Authentication of the IKE SA. More...
#include "ike/ike.h"#include "ike/ike_auth.h"#include "ike/ike_sign_generate.h"#include "ike/ike_sign_verify.h"#include "ike/ike_key_material.h"#include "encoding/asn1.h"#include "encoding/oid.h"#include "pkix/x509_cert_parse.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL IKE_TRACE_LEVEL |
Functions | |
| error_t | ikeGenerateAuth (IkeSaEntry *sa, const IkeIdPayload *idPayload, uint8_t *authMethod, uint8_t *authData, size_t *authDataLen) |
| Generate signature or MAC. More... | |
| error_t | ikeVerifyAuth (IkeSaEntry *sa, IpsecPadEntry *padEntry, const IkeIdPayload *idPayload, const IkeCertPayload *certPayload, const IkeAuthPayload *authPayload) |
| Verify signature or MAC. More... | |
| error_t | ikeComputeMacAuth (IkeSaEntry *sa, const uint8_t *key, size_t keyLen, const uint8_t *id, size_t idLen, uint8_t *mac, bool_t initiator) |
| Compute MAC authentication data. More... | |
Detailed Description
Authentication of the IKE SA.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file ike_auth.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL IKE_TRACE_LEVEL |
Definition at line 32 of file ike_auth.c.
Function Documentation
◆ ikeComputeMacAuth()
| error_t ikeComputeMacAuth | ( | IkeSaEntry * | sa, |
| const uint8_t * | key, | ||
| size_t | keyLen, | ||
| const uint8_t * | id, | ||
| size_t | idLen, | ||
| uint8_t * | mac, | ||
| bool_t | initiator | ||
| ) |
Compute MAC authentication data.
- Parameters
-
[in] sa Pointer to the IKE SA [in] key Pre-shared key [in] keyLen Length of the pre-shared key [in] id MAC authentication data [in] idLen MAC authentication data [out] mac MAC authentication data [in] initiator Specifies whether the computation is performed at initiator or responder side
- Returns
- Error code
Definition at line 310 of file ike_auth.c.
◆ ikeGenerateAuth()
| error_t ikeGenerateAuth | ( | IkeSaEntry * | sa, |
| const IkeIdPayload * | idPayload, | ||
| uint8_t * | authMethod, | ||
| uint8_t * | authData, | ||
| size_t * | authDataLen | ||
| ) |
Generate signature or MAC.
- Parameters
-
[in] sa Pointer to the IKE SA [in] idPayload Pointer to the Identification payload [out] authMethod Authentication method [out] authData Pointer to the authentication data [out] authDataLen Length of the authentication data
- Returns
- Error code
Definition at line 59 of file ike_auth.c.
◆ ikeVerifyAuth()
| error_t ikeVerifyAuth | ( | IkeSaEntry * | sa, |
| IpsecPadEntry * | padEntry, | ||
| const IkeIdPayload * | idPayload, | ||
| const IkeCertPayload * | certPayload, | ||
| const IkeAuthPayload * | authPayload | ||
| ) |
Verify signature or MAC.
- Parameters
-
[in] sa Pointer to the IKE SA [in] padEntry Pointer to the PAD entry [in] idPayload Pointer to the Identification payload [in] certPayload Pointer to the Certificate payload [out] authPayload Pointer to the Authentication payload
- Returns
- Error code
Definition at line 137 of file ike_auth.c.