Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
ike.h File Reference

IKEv2 (Internet Key Exchange Protocol) More...

#include "ipsec/ipsec.h"
#include "cipher/cipher_algorithms.h"
#include "pkc/key_exch_algorithms.h"
#include "pkix/x509_common.h"

Go to the source code of this file.

Data Structures

struct  IkeTsParams
 Traffic selector parameters. More...
 
struct  _IkeSaEntry
 IKE Security Association entry. More...
 
struct  _IkeChildSaEntry
 Child Security Association entry. More...
 
struct  IkeSettings
 IKE settings. More...
 
struct  _IkeContext
 IKE context. More...
 

Macros

#define IKE_SUPPORT   ENABLED
 
#define IKE_STACK_SIZE   650
 
#define IKE_PRIORITY   OS_TASK_PRIORITY_NORMAL
 
#define IKE_TICK_INTERVAL   500
 
#define IKE_DEFAULT_SA_LIFETIME   14400000
 
#define IKE_DEFAULT_CHILD_SA_LIFETIME   3600000
 
#define IKE_CERT_AUTH_SUPPORT   ENABLED
 
#define IKE_PSK_AUTH_SUPPORT   ENABLED
 
#define IKE_COOKIE_SUPPORT   DISABLED
 
#define IKE_INITIAL_CONTACT_SUPPORT   ENABLED
 
#define IKE_SIGN_HASH_ALGOS_SUPPORT   ENABLED
 
#define IKE_CREATE_CHILD_SA_SUPPORT   ENABLED
 
#define IKE_DPD_SUPPORT   ENABLED
 
#define IKE_MAX_RETRIES   5
 
#define IKE_INIT_TIMEOUT   3000
 
#define IKE_MAX_TIMEOUT   60000
 
#define IKE_HALF_OPEN_TIMEOUT   30000
 
#define IKE_RANDOM_JITTER   10
 
#define IKE_MAX_MSG_SIZE   1452
 
#define IKE_MIN_COOKIE_SIZE   1
 
#define IKE_MAX_COOKIE_SIZE   64
 
#define IKE_MIN_NONCE_SIZE   16
 
#define IKE_DEFAULT_NONCE_SIZE   32
 
#define IKE_MAX_NONCE_SIZE   64
 
#define IKE_MAX_ID_LEN   64
 
#define IKE_MAX_PSK_LEN   64
 
#define IKE_MAX_PASSWORD_LEN   32
 
#define IKE_CBC_SUPPORT   ENABLED
 
#define IKE_CTR_SUPPORT   DISABLED
 
#define IKE_CCM_8_SUPPORT   DISABLED
 
#define IKE_CCM_12_SUPPORT   DISABLED
 
#define IKE_CCM_16_SUPPORT   DISABLED
 
#define IKE_GCM_8_SUPPORT   DISABLED
 
#define IKE_GCM_12_SUPPORT   DISABLED
 
#define IKE_GCM_16_SUPPORT   ENABLED
 
#define IKE_CHACHA20_POLY1305_SUPPORT   ENABLED
 
#define IKE_CMAC_AUTH_SUPPORT   DISABLED
 
#define IKE_HMAC_AUTH_SUPPORT   ENABLED
 
#define IKE_XCBC_MAC_AUTH_SUPPORT   DISABLED
 
#define IKE_CMAC_PRF_SUPPORT   DISABLED
 
#define IKE_HMAC_PRF_SUPPORT   ENABLED
 
#define IKE_XCBC_MAC_PRF_SUPPORT   DISABLED
 
#define IKE_IDEA_SUPPORT   DISABLED
 
#define IKE_DES_SUPPORT   DISABLED
 
#define IKE_3DES_SUPPORT   DISABLED
 
#define IKE_AES_128_SUPPORT   ENABLED
 
#define IKE_AES_192_SUPPORT   ENABLED
 
#define IKE_AES_256_SUPPORT   ENABLED
 
#define IKE_CAMELLIA_128_SUPPORT   DISABLED
 
#define IKE_CAMELLIA_192_SUPPORT   DISABLED
 
#define IKE_CAMELLIA_256_SUPPORT   DISABLED
 
#define IKE_MD5_SUPPORT   DISABLED
 
#define IKE_SHA1_SUPPORT   ENABLED
 
#define IKE_SHA256_SUPPORT   ENABLED
 
#define IKE_SHA384_SUPPORT   ENABLED
 
#define IKE_SHA512_SUPPORT   ENABLED
 
#define IKE_TIGER_SUPPORT   DISABLED
 
#define IKE_DH_KE_SUPPORT   ENABLED
 
#define IKE_ECDH_KE_SUPPORT   ENABLED
 
#define IKE_RSA_SIGN_SUPPORT   ENABLED
 
#define IKE_RSA_PSS_SIGN_SUPPORT   DISABLED
 
#define IKE_DSA_SIGN_SUPPORT   DISABLED
 
#define IKE_ECDSA_SIGN_SUPPORT   ENABLED
 
#define IKE_ED25519_SIGN_SUPPORT   ENABLED
 
#define IKE_ED448_SIGN_SUPPORT   DISABLED
 
#define IKE_ECP_192_SUPPORT   DISABLED
 
#define IKE_ECP_224_SUPPORT   DISABLED
 
#define IKE_ECP_256_SUPPORT   ENABLED
 
#define IKE_ECP_384_SUPPORT   ENABLED
 
#define IKE_ECP_521_SUPPORT   DISABLED
 
#define IKE_BRAINPOOLP224R1_SUPPORT   DISABLED
 
#define IKE_BRAINPOOLP256R1_SUPPORT   DISABLED
 
#define IKE_BRAINPOOLP384R1_SUPPORT   DISABLED
 
#define IKE_BRAINPOOLP512R1_SUPPORT   DISABLED
 
#define IKE_CURVE25519_SUPPORT   ENABLED
 
#define IKE_CURVE448_SUPPORT   DISABLED
 
#define IKE_MIN_DH_MODULUS_SIZE   1024
 
#define IKE_MAX_DH_MODULUS_SIZE   2048
 
#define IKE_MIN_RSA_MODULUS_SIZE   1024
 
#define IKE_MAX_RSA_MODULUS_SIZE   4096
 
#define IKE_MIN_DSA_MODULUS_SIZE   1024
 
#define IKE_MAX_DSA_MODULUS_SIZE   4096
 
#define IKE_MAX_SA_KEY_MAT_LEN   392
 
#define IKE_MAX_CHILD_SA_KEY_MAT_LEN   200
 
#define ikeAllocMem(size)   osAllocMem(size)
 
#define ikeFreeMem(p)   osFreeMem(p)
 
#define IKE_MAX_DH_SHARED_SECRET_LEN   ((IKE_MAX_DH_MODULUS_SIZE + 7) / 8)
 
#define IKE_MAX_ECDH_SHARED_SECRET_LEN   66
 
#define IKE_MAX_SHARED_SECRET_LEN   IKE_MAX_DH_SHARED_SECRET_LEN
 
#define IKE_MAJOR_VERSION   2
 
#define IKE_MINOR_VERSION   0
 
#define IKE_PORT   500
 
#define IKE_ALT_PORT   4500
 
#define IKE_SPI_SIZE   8
 
#define IKE_SHA1_DIGEST_SIZE   20
 
#define IkeContext   struct _IkeContext
 
#define IkeSaEntry   struct _IkeSaEntry
 
#define IkeChildSaEntry   struct _IkeChildSaEntry
 

Typedefs

typedef error_t(* IkeCertVerifyCallback) (IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen)
 Certificate verification callback function. More...
 
typedef error_t(* IkeCookieGenerateCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, uint8_t *cookie, size_t *cookieLen)
 Cookie generation callback function. More...
 
typedef error_t(* IkeCookieVerifyCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, const uint8_t *cookie, size_t cookieLen)
 Cookie verification callback function. More...
 

Enumerations

enum  IkeExchangeType {
  IKE_EXCHANGE_TYPE_IKE_SA_INIT = 34, IKE_EXCHANGE_TYPE_IKE_AUTH = 35, IKE_EXCHANGE_TYPE_CREATE_CHILD_SA = 36, IKE_EXCHANGE_TYPE_INFORMATIONAL = 37,
  IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME = 38, IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE = 43
}
 Exchange types. More...
 
enum  IkeFlags { IKE_FLAGS_R = 0x20, IKE_FLAGS_V = 0x10, IKE_FLAGS_I = 0x08 }
 Flags. More...
 
enum  IkePayloadType {
  IKE_PAYLOAD_TYPE_LAST = 0, IKE_PAYLOAD_TYPE_SA = 33, IKE_PAYLOAD_TYPE_KE = 34, IKE_PAYLOAD_TYPE_IDI = 35,
  IKE_PAYLOAD_TYPE_IDR = 36, IKE_PAYLOAD_TYPE_CERT = 37, IKE_PAYLOAD_TYPE_CERTREQ = 38, IKE_PAYLOAD_TYPE_AUTH = 39,
  IKE_PAYLOAD_TYPE_NONCE = 40, IKE_PAYLOAD_TYPE_N = 41, IKE_PAYLOAD_TYPE_D = 42, IKE_PAYLOAD_TYPE_V = 43,
  IKE_PAYLOAD_TYPE_TSI = 44, IKE_PAYLOAD_TYPE_TSR = 45, IKE_PAYLOAD_TYPE_SK = 46, IKE_PAYLOAD_TYPE_CP = 47,
  IKE_PAYLOAD_TYPE_EAP = 48, IKE_PAYLOAD_TYPE_GSPM = 49, IKE_PAYLOAD_TYPE_SKF = 53, IKE_PAYLOAD_TYPE_PS = 54
}
 Payload types. More...
 
enum  IkeLastSubstruc { IKE_LAST_SUBSTRUC_LAST = 0, IKE_LAST_SUBSTRUC_MORE_PROPOSALS = 2, IKE_LAST_SUBSTRUC_MORE_TRANSFORMS = 3 }
 Last Substruc values. More...
 
enum  IkeProtocolId { IKE_PROTOCOL_ID_IKE = 1, IKE_PROTOCOL_ID_AH = 2, IKE_PROTOCOL_ID_ESP = 3 }
 Protocol IDs. More...
 
enum  IkeTransformType {
  IKE_TRANSFORM_TYPE_ENCR = 1, IKE_TRANSFORM_TYPE_PRF = 2, IKE_TRANSFORM_TYPE_INTEG = 3, IKE_TRANSFORM_TYPE_DH = 4,
  IKE_TRANSFORM_TYPE_ESN = 5
}
 Transform types. More...
 
enum  IkeTransformIdEncr {
  IKE_TRANSFORM_ID_ENCR_RESERVED = 0, IKE_TRANSFORM_ID_ENCR_DES_IV64 = 1, IKE_TRANSFORM_ID_ENCR_DES = 2, IKE_TRANSFORM_ID_ENCR_3DES = 3,
  IKE_TRANSFORM_ID_ENCR_RC5 = 4, IKE_TRANSFORM_ID_ENCR_IDEA = 5, IKE_TRANSFORM_ID_ENCR_CAST = 6, IKE_TRANSFORM_ID_ENCR_BLOWFISH = 7,
  IKE_TRANSFORM_ID_ENCR_3IDEA = 8, IKE_TRANSFORM_ID_ENCR_DES_IV32 = 9, IKE_TRANSFORM_ID_ENCR_NULL = 11, IKE_TRANSFORM_ID_ENCR_AES_CBC = 12,
  IKE_TRANSFORM_ID_ENCR_AES_CTR = 13, IKE_TRANSFORM_ID_ENCR_AES_CCM_8 = 14, IKE_TRANSFORM_ID_ENCR_AES_CCM_12 = 15, IKE_TRANSFORM_ID_ENCR_AES_CCM_16 = 16,
  IKE_TRANSFORM_ID_ENCR_AES_GCM_8 = 18, IKE_TRANSFORM_ID_ENCR_AES_GCM_12 = 19, IKE_TRANSFORM_ID_ENCR_AES_GCM_16 = 20, IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC = 21,
  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC = 23, IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR = 24, IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8 = 25, IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12 = 26,
  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16 = 27, IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305 = 28, IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV = 29, IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV = 30,
  IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV = 31, IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE = 32, IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE = 33, IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE = 34,
  IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE = 35
}
 Transform IDs (Encryption Algorithm) More...
 
enum  IkeTransformIdPrf {
  IKE_TRANSFORM_ID_PRF_RESERVED = 0, IKE_TRANSFORM_ID_PRF_HMAC_MD5 = 1, IKE_TRANSFORM_ID_PRF_HMAC_SHA1 = 2, IKE_TRANSFORM_ID_PRF_HMAC_TIGER = 3,
  IKE_TRANSFORM_ID_PRF_AES128_XCBC = 4, IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256 = 5, IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384 = 6, IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512 = 7,
  IKE_TRANSFORM_ID_PRF_AES128_CMAC = 8, IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512 = 9
}
 Transform IDs (Pseudorandom Function) More...
 
enum  IkeTransformIdAuth {
  IKE_TRANSFORM_ID_AUTH_NONE = 0, IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96 = 1, IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96 = 2, IKE_TRANSFORM_ID_AUTH_DES_MAC = 3,
  IKE_TRANSFORM_ID_AUTH_KPDK_MD5 = 4, IKE_TRANSFORM_ID_AUTH_AES_XCBC_96 = 5, IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128 = 6, IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160 = 7,
  IKE_TRANSFORM_ID_AUTH_AES_CMAC_96 = 8, IKE_TRANSFORM_ID_AUTH_AES_128_GMAC = 9, IKE_TRANSFORM_ID_AUTH_AES_192_GMAC = 10, IKE_TRANSFORM_ID_AUTH_AES_256_GMAC = 11,
  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128 = 12, IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192 = 13, IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256 = 14
}
 Transform IDs (Integrity Algorithm) More...
 
enum  IkeTransformIdDhGroup {
  IKE_TRANSFORM_ID_DH_GROUP_NONE = 0, IKE_TRANSFORM_ID_DH_GROUP_MODP_768 = 1, IKE_TRANSFORM_ID_DH_GROUP_MODP_1024 = 2, IKE_TRANSFORM_ID_DH_GROUP_MODP_1536 = 5,
  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048 = 14, IKE_TRANSFORM_ID_DH_GROUP_MODP_3072 = 15, IKE_TRANSFORM_ID_DH_GROUP_MODP_4096 = 16, IKE_TRANSFORM_ID_DH_GROUP_MODP_6144 = 17,
  IKE_TRANSFORM_ID_DH_GROUP_MODP_8192 = 18, IKE_TRANSFORM_ID_DH_GROUP_ECP_256 = 19, IKE_TRANSFORM_ID_DH_GROUP_ECP_384 = 20, IKE_TRANSFORM_ID_DH_GROUP_ECP_521 = 21,
  IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160 = 22, IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224 = 23, IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256 = 24, IKE_TRANSFORM_ID_DH_GROUP_ECP_192 = 25,
  IKE_TRANSFORM_ID_DH_GROUP_ECP_224 = 26, IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1 = 27, IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1 = 28, IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1 = 29,
  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1 = 30, IKE_TRANSFORM_ID_DH_GROUP_CURVE25519 = 31, IKE_TRANSFORM_ID_DH_GROUP_CURVE448 = 32, IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256 = 32,
  IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512 = 32
}
 Transform IDs (Diffie-Hellman Group) More...
 
enum  IkeTransformIdEsn { IKE_TRANSFORM_ID_ESN_NO = 0, IKE_TRANSFORM_ID_ESN_YES = 1 }
 Transform IDs (Extended Sequence Numbers) More...
 
enum  IkeTransformAttrFormat { IKE_ATTR_FORMAT_TLV = 0x0000, IKE_ATTR_FORMAT_TV = 0x8000 }
 Transform attribute format. More...
 
enum  IkeTransformAttrType { IKE_TRANSFORM_ATTR_TYPE_KEY_LEN = 14 }
 Transform attribute types. More...
 
enum  IkeIdType {
  IKE_ID_TYPE_INVALID = 0, IKE_ID_TYPE_IPV4_ADDR = 1, IKE_ID_TYPE_FQDN = 2, IKE_ID_TYPE_RFC822_ADDR = 3,
  IKE_ID_TYPE_IPV6_ADDR = 5, IKE_ID_TYPE_DER_ASN1_DN = 9, IKE_ID_TYPE_DER_ASN1_GN = 10, IKE_ID_TYPE_KEY_ID = 11,
  IKE_ID_TYPE_FC_NAME = 12, IKE_ID_TYPE_NULL = 13
}
 ID types. More...
 
enum  IkeCertEncoding {
  IKE_CERT_ENCODING_PKCS7_X509_CERT = 1, IKE_CERT_ENCODING_PGP_CERT = 2, IKE_CERT_ENCODING_DNS_SIGNED_KEY = 3, IKE_CERT_ENCODING_X509_CERT_SIGN = 4,
  IKE_CERT_ENCODING_KERBEROS_TOKEN = 6, IKE_CERT_ENCODING_CRL = 7, IKE_CERT_ENCODING_ARL = 8, IKE_CERT_ENCODING_SPKI_CERT = 9,
  IKE_CERT_ENCODING_X509_CERT_ATTR = 10, IKE_CERT_ENCODING_RAW_RSA_KEY = 11, IKE_CERT_ENCODING_HASH_URL_X509_CERT = 12, IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE = 13,
  IKE_CERT_ENCODING_OCSP_CONTENT = 14, IKE_CERT_ENCODING_RAW_PUBLIC_KEY = 15
}
 Certificate encodings. More...
 
enum  IkeAuthMethod {
  IKE_AUTH_METHOD_RSA = 1, IKE_AUTH_METHOD_SHARED_KEY = 2, IKE_AUTH_METHOD_DSS = 3, IKE_AUTH_METHOD_ECDSA_P256_SHA256 = 9,
  IKE_AUTH_METHOD_ECDSA_P384_SHA384 = 10, IKE_AUTH_METHOD_ECDSA_P521_SHA512 = 11, IKE_AUTH_METHOD_GSPAM = 12, IKE_AUTH_METHOD_NULL = 13,
  IKE_AUTH_METHOD_DIGITAL_SIGN = 14
}
 Authentication methods. More...
 
enum  IkeNotifyMsgType {
  IKE_NOTIFY_MSG_TYPE_NONE = 0, IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1, IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI = 4, IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION = 5,
  IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX = 7, IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID = 9, IKE_NOTIFY_MSG_TYPE_INVALID_SPI = 11, IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN = 14,
  IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD = 17, IKE_NOTIFY_MSG_TYPE_AUTH_FAILED = 24, IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED = 34, IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS = 35,
  IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE = 36, IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED = 37, IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE = 38, IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS = 39,
  IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES = 40, IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED = 41, IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA = 42, IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE = 43,
  IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND = 44, IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID = 45, IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED = 46, IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND = 47,
  IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT = 16384, IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE = 16385, IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE = 16386, IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED = 16387,
  IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP = 16388, IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP = 16389, IKE_NOTIFY_MSG_TYPE_COOKIE = 16390, IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE = 16391,
  IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED = 16392, IKE_NOTIFY_MSG_TYPE_REKEY_SA = 16393, IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED = 16394, IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO = 16395,
  IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED = 16396, IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS = 16397, IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS = 16398, IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES = 16399,
  IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES = 16400, IKE_NOTIFY_MSG_TYPE_COOKIE2 = 16401, IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED = 16402, IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME = 16403,
  IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED = 16404, IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS = 16405, IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED = 16406, IKE_NOTIFY_MSG_TYPE_REDIRECT = 16407,
  IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM = 16408, IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE = 16409, IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST = 16410, IKE_NOTIFY_MSG_TYPE_TICKET_ACK = 16411,
  IKE_NOTIFY_MSG_TYPE_TICKET_NACK = 16412, IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE = 16413, IKE_NOTIFY_MSG_TYPE_LINK_ID = 16414, IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE = 16415,
  IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED = 16416, IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION = 16417, IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED = 16418, IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION = 16419,
  IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED = 16420, IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC = 16422, IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC = 16423,
  IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS = 16424, IKE_NOTIFY_MSG_TYPE_PSK_PERSIST = 16425, IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM = 16426, IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED = 16427,
  IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY = 16428, IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID = 16429, IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED = 16430, IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS = 16431,
  IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED = 16432, IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA = 16433, IKE_NOTIFY_MSG_TYPE_PUZZLE = 16434, IKE_NOTIFY_MSG_TYPE_USE_PPK = 16435,
  IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY = 16436, IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH = 16437, IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED = 16438, IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED = 16439,
  IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED = 16440, IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE = 16441, IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG = 16442, IKE_NOTIFY_MSG_TYPE_R_U_THERE = 36136,
  IKE_NOTIFY_MSG_TYPE_R_U_THERE_ACK = 36137
}
 Notify message types. More...
 
enum  IkeTsType { IKE_TS_TYPE_IPV4_ADDR_RANGE = 7, IKE_TS_TYPE_IPV6_ADDR_RANGE = 8 }
 Traffic selector types. More...
 
enum  IkeIpProtocolId { IKE_IP_PROTOCOL_ID_ICMP = 1, IKE_IP_PROTOCOL_ID_TCP = 6, IKE_IP_PROTOCOL_ID_UDP = 17, IKE_IP_PROTOCOL_ID_ICMPV6 = 58 }
 IP protocol IDs. More...
 
enum  IkeConfigType { IKE_CONFIG_TYPE_REQUEST = 1, IKE_CONFIG_TYPE_REPLY = 2, IKE_CONFIG_TYPE_SET = 3, IKE_CONFIG_TYPE_ACK = 4 }
 Configuration types. More...
 
enum  IkeAttrType {
  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS = 1, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK = 2, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS = 3, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS = 4,
  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP = 6, IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION = 7, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS = 8, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS = 10,
  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP = 12, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET = 13, IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES = 14, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET = 15,
  IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX = 16, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK = 17, IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX = 18, IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS = 20,
  IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS = 21, IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN = 25, IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA = 26
}
 Configuration attribute types. More...
 
enum  IkeSaState {
  IKE_SA_STATE_CLOSED = 0, IKE_SA_STATE_RESERVED = 1, IKE_SA_STATE_INIT_REQ = 2, IKE_SA_STATE_INIT_RESP = 3,
  IKE_SA_STATE_AUTH_REQ = 4, IKE_SA_STATE_AUTH_RESP = 5, IKE_SA_STATE_OPEN = 6, IKE_SA_STATE_DPD_REQ = 7,
  IKE_SA_STATE_DPD_RESP = 8, IKE_SA_STATE_REKEY_REQ = 9, IKE_SA_STATE_REKEY_RESP = 10, IKE_SA_STATE_DELETE_REQ = 11,
  IKE_SA_STATE_DELETE_RESP = 12, IKE_SA_STATE_CREATE_CHILD_REQ = 13, IKE_SA_STATE_CREATE_CHILD_RESP = 14, IKE_SA_STATE_REKEY_CHILD_REQ = 15,
  IKE_SA_STATE_REKEY_CHILD_RESP = 16, IKE_SA_STATE_DELETE_CHILD_REQ = 17, IKE_SA_STATE_DELETE_CHILD_RESP = 18, IKE_SA_STATE_AUTH_FAILURE_REQ = 19,
  IKE_SA_STATE_AUTH_FAILURE_RESP = 20
}
 IKE Security Association state. More...
 
enum  IkeChildSaState {
  IKE_CHILD_SA_STATE_CLOSED = 0, IKE_CHILD_SA_STATE_RESERVED = 1, IKE_CHILD_SA_STATE_INIT = 2, IKE_CHILD_SA_STATE_OPEN = 3,
  IKE_CHILD_SA_STATE_REKEY = 4, IKE_CHILD_SA_STATE_DELETE = 5
}
 Child Security Association state. More...
 
enum  IkeHashAlgo {
  IKE_HASH_ALGO_SHA1 = 1, IKE_HASH_ALGO_SHA256 = 2, IKE_HASH_ALGO_SHA384 = 3, IKE_HASH_ALGO_SHA512 = 4,
  IKE_HASH_ALGO_IDENTITY = 5
}
 Hash algorithms. More...
 
enum  IkeCertType {
  IKE_CERT_TYPE_INVALID = 0, IKE_CERT_TYPE_RSA = 1, IKE_CERT_TYPE_RSA_PSS = 2, IKE_CERT_TYPE_DSA = 3,
  IKE_CERT_TYPE_ECDSA_P256 = 4, IKE_CERT_TYPE_ECDSA_P384 = 5, IKE_CERT_TYPE_ECDSA_P521 = 6, IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1 = 7,
  IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1 = 8, IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1 = 9, IKE_CERT_TYPE_ED25519 = 10, IKE_CERT_TYPE_ED448 = 11
}
 Certificate types. More...
 

Functions

void ikeGetDefaultSettings (IkeSettings *settings)
 Initialize settings with default values. More...
 
error_t ikeInit (IkeContext *context, const IkeSettings *settings)
 IKE service initialization. More...
 
error_t ikeStart (IkeContext *context)
 Start IKE service. More...
 
error_t ikeStop (IkeContext *context)
 Stop IKE service. More...
 
error_t ikeSetPreferredDhGroup (IkeContext *context, uint16_t dhGroupNum)
 Specify the preferred Diffie-Hellman group. More...
 
error_t ikeSetId (IkeContext *context, IkeIdType idType, const void *id, size_t idLen)
 Set entity's ID. More...
 
error_t ikeSetPsk (IkeContext *context, const uint8_t *psk, size_t pskLen)
 Set entity's pre-shared key. More...
 
error_t ikeSetCertificate (IkeContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
 Load entity's certificate. More...
 
error_t ikeCreateSa (IkeContext *context, const IpsecPacketInfo *packet)
 
error_t ikeRekeySa (IkeSaEntry *sa)
 
error_t ikeDeleteSa (IkeSaEntry *sa)
 Delete an IKE SA. More...
 
error_t ikeCreateChildSa (IkeContext *context, const IpsecPacketInfo *packet)
 Create a new Child SA. More...
 
error_t ikeRekeyChildSa (IkeChildSaEntry *childSa)
 
error_t ikeDeleteChildSa (IkeChildSaEntry *childSa)
 Delete a Child SA. More...
 
void ikeTask (IkeContext *context)
 IKE task. More...
 
void ikeDeinit (IkeContext *context)
 Release IKE context. More...
 

Variables

typedef __packed_struct
 IKE header. More...
 
uint8_t responderSpi [IKE_SPI_SIZE]
 
uint8_t nextPayload
 
uint8_t minorVersion
 
uint8_t majorVersion
 
uint8_t exchangeType
 
uint8_t flags
 
uint32_t messageId
 
uint32_t length
 
 IkeHeader
 
uint8_t reserved
 
uint8_t critical
 
uint16_t payloadLength
 
 IkePayloadHeader
 
uint8_t proposals []
 
 IkeSaPayload
 
uint16_t proposalLength
 
uint8_t proposalNum
 
uint8_t protocolId
 
uint8_t spiSize
 
uint8_t numTransforms
 
uint8_t spi []
 
 IkeProposal
 
uint8_t reserved1
 
uint16_t transformLength
 
uint8_t transformType
 
uint8_t reserved2
 
uint16_t transformId
 
uint8_t transformAttr []
 
 IkeTransform
 
uint8_t value []
 
 IkeTransformAttr
 
uint16_t dhGroupNum
 
uint8_t keyExchangeData []
 
 IkeKePayload
 
uint8_t idType
 
uint8_t idData []
 
 IkeIdPayload
 
uint8_t certEncoding
 
uint8_t certData []
 
 IkeCertPayload
 
uint8_t certAuthority []
 
 IkeCertReqPayload
 
uint8_t authMethod
 
uint8_t authData []
 
 IkeAuthPayload
 
uint8_t algoId []
 
 IkeAuthData
 
uint8_t nonceData []
 
 IkeNoncePayload
 
uint16_t notifyMsgType
 
 IkeNotifyPayload
 
uint16_t numSpi
 
 IkeDeletePayload
 
uint8_t vid []
 
 IkeVendorIdPayload
 
uint8_t numTs
 
uint8_t trafficSelectors []
 
 IkeTsPayload
 
uint8_t ipProtocolId
 
uint16_t selectorLength
 
uint16_t startPort
 
uint16_t endPort
 
uint8_t startAddr []
 
 IkeTs
 
uint8_t iv []
 
 IkeEncryptedPayload
 
uint8_t configType
 
uint8_t configAttributes []
 
 IkeConfigPayload
 
 IkeConfigAttr
 
uint8_t eapMessage []
 
 IkeEapPayload
 
uint8_t identifier
 
uint8_t type
 
uint8_t data []
 
 IkeEapMessage
 
uint16_t fragNum
 
uint16_t totalFrags
 
 IkeEncryptedFragPayload
 

Detailed Description

IKEv2 (Internet Key Exchange Protocol)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneIPSEC Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file ike.h.

Macro Definition Documentation

◆ IKE_3DES_SUPPORT

#define IKE_3DES_SUPPORT   DISABLED

Definition at line 348 of file ike.h.

◆ IKE_AES_128_SUPPORT

#define IKE_AES_128_SUPPORT   ENABLED

Definition at line 355 of file ike.h.

◆ IKE_AES_192_SUPPORT

#define IKE_AES_192_SUPPORT   ENABLED

Definition at line 362 of file ike.h.

◆ IKE_AES_256_SUPPORT

#define IKE_AES_256_SUPPORT   ENABLED

Definition at line 369 of file ike.h.

◆ IKE_ALT_PORT

#define IKE_ALT_PORT   4500

Definition at line 669 of file ike.h.

◆ IKE_BRAINPOOLP224R1_SUPPORT

#define IKE_BRAINPOOLP224R1_SUPPORT   DISABLED

Definition at line 530 of file ike.h.

◆ IKE_BRAINPOOLP256R1_SUPPORT

#define IKE_BRAINPOOLP256R1_SUPPORT   DISABLED

Definition at line 537 of file ike.h.

◆ IKE_BRAINPOOLP384R1_SUPPORT

#define IKE_BRAINPOOLP384R1_SUPPORT   DISABLED

Definition at line 544 of file ike.h.

◆ IKE_BRAINPOOLP512R1_SUPPORT

#define IKE_BRAINPOOLP512R1_SUPPORT   DISABLED

Definition at line 551 of file ike.h.

◆ IKE_CAMELLIA_128_SUPPORT

#define IKE_CAMELLIA_128_SUPPORT   DISABLED

Definition at line 376 of file ike.h.

◆ IKE_CAMELLIA_192_SUPPORT

#define IKE_CAMELLIA_192_SUPPORT   DISABLED

Definition at line 383 of file ike.h.

◆ IKE_CAMELLIA_256_SUPPORT

#define IKE_CAMELLIA_256_SUPPORT   DISABLED

Definition at line 390 of file ike.h.

◆ IKE_CBC_SUPPORT

#define IKE_CBC_SUPPORT   ENABLED

Definition at line 229 of file ike.h.

◆ IKE_CCM_12_SUPPORT

#define IKE_CCM_12_SUPPORT   DISABLED

Definition at line 250 of file ike.h.

◆ IKE_CCM_16_SUPPORT

#define IKE_CCM_16_SUPPORT   DISABLED

Definition at line 257 of file ike.h.

◆ IKE_CCM_8_SUPPORT

#define IKE_CCM_8_SUPPORT   DISABLED

Definition at line 243 of file ike.h.

◆ IKE_CERT_AUTH_SUPPORT

#define IKE_CERT_AUTH_SUPPORT   ENABLED

Definition at line 82 of file ike.h.

◆ IKE_CHACHA20_POLY1305_SUPPORT

#define IKE_CHACHA20_POLY1305_SUPPORT   ENABLED

Definition at line 285 of file ike.h.

◆ IKE_CMAC_AUTH_SUPPORT

#define IKE_CMAC_AUTH_SUPPORT   DISABLED

Definition at line 292 of file ike.h.

◆ IKE_CMAC_PRF_SUPPORT

#define IKE_CMAC_PRF_SUPPORT   DISABLED

Definition at line 313 of file ike.h.

◆ IKE_COOKIE_SUPPORT

#define IKE_COOKIE_SUPPORT   DISABLED

Definition at line 96 of file ike.h.

◆ IKE_CREATE_CHILD_SA_SUPPORT

#define IKE_CREATE_CHILD_SA_SUPPORT   ENABLED

Definition at line 117 of file ike.h.

◆ IKE_CTR_SUPPORT

#define IKE_CTR_SUPPORT   DISABLED

Definition at line 236 of file ike.h.

◆ IKE_CURVE25519_SUPPORT

#define IKE_CURVE25519_SUPPORT   ENABLED

Definition at line 558 of file ike.h.

◆ IKE_CURVE448_SUPPORT

#define IKE_CURVE448_SUPPORT   DISABLED

Definition at line 565 of file ike.h.

◆ IKE_DEFAULT_CHILD_SA_LIFETIME

#define IKE_DEFAULT_CHILD_SA_LIFETIME   3600000

Definition at line 75 of file ike.h.

◆ IKE_DEFAULT_NONCE_SIZE

#define IKE_DEFAULT_NONCE_SIZE   32

Definition at line 194 of file ike.h.

◆ IKE_DEFAULT_SA_LIFETIME

#define IKE_DEFAULT_SA_LIFETIME   14400000

Definition at line 68 of file ike.h.

◆ IKE_DES_SUPPORT

#define IKE_DES_SUPPORT   DISABLED

Definition at line 341 of file ike.h.

◆ IKE_DH_KE_SUPPORT

#define IKE_DH_KE_SUPPORT   ENABLED

Definition at line 439 of file ike.h.

◆ IKE_DPD_SUPPORT

#define IKE_DPD_SUPPORT   ENABLED

Definition at line 124 of file ike.h.

◆ IKE_DSA_SIGN_SUPPORT

#define IKE_DSA_SIGN_SUPPORT   DISABLED

Definition at line 467 of file ike.h.

◆ IKE_ECDH_KE_SUPPORT

#define IKE_ECDH_KE_SUPPORT   ENABLED

Definition at line 446 of file ike.h.

◆ IKE_ECDSA_SIGN_SUPPORT

#define IKE_ECDSA_SIGN_SUPPORT   ENABLED

Definition at line 474 of file ike.h.

◆ IKE_ECP_192_SUPPORT

#define IKE_ECP_192_SUPPORT   DISABLED

Definition at line 495 of file ike.h.

◆ IKE_ECP_224_SUPPORT

#define IKE_ECP_224_SUPPORT   DISABLED

Definition at line 502 of file ike.h.

◆ IKE_ECP_256_SUPPORT

#define IKE_ECP_256_SUPPORT   ENABLED

Definition at line 509 of file ike.h.

◆ IKE_ECP_384_SUPPORT

#define IKE_ECP_384_SUPPORT   ENABLED

Definition at line 516 of file ike.h.

◆ IKE_ECP_521_SUPPORT

#define IKE_ECP_521_SUPPORT   DISABLED

Definition at line 523 of file ike.h.

◆ IKE_ED25519_SIGN_SUPPORT

#define IKE_ED25519_SIGN_SUPPORT   ENABLED

Definition at line 481 of file ike.h.

◆ IKE_ED448_SIGN_SUPPORT

#define IKE_ED448_SIGN_SUPPORT   DISABLED

Definition at line 488 of file ike.h.

◆ IKE_GCM_12_SUPPORT

#define IKE_GCM_12_SUPPORT   DISABLED

Definition at line 271 of file ike.h.

◆ IKE_GCM_16_SUPPORT

#define IKE_GCM_16_SUPPORT   ENABLED

Definition at line 278 of file ike.h.

◆ IKE_GCM_8_SUPPORT

#define IKE_GCM_8_SUPPORT   DISABLED

Definition at line 264 of file ike.h.

◆ IKE_HALF_OPEN_TIMEOUT

#define IKE_HALF_OPEN_TIMEOUT   30000

Definition at line 152 of file ike.h.

◆ IKE_HMAC_AUTH_SUPPORT

#define IKE_HMAC_AUTH_SUPPORT   ENABLED

Definition at line 299 of file ike.h.

◆ IKE_HMAC_PRF_SUPPORT

#define IKE_HMAC_PRF_SUPPORT   ENABLED

Definition at line 320 of file ike.h.

◆ IKE_IDEA_SUPPORT

#define IKE_IDEA_SUPPORT   DISABLED

Definition at line 334 of file ike.h.

◆ IKE_INIT_TIMEOUT

#define IKE_INIT_TIMEOUT   3000

Definition at line 138 of file ike.h.

◆ IKE_INITIAL_CONTACT_SUPPORT

#define IKE_INITIAL_CONTACT_SUPPORT   ENABLED

Definition at line 103 of file ike.h.

◆ IKE_MAJOR_VERSION

#define IKE_MAJOR_VERSION   2

Definition at line 662 of file ike.h.

◆ IKE_MAX_CHILD_SA_KEY_MAT_LEN

#define IKE_MAX_CHILD_SA_KEY_MAT_LEN   200

Definition at line 621 of file ike.h.

◆ IKE_MAX_COOKIE_SIZE

#define IKE_MAX_COOKIE_SIZE   64

Definition at line 180 of file ike.h.

◆ IKE_MAX_DH_MODULUS_SIZE

#define IKE_MAX_DH_MODULUS_SIZE   2048

Definition at line 579 of file ike.h.

◆ IKE_MAX_DH_SHARED_SECRET_LEN

#define IKE_MAX_DH_SHARED_SECRET_LEN   ((IKE_MAX_DH_MODULUS_SIZE + 7) / 8)

Definition at line 638 of file ike.h.

◆ IKE_MAX_DSA_MODULUS_SIZE

#define IKE_MAX_DSA_MODULUS_SIZE   4096

Definition at line 607 of file ike.h.

◆ IKE_MAX_ECDH_SHARED_SECRET_LEN

#define IKE_MAX_ECDH_SHARED_SECRET_LEN   66

Definition at line 645 of file ike.h.

◆ IKE_MAX_ID_LEN

#define IKE_MAX_ID_LEN   64

Definition at line 208 of file ike.h.

◆ IKE_MAX_MSG_SIZE

#define IKE_MAX_MSG_SIZE   1452

Definition at line 166 of file ike.h.

◆ IKE_MAX_NONCE_SIZE

#define IKE_MAX_NONCE_SIZE   64

Definition at line 201 of file ike.h.

◆ IKE_MAX_PASSWORD_LEN

#define IKE_MAX_PASSWORD_LEN   32

Definition at line 222 of file ike.h.

◆ IKE_MAX_PSK_LEN

#define IKE_MAX_PSK_LEN   64

Definition at line 215 of file ike.h.

◆ IKE_MAX_RETRIES

#define IKE_MAX_RETRIES   5

Definition at line 131 of file ike.h.

◆ IKE_MAX_RSA_MODULUS_SIZE

#define IKE_MAX_RSA_MODULUS_SIZE   4096

Definition at line 593 of file ike.h.

◆ IKE_MAX_SA_KEY_MAT_LEN

#define IKE_MAX_SA_KEY_MAT_LEN   392

Definition at line 614 of file ike.h.

◆ IKE_MAX_SHARED_SECRET_LEN

#define IKE_MAX_SHARED_SECRET_LEN   IKE_MAX_DH_SHARED_SECRET_LEN

Definition at line 656 of file ike.h.

◆ IKE_MAX_TIMEOUT

#define IKE_MAX_TIMEOUT   60000

Definition at line 145 of file ike.h.

◆ IKE_MD5_SUPPORT

#define IKE_MD5_SUPPORT   DISABLED

Definition at line 397 of file ike.h.

◆ IKE_MIN_COOKIE_SIZE

#define IKE_MIN_COOKIE_SIZE   1

Definition at line 173 of file ike.h.

◆ IKE_MIN_DH_MODULUS_SIZE

#define IKE_MIN_DH_MODULUS_SIZE   1024

Definition at line 572 of file ike.h.

◆ IKE_MIN_DSA_MODULUS_SIZE

#define IKE_MIN_DSA_MODULUS_SIZE   1024

Definition at line 600 of file ike.h.

◆ IKE_MIN_NONCE_SIZE

#define IKE_MIN_NONCE_SIZE   16

Definition at line 187 of file ike.h.

◆ IKE_MIN_RSA_MODULUS_SIZE

#define IKE_MIN_RSA_MODULUS_SIZE   1024

Definition at line 586 of file ike.h.

◆ IKE_MINOR_VERSION

#define IKE_MINOR_VERSION   0

Definition at line 664 of file ike.h.

◆ IKE_PORT

#define IKE_PORT   500

Definition at line 667 of file ike.h.

◆ IKE_PRIORITY

#define IKE_PRIORITY   OS_TASK_PRIORITY_NORMAL

Definition at line 56 of file ike.h.

◆ IKE_PSK_AUTH_SUPPORT

#define IKE_PSK_AUTH_SUPPORT   ENABLED

Definition at line 89 of file ike.h.

◆ IKE_RANDOM_JITTER

#define IKE_RANDOM_JITTER   10

Definition at line 159 of file ike.h.

◆ IKE_RSA_PSS_SIGN_SUPPORT

#define IKE_RSA_PSS_SIGN_SUPPORT   DISABLED

Definition at line 460 of file ike.h.

◆ IKE_RSA_SIGN_SUPPORT

#define IKE_RSA_SIGN_SUPPORT   ENABLED

Definition at line 453 of file ike.h.

◆ IKE_SHA1_DIGEST_SIZE

#define IKE_SHA1_DIGEST_SIZE   20

Definition at line 674 of file ike.h.

◆ IKE_SHA1_SUPPORT

#define IKE_SHA1_SUPPORT   ENABLED

Definition at line 404 of file ike.h.

◆ IKE_SHA256_SUPPORT

#define IKE_SHA256_SUPPORT   ENABLED

Definition at line 411 of file ike.h.

◆ IKE_SHA384_SUPPORT

#define IKE_SHA384_SUPPORT   ENABLED

Definition at line 418 of file ike.h.

◆ IKE_SHA512_SUPPORT

#define IKE_SHA512_SUPPORT   ENABLED

Definition at line 425 of file ike.h.

◆ IKE_SIGN_HASH_ALGOS_SUPPORT

#define IKE_SIGN_HASH_ALGOS_SUPPORT   ENABLED

Definition at line 110 of file ike.h.

◆ IKE_SPI_SIZE

#define IKE_SPI_SIZE   8

Definition at line 672 of file ike.h.

◆ IKE_STACK_SIZE

#define IKE_STACK_SIZE   650

Definition at line 49 of file ike.h.

◆ IKE_SUPPORT

#define IKE_SUPPORT   ENABLED

Definition at line 42 of file ike.h.

◆ IKE_TICK_INTERVAL

#define IKE_TICK_INTERVAL   500

Definition at line 61 of file ike.h.

◆ IKE_TIGER_SUPPORT

#define IKE_TIGER_SUPPORT   DISABLED

Definition at line 432 of file ike.h.

◆ IKE_XCBC_MAC_AUTH_SUPPORT

#define IKE_XCBC_MAC_AUTH_SUPPORT   DISABLED

Definition at line 306 of file ike.h.

◆ IKE_XCBC_MAC_PRF_SUPPORT

#define IKE_XCBC_MAC_PRF_SUPPORT   DISABLED

Definition at line 327 of file ike.h.

◆ ikeAllocMem

#define ikeAllocMem (   size)    osAllocMem(size)

Definition at line 628 of file ike.h.

◆ IkeChildSaEntry

#define IkeChildSaEntry   struct _IkeChildSaEntry

Definition at line 686 of file ike.h.

◆ IkeContext

#define IkeContext   struct _IkeContext

Definition at line 678 of file ike.h.

◆ ikeFreeMem

#define ikeFreeMem (   p)    osFreeMem(p)

Definition at line 633 of file ike.h.

◆ IkeSaEntry

#define IkeSaEntry   struct _IkeSaEntry

Definition at line 682 of file ike.h.

Typedef Documentation

◆ IkeCertVerifyCallback

typedef error_t(* IkeCertVerifyCallback) (IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen)

Certificate verification callback function.

Definition at line 1581 of file ike.h.

◆ IkeCookieGenerateCallback

typedef error_t(* IkeCookieGenerateCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, uint8_t *cookie, size_t *cookieLen)

Cookie generation callback function.

Definition at line 1589 of file ike.h.

◆ IkeCookieVerifyCallback

typedef error_t(* IkeCookieVerifyCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, const uint8_t *cookie, size_t cookieLen)

Cookie verification callback function.

Definition at line 1598 of file ike.h.

Enumeration Type Documentation

◆ IkeAttrType

enum IkeAttrType

Configuration attribute types.

Enumerator
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP 
IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET 
IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET 
IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK 
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX 
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS 
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS 
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN 
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA 

Definition at line 1134 of file ike.h.

◆ IkeAuthMethod

enum IkeAuthMethod

Authentication methods.

Enumerator
IKE_AUTH_METHOD_RSA 

RSA Digital Signature.

IKE_AUTH_METHOD_SHARED_KEY 

Shared Key Message Integrity Code.

IKE_AUTH_METHOD_DSS 

DSS Digital Signature.

IKE_AUTH_METHOD_ECDSA_P256_SHA256 

ECDSA with SHA-256 on the P-256 curve.

IKE_AUTH_METHOD_ECDSA_P384_SHA384 

ECDSA with SHA-384 on the P-384 curve.

IKE_AUTH_METHOD_ECDSA_P521_SHA512 

ECDSA with SHA-512 on the P-521 curve.

IKE_AUTH_METHOD_GSPAM 

Generic Secure Password Authentication Method.

IKE_AUTH_METHOD_NULL 

NULL Authentication.

IKE_AUTH_METHOD_DIGITAL_SIGN 

Digital Signature.

Definition at line 985 of file ike.h.

◆ IkeCertEncoding

enum IkeCertEncoding

Certificate encodings.

Enumerator
IKE_CERT_ENCODING_PKCS7_X509_CERT 

PKCS #7 wrapped X.509 certificate.

IKE_CERT_ENCODING_PGP_CERT 

PGP certificate.

IKE_CERT_ENCODING_DNS_SIGNED_KEY 

DNS signed key.

IKE_CERT_ENCODING_X509_CERT_SIGN 

X.509 certificate - signature.

IKE_CERT_ENCODING_KERBEROS_TOKEN 

Kerberos token.

IKE_CERT_ENCODING_CRL 

Certificate revocation list.

IKE_CERT_ENCODING_ARL 

Authority revocation list.

IKE_CERT_ENCODING_SPKI_CERT 

SPKI certificate.

IKE_CERT_ENCODING_X509_CERT_ATTR 

X.509 certificate - attribute.

IKE_CERT_ENCODING_RAW_RSA_KEY 

Raw RSA key (deprecated)

IKE_CERT_ENCODING_HASH_URL_X509_CERT 

Hash and URL of X.509 certificate.

IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE 

Hash and URL of X.509 bundle.

IKE_CERT_ENCODING_OCSP_CONTENT 

OCSP Content.

IKE_CERT_ENCODING_RAW_PUBLIC_KEY 

Raw Public Key.

Definition at line 962 of file ike.h.

◆ IkeCertType

enum IkeCertType

Certificate types.

Enumerator
IKE_CERT_TYPE_INVALID 
IKE_CERT_TYPE_RSA 
IKE_CERT_TYPE_RSA_PSS 
IKE_CERT_TYPE_DSA 
IKE_CERT_TYPE_ECDSA_P256 
IKE_CERT_TYPE_ECDSA_P384 
IKE_CERT_TYPE_ECDSA_P521 
IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1 
IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1 
IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1 
IKE_CERT_TYPE_ED25519 
IKE_CERT_TYPE_ED448 

Definition at line 1221 of file ike.h.

◆ IkeChildSaState

enum IkeChildSaState

Child Security Association state.

Enumerator
IKE_CHILD_SA_STATE_CLOSED 
IKE_CHILD_SA_STATE_RESERVED 
IKE_CHILD_SA_STATE_INIT 
IKE_CHILD_SA_STATE_OPEN 
IKE_CHILD_SA_STATE_REKEY 
IKE_CHILD_SA_STATE_DELETE 

Definition at line 1192 of file ike.h.

◆ IkeConfigType

enum IkeConfigType

Configuration types.

Enumerator
IKE_CONFIG_TYPE_REQUEST 
IKE_CONFIG_TYPE_REPLY 
IKE_CONFIG_TYPE_SET 
IKE_CONFIG_TYPE_ACK 

Definition at line 1121 of file ike.h.

◆ IkeExchangeType

enum IkeExchangeType

Exchange types.

Enumerator
IKE_EXCHANGE_TYPE_IKE_SA_INIT 

IKE_SA_INIT.

IKE_EXCHANGE_TYPE_IKE_AUTH 

IKE_AUTH.

IKE_EXCHANGE_TYPE_CREATE_CHILD_SA 

CREATE_CHILD_SA.

IKE_EXCHANGE_TYPE_INFORMATIONAL 

INFORMATIONAL.

IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME 

IKE_SESSION_RESUME.

IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE 

IKE_INTERMEDIATE.

Definition at line 698 of file ike.h.

◆ IkeFlags

enum IkeFlags

Flags.

Enumerator
IKE_FLAGS_R 

Response flag.

IKE_FLAGS_V 

Version flag.

IKE_FLAGS_I 

Initiator flag.

Definition at line 713 of file ike.h.

◆ IkeHashAlgo

enum IkeHashAlgo

Hash algorithms.

Enumerator
IKE_HASH_ALGO_SHA1 
IKE_HASH_ALGO_SHA256 
IKE_HASH_ALGO_SHA384 
IKE_HASH_ALGO_SHA512 
IKE_HASH_ALGO_IDENTITY 

Definition at line 1207 of file ike.h.

◆ IkeIdType

enum IkeIdType

ID types.

Enumerator
IKE_ID_TYPE_INVALID 
IKE_ID_TYPE_IPV4_ADDR 
IKE_ID_TYPE_FQDN 
IKE_ID_TYPE_RFC822_ADDR 
IKE_ID_TYPE_IPV6_ADDR 
IKE_ID_TYPE_DER_ASN1_DN 
IKE_ID_TYPE_DER_ASN1_GN 
IKE_ID_TYPE_KEY_ID 
IKE_ID_TYPE_FC_NAME 
IKE_ID_TYPE_NULL 

Definition at line 943 of file ike.h.

◆ IkeIpProtocolId

enum IkeIpProtocolId

IP protocol IDs.

Enumerator
IKE_IP_PROTOCOL_ID_ICMP 
IKE_IP_PROTOCOL_ID_TCP 
IKE_IP_PROTOCOL_ID_UDP 
IKE_IP_PROTOCOL_ID_ICMPV6 

Definition at line 1108 of file ike.h.

◆ IkeLastSubstruc

enum IkeLastSubstruc

Last Substruc values.

Enumerator
IKE_LAST_SUBSTRUC_LAST 

Last proposal/transform substructure.

IKE_LAST_SUBSTRUC_MORE_PROPOSALS 

More proposal substructures.

IKE_LAST_SUBSTRUC_MORE_TRANSFORMS 

More transform substructures.

Definition at line 754 of file ike.h.

◆ IkeNotifyMsgType

enum IkeNotifyMsgType

Notify message types.

Enumerator
IKE_NOTIFY_MSG_TYPE_NONE 
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD 
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI 
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION 
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX 
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID 
IKE_NOTIFY_MSG_TYPE_INVALID_SPI 
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN 
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD 
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED 
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED 
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS 
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE 
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED 
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE 
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS 
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES 
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED 
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA 
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE 
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND 
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID 
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED 
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND 
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT 
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE 
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE 
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP 
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP 
IKE_NOTIFY_MSG_TYPE_COOKIE 
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE 
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_REKEY_SA 
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO 
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS 
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS 
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES 
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES 
IKE_NOTIFY_MSG_TYPE_COOKIE2 
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED 
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME 
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS 
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_REDIRECT 
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM 
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE 
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST 
IKE_NOTIFY_MSG_TYPE_TICKET_ACK 
IKE_NOTIFY_MSG_TYPE_TICKET_NACK 
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE 
IKE_NOTIFY_MSG_TYPE_LINK_ID 
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE 
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION 
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION 
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC 
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC 
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS 
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST 
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM 
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY 
IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID 
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS 
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA 
IKE_NOTIFY_MSG_TYPE_PUZZLE 
IKE_NOTIFY_MSG_TYPE_USE_PPK 
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY 
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH 
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED 
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED 
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED 
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE 
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG 
IKE_NOTIFY_MSG_TYPE_R_U_THERE 
IKE_NOTIFY_MSG_TYPE_R_U_THERE_ACK 

Definition at line 1003 of file ike.h.

◆ IkePayloadType

enum IkePayloadType

Payload types.

Enumerator
IKE_PAYLOAD_TYPE_LAST 

No Next Payload.

IKE_PAYLOAD_TYPE_SA 

Security Association.

IKE_PAYLOAD_TYPE_KE 

Key Exchange.

IKE_PAYLOAD_TYPE_IDI 

Identification - Initiator.

IKE_PAYLOAD_TYPE_IDR 

Identification - Responder.

IKE_PAYLOAD_TYPE_CERT 

Certificate.

IKE_PAYLOAD_TYPE_CERTREQ 

Certificate Request.

IKE_PAYLOAD_TYPE_AUTH 

Authentication.

IKE_PAYLOAD_TYPE_NONCE 

Nonce.

IKE_PAYLOAD_TYPE_N 

Notify.

IKE_PAYLOAD_TYPE_D 

Delete.

IKE_PAYLOAD_TYPE_V 

Vendor ID.

IKE_PAYLOAD_TYPE_TSI 

Traffic Selector - Initiator.

IKE_PAYLOAD_TYPE_TSR 

Traffic Selector - Responder.

IKE_PAYLOAD_TYPE_SK 

Encrypted and Authenticated.

IKE_PAYLOAD_TYPE_CP 

Configuration.

IKE_PAYLOAD_TYPE_EAP 

Extensible Authentication.

IKE_PAYLOAD_TYPE_GSPM 

Generic Secure Password Method.

IKE_PAYLOAD_TYPE_SKF 

Encrypted and Authenticated Fragment.

IKE_PAYLOAD_TYPE_PS 

Puzzle Solution.

Definition at line 725 of file ike.h.

◆ IkeProtocolId

enum IkeProtocolId

Protocol IDs.

Enumerator
IKE_PROTOCOL_ID_IKE 

IKE protocol.

IKE_PROTOCOL_ID_AH 

AH protocol.

IKE_PROTOCOL_ID_ESP 

ESP protocol.

Definition at line 766 of file ike.h.

◆ IkeSaState

enum IkeSaState

IKE Security Association state.

Enumerator
IKE_SA_STATE_CLOSED 
IKE_SA_STATE_RESERVED 
IKE_SA_STATE_INIT_REQ 
IKE_SA_STATE_INIT_RESP 
IKE_SA_STATE_AUTH_REQ 
IKE_SA_STATE_AUTH_RESP 
IKE_SA_STATE_OPEN 
IKE_SA_STATE_DPD_REQ 
IKE_SA_STATE_DPD_RESP 
IKE_SA_STATE_REKEY_REQ 
IKE_SA_STATE_REKEY_RESP 
IKE_SA_STATE_DELETE_REQ 
IKE_SA_STATE_DELETE_RESP 
IKE_SA_STATE_CREATE_CHILD_REQ 
IKE_SA_STATE_CREATE_CHILD_RESP 
IKE_SA_STATE_REKEY_CHILD_REQ 
IKE_SA_STATE_REKEY_CHILD_RESP 
IKE_SA_STATE_DELETE_CHILD_REQ 
IKE_SA_STATE_DELETE_CHILD_RESP 
IKE_SA_STATE_AUTH_FAILURE_REQ 
IKE_SA_STATE_AUTH_FAILURE_RESP 

Definition at line 1162 of file ike.h.

◆ IkeTransformAttrFormat

enum IkeTransformAttrFormat

Transform attribute format.

Enumerator
IKE_ATTR_FORMAT_TLV 

Type/Length/Value format.

IKE_ATTR_FORMAT_TV 

shortened Type/Value format

Definition at line 922 of file ike.h.

◆ IkeTransformAttrType

enum IkeTransformAttrType

Transform attribute types.

Enumerator
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN 

Key Length (in bits)

Definition at line 933 of file ike.h.

◆ IkeTransformIdAuth

enum IkeTransformIdAuth

Transform IDs (Integrity Algorithm)

Enumerator
IKE_TRANSFORM_ID_AUTH_NONE 
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96 
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96 
IKE_TRANSFORM_ID_AUTH_DES_MAC 
IKE_TRANSFORM_ID_AUTH_KPDK_MD5 
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96 
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128 
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160 
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96 
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC 
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC 
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC 
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128 
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192 
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256 

Definition at line 853 of file ike.h.

◆ IkeTransformIdDhGroup

enum IkeTransformIdDhGroup

Transform IDs (Diffie-Hellman Group)

Enumerator
IKE_TRANSFORM_ID_DH_GROUP_NONE 

None.

IKE_TRANSFORM_ID_DH_GROUP_MODP_768 

768-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_1024 

1024-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_1536 

1536-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_2048 

2048-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_3072 

3072-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_4096 

4096-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_6144 

6144-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_8192 

8192-bit MODP Group

IKE_TRANSFORM_ID_DH_GROUP_ECP_256 

256-bit Random ECP Group

IKE_TRANSFORM_ID_DH_GROUP_ECP_384 

384-bit Random ECP Group

IKE_TRANSFORM_ID_DH_GROUP_ECP_521 

521-bit Random ECP Group

IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160 

1024-bit MODP Group with 160-bit Prime Order Subgroup

IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224 

2048-bit MODP Group with 224-bit Prime Order Subgroup

IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256 

2048-bit MODP Group with 256-bit Prime Order Subgroup

IKE_TRANSFORM_ID_DH_GROUP_ECP_192 

192-bit Random ECP Group

IKE_TRANSFORM_ID_DH_GROUP_ECP_224 

224-bit Random ECP Group

IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1 

224-bit Brainpool ECP Group

IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1 

256-bit Brainpool ECP Group

IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1 

384-bit Brainpool ECP Group

IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1 

512-bit Brainpool ECP Group

IKE_TRANSFORM_ID_DH_GROUP_CURVE25519 

Curve25519.

IKE_TRANSFORM_ID_DH_GROUP_CURVE448 

Curve448.

IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256 

GOST3410_2012_256.

IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512 

GOST3410_2012_512.

Definition at line 877 of file ike.h.

◆ IkeTransformIdEncr

enum IkeTransformIdEncr

Transform IDs (Encryption Algorithm)

Enumerator
IKE_TRANSFORM_ID_ENCR_RESERVED 
IKE_TRANSFORM_ID_ENCR_DES_IV64 
IKE_TRANSFORM_ID_ENCR_DES 
IKE_TRANSFORM_ID_ENCR_3DES 
IKE_TRANSFORM_ID_ENCR_RC5 
IKE_TRANSFORM_ID_ENCR_IDEA 
IKE_TRANSFORM_ID_ENCR_CAST 
IKE_TRANSFORM_ID_ENCR_BLOWFISH 
IKE_TRANSFORM_ID_ENCR_3IDEA 
IKE_TRANSFORM_ID_ENCR_DES_IV32 
IKE_TRANSFORM_ID_ENCR_NULL 
IKE_TRANSFORM_ID_ENCR_AES_CBC 
IKE_TRANSFORM_ID_ENCR_AES_CTR 
IKE_TRANSFORM_ID_ENCR_AES_CCM_8 
IKE_TRANSFORM_ID_ENCR_AES_CCM_12 
IKE_TRANSFORM_ID_ENCR_AES_CCM_16 
IKE_TRANSFORM_ID_ENCR_AES_GCM_8 
IKE_TRANSFORM_ID_ENCR_AES_GCM_12 
IKE_TRANSFORM_ID_ENCR_AES_GCM_16 
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC 
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC 
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR 
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8 
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12 
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16 
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305 
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV 
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV 
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV 
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE 
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE 
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE 
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE 

Definition at line 792 of file ike.h.

◆ IkeTransformIdEsn

enum IkeTransformIdEsn

Transform IDs (Extended Sequence Numbers)

Enumerator
IKE_TRANSFORM_ID_ESN_NO 

No Extended Sequence Numbers.

IKE_TRANSFORM_ID_ESN_YES 

Extended Sequence Numbers.

Definition at line 911 of file ike.h.

◆ IkeTransformIdPrf

enum IkeTransformIdPrf

Transform IDs (Pseudorandom Function)

Enumerator
IKE_TRANSFORM_ID_PRF_RESERVED 
IKE_TRANSFORM_ID_PRF_HMAC_MD5 
IKE_TRANSFORM_ID_PRF_HMAC_SHA1 
IKE_TRANSFORM_ID_PRF_HMAC_TIGER 
IKE_TRANSFORM_ID_PRF_AES128_XCBC 
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256 
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384 
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512 
IKE_TRANSFORM_ID_PRF_AES128_CMAC 
IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512 

Definition at line 834 of file ike.h.

◆ IkeTransformType

enum IkeTransformType

Transform types.

Enumerator
IKE_TRANSFORM_TYPE_ENCR 

Encryption Algorithm.

IKE_TRANSFORM_TYPE_PRF 

Pseudorandom Function.

IKE_TRANSFORM_TYPE_INTEG 

Integrity Algorithm.

IKE_TRANSFORM_TYPE_DH 

Diffie-Hellman Group.

IKE_TRANSFORM_TYPE_ESN 

Extended Sequence Numbers.

Definition at line 778 of file ike.h.

◆ IkeTsType

enum IkeTsType

Traffic selector types.

Enumerator
IKE_TS_TYPE_IPV4_ADDR_RANGE 
IKE_TS_TYPE_IPV6_ADDR_RANGE 

Definition at line 1097 of file ike.h.

Function Documentation

◆ ikeCreateChildSa()

error_t ikeCreateChildSa ( IkeContext context,
const IpsecPacketInfo packet 
)

Create a new Child SA.

Parameters
[in]contextPointer to the IKE context
[in]packetTriggering packet
Returns
Error code

Definition at line 577 of file ike.c.

◆ ikeCreateSa()

error_t ikeCreateSa ( IkeContext context,
const IpsecPacketInfo packet 
)

◆ ikeDeinit()

void ikeDeinit ( IkeContext context)

Release IKE context.

Parameters
[in]contextPointer to the IKE context

Definition at line 777 of file ike.c.

◆ ikeDeleteChildSa()

error_t ikeDeleteChildSa ( IkeChildSaEntry childSa)

Delete a Child SA.

Parameters
[in]childSaPointer to the Child SA to delete
Returns
Error code

Definition at line 681 of file ike.c.

◆ ikeDeleteSa()

error_t ikeDeleteSa ( IkeSaEntry sa)

Delete an IKE SA.

Parameters
[in]saPointer to the IKE SA to delete
Returns
Error code

Definition at line 542 of file ike.c.

◆ ikeGetDefaultSettings()

void ikeGetDefaultSettings ( IkeSettings settings)

Initialize settings with default values.

Parameters
[out]settingsStructure that contains IKE settings

Definition at line 56 of file ike.c.

◆ ikeInit()

error_t ikeInit ( IkeContext context,
const IkeSettings settings 
)

IKE service initialization.

Parameters
[in]contextPointer to the IKE context
[in]settingsIKE specific settings
Returns
Error code

Definition at line 109 of file ike.c.

◆ ikeRekeyChildSa()

error_t ikeRekeyChildSa ( IkeChildSaEntry childSa)

◆ ikeRekeySa()

error_t ikeRekeySa ( IkeSaEntry sa)

◆ ikeSetCertificate()

error_t ikeSetCertificate ( IkeContext context,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen,
const char_t password 
)

Load entity's certificate.

Parameters
[in]contextPointer to the IKE context
[in]certChainCertificate chain (PEM format). This parameter is taken as reference
[in]certChainLenLength of the certificate chain
[in]privateKeyPrivate key (PEM format). This parameter is taken as reference
[in]privateKeyLenLength of the private key
[in]passwordNULL-terminated string containing the password. This parameter is required if the private key is encrypted
Returns
Error code

Definition at line 426 of file ike.c.

◆ ikeSetId()

error_t ikeSetId ( IkeContext context,
IkeIdType  idType,
const void *  id,
size_t  idLen 
)

Set entity's ID.

Parameters
[in]contextPointer to the IKE context
[in]idTypeID type
[in]idPointer to the identification data
[in]idLenLength of the identification data, in bytes
Returns
Error code

Definition at line 359 of file ike.c.

◆ ikeSetPreferredDhGroup()

error_t ikeSetPreferredDhGroup ( IkeContext context,
uint16_t  dhGroupNum 
)

Specify the preferred Diffie-Hellman group.

Parameters
[in]contextPointer to the IKE context
[in]dhGroupNumPreferred Diffie-Hellman group number
Returns
Error code

Definition at line 332 of file ike.c.

◆ ikeSetPsk()

error_t ikeSetPsk ( IkeContext context,
const uint8_t *  psk,
size_t  pskLen 
)

Set entity's pre-shared key.

Parameters
[in]contextPointer to the IKE context
[in]pskPointer to the pre-shared key
[in]pskLenLength of the pre-shared key, in bytes
Returns
Error code

Definition at line 388 of file ike.c.

◆ ikeStart()

error_t ikeStart ( IkeContext context)

Start IKE service.

Parameters
[in]contextPointer to the IKE context
Returns
Error code

Definition at line 207 of file ike.c.

◆ ikeStop()

error_t ikeStop ( IkeContext context)

Stop IKE service.

Parameters
[in]contextPointer to the IKE context
Returns
Error code

Definition at line 290 of file ike.c.

◆ ikeTask()

void ikeTask ( IkeContext context)

IKE task.

Parameters
[in]contextPointer to the IKE context

Definition at line 714 of file ike.c.

Variable Documentation

◆ __packed_struct

typedef __packed_struct
Initial value:
{
uint8_t initiatorSpi[IKE_SPI_SIZE]

IKE header.

Encrypted Fragment payload.

EAP message.

EAP payload.

Configuration attribute.

Configuration payload.

Encrypted payload.

Traffic selector.

Traffic Selector payload.

Vendor ID payload.

Delete payload.

Notify payload.

Nonce payload.

Authentication data for digital signatures.

Authentication payload.

Certificate Request payload.

Certificate payload.

Identification payload.

Key Exchange payload.

Transform attribute.

Transform substructure.

Proposal substructure.

Security Association payload.

Generic payload header.

Definition at line 1250 of file ike.h.

◆ algoId

uint8_t algoId[]

Definition at line 1413 of file ike.h.

◆ authData

uint8_t authData[]

Definition at line 1402 of file ike.h.

◆ authMethod

uint8_t authMethod

Definition at line 1400 of file ike.h.

◆ certAuthority

uint8_t certAuthority[]

Definition at line 1389 of file ike.h.

◆ certData

uint8_t certData[]

Definition at line 1377 of file ike.h.

◆ certEncoding

uint8_t certEncoding

Definition at line 1376 of file ike.h.

◆ configAttributes

uint8_t configAttributes[]

Definition at line 1515 of file ike.h.

◆ configType

uint8_t configType

Definition at line 1513 of file ike.h.

◆ critical

uint8_t critical

Definition at line 1281 of file ike.h.

◆ data

uint8_t data[]

Definition at line 1552 of file ike.h.

◆ dhGroupNum

uint16_t dhGroupNum

Definition at line 1350 of file ike.h.

◆ eapMessage

uint8_t eapMessage[]

Definition at line 1538 of file ike.h.

◆ endPort

uint16_t endPort

Definition at line 1490 of file ike.h.

◆ exchangeType

uint8_t exchangeType

Definition at line 1262 of file ike.h.

◆ flags

uint8_t flags

Definition at line 1263 of file ike.h.

◆ fragNum

uint16_t fragNum

Definition at line 1563 of file ike.h.

◆ idData

uint8_t idData[]

Definition at line 1365 of file ike.h.

◆ identifier

uint8_t identifier

Definition at line 1549 of file ike.h.

◆ idType

uint8_t idType

Definition at line 1363 of file ike.h.

◆ IkeAuthData

IkeAuthData

Definition at line 1414 of file ike.h.

◆ IkeAuthPayload

IkeAuthPayload

Definition at line 1403 of file ike.h.

◆ IkeCertPayload

IkeCertPayload

Definition at line 1378 of file ike.h.

◆ IkeCertReqPayload

IkeCertReqPayload

Definition at line 1390 of file ike.h.

◆ IkeConfigAttr

IkeConfigAttr

Definition at line 1528 of file ike.h.

◆ IkeConfigPayload

IkeConfigPayload

Definition at line 1516 of file ike.h.

◆ IkeDeletePayload

IkeDeletePayload

Definition at line 1453 of file ike.h.

◆ IkeEapMessage

IkeEapMessage

Definition at line 1553 of file ike.h.

◆ IkeEapPayload

IkeEapPayload

Definition at line 1539 of file ike.h.

◆ IkeEncryptedFragPayload

IkeEncryptedFragPayload

Definition at line 1566 of file ike.h.

◆ IkeEncryptedPayload

IkeEncryptedPayload

Definition at line 1503 of file ike.h.

◆ IkeHeader

IkeHeader

Definition at line 1266 of file ike.h.

◆ IkeIdPayload

IkeIdPayload

Definition at line 1366 of file ike.h.

◆ IkeKePayload

IkeKePayload

Definition at line 1353 of file ike.h.

◆ IkeNoncePayload

IkeNoncePayload

Definition at line 1425 of file ike.h.

◆ IkeNotifyPayload

IkeNotifyPayload

Definition at line 1439 of file ike.h.

◆ IkePayloadHeader

IkePayloadHeader

Definition at line 1284 of file ike.h.

◆ IkeProposal

IkeProposal

Definition at line 1312 of file ike.h.

◆ IkeSaPayload

IkeSaPayload

Definition at line 1295 of file ike.h.

◆ IkeTransform

IkeTransform

Definition at line 1328 of file ike.h.

◆ IkeTransformAttr

IkeTransformAttr

Definition at line 1340 of file ike.h.

◆ IkeTs

IkeTs

Definition at line 1492 of file ike.h.

◆ IkeTsPayload

IkeTsPayload

Definition at line 1477 of file ike.h.

◆ IkeVendorIdPayload

IkeVendorIdPayload

Definition at line 1464 of file ike.h.

◆ ipProtocolId

uint8_t ipProtocolId

Definition at line 1487 of file ike.h.

◆ iv

uint8_t iv

Definition at line 1502 of file ike.h.

◆ keyExchangeData

uint8_t keyExchangeData[]

Definition at line 1352 of file ike.h.

◆ length

uint16_t length

Definition at line 1265 of file ike.h.

◆ majorVersion

uint8_t majorVersion

Definition at line 1260 of file ike.h.

◆ messageId

uint32_t messageId

Definition at line 1264 of file ike.h.

◆ minorVersion

uint8_t minorVersion

Definition at line 1259 of file ike.h.

◆ nextPayload

uint8_t nextPayload

Definition at line 1254 of file ike.h.

◆ nonceData

uint8_t nonceData[]

Definition at line 1424 of file ike.h.

◆ notifyMsgType

uint16_t notifyMsgType

Definition at line 1437 of file ike.h.

◆ numSpi

uint16_t numSpi

Definition at line 1451 of file ike.h.

◆ numTransforms

uint8_t numTransforms

Definition at line 1310 of file ike.h.

◆ numTs

uint8_t numTs

Definition at line 1474 of file ike.h.

◆ payloadLength

uint16_t payloadLength

Definition at line 1283 of file ike.h.

◆ proposalLength

uint16_t proposalLength

Definition at line 1306 of file ike.h.

◆ proposalNum

uint8_t proposalNum

Definition at line 1307 of file ike.h.

◆ proposals

uint8_t proposals[]

Definition at line 1294 of file ike.h.

◆ protocolId

uint8_t protocolId

Definition at line 1308 of file ike.h.

◆ reserved

uint8_t reserved[3]

Definition at line 1280 of file ike.h.

◆ reserved1

uint8_t reserved1

Definition at line 1322 of file ike.h.

◆ reserved2

uint8_t reserved2

Definition at line 1325 of file ike.h.

◆ responderSpi

uint8_t responderSpi[IKE_SPI_SIZE]

Definition at line 1253 of file ike.h.

◆ selectorLength

uint16_t selectorLength

Definition at line 1488 of file ike.h.

◆ spi

uint8_t spi[]

Definition at line 1311 of file ike.h.

◆ spiSize

uint8_t spiSize

Definition at line 1309 of file ike.h.

◆ startAddr

uint8_t startAddr[]

Definition at line 1491 of file ike.h.

◆ startPort

uint16_t startPort

Definition at line 1489 of file ike.h.

◆ totalFrags

uint16_t totalFrags

Definition at line 1564 of file ike.h.

◆ trafficSelectors

uint8_t trafficSelectors[]

Definition at line 1476 of file ike.h.

◆ transformAttr

uint8_t transformAttr[]

Definition at line 1327 of file ike.h.

◆ transformId

uint16_t transformId

Definition at line 1326 of file ike.h.

◆ transformLength

uint16_t transformLength

Definition at line 1323 of file ike.h.

◆ transformType

uint8_t transformType

Definition at line 1324 of file ike.h.

◆ type

uint8_t type

Definition at line 1551 of file ike.h.

◆ value

uint8_t value[]

Definition at line 1339 of file ike.h.

◆ vid

uint8_t vid[]

Definition at line 1463 of file ike.h.

IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:672