ike.h
Go to the documentation of this file.
1 /**
2  * @file ike.h
3  * @brief IKEv2 (Internet Key Exchange Protocol)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 #ifndef _IKE_H
32 #define _IKE_H
33 
34 //Dependencies
35 #include "ipsec/ipsec.h"
36 #include "cipher/cipher_algorithms.h"
37 #include "pkc/key_exch_algorithms.h"
38 #include "pkix/x509_common.h"
39 
40 //IKEv2 support
41 #ifndef IKE_SUPPORT
42  #define IKE_SUPPORT ENABLED
43 #elif (IKE_SUPPORT != ENABLED && IKE_SUPPORT != DISABLED)
44  #error IKE_SUPPORT parameter is not valid
45 #endif
46 
47 //Stack size required to run the IKE service
48 #ifndef IKE_STACK_SIZE
49  #define IKE_STACK_SIZE 650
50 #elif (IKE_STACK_SIZE < 1)
51  #error IKE_STACK_SIZE parameter is not valid
52 #endif
53 
54 //Priority at which the IKE service should run
55 #ifndef IKE_PRIORITY
56  #define IKE_PRIORITY OS_TASK_PRIORITY_NORMAL
57 #endif
58 
59 //IKE tick interval
60 #ifndef IKE_TICK_INTERVAL
61  #define IKE_TICK_INTERVAL 500
62 #elif (IKE_TICK_INTERVAL < 100)
63  #error IKE_TICK_INTERVAL parameter is not valid
64 #endif
65 
66 //Default lifetime for IKE SAs
67 #ifndef IKE_DEFAULT_SA_LIFETIME
68  #define IKE_DEFAULT_SA_LIFETIME 14400000
69 #elif (IKE_DEFAULT_SA_LIFETIME < 1000)
70  #error IKE_DEFAULT_SA_LIFETIME parameter is not valid
71 #endif
72 
73 //Default lifetime for Child SAs
74 #ifndef IKE_DEFAULT_CHILD_SA_LIFETIME
75  #define IKE_DEFAULT_CHILD_SA_LIFETIME 3600000
76 #elif (IKE_DEFAULT_CHILD_SA_LIFETIME < 1000)
77  #error IKE_DEFAULT_CHILD_SA_LIFETIME parameter is not valid
78 #endif
79 
80 //Certificate authentication
81 #ifndef IKE_CERT_AUTH_SUPPORT
82  #define IKE_CERT_AUTH_SUPPORT ENABLED
83 #elif (IKE_CERT_AUTH_SUPPORT != ENABLED && IKE_CERT_AUTH_SUPPORT != DISABLED)
84  #error IKE_CERT_AUTH_SUPPORT parameter is not valid
85 #endif
86 
87 //Pre-shared key authentication
88 #ifndef IKE_PSK_AUTH_SUPPORT
89  #define IKE_PSK_AUTH_SUPPORT ENABLED
90 #elif (IKE_PSK_AUTH_SUPPORT != ENABLED && IKE_PSK_AUTH_SUPPORT != DISABLED)
91  #error IKE_PSK_AUTH_SUPPORT parameter is not valid
92 #endif
93 
94 //Cookie support
95 #ifndef IKE_COOKIE_SUPPORT
96  #define IKE_COOKIE_SUPPORT DISABLED
97 #elif (IKE_COOKIE_SUPPORT != ENABLED && IKE_COOKIE_SUPPORT != DISABLED)
98  #error IKE_COOKIE_SUPPORT parameter is not valid
99 #endif
100 
101 //INITIAL_CONTACT notification support
102 #ifndef IKE_INITIAL_CONTACT_SUPPORT
103  #define IKE_INITIAL_CONTACT_SUPPORT ENABLED
104 #elif (IKE_INITIAL_CONTACT_SUPPORT != ENABLED && IKE_INITIAL_CONTACT_SUPPORT != DISABLED)
105  #error IKE_INITIAL_CONTACT_SUPPORT parameter is not valid
106 #endif
107 
108 //SIGNATURE_HASH_ALGORITHMS notification support
109 #ifndef IKE_SIGN_HASH_ALGOS_SUPPORT
110  #define IKE_SIGN_HASH_ALGOS_SUPPORT ENABLED
111 #elif (IKE_SIGN_HASH_ALGOS_SUPPORT != ENABLED && IKE_SIGN_HASH_ALGOS_SUPPORT != DISABLED)
112  #error IKE_SIGN_HASH_ALGOS_SUPPORT parameter is not valid
113 #endif
114 
115 //CREATE_CHILD_SA support
116 #ifndef IKE_CREATE_CHILD_SA_SUPPORT
117  #define IKE_CREATE_CHILD_SA_SUPPORT ENABLED
118 #elif (IKE_CREATE_CHILD_SA_SUPPORT != ENABLED && IKE_CREATE_CHILD_SA_SUPPORT != DISABLED)
119  #error IKE_CREATE_CHILD_SA_SUPPORT parameter is not valid
120 #endif
121 
122 //Dead peer detection support
123 #ifndef IKE_DPD_SUPPORT
124  #define IKE_DPD_SUPPORT ENABLED
125 #elif (IKE_DPD_SUPPORT != ENABLED && IKE_DPD_SUPPORT != DISABLED)
126  #error IKE_DPD_SUPPORT parameter is not valid
127 #endif
128 
129 //Maximum number of retransmissions of IKE requests
130 #ifndef IKE_MAX_RETRIES
131  #define IKE_MAX_RETRIES 5
132 #elif (IKE_MAX_RETRIES < 1)
133  #error IKE_MAX_RETRIES parameter is not valid
134 #endif
135 
136 //Initial retransmission timeout
137 #ifndef IKE_INIT_TIMEOUT
138  #define IKE_INIT_TIMEOUT 3000
139 #elif (IKE_INIT_TIMEOUT < 1000)
140  #error IKE_INIT_TIMEOUT parameter is not valid
141 #endif
142 
143 //Maximum retransmission timeout
144 #ifndef IKE_MAX_TIMEOUT
145  #define IKE_MAX_TIMEOUT 60000
146 #elif (IKE_MAX_TIMEOUT < 1000)
147  #error IKE_MAX_TIMEOUT parameter is not valid
148 #endif
149 
150 //Timeout for half-open IKE SAs
151 #ifndef IKE_HALF_OPEN_TIMEOUT
152  #define IKE_HALF_OPEN_TIMEOUT 30000
153 #elif (IKE_HALF_OPEN_TIMEOUT < 1000)
154  #error IKE_HALF_OPEN_TIMEOUT parameter is not valid
155 #endif
156 
157 //Maximum jitter in percent applied randomly to calculated timeouts
158 #ifndef IKE_RANDOM_JITTER
159  #define IKE_RANDOM_JITTER 10
160 #elif (IKE_RANDOM_JITTER < 0 || IKE_RANDOM_JITTER > 100)
161  #error IKE_RANDOM_JITTER parameter is not valid
162 #endif
163 
164 //Maximum size of IKE messages
165 #ifndef IKE_MAX_MSG_SIZE
166  #define IKE_MAX_MSG_SIZE 1452
167 #elif (IKE_MAX_MSG_SIZE < 1280)
168  #error IKE_MAX_MSG_SIZE parameter is not valid
169 #endif
170 
171 //Minimum size for cookies
172 #ifndef IKE_MIN_COOKIE_SIZE
173  #define IKE_MIN_COOKIE_SIZE 1
174 #elif (IKE_MIN_COOKIE_SIZE < 1)
175  #error IKE_MIN_COOKIE_SIZE parameter is not valid
176 #endif
177 
178 //Maximum size for cookies
179 #ifndef IKE_MAX_COOKIE_SIZE
180  #define IKE_MAX_COOKIE_SIZE 64
181 #elif (IKE_MAX_COOKIE_SIZE < 64)
182  #error IKE_MAX_COOKIE_SIZE parameter is not valid
183 #endif
184 
185 //Minimum size for nonce
186 #ifndef IKE_MIN_NONCE_SIZE
187  #define IKE_MIN_NONCE_SIZE 16
188 #elif (IKE_MIN_NONCE_SIZE < 16 || IKE_MIN_NONCE_SIZE > 256)
189  #error IKE_MIN_NONCE_SIZE parameter is not valid
190 #endif
191 
192 //Default size for nonce
193 #ifndef IKE_DEFAULT_NONCE_SIZE
194  #define IKE_DEFAULT_NONCE_SIZE 32
195 #elif (IKE_DEFAULT_NONCE_SIZE < 16 || IKE_DEFAULT_NONCE_SIZE > 256)
196  #error IKE_DEFAULT_NONCE_SIZE parameter is not valid
197 #endif
198 
199 //Maximum size for nonce
200 #ifndef IKE_MAX_NONCE_SIZE
201  #define IKE_MAX_NONCE_SIZE 64
202 #elif (IKE_MAX_NONCE_SIZE < 16 || IKE_MAX_NONCE_SIZE > 256)
203  #error IKE_MAX_NONCE_SIZE parameter is not valid
204 #endif
205 
206 //Maximum length of ID
207 #ifndef IKE_MAX_ID_LEN
208  #define IKE_MAX_ID_LEN 64
209 #elif (IKE_MAX_ID_LEN < 0)
210  #error IKE_MAX_ID_LEN is not valid
211 #endif
212 
213 //Maximum length of pre-shared keys
214 #ifndef IKE_MAX_PSK_LEN
215  #define IKE_MAX_PSK_LEN 64
216 #elif (IKE_MAX_PSK_LEN < 0)
217  #error IKE_MAX_PSK_LEN is not valid
218 #endif
219 
220 //Maximum length of password
221 #ifndef IKE_MAX_PASSWORD_LEN
222  #define IKE_MAX_PASSWORD_LEN 32
223 #elif (IKE_MAX_PASSWORD_LEN < 0)
224  #error IKE_MAX_PASSWORD_LEN parameter is not valid
225 #endif
226 
227 //CBC cipher mode support
228 #ifndef IKE_CBC_SUPPORT
229  #define IKE_CBC_SUPPORT ENABLED
230 #elif (IKE_CBC_SUPPORT != ENABLED && IKE_CBC_SUPPORT != DISABLED)
231  #error IKE_CBC_SUPPORT parameter is not valid
232 #endif
233 
234 //CTR cipher mode support
235 #ifndef IKE_CTR_SUPPORT
236  #define IKE_CTR_SUPPORT DISABLED
237 #elif (IKE_CTR_SUPPORT != ENABLED && IKE_CTR_SUPPORT != DISABLED)
238  #error IKE_CTR_SUPPORT parameter is not valid
239 #endif
240 
241 //CCM_8 AEAD support
242 #ifndef IKE_CCM_8_SUPPORT
243  #define IKE_CCM_8_SUPPORT DISABLED
244 #elif (IKE_CCM_8_SUPPORT != ENABLED && IKE_CCM_8_SUPPORT != DISABLED)
245  #error IKE_CCM_8_SUPPORT parameter is not valid
246 #endif
247 
248 //CCM_12 AEAD support
249 #ifndef IKE_CCM_12_SUPPORT
250  #define IKE_CCM_12_SUPPORT DISABLED
251 #elif (IKE_CCM_12_SUPPORT != ENABLED && IKE_CCM_12_SUPPORT != DISABLED)
252  #error IKE_CCM_12_SUPPORT parameter is not valid
253 #endif
254 
255 //CCM_16 AEAD support
256 #ifndef IKE_CCM_16_SUPPORT
257  #define IKE_CCM_16_SUPPORT DISABLED
258 #elif (IKE_CCM_16_SUPPORT != ENABLED && IKE_CCM_16_SUPPORT != DISABLED)
259  #error IKE_CCM_16_SUPPORT parameter is not valid
260 #endif
261 
262 //GCM_8 AEAD support
263 #ifndef IKE_GCM_8_SUPPORT
264  #define IKE_GCM_8_SUPPORT DISABLED
265 #elif (IKE_GCM_8_SUPPORT != ENABLED && IKE_GCM_8_SUPPORT != DISABLED)
266  #error IKE_GCM_8_SUPPORT parameter is not valid
267 #endif
268 
269 //GCM_12 AEAD support
270 #ifndef IKE_GCM_12_SUPPORT
271  #define IKE_GCM_12_SUPPORT DISABLED
272 #elif (IKE_GCM_12_SUPPORT != ENABLED && IKE_GCM_12_SUPPORT != DISABLED)
273  #error IKE_GCM_12_SUPPORT parameter is not valid
274 #endif
275 
276 //GCM_16 AEAD support
277 #ifndef IKE_GCM_16_SUPPORT
278  #define IKE_GCM_16_SUPPORT ENABLED
279 #elif (IKE_GCM_16_SUPPORT != ENABLED && IKE_GCM_16_SUPPORT != DISABLED)
280  #error IKE_GCM_16_SUPPORT parameter is not valid
281 #endif
282 
283 //ChaCha20Poly1305 AEAD support
284 #ifndef IKE_CHACHA20_POLY1305_SUPPORT
285  #define IKE_CHACHA20_POLY1305_SUPPORT ENABLED
286 #elif (IKE_CHACHA20_POLY1305_SUPPORT != ENABLED && IKE_CHACHA20_POLY1305_SUPPORT != DISABLED)
287  #error IKE_CHACHA20_POLY1305_SUPPORT parameter is not valid
288 #endif
289 
290 //CMAC integrity support
291 #ifndef IKE_CMAC_AUTH_SUPPORT
292  #define IKE_CMAC_AUTH_SUPPORT DISABLED
293 #elif (IKE_CMAC_AUTH_SUPPORT != ENABLED && IKE_CMAC_AUTH_SUPPORT != DISABLED)
294  #error IKE_CMAC_AUTH_SUPPORT parameter is not valid
295 #endif
296 
297 //HMAC integrity support
298 #ifndef IKE_HMAC_AUTH_SUPPORT
299  #define IKE_HMAC_AUTH_SUPPORT ENABLED
300 #elif (IKE_HMAC_AUTH_SUPPORT != ENABLED && IKE_HMAC_AUTH_SUPPORT != DISABLED)
301  #error IKE_HMAC_AUTH_SUPPORT parameter is not valid
302 #endif
303 
304 //KMAC128 integrity support (experimental)
305 #ifndef IKE_KMAC128_AUTH_SUPPORT
306  #define IKE_KMAC128_AUTH_SUPPORT DISABLED
307 #elif (IKE_KMAC128_AUTH_SUPPORT != ENABLED && IKE_KMAC128_AUTH_SUPPORT != DISABLED)
308  #error IKE_KMAC128_AUTH_SUPPORT parameter is not valid
309 #endif
310 
311 //KMAC256 integrity support (experimental)
312 #ifndef IKE_KMAC256_AUTH_SUPPORT
313  #define IKE_KMAC256_AUTH_SUPPORT DISABLED
314 #elif (IKE_KMAC256_AUTH_SUPPORT != ENABLED && IKE_KMAC256_AUTH_SUPPORT != DISABLED)
315  #error IKE_KMAC256_AUTH_SUPPORT parameter is not valid
316 #endif
317 
318 //XCBC-MAC integrity support
319 #ifndef IKE_XCBC_MAC_AUTH_SUPPORT
320  #define IKE_XCBC_MAC_AUTH_SUPPORT DISABLED
321 #elif (IKE_XCBC_MAC_AUTH_SUPPORT != ENABLED && IKE_XCBC_MAC_AUTH_SUPPORT != DISABLED)
322  #error IKE_XCBC_MAC_AUTH_SUPPORT parameter is not valid
323 #endif
324 
325 //CMAC PRF support
326 #ifndef IKE_CMAC_PRF_SUPPORT
327  #define IKE_CMAC_PRF_SUPPORT DISABLED
328 #elif (IKE_CMAC_PRF_SUPPORT != ENABLED && IKE_CMAC_PRF_SUPPORT != DISABLED)
329  #error IKE_CMAC_PRF_SUPPORT parameter is not valid
330 #endif
331 
332 //HMAC PRF support
333 #ifndef IKE_HMAC_PRF_SUPPORT
334  #define IKE_HMAC_PRF_SUPPORT ENABLED
335 #elif (IKE_HMAC_PRF_SUPPORT != ENABLED && IKE_HMAC_PRF_SUPPORT != DISABLED)
336  #error IKE_HMAC_PRF_SUPPORT parameter is not valid
337 #endif
338 
339 //KMAC128 PRF support (experimental)
340 #ifndef IKE_KMAC128_PRF_SUPPORT
341  #define IKE_KMAC128_PRF_SUPPORT DISABLED
342 #elif (IKE_KMAC128_PRF_SUPPORT != ENABLED && IKE_KMAC128_PRF_SUPPORT != DISABLED)
343  #error IKE_KMAC128_PRF_SUPPORT parameter is not valid
344 #endif
345 
346 //KMAC256 PRF support (experimental)
347 #ifndef IKE_KMAC256_PRF_SUPPORT
348  #define IKE_KMAC256_PRF_SUPPORT DISABLED
349 #elif (IKE_KMAC256_PRF_SUPPORT != ENABLED && IKE_KMAC256_PRF_SUPPORT != DISABLED)
350  #error IKE_KMAC256_PRF_SUPPORT parameter is not valid
351 #endif
352 
353 //XCBC-MAC PRF support
354 #ifndef IKE_XCBC_MAC_PRF_SUPPORT
355  #define IKE_XCBC_MAC_PRF_SUPPORT DISABLED
356 #elif (IKE_XCBC_MAC_PRF_SUPPORT != ENABLED && IKE_XCBC_MAC_PRF_SUPPORT != DISABLED)
357  #error IKE_XCBC_MAC_PRF_SUPPORT parameter is not valid
358 #endif
359 
360 //IDEA cipher support (insecure)
361 #ifndef IKE_IDEA_SUPPORT
362  #define IKE_IDEA_SUPPORT DISABLED
363 #elif (IKE_IDEA_SUPPORT != ENABLED && IKE_IDEA_SUPPORT != DISABLED)
364  #error IKE_IDEA_SUPPORT parameter is not valid
365 #endif
366 
367 //DES cipher support (insecure)
368 #ifndef IKE_DES_SUPPORT
369  #define IKE_DES_SUPPORT DISABLED
370 #elif (IKE_DES_SUPPORT != ENABLED && IKE_DES_SUPPORT != DISABLED)
371  #error IKE_DES_SUPPORT parameter is not valid
372 #endif
373 
374 //Triple DES cipher support (weak)
375 #ifndef IKE_3DES_SUPPORT
376  #define IKE_3DES_SUPPORT DISABLED
377 #elif (IKE_3DES_SUPPORT != ENABLED && IKE_3DES_SUPPORT != DISABLED)
378  #error IKE_3DES_SUPPORT parameter is not valid
379 #endif
380 
381 //AES 128-bit cipher support
382 #ifndef IKE_AES_128_SUPPORT
383  #define IKE_AES_128_SUPPORT ENABLED
384 #elif (IKE_AES_128_SUPPORT != ENABLED && IKE_AES_128_SUPPORT != DISABLED)
385  #error IKE_AES_128_SUPPORT parameter is not valid
386 #endif
387 
388 //AES 192-bit cipher support
389 #ifndef IKE_AES_192_SUPPORT
390  #define IKE_AES_192_SUPPORT ENABLED
391 #elif (IKE_AES_192_SUPPORT != ENABLED && IKE_AES_192_SUPPORT != DISABLED)
392  #error IKE_AES_192_SUPPORT parameter is not valid
393 #endif
394 
395 //AES 256-bit cipher support
396 #ifndef IKE_AES_256_SUPPORT
397  #define IKE_AES_256_SUPPORT ENABLED
398 #elif (IKE_AES_256_SUPPORT != ENABLED && IKE_AES_256_SUPPORT != DISABLED)
399  #error IKE_AES_256_SUPPORT parameter is not valid
400 #endif
401 
402 //Camellia 128-bit cipher support
403 #ifndef IKE_CAMELLIA_128_SUPPORT
404  #define IKE_CAMELLIA_128_SUPPORT DISABLED
405 #elif (IKE_CAMELLIA_128_SUPPORT != ENABLED && IKE_CAMELLIA_128_SUPPORT != DISABLED)
406  #error IKE_CAMELLIA_128_SUPPORT parameter is not valid
407 #endif
408 
409 //Camellia 192-bit cipher support
410 #ifndef IKE_CAMELLIA_192_SUPPORT
411  #define IKE_CAMELLIA_192_SUPPORT DISABLED
412 #elif (IKE_CAMELLIA_192_SUPPORT != ENABLED && IKE_CAMELLIA_192_SUPPORT != DISABLED)
413  #error IKE_CAMELLIA_192_SUPPORT parameter is not valid
414 #endif
415 
416 //Camellia 256-bit cipher support
417 #ifndef IKE_CAMELLIA_256_SUPPORT
418  #define IKE_CAMELLIA_256_SUPPORT DISABLED
419 #elif (IKE_CAMELLIA_256_SUPPORT != ENABLED && IKE_CAMELLIA_256_SUPPORT != DISABLED)
420  #error IKE_CAMELLIA_256_SUPPORT parameter is not valid
421 #endif
422 
423 //SM4 cipher support (experimental)
424 #ifndef IKE_SM4_SUPPORT
425  #define IKE_SM4_SUPPORT DISABLED
426 #elif (IKE_SM4_SUPPORT != ENABLED && IKE_SM4_SUPPORT != DISABLED)
427  #error IKE_SM4_SUPPORT parameter is not valid
428 #endif
429 
430 //MD5 hash support (insecure)
431 #ifndef IKE_MD5_SUPPORT
432  #define IKE_MD5_SUPPORT DISABLED
433 #elif (IKE_MD5_SUPPORT != ENABLED && IKE_MD5_SUPPORT != DISABLED)
434  #error IKE_MD5_SUPPORT parameter is not valid
435 #endif
436 
437 //SHA-1 hash support (weak)
438 #ifndef IKE_SHA1_SUPPORT
439  #define IKE_SHA1_SUPPORT ENABLED
440 #elif (IKE_SHA1_SUPPORT != ENABLED && IKE_SHA1_SUPPORT != DISABLED)
441  #error IKE_SHA1_SUPPORT parameter is not valid
442 #endif
443 
444 //SHA-256 hash support
445 #ifndef IKE_SHA256_SUPPORT
446  #define IKE_SHA256_SUPPORT ENABLED
447 #elif (IKE_SHA256_SUPPORT != ENABLED && IKE_SHA256_SUPPORT != DISABLED)
448  #error IKE_SHA256_SUPPORT parameter is not valid
449 #endif
450 
451 //SHA-384 hash support
452 #ifndef IKE_SHA384_SUPPORT
453  #define IKE_SHA384_SUPPORT ENABLED
454 #elif (IKE_SHA384_SUPPORT != ENABLED && IKE_SHA384_SUPPORT != DISABLED)
455  #error IKE_SHA384_SUPPORT parameter is not valid
456 #endif
457 
458 //SHA-512 hash support
459 #ifndef IKE_SHA512_SUPPORT
460  #define IKE_SHA512_SUPPORT ENABLED
461 #elif (IKE_SHA512_SUPPORT != ENABLED && IKE_SHA512_SUPPORT != DISABLED)
462  #error IKE_SHA512_SUPPORT parameter is not valid
463 #endif
464 
465 //SHA3-256 hash support (experimental)
466 #ifndef IKE_SHA3_256_SUPPORT
467  #define IKE_SHA3_256_SUPPORT DISABLED
468 #elif (IKE_SHA3_256_SUPPORT != ENABLED && IKE_SHA3_256_SUPPORT != DISABLED)
469  #error IKE_SHA3_256_SUPPORT parameter is not valid
470 #endif
471 
472 //SHA3-384 hash support (experimental)
473 #ifndef IKE_SHA3_384_SUPPORT
474  #define IKE_SHA3_384_SUPPORT DISABLED
475 #elif (IKE_SHA3_384_SUPPORT != ENABLED && IKE_SHA3_384_SUPPORT != DISABLED)
476  #error IKE_SHA3_384_SUPPORT parameter is not valid
477 #endif
478 
479 //SHA3-512 hash support (experimental)
480 #ifndef IKE_SHA3_512_SUPPORT
481  #define IKE_SHA3_512_SUPPORT DISABLED
482 #elif (IKE_SHA3_512_SUPPORT != ENABLED && IKE_SHA3_512_SUPPORT != DISABLED)
483  #error IKE_SHA3_512_SUPPORT parameter is not valid
484 #endif
485 
486 //SM3 hash support (experimental)
487 #ifndef IKE_SM3_SUPPORT
488  #define IKE_SM3_SUPPORT DISABLED
489 #elif (IKE_SM3_SUPPORT != ENABLED && IKE_SM3_SUPPORT != DISABLED)
490  #error IKE_SM3_SUPPORT parameter is not valid
491 #endif
492 
493 //Tiger hash support
494 #ifndef IKE_TIGER_SUPPORT
495  #define IKE_TIGER_SUPPORT DISABLED
496 #elif (IKE_TIGER_SUPPORT != ENABLED && IKE_TIGER_SUPPORT != DISABLED)
497  #error IKE_TIGER_SUPPORT parameter is not valid
498 #endif
499 
500 //Diffie-Hellman key exchange support
501 #ifndef IKE_DH_KE_SUPPORT
502  #define IKE_DH_KE_SUPPORT ENABLED
503 #elif (IKE_DH_KE_SUPPORT != ENABLED && IKE_DH_KE_SUPPORT != DISABLED)
504  #error IKE_DH_KE_SUPPORT parameter is not valid
505 #endif
506 
507 //ECDH key exchange support
508 #ifndef IKE_ECDH_KE_SUPPORT
509  #define IKE_ECDH_KE_SUPPORT ENABLED
510 #elif (IKE_ECDH_KE_SUPPORT != ENABLED && IKE_ECDH_KE_SUPPORT != DISABLED)
511  #error IKE_ECDH_KE_SUPPORT parameter is not valid
512 #endif
513 
514 //RSA signature support
515 #ifndef IKE_RSA_SIGN_SUPPORT
516  #define IKE_RSA_SIGN_SUPPORT ENABLED
517 #elif (IKE_RSA_SIGN_SUPPORT != ENABLED && IKE_RSA_SIGN_SUPPORT != DISABLED)
518  #error IKE_RSA_SIGN_SUPPORT parameter is not valid
519 #endif
520 
521 //RSA-PSS signature support
522 #ifndef IKE_RSA_PSS_SIGN_SUPPORT
523  #define IKE_RSA_PSS_SIGN_SUPPORT DISABLED
524 #elif (IKE_RSA_PSS_SIGN_SUPPORT != ENABLED && IKE_RSA_PSS_SIGN_SUPPORT != DISABLED)
525  #error IKE_RSA_PSS_SIGN_SUPPORT parameter is not valid
526 #endif
527 
528 //DSA signature support
529 #ifndef IKE_DSA_SIGN_SUPPORT
530  #define IKE_DSA_SIGN_SUPPORT DISABLED
531 #elif (IKE_DSA_SIGN_SUPPORT != ENABLED && IKE_DSA_SIGN_SUPPORT != DISABLED)
532  #error IKE_DSA_SIGN_SUPPORT parameter is not valid
533 #endif
534 
535 //ECDSA signature support
536 #ifndef IKE_ECDSA_SIGN_SUPPORT
537  #define IKE_ECDSA_SIGN_SUPPORT ENABLED
538 #elif (IKE_ECDSA_SIGN_SUPPORT != ENABLED && IKE_ECDSA_SIGN_SUPPORT != DISABLED)
539  #error IKE_ECDSA_SIGN_SUPPORT parameter is not valid
540 #endif
541 
542 //SM2 signature capability (experimental)
543 #ifndef IKE_SM2_SIGN_SUPPORT
544  #define IKE_SM2_SIGN_SUPPORT DISABLED
545 #elif (IKE_SM2_SIGN_SUPPORT != ENABLED && IKE_SM2_SIGN_SUPPORT != DISABLED)
546  #error IKE_SM2_SIGN_SUPPORT parameter is not valid
547 #endif
548 
549 //Ed25519 signature support
550 #ifndef IKE_ED25519_SIGN_SUPPORT
551  #define IKE_ED25519_SIGN_SUPPORT ENABLED
552 #elif (IKE_ED25519_SIGN_SUPPORT != ENABLED && IKE_ED25519_SIGN_SUPPORT != DISABLED)
553  #error IKE_ED25519_SIGN_SUPPORT parameter is not valid
554 #endif
555 
556 //Ed448 signature support
557 #ifndef IKE_ED448_SIGN_SUPPORT
558  #define IKE_ED448_SIGN_SUPPORT DISABLED
559 #elif (IKE_ED448_SIGN_SUPPORT != ENABLED && IKE_ED448_SIGN_SUPPORT != DISABLED)
560  #error IKE_ED448_SIGN_SUPPORT parameter is not valid
561 #endif
562 
563 //NIST P-192 elliptic curve support (weak)
564 #ifndef IKE_ECP_192_SUPPORT
565  #define IKE_ECP_192_SUPPORT DISABLED
566 #elif (IKE_ECP_192_SUPPORT != ENABLED && IKE_ECP_192_SUPPORT != DISABLED)
567  #error IKE_ECP_192_SUPPORT parameter is not valid
568 #endif
569 
570 //NIST P-224 elliptic curve support
571 #ifndef IKE_ECP_224_SUPPORT
572  #define IKE_ECP_224_SUPPORT DISABLED
573 #elif (IKE_ECP_224_SUPPORT != ENABLED && IKE_ECP_224_SUPPORT != DISABLED)
574  #error IKE_ECP_224_SUPPORT parameter is not valid
575 #endif
576 
577 //NIST P-256 elliptic curve support
578 #ifndef IKE_ECP_256_SUPPORT
579  #define IKE_ECP_256_SUPPORT ENABLED
580 #elif (IKE_ECP_256_SUPPORT != ENABLED && IKE_ECP_256_SUPPORT != DISABLED)
581  #error IKE_ECP_256_SUPPORT parameter is not valid
582 #endif
583 
584 //NIST P-384 elliptic curve support
585 #ifndef IKE_ECP_384_SUPPORT
586  #define IKE_ECP_384_SUPPORT ENABLED
587 #elif (IKE_ECP_384_SUPPORT != ENABLED && IKE_ECP_384_SUPPORT != DISABLED)
588  #error IKE_ECP_384_SUPPORT parameter is not valid
589 #endif
590 
591 //NIST P-521 elliptic curve support
592 #ifndef IKE_ECP_521_SUPPORT
593  #define IKE_ECP_521_SUPPORT DISABLED
594 #elif (IKE_ECP_521_SUPPORT != ENABLED && IKE_ECP_521_SUPPORT != DISABLED)
595  #error IKE_ECP_521_SUPPORT parameter is not valid
596 #endif
597 
598 //brainpoolP224r1 elliptic curve support
599 #ifndef IKE_BRAINPOOLP224R1_SUPPORT
600  #define IKE_BRAINPOOLP224R1_SUPPORT DISABLED
601 #elif (IKE_BRAINPOOLP224R1_SUPPORT != ENABLED && IKE_BRAINPOOLP224R1_SUPPORT != DISABLED)
602  #error IKE_BRAINPOOLP224R1_SUPPORT parameter is not valid
603 #endif
604 
605 //brainpoolP256r1 elliptic curve support
606 #ifndef IKE_BRAINPOOLP256R1_SUPPORT
607  #define IKE_BRAINPOOLP256R1_SUPPORT DISABLED
608 #elif (IKE_BRAINPOOLP256R1_SUPPORT != ENABLED && IKE_BRAINPOOLP256R1_SUPPORT != DISABLED)
609  #error IKE_BRAINPOOLP256R1_SUPPORT parameter is not valid
610 #endif
611 
612 //brainpoolP384r1 elliptic curve support
613 #ifndef IKE_BRAINPOOLP384R1_SUPPORT
614  #define IKE_BRAINPOOLP384R1_SUPPORT DISABLED
615 #elif (IKE_BRAINPOOLP384R1_SUPPORT != ENABLED && IKE_BRAINPOOLP384R1_SUPPORT != DISABLED)
616  #error IKE_BRAINPOOLP384R1_SUPPORT parameter is not valid
617 #endif
618 
619 //brainpoolP512r1 elliptic curve support
620 #ifndef IKE_BRAINPOOLP512R1_SUPPORT
621  #define IKE_BRAINPOOLP512R1_SUPPORT DISABLED
622 #elif (IKE_BRAINPOOLP512R1_SUPPORT != ENABLED && IKE_BRAINPOOLP512R1_SUPPORT != DISABLED)
623  #error IKE_BRAINPOOLP512R1_SUPPORT parameter is not valid
624 #endif
625 
626 //SM2 elliptic curve support (experimental)
627 #ifndef IKE_SM2_SUPPORT
628  #define IKE_SM2_SUPPORT DISABLED
629 #elif (IKE_SM2_SUPPORT != ENABLED && IKE_SM2_SUPPORT != DISABLED)
630  #error IKE_SM2_SUPPORT parameter is not valid
631 #endif
632 
633 //Curve25519 elliptic curve support
634 #ifndef IKE_CURVE25519_SUPPORT
635  #define IKE_CURVE25519_SUPPORT ENABLED
636 #elif (IKE_CURVE25519_SUPPORT != ENABLED && IKE_CURVE25519_SUPPORT != DISABLED)
637  #error IKE_CURVE25519_SUPPORT parameter is not valid
638 #endif
639 
640 //Curve448 elliptic curve support
641 #ifndef IKE_CURVE448_SUPPORT
642  #define IKE_CURVE448_SUPPORT DISABLED
643 #elif (IKE_CURVE448_SUPPORT != ENABLED && IKE_CURVE448_SUPPORT != DISABLED)
644  #error IKE_CURVE448_SUPPORT parameter is not valid
645 #endif
646 
647 //ML-KEM-512 key encapsulation mechanism support (experimental)
648 #ifndef IKE_MLKEM512_SUPPORT
649  #define IKE_MLKEM512_SUPPORT DISABLED
650 #elif (IKE_MLKEM512_SUPPORT != ENABLED && IKE_MLKEM512_SUPPORT != DISABLED)
651  #error IKE_MLKEM512_SUPPORT parameter is not valid
652 #endif
653 
654 //ML-KEM-768 key encapsulation mechanism support (experimental)
655 #ifndef IKE_MLKEM768_SUPPORT
656  #define IKE_MLKEM768_SUPPORT DISABLED
657 #elif (IKE_MLKEM768_SUPPORT != ENABLED && IKE_MLKEM768_SUPPORT != DISABLED)
658  #error IKE_MLKEM768_SUPPORT parameter is not valid
659 #endif
660 
661 //ML-KEM-1024 key encapsulation mechanism support (experimental)
662 #ifndef IKE_MLKEM1024_SUPPORT
663  #define IKE_MLKEM1024_SUPPORT DISABLED
664 #elif (IKE_MLKEM1024_SUPPORT != ENABLED && IKE_MLKEM1024_SUPPORT != DISABLED)
665  #error IKE_MLKEM1024_SUPPORT parameter is not valid
666 #endif
667 
668 //Minimum acceptable size for Diffie-Hellman prime modulus
669 #ifndef IKE_MIN_DH_MODULUS_SIZE
670  #define IKE_MIN_DH_MODULUS_SIZE 1024
671 #elif (IKE_MIN_DH_MODULUS_SIZE < 768)
672  #error IKE_MIN_DH_MODULUS_SIZE parameter is not valid
673 #endif
674 
675 //Maximum acceptable size for Diffie-Hellman prime modulus
676 #ifndef IKE_MAX_DH_MODULUS_SIZE
677  #define IKE_MAX_DH_MODULUS_SIZE 2048
678 #elif (IKE_MAX_DH_MODULUS_SIZE < IKE_PREFERRED_DH_MODULUS_SIZE)
679  #error IKE_MAX_DH_MODULUS_SIZE parameter is not valid
680 #endif
681 
682 //Minimum acceptable size for RSA modulus
683 #ifndef IKE_MIN_RSA_MODULUS_SIZE
684  #define IKE_MIN_RSA_MODULUS_SIZE 1024
685 #elif (IKE_MIN_RSA_MODULUS_SIZE < 512)
686  #error IKE_MIN_RSA_MODULUS_SIZE parameter is not valid
687 #endif
688 
689 //Maximum acceptable size for RSA modulus
690 #ifndef IKE_MAX_RSA_MODULUS_SIZE
691  #define IKE_MAX_RSA_MODULUS_SIZE 4096
692 #elif (IKE_MAX_RSA_MODULUS_SIZE < IKE_MIN_RSA_MODULUS_SIZE)
693  #error IKE_MAX_RSA_MODULUS_SIZE parameter is not valid
694 #endif
695 
696 //Minimum acceptable size for DSA prime modulus
697 #ifndef IKE_MIN_DSA_MODULUS_SIZE
698  #define IKE_MIN_DSA_MODULUS_SIZE 1024
699 #elif (IKE_MIN_DSA_MODULUS_SIZE < 512)
700  #error IKE_MIN_DSA_MODULUS_SIZE parameter is not valid
701 #endif
702 
703 //Maximum acceptable size for DSA prime modulus
704 #ifndef IKE_MAX_DSA_MODULUS_SIZE
705  #define IKE_MAX_DSA_MODULUS_SIZE 4096
706 #elif (IKE_MAX_DSA_MODULUS_SIZE < IKE_MIN_DSA_MODULUS_SIZE)
707  #error IKE_MAX_DSA_MODULUS_SIZE parameter is not valid
708 #endif
709 
710 //Maximum length of IKE SA key material
711 #ifndef IKE_MAX_SA_KEY_MAT_LEN
712  #define IKE_MAX_SA_KEY_MAT_LEN 392
713 #elif (IKE_MAX_SA_KEY_MAT_LEN < 1)
714  #error IKE_MAX_SA_KEY_MAT_LEN parameter is not valid
715 #endif
716 
717 //Maximum length of Child SA key material
718 #ifndef IKE_MAX_CHILD_SA_KEY_MAT_LEN
719  #define IKE_MAX_CHILD_SA_KEY_MAT_LEN 200
720 #elif (IKE_MAX_CHILD_SA_KEY_MAT_LEN < 1)
721  #error IKE_MAX_CHILD_SA_KEY_MAT_LEN parameter is not valid
722 #endif
723 
724 //Allocate memory block
725 #ifndef ikeAllocMem
726  #define ikeAllocMem(size) osAllocMem(size)
727 #endif
728 
729 //Deallocate memory block
730 #ifndef ikeFreeMem
731  #define ikeFreeMem(p) osFreeMem(p)
732 #endif
733 
734 //Maximum digest size
735 #if (IKE_SHA512_SUPPORT == ENABLED)
736  #define IKE_MAX_DIGEST_SIZE 64
737 #elif (IKE_SHA384_SUPPORT == ENABLED)
738  #define IKE_MAX_DIGEST_SIZE 48
739 #else
740  #define IKE_MAX_DIGEST_SIZE 32
741 #endif
742 
743 //Maximum size of the ICV field
744 #if (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA512_SUPPORT == ENABLED)
745  #define IKE_MAX_ICV_SIZE 32
746 #elif (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA384_SUPPORT == ENABLED)
747  #define IKE_MAX_ICV_SIZE 24
748 #elif (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA256_SUPPORT == ENABLED)
749  #define IKE_MAX_ICV_SIZE 16
750 #else
751  #define IKE_MAX_ICV_SIZE 12
752 #endif
753 
754 //Maximum shared secret length (Diffie-Hellman key exchange)
755 #if (IKE_DH_KE_SUPPORT == ENABLED)
756  #define IKE_MAX_DH_SHARED_SECRET_LEN ((IKE_MAX_DH_MODULUS_SIZE + 7) / 8)
757 #else
758  #define IKE_MAX_DH_SHARED_SECRET_LEN 0
759 #endif
760 
761 //Maximum shared secret length (ECDH key exchange)
762 #if (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_ECP_521_SUPPORT == ENABLED)
763  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 66
764 #elif (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_CURVE448_SUPPORT == ENABLED)
765  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 56
766 #elif (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_ECP_384_SUPPORT == ENABLED)
767  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 48
768 #else
769  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 32
770 #endif
771 
772 //Maximum shared secret length
773 #if (IKE_MAX_DH_SHARED_SECRET_LEN >= IKE_MAX_ECDH_SHARED_SECRET_LEN)
774  #define IKE_MAX_SHARED_SECRET_LEN IKE_MAX_DH_SHARED_SECRET_LEN
775 #else
776  #define IKE_MAX_SHARED_SECRET_LEN IKE_MAX_ECDH_SHARED_SECRET_LEN
777 #endif
778 
779 //Major version of the IKE protocol
780 #define IKE_MAJOR_VERSION 2
781 //Minor version of the IKE protocol
782 #define IKE_MINOR_VERSION 0
783 
784 //UDP port number used by IKE
785 #define IKE_PORT 500
786 //UDP port number used by UDP-encapsulated IKE
787 #define IKE_ALT_PORT 4500
788 
789 //Size of IKE SPI
790 #define IKE_SPI_SIZE 8
791 //Size of SHA-1 digest
792 #define IKE_SHA1_DIGEST_SIZE 20
793 
794 //Forward declaration of IkeContext structure
795 struct _IkeContext;
796 #define IkeContext struct _IkeContext
797 
798 //Forward declaration of IkeSaEntry structure
799 struct _IkeSaEntry;
800 #define IkeSaEntry struct _IkeSaEntry
801 
802 //Forward declaration of IkeChildSaEntry structure
803 struct _IkeChildSaEntry;
804 #define IkeChildSaEntry struct _IkeChildSaEntry
805 
806 //C++ guard
807 #ifdef __cplusplus
808 extern "C" {
809 #endif
810 
811 
812 /**
813  * @brief Exchange types
814  **/
815 
816 typedef enum
817 {
818  IKE_EXCHANGE_TYPE_IKE_SA_INIT = 34, ///<IKE_SA_INIT
819  IKE_EXCHANGE_TYPE_IKE_AUTH = 35, ///<IKE_AUTH
820  IKE_EXCHANGE_TYPE_CREATE_CHILD_SA = 36, ///<CREATE_CHILD_SA
821  IKE_EXCHANGE_TYPE_INFORMATIONAL = 37, ///<INFORMATIONAL
822  IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME = 38, ///<IKE_SESSION_RESUME
823  IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE = 43 ///<IKE_INTERMEDIATE
824 } IkeExchangeType;
825 
826 
827 /**
828  * @brief Flags
829  **/
830 
831 typedef enum
832 {
833  IKE_FLAGS_R = 0x20, ///<Response flag
834  IKE_FLAGS_V = 0x10, ///<Version flag
835  IKE_FLAGS_I = 0x08 ///<Initiator flag
836 } IkeFlags;
837 
838 
839 /**
840  * @brief Payload types
841  **/
842 
843 typedef enum
844 {
845  IKE_PAYLOAD_TYPE_LAST = 0, ///<No Next Payload
846  IKE_PAYLOAD_TYPE_SA = 33, ///<Security Association
847  IKE_PAYLOAD_TYPE_KE = 34, ///<Key Exchange
848  IKE_PAYLOAD_TYPE_IDI = 35, ///<Identification - Initiator
849  IKE_PAYLOAD_TYPE_IDR = 36, ///<Identification - Responder
850  IKE_PAYLOAD_TYPE_CERT = 37, ///<Certificate
851  IKE_PAYLOAD_TYPE_CERTREQ = 38, ///<Certificate Request
852  IKE_PAYLOAD_TYPE_AUTH = 39, ///<Authentication
853  IKE_PAYLOAD_TYPE_NONCE = 40, ///<Nonce
854  IKE_PAYLOAD_TYPE_N = 41, ///<Notify
855  IKE_PAYLOAD_TYPE_D = 42, ///<Delete
856  IKE_PAYLOAD_TYPE_V = 43, ///<Vendor ID
857  IKE_PAYLOAD_TYPE_TSI = 44, ///<Traffic Selector - Initiator
858  IKE_PAYLOAD_TYPE_TSR = 45, ///<Traffic Selector - Responder
859  IKE_PAYLOAD_TYPE_SK = 46, ///<Encrypted and Authenticated
860  IKE_PAYLOAD_TYPE_CP = 47, ///<Configuration
861  IKE_PAYLOAD_TYPE_EAP = 48, ///<Extensible Authentication
862  IKE_PAYLOAD_TYPE_GSPM = 49, ///<Generic Secure Password Method
863  IKE_PAYLOAD_TYPE_SKF = 53, ///<Encrypted and Authenticated Fragment
864  IKE_PAYLOAD_TYPE_PS = 54 ///<Puzzle Solution
865 } IkePayloadType;
866 
867 
868 /**
869  * @brief Last Substruc values
870  **/
871 
872 typedef enum
873 {
874  IKE_LAST_SUBSTRUC_LAST = 0, ///<Last proposal/transform substructure
875  IKE_LAST_SUBSTRUC_MORE_PROPOSALS = 2, ///<More proposal substructures
876  IKE_LAST_SUBSTRUC_MORE_TRANSFORMS = 3 ///<More transform substructures
877 } IkeLastSubstruc;
878 
879 
880 /**
881  * @brief Protocol IDs
882  **/
883 
884 typedef enum
885 {
886  IKE_PROTOCOL_ID_IKE = 1, ///<IKE protocol
887  IKE_PROTOCOL_ID_AH = 2, ///<AH protocol
888  IKE_PROTOCOL_ID_ESP = 3 ///<ESP protocol
889 } IkeProtocolId;
890 
891 
892 /**
893  * @brief Transform types
894  **/
895 
896 typedef enum
897 {
898  IKE_TRANSFORM_TYPE_ENCR = 1, ///<Encryption Algorithm
899  IKE_TRANSFORM_TYPE_PRF = 2, ///<Pseudorandom Function
900  IKE_TRANSFORM_TYPE_INTEG = 3, ///<Integrity Algorithm
901  IKE_TRANSFORM_TYPE_DH = 4, ///<Diffie-Hellman Group
902  IKE_TRANSFORM_TYPE_ESN = 5 ///<Extended Sequence Numbers
903 } IkeTransformType;
904 
905 
906 /**
907  * @brief Transform IDs (Encryption Algorithm)
908  **/
909 
910 typedef enum
911 {
912  IKE_TRANSFORM_ID_ENCR_RESERVED = 0,
913  IKE_TRANSFORM_ID_ENCR_DES_IV64 = 1,
914  IKE_TRANSFORM_ID_ENCR_DES = 2,
915  IKE_TRANSFORM_ID_ENCR_3DES = 3,
916  IKE_TRANSFORM_ID_ENCR_RC5 = 4,
917  IKE_TRANSFORM_ID_ENCR_IDEA = 5,
918  IKE_TRANSFORM_ID_ENCR_CAST = 6,
919  IKE_TRANSFORM_ID_ENCR_BLOWFISH = 7,
920  IKE_TRANSFORM_ID_ENCR_3IDEA = 8,
921  IKE_TRANSFORM_ID_ENCR_DES_IV32 = 9,
922  IKE_TRANSFORM_ID_ENCR_NULL = 11,
923  IKE_TRANSFORM_ID_ENCR_AES_CBC = 12,
924  IKE_TRANSFORM_ID_ENCR_AES_CTR = 13,
925  IKE_TRANSFORM_ID_ENCR_AES_CCM_8 = 14,
926  IKE_TRANSFORM_ID_ENCR_AES_CCM_12 = 15,
927  IKE_TRANSFORM_ID_ENCR_AES_CCM_16 = 16,
928  IKE_TRANSFORM_ID_ENCR_AES_GCM_8 = 18,
929  IKE_TRANSFORM_ID_ENCR_AES_GCM_12 = 19,
930  IKE_TRANSFORM_ID_ENCR_AES_GCM_16 = 20,
931  IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC = 21,
932  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC = 23,
933  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR = 24,
934  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8 = 25,
935  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12 = 26,
936  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16 = 27,
937  IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305 = 28,
938  IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV = 29,
939  IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV = 30,
940  IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV = 31,
941  IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE = 32,
942  IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE = 33,
943  IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE = 34,
944  IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE = 35,
945 } IkeTransformIdEncr;
946 
947 
948 /**
949  * @brief Transform IDs (Pseudorandom Function)
950  **/
951 
952 typedef enum
953 {
954  IKE_TRANSFORM_ID_PRF_RESERVED = 0,
955  IKE_TRANSFORM_ID_PRF_HMAC_MD5 = 1,
956  IKE_TRANSFORM_ID_PRF_HMAC_SHA1 = 2,
957  IKE_TRANSFORM_ID_PRF_HMAC_TIGER = 3,
958  IKE_TRANSFORM_ID_PRF_AES128_XCBC = 4,
959  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256 = 5,
960  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384 = 6,
961  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512 = 7,
962  IKE_TRANSFORM_ID_PRF_AES128_CMAC = 8,
963  IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512 = 9,
964 } IkeTransformIdPrf;
965 
966 
967 /**
968  * @brief Transform IDs (Integrity Algorithm)
969  **/
970 
971 typedef enum
972 {
973  IKE_TRANSFORM_ID_AUTH_NONE = 0,
974  IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96 = 1,
975  IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96 = 2,
976  IKE_TRANSFORM_ID_AUTH_DES_MAC = 3,
977  IKE_TRANSFORM_ID_AUTH_KPDK_MD5 = 4,
978  IKE_TRANSFORM_ID_AUTH_AES_XCBC_96 = 5,
979  IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128 = 6,
980  IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160 = 7,
981  IKE_TRANSFORM_ID_AUTH_AES_CMAC_96 = 8,
982  IKE_TRANSFORM_ID_AUTH_AES_128_GMAC = 9,
983  IKE_TRANSFORM_ID_AUTH_AES_192_GMAC = 10,
984  IKE_TRANSFORM_ID_AUTH_AES_256_GMAC = 11,
985  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128 = 12,
986  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192 = 13,
987  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256 = 14,
988 } IkeTransformIdAuth;
989 
990 
991 /**
992  * @brief Transform IDs (Diffie-Hellman Group)
993  **/
994 
995 typedef enum
996 {
997  IKE_TRANSFORM_ID_DH_GROUP_NONE = 0, ///<None
998  IKE_TRANSFORM_ID_DH_GROUP_MODP_768 = 1, ///<768-bit MODP Group
999  IKE_TRANSFORM_ID_DH_GROUP_MODP_1024 = 2, ///<1024-bit MODP Group
1000  IKE_TRANSFORM_ID_DH_GROUP_MODP_1536 = 5, ///<1536-bit MODP Group
1001  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048 = 14, ///<2048-bit MODP Group
1002  IKE_TRANSFORM_ID_DH_GROUP_MODP_3072 = 15, ///<3072-bit MODP Group
1003  IKE_TRANSFORM_ID_DH_GROUP_MODP_4096 = 16, ///<4096-bit MODP Group
1004  IKE_TRANSFORM_ID_DH_GROUP_MODP_6144 = 17, ///<6144-bit MODP Group
1005  IKE_TRANSFORM_ID_DH_GROUP_MODP_8192 = 18, ///<8192-bit MODP Group
1006  IKE_TRANSFORM_ID_DH_GROUP_ECP_256 = 19, ///<256-bit Random ECP Group
1007  IKE_TRANSFORM_ID_DH_GROUP_ECP_384 = 20, ///<384-bit Random ECP Group
1008  IKE_TRANSFORM_ID_DH_GROUP_ECP_521 = 21, ///<521-bit Random ECP Group
1009  IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160 = 22, ///<1024-bit MODP Group with 160-bit Prime Order Subgroup
1010  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224 = 23, ///<2048-bit MODP Group with 224-bit Prime Order Subgroup
1011  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256 = 24, ///<2048-bit MODP Group with 256-bit Prime Order Subgroup
1012  IKE_TRANSFORM_ID_DH_GROUP_ECP_192 = 25, ///<192-bit Random ECP Group
1013  IKE_TRANSFORM_ID_DH_GROUP_ECP_224 = 26, ///<224-bit Random ECP Group
1014  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1 = 27, ///<224-bit Brainpool ECP Group
1015  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1 = 28, ///<256-bit Brainpool ECP Group
1016  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1 = 29, ///<384-bit Brainpool ECP Group
1017  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1 = 30, ///<512-bit Brainpool ECP Group
1018  IKE_TRANSFORM_ID_DH_GROUP_CURVE25519 = 31, ///<curve25519
1019  IKE_TRANSFORM_ID_DH_GROUP_CURVE448 = 32, ///<curve448
1020  IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256 = 33, ///<GOST3410_2012_256
1021  IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512 = 34, ///<GOST3410_2012_512
1022  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512 = 35, ///<ML-KEM-512
1023  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768 = 36, ///<ML-KEM-768
1024  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024 = 37, ///<ML-KEM-1024
1025 } IkeTransformIdDhGroup;
1026 
1027 
1028 /**
1029  * @brief Transform IDs (Extended Sequence Numbers)
1030  **/
1031 
1032 typedef enum
1033 {
1034  IKE_TRANSFORM_ID_ESN_NO = 0, ///<No Extended Sequence Numbers
1035  IKE_TRANSFORM_ID_ESN_YES = 1 ///<Extended Sequence Numbers
1036 } IkeTransformIdEsn;
1037 
1038 
1039 /**
1040  * @brief Transform attribute format
1041  **/
1042 
1043 typedef enum
1044 {
1045  IKE_ATTR_FORMAT_TLV = 0x0000, ///<Type/Length/Value format
1046  IKE_ATTR_FORMAT_TV = 0x8000 ///<shortened Type/Value format
1047 } IkeTransformAttrFormat;
1048 
1049 
1050 /**
1051  * @brief Transform attribute types
1052  **/
1053 
1054 typedef enum
1055 {
1056  IKE_TRANSFORM_ATTR_TYPE_KEY_LEN = 14 ///<Key Length (in bits)
1057 } IkeTransformAttrType;
1058 
1059 
1060 /**
1061  * @brief ID types
1062  **/
1063 
1064 typedef enum
1065 {
1066  IKE_ID_TYPE_INVALID = 0,
1067  IKE_ID_TYPE_IPV4_ADDR = 1,
1068  IKE_ID_TYPE_FQDN = 2,
1069  IKE_ID_TYPE_RFC822_ADDR = 3,
1070  IKE_ID_TYPE_IPV6_ADDR = 5,
1071  IKE_ID_TYPE_DER_ASN1_DN = 9,
1072  IKE_ID_TYPE_DER_ASN1_GN = 10,
1073  IKE_ID_TYPE_KEY_ID = 11,
1074  IKE_ID_TYPE_FC_NAME = 12,
1075  IKE_ID_TYPE_NULL = 13
1076 } IkeIdType;
1077 
1078 
1079 /**
1080  * @brief Certificate encodings
1081  **/
1082 
1083 typedef enum
1084 {
1085  IKE_CERT_ENCODING_PKCS7_X509_CERT = 1, ///<PKCS #7 wrapped X.509 certificate
1086  IKE_CERT_ENCODING_PGP_CERT = 2, ///<PGP certificate
1087  IKE_CERT_ENCODING_DNS_SIGNED_KEY = 3, ///<DNS signed key
1088  IKE_CERT_ENCODING_X509_CERT_SIGN = 4, ///<X.509 certificate - signature
1089  IKE_CERT_ENCODING_KERBEROS_TOKEN = 6, ///<Kerberos token
1090  IKE_CERT_ENCODING_CRL = 7, ///<Certificate revocation list
1091  IKE_CERT_ENCODING_ARL = 8, ///<Authority revocation list
1092  IKE_CERT_ENCODING_SPKI_CERT = 9, ///<SPKI certificate
1093  IKE_CERT_ENCODING_X509_CERT_ATTR = 10, ///<X.509 certificate - attribute
1094  IKE_CERT_ENCODING_RAW_RSA_KEY = 11, ///<Raw RSA key (deprecated)
1095  IKE_CERT_ENCODING_HASH_URL_X509_CERT = 12, ///<Hash and URL of X.509 certificate
1096  IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE = 13, ///<Hash and URL of X.509 bundle
1097  IKE_CERT_ENCODING_OCSP_CONTENT = 14, ///<OCSP Content
1098  IKE_CERT_ENCODING_RAW_PUBLIC_KEY = 15 ///<Raw Public Key
1099 } IkeCertEncoding;
1100 
1101 
1102 /**
1103  * @brief Authentication methods
1104  **/
1105 
1106 typedef enum
1107 {
1108  IKE_AUTH_METHOD_RSA = 1, ///<RSA Digital Signature
1109  IKE_AUTH_METHOD_SHARED_KEY = 2, ///<Shared Key Message Integrity Code
1110  IKE_AUTH_METHOD_DSS = 3, ///<DSS Digital Signature
1111  IKE_AUTH_METHOD_ECDSA_P256_SHA256 = 9, ///<ECDSA with SHA-256 on the P-256 curve
1112  IKE_AUTH_METHOD_ECDSA_P384_SHA384 = 10, ///<ECDSA with SHA-384 on the P-384 curve
1113  IKE_AUTH_METHOD_ECDSA_P521_SHA512 = 11, ///<ECDSA with SHA-512 on the P-521 curve
1114  IKE_AUTH_METHOD_GSPAM = 12, ///<Generic Secure Password Authentication Method
1115  IKE_AUTH_METHOD_NULL = 13, ///<NULL Authentication
1116  IKE_AUTH_METHOD_DIGITAL_SIGN = 14 ///<Digital Signature
1117 } IkeAuthMethod;
1118 
1119 
1120 /**
1121  * @brief Notify message types
1122  **/
1123 
1124 typedef enum
1125 {
1126  IKE_NOTIFY_MSG_TYPE_NONE = 0,
1127  IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1, //RFC 7296
1128  IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI = 4, //RFC 7296
1129  IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION = 5, //RFC 7296
1130  IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX = 7, //RFC 7296
1131  IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID = 9, //RFC 7296
1132  IKE_NOTIFY_MSG_TYPE_INVALID_SPI = 11, //RFC 7296
1133  IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN = 14, //RFC 7296
1134  IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD = 17, //RFC 7296
1135  IKE_NOTIFY_MSG_TYPE_AUTH_FAILED = 24, //RFC 7296
1136  IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED = 34, //RFC 7296
1137  IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS = 35, //RFC 7296
1138  IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE = 36, //RFC 7296
1139  IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED = 37, //RFC 7296
1140  IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE = 38, //RFC 7296
1141  IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS = 39, //RFC 7296
1142  IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES = 40, //RFC 4555
1143  IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED = 41, //RFC 4555
1144  IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA = 42, //RFC 5026
1145  IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE = 43, //RFC 7296
1146  IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND = 44, //RFC 7296
1147  IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID = 45, //Draft
1148  IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED = 46, //Draft
1149  IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND = 47, //Draft
1150  IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT = 16384, //RFC 7296
1151  IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE = 16385, //RFC 7296
1152  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE = 16386, //RFC 7296
1153  IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED = 16387, //RFC 7296
1154  IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP = 16388, //RFC 7296
1155  IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP = 16389, //RFC 7296
1156  IKE_NOTIFY_MSG_TYPE_COOKIE = 16390, //RFC 7296
1157  IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE = 16391, //RFC 7296
1158  IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED = 16392, //RFC 7296
1159  IKE_NOTIFY_MSG_TYPE_REKEY_SA = 16393, //RFC 7296
1160  IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED = 16394, //RFC 7296
1161  IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO = 16395, //RFC 7296
1162  IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED = 16396, //RFC 4555
1163  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS = 16397, //RFC 4555
1164  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS = 16398, //RFC 4555
1165  IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES = 16399, //RFC 4555
1166  IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES = 16400, //RFC 4555
1167  IKE_NOTIFY_MSG_TYPE_COOKIE2 = 16401, //RFC 4555
1168  IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED = 16402, //RFC 4555
1169  IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME = 16403, //RFC 4478
1170  IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED = 16404, //RFC 4739
1171  IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS = 16405, //RFC 4739
1172  IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED = 16406, //RFC 5685
1173  IKE_NOTIFY_MSG_TYPE_REDIRECT = 16407, //RFC 5685
1174  IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM = 16408, //RFC 5685
1175  IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE = 16409, //RFC 5723
1176  IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST = 16410, //RFC 5723
1177  IKE_NOTIFY_MSG_TYPE_TICKET_ACK = 16411, //RFC 5723
1178  IKE_NOTIFY_MSG_TYPE_TICKET_NACK = 16412, //RFC 5723
1179  IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE = 16413, //RFC 5723
1180  IKE_NOTIFY_MSG_TYPE_LINK_ID = 16414, //RFC 5739
1181  IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE = 16415, //RFC 5840
1182  IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED = 16416, //RFC 5857
1183  IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION = 16417, //RFC 5998
1184  IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED = 16418, //RFC 6023
1185  IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION = 16419, //RFC 6290
1186  IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED = 16420, //RFC 6311
1187  IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, //RFC 6311
1188  IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC = 16422, //RFC 6311
1189  IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC = 16423, //RFC 6311
1190  IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS = 16424, //RFC 6467
1191  IKE_NOTIFY_MSG_TYPE_PSK_PERSIST = 16425, //RFC 6631
1192  IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM = 16426, //RFC 6631
1193  IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED = 16427, //RFC 6867
1194  IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY = 16428, //Draft
1195  IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID = 16429, //Draft
1196  IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED = 16430, //RFC 7383
1197  IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS = 16431, //RFC 7427
1198  IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED = 16432, //RFC 7791
1199  IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA = 16433, //RFC 7791
1200  IKE_NOTIFY_MSG_TYPE_PUZZLE = 16434, //RFC 8019
1201  IKE_NOTIFY_MSG_TYPE_USE_PPK = 16435, //RFC 8784
1202  IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY = 16436, //RFC 8784
1203  IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH = 16437, //RFC 8784
1204  IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED = 16438, //RFC 9242
1205  IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED = 16439, //RFC 8983
1206  IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED = 16440, //RFC 8983
1207  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE = 16441, //Draft
1208  IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG = 16442, //Draft
1209  IKE_NOTIFY_MSG_TYPE_R_U_THERE = 36136, //RFC 3706
1210  IKE_NOTIFY_MSG_TYPE_R_U_THERE_ACK = 36137 //RFC 3706
1211 } IkeNotifyMsgType;
1212 
1213 
1214 /**
1215  * @brief Traffic selector types
1216  **/
1217 
1218 typedef enum
1219 {
1220  IKE_TS_TYPE_IPV4_ADDR_RANGE = 7,
1221  IKE_TS_TYPE_IPV6_ADDR_RANGE = 8
1222 } IkeTsType;
1223 
1224 
1225 /**
1226  * @brief IP protocol IDs
1227  **/
1228 
1229 typedef enum
1230 {
1231  IKE_IP_PROTOCOL_ID_ICMP = 1,
1232  IKE_IP_PROTOCOL_ID_TCP = 6,
1233  IKE_IP_PROTOCOL_ID_UDP = 17,
1234  IKE_IP_PROTOCOL_ID_ICMPV6 = 58,
1235 } IkeIpProtocolId;
1236 
1237 
1238 /**
1239  * @brief Configuration types
1240  **/
1241 
1242 typedef enum
1243 {
1244  IKE_CONFIG_TYPE_REQUEST = 1,
1245  IKE_CONFIG_TYPE_REPLY = 2,
1246  IKE_CONFIG_TYPE_SET = 3,
1247  IKE_CONFIG_TYPE_ACK = 4
1248 } IkeConfigType;
1249 
1250 
1251 /**
1252  * @brief Configuration attribute types
1253  **/
1254 
1255 typedef enum
1256 {
1257  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS = 1,
1258  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK = 2,
1259  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS = 3,
1260  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS = 4,
1261  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP = 6,
1262  IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION = 7,
1263  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS = 8,
1264  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS = 10,
1265  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP = 12,
1266  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET = 13,
1267  IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES = 14,
1268  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET = 15,
1269  IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX = 16,
1270  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK = 17,
1271  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX = 18,
1272  IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS = 20,
1273  IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS = 21,
1274  IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN = 25,
1275  IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA = 26
1276 } IkeAttrType;
1277 
1278 
1279 /**
1280  * @brief IKE Security Association state
1281  **/
1282 
1283 typedef enum
1284 {
1285  IKE_SA_STATE_CLOSED = 0,
1286  IKE_SA_STATE_RESERVED = 1,
1287  IKE_SA_STATE_INIT_REQ = 2,
1288  IKE_SA_STATE_INIT_RESP = 3,
1289  IKE_SA_STATE_AUTH_REQ = 4,
1290  IKE_SA_STATE_AUTH_RESP = 5,
1291  IKE_SA_STATE_OPEN = 6,
1292  IKE_SA_STATE_DPD_REQ = 7,
1293  IKE_SA_STATE_DPD_RESP = 8,
1294  IKE_SA_STATE_REKEY_REQ = 9,
1295  IKE_SA_STATE_REKEY_RESP = 10,
1296  IKE_SA_STATE_DELETE_REQ = 11,
1297  IKE_SA_STATE_DELETE_RESP = 12,
1298  IKE_SA_STATE_CREATE_CHILD_REQ = 13,
1299  IKE_SA_STATE_CREATE_CHILD_RESP = 14,
1300  IKE_SA_STATE_REKEY_CHILD_REQ = 15,
1301  IKE_SA_STATE_REKEY_CHILD_RESP = 16,
1302  IKE_SA_STATE_DELETE_CHILD_REQ = 17,
1303  IKE_SA_STATE_DELETE_CHILD_RESP = 18,
1304  IKE_SA_STATE_AUTH_FAILURE_REQ = 19,
1305  IKE_SA_STATE_AUTH_FAILURE_RESP = 20
1306 } IkeSaState;
1307 
1308 
1309 /**
1310  * @brief Child Security Association state
1311  **/
1312 
1313 typedef enum
1314 {
1315  IKE_CHILD_SA_STATE_CLOSED = 0,
1316  IKE_CHILD_SA_STATE_RESERVED = 1,
1317  IKE_CHILD_SA_STATE_INIT = 2,
1318  IKE_CHILD_SA_STATE_OPEN = 3,
1319  IKE_CHILD_SA_STATE_REKEY = 4,
1320  IKE_CHILD_SA_STATE_DELETE = 5
1321 } IkeChildSaState;
1322 
1323 
1324 /**
1325  * @brief Hash algorithms
1326  **/
1327 
1328 typedef enum
1329 {
1330  IKE_HASH_ALGO_SHA1 = 1,
1331  IKE_HASH_ALGO_SHA256 = 2,
1332  IKE_HASH_ALGO_SHA384 = 3,
1333  IKE_HASH_ALGO_SHA512 = 4,
1334  IKE_HASH_ALGO_IDENTITY = 5,
1335  IKE_HASH_ALGO_STREEBOG_256 = 6,
1336  IKE_HASH_ALGO_STREEBOG_512 = 7,
1337 } IkeHashAlgo;
1338 
1339 
1340 /**
1341  * @brief Certificate types
1342  **/
1343 
1344 typedef enum
1345 {
1346  IKE_CERT_TYPE_INVALID = 0,
1347  IKE_CERT_TYPE_RSA = 1,
1348  IKE_CERT_TYPE_RSA_PSS = 2,
1349  IKE_CERT_TYPE_DSA = 3,
1350  IKE_CERT_TYPE_ECDSA_P256 = 4,
1351  IKE_CERT_TYPE_ECDSA_P384 = 5,
1352  IKE_CERT_TYPE_ECDSA_P521 = 6,
1353  IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1 = 7,
1354  IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1 = 8,
1355  IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1 = 9,
1356  IKE_CERT_TYPE_SM2 = 10,
1357  IKE_CERT_TYPE_ED25519 = 11,
1358  IKE_CERT_TYPE_ED448 = 12
1359 } IkeCertType;
1360 
1361 
1362 //CC-RX, CodeWarrior or Win32 compiler?
1363 #if defined(__CCRX__)
1364  #pragma pack
1365 #elif defined(__CWCC__) || defined(_WIN32)
1366  #pragma pack(push, 1)
1367 #endif
1368 
1369 
1370 /**
1371  * @brief IKE header
1372  **/
1373 
1374 typedef __packed_struct
1375 {
1376  uint8_t initiatorSpi[IKE_SPI_SIZE]; //0-7
1377  uint8_t responderSpi[IKE_SPI_SIZE]; //8-15
1378  uint8_t nextPayload; //16
1379 #if defined(_CPU_BIG_ENDIAN) && !defined(__ICCRX__)
1380  uint8_t majorVersion : 4; //17
1381  uint8_t minorVersion : 4;
1382 #else
1383  uint8_t minorVersion : 4; //17
1384  uint8_t majorVersion : 4;
1385 #endif
1386  uint8_t exchangeType; //18
1387  uint8_t flags; //19
1388  uint32_t messageId; //20-23
1389  uint32_t length; //24-27
1390 } IkeHeader;
1391 
1392 
1393 /**
1394  * @brief Generic payload header
1395  **/
1396 
1397 typedef __packed_struct
1398 {
1399  uint8_t nextPayload; //0
1400 #if defined(_CPU_BIG_ENDIAN) && !defined(__ICCRX__)
1401  uint8_t critical : 1; //1
1402  uint8_t reserved : 7;
1403 #else
1404  uint8_t reserved : 7; //1
1405  uint8_t critical : 1;
1406 #endif
1407  uint16_t payloadLength; //2-3
1408 } IkePayloadHeader;
1409 
1410 
1411 /**
1412  * @brief Security Association payload
1413  **/
1414 
1415 typedef __packed_struct
1416 {
1417  IkePayloadHeader header; //0-3
1418  uint8_t proposals[]; //4
1419 } IkeSaPayload;
1420 
1421 
1422 /**
1423  * @brief Proposal substructure
1424  **/
1425 
1426 typedef __packed_struct
1427 {
1428  uint8_t lastSubstruc; //0
1429  uint8_t reserved; //1
1430  uint16_t proposalLength; //2-3
1431  uint8_t proposalNum; //4
1432  uint8_t protocolId; //5
1433  uint8_t spiSize; //6
1434  uint8_t numTransforms; //7
1435  uint8_t spi[]; //8
1436 } IkeProposal;
1437 
1438 
1439 /**
1440  * @brief Transform substructure
1441  **/
1442 
1443 typedef __packed_struct
1444 {
1445  uint8_t lastSubstruc; //0
1446  uint8_t reserved1; //1
1447  uint16_t transformLength; //2-3
1448  uint8_t transformType; //4
1449  uint8_t reserved2; //5
1450  uint16_t transformId; //6-7
1451  uint8_t transformAttr[]; //8
1452 } IkeTransform;
1453 
1454 
1455 /**
1456  * @brief Transform attribute
1457  **/
1458 
1459 typedef __packed_struct
1460 {
1461  uint16_t type; //0-1
1462  uint16_t length; //2-3
1463  uint8_t value[]; //4
1464 } IkeTransformAttr;
1465 
1466 
1467 /**
1468  * @brief Key Exchange payload
1469  **/
1470 
1471 typedef __packed_struct
1472 {
1473  IkePayloadHeader header; //0-3
1474  uint16_t dhGroupNum; //4-5
1475  uint16_t reserved; //6-7
1476  uint8_t keyExchangeData[]; //8
1477 } IkeKePayload;
1478 
1479 
1480 /**
1481  * @brief Identification payload
1482  **/
1483 
1484 typedef __packed_struct
1485 {
1486  IkePayloadHeader header; //0-3
1487  uint8_t idType; //4
1488  uint8_t reserved[3]; //5-7
1489  uint8_t idData[]; //8
1490 } IkeIdPayload;
1491 
1492 
1493 /**
1494  * @brief Certificate payload
1495  **/
1496 
1497 typedef __packed_struct
1498 {
1499  IkePayloadHeader header; //0-3
1500  uint8_t certEncoding; //4
1501  uint8_t certData[]; //5
1502 } IkeCertPayload;
1503 
1504 
1505 /**
1506  * @brief Certificate Request payload
1507  **/
1508 
1509 typedef __packed_struct
1510 {
1511  IkePayloadHeader header; //0-3
1512  uint8_t certEncoding; //4
1513  uint8_t certAuthority[]; //5
1514 } IkeCertReqPayload;
1515 
1516 
1517 /**
1518  * @brief Authentication payload
1519  **/
1520 
1521 typedef __packed_struct
1522 {
1523  IkePayloadHeader header; //0-3
1524  uint8_t authMethod; //4
1525  uint8_t reserved[3]; //4-7
1526  uint8_t authData[]; //8
1527 } IkeAuthPayload;
1528 
1529 
1530 /**
1531  * @brief Authentication data for digital signatures
1532  **/
1533 
1534 typedef __packed_struct
1535 {
1536  uint8_t algoIdLen; //0
1537  uint8_t algoId[]; //1
1538 } IkeAuthData;
1539 
1540 
1541 /**
1542  * @brief Nonce payload
1543  **/
1544 
1545 typedef __packed_struct
1546 {
1547  IkePayloadHeader header; //0-3
1548  uint8_t nonceData[]; //4
1549 } IkeNoncePayload;
1550 
1551 
1552 /**
1553  * @brief Notify payload
1554  **/
1555 
1556 typedef __packed_struct
1557 {
1558  IkePayloadHeader header; //0-3
1559  uint8_t protocolId; //4
1560  uint8_t spiSize; //5
1561  uint16_t notifyMsgType; //6-7
1562  uint8_t spi[]; //8
1563 } IkeNotifyPayload;
1564 
1565 
1566 /**
1567  * @brief Delete payload
1568  **/
1569 
1570 typedef __packed_struct
1571 {
1572  IkePayloadHeader header; //0-3
1573  uint8_t protocolId; //4
1574  uint8_t spiSize; //5
1575  uint16_t numSpi; //6-7
1576  uint8_t spi[]; //8
1577 } IkeDeletePayload;
1578 
1579 
1580 /**
1581  * @brief Vendor ID payload
1582  **/
1583 
1584 typedef __packed_struct
1585 {
1586  IkePayloadHeader header; //0-3
1587  uint8_t vid[]; //4
1588 } IkeVendorIdPayload;
1589 
1590 
1591 /**
1592  * @brief Traffic Selector payload
1593  **/
1594 
1595 typedef __packed_struct
1596 {
1597  IkePayloadHeader header; //0-3
1598  uint8_t numTs; //4
1599  uint8_t reserved[3]; //5-7
1600  uint8_t trafficSelectors[]; //8
1601 } IkeTsPayload;
1602 
1603 
1604 /**
1605  * @brief Traffic selector
1606  **/
1607 
1608 typedef __packed_struct
1609 {
1610  uint8_t tsType; //0
1611  uint8_t ipProtocolId; //1
1612  uint16_t selectorLength; //2-3
1613  uint16_t startPort; //4-5
1614  uint16_t endPort; //6-7
1615  uint8_t startAddr[]; //8
1616 } IkeTs;
1617 
1618 
1619 /**
1620  * @brief Encrypted payload
1621  **/
1622 
1623 typedef __packed_struct
1624 {
1625  IkePayloadHeader header; //0-3
1626  uint8_t iv[]; //4
1627 } IkeEncryptedPayload;
1628 
1629 
1630 /**
1631  * @brief Configuration payload
1632  **/
1633 
1634 typedef __packed_struct
1635 {
1636  IkePayloadHeader header; //0-3
1637  uint8_t configType; //4
1638  uint8_t reserved[3]; //5-7
1639  uint8_t configAttributes[]; //8
1640 } IkeConfigPayload;
1641 
1642 
1643 /**
1644  * @brief Configuration attribute
1645  **/
1646 
1647 typedef __packed_struct
1648 {
1649  uint16_t type; //0-1
1650  uint16_t length; //2-3
1651  uint8_t value[]; //4
1652 } IkeConfigAttr;
1653 
1654 
1655 /**
1656  * @brief EAP payload
1657  **/
1658 
1659 typedef __packed_struct
1660 {
1661  IkePayloadHeader header; //0-3
1662  uint8_t eapMessage[]; //4
1663 } IkeEapPayload;
1664 
1665 
1666 /**
1667  * @brief EAP message
1668  **/
1669 
1670 typedef __packed_struct
1671 {
1672  uint8_t code; //0
1673  uint8_t identifier; //1
1674  uint16_t length; //2-3
1675  uint8_t type; //4
1676  uint8_t data[]; //5
1677 } IkeEapMessage;
1678 
1679 
1680 /**
1681  * @brief Encrypted Fragment payload
1682  **/
1683 
1684 typedef __packed_struct
1685 {
1686  IkePayloadHeader header; //0-3
1687  uint16_t fragNum; //4-5
1688  uint16_t totalFrags; //6-7
1689  uint8_t iv[]; //8
1690 } IkeEncryptedFragPayload;
1691 
1692 
1693 //CC-RX, CodeWarrior or Win32 compiler?
1694 #if defined(__CCRX__)
1695  #pragma unpack
1696 #elif defined(__CWCC__) || defined(_WIN32)
1697  #pragma pack(pop)
1698 #endif
1699 
1700 
1701 /**
1702  * @brief Certificate verification callback function
1703  **/
1704 
1705 typedef error_t (*IkeCertVerifyCallback)(IkeSaEntry *sa,
1706  const X509CertInfo *certInfo, uint_t pathLen);
1707 
1708 
1709 /**
1710  * @brief Cookie generation callback function
1711  **/
1712 
1713 typedef error_t (*IkeCookieGenerateCallback)(IkeContext *context,
1714  const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce,
1715  size_t nonceLen, uint8_t *cookie, size_t *cookieLen);
1716 
1717 
1718 /**
1719  * @brief Cookie verification callback function
1720  **/
1721 
1722 typedef error_t (*IkeCookieVerifyCallback)(IkeContext *context,
1723  const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce,
1724  size_t nonceLen, const uint8_t *cookie, size_t cookieLen);
1725 
1726 
1727 /**
1728  * @brief Traffic selector parameters
1729  **/
1730 
1731 typedef struct
1732 {
1733  IpAddr startAddr;
1734  IpAddr endAddr;
1735  uint8_t ipProtocolId;
1736  uint16_t startPort;
1737  uint16_t endPort;
1738 } IkeTsParams;
1739 
1740 
1741 /**
1742  * @brief IKE Security Association entry
1743  **/
1744 
1745 struct _IkeSaEntry
1746 {
1747  IkeSaState state; ///<IKE SA state
1748  IkeContext *context; ///<IKE context
1749  IkeSaEntry *oldSa; ///<Old IKE SA
1750  IkeSaEntry *newSa; ///<New IKE SA
1751  IkeChildSaEntry *childSa; ///<Child SA
1752  IpAddr remoteIpAddr; ///<IP address of the peer
1753  uint16_t remotePort;
1754  bool_t originalInitiator; ///<Original initiator of the IKE SA
1755  systime_t lifetimeStart;
1756  systime_t lifetime; ///<Lifetime of the IKE SA
1757  systime_t reauthPeriod; ///<Reauthentication period
1758 #if (IKE_DPD_SUPPORT == ENABLED)
1759  systime_t dpdStart;
1760  systime_t dpdPeriod; ///<Dead peer detection period
1761 #endif
1762  systime_t timestamp;
1763  systime_t timeout;
1764  uint_t retransmitCount;
1765  uint32_t txMessageId;
1766  uint32_t rxMessageId;
1767  uint8_t cookie[IKE_MAX_COOKIE_SIZE]; ///<Cookie
1768  size_t cookieLen; ///<Length of the cookie, in bytes
1769  uint8_t initiatorSpi[IKE_SPI_SIZE]; ///<Initiator SPI
1770  uint8_t responderSpi[IKE_SPI_SIZE]; ///<Responder SPI
1771 
1772  uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE];
1773  size_t initiatorNonceLen;
1774  uint8_t responderNonce[IKE_MAX_NONCE_SIZE];
1775  size_t responderNonceLen;
1776 
1777  IkeIdType peerIdType; ///<Peer ID type
1778  uint8_t peerId[IKE_MAX_ID_LEN]; ///<Peer ID
1779  size_t peerIdLen; ///<Length of the peer ID, in bytes
1780 
1781  IkeNotifyMsgType notifyMsgType;
1782  uint8_t unsupportedCriticalPayload;
1783  uint8_t notifyProtocolId;
1784  uint8_t notifySpi[4];
1785 
1786  uint16_t encAlgoId; ///<Encryption algorithm
1787  uint16_t prfAlgoId; ///<Pseudorandom function
1788  uint16_t authAlgoId; ///<Integrity algorithm
1789  uint16_t dhGroupNum; ///<Diffie-Hellman group number
1790 
1791  uint8_t sharedSecret[IKE_MAX_SHARED_SECRET_LEN]; ///<Shared secret
1792  size_t sharedSecretLen; ///<Length of the shared secret, in bytes
1793  uint8_t keyMaterial[IKE_MAX_SA_KEY_MAT_LEN]; ///<Keying material
1794  const uint8_t *skd; ///<Key used for deriving new keys for Child SAs
1795  const uint8_t *skai; ///<Integrity protection key (initiator)
1796  const uint8_t *skar; ///<Integrity protection key (responder)
1797  const uint8_t *skei; ///<Encryption key (initiator)
1798  const uint8_t *sker; ///<Encryption key (responder)
1799  const uint8_t *skpi; ///<Key used for generating AUTH payload (initiator)
1800  const uint8_t *skpr; ///<Key used for generating AUTH payload (responder)
1801 
1802  CipherMode cipherMode; ///<Cipher mode of operation
1803  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1804  CipherContext cipherContext; ///<Cipher context
1805  const HashAlgo *authHashAlgo; ///<Hash algorithm for HMAC-based integrity calculations
1806  const CipherAlgo *authCipherAlgo; ///<Cipher algorithm for CMAC-based integrity calculations
1807  const HashAlgo *prfHashAlgo; ///<Hash algorithm for HMAC-based PRF calculations
1808  const CipherAlgo *prfCipherAlgo; ///<Cipher algorithm for CMAC-based PRF calculations
1809  size_t encKeyLen; ///<Size of the encryption key, in bytes
1810  size_t authKeyLen; ///<Size of the integrity protection key, in bytes
1811  size_t prfKeyLen; ///<Preferred size of the PRF key, in bytes
1812  size_t saltLen; ///<Length of the salt, in bytes
1813  size_t ivLen; ///<Length of the initialization vector, in bytes
1814  size_t icvLen; ///<Length of the ICV tag, in bytes
1815  uint8_t iv[8]; ///<Initialization vector
1816 
1817 #if (IKE_DH_KE_SUPPORT == ENABLED)
1818  DhContext dhContext; ///<Diffie-Hellman context
1819 #endif
1820 #if (IKE_ECDH_KE_SUPPORT == ENABLED)
1821  EcdhContext ecdhContext; ///<ECDH context
1822 #endif
1823 
1824  uint8_t *initiatorSaInit; ///<Pointer to the IKE_SA_INIT request
1825  size_t initiatorSaInitLen; ///<Length of the IKE_SA_INIT request, in bytes
1826  uint8_t *responderSaInit; ///<Pointer to the IKE_SA_INIT response
1827  size_t responderSaInitLen; ///<Length of the IKE_SA_INIT response, in bytes
1828 
1829  uint8_t request[IKE_MAX_MSG_SIZE]; ///<Request message
1830  size_t requestLen; ///<Length of the request message, in bytes
1831  uint8_t response[IKE_MAX_MSG_SIZE]; ///<Response message
1832  size_t responseLen; ///<Length of the response message, in bytes
1833 
1834  bool_t rekeyRequest; ///<IKE SA rekey request
1835  bool_t reauthRequest; ///<IKE SA reauthentication request
1836  bool_t reauthPending; ///<Reauthentication process is on-going
1837  bool_t deleteRequest; ///<IKE SA delete request
1838  bool_t deleteReceived;
1839  bool_t nonAdditionalSas; ///<NO_ADDITIONAL_SAS notification received
1840 #if (IKE_INITIAL_CONTACT_SUPPORT == ENABLED)
1841  bool_t initialContact; ///<INITIAL_CONTACT notification received
1842 #endif
1843 #if (IKE_SIGN_HASH_ALGOS_SUPPORT == ENABLED)
1844  uint32_t signHashAlgos; ///<List of hash algorithms supported by the peer
1845 #endif
1846 };
1847 
1848 
1849 /**
1850  * @brief Child Security Association entry
1851  **/
1852 
1853 struct _IkeChildSaEntry
1854 {
1855  IkeChildSaState state; ///<Child SA state
1856  IkeContext *context; ///<IKE context
1857  IkeSaEntry *sa; ///<IKE SA entry
1858  IkeChildSaEntry *oldChildSa; ///<Old Child SA
1859  IpAddr remoteIpAddr; ///<IP address of the peer
1860  IpsecMode mode; ///<IPsec mode (tunnel or transport)
1861  IpsecProtocol protocol; ///<Security protocol (AH or ESP)
1862  bool_t initiator; ///<Initiator of the CREATE_CHILD_SA exchange
1863  systime_t lifetimeStart;
1864  uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]; ///<Initiator nonce
1865  size_t initiatorNonceLen; ///<Length of the initiator nonce
1866  uint8_t responderNonce[IKE_MAX_NONCE_SIZE]; ///<Responder nonce
1867  size_t responderNonceLen; ///<Length of the responder nonce
1868  uint8_t localSpi[4];
1869  uint8_t remoteSpi[4];
1870  uint16_t encAlgoId; ///<Encryption algorithm
1871  uint16_t authAlgoId; ///<Integrity algorithm
1872  uint16_t esn; ///<Extended sequence numbers
1873 
1874  uint8_t keyMaterial[IKE_MAX_CHILD_SA_KEY_MAT_LEN]; ///<Keying material
1875  const uint8_t *skai; ///<Integrity protection key (initiator)
1876  const uint8_t *skar; ///<Integrity protection key (responder)
1877  const uint8_t *skei; ///<Encryption key (initiator)
1878  const uint8_t *sker; ///<Encryption key (responder)
1879 
1880  CipherMode cipherMode; ///<Cipher mode of operation
1881  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1882  const HashAlgo *authHashAlgo; ///<Hash algorithm for HMAC-based integrity calculations
1883  const CipherAlgo *authCipherAlgo; ///<Cipher algorithm for CMAC-based integrity calculations
1884  size_t encKeyLen; ///<Length of the encryption key, in bytes
1885  size_t authKeyLen; ///<Length of the integrity protection key, in bytes
1886  size_t saltLen; ///<Length of the salt, in bytes
1887  size_t ivLen; ///<Length of the initialization vector, in bytes
1888  size_t icvLen; ///<Length of the ICV tag, in bytes
1889  uint8_t iv[8]; ///<Initialization vector
1890 
1891  IpsecPacketInfo packetInfo;
1892  IpsecSelector selector;
1893 
1894  bool_t rekeyRequest; ///<Child SA rekey request
1895  bool_t deleteRequest; ///<Child SA delete request
1896  bool_t deleteReceived;
1897 
1898  int_t inboundSa; ///<Inbound SAD entry
1899  int_t outboundSa; ///<Outbound SAD entry
1900 };
1901 
1902 
1903 /**
1904  * @brief IKE settings
1905  **/
1906 
1907 typedef struct
1908 {
1909  OsTaskParameters task; ///<Task parameters
1910  NetInterface *interface; ///<Underlying network interface
1911  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1912  void *prngContext; ///<Pseudo-random number generator context
1913  IkeSaEntry *saEntries; ///<IKE SA entries
1914  uint_t numSaEntries; ///<Number of IKE SA entries
1915  IkeChildSaEntry *childSaEntries; ///<Child SA entries
1916  uint_t numChildSaEntries; ///<Number of Child SA entries
1917  systime_t saLifetime; ///<Lifetime of IKE SAs
1918  systime_t childSaLifetime; ///<Lifetime of Child SAs
1919  systime_t reauthPeriod; ///<Reauthentication period
1920 #if (IKE_DPD_SUPPORT == ENABLED)
1921  systime_t dpdPeriod; ///<Dead peer detection period
1922 #endif
1923 #if (IKE_COOKIE_SUPPORT == ENABLED)
1924  IkeCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
1925  IkeCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
1926 #endif
1927 #if (IKE_CERT_AUTH_SUPPORT == ENABLED)
1928  IkeCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
1929 #endif
1930 } IkeSettings;
1931 
1932 
1933 /**
1934  * @brief IKE context
1935  **/
1936 
1937 struct _IkeContext
1938 {
1939  bool_t running; ///<Operational state of IKEv2
1940  bool_t stop; ///<Stop request
1941  OsEvent event; ///<Event object used to poll the underlying socket
1942  OsTaskParameters taskParams; ///<Task parameters
1943  OsTaskId taskId; ///<Task identifier
1944  NetInterface *interface; ///<Underlying network interface
1945  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1946  void *prngContext; ///<Pseudo-random number generator context
1947  systime_t saLifetime; ///<Lifetime of IKE SAs
1948  systime_t childSaLifetime; ///<Lifetime of Child SAs
1949  systime_t reauthPeriod; ///<Reauthentication period
1950 #if (IKE_DPD_SUPPORT == ENABLED)
1951  systime_t dpdPeriod; ///<Dead peer detection period
1952 #endif
1953  uint16_t preferredDhGroupNum; ///<Preferred Diffie-Hellman group number
1954  IkeIdType idType; ///<ID type
1955  uint8_t id[IKE_MAX_ID_LEN]; ///<ID
1956  size_t idLen; ///<Length of the ID, in bytes
1957  uint8_t psk[IKE_MAX_PSK_LEN]; ///<Pre-shared key
1958  size_t pskLen; ///<Length of the pre-shared key, in bytes
1959  IkeCertType certType; ///<Certificate type
1960  const char_t *certChain; ///<Entity's certificate chain (PEM format)
1961  size_t certChainLen; ///<Length of the certificate chain
1962  const char_t *privateKey; ///<Entity's private key (PEM format)
1963  size_t privateKeyLen; ///<Length of the private key
1964  char_t password[IKE_MAX_PASSWORD_LEN + 1]; ///<Password used to decrypt the private key
1965 
1966  Socket *socket; ///<Underlying UDP socket
1967  IpAddr localIpAddr; ///<Destination IP address of the received IKE message
1968  IpAddr remoteIpAddr; ///<Source IP address of the received IKE message
1969  uint16_t remotePort; ///<Source port of the received IKE message
1970  IkeSaEntry *sa; ///<IKE SA entries
1971  uint_t numSaEntries; ///<Number of IKE SA entries
1972  IkeChildSaEntry *childSa; ///<Child SA entries
1973  uint_t numChildSaEntries; ///<Number of Child SA entries
1974  uint8_t message[IKE_MAX_MSG_SIZE]; ///<Incoming IKE message
1975  size_t messageLen; ///<Length of the incoming IKE message, in bytes
1976 
1977 #if (IKE_CMAC_AUTH_SUPPORT == ENABLED || IKE_CMAC_PRF_SUPPORT == ENABLED)
1978  CmacContext cmacContext; ///<CMAC context
1979 #endif
1980 #if (IKE_HMAC_AUTH_SUPPORT == ENABLED || IKE_HMAC_PRF_SUPPORT == ENABLED)
1981  HmacContext hmacContext; ///<HMAC context
1982 #endif
1983 #if (IKE_XCBC_MAC_AUTH_SUPPORT == ENABLED || IKE_XCBC_MAC_PRF_SUPPORT == ENABLED)
1984  XcbcMacContext xcbcMacContext; ///<XCBC-MAC context
1985 #endif
1986 
1987 #if (IKE_COOKIE_SUPPORT == ENABLED)
1988  IkeCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
1989  IkeCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
1990 #endif
1991 #if (IKE_CERT_AUTH_SUPPORT == ENABLED)
1992  IkeCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
1993 #endif
1994 };
1995 
1996 
1997 //IKEv2 related functions
1998 void ikeGetDefaultSettings(IkeSettings *settings);
1999 
2000 error_t ikeInit(IkeContext *context, const IkeSettings *settings);
2001 error_t ikeStart(IkeContext *context);
2002 error_t ikeStop(IkeContext *context);
2003 
2004 error_t ikeSetPreferredDhGroup(IkeContext *context, uint16_t dhGroupNum);
2005 
2006 error_t ikeSetId(IkeContext *context, IkeIdType idType, const void *id,
2007  size_t idLen);
2008 
2009 error_t ikeSetPsk(IkeContext *context, const uint8_t *psk, size_t pskLen);
2010 
2011 error_t ikeSetCertificate(IkeContext *context, const char_t *certChain,
2012  size_t certChainLen, const char_t *privateKey, size_t privateKeyLen,
2013  const char_t *password);
2014 
2015 error_t ikeCreateSa(IkeContext *context, const IpsecPacketInfo *packet);
2016 error_t ikeRekeySa(IkeSaEntry *sa);
2017 error_t ikeDeleteSa(IkeSaEntry *sa);
2018 
2019 error_t ikeCreateChildSa(IkeContext *context, const IpsecPacketInfo *packet);
2020 error_t ikeRekeyChildSa(IkeChildSaEntry *childSa);
2021 error_t ikeDeleteChildSa(IkeChildSaEntry *childSa);
2022 
2023 void ikeTask(IkeContext *context);
2024 
2025 void ikeDeinit(IkeContext *context);
2026 
2027 //C++ guard
2028 #ifdef __cplusplus
2029 }
2030 #endif
2031 
2032 #endif
_IkeSaEntry::remotePort
uint16_t remotePort
Definition: ike.h:1753
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS
Definition: ike.h:1257
IkeSaState
IkeSaState
IKE Security Association state.
Definition: ike.h:1284
IKE_TRANSFORM_ID_ENCR_AES_GCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_8
Definition: ike.h:928
_IkeSaEntry::dhContext
DhContext dhContext
Diffie-Hellman context.
Definition: ike.h:1818
IKE_CHILD_SA_STATE_DELETE
@ IKE_CHILD_SA_STATE_DELETE
Definition: ike.h:1320
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
@ IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
Definition: ike.h:981
IKE_TRANSFORM_ID_ENCR_RESERVED
@ IKE_TRANSFORM_ID_ENCR_RESERVED
Definition: ike.h:912
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
@ IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
Definition: ike.h:1192
IKE_ID_TYPE_FC_NAME
@ IKE_ID_TYPE_FC_NAME
Definition: ike.h:1074
IKE_TRANSFORM_ID_DH_GROUP_CURVE448
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE448
curve448
Definition: ike.h:1019
reserved2
uint8_t reserved2
Definition: ike.h:1449
_IkeSaEntry::encKeyLen
size_t encKeyLen
Size of the encryption key, in bytes.
Definition: ike.h:1809
IKE_CONFIG_TYPE_REPLY
@ IKE_CONFIG_TYPE_REPLY
Definition: ike.h:1245
IkeCertType
IkeCertType
Certificate types.
Definition: ike.h:1345
IkeTransformIdEncr
IkeTransformIdEncr
Transform IDs (Encryption Algorithm)
Definition: ike.h:911
x509_common.h
X.509 common definitions.
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK
Definition: ike.h:1258
_IkeContext::cookieVerifyCallback
IkeCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: ike.h:1989
XcbcMacContext
XCBC-MAC algorithm context.
Definition: xcbc_mac.h:54
_IkeChildSaEntry::selector
IpsecSelector selector
Definition: ike.h:1892
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
Definition: ike.h:986
IKE_MAX_MSG_SIZE
#define IKE_MAX_MSG_SIZE
Definition: ike.h:166
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
1024-bit MODP Group
Definition: ike.h:999
key_exch_algorithms.h
Collection of key exchange algorithms.
_IkeChildSaEntry::responderNonceLen
size_t responderNonceLen
Length of the responder nonce.
Definition: ike.h:1867
IKE_TRANSFORM_ID_DH_GROUP_ECP_192
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_192
192-bit Random ECP Group
Definition: ike.h:1012
IkeAuthData
IkeAuthData
Definition: ike.h:1538
_IkeChildSaEntry::saltLen
size_t saltLen
Length of the salt, in bytes.
Definition: ike.h:1886
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
Definition: ike.h:1199
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
Definition: ike.h:975
IKE_TS_TYPE_IPV4_ADDR_RANGE
@ IKE_TS_TYPE_IPV4_ADDR_RANGE
Definition: ike.h:1220
_IkeSaEntry::initiatorNonce
uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]
Definition: ike.h:1772
IpsecMode
IpsecMode
IPsec protocol modes.
Definition: ipsec.h:202
code
uint8_t code
Definition: coap_common.h:179
bool_t
int bool_t
Definition: compiler_port.h:61
HmacContext
HMAC algorithm context.
Definition: hmac.h:59
IKE_TRANSFORM_ID_PRF_AES128_CMAC
@ IKE_TRANSFORM_ID_PRF_AES128_CMAC
Definition: ike.h:962
_IkeChildSaEntry::context
IkeContext * context
IKE context.
Definition: ike.h:1856
IKE_TRANSFORM_ID_ENCR_AES_CCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_16
Definition: ike.h:927
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
Definition: ike.h:1153
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
Definition: ike.h:941
IkeCertReqPayload
IkeCertReqPayload
Definition: ike.h:1514
startAddr
uint8_t startAddr[]
Definition: ike.h:1615
payloadLength
uint16_t payloadLength
Definition: ike.h:1407
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
Definition: ike.h:1131
IKE_TRANSFORM_ID_ENCR_AES_CTR
@ IKE_TRANSFORM_ID_ENCR_AES_CTR
Definition: ike.h:924
IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1
Definition: ike.h:1354
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
Definition: ike.h:1193
flags
uint8_t flags
Definition: ike.h:1387
IKE_TRANSFORM_ID_DH_GROUP_NONE
@ IKE_TRANSFORM_ID_DH_GROUP_NONE
None.
Definition: ike.h:997
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
Definition: ike.h:1196
IkeVendorIdPayload
IkeVendorIdPayload
Definition: ike.h:1588
IKE_HASH_ALGO_SHA256
@ IKE_HASH_ALGO_SHA256
Definition: ike.h:1331
IKE_NOTIFY_MSG_TYPE_INVALID_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_SPI
Definition: ike.h:1132
IKE_CERT_ENCODING_RAW_RSA_KEY
@ IKE_CERT_ENCODING_RAW_RSA_KEY
Raw RSA key (deprecated)
Definition: ike.h:1094
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
@ IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
Definition: ike.h:1151
IKE_IP_PROTOCOL_ID_ICMP
@ IKE_IP_PROTOCOL_ID_ICMP
Definition: ike.h:1231
IKE_IP_PROTOCOL_ID_TCP
@ IKE_IP_PROTOCOL_ID_TCP
Definition: ike.h:1232
IkeCookieVerifyCallback
error_t(* IkeCookieVerifyCallback)(IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, const uint8_t *cookie, size_t cookieLen)
Cookie verification callback function.
Definition: ike.h:1722
_IkeSaEntry::initiatorNonceLen
size_t initiatorNonceLen
Definition: ike.h:1773
fragNum
uint16_t fragNum
Definition: ike.h:1687
__packed_struct
typedef __packed_struct
IKE header.
Definition: ike.h:1375
int_t
signed int int_t
Definition: compiler_port.h:56
_IkeContext::cookieGenerateCallback
IkeCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: ike.h:1988
_IkeContext::saLifetime
systime_t saLifetime
Lifetime of IKE SAs.
Definition: ike.h:1947
IKE_ID_TYPE_NULL
@ IKE_ID_TYPE_NULL
Definition: ike.h:1075
IKE_NOTIFY_MSG_TYPE_REKEY_SA
@ IKE_NOTIFY_MSG_TYPE_REKEY_SA
Definition: ike.h:1159
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
Definition: ike.h:1146
IKE_MAX_SA_KEY_MAT_LEN
#define IKE_MAX_SA_KEY_MAT_LEN
Definition: ike.h:712
IpsecSelector
IPsec selector.
Definition: ipsec.h:302
certEncoding
uint8_t certEncoding
Definition: ike.h:1500
IpAddr
IP network address.
Definition: ip.h:90
_IkeChildSaEntry::authAlgoId
uint16_t authAlgoId
Integrity algorithm.
Definition: ike.h:1871
_IkeContext::stop
bool_t stop
Stop request.
Definition: ike.h:1940
_IkeSaEntry::nonAdditionalSas
bool_t nonAdditionalSas
NO_ADDITIONAL_SAS notification received.
Definition: ike.h:1839
_IkeSaEntry::responseLen
size_t responseLen
Length of the response message, in bytes.
Definition: ike.h:1832
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
Definition: ike.h:980
_IkeSaEntry::authHashAlgo
const HashAlgo * authHashAlgo
Hash algorithm for HMAC-based integrity calculations.
Definition: ike.h:1805
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
Definition: ike.h:1152
IKE_HASH_ALGO_SHA1
@ IKE_HASH_ALGO_SHA1
Definition: ike.h:1330
_IkeSaEntry::dpdStart
systime_t dpdStart
Definition: ike.h:1759
keyExchangeData
uint8_t keyExchangeData[]
Definition: ike.h:1476
PrngAlgo
#define PrngAlgo
Definition: crypto.h:973
IKE_ID_TYPE_IPV4_ADDR
@ IKE_ID_TYPE_IPV4_ADDR
Definition: ike.h:1067
_IkeContext::idType
IkeIdType idType
ID type.
Definition: ike.h:1954
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
@ IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
Definition: ike.h:1133
ikeSetCertificate
error_t ikeSetCertificate(IkeContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
Definition: ike.c:426
IKE_PAYLOAD_TYPE_CP
@ IKE_PAYLOAD_TYPE_CP
Configuration.
Definition: ike.h:860
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
Definition: ike.h:1164
_IkeContext::interface
NetInterface * interface
Underlying network interface.
Definition: ike.h:1944
_IkeContext::certChain
const char_t * certChain
Entity's certificate chain (PEM format)
Definition: ike.h:1960
IkeTransformAttrFormat
IkeTransformAttrFormat
Transform attribute format.
Definition: ike.h:1044
_IkeChildSaEntry::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: ike.h:1881
IkeKePayload
IkeKePayload
Definition: ike.h:1477
_IkeSaEntry::childSa
IkeChildSaEntry * childSa
Child SA.
Definition: ike.h:1751
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
Definition: ike.h:932
IKE_ID_TYPE_DER_ASN1_DN
@ IKE_ID_TYPE_DER_ASN1_DN
Definition: ike.h:1071
IKE_HASH_ALGO_STREEBOG_256
@ IKE_HASH_ALGO_STREEBOG_256
Definition: ike.h:1335
IKE_CERT_TYPE_RSA_PSS
@ IKE_CERT_TYPE_RSA_PSS
Definition: ike.h:1348
IKE_TRANSFORM_ID_ENCR_IDEA
@ IKE_TRANSFORM_ID_ENCR_IDEA
Definition: ike.h:917
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
Definition: ike.h:982
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
Definition: ike.h:974
IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
4096-bit MODP Group
Definition: ike.h:1003
IKE_SA_STATE_DELETE_REQ
@ IKE_SA_STATE_DELETE_REQ
Definition: ike.h:1296
IkeConfigPayload
IkeConfigPayload
Definition: ike.h:1640
IKE_CONFIG_TYPE_REQUEST
@ IKE_CONFIG_TYPE_REQUEST
Definition: ike.h:1244
ikeSetPsk
error_t ikeSetPsk(IkeContext *context, const uint8_t *psk, size_t pskLen)
Set entity's pre-shared key.
Definition: ike.c:388
proposalLength
uint16_t proposalLength
Definition: ike.h:1430
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK
Definition: ike.h:1270
IKE_CERT_ENCODING_DNS_SIGNED_KEY
@ IKE_CERT_ENCODING_DNS_SIGNED_KEY
DNS signed key.
Definition: ike.h:1087
IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
@ IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
More transform substructures.
Definition: ike.h:876
IKE_AUTH_METHOD_ECDSA_P521_SHA512
@ IKE_AUTH_METHOD_ECDSA_P521_SHA512
ECDSA with SHA-512 on the P-521 curve.
Definition: ike.h:1113
IkeTsParams::startAddr
IpAddr startAddr
Definition: ike.h:1733
cipher_algorithms.h
Collection of AEAD algorithms.
_IkeSaEntry::peerIdLen
size_t peerIdLen
Length of the peer ID, in bytes.
Definition: ike.h:1779
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
2048-bit MODP Group
Definition: ike.h:1001
reserved
uint8_t reserved
Definition: ike.h:1404
_IkeChildSaEntry::mode
IpsecMode mode
IPsec mode (tunnel or transport)
Definition: ike.h:1860
idData
uint8_t idData[]
Definition: ike.h:1489
IKE_NOTIFY_MSG_TYPE_PUZZLE
@ IKE_NOTIFY_MSG_TYPE_PUZZLE
Definition: ike.h:1200
IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX
@ IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX
Definition: ike.h:1269
IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
8192-bit MODP Group
Definition: ike.h:1005
OsEvent
Event object.
Definition: os_port_cmsis_rtos.h:110
_IkeChildSaEntry::inboundSa
int_t inboundSa
Inbound SAD entry.
Definition: ike.h:1898
CipherContext
Generic cipher algorithm context.
Definition: cipher_algorithms.h:209
_IkeSaEntry::signHashAlgos
uint32_t signHashAlgos
List of hash algorithms supported by the peer.
Definition: ike.h:1844
IkeNotifyPayload
IkeNotifyPayload
Definition: ike.h:1563
IKE_TRANSFORM_TYPE_DH
@ IKE_TRANSFORM_TYPE_DH
Diffie-Hellman Group.
Definition: ike.h:901
numTransforms
uint8_t numTransforms
Definition: ike.h:1434
_IkeChildSaEntry::packetInfo
IpsecPacketInfo packetInfo
Definition: ike.h:1891
IKE_TRANSFORM_ID_ESN_NO
@ IKE_TRANSFORM_ID_ESN_NO
No Extended Sequence Numbers.
Definition: ike.h:1034
_IkeChildSaEntry::encKeyLen
size_t encKeyLen
Length of the encryption key, in bytes.
Definition: ike.h:1884
IKE_AUTH_METHOD_GSPAM
@ IKE_AUTH_METHOD_GSPAM
Generic Secure Password Authentication Method.
Definition: ike.h:1114
IkeSettings::numChildSaEntries
uint_t numChildSaEntries
Number of Child SA entries.
Definition: ike.h:1916
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
Definition: ike.h:1166
_IkeContext::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1951
IKE_TRANSFORM_ID_ENCR_CAST
@ IKE_TRANSFORM_ID_ENCR_CAST
Definition: ike.h:918
_IkeSaEntry::responderNonceLen
size_t responderNonceLen
Definition: ike.h:1775
_IkeContext::remoteIpAddr
IpAddr remoteIpAddr
Source IP address of the received IKE message.
Definition: ike.h:1968
_IkeSaEntry::newSa
IkeSaEntry * newSa
New IKE SA.
Definition: ike.h:1750
IKE_AUTH_METHOD_RSA
@ IKE_AUTH_METHOD_RSA
RSA Digital Signature.
Definition: ike.h:1108
IkeTsParams::endAddr
IpAddr endAddr
Definition: ike.h:1734
IKE_PROTOCOL_ID_AH
@ IKE_PROTOCOL_ID_AH
AH protocol.
Definition: ike.h:887
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
Definition: ike.h:934
IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
@ IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
IKE_SESSION_RESUME.
Definition: ike.h:822
configType
uint8_t configType
Definition: ike.h:1637
IKE_LAST_SUBSTRUC_LAST
@ IKE_LAST_SUBSTRUC_LAST
Last proposal/transform substructure.
Definition: ike.h:874
_IkeChildSaEntry::keyMaterial
uint8_t keyMaterial[IKE_MAX_CHILD_SA_KEY_MAT_LEN]
Keying material.
Definition: ike.h:1874
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
Definition: ike.h:1181
_IkeSaEntry::icvLen
size_t icvLen
Length of the ICV tag, in bytes.
Definition: ike.h:1814
IkePayloadHeader
IkePayloadHeader
Definition: ike.h:1408
_IkeSaEntry::notifyMsgType
IkeNotifyMsgType notifyMsgType
Definition: ike.h:1781
IKE_PAYLOAD_TYPE_CERTREQ
@ IKE_PAYLOAD_TYPE_CERTREQ
Certificate Request.
Definition: ike.h:851
ikeRekeyChildSa
error_t ikeRekeyChildSa(IkeChildSaEntry *childSa)
value
uint8_t value[]
Definition: ike.h:1463
_IkeSaEntry::context
IkeContext * context
IKE context.
Definition: ike.h:1748
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
Definition: ike.h:936
_IkeSaEntry::peerIdType
IkeIdType peerIdType
Peer ID type.
Definition: ike.h:1777
_IkeSaEntry::prfKeyLen
size_t prfKeyLen
Preferred size of the PRF key, in bytes.
Definition: ike.h:1811
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
Definition: ike.h:944
protocolId
uint8_t protocolId
Definition: ike.h:1432
_IkeSaEntry::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1757
IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
@ IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
Definition: ike.h:1195
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
GOST3410_2012_256.
Definition: ike.h:1020
_IkeSaEntry::timestamp
systime_t timestamp
Definition: ike.h:1762
_IkeContext::sa
IkeSaEntry * sa
IKE SA entries.
Definition: ike.h:1970
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
Definition: ike.h:983
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
@ IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
Definition: ike.h:1194
ikeRekeySa
error_t ikeRekeySa(IkeSaEntry *sa)
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
Definition: ike.h:1182
_IkeChildSaEntry::rekeyRequest
bool_t rekeyRequest
Child SA rekey request.
Definition: ike.h:1894
IkeIdType
IkeIdType
ID types.
Definition: ike.h:1065
IKE_NOTIFY_MSG_TYPE_TICKET_NACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_NACK
Definition: ike.h:1178
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
Definition: ike.h:940
_IkeSaEntry::initiatorSaInit
uint8_t * initiatorSaInit
Pointer to the IKE_SA_INIT request.
Definition: ike.h:1824
IKE_IP_PROTOCOL_ID_UDP
@ IKE_IP_PROTOCOL_ID_UDP
Definition: ike.h:1233
_IkeSaEntry::iv
uint8_t iv[8]
Initialization vector.
Definition: ike.h:1815
IKE_TRANSFORM_ID_ENCR_DES_IV64
@ IKE_TRANSFORM_ID_ENCR_DES_IV64
Definition: ike.h:913
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
Definition: ike.h:939
IkePayloadType
IkePayloadType
Payload types.
Definition: ike.h:844
IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
@ IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
Hash and URL of X.509 bundle.
Definition: ike.h:1096
ikeCreateSa
error_t ikeCreateSa(IkeContext *context, const IpsecPacketInfo *packet)
_IkeSaEntry::prfHashAlgo
const HashAlgo * prfHashAlgo
Hash algorithm for HMAC-based PRF calculations.
Definition: ike.h:1807
_IkeContext::remotePort
uint16_t remotePort
Source port of the received IKE message.
Definition: ike.h:1969
_IkeSaEntry::skd
const uint8_t * skd
Key used for deriving new keys for Child SAs.
Definition: ike.h:1794
IKE_CERT_TYPE_ECDSA_P384
@ IKE_CERT_TYPE_ECDSA_P384
Definition: ike.h:1351
ikeTask
void ikeTask(IkeContext *context)
IKE task.
Definition: ike.c:714
messageId
uint32_t messageId
Definition: ike.h:1388
dhGroupNum
uint16_t dhGroupNum
Definition: ike.h:1474
_IkeSaEntry::timeout
systime_t timeout
Definition: ike.h:1763
IKE_AUTH_METHOD_NULL
@ IKE_AUTH_METHOD_NULL
NULL Authentication.
Definition: ike.h:1115
IkeTransform
IkeTransform
Definition: ike.h:1452
IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
curve25519
Definition: ike.h:1018
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN
Definition: ike.h:1274
_IkeChildSaEntry::skei
const uint8_t * skei
Encryption key (initiator)
Definition: ike.h:1877
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
224-bit Brainpool ECP Group
Definition: ike.h:1014
_IkeSaEntry::response
uint8_t response[IKE_MAX_MSG_SIZE]
Response message.
Definition: ike.h:1831
_IkeChildSaEntry::initiatorNonce
uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]
Initiator nonce.
Definition: ike.h:1864
_IkeContext::password
char_t password[IKE_MAX_PASSWORD_LEN+1]
Password used to decrypt the private key.
Definition: ike.h:1964
proposals
uint8_t proposals[]
Definition: ike.h:1418
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
@ IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
Definition: ike.h:1197
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
Definition: ike.h:937
_IkeContext::certType
IkeCertType certType
Certificate type.
Definition: ike.h:1959
IKE_ATTR_FORMAT_TV
@ IKE_ATTR_FORMAT_TV
shortened Type/Value format
Definition: ike.h:1046
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
@ IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
Definition: ike.h:978
_IkeSaEntry::cipherMode
CipherMode cipherMode
Cipher mode of operation.
Definition: ike.h:1802
_IkeChildSaEntry::responderNonce
uint8_t responderNonce[IKE_MAX_NONCE_SIZE]
Responder nonce.
Definition: ike.h:1866
_IkeSaEntry::ecdhContext
EcdhContext ecdhContext
ECDH context.
Definition: ike.h:1821
IKE_SA_STATE_CLOSED
@ IKE_SA_STATE_CLOSED
Definition: ike.h:1285
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
Definition: ike.h:960
_IkeSaEntry::initialContact
bool_t initialContact
INITIAL_CONTACT notification received.
Definition: ike.h:1841
IKE_CHILD_SA_STATE_REKEY
@ IKE_CHILD_SA_STATE_REKEY
Definition: ike.h:1319
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
@ IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
Definition: ike.h:1208
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
Definition: ike.h:1154
IkeAuthMethod
IkeAuthMethod
Authentication methods.
Definition: ike.h:1107
IKE_SA_STATE_REKEY_REQ
@ IKE_SA_STATE_REKEY_REQ
Definition: ike.h:1294
IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1
Definition: ike.h:1353
ikeCreateChildSa
error_t ikeCreateChildSa(IkeContext *context, const IpsecPacketInfo *packet)
Create a new Child SA.
Definition: ike.c:577
identifier
uint8_t identifier
Definition: ike.h:1673
IKE_CONFIG_TYPE_ACK
@ IKE_CONFIG_TYPE_ACK
Definition: ike.h:1247
IKE_TRANSFORM_TYPE_ESN
@ IKE_TRANSFORM_TYPE_ESN
Extended Sequence Numbers.
Definition: ike.h:902
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
@ IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
Definition: ike.h:1140
_IkeSaEntry::saltLen
size_t saltLen
Length of the salt, in bytes.
Definition: ike.h:1812
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA
Definition: ike.h:1275
IkeSettings::certVerifyCallback
IkeCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: ike.h:1928
IKE_MAX_SHARED_SECRET_LEN
#define IKE_MAX_SHARED_SECRET_LEN
Definition: ike.h:774
_IkeContext::certVerifyCallback
IkeCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: ike.h:1992
IKE_TRANSFORM_ID_DH_GROUP_ECP_224
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_224
224-bit Random ECP Group
Definition: ike.h:1013
IKE_NOTIFY_MSG_TYPE_LINK_ID
@ IKE_NOTIFY_MSG_TYPE_LINK_ID
Definition: ike.h:1180
_IkeSaEntry::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1760
_IkeChildSaEntry::protocol
IpsecProtocol protocol
Security protocol (AH or ESP)
Definition: ike.h:1861
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
Definition: ike.h:1155
IKE_TRANSFORM_ID_ENCR_AES_CBC
@ IKE_TRANSFORM_ID_ENCR_AES_CBC
Definition: ike.h:923
IKE_PAYLOAD_TYPE_EAP
@ IKE_PAYLOAD_TYPE_EAP
Extensible Authentication.
Definition: ike.h:861
IKE_ID_TYPE_DER_ASN1_GN
@ IKE_ID_TYPE_DER_ASN1_GN
Definition: ike.h:1072
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
@ IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
Key Length (in bits)
Definition: ike.h:1056
IkeTsParams
Traffic selector parameters.
Definition: ike.h:1732
spi
uint8_t spi[]
Definition: ike.h:1435
majorVersion
uint8_t majorVersion
Definition: ike.h:1384
_IkeContext::privateKey
const char_t * privateKey
Entity's private key (PEM format)
Definition: ike.h:1962
_IkeSaEntry::skar
const uint8_t * skar
Integrity protection key (responder)
Definition: ike.h:1796
IkeContext
#define IkeContext
Definition: ike.h:796
IkeAuthPayload
IkeAuthPayload
Definition: ike.h:1527
IkeSettings::numSaEntries
uint_t numSaEntries
Number of IKE SA entries.
Definition: ike.h:1914
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
Definition: ike.h:1139
_IkeChildSaEntry::icvLen
size_t icvLen
Length of the ICV tag, in bytes.
Definition: ike.h:1888
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP
Definition: ike.h:1265
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
Definition: ike.h:1189
IKE_EXCHANGE_TYPE_IKE_AUTH
@ IKE_EXCHANGE_TYPE_IKE_AUTH
IKE_AUTH.
Definition: ike.h:819
IKE_SA_STATE_DELETE_CHILD_RESP
@ IKE_SA_STATE_DELETE_CHILD_RESP
Definition: ike.h:1303
_IkeContext::taskParams
OsTaskParameters taskParams
Task parameters.
Definition: ike.h:1942
IKE_ID_TYPE_IPV6_ADDR
@ IKE_ID_TYPE_IPV6_ADDR
Definition: ike.h:1070
_IkeSaEntry::requestLen
size_t requestLen
Length of the request message, in bytes.
Definition: ike.h:1830
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
Definition: ike.h:1184
_IkeContext::psk
uint8_t psk[IKE_MAX_PSK_LEN]
Pre-shared key.
Definition: ike.h:1957
DhContext
Diffie-Hellman context.
Definition: dh.h:60
_IkeSaEntry::authAlgoId
uint16_t authAlgoId
Integrity algorithm.
Definition: ike.h:1788
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
@ IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
Definition: ike.h:1141
_IkeContext
IKE context.
Definition: ike.h:1938
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
@ IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
Definition: ike.h:1171
IKE_ATTR_FORMAT_TLV
@ IKE_ATTR_FORMAT_TLV
Type/Length/Value format.
Definition: ike.h:1045
notifyMsgType
uint16_t notifyMsgType
Definition: ike.h:1561
_IkeContext::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1949
IkeHashAlgo
IkeHashAlgo
Hash algorithms.
Definition: ike.h:1329
_IkeContext::childSaLifetime
systime_t childSaLifetime
Lifetime of Child SAs.
Definition: ike.h:1948
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET
Definition: ike.h:1266
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
Definition: ike.h:1205
_IkeSaEntry::prfAlgoId
uint16_t prfAlgoId
Pseudorandom function.
Definition: ike.h:1787
IKE_SA_STATE_RESERVED
@ IKE_SA_STATE_RESERVED
Definition: ike.h:1286
X509CertInfo
X.509 certificate.
Definition: x509_common.h:1119
_IkeSaEntry::state
IkeSaState state
IKE SA state.
Definition: ike.h:1747
IkeSettings::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1921
IKE_FLAGS_I
@ IKE_FLAGS_I
Initiator flag.
Definition: ike.h:835
IKE_SA_STATE_OPEN
@ IKE_SA_STATE_OPEN
Definition: ike.h:1291
error_t
error_t
Error codes.
Definition: error.h:43
IKE_CERT_TYPE_INVALID
@ IKE_CERT_TYPE_INVALID
Definition: ike.h:1346
_IkeSaEntry::notifyProtocolId
uint8_t notifyProtocolId
Definition: ike.h:1783
_IkeContext::event
OsEvent event
Event object used to poll the underlying socket.
Definition: ike.h:1941
_IkeContext::childSa
IkeChildSaEntry * childSa
Child SA entries.
Definition: ike.h:1972
IKE_PAYLOAD_TYPE_SK
@ IKE_PAYLOAD_TYPE_SK
Encrypted and Authenticated.
Definition: ike.h:859
IKE_TRANSFORM_ID_DH_GROUP_MODP_768
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_768
768-bit MODP Group
Definition: ike.h:998
IkeIdPayload
IkeIdPayload
Definition: ike.h:1490
algoId
uint8_t algoId[]
Definition: ike.h:1537
IKE_SA_STATE_AUTH_FAILURE_RESP
@ IKE_SA_STATE_AUTH_FAILURE_RESP
Definition: ike.h:1305
IKE_TRANSFORM_ID_PRF_RESERVED
@ IKE_TRANSFORM_ID_PRF_RESERVED
Definition: ike.h:954
_IkeChildSaEntry::lifetimeStart
systime_t lifetimeStart
Definition: ike.h:1863
IKE_PAYLOAD_TYPE_AUTH
@ IKE_PAYLOAD_TYPE_AUTH
Authentication.
Definition: ike.h:852
IKE_TRANSFORM_ID_ENCR_NULL
@ IKE_TRANSFORM_ID_ENCR_NULL
Definition: ike.h:922
_IkeSaEntry::originalInitiator
bool_t originalInitiator
Original initiator of the IKE SA.
Definition: ike.h:1754
IKE_PAYLOAD_TYPE_CERT
@ IKE_PAYLOAD_TYPE_CERT
Certificate.
Definition: ike.h:850
_IkeSaEntry::deleteRequest
bool_t deleteRequest
IKE SA delete request.
Definition: ike.h:1837
spiSize
uint8_t spiSize
Definition: ike.h:1433
IKE_SA_STATE_REKEY_CHILD_REQ
@ IKE_SA_STATE_REKEY_CHILD_REQ
Definition: ike.h:1300
IkeTsPayload
IkeTsPayload
Definition: ike.h:1601
_IkeChildSaEntry::ivLen
size_t ivLen
Length of the initialization vector, in bytes.
Definition: ike.h:1887
IKE_AUTH_METHOD_DIGITAL_SIGN
@ IKE_AUTH_METHOD_DIGITAL_SIGN
Digital Signature.
Definition: ike.h:1116
_IkeSaEntry::reauthPending
bool_t reauthPending
Reauthentication process is on-going.
Definition: ike.h:1836
_IkeContext::idLen
size_t idLen
Length of the ID, in bytes.
Definition: ike.h:1956
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP
Definition: ike.h:1261
_IkeContext::certChainLen
size_t certChainLen
Length of the certificate chain.
Definition: ike.h:1961
IkeTsParams::ipProtocolId
uint8_t ipProtocolId
Definition: ike.h:1735
IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
@ IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
IKE_INTERMEDIATE.
Definition: ike.h:823
IkeLastSubstruc
IkeLastSubstruc
Last Substruc values.
Definition: ike.h:873
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
Definition: ike.h:1168
_IkeChildSaEntry::authCipherAlgo
const CipherAlgo * authCipherAlgo
Cipher algorithm for CMAC-based integrity calculations.
Definition: ike.h:1883
_IkeSaEntry::lifetimeStart
systime_t lifetimeStart
Definition: ike.h:1755
_IkeChildSaEntry::encAlgoId
uint16_t encAlgoId
Encryption algorithm.
Definition: ike.h:1870
_IkeContext::prngAlgo
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ike.h:1945
_IkeSaEntry::sker
const uint8_t * sker
Encryption key (responder)
Definition: ike.h:1798
proposalNum
uint8_t proposalNum
Definition: ike.h:1431
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
Definition: ike.h:943
IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:790
IKE_HASH_ALGO_SHA512
@ IKE_HASH_ALGO_SHA512
Definition: ike.h:1333
_IkeContext::hmacContext
HmacContext hmacContext
HMAC context.
Definition: ike.h:1981
IkeChildSaState
IkeChildSaState
Child Security Association state.
Definition: ike.h:1314
IkeSettings::interface
NetInterface * interface
Underlying network interface.
Definition: ike.h:1910
IKE_SA_STATE_INIT_REQ
@ IKE_SA_STATE_INIT_REQ
Definition: ike.h:1287
IkeSettings::prngAlgo
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ike.h:1911
IKE_SA_STATE_AUTH_REQ
@ IKE_SA_STATE_AUTH_REQ
Definition: ike.h:1289
IKE_PROTOCOL_ID_ESP
@ IKE_PROTOCOL_ID_ESP
ESP protocol.
Definition: ike.h:888
ikeStart
error_t ikeStart(IkeContext *context)
Start IKE service.
Definition: ike.c:207
IKE_MAX_NONCE_SIZE
#define IKE_MAX_NONCE_SIZE
Definition: ike.h:201
_IkeSaEntry::ivLen
size_t ivLen
Length of the initialization vector, in bytes.
Definition: ike.h:1813
NetInterface
#define NetInterface
Definition: net.h:36
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
@ IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
Definition: ike.h:1203
_IkeSaEntry::remoteIpAddr
IpAddr remoteIpAddr
IP address of the peer.
Definition: ike.h:1752
IKE_TRANSFORM_ID_PRF_HMAC_MD5
@ IKE_TRANSFORM_ID_PRF_HMAC_MD5
Definition: ike.h:955
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
Definition: ike.h:1202
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
@ IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
Definition: ike.h:1185
IKE_MAX_PASSWORD_LEN
#define IKE_MAX_PASSWORD_LEN
Definition: ike.h:222
ikeStop
error_t ikeStop(IkeContext *context)
Stop IKE service.
Definition: ike.c:290
_IkeChildSaEntry::localSpi
uint8_t localSpi[4]
Definition: ike.h:1868
IKE_CERT_ENCODING_PGP_CERT
@ IKE_CERT_ENCODING_PGP_CERT
PGP certificate.
Definition: ike.h:1086
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS
Definition: ike.h:1264
_IkeSaEntry::skai
const uint8_t * skai
Integrity protection key (initiator)
Definition: ike.h:1795
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
512-bit Brainpool ECP Group
Definition: ike.h:1017
IKE_MAX_ID_LEN
#define IKE_MAX_ID_LEN
Definition: ike.h:208
IKE_IP_PROTOCOL_ID_ICMPV6
@ IKE_IP_PROTOCOL_ID_ICMPV6
Definition: ike.h:1234
IkeExchangeType
IkeExchangeType
Exchange types.
Definition: ike.h:817
_IkeSaEntry::txMessageId
uint32_t txMessageId
Definition: ike.h:1765
_IkeChildSaEntry::iv
uint8_t iv[8]
Initialization vector.
Definition: ike.h:1889
startPort
uint16_t startPort
Definition: ike.h:1613
exchangeType
uint8_t exchangeType
Definition: ike.h:1386
ipProtocolId
uint8_t ipProtocolId
Definition: ike.h:1611
IKE_TRANSFORM_ID_PRF_HMAC_SHA1
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA1
Definition: ike.h:956
IKE_NOTIFY_MSG_TYPE_R_U_THERE
@ IKE_NOTIFY_MSG_TYPE_R_U_THERE
Definition: ike.h:1209
IKE_CERT_ENCODING_X509_CERT_ATTR
@ IKE_CERT_ENCODING_X509_CERT_ATTR
X.509 certificate - attribute.
Definition: ike.h:1093
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
Definition: ike.h:1162
IKE_MAX_PSK_LEN
#define IKE_MAX_PSK_LEN
Definition: ike.h:215
endPort
uint16_t endPort
Definition: ike.h:1614
IKE_TRANSFORM_ID_ENCR_AES_GCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_12
Definition: ike.h:929
IKE_CHILD_SA_STATE_INIT
@ IKE_CHILD_SA_STATE_INIT
Definition: ike.h:1317
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS
Definition: ike.h:1273
IkeSettings::cookieGenerateCallback
IkeCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: ike.h:1924
IkeTransformAttr
IkeTransformAttr
Definition: ike.h:1464
IKE_CERT_ENCODING_OCSP_CONTENT
@ IKE_CERT_ENCODING_OCSP_CONTENT
OCSP Content.
Definition: ike.h:1097
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
Definition: ike.h:938
IKE_PAYLOAD_TYPE_V
@ IKE_PAYLOAD_TYPE_V
Vendor ID.
Definition: ike.h:856
certAuthority
uint8_t certAuthority[]
Definition: ike.h:1513
authMethod
uint8_t authMethod
Definition: ike.h:1524
iv
uint8_t iv[]
Definition: ike.h:1626
idType
uint8_t idType
Definition: ike.h:1487
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
Definition: ike.h:942
transformType
uint8_t transformType
Definition: ike.h:1448
IKE_PAYLOAD_TYPE_IDI
@ IKE_PAYLOAD_TYPE_IDI
Identification - Initiator.
Definition: ike.h:848
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
@ IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
Definition: ike.h:1174
IkeCertVerifyCallback
error_t(* IkeCertVerifyCallback)(IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen)
Certificate verification callback function.
Definition: ike.h:1705
_IkeContext::xcbcMacContext
XcbcMacContext xcbcMacContext
XCBC-MAC context.
Definition: ike.h:1984
OsTaskParameters
Task parameters.
Definition: os_port_chibios.h:116
IkeSettings::prngContext
void * prngContext
Pseudo-random number generator context.
Definition: ike.h:1912
_IkeChildSaEntry::initiator
bool_t initiator
Initiator of the CREATE_CHILD_SA exchange.
Definition: ike.h:1862
IKE_TRANSFORM_ID_ENCR_BLOWFISH
@ IKE_TRANSFORM_ID_ENCR_BLOWFISH
Definition: ike.h:919
IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
1536-bit MODP Group
Definition: ike.h:1000
ikeSetPreferredDhGroup
error_t ikeSetPreferredDhGroup(IkeContext *context, uint16_t dhGroupNum)
Specify the preferred Diffie-Hellman group.
Definition: ike.c:332
IKE_CERT_TYPE_SM2
@ IKE_CERT_TYPE_SM2
Definition: ike.h:1356
IKE_TRANSFORM_TYPE_ENCR
@ IKE_TRANSFORM_TYPE_ENCR
Encryption Algorithm.
Definition: ike.h:898
IKE_TRANSFORM_ID_ENCR_DES_IV32
@ IKE_TRANSFORM_ID_ENCR_DES_IV32
Definition: ike.h:921
IKE_TRANSFORM_ID_PRF_AES128_XCBC
@ IKE_TRANSFORM_ID_PRF_AES128_XCBC
Definition: ike.h:958
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
Definition: ike.h:979
transformAttr
uint8_t transformAttr[]
Definition: ike.h:1451
numSpi
uint16_t numSpi
Definition: ike.h:1575
IKE_CERT_ENCODING_HASH_URL_X509_CERT
@ IKE_CERT_ENCODING_HASH_URL_X509_CERT
Hash and URL of X.509 certificate.
Definition: ike.h:1095
_IkeSaEntry::lifetime
systime_t lifetime
Lifetime of the IKE SA.
Definition: ike.h:1756
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
ML-KEM-768.
Definition: ike.h:1023
IkeHeader
IkeHeader
Definition: ike.h:1390
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
2048-bit MODP Group with 224-bit Prime Order Subgroup
Definition: ike.h:1010
IkeIpProtocolId
IkeIpProtocolId
IP protocol IDs.
Definition: ike.h:1230
IKE_NOTIFY_MSG_TYPE_USE_PPK
@ IKE_NOTIFY_MSG_TYPE_USE_PPK
Definition: ike.h:1201
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
Definition: ike.h:1206
IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
@ IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
CREATE_CHILD_SA.
Definition: ike.h:820
_IkeSaEntry::responderSaInit
uint8_t * responderSaInit
Pointer to the IKE_SA_INIT response.
Definition: ike.h:1826
transformLength
uint16_t transformLength
Definition: ike.h:1447
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
Definition: ike.h:1179
_IkeChildSaEntry::sa
IkeSaEntry * sa
IKE SA entry.
Definition: ike.h:1857
ikeDeleteSa
error_t ikeDeleteSa(IkeSaEntry *sa)
Delete an IKE SA.
Definition: ike.c:542
CipherMode
CipherMode
Cipher operation modes.
Definition: crypto.h:997
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
@ IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
Definition: ike.h:1143
IKE_AUTH_METHOD_SHARED_KEY
@ IKE_AUTH_METHOD_SHARED_KEY
Shared Key Message Integrity Code.
Definition: ike.h:1109
IkeTransformType
IkeTransformType
Transform types.
Definition: ike.h:897
IKE_CERT_TYPE_DSA
@ IKE_CERT_TYPE_DSA
Definition: ike.h:1349
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
Definition: ike.h:1158
IKE_TRANSFORM_ID_DH_GROUP_ECP_384
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_384
384-bit Random ECP Group
Definition: ike.h:1007
IkeCertEncoding
IkeCertEncoding
Certificate encodings.
Definition: ike.h:1084
IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES
@ IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES
Definition: ike.h:1267
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
Definition: ike.h:959
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
Definition: ike.h:1160
IKE_CHILD_SA_STATE_CLOSED
@ IKE_CHILD_SA_STATE_CLOSED
Definition: ike.h:1315
IkeCookieGenerateCallback
error_t(* IkeCookieGenerateCallback)(IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, uint8_t *cookie, size_t *cookieLen)
Cookie generation callback function.
Definition: ike.h:1713
IkeEncryptedPayload
IkeEncryptedPayload
Definition: ike.h:1627
IKE_CERT_ENCODING_CRL
@ IKE_CERT_ENCODING_CRL
Certificate revocation list.
Definition: ike.h:1090
CmacContext
CMAC algorithm context.
Definition: cmac.h:54
eapMessage
uint8_t eapMessage[]
Definition: ike.h:1662
IpsecProtocol
IpsecProtocol
Security protocols.
Definition: ipsec.h:190
configAttributes
uint8_t configAttributes[]
Definition: ike.h:1639
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
Definition: ike.h:1149
IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION
@ IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION
Definition: ike.h:1262
IKE_CERT_TYPE_RSA
@ IKE_CERT_TYPE_RSA
Definition: ike.h:1347
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
@ IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
Definition: ike.h:1161
IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1
Definition: ike.h:1355
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
GOST3410_2012_512.
Definition: ike.h:1021
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
Definition: ike.h:985
_IkeSaEntry::authKeyLen
size_t authKeyLen
Size of the integrity protection key, in bytes.
Definition: ike.h:1810
IkeDeletePayload
IkeDeletePayload
Definition: ike.h:1577
IKE_MAX_COOKIE_SIZE
#define IKE_MAX_COOKIE_SIZE
Definition: ike.h:180
_IkeContext::preferredDhGroupNum
uint16_t preferredDhGroupNum
Preferred Diffie-Hellman group number.
Definition: ike.h:1953
_IkeSaEntry::encAlgoId
uint16_t encAlgoId
Encryption algorithm.
Definition: ike.h:1786
IKE_TRANSFORM_ID_ENCR_DES
@ IKE_TRANSFORM_ID_ENCR_DES
Definition: ike.h:914
_IkeContext::privateKeyLen
size_t privateKeyLen
Length of the private key.
Definition: ike.h:1963
_IkeChildSaEntry::deleteReceived
bool_t deleteReceived
Definition: ike.h:1896
IKE_CERT_TYPE_ED25519
@ IKE_CERT_TYPE_ED25519
Definition: ike.h:1357
IKE_CERT_TYPE_ED448
@ IKE_CERT_TYPE_ED448
Definition: ike.h:1358
_IkeChildSaEntry::deleteRequest
bool_t deleteRequest
Child SA delete request.
Definition: ike.h:1895
_IkeSaEntry::unsupportedCriticalPayload
uint8_t unsupportedCriticalPayload
Definition: ike.h:1782
numTs
uint8_t numTs
Definition: ike.h:1598
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
Definition: ike.h:1148
systime_t
uint32_t systime_t
System time.
Definition: os_port_chibios.h:101
IKE_TRANSFORM_ID_AUTH_KPDK_MD5
@ IKE_TRANSFORM_ID_AUTH_KPDK_MD5
Definition: ike.h:977
IkeTsParams::startPort
uint16_t startPort
Definition: ike.h:1736
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
Definition: ike.h:984
_IkeChildSaEntry::skai
const uint8_t * skai
Integrity protection key (initiator)
Definition: ike.h:1875
IkeTs
IkeTs
Definition: ike.h:1616
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
@ IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
Definition: ike.h:931
_IkeContext::message
uint8_t message[IKE_MAX_MSG_SIZE]
Incoming IKE message.
Definition: ike.h:1974
IKE_CONFIG_TYPE_SET
@ IKE_CONFIG_TYPE_SET
Definition: ike.h:1246
IkeProposal
IkeProposal
Definition: ike.h:1436
IKE_SA_STATE_CREATE_CHILD_REQ
@ IKE_SA_STATE_CREATE_CHILD_REQ
Definition: ike.h:1298
IKE_HASH_ALGO_STREEBOG_512
@ IKE_HASH_ALGO_STREEBOG_512
Definition: ike.h:1336
char_t
char char_t
Definition: compiler_port.h:55
IKE_CERT_ENCODING_PKCS7_X509_CERT
@ IKE_CERT_ENCODING_PKCS7_X509_CERT
PKCS #7 wrapped X.509 certificate.
Definition: ike.h:1085
IKE_PAYLOAD_TYPE_PS
@ IKE_PAYLOAD_TYPE_PS
Puzzle Solution.
Definition: ike.h:864
IKE_EXCHANGE_TYPE_IKE_SA_INIT
@ IKE_EXCHANGE_TYPE_IKE_SA_INIT
IKE_SA_INIT.
Definition: ike.h:818
IKE_PAYLOAD_TYPE_NONCE
@ IKE_PAYLOAD_TYPE_NONCE
Nonce.
Definition: ike.h:853
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
Definition: ike.h:1134
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET
Definition: ike.h:1268
_IkeSaEntry::initiatorSpi
uint8_t initiatorSpi[IKE_SPI_SIZE]
Initiator SPI.
Definition: ike.h:1769
_IkeContext::messageLen
size_t messageLen
Length of the incoming IKE message, in bytes.
Definition: ike.h:1975
IkeSettings
IKE settings.
Definition: ike.h:1908
IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
@ IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
Definition: ike.h:963
IkeSaEntry
#define IkeSaEntry
Definition: ike.h:800
minorVersion
uint8_t minorVersion
Definition: ike.h:1383
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
1024-bit MODP Group with 160-bit Prime Order Subgroup
Definition: ike.h:1009
_IkeSaEntry::rekeyRequest
bool_t rekeyRequest
IKE SA rekey request.
Definition: ike.h:1834
IKE_TRANSFORM_ID_ENCR_3DES
@ IKE_TRANSFORM_ID_ENCR_3DES
Definition: ike.h:915
_IkeChildSaEntry::outboundSa
int_t outboundSa
Outbound SAD entry.
Definition: ike.h:1899
IKE_TRANSFORM_ID_ENCR_AES_GCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16
Definition: ike.h:930
_IkeSaEntry::oldSa
IkeSaEntry * oldSa
Old IKE SA.
Definition: ike.h:1749
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
Definition: ike.h:1204
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
Definition: ike.h:1137
ikeDeinit
void ikeDeinit(IkeContext *context)
Release IKE context.
Definition: ike.c:777
_IkeChildSaEntry::oldChildSa
IkeChildSaEntry * oldChildSa
Old Child SA.
Definition: ike.h:1858
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
Definition: ike.h:1127
_IkeChildSaEntry::cipherMode
CipherMode cipherMode
Cipher mode of operation.
Definition: ike.h:1880
IkeConfigAttr
IkeConfigAttr
Definition: ike.h:1652
ipsec.h
IPsec (IP security)
IkeSettings::childSaLifetime
systime_t childSaLifetime
Lifetime of Child SAs.
Definition: ike.h:1918
IKE_TRANSFORM_ID_PRF_HMAC_TIGER
@ IKE_TRANSFORM_ID_PRF_HMAC_TIGER
Definition: ike.h:957
responderSpi
uint8_t responderSpi[IKE_SPI_SIZE]
Definition: ike.h:1377
IKE_NOTIFY_MSG_TYPE_NONE
@ IKE_NOTIFY_MSG_TYPE_NONE
Definition: ike.h:1126
_IkeSaEntry::peerId
uint8_t peerId[IKE_MAX_ID_LEN]
Peer ID.
Definition: ike.h:1778
IKE_PAYLOAD_TYPE_SKF
@ IKE_PAYLOAD_TYPE_SKF
Encrypted and Authenticated Fragment.
Definition: ike.h:863
IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
3072-bit MODP Group
Definition: ike.h:1002
_IkeContext::cmacContext
CmacContext cmacContext
CMAC context.
Definition: ike.h:1978
trafficSelectors
uint8_t trafficSelectors[]
Definition: ike.h:1600
IKE_SA_STATE_REKEY_CHILD_RESP
@ IKE_SA_STATE_REKEY_CHILD_RESP
Definition: ike.h:1301
IkeCertPayload
IkeCertPayload
Definition: ike.h:1502
ikeInit
error_t ikeInit(IkeContext *context, const IkeSettings *settings)
IKE service initialization.
Definition: ike.c:109
IkeEapMessage
IkeEapMessage
Definition: ike.h:1677
_IkeSaEntry::request
uint8_t request[IKE_MAX_MSG_SIZE]
Request message.
Definition: ike.h:1829
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
ML-KEM-1024.
Definition: ike.h:1024
_IkeSaEntry::initiatorSaInitLen
size_t initiatorSaInitLen
Length of the IKE_SA_INIT request, in bytes.
Definition: ike.h:1825
ikeSetId
error_t ikeSetId(IkeContext *context, IkeIdType idType, const void *id, size_t idLen)
Set entity's ID.
Definition: ike.c:359
IkeSettings::childSaEntries
IkeChildSaEntry * childSaEntries
Child SA entries.
Definition: ike.h:1915
_IkeSaEntry::notifySpi
uint8_t notifySpi[4]
Definition: ike.h:1784
IpsecPacketInfo
IP packet information.
Definition: ipsec.h:316
data
uint8_t data[]
Definition: ike.h:1676
IKE_TRANSFORM_ID_ENCR_AES_CCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_12
Definition: ike.h:926
IkeSettings::task
OsTaskParameters task
Task parameters.
Definition: ike.h:1909
_IkeSaEntry::skei
const uint8_t * skei
Encryption key (initiator)
Definition: ike.h:1797
IKE_TRANSFORM_TYPE_PRF
@ IKE_TRANSFORM_TYPE_PRF
Pseudorandom Function.
Definition: ike.h:899
IKE_TRANSFORM_ID_ESN_YES
@ IKE_TRANSFORM_ID_ESN_YES
Extended Sequence Numbers.
Definition: ike.h:1035
_IkeChildSaEntry::authHashAlgo
const HashAlgo * authHashAlgo
Hash algorithm for HMAC-based integrity calculations.
Definition: ike.h:1882
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
Definition: ike.h:1175
_IkeContext::localIpAddr
IpAddr localIpAddr
Destination IP address of the received IKE message.
Definition: ike.h:1967
_IkeChildSaEntry::sker
const uint8_t * sker
Encryption key (responder)
Definition: ike.h:1878
IkeEncryptedFragPayload
IkeEncryptedFragPayload
Definition: ike.h:1690
_IkeSaEntry::skpr
const uint8_t * skpr
Key used for generating AUTH payload (responder)
Definition: ike.h:1800
_IkeSaEntry::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: ike.h:1803
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
@ IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
Definition: ike.h:1190
length
uint32_t length
Definition: ike.h:1389
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
Definition: ike.h:933
Socket
#define Socket
Definition: socket.h:36
IKE_CERT_ENCODING_ARL
@ IKE_CERT_ENCODING_ARL
Authority revocation list.
Definition: ike.h:1091
_IkeSaEntry::reauthRequest
bool_t reauthRequest
IKE SA reauthentication request.
Definition: ike.h:1835
IKE_SA_STATE_DPD_REQ
@ IKE_SA_STATE_DPD_REQ
Definition: ike.h:1292
_IkeContext::socket
Socket * socket
Underlying UDP socket.
Definition: ike.h:1966
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
@ IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
Definition: ike.h:1144
_IkeChildSaEntry::esn
uint16_t esn
Extended sequence numbers.
Definition: ike.h:1872
IkeTransformIdDhGroup
IkeTransformIdDhGroup
Transform IDs (Diffie-Hellman Group)
Definition: ike.h:996
ikeGetDefaultSettings
void ikeGetDefaultSettings(IkeSettings *settings)
Initialize settings with default values.
Definition: ike.c:56
IKE_ID_TYPE_RFC822_ADDR
@ IKE_ID_TYPE_RFC822_ADDR
Definition: ike.h:1069
IKE_SA_STATE_DELETE_RESP
@ IKE_SA_STATE_DELETE_RESP
Definition: ike.h:1297
IKE_MAX_CHILD_SA_KEY_MAT_LEN
#define IKE_MAX_CHILD_SA_KEY_MAT_LEN
Definition: ike.h:719
transformId
uint16_t transformId
Definition: ike.h:1450
IKE_PROTOCOL_ID_IKE
@ IKE_PROTOCOL_ID_IKE
IKE protocol.
Definition: ike.h:886
IKE_ID_TYPE_INVALID
@ IKE_ID_TYPE_INVALID
Definition: ike.h:1066
_IkeSaEntry::deleteReceived
bool_t deleteReceived
Definition: ike.h:1838
_IkeSaEntry::cookieLen
size_t cookieLen
Length of the cookie, in bytes.
Definition: ike.h:1768
IKE_AUTH_METHOD_DSS
@ IKE_AUTH_METHOD_DSS
DSS Digital Signature.
Definition: ike.h:1110
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
Definition: ike.h:1135
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
@ IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
Definition: ike.h:1145
IkeSettings::saLifetime
systime_t saLifetime
Lifetime of IKE SAs.
Definition: ike.h:1917
IKE_TRANSFORM_ID_ENCR_3IDEA
@ IKE_TRANSFORM_ID_ENCR_3IDEA
Definition: ike.h:920
IKE_SA_STATE_AUTH_RESP
@ IKE_SA_STATE_AUTH_RESP
Definition: ike.h:1290
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1104
_IkeChildSaEntry::authKeyLen
size_t authKeyLen
Length of the integrity protection key, in bytes.
Definition: ike.h:1885
IKE_EXCHANGE_TYPE_INFORMATIONAL
@ IKE_EXCHANGE_TYPE_INFORMATIONAL
INFORMATIONAL.
Definition: ike.h:821
IKE_PAYLOAD_TYPE_LAST
@ IKE_PAYLOAD_TYPE_LAST
No Next Payload.
Definition: ike.h:845
critical
uint8_t critical
Definition: ike.h:1405
_IkeSaEntry::cookie
uint8_t cookie[IKE_MAX_COOKIE_SIZE]
Cookie.
Definition: ike.h:1767
IkeNotifyMsgType
IkeNotifyMsgType
Notify message types.
Definition: ike.h:1125
IKE_LAST_SUBSTRUC_MORE_PROPOSALS
@ IKE_LAST_SUBSTRUC_MORE_PROPOSALS
More proposal substructures.
Definition: ike.h:875
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
@ IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
Definition: ike.h:1176
IKE_SA_STATE_INIT_RESP
@ IKE_SA_STATE_INIT_RESP
Definition: ike.h:1288
_IkeSaEntry::authCipherAlgo
const CipherAlgo * authCipherAlgo
Cipher algorithm for CMAC-based integrity calculations.
Definition: ike.h:1806
IkeSettings::cookieVerifyCallback
IkeCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: ike.h:1925
cookie
uint8_t cookie[]
Definition: dtls_misc.h:206
IKE_CERT_ENCODING_SPKI_CERT
@ IKE_CERT_ENCODING_SPKI_CERT
SPKI certificate.
Definition: ike.h:1092
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
@ IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
Definition: ike.h:1150
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
@ IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
Definition: ike.h:1138
IKE_PAYLOAD_TYPE_KE
@ IKE_PAYLOAD_TYPE_KE
Key Exchange.
Definition: ike.h:847
IkeProtocolId
IkeProtocolId
Protocol IDs.
Definition: ike.h:885
_IkeSaEntry::cipherContext
CipherContext cipherContext
Cipher context.
Definition: ike.h:1804
_IkeSaEntry::responderSaInitLen
size_t responderSaInitLen
Length of the IKE_SA_INIT response, in bytes.
Definition: ike.h:1827
_IkeChildSaEntry
Child Security Association entry.
Definition: ike.h:1854
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
Definition: ike.h:1186
IKE_SA_STATE_AUTH_FAILURE_REQ
@ IKE_SA_STATE_AUTH_FAILURE_REQ
Definition: ike.h:1304
IKE_NOTIFY_MSG_TYPE_REDIRECT
@ IKE_NOTIFY_MSG_TYPE_REDIRECT
Definition: ike.h:1173
_IkeSaEntry::rxMessageId
uint32_t rxMessageId
Definition: ike.h:1766
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
@ IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
Definition: ike.h:1169
nextPayload
uint8_t nextPayload
Definition: ike.h:1378
IKE_AUTH_METHOD_ECDSA_P256_SHA256
@ IKE_AUTH_METHOD_ECDSA_P256_SHA256
ECDSA with SHA-256 on the P-256 curve.
Definition: ike.h:1111
IKE_NOTIFY_MSG_TYPE_COOKIE
@ IKE_NOTIFY_MSG_TYPE_COOKIE
Definition: ike.h:1156
IKE_ID_TYPE_KEY_ID
@ IKE_ID_TYPE_KEY_ID
Definition: ike.h:1073
IkeSettings::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1919
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
Definition: ike.h:1187
IKE_FLAGS_R
@ IKE_FLAGS_R
Response flag.
Definition: ike.h:833
IKE_PAYLOAD_TYPE_TSI
@ IKE_PAYLOAD_TYPE_TSI
Traffic Selector - Initiator.
Definition: ike.h:857
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
Definition: ike.h:1157
IKE_SA_STATE_REKEY_RESP
@ IKE_SA_STATE_REKEY_RESP
Definition: ike.h:1295
_IkeSaEntry::sharedSecret
uint8_t sharedSecret[IKE_MAX_SHARED_SECRET_LEN]
Shared secret.
Definition: ike.h:1791
IKE_CERT_ENCODING_X509_CERT_SIGN
@ IKE_CERT_ENCODING_X509_CERT_SIGN
X.509 certificate - signature.
Definition: ike.h:1088
ipAddr
Ipv4Addr ipAddr
Definition: ipcp.h:105
IkeNoncePayload
IkeNoncePayload
Definition: ike.h:1549
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS
Definition: ike.h:1260
_IkeSaEntry::sharedSecretLen
size_t sharedSecretLen
Length of the shared secret, in bytes.
Definition: ike.h:1792
_IkeSaEntry::keyMaterial
uint8_t keyMaterial[IKE_MAX_SA_KEY_MAT_LEN]
Keying material.
Definition: ike.h:1793
reserved1
uint8_t reserved1
Definition: ike.h:1446
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX
Definition: ike.h:1271
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
Definition: ike.h:1136
IKE_TRANSFORM_ID_AUTH_DES_MAC
@ IKE_TRANSFORM_ID_AUTH_DES_MAC
Definition: ike.h:976
IKE_SA_STATE_CREATE_CHILD_RESP
@ IKE_SA_STATE_CREATE_CHILD_RESP
Definition: ike.h:1299
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
2048-bit MODP Group with 256-bit Prime Order Subgroup
Definition: ike.h:1011
IKE_SA_STATE_DPD_RESP
@ IKE_SA_STATE_DPD_RESP
Definition: ike.h:1293
IKE_TRANSFORM_ID_DH_GROUP_ECP_256
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_256
256-bit Random ECP Group
Definition: ike.h:1006
type
uint8_t type
Definition: ike.h:1675
certData
uint8_t certData[]
Definition: ike.h:1501
OsTaskId
thread_t * OsTaskId
Task identifier.
Definition: os_port_chibios.h:108
IKE_CERT_TYPE_ECDSA_P521
@ IKE_CERT_TYPE_ECDSA_P521
Definition: ike.h:1352
IKE_NOTIFY_MSG_TYPE_TICKET_ACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_ACK
Definition: ike.h:1177
_IkeSaEntry::skpi
const uint8_t * skpi
Key used for generating AUTH payload (initiator)
Definition: ike.h:1799
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
Definition: ike.h:1172
_IkeContext::prngContext
void * prngContext
Pseudo-random number generator context.
Definition: ike.h:1946
_IkeContext::running
bool_t running
Operational state of IKEv2.
Definition: ike.h:1939
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
Definition: ike.h:1170
IKE_PAYLOAD_TYPE_IDR
@ IKE_PAYLOAD_TYPE_IDR
Identification - Responder.
Definition: ike.h:849
_IkeContext::taskId
OsTaskId taskId
Task identifier.
Definition: ike.h:1943
_IkeContext::numSaEntries
uint_t numSaEntries
Number of IKE SA entries.
Definition: ike.h:1971
_IkeSaEntry::prfCipherAlgo
const CipherAlgo * prfCipherAlgo
Cipher algorithm for CMAC-based PRF calculations.
Definition: ike.h:1808
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
Definition: ike.h:1207
vid
uint8_t vid[]
Definition: ike.h:1587
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
Definition: ike.h:987
_IkeSaEntry::responderNonce
uint8_t responderNonce[IKE_MAX_NONCE_SIZE]
Definition: ike.h:1774
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
ML-KEM-512.
Definition: ike.h:1022
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
IKE_PAYLOAD_TYPE_D
@ IKE_PAYLOAD_TYPE_D
Delete.
Definition: ike.h:855
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
@ IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
Definition: ike.h:1183
IKE_NOTIFY_MSG_TYPE_COOKIE2
@ IKE_NOTIFY_MSG_TYPE_COOKIE2
Definition: ike.h:1167
authData
uint8_t authData[]
Definition: ike.h:1526
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS
Definition: ike.h:1263
IKE_PAYLOAD_TYPE_SA
@ IKE_PAYLOAD_TYPE_SA
Security Association.
Definition: ike.h:846
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
Definition: ike.h:1147
_IkeSaEntry
IKE Security Association entry.
Definition: ike.h:1746
IKE_TRANSFORM_ID_AUTH_NONE
@ IKE_TRANSFORM_ID_AUTH_NONE
Definition: ike.h:973
_IkeChildSaEntry::remoteIpAddr
IpAddr remoteIpAddr
IP address of the peer.
Definition: ike.h:1859
IkeEapPayload
IkeEapPayload
Definition: ike.h:1663
IkeSettings::saEntries
IkeSaEntry * saEntries
IKE SA entries.
Definition: ike.h:1913
_IkeSaEntry::responderSpi
uint8_t responderSpi[IKE_SPI_SIZE]
Responder SPI.
Definition: ike.h:1770
nonceData
uint8_t nonceData[]
Definition: ike.h:1548
IKE_FLAGS_V
@ IKE_FLAGS_V
Version flag.
Definition: ike.h:834
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
@ IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
Definition: ike.h:1191
IkeTransformIdPrf
IkeTransformIdPrf
Transform IDs (Pseudorandom Function)
Definition: ike.h:953
IkeAttrType
IkeAttrType
Configuration attribute types.
Definition: ike.h:1256
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
384-bit Brainpool ECP Group
Definition: ike.h:1016
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
@ IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
Definition: ike.h:1129
IKE_CERT_ENCODING_KERBEROS_TOKEN
@ IKE_CERT_ENCODING_KERBEROS_TOKEN
Kerberos token.
Definition: ike.h:1089
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
Definition: ike.h:1188
IkeFlags
IkeFlags
Flags.
Definition: ike.h:832
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
Definition: ike.h:1165
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
Definition: ike.h:1128
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
Definition: ike.h:1142
IkeTransformIdAuth
IkeTransformIdAuth
Transform IDs (Integrity Algorithm)
Definition: ike.h:972
IKE_TRANSFORM_ID_DH_GROUP_ECP_521
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_521
521-bit Random ECP Group
Definition: ike.h:1008
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
Definition: ike.h:1198
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS
Definition: ike.h:1259
IkeChildSaEntry
#define IkeChildSaEntry
Definition: ike.h:804
totalFrags
uint16_t totalFrags
Definition: ike.h:1688
IkeTsParams::endPort
uint16_t endPort
Definition: ike.h:1737
IKE_AUTH_METHOD_ECDSA_P384_SHA384
@ IKE_AUTH_METHOD_ECDSA_P384_SHA384
ECDSA with SHA-384 on the P-384 curve.
Definition: ike.h:1112
_IkeChildSaEntry::remoteSpi
uint8_t remoteSpi[4]
Definition: ike.h:1869
IkeTransformAttrType
IkeTransformAttrType
Transform attribute types.
Definition: ike.h:1055
IKE_TRANSFORM_ID_ENCR_RC5
@ IKE_TRANSFORM_ID_ENCR_RC5
Definition: ike.h:916
IKE_HASH_ALGO_SHA384
@ IKE_HASH_ALGO_SHA384
Definition: ike.h:1332
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
Definition: ike.h:1163
_IkeChildSaEntry::initiatorNonceLen
size_t initiatorNonceLen
Length of the initiator nonce.
Definition: ike.h:1865
IKE_HASH_ALGO_IDENTITY
@ IKE_HASH_ALGO_IDENTITY
Definition: ike.h:1334
IkeTransformIdEsn
IkeTransformIdEsn
Transform IDs (Extended Sequence Numbers)
Definition: ike.h:1033
IKE_PAYLOAD_TYPE_N
@ IKE_PAYLOAD_TYPE_N
Notify.
Definition: ike.h:854
IKE_CHILD_SA_STATE_RESERVED
@ IKE_CHILD_SA_STATE_RESERVED
Definition: ike.h:1316
_IkeContext::numChildSaEntries
uint_t numChildSaEntries
Number of Child SA entries.
Definition: ike.h:1973
_IkeSaEntry::dhGroupNum
uint16_t dhGroupNum
Diffie-Hellman group number.
Definition: ike.h:1789
_IkeContext::pskLen
size_t pskLen
Length of the pre-shared key, in bytes.
Definition: ike.h:1958
EcdhContext
ECDH context.
Definition: ecdh.h:60
nonce
uint8_t nonce[]
Definition: ntp_common.h:233
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
256-bit Brainpool ECP Group
Definition: ike.h:1015
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
Definition: ike.h:961
IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
6144-bit MODP Group
Definition: ike.h:1004
_IkeSaEntry::retransmitCount
uint_t retransmitCount
Definition: ike.h:1764
_IkeChildSaEntry::skar
const uint8_t * skar
Integrity protection key (responder)
Definition: ike.h:1876
IKE_TS_TYPE_IPV6_ADDR_RANGE
@ IKE_TS_TYPE_IPV6_ADDR_RANGE
Definition: ike.h:1221
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS
Definition: ike.h:1272
IkeConfigType
IkeConfigType
Configuration types.
Definition: ike.h:1243
IKE_NOTIFY_MSG_TYPE_R_U_THERE_ACK
@ IKE_NOTIFY_MSG_TYPE_R_U_THERE_ACK
Definition: ike.h:1210
IKE_ID_TYPE_FQDN
@ IKE_ID_TYPE_FQDN
Definition: ike.h:1068
selectorLength
uint16_t selectorLength
Definition: ike.h:1612
IkeTsType
IkeTsType
Traffic selector types.
Definition: ike.h:1219
IkeSaPayload
IkeSaPayload
Definition: ike.h:1419
IKE_SA_STATE_DELETE_CHILD_REQ
@ IKE_SA_STATE_DELETE_CHILD_REQ
Definition: ike.h:1302
IKE_CERT_ENCODING_RAW_PUBLIC_KEY
@ IKE_CERT_ENCODING_RAW_PUBLIC_KEY
Raw Public Key.
Definition: ike.h:1098
IKE_PAYLOAD_TYPE_GSPM
@ IKE_PAYLOAD_TYPE_GSPM
Generic Secure Password Method.
Definition: ike.h:862
IKE_PAYLOAD_TYPE_TSR
@ IKE_PAYLOAD_TYPE_TSR
Traffic Selector - Responder.
Definition: ike.h:858
ikeDeleteChildSa
error_t ikeDeleteChildSa(IkeChildSaEntry *childSa)
Delete a Child SA.
Definition: ike.c:681
_IkeChildSaEntry::state
IkeChildSaState state
Child SA state.
Definition: ike.h:1855
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
@ IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
Definition: ike.h:1130
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
Definition: ike.h:935
IKE_CHILD_SA_STATE_OPEN
@ IKE_CHILD_SA_STATE_OPEN
Definition: ike.h:1318
IKE_TRANSFORM_ID_ENCR_AES_CCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8
Definition: ike.h:925
IKE_CERT_TYPE_ECDSA_P256
@ IKE_CERT_TYPE_ECDSA_P256
Definition: ike.h:1350
IKE_TRANSFORM_TYPE_INTEG
@ IKE_TRANSFORM_TYPE_INTEG
Integrity Algorithm.
Definition: ike.h:900