/// <summary>
/// Creates an instance from domain of interpretation, sensitivity level, checksum and compartment bitmap.
/// </summary>
/// <param name="domainOfInterpretation">Identifies the rules under which this datagram must be handled and protected.</param>
/// <param name="sensitivityLevel">
/// Contains an opaque octet whose value indicates the relative sensitivity of the data contained in this datagram in the context of the indicated DOI.
/// The values of this field must be ordered, with 00000000 being the lowest Sensitivity Level and 11111111 being the highest Sensitivity Level.
/// However, in a typical deployment, not all 256 Sensitivity Levels will be in use.
/// So the set of valid Sensitivity Level values depends upon the CALIPSO DOI in use.
/// This sensitivity ordering rule is necessary so that Intermediate Systems (e.g., routers or MLS guards) will be able to apply MAC policy
/// with minimal per-packet computation and minimal configuration.
/// </param>
/// <param name="checksum">
/// Contains the a CRC-16 checksum as defined in RFC 1662.
/// The checksum is calculated over the entire CALIPSO option in this packet, including option header, zeroed-out checksum field, option contents,
/// and any required padding zero bits.
/// The checksum must always be computed on transmission and must always be verified on reception.
/// This checksum only provides protection against accidental corruption of the CALIPSO option in cases where neither the underlying medium
/// nor other mechanisms, such as the IP Authentication Header (AH), are available to protect the integrity of this option.
/// Note that the checksum field is always required, even when other integrity protection mechanisms (e.g., AH) are used.
/// If null is given, it would be automatically calculated.
/// </param>
/// <param name="compartmentBitmap">
/// Each bit represents one compartment within the DOI.
/// Each "1" bit within an octet in the Compartment Bitmap field represents a separate compartment under whose rules the data in this packet
/// must be protected.
/// Hence, each "0" bit indicates that the compartment corresponding with that bit is not applicable to the data in this packet.
/// The assignment of identity to individual bits within a Compartment Bitmap for a given DOI is left to the owner of that DOI.
/// This specification represents a Releasability on the wire as if it were an inverted Compartment.
/// So the Compartment Bitmap holds the sum of both logical Releasabilities and also logical Compartments for a given DOI value.
/// The encoding of the Releasabilities in this field is described elsewhere in this document.
/// The Releasability encoding is designed to permit the Compartment Bitmap evaluation to occur without the evaluator necessarily knowing
/// the human semantic associated with each bit in the Compartment Bitmap.
/// In turn, this facilitates the implementation and configuration of Mandatory Access Controls based on the Compartment Bitmap
/// within IPv6 routers or guard devices.
/// </param>
public IpV6OptionCalipso(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, ushort?checksum, DataSegment compartmentBitmap)
: base(IpV6OptionType.Calipso)
{
if (compartmentBitmap == null)
{
throw new ArgumentNullException("compartmentBitmap");
}
if (compartmentBitmap.Length % sizeof(int) != 0)
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, "Compartment Bitmap length must divide by {0}.", sizeof(int)),
"compartmentBitmap");
}
if (compartmentBitmap.Length > CompartmentBitmapMaxLength)
{
throw new ArgumentOutOfRangeException("compartmentBitmap", compartmentBitmap,
string.Format(CultureInfo.InvariantCulture, "Compartment Bitmap length must not be bigger than {0}.",
CompartmentBitmapMaxLength));
}
DomainOfInterpretation = domainOfInterpretation;
SensitivityLevel = sensitivityLevel;
CompartmentBitmap = compartmentBitmap;
if (checksum.HasValue)
{
Checksum = checksum.Value;
}
else
{
Checksum = CalculateChecksum(DomainOfInterpretation, SensitivityLevel, CompartmentBitmap);
}
}
/// <summary>
/// Parses an option from the given data.
/// </summary>
/// <param name="data">The data to parse.</param>
/// <returns>The option if parsing was successful, null otherwise.</returns>
public IpV6Option CreateInstance(DataSegment data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
if (data.Length < OptionDataMinimumLength)
{
return(null);
}
IpV6CalipsoDomainOfInterpretation domainOfInterpretation = (IpV6CalipsoDomainOfInterpretation)data.ReadUInt(Offset.DomainOfInterpretation,
Endianity.Big);
byte compartmentLength = data[Offset.CompartmentLength];
int compartmentLengthInBytes = compartmentLength * sizeof(int);
if (OptionDataMinimumLength + compartmentLengthInBytes > data.Length)
{
return(null);
}
byte sensitivityLevel = data[Offset.SensitivityLevel];
ushort checksum = data.ReadUShort(Offset.Checksum, Endianity.Big);
DataSegment compartmentBitmap = data.Subsegment(Offset.CompartmentBitmap, compartmentLengthInBytes);
return(new IpV6OptionCalipso(domainOfInterpretation, sensitivityLevel, checksum, compartmentBitmap));
}
private static ushort CalculateChecksum(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, DataSegment compartmentBitmap)
{
byte[] domainOfInterpretationBytes = new byte[sizeof(uint)];
domainOfInterpretationBytes.Write(0, (uint)domainOfInterpretation, Endianity.Big);
ushort checksum =
PointToPointProtocolFrameCheckSequenceCalculator.CalculateFrameCheckSequence16(
new byte[0].Concat((byte)IpV6OptionType.Calipso,
(byte)(OptionDataMinimumLength + compartmentBitmap.Length)).Concat(
domainOfInterpretationBytes)
.Concat <byte>(CalculateCompartmentLength(compartmentBitmap), sensitivityLevel, 0, 0).Concat(compartmentBitmap));
return(checksum);
}
public IpV6OptionCalipso(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, ushort checksum, DataSegment compartmentBitmap)
: base(IpV6OptionType.Calipso)
{
if (compartmentBitmap.Length % sizeof(int) != 0)
throw new ArgumentException(string.Format("Compartment Bitmap length must divide by {0}.", sizeof(int)), "compartmentBitmap");
if (compartmentBitmap.Length / sizeof(int) > byte.MaxValue)
{
throw new ArgumentOutOfRangeException(string.Format("Compartment Bitmap length must not be bigger than {0}.", byte.MaxValue * sizeof(int)),
"compartmentBitmap");
}
DomainOfInterpretation = domainOfInterpretation;
SensitivityLevel = sensitivityLevel;
Checksum = checksum;
CompartmentBitmap = compartmentBitmap;
}
public IpV6OptionCalipso(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, ushort checksum, DataSegment compartmentBitmap)
: base(IpV6OptionType.Calipso)
{
if (compartmentBitmap.Length % sizeof(int) != 0)
{
throw new ArgumentException(string.Format("Compartment Bitmap length must divide by {0}.", sizeof(int)), "compartmentBitmap");
}
if (compartmentBitmap.Length / sizeof(int) > byte.MaxValue)
{
throw new ArgumentOutOfRangeException(string.Format("Compartment Bitmap length must not be bigger than {0}.", byte.MaxValue * sizeof(int)),
"compartmentBitmap");
}
DomainOfInterpretation = domainOfInterpretation;
SensitivityLevel = sensitivityLevel;
Checksum = checksum;
CompartmentBitmap = compartmentBitmap;
}
/// <summary>
/// Creates an instance from domain of interpretation, sensitivity level, checksum and compartment bitmap.
/// </summary>
/// <param name="domainOfInterpretation">Identifies the rules under which this datagram must be handled and protected.</param>
/// <param name="sensitivityLevel">
/// Contains an opaque octet whose value indicates the relative sensitivity of the data contained in this datagram in the context of the indicated DOI.
/// The values of this field must be ordered, with 00000000 being the lowest Sensitivity Level and 11111111 being the highest Sensitivity Level.
/// However, in a typical deployment, not all 256 Sensitivity Levels will be in use.
/// So the set of valid Sensitivity Level values depends upon the CALIPSO DOI in use.
/// This sensitivity ordering rule is necessary so that Intermediate Systems (e.g., routers or MLS guards) will be able to apply MAC policy
/// with minimal per-packet computation and minimal configuration.
/// </param>
/// <param name="checksum">
/// Contains the a CRC-16 checksum as defined in RFC 1662.
/// The checksum is calculated over the entire CALIPSO option in this packet, including option header, zeroed-out checksum field, option contents,
/// and any required padding zero bits.
/// The checksum must always be computed on transmission and must always be verified on reception.
/// This checksum only provides protection against accidental corruption of the CALIPSO option in cases where neither the underlying medium
/// nor other mechanisms, such as the IP Authentication Header (AH), are available to protect the integrity of this option.
/// Note that the checksum field is always required, even when other integrity protection mechanisms (e.g., AH) are used.
/// If null is given, it would be automatically calculated.
/// </param>
/// <param name="compartmentBitmap">
/// Each bit represents one compartment within the DOI.
/// Each "1" bit within an octet in the Compartment Bitmap field represents a separate compartment under whose rules the data in this packet
/// must be protected.
/// Hence, each "0" bit indicates that the compartment corresponding with that bit is not applicable to the data in this packet.
/// The assignment of identity to individual bits within a Compartment Bitmap for a given DOI is left to the owner of that DOI.
/// This specification represents a Releasability on the wire as if it were an inverted Compartment.
/// So the Compartment Bitmap holds the sum of both logical Releasabilities and also logical Compartments for a given DOI value.
/// The encoding of the Releasabilities in this field is described elsewhere in this document.
/// The Releasability encoding is designed to permit the Compartment Bitmap evaluation to occur without the evaluator necessarily knowing
/// the human semantic associated with each bit in the Compartment Bitmap.
/// In turn, this facilitates the implementation and configuration of Mandatory Access Controls based on the Compartment Bitmap
/// within IPv6 routers or guard devices.
/// </param>
public IpV6OptionCalipso(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, ushort? checksum, DataSegment compartmentBitmap)
: base(IpV6OptionType.Calipso)
{
if (compartmentBitmap == null)
throw new ArgumentNullException("compartmentBitmap");
if (compartmentBitmap.Length % sizeof(int) != 0)
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, "Compartment Bitmap length must divide by {0}.", sizeof(int)),
"compartmentBitmap");
if (compartmentBitmap.Length > CompartmentBitmapMaxLength)
{
throw new ArgumentOutOfRangeException("compartmentBitmap", compartmentBitmap,
string.Format(CultureInfo.InvariantCulture, "Compartment Bitmap length must not be bigger than {0}.",
CompartmentBitmapMaxLength));
}
DomainOfInterpretation = domainOfInterpretation;
SensitivityLevel = sensitivityLevel;
CompartmentBitmap = compartmentBitmap;
if (checksum.HasValue)
Checksum = checksum.Value;
else
Checksum = CalculateChecksum(DomainOfInterpretation, SensitivityLevel, CompartmentBitmap);
}
private static ushort CalculateChecksum(IpV6CalipsoDomainOfInterpretation domainOfInterpretation, byte sensitivityLevel, DataSegment compartmentBitmap)
{
byte[] domainOfInterpretationBytes = new byte[sizeof(uint)];
domainOfInterpretationBytes.Write(0, (uint)domainOfInterpretation, Endianity.Big);
ushort checksum =
PppFrameCheckSequenceCalculator.CalculateFrameCheckSequence16(
new byte[0].Concat((byte)IpV6OptionType.Calipso,
(byte)(OptionDataMinimumLength + compartmentBitmap.Length)).Concat(
domainOfInterpretationBytes)
.Concat<byte>(CalculateCompartmentLength(compartmentBitmap), sensitivityLevel, 0, 0).Concat(compartmentBitmap));
return checksum;
}
