at_data_AKA_Rand,
+ At_Data_AKA_Checkcode at_data_AKA_Checkcode,
+ At_Data_AKA_Autn at_data_AKA_Autn,
+ At_Data_AKA_Padding at_data_AKA_Padding,
+ At_Data_AKA_Mac at_data_AKA_Mac,
+ At_Data_AKA_Iv at_data_AKA_Iv,
+ At_Data_AKA_Identity at_data_AKA_Identity,
+ At_Data_AKA_Res at_data_AKA_Res,
+ At_Data_AKA_Result_Ind at_data_AKA_Result_Ind,
+ At_Data_AKA_Notification at_data_AKA_Notification,
+ At_Data_AKA_Client_Error_Code at_data_AKA_Client_Error_Code,
+ At_Data_AKA_Auts at_data_AKA_Auts,
+ At_Data_AKA_Encr_Data at_data_AKA_Encr_Data,
+ At_Data_AKA_Counter at_data_AKA_Counter,
+ At_Data_AKA_Counter_Too_Small at_data_AKA_Counter_Too_Small,
+ At_Data_AKAPrime_KDF_INPUT at_data_AKAPrime_KDF_INPUT,
+ At_Data_AKAPrime_KDF at_data_AKAPrime_KDF
+ }
+
+
+ type record EAP_AKAPrime_Attrib_t
+ {
+ EAP_AKAPrime_Attribute_Type attrib_type,
+ U_INT8 attrib_length,
+ EAP_AKAPrime_Attribute_Data attrib_value optional
+ }with {
+ variant (attrib_value) "CROSSTAG(
+ at_data_AKA_PermanentIdReq, attrib_type=At_AKA_Permanent_Id_Req;
+ at_data_AKA_Rand, attrib_type=At_AKA_Rand;
+ at_data_AKA_Checkcode, attrib_type=At_AKA_Checkcode;
+ at_data_AKA_Autn, attrib_type=At_AKA_Autn;
+ at_data_AKA_Padding, attrib_type=At_AKA_Padding;
+ at_data_AKA_Mac, attrib_type=At_AKA_Mac;
+ at_data_AKA_Iv, attrib_type=At_AKA_Iv;
+ at_data_AKA_Identity, attrib_type=At_AKA_Identity;
+ at_data_AKA_Res, attrib_type=At_AKA_Res;
+ at_data_AKA_Result_Ind, attrib_type=At_AKA_Result_Ind;
+ at_data_AKA_Notification, attrib_type=At_AKA_Notification;
+ at_data_AKA_Client_Error_Code, attrib_type=At_AKA_Client_Error_Code;
+ at_data_AKA_Auts, attrib_type=At_AKA_Auts;
+ at_data_AKA_Encr_Data, attrib_type=At_AKA_Encr_Data;
+ at_data_AKA_Counter, attrib_type=At_AKA_Counter;
+ at_data_AKA_Counter_Too_Small, attrib_type=At_AKA_Counter_Too_Small;
+ at_data_AKAPrime_KDF_INPUT, attrib_type=At_AKA_KDF_INPUT;
+ at_data_AKAPrime_KDF, attrib_type=At_AKA_KDF)"
+ variant(attrib_length) "LENGTHTO(attrib_type,attrib_length,attrib_value)"
+ variant(attrib_length) "UNIT(dword32)"
+ variant "PADDING(dword32)"
+ }
+
+ type enumerated EAP_AKA_SubType
+ {
+ EAP_AKA_Challenge (1),
+ EAP_AKA_Authentication_Reject (2),
+ EAP_AKA_Synchronization_Failure (4),
+ EAP_AKA_Identity (5),
+ EAP_AKA_Notification (12),
+ EAP_AKA_Reauthentication (13),
+ EAP_AKA_Client_Error (14),
+ EAP_AKA_Wrong_Subtype (88)
+ }with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type enumerated EAP_AKA_Attribute_Type
+ {
+ At_AKA_Rand (1),
+ At_AKA_Autn (2),
+ At_AKA_Res (3),
+ At_AKA_Auts (4),
+ At_AKA_Padding (6),
+ At_AKA_Permanent_Id_Req (10),
+ At_AKA_Mac (11),
+ At_AKA_Notification (12),
+ At_AKA_Any_Id_Req (13),
+ At_AKA_Identity (14),
+ At_AKA_Fullauth_Id_Req (17),
+ At_AKA_Counter (19),
+ At_AKA_Counter_Too_Small (20),
+ At_AKA_Nonce_S (21),
+ At_AKA_Client_Error_Code (22),
+ At_AKA_Iv (129),
+ At_AKA_Encr_Data (130),
+ At_AKA_Next_Pseudonym (132),
+ At_AKA_Next_Reauth_Id (133),
+ At_AKA_Checkcode (134),
+ At_AKA_Result_Ind (135)
+ }with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type enumerated EAP_AKAPrime_Attribute_Type
+ {
+ At_AKA_Rand (1),
+ At_AKA_Autn (2),
+ At_AKA_Res (3),
+ At_AKA_Auts (4),
+ At_AKA_Padding (6),
+ At_AKA_Permanent_Id_Req (10),
+ At_AKA_Mac (11),
+ At_AKA_Notification (12),
+ At_AKA_Any_Id_Req (13),
+ At_AKA_Identity (14),
+ At_AKA_Fullauth_Id_Req (17),
+ At_AKA_Counter (19),
+ At_AKA_Counter_Too_Small (20),
+ At_AKA_Nonce_S (21),
+ At_AKA_Client_Error_Code (22),
+ At_AKA_KDF_INPUT (23),
+ At_AKA_KDF (24),
+ At_AKA_Iv (129),
+ At_AKA_Encr_Data (130),
+ At_AKA_Next_Pseudonym (132),
+ At_AKA_Next_Reauth_Id (133),
+ At_AKA_Checkcode (134),
+ At_AKA_Result_Ind (135)
+ }with {
+ variant "FIELDLENGTH(8)"
+ }
+
+
+ type At_Void_t At_Data_SIM_PermanentIdReq;
+ type At_Void_t At_Data_SIM_FullAuthIdReq;
+ type At_Void_t At_Data_SIM_AnyIdReq;
+ type At_List_t At_Data_SIM_Version_List;
+ type At_Long_t At_Data_SIM_NonceMT;
+ type At_Long_w_Length_t At_Data_SIM_Identity;
+ type At_Short_t At_Data_SIM_SelectedVersion;
+ type At_Long_Rand_t At_Data_SIM_Rand;
+ type At_Long_t At_Data_SIM_Iv;
+ type At_Encr_Data_t At_Data_SIM_Encr_Data;
+ type At_Long_t At_Data_SIM_Mac;
+ type At_Long_w_Length_t At_Data_SIM_Next_Pseudonym;
+ type At_Long_t At_Data_SIM_NonceS;
+ type At_Long_w_Length_Res_t At_Data_SIM_Next_ReauthId;
+ type At_Padding_t At_Data_SIM_Padding;
+ type At_Short_t At_Data_SIM_Counter;
+ type At_Void_t At_Data_SIM_CounterTooSmall;
+ type At_Short_t At_Data_SIM_Notification;
+ type At_Void_t At_Data_SIM_Result_Ind;
+ type At_Short_t At_Data_SIM_Client_Error_Code;
+
+ type union EAP_SIM_Attribute_Data {
+ At_Data_SIM_PermanentIdReq at_data_SIM_PermanentIdReq,
+ At_Data_SIM_FullAuthIdReq at_data_SIM_FullAuthIdReq,
+ At_Data_SIM_AnyIdReq at_data_SIM_AnyIdReq,
+ At_Data_SIM_Version_List at_data_SIM_Version_List,
+ At_Data_SIM_NonceMT at_data_SIM_NonceMT,
+ At_Data_SIM_Identity at_data_SIM_Identity,
+ At_Data_SIM_SelectedVersion at_data_SIM_SelectedVersion,
+ At_Data_SIM_Rand at_data_SIM_Rand,
+ At_Data_SIM_Iv at_data_SIM_Iv,
+ At_Data_SIM_Encr_Data at_data_SIM_Encr_Data,
+ At_Data_SIM_Mac at_data_SIM_Mac,
+ At_Data_SIM_Next_Pseudonym at_data_SIM_Next_Pseudonym,
+ At_Data_SIM_NonceS at_data_SIM_NonceS,
+ At_Data_SIM_Next_ReauthId at_data_SIM_Next_ReauthId,
+ At_Data_SIM_Padding at_data_SIM_Padding,
+ At_Data_SIM_Counter at_data_SIM_Counter,
+ At_Data_SIM_CounterTooSmall at_data_SIM_CounterTooSmall,
+ At_Data_SIM_Notification at_data_SIM_Notification,
+ At_Data_SIM_Result_Ind at_data_SIM_Result_Ind,
+ At_Data_SIM_Client_Error_Code at_data_SIM_Client_Error_Code
+ }
+
+ type record EAP_SIM_Attrib_t
+ {
+ EAP_SIM_Attribute_Type attrib_type,
+ U_INT8 attrib_length,
+ EAP_SIM_Attribute_Data attrib_value optional
+ } with {
+ variant (attrib_value) "CROSSTAG(
+ at_data_SIM_PermanentIdReq, attrib_type=At_SIM_Permanent_Id_Req;
+ at_data_SIM_FullAuthIdReq, attrib_type=At_SIM_FullAuth_Id_Req;
+ at_data_SIM_AnyIdReq, attrib_type=At_SIM_Any_Id_Req;
+ at_data_SIM_Version_List, attrib_type=At_SIM_Version_List;
+ at_data_SIM_NonceMT, attrib_type=At_SIM_NonceMT;
+ at_data_SIM_Identity, attrib_type=At_SIM_Identity;
+ at_data_SIM_SelectedVersion, attrib_type=At_SIM_SelectedVersion;
+ at_data_SIM_Rand, attrib_type=At_SIM_Rand;
+ at_data_SIM_Iv, attrib_type=At_SIM_Iv;
+ at_data_SIM_Encr_Data, attrib_type=At_SIM_Encr_Data;
+ at_data_SIM_Mac, attrib_type=At_SIM_Mac;
+ at_data_SIM_Next_Pseudonym, attrib_type=At_SIM_Next_Pseudonym;
+ at_data_SIM_NonceS, attrib_type=At_SIM_NonceS;
+ at_data_SIM_Next_ReauthId, attrib_type=At_SIM_Next_ReauthId;
+ at_data_SIM_Padding, attrib_type=At_SIM_Padding;
+ at_data_SIM_Counter, attrib_type=At_SIM_Counter;
+ at_data_SIM_CounterTooSmall, attrib_type=At_SIM_CounterTooSmall;
+ at_data_SIM_Notification, attrib_type=At_SIM_Notification;
+ at_data_SIM_Result_Ind, attrib_type=At_SIM_Result_Ind;
+ at_data_SIM_Client_Error_Code, attrib_type=At_SIM_Client_Error_Code)"
+ variant(attrib_length) "LENGTHTO(attrib_type,attrib_length,attrib_value)"
+ variant(attrib_length) "UNIT(dword32)"
+ variant "PADDING(dword32)"
+ }
+
+ type enumerated EAP_SIM_Attribute_Type
+ {
+ At_SIM_Rand (1),
+ At_SIM_Padding (6),
+ At_SIM_NonceMT (7),
+ At_SIM_Permanent_Id_Req (10),
+ At_SIM_Mac (11),
+ At_SIM_Notification (12),
+ At_SIM_Any_Id_Req (13),
+ At_SIM_Identity (14),
+ At_SIM_Version_List (15),
+ At_SIM_SelectedVersion (16),
+ At_SIM_FullAuth_Id_Req (17),
+ At_SIM_Counter (19),
+ At_SIM_CounterTooSmall (20),
+ At_SIM_NonceS (21),
+ At_SIM_Client_Error_Code (22),
+ At_SIM_Iv (129),
+ At_SIM_Encr_Data (130),
+ At_SIM_Next_Pseudonym (132),
+ At_SIM_Next_ReauthId (133),
+ At_SIM_Result_Ind (135)
+ } with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type enumerated EAP_SIM_SubType
+ {
+ EAP_SIM_Start (10),
+ EAP_SIM_Challenge (11),
+ EAP_SIM_Notification (12),
+ EAP_SIM_Re_Authentication (13),
+ EAP_SIM_Client_Error (14)
+ } with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type set of EAP_AKA_Attrib_t EAP_AKA_Attrib_List;
+
+ type set of EAP_AKAPrime_Attrib_t EAP_AKAPrime_Attrib_List;
+
+ type set of EAP_SIM_Attrib_t EAP_SIM_Attrib_List;
+
+ type record EAP_AKA_Data_t
+ {
+ EAP_AKA_SubType subtype,
+ U_INT16 reserved,
+ EAP_AKA_Attrib_List attrib_list
+ }
+
+ //Added for EPC
+ type record EAP_AKAPRIME_Data_t
+ {
+ EAP_AKA_SubType subtype,
+ U_INT16 reserved,
+ EAP_AKAPrime_Attrib_List attrib_list
+ }
+
+
+ type record EAP_MD5_CHALLENGE_Data_t
+ {
+ U_INT8 valueSize,
+ octetstring dataValue
+ } with {
+ variant (valueSize) "LENGTHTO(dataValue)"
+ }
+
+ type record EAP_IDENTITY_Data_t {
+ octetstring dataValue
+ }
+
+ type record EAP_NOTIFICATION_Data_t {
+ octetstring dataValue
+ }
+
+ type record EAP_NAK_Data_t {
+ octetstring dataValue
+ }
+
+ type record EAP_OTP_Data_t {
+ octetstring dataValue
+ }
+
+ type record EAP_GTC_Data_t {
+ octetstring dataValue
+ }
+
+ type record EAP_SIM_Data_t
+ {
+ EAP_SIM_SubType subtype,
+ U_INT16 reserved,
+ EAP_SIM_Attrib_List attrib_list
+ }
+
+ type record HelloRequest_t{}
+
+ type record of OCTET_2 octet2_list;
+ type record of OCTET_1 octet1_list;
+
+ type record ClientHello_t
+ {
+ OCTET_2 version,
+ U_INT32 time,
+ OCTET_28 random,
+ U_INT8 sessionIdLength,
+ octetstring sessionId,
+ U_INT16 cipherSuitesLength,
+ octet2_list cipherSuites,
+ U_INT8 compressionMethodsLength,
+ octet1_list compressionMethods
+ } with {
+ variant (sessionIdLength) "LENGTHTO(sessionId)"
+ variant (cipherSuitesLength) "LENGTHTO(cipherSuites)"
+ variant (compressionMethodsLength) "LENGTHTO(compressionMethods)"
+ }
+
+ type record ServerHello_t
+ {
+ OCTET_2 version,
+ U_INT32 time,
+ OCTET_28 random,
+ U_INT8 sessionIdLength,
+ octetstring sessionId,
+ OCTET_2 cipherSuite,
+ OCTET_1 compressionMethod
+ } with {
+ variant (sessionIdLength) "LENGTHTO(sessionId)"
+ }
+
+ type record Certificate
+ {
+ U_INT24 certificateLength,
+ octetstring certificate
+ } with {
+ variant (certificateLength) "LENGTHTO(certificate)"
+ }
+
+ type record of Certificate CertificateList;
+
+ type record Certificate_t
+ {
+ U_INT24 certificatesLength,
+ CertificateList certificates
+ } with {
+ variant (certificatesLength) "LENGTHTO(certificates)"
+ }
+
+ type record ServerKeyExchange_t
+ {
+
+ }
+
+ type record of DistinguishedNames DistinguishedNamesList;
+
+ type record DistinguishedNames
+ {
+ U_INT16 distinguishedNameLength,
+ // DistinguishedName distinguishedName
+ octetstring distinguishedName
+ } with {
+ variant (distinguishedNameLength) "LENGTHTO(distinguishedName)"
+ }
+
+
+ type record CertificateRequest_t
+ {
+ U_INT8 certificateTypesCount,
+ octet2_list certificateTypes,
+ U_INT16 distinguishedNamesLength,
+ DistinguishedNamesList distinguishedNames
+ } with {
+ variant (certificateTypesCount) "LENGTHTO(certificateTypes)"
+ variant (distinguishedNamesLength) "LENGTHTO(distinguishedNames)"
+ }
+
+ type record ServerHelloDone_t{}
+
+ type record CertificateVerify_t
+ {
+
+ }
+
+ type record ClientKeyExchange_t
+ {
+ octetstring clientKey
+
+ }
+
+ type record Finished_t
+ {
+ octetstring finishedData
+ }
+
+
+ type enumerated TLS_HandshakeType
+ {
+ HelloRequest (0),
+ ClientHello (1),
+ ServerHello (2),
+ Certificate (11),
+ ServerKeyExchange (12),
+ CertificateRequest (13),
+ ServerHelloDone (14),
+ CertificateVerify (15),
+ ClientKeyExchange (16),
+ Finished (20)
+ } with {
+ variant "FIELDLENGTH(8)"
+ }
+
+
+ type union TLS_HandshakeDataType_t
+ {
+ HelloRequest_t helloRequest,
+ ClientHello_t clientHello,
+ ServerHello_t serverHello,
+ Certificate_t certificate,
+ ServerKeyExchange_t serverKeyExchange,
+ CertificateRequest_t certificateRequest,
+ ServerHelloDone_t serverHelloDone,
+ CertificateVerify_t certificateVerify,
+ ClientKeyExchange_t clientKeyExchange,
+ Finished_t finished
+ }
+
+ type union TLS_HandshakeDataElement_t
+ {
+ TLS_HandshakeData_t nonEncriptedHandshake,
+ octetstring encriptedHandshake
+ }
+
+ type record of TLS_HandshakeDataElement_t TLS_HandshakeDataList
+
+ type record TLS_HandshakeData_t
+ {
+ TLS_HandshakeType handshakeType,
+ U_INT24 messageLength,
+ // OCT2 version, //'0301'O TLS 1.0
+ TLS_HandshakeDataType_t handshake
+ } with {
+ variant (handshake) "CROSSTAG(
+ helloRequest, handshakeType=HelloRequest;
+ clientHello, handshakeType=ClientHello;
+ serverHello, handshakeType=ServerHello;
+ certificate, handshakeType=Certificate;
+ serverKeyExchange, handshakeType=ServerKeyExchange;
+ certificateRequest, handshakeType=CertificateRequest;
+ serverHelloDone, handshakeType=ServerHelloDone;
+ certificateVerify, handshakeType=CertificateVerify;
+ clientKeyExchange, handshakeType=ClientKeyExchange;
+ finished, handshakeType=Finished)"
+ variant(messageLength) "LENGTHTO(handshake)"
+ }
+
+ type enumerated TLS_ContentType
+ {
+ ChangeCipherSpec (20),
+ Alert (21),
+ Handshake (22),
+ ApplicationData (23)
+ } with {
+ variant "FIELDLENGTH(8)"
+ }
+
+ type record TLS_Handshake
+ {
+ TLS_ContentType contentType, // Handshake
+ OCTET_2 version, //'0301'O TLS 1.0
+ U_INT16 messageLength,
+ // octetstring handshake
+ TLS_HandshakeDataList handshake
+ } with {
+ variant (messageLength) "LENGTHTO(handshake)"
+ variant "PRESENCE (contentType = Handshake; )"
+}
+
+ type record of TLS_Handshake Handshake_t;
+
+ type record ChangeCipherSpec_t
+ {
+ TLS_ContentType contentType, // ChangeCipherSpec
+ OCTET_2 version, //'0301'O TLS 1.0
+ U_INT16 messageLength,
+ // octetstring handshake
+ OCTET_1 changeCipherValue
+ } with {
+ variant (messageLength) "LENGTHTO(changeCipherValue)"
+ variant "PRESENCE (contentType = ChangeCipherSpec; )"
+}
+
+ type record Alert_t
+ {
+ TLS_ContentType contentType, // Alert
+ OCTET_2 version, //'0301'O TLS 1.0
+ U_INT16 messageLength,
+ // octetstring handshake
+ OCTET_1 alertLevel,
+ OCTET_1 alertDescription
+ } with {
+ variant (messageLength) "LENGTHTO(alertLevel,alertDescription)"
+ variant "PRESENCE (contentType = Alert; )"
+}
+
+ type record ApplicationData_t
+ {
+ TLS_ContentType contentType, // ApplicationData
+ OCTET_2 version, //'0301'O TLS 1.0
+ U_INT16 messageLength,
+ octetstring applicationData
+ } with {
+ variant (messageLength) "LENGTHTO(applicationData)"
+ variant "PRESENCE (contentType = ApplicationData; )"
+}
+
+ type union TLS_Fragment
+ {
+ ChangeCipherSpec_t changeCipherSpec,
+ Alert_t alert,
+ Handshake_t handshake,
+ ApplicationData_t applicationData
+ }
+
+ type record of TLS_Fragment TLS_Fragments;
+
+ type record EAP_TLS_Data_t
+ {
+ BIT5 reserved,
+ BIT1 startBit,
+ BIT1 moreFragments,
+ BIT1 lengthIncluded,
+ U_INT32 messageLength optional,
+ octetstring dataValue
+ //TLS_HandshakeList dataValue optional
+ } with {
+ variant (messageLength) "PRESENCE (lengthIncluded = '1'B) "
+ variant (messageLength) "LENGTHTO(dataValue)"
+ }
+
+ type record EAP_TTLS_Data_t
+ {
+ BIT3 version, //'000'B for EAP-TTLSv0
+ BIT2 reserved,
+ BIT1 startBit,
+ BIT1 moreFragments,
+ BIT1 lengthIncluded,
+ U_INT32 messageLength optional,
+ TLS_Fragments dataValue
+ // octetstring dataValue
+ } with {
+ variant (messageLength) "PRESENCE (lengthIncluded = '1'B) "
+// variant (messageLength) "LENGTHTO(dataValue)"
+ }
+
+ type union EAP_Packet_Type_Data
+ {
+ EAP_IDENTITY_Data_t f_eap_identity,
+ EAP_NOTIFICATION_Data_t f_eap_notification,
+ EAP_NAK_Data_t f_eap_nak,
+ EAP_MD5_CHALLENGE_Data_t f_eap_md5_challenge,
+ EAP_OTP_Data_t f_eap_one_time_password,
+ EAP_GTC_Data_t f_eap_generic_token_card,
+ EAP_AKA_Data_t f_eap_aka,
+ EAP_AKAPRIME_Data_t f_eap_akaprime,
+ EAP_SIM_Data_t f_eap_sim,
+ EAP_TLS_Data_t f_eap_tls,
+ EAP_TTLS_Data_t f_eap_ttls
+ }
+
+ type record EAP_Packet_Data
+ {
+ EAP_Packet_Type eap_packet_type,
+ EAP_Packet_Type_Data eap_packet_type_data
+ }with {
+ variant (eap_packet_type_data) "CROSSTAG(
+ f_eap_identity, eap_packet_type=EAP_Identity;
+ f_eap_notification, eap_packet_type=EAP_Notification;
+ f_eap_nak, eap_packet_type=EAP_Nak;
+ f_eap_md5_challenge, eap_packet_type=EAP_Md5_Challenge;
+ f_eap_one_time_password, eap_packet_type=EAP_One_Time_Password;
+ f_eap_generic_token_card, eap_packet_type=EAP_Generic_Token_Card;
+ f_eap_akaprime, eap_packet_type=EAP_AkaPrime;
+ f_eap_aka, eap_packet_type=EAP_Aka;
+ f_eap_sim, eap_packet_type=EAP_Sim;
+ f_eap_tls, eap_packet_type=EAP_Tls;
+ f_eap_ttls, eap_packet_type=EAP_Ttls)"
+ }
+
+ type record PDU_EAP //EAP (RFC 3748)
+ {
+ EAP_Packet_Code code,
+ U_INT8 identifier,
+ U_INT16 packet_length,
+ EAP_Packet_Data packet_data optional
+ } with {
+ variant (packet_length) "LENGTHTO(code, identifier, packet_length, packet_data)"
+}
+
+}with { encode "RAW" } // End module
+

Back to the top