Ims ipsec support

.gitignore

@@ -51,3 +51,7 @@ cmake_install.cmake
 # Ignore autogenerated version.h.
 /include/version.cmake
 /version.h
+
+.idea
+cmake-build-debug
+*.pcap

CMakeLists.txt

@@ -252,4 +252,6 @@ if(USE_SCTP)
   endif()
 endif()
 
+add_subdirectory(calc_keys)
+
 install(TARGETS sipp DESTINATION bin)

calc_keys/CMakeLists.txt

@@ -0,0 +1,14 @@
+cmake_minimum_required(VERSION 3.4)
+
+# set the project name
+project(SIPp)
+
+# specify the C++ standard
+set(CMAKE_CXX_STANDARD 14)
+set(CMAKE_CXX_STANDARD_REQUIRED True)
+set(CMAKE_CXX_EXTENSIONS False)
+# specify the C++ standard on older CMake (<3.8)
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++14")
+
+add_executable(calc_ck calc_ck.cpp ../src/milenage.c ../src/md5.c ../src/rijndael.c ../src/strings.cpp)
+target_include_directories(calc_ck PRIVATE ../include)

calc_keys/calc_ck.cpp

@@ -0,0 +1,122 @@
+//
+// Created by dbori on 18.06.2023.
+//
+
+#include <cstdlib>
+#include <cstring>
+#include <iostream>
+#include "auth.hpp"
+#include "milenage.h"
+#include "strings.hpp"
+
+#define STR_K_LEN (CKLEN * 2 + 2 + 1)
+typedef char STR_KEY[STR_K_LEN];
+
+char digit_to_hex(const char c) {
+	if (c > 15 || c < 0)
+		return 0;
+	if (c > 9)
+		return 'a' + c - 10;
+	return '0' + c;
+}
+
+void key_to_hex(const CK key, STR_KEY res) {
+	bzero(res, STR_K_LEN);
+	int i = 2;
+	res[0] = '0';
+	res[1] = 'x';
+	while (i < STR_K_LEN - 1) {
+		res[i] = digit_to_hex(key[(i - 2) / 2] >> 4);
+		res[i + 1] = digit_to_hex(key[(i - 2) / 2] & 0x0f);
+		i += 2;
+	}
+	res[STR_K_LEN - 1] = '\0';
+}
+
+void parse_key_str(const char *key_str, K key, size_t key_len) {
+	size_t pos;
+	bzero(key, key_len);
+	size_t len = strlen(key_str);
+	if (key_str[0] == '0' && key_str[1] == 'x') {
+		pos = 2;
+		while (pos < strlen(key_str)) {
+			if (key_str[pos] == '\0')
+				break;
+			if (!(pos % 2))
+				key[pos / 2 - 1] += get_decimal_from_hex(key_str[pos]) << 4;
+			else
+				key[pos / 2 - 1] += get_decimal_from_hex(key_str[pos]);
+			pos++;
+		}
+		return;
+	} else if (len && key_str[0] == '"' && key_str[len - 1] == '"') {
+		int pos_s = 1, pos_k = 0;
+		while (pos_s < len - 1 && pos_k < key_len) {
+			if (key_str[pos_s] != '\\')
+				key[pos_k] = key_str[pos_s];
+			else
+				++pos_s;
+			++pos_s;
+			++pos_k;
+		}
+		return;
+	} else {
+		int pos_s = 0, pos_k = 0;
+		while (pos_s < len && pos_k < key_len) {
+			if (key_str[pos_s] != '\\')
+				key[pos_k] = key_str[pos_s];
+			else
+				++pos_s;
+			++pos_s;
+			++pos_k;
+		}
+	}
+}
+
+int main(int argc, char *argv[]) {
+	OP op;
+	RAND rnd;
+	K k;
+	RES res;
+	AK ak;
+	CK ck;
+	IK ik;
+
+
+	if (argc != 5)
+		exit(-1);
+	if (!strcmp(argv[3], "null")) {
+		std::cout << "''";
+		exit(0);
+	}
+	int nonce_len;
+	auto nonce = base64_decode_string(argv[2], strlen(argv[2]), &nonce_len);
+
+	if (nonce_len < RANDLEN + AUTNLEN) {
+		if (nonce)
+			free(nonce);
+		std::cerr << "Incorrect length of nonce, expected " << RANDLEN + AUTNLEN << std::endl;
+		exit(-1);
+	}
+
+	memcpy(rnd, nonce, RANDLEN);
+	parse_key_str(argv[1], k, sizeof k);
+	parse_key_str(argv[4], op, sizeof op);
+
+	bzero(op, sizeof op);
+	bzero(ak, sizeof ak);
+
+	f2345(k, rnd, res, ck, ik, ak, op);
+	if (strstr(argv[0], "calc_ck")) {
+		STR_KEY s_ck;
+		key_to_hex(ck, s_ck);
+		std::cout << s_ck;
+	} else if (strstr(argv[0], "calc_ik")) {
+		STR_KEY s_ik;
+		key_to_hex(ik, s_ik);
+		std::cout << s_ik;
+	} else {
+		std::cout << "Program should be called as 'calc_ck' or 'calc_ik' but called as " << argv[0] << std::endl;
+		exit(-1);
+	}
+}

example/ipsec/ipsec/ipsec_E_Drop.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# User Endpoint drop all 4 SA
+#
+# \author Dragos Vingarzan vingarzan -at- fokus dot fraunhofer dot de
+# \author xfrm Serge S. Yuriev  nevian -at- nevian dot org
+#
+
+ue=$1
+port_uc=$2
+port_us=$3
+
+pcscf=$4
+port_pc=$5
+port_ps=$6
+
+spi_uc=$7
+spi_us=$8
+
+spi_pc=$9
+spi_ps=${10}
+
+
+
+ip xfrm policy del src $ue dst $pcscf sport $port_uc dport $port_ps dir out
+ip xfrm state del src $ue dst $pcscf proto esp spi $spi_ps
+
+ip xfrm policy del src $ue dst $pcscf sport $port_us dport $port_pc dir out
+ip xfrm state del src $ue dst $pcscf proto esp spi $spi_pc
+
+ip xfrm policy del src $pcscf dst $ue sport $port_ps dport $port_uc dir in
+ip xfrm state del src $pcscf dst $ue proto esp spi $spi_uc
+
+ip xfrm policy del src $pcscf dst $ue sport $port_pc dport $port_us dir in
+ip xfrm state del src $pcscf dst $ue proto esp spi $spi_us

example/ipsec/ipsec/ipsec_E_Inc_Req.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# UserEndpoint SA for Incoming Requests ( US <- PC )
+#
+# \author Dragos Vingarzan vingarzan -at- fokus dot fraunhofer dot de
+# \author xfrm Serge S. Yuriev  nevian -at- nevian dot org
+#
+
+ue=$1
+port_us=$2
+pcscf=$3
+port_pc=$4
+
+spi_us=$5
+
+ealg=$6
+ck=$7
+alg=$8
+ik=$9
+
+if [ "$6" = "null" ] 
+then
+	ck='""'
+fi
+
+case "$ealg" in
+	"aes-cbc" )
+		ealg="cbc(aes)"
+		;;
+	"des-ede3-cbc" )
+		ealg="cbc(des3_ede)"
+		;;
+	"null" )
+		ealg="ecb(cipher_null)"
+		;;
+	* )
+		echo Unknown EALG $ealg exiting..
+		exit 127
+		;;
+esac
+
+case "$alg" in
+	"null" )
+		alg="digest_null"
+		;;
+	"hmac-sha-1-96" )
+		alg="hmac(sha1)"
+		;;
+	"hmac-md5-96" )
+		alg="hmac(md5)"
+		;;
+	* )
+		echo Unknown ALG $alg exiting..
+		exit 127
+		;;
+esac
+
+ip xfrm policy add src $pcscf dst $ue sport $port_pc dport $port_us dir in tmpl proto esp reqid $$ mode transport
+ip xfrm state add src $pcscf dst $ue proto esp spi $spi_us mode transport enc $ealg $ck auth $alg $ik reqid $$

example/ipsec/ipsec/ipsec_E_Inc_Rpl.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# UserEndpoint SA for Incoming Replies ( UC <- PS )
+#
+# \author Dragos Vingarzan vingarzan -at- fokus dot fraunhofer dot de
+# \author xfrm Serge S. Yuriev  nevian -at- nevian dot org
+#
+
+ue=$1
+port_uc=$2
+pcscf=$3
+port_ps=$4
+
+spi_uc=$5
+
+ealg=$6
+ck=$7
+alg=$8
+ik=$9
+
+if [ "$6" = "null" ] 
+then
+	ck='""'
+fi
+
+case "$ealg" in
+	"aes-cbc" )
+		ealg="cbc(aes)"
+		;;
+	"des-ede3-cbc" )
+		ealg="cbc(des3_ede)"
+		;;
+	"null" )
+		ealg="ecb(cipher_null)"
+		;;
+	* )
+		echo Unknown EALG $ealg exiting..
+		exit 127
+		;;
+esac
+
+case "$alg" in
+	"null" )
+		alg="digest_null"
+		;;
+	"hmac-sha-1-96" )
+		alg="hmac(sha1)"
+		;;
+	"hmac-md5-96" )
+		alg="hmac(md5)"
+		;;
+	* )
+		echo Unknown ALG $alg exiting..
+		exit 127
+		;;
+esac
+
+ip xfrm policy add src $pcscf dst $ue sport $port_ps dport $port_uc dir in tmpl proto esp reqid $$ mode transport
+ip xfrm state add src $pcscf dst $ue proto esp spi $spi_uc mode transport enc $ealg $ck auth $alg $ik reqid $$

example/ipsec/ipsec/ipsec_E_Out_Req.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# UserEndpoint SA for Outgoing Requests ( UC -> PS )
+#
+# \author Dragos Vingarzan vingarzan -at- fokus dot fraunhofer dot de
+# \author xfrm Serge S. Yuriev  nevian -at- nevian dot org
+#
+
+ue=$1
+port_uc=$2
+pcscf=$3
+port_ps=$4
+
+spi_ps=$5
+
+ealg=$6
+ck=$7
+alg=$8
+ik=$9
+
+if [ "$6" = "null" ] 
+then
+	ck='""'
+fi
+
+case "$ealg" in
+	"aes-cbc" )
+		ealg="cbc(aes)"
+		;;
+	"des-ede3-cbc" )
+		ealg="cbc(des3_ede)"
+		;;
+	"null" )
+		ealg="ecb(cipher_null)"
+		;;
+	* )
+		echo Unknown EALG $ealg exiting..
+		exit 127
+		;;
+esac
+
+case "$alg" in
+	"null" )
+		alg="digest_null"
+		;;
+	"hmac-sha-1-96" )
+		alg="hmac(sha1)"
+		;;
+	"hmac-md5-96" )
+		alg="hmac(md5)"
+		;;
+	* )
+		echo Unknown ALG $alg exiting..
+		exit 127
+		;;
+esac
+
+ip xfrm policy add src $ue dst $pcscf sport $port_uc dport $port_ps dir out tmpl proto esp reqid $$ mode transport
+ip xfrm state add src $ue dst $pcscf proto esp spi $spi_ps mode transport enc $ealg $ck auth $alg $ik reqid $$