IKEv2 algorithm negotiation. More...
#include "ike/ike.h"#include "ike/ike_algorithms.h"#include "ah/ah_algorithms.h"#include "esp/esp_algorithms.h"#include "cipher/cipher_algorithms.h"#include "cipher_modes/cipher_modes.h"#include "hash/hash_algorithms.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL IKE_TRACE_LEVEL |
Functions | |
| error_t | ikeSelectEncAlgo (IkeSaEntry *sa, uint16_t encAlgoId, size_t encKeyLen) |
| Select the relevant encryption algorithm. More... | |
| error_t | ikeSelectAuthAlgo (IkeSaEntry *sa, uint16_t authAlgoId) |
| Select the relevant MAC algorithm. More... | |
| error_t | ikeSelectPrfAlgo (IkeSaEntry *sa, uint16_t prfAlgoId) |
| Select the relevant PRF algorithm. More... | |
| error_t | ikeAddTransform (IkeTransformType transformType, uint16_t transformId, uint16_t keyLen, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported transforms to the proposal. More... | |
| error_t | ikeAddSupportedTransforms (IkeContext *context, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported IKE transforms to the proposal. More... | |
| error_t | ikeAddSupportedKeTransforms (IkeContext *context, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported key exchange transforms to the proposal. More... | |
| error_t | ikeAddSupportedEncTransforms (IkeContext *context, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported encryption transforms to the proposal. More... | |
| error_t | ikeAddSupportedAuthTransforms (IkeContext *context, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported integrity transforms to the proposal. More... | |
| error_t | ikeAddSupportedPrfTransforms (IkeContext *context, IkeProposal *proposal, uint8_t **lastSubstruc) |
| Add the supported PRF transforms to the proposal. More... | |
| uint_t | ikeGetNumTransforms (IkeTransformType transformType, const IkeProposal *proposal, size_t proposalLen) |
| Get the number of transforms that match a given transform type. More... | |
| uint16_t | ikeSelectTransform (IkeTransformType transformType, const uint16_t *algoList, uint_t algoListLen, const IkeProposal *proposal, size_t proposalLen) |
| Transform negotiation. More... | |
| uint16_t | ikeSelectKeTransform (IkeContext *context, const IkeProposal *proposal, size_t proposalLen) |
| Key exchange transform negotiation. More... | |
| const IkeEncAlgo * | ikeSelectEncTransform (IkeContext *context, const IkeProposal *proposal, size_t proposalLen) |
| Encryption transform negotiation. More... | |
| uint16_t | ikeSelectAuthTransform (IkeContext *context, const IkeProposal *proposal, size_t proposalLen) |
| Integrity transform negotiation. More... | |
| uint16_t | ikeSelectPrfTransform (IkeContext *context, const IkeProposal *proposal, size_t proposalLen) |
| PRF transform negotiation. More... | |
| error_t | ikeSelectSaProposal (IkeSaEntry *sa, const IkeSaPayload *payload, size_t spiSize) |
| Select a single proposal (IKE protocol) More... | |
| error_t | ikeSelectChildSaProposal (IkeChildSaEntry *childSa, const IkeSaPayload *payload) |
| Select a single proposal (AH or ESP protocol) More... | |
| error_t | ikeCheckSaProposal (IkeSaEntry *sa, const IkeSaPayload *payload) |
| Check whether the selected proposal is acceptable (IKE protocol) More... | |
| error_t | ikeCheckChildSaProposal (IkeChildSaEntry *childSa, const IkeSaPayload *payload) |
| Check whether the selected proposal is acceptable (AH or ESP protocol) More... | |
| bool_t | ikeIsAeadEncAlgo (uint16_t encAlgoId) |
| Test if the transform ID identifies an AEAD encryption algorithm. More... | |
| bool_t | ikeIsVariableLengthKeyEncAlgo (uint16_t encAlgoId) |
| Test if the transform ID identifies a variable-length key encryption algorithm. More... | |
| bool_t | ikeIsDhKeyExchangeAlgo (uint16_t groupNum) |
| Test if the group number identifies a DH key exchange algorithm. More... | |
| bool_t | ikeIsEcdhKeyExchangeAlgo (uint16_t groupNum) |
| Test if the group number identifies an ECDH key exchange algorithm. More... | |
| bool_t | ikeIsMlkemKeyExchangeAlgo (uint16_t groupNum) |
| Test if the group number identifies an ML-KEM key exchange algorithm. More... | |
| const EcCurve * | ikeGetEcdhCurve (uint16_t groupNum) |
| Get the elliptic curve that matches the specified group number. More... | |
| uint16_t | ikeSelectDefaultDhGroup (void) |
| Get the default Diffie-Hellman group number. More... | |
| bool_t | ikeIsDhGroupSupported (uint16_t groupNum) |
| Check whether a given Diffie-Hellman group is supported. More... | |
| bool_t | ikeIsHashAlgoSupported (uint16_t hashAlgoId) |
| Check whether a given signature hash algorithm is supported. More... | |
Detailed Description
IKEv2 algorithm negotiation.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file ike_algorithms.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL IKE_TRACE_LEVEL |
Definition at line 32 of file ike_algorithms.c.
Function Documentation
◆ ikeAddSupportedAuthTransforms()
| error_t ikeAddSupportedAuthTransforms | ( | IkeContext * | context, |
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported integrity transforms to the proposal.
- Parameters
-
[in] context Pointer to the IKE context [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1335 of file ike_algorithms.c.
◆ ikeAddSupportedEncTransforms()
| error_t ikeAddSupportedEncTransforms | ( | IkeContext * | context, |
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported encryption transforms to the proposal.
- Parameters
-
[in] context Pointer to the IKE context [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1304 of file ike_algorithms.c.
◆ ikeAddSupportedKeTransforms()
| error_t ikeAddSupportedKeTransforms | ( | IkeContext * | context, |
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported key exchange transforms to the proposal.
- Parameters
-
[in] context Pointer to the IKE context [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1274 of file ike_algorithms.c.
◆ ikeAddSupportedPrfTransforms()
| error_t ikeAddSupportedPrfTransforms | ( | IkeContext * | context, |
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported PRF transforms to the proposal.
- Parameters
-
[in] context Pointer to the IKE context [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1365 of file ike_algorithms.c.
◆ ikeAddSupportedTransforms()
| error_t ikeAddSupportedTransforms | ( | IkeContext * | context, |
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported IKE transforms to the proposal.
- Parameters
-
[in] context Pointer to the IKE context [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1232 of file ike_algorithms.c.
◆ ikeAddTransform()
| error_t ikeAddTransform | ( | IkeTransformType | transformType, |
| uint16_t | transformId, | ||
| uint16_t | keyLen, | ||
| IkeProposal * | proposal, | ||
| uint8_t ** | lastSubstruc | ||
| ) |
Add the supported transforms to the proposal.
- Parameters
-
[in] transformType Transform type [in] transformId Transform identifier [in] keyLen Key length attribute (for encryption algorithms with variable-length keys) [in,out] proposal Pointer to the Proposal substructure [in,out] lastSubstruc Pointer to the Last Substruc field
- Returns
- Error code
Definition at line 1151 of file ike_algorithms.c.
◆ ikeCheckChildSaProposal()
| error_t ikeCheckChildSaProposal | ( | IkeChildSaEntry * | childSa, |
| const IkeSaPayload * | payload | ||
| ) |
Check whether the selected proposal is acceptable (AH or ESP protocol)
- Parameters
-
[in] childSa Pointer to the Child SA [in] payload Pointer to the Security Association payload
- Returns
- Error code
Definition at line 2036 of file ike_algorithms.c.
◆ ikeCheckSaProposal()
| error_t ikeCheckSaProposal | ( | IkeSaEntry * | sa, |
| const IkeSaPayload * | payload | ||
| ) |
Check whether the selected proposal is acceptable (IKE protocol)
- Parameters
-
[in] sa Pointer to the IKE SA [in] payload Pointer to the Security Association payload
- Returns
- Error code
Definition at line 1900 of file ike_algorithms.c.
◆ ikeGetEcdhCurve()
| const EcCurve* ikeGetEcdhCurve | ( | uint16_t | groupNum | ) |
Get the elliptic curve that matches the specified group number.
- Parameters
-
[in] groupNum Group number
- Returns
- Elliptic curve parameters
Definition at line 2214 of file ike_algorithms.c.
◆ ikeGetNumTransforms()
| uint_t ikeGetNumTransforms | ( | IkeTransformType | transformType, |
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
Get the number of transforms that match a given transform type.
- Parameters
-
[in] transformType Transform type [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Number of transforms
Definition at line 1395 of file ike_algorithms.c.
◆ ikeIsAeadEncAlgo()
| bool_t ikeIsAeadEncAlgo | ( | uint16_t | encAlgoId | ) |
Test if the transform ID identifies an AEAD encryption algorithm.
- Parameters
-
[in] encAlgoId Encryption algorithm identifier
- Returns
- TRUE if AEAD encryption algorithm, else FALSE
Definition at line 2073 of file ike_algorithms.c.
◆ ikeIsDhGroupSupported()
| bool_t ikeIsDhGroupSupported | ( | uint16_t | groupNum | ) |
Check whether a given Diffie-Hellman group is supported.
- Parameters
-
[in] groupNum Diffie-Hellman group number
- Returns
- TRUE is the Diffie-Hellman group is supported, else FALSE
Definition at line 2335 of file ike_algorithms.c.
◆ ikeIsDhKeyExchangeAlgo()
| bool_t ikeIsDhKeyExchangeAlgo | ( | uint16_t | groupNum | ) |
Test if the group number identifies a DH key exchange algorithm.
- Parameters
-
[in] groupNum Group number
- Returns
- TRUE if DH key exchange algorithm, else FALSE
Definition at line 2132 of file ike_algorithms.c.
◆ ikeIsEcdhKeyExchangeAlgo()
| bool_t ikeIsEcdhKeyExchangeAlgo | ( | uint16_t | groupNum | ) |
Test if the group number identifies an ECDH key exchange algorithm.
- Parameters
-
[in] groupNum Group number
- Returns
- TRUE if ECDH key exchange algorithm, else FALSE
Definition at line 2162 of file ike_algorithms.c.
◆ ikeIsHashAlgoSupported()
| bool_t ikeIsHashAlgoSupported | ( | uint16_t | hashAlgoId | ) |
Check whether a given signature hash algorithm is supported.
- Parameters
-
[in] hashAlgoId Signature hash algorithm identifier
- Returns
- TRUE is the signature hash algorithm is supported, else FALSE
Definition at line 2365 of file ike_algorithms.c.
◆ ikeIsMlkemKeyExchangeAlgo()
| bool_t ikeIsMlkemKeyExchangeAlgo | ( | uint16_t | groupNum | ) |
Test if the group number identifies an ML-KEM key exchange algorithm.
- Parameters
-
[in] groupNum Group number
- Returns
- TRUE if ML-KEM key exchange algorithm, else FALSE
Definition at line 2192 of file ike_algorithms.c.
◆ ikeIsVariableLengthKeyEncAlgo()
| bool_t ikeIsVariableLengthKeyEncAlgo | ( | uint16_t | encAlgoId | ) |
Test if the transform ID identifies a variable-length key encryption algorithm.
- Parameters
-
[in] encAlgoId Encryption algorithm identifier
- Returns
- TRUE if variable-length key encryption algorithm, else FALSE
Definition at line 2101 of file ike_algorithms.c.
◆ ikeSelectAuthAlgo()
| error_t ikeSelectAuthAlgo | ( | IkeSaEntry * | sa, |
| uint16_t | authAlgoId | ||
| ) |
Select the relevant MAC algorithm.
- Parameters
-
[in] sa Pointer to the IKE SA [in] authAlgoId Authentication algorithm identifier
- Returns
- Error code
Definition at line 940 of file ike_algorithms.c.
◆ ikeSelectAuthTransform()
| uint16_t ikeSelectAuthTransform | ( | IkeContext * | context, |
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
Integrity transform negotiation.
- Parameters
-
[in] context Pointer to the IKE context [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Selected integrity transform, if any
Definition at line 1692 of file ike_algorithms.c.
◆ ikeSelectChildSaProposal()
| error_t ikeSelectChildSaProposal | ( | IkeChildSaEntry * | childSa, |
| const IkeSaPayload * | payload | ||
| ) |
Select a single proposal (AH or ESP protocol)
- Parameters
-
[in] childSa Pointer to the Child SA [in] payload Pointer to the Security Association payload
- Returns
- Error code
Definition at line 1862 of file ike_algorithms.c.
◆ ikeSelectDefaultDhGroup()
| uint16_t ikeSelectDefaultDhGroup | ( | void | ) |
Get the default Diffie-Hellman group number.
- Returns
- Default Diffie-Hellman group number
Definition at line 2323 of file ike_algorithms.c.
◆ ikeSelectEncAlgo()
| error_t ikeSelectEncAlgo | ( | IkeSaEntry * | sa, |
| uint16_t | encAlgoId, | ||
| size_t | encKeyLen | ||
| ) |
Select the relevant encryption algorithm.
- Parameters
-
[in] sa Pointer to the IKE SA [in] encAlgoId Encryption algorithm identifier [in] encKeyLen Length of the encryption key, in bytes
- Returns
- Error code
Definition at line 351 of file ike_algorithms.c.
◆ ikeSelectEncTransform()
| const IkeEncAlgo* ikeSelectEncTransform | ( | IkeContext * | context, |
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
Encryption transform negotiation.
- Parameters
-
[in] context Pointer to the IKE context [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Selected encryption transform, if any
Definition at line 1576 of file ike_algorithms.c.
◆ ikeSelectKeTransform()
| uint16_t ikeSelectKeTransform | ( | IkeContext * | context, |
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
Key exchange transform negotiation.
- Parameters
-
[in] context Pointer to the IKE context [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Selected key exchange transform, if any
Definition at line 1559 of file ike_algorithms.c.
◆ ikeSelectPrfAlgo()
| error_t ikeSelectPrfAlgo | ( | IkeSaEntry * | sa, |
| uint16_t | prfAlgoId | ||
| ) |
Select the relevant PRF algorithm.
- Parameters
-
[in] sa Pointer to the IKE SA [in] prfAlgoId PRF algorithm identifier
- Returns
- Error code
Definition at line 1042 of file ike_algorithms.c.
◆ ikeSelectPrfTransform()
| uint16_t ikeSelectPrfTransform | ( | IkeContext * | context, |
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
PRF transform negotiation.
- Parameters
-
[in] context Pointer to the IKE context [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Selected PRF transform, if any
Definition at line 1709 of file ike_algorithms.c.
◆ ikeSelectSaProposal()
| error_t ikeSelectSaProposal | ( | IkeSaEntry * | sa, |
| const IkeSaPayload * | payload, | ||
| size_t | spiSize | ||
| ) |
Select a single proposal (IKE protocol)
- Parameters
-
[in] sa Pointer to the IKE SA [in] payload Pointer to the Security Association payload [in] spiSize Expected SPI size, in bytes
- Returns
- Error code
Definition at line 1726 of file ike_algorithms.c.
◆ ikeSelectTransform()
| uint16_t ikeSelectTransform | ( | IkeTransformType | transformType, |
| const uint16_t * | algoList, | ||
| uint_t | algoListLen, | ||
| const IkeProposal * | proposal, | ||
| size_t | proposalLen | ||
| ) |
Transform negotiation.
- Parameters
-
[in] transformType Transform type [in] algoList List of algorithms [in] algoListLen Number of items in the list [in] proposal Pointer to the Proposal substructure [in] proposalLen Length of the Proposal substructure, in bytes
- Returns
- Selected transform, if any
Definition at line 1467 of file ike_algorithms.c.