/*---------------------------------------------------------------------------*/
static void
send_rrep(uip_ipaddr_t *dest, uip_ipaddr_t *nexthop, uip_ipaddr_t *orig,
uint32_t *seqno, unsigned hop_count)
{
struct uaodv_msg_rrep *rm = (struct uaodv_msg_rrep *)uip_appdata;
print_debug("send RREP orig=%d.%d.%d.%d hops=%d\n",
uip_ipaddr_to_quad(orig), hop_count);
rm->type = UAODV_RREP_TYPE;
rm->flags = 0;
rm->prefix_sz = 0; /* I.e a /32 route. */
rm->hop_count = hop_count;
uip_ipaddr_copy(&rm->orig_addr, orig);
rm->dest_seqno = *seqno;
uip_ipaddr_copy(&rm->dest_addr, dest);
rm->lifetime = UIP_HTONL(MY_ROUTE_TIMEOUT);
sendto(nexthop, rm, sizeof(struct uaodv_msg_rrep));
}
u32_t
uip_htonl(u32_t val)
{
return UIP_HTONL(val);
}
void sad_conf()
{
/**
* This is where you (as the sysadmin) can add manual SAs to the SAD.
*
* With manual SAs you don't need to use the IKE component, but you also have
* to perform key management manually (changing keys, addresses etc) and will
* lose anti-replay protection (see sad.h).
*
* Please keep in mind that:
* -> The SAD is unordered and its contents may change during runtime.
* -> Any predefined SAD entry must be defined in such a way that
* its memory is persistent during the runtime of the IPsec subsystem.
* i.e. use the storage class static or declare the sad_entry_t -variables in the global scope.
* -> The SPI must be a value in the range > 0 and < SAD_DYNAMIC_SPI_START.
*/
/**
* This is an example of how to add a two manual SAs to the SAD.
*/
/**
* Initialize the IP address that your configuration will refer to.
*
* Some memory can be saved here by handling the byte order issue prior to run time.
*/
//uip_ip6addr(&secureServer, 0xfdfd, 0, 0, 0, 0, 0, 0, 0x1);
//uip_ip6addr(&peer, 0xfe80, 0x0219, 0xe3ff, 0xfe47, 0x49aa, 0xfe47, 0x49aa, 0xfe47); // An example address
uip_ip6addr(&molniya, 0xfdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1);
//uip_ip6addr(&cooja_ipsec_host, 0xaaaa, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x2);
//uip_ip6addr(&cooja2, 0xaaaa, 0x0, 0x0, 0x0, 0x212, 0x7402, 0x2, 0x202);
/**
* Create an INCOMING entry. time_of_creation is set to 0, distinguishing the entry as a manual one.
* Doing so will disable anti-replay protection (see RFC 4301, section 4.5).
*/
sad_entry_t *my_incoming_entry = sad_create_incoming_entry(0);
if (my_incoming_entry == NULL) {
//PRINTF(IPSEC_ERROR "Panic! Could not set up static SAs\n");
return;
}
/**
* Upon the return of sad_create_incoming_entry() we need to set sa and traffic_desc.
*
* This will match all incoming UDP traffic from the address peer.
*/
// Source address range
//my_incoming_entry->traffic_desc.peer_addr_from = &secureServer;
//my_incoming_entry->traffic_desc.peer_addr_to = &secureServer;
my_incoming_entry->traffic_desc.peer_addr_from = &molniya;
my_incoming_entry->traffic_desc.peer_addr_to = &molniya;
my_incoming_entry->traffic_desc.nextlayer_proto = SPD_SELECTOR_NL_ANY_PROTOCOL;
// No HTONS needed here as the maximum and miniumum unsigned ints are represented the same way
// in network as well as host byte order.
my_incoming_entry->traffic_desc.my_port_from = 0;
my_incoming_entry->traffic_desc.my_port_to = PORT_MAX;
my_incoming_entry->traffic_desc.peer_port_from = 0;
my_incoming_entry->traffic_desc.peer_port_to = PORT_MAX;
/**
* Set the parameters of the SA.
*/
const uint8_t integ_key[] = { 0xcf, 0x5f, 0xaa, 0xca, 0x70, 0xee, 0x5e, 0xc4, 0xc8, 0xf4, 0x31, 0x58, 0xa4, 0x5c, 0x03, 0x63 };
//const uint8_t integ_key[] = { 0xa9, 0x5f, 0x84, 0x3c, 0xe3, 0xd1, 0xfd, 0xc9, 0x9d, 0xcc, 0xbe, 0xf8, 0x23, 0x8a, 0xf1, 0x30 };
const uint8_t encr_key[] =
{
0x3b, 0xda, 0x5b, 0x6c, 0x05, 0x59, 0x5d, 0xe5, 0x64, 0x2b, 0xf6, 0x13, 0xf8, 0xd1, 0xaf, 0xd4, // 128 bit key
0xd4, 0xa8, 0x07, 0x59 // 32 bit nonce
};
my_incoming_entry->sa.proto = SA_PROTO_ESP;
my_incoming_entry->sa.encr = SA_ENCR_AES_CTR;
my_incoming_entry->sa.integ = SA_INTEG_AES_XCBC_MAC_96;
memcpy(my_incoming_entry->sa.sk_a, &integ_key, sizeof(integ_key));
memcpy(my_incoming_entry->sa.sk_e, &encr_key, sizeof(encr_key));
my_incoming_entry->sa.encr_keylen = 16; // 128 bits encryption keylength
// We may assign any SPI value that's below the range of automatic SPIs (SAD_DYNAMIC_SPI_START)
// Important: Keep in mind that the SAD stores the SPIs in network byte order
my_incoming_entry->spi = UIP_HTONL(1);
/**
* Create an OUTGOING entry. time_of_creation is set to 0 in order to mark is as manual,
* thus disabling anti-replay protection.
*/
sad_entry_t *my_outgoing_entry = sad_create_outgoing_entry(0);
if (my_outgoing_entry == NULL) {
//PRINTF(IPSEC_ERROR "Panic! Could not set up static SAs\n");
return;
}
/**
* Upon the return of sad_create_incoming_entry() we need to set sa, traffic_desc and spi.
*
* This will match all outgoing UDP traffic from the address peer.
*/
// Destination address range
//my_outgoing_entry->traffic_desc.peer_addr_from = &secureServer;
//my_outgoing_entry->traffic_desc.peer_addr_to = &secureServer;
my_outgoing_entry->traffic_desc.peer_addr_from = &molniya;
my_outgoing_entry->traffic_desc.peer_addr_to = &molniya;
my_outgoing_entry->traffic_desc.nextlayer_proto = SPD_SELECTOR_NL_ANY_PROTOCOL;
my_outgoing_entry->traffic_desc.my_port_from = 0;
my_outgoing_entry->traffic_desc.my_port_to = PORT_MAX;
my_outgoing_entry->traffic_desc.peer_port_from = 0;
my_outgoing_entry->traffic_desc.peer_port_to = PORT_MAX;
/**
* Set the parameters of the SA. We use the same key as that of the incoming because we're lazy.
*/
my_outgoing_entry->sa.proto = SA_PROTO_ESP;
my_outgoing_entry->sa.encr = SA_ENCR_AES_CTR;
my_outgoing_entry->sa.integ = SA_INTEG_AES_XCBC_MAC_96;
memcpy(my_outgoing_entry->sa.sk_a, &integ_key, sizeof(integ_key)); // 12 bytes
memcpy(my_outgoing_entry->sa.sk_e, &encr_key, sizeof(encr_key)); // 16 bytes
my_outgoing_entry->sa.encr_keylen = 16;
// We may assign any SPI value whatsoever since the key of outgoing
// SAD entries is the traffic descriptor, not the SPI.
// Important: Keep in mind that the SAD stores the SPIs in network byte order
my_outgoing_entry->spi = UIP_HTONL(2);
}
