ike_debug.c
Go to the documentation of this file.
1 /**
2  * @file ike_debug.c
3  * @brief Data logging functions for debugging purpose (IKEv2)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL IKE_TRACE_LEVEL
33 
34 //Dependencies
35 #include "ike/ike.h"
36 #include "ike/ike_debug.h"
37 #include "debug.h"
38 
39 //Check IKEv2 library configuration
40 #if (IKE_SUPPORT == ENABLED && IKE_TRACE_LEVEL >= TRACE_LEVEL_DEBUG)
41 
42 //Exchange types
43 static const IkeParamName ikeExchangeTypeList[] =
44 {
45  {IKE_EXCHANGE_TYPE_IKE_SA_INIT, "IKE_SA_INIT"},
46  {IKE_EXCHANGE_TYPE_IKE_AUTH, "IKE_AUTH"},
47  {IKE_EXCHANGE_TYPE_CREATE_CHILD_SA, "CREATE_CHILD_SA"},
48  {IKE_EXCHANGE_TYPE_INFORMATIONAL, "INFORMATIONAL"},
49  {IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME, "IKE_SESSION_RESUME"},
50  {IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE, "IKE_INTERMEDIATE"}
51 };
52 
53 //Payload types
54 static const IkeParamName ikePayloadList[] =
55 {
56  {IKE_PAYLOAD_TYPE_LAST, "No Next Payload"},
57  {IKE_PAYLOAD_TYPE_SA, "Security Association"},
58  {IKE_PAYLOAD_TYPE_KE, "Key Exchange"},
59  {IKE_PAYLOAD_TYPE_IDI, "Identification - Initiator"},
60  {IKE_PAYLOAD_TYPE_IDR, "Identification - Responder"},
61  {IKE_PAYLOAD_TYPE_CERT, "Certificate"},
62  {IKE_PAYLOAD_TYPE_CERTREQ, "Certificate Request"},
63  {IKE_PAYLOAD_TYPE_AUTH, "Authentication"},
64  {IKE_PAYLOAD_TYPE_NONCE, "Nonce"},
65  {IKE_PAYLOAD_TYPE_N, "Notify"},
66  {IKE_PAYLOAD_TYPE_D, "Delete"},
67  {IKE_PAYLOAD_TYPE_V, "Vendor ID"},
68  {IKE_PAYLOAD_TYPE_TSI, "Traffic Selector - Initiator"},
69  {IKE_PAYLOAD_TYPE_TSR, "Traffic Selector - Responder"},
70  {IKE_PAYLOAD_TYPE_SK, "Encrypted and Authenticated"},
71  {IKE_PAYLOAD_TYPE_CP, "Configuration"},
72  {IKE_PAYLOAD_TYPE_EAP, "Extensible Authentication"},
73  {IKE_PAYLOAD_TYPE_GSPM, "Generic Secure Password Method"},
74  {IKE_PAYLOAD_TYPE_SKF, "Encrypted and Authenticated Fragment"},
75  {IKE_PAYLOAD_TYPE_PS, "Puzzle Solution"}
76 };
77 
78 //Last Substruc values
79 static const IkeParamName ikeLastSubstrucList[] =
80 {
81  {IKE_LAST_SUBSTRUC_LAST, "Last"},
82  {IKE_LAST_SUBSTRUC_MORE_PROPOSALS, "More Proposals"},
83  {IKE_LAST_SUBSTRUC_MORE_TRANSFORMS, "More Transforms"}
84 };
85 
86 //Protocol IDs
87 static const IkeParamName ikeProtocolIdList[] =
88 {
89  {IKE_PROTOCOL_ID_IKE, "IKE"},
90  {IKE_PROTOCOL_ID_AH, "AH"},
91  {IKE_PROTOCOL_ID_ESP, "ESP"}
92 };
93 
94 //Transform types
95 static const IkeParamName ikeTransformTypeList[] =
96 {
97  {IKE_TRANSFORM_TYPE_ENCR, "Encryption Algorithm"},
98  {IKE_TRANSFORM_TYPE_PRF, "Pseudorandom Function"},
99  {IKE_TRANSFORM_TYPE_INTEG, "Integrity Algorithm"},
100  {IKE_TRANSFORM_TYPE_DH, "Diffie-Hellman Group"},
101  {IKE_TRANSFORM_TYPE_ESN, "Extended Sequence Numbers"}
102 };
103 
104 //Encryption algorithms
105 static const IkeParamName ikeEncrAlgoList[] =
106 {
107  {IKE_TRANSFORM_ID_ENCR_DES_IV64, "ENCR_DES_IV64"},
108  {IKE_TRANSFORM_ID_ENCR_DES, "ENCR_DES"},
109  {IKE_TRANSFORM_ID_ENCR_3DES, "ENCR_3DES"},
110  {IKE_TRANSFORM_ID_ENCR_RC5, "ENCR_RC5"},
111  {IKE_TRANSFORM_ID_ENCR_IDEA, "ENCR_IDEA"},
112  {IKE_TRANSFORM_ID_ENCR_CAST, "ENCR_CAST"},
113  {IKE_TRANSFORM_ID_ENCR_BLOWFISH, "ENCR_BLOWFISH"},
114  {IKE_TRANSFORM_ID_ENCR_3IDEA, "ENCR_3IDEA"},
115  {IKE_TRANSFORM_ID_ENCR_DES_IV32, "ENCR_DES_IV32"},
116  {IKE_TRANSFORM_ID_ENCR_NULL, "ENCR_NULL"},
117  {IKE_TRANSFORM_ID_ENCR_AES_CBC, "ENCR_AES_CBC"},
118  {IKE_TRANSFORM_ID_ENCR_AES_CTR, "ENCR_AES_CTR"},
119  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8, "ENCR_AES_CCM_8"},
120  {IKE_TRANSFORM_ID_ENCR_AES_CCM_12, "ENCR_AES_CCM_12"},
121  {IKE_TRANSFORM_ID_ENCR_AES_CCM_16, "ENCR_AES_CCM_16"},
122  {IKE_TRANSFORM_ID_ENCR_AES_GCM_8, "ENCR_AES_GCM_8"},
123  {IKE_TRANSFORM_ID_ENCR_AES_GCM_12, "ENCR_AES_GCM_12"},
124  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16, "ENCR_AES_GCM_16"},
125  {IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC, "ENCR_NULL_AUTH_AES_GMAC"},
126  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC, "ENCR_CAMELLIA_CBC"},
127  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR, "ENCR_CAMELLIA_CTR"},
128  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8, "ENCR_CAMELLIA_CCM_8"},
129  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12, "ENCR_CAMELLIA_CCM_12"},
130  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16, "ENCR_CAMELLIA_CCM_16"},
131  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305, "ENCR_CHACHA20_POLY1305"},
132  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV, "ENCR_AES_CCM_8_IIV"},
133  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV, "ENCR_AES_GCM_16_IIV"},
134  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV, "ENCR_CHACHA20_POLY1305_IIV"},
135  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE, "ENCR_KUZNYECHIK_MGM_KTREE"},
136  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE, "ENCR_MAGMA_MGM_KTREE"},
137  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE, "ENCR_KUZNYECHIK_MGM_MAC_KTREE"},
138  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE, "ENCR_MAGMA_MGM_MAC_KTREE"}
139 };
140 
141 //Pseudorandom functions
142 static const IkeParamName ikePrfAlgoList[] =
143 {
144  {IKE_TRANSFORM_ID_PRF_HMAC_MD5, "PRF_HMAC_MD5"},
145  {IKE_TRANSFORM_ID_PRF_HMAC_SHA1, "PRF_HMAC_SHA1"},
146  {IKE_TRANSFORM_ID_PRF_HMAC_TIGER, "PRF_HMAC_TIGER"},
147  {IKE_TRANSFORM_ID_PRF_AES128_XCBC, "PRF_AES128_XCBC"},
148  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256, "PRF_HMAC_SHA2_256"},
149  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384, "PRF_HMAC_SHA2_384"},
150  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512, "PRF_HMAC_SHA2_512"},
151  {IKE_TRANSFORM_ID_PRF_AES128_CMAC, "PRF_AES128_CMAC"}
152 };
153 
154 //Integrity algorithms
155 static const IkeParamName ikeAuthAlgoList[] =
156 {
157  {IKE_TRANSFORM_ID_AUTH_NONE, "AUTH_NONE"},
158  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96, "AUTH_HMAC_MD5_96"},
159  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96"},
160  {IKE_TRANSFORM_ID_AUTH_DES_MAC, "AUTH_DES_MAC"},
161  {IKE_TRANSFORM_ID_AUTH_KPDK_MD5, "AUTH_KPDK_MD5"},
162  {IKE_TRANSFORM_ID_AUTH_AES_XCBC_96, "AUTH_AES_XCBC_96"},
163  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128, "AUTH_HMAC_MD5_128"},
164  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160, "AUTH_HMAC_SHA1_160"},
165  {IKE_TRANSFORM_ID_AUTH_AES_CMAC_96, "AUTH_AES_CMAC_96"},
166  {IKE_TRANSFORM_ID_AUTH_AES_128_GMAC, "AUTH_AES_128_GMAC"},
167  {IKE_TRANSFORM_ID_AUTH_AES_192_GMAC, "AUTH_AES_192_GMAC"},
168  {IKE_TRANSFORM_ID_AUTH_AES_256_GMAC, "AUTH_AES_256_GMAC"},
169  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128, "AUTH_HMAC_SHA2_256_128"},
170  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192, "AUTH_HMAC_SHA2_384_192"},
171  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256, "AUTH_HMAC_SHA2_512_256"}
172 };
173 
174 //Diffie-Hellman groups
175 static const IkeParamName ikeDhGroupList[] =
176 {
177  {IKE_TRANSFORM_ID_DH_GROUP_NONE, "None"},
178  {IKE_TRANSFORM_ID_DH_GROUP_MODP_768, "768-bit MODP Group"},
179  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024, "1024-bit MODP Group"},
180  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1536, "1536-bit MODP Group"},
181  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048, "2048-bit MODP Group"},
182  {IKE_TRANSFORM_ID_DH_GROUP_MODP_3072, "3072-bit MODP group"},
183  {IKE_TRANSFORM_ID_DH_GROUP_MODP_4096, "4096-bit MODP Group"},
184  {IKE_TRANSFORM_ID_DH_GROUP_MODP_6144, "6144-bit MODP Group"},
185  {IKE_TRANSFORM_ID_DH_GROUP_MODP_8192, "8192-bit MODP Group"},
186  {IKE_TRANSFORM_ID_DH_GROUP_ECP_256, "256-bit random ECP Group"},
187  {IKE_TRANSFORM_ID_DH_GROUP_ECP_384, "384-bit random ECP Group"},
188  {IKE_TRANSFORM_ID_DH_GROUP_ECP_521, "521-bit random ECP Group"},
189  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160, "1024-bit MODP Group with 160-bit Prime Order Subgroup"},
190  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224, "2048-bit MODP Group with 224-bit Prime Order Subgroup"},
191  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256, "2048-bit MODP Group with 256-bit Prime Order Subgroup"},
192  {IKE_TRANSFORM_ID_DH_GROUP_ECP_192, "192-bit Random ECP Group"},
193  {IKE_TRANSFORM_ID_DH_GROUP_ECP_224, "224-bit Random ECP Group"},
194  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1, "brainpoolP224r1"},
195  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1, "brainpoolP256r1"},
196  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1, "brainpoolP384r1"},
197  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1, "brainpoolP512r1"},
198  {IKE_TRANSFORM_ID_DH_GROUP_CURVE25519, "Curve25519"},
199  {IKE_TRANSFORM_ID_DH_GROUP_CURVE448, "Curve448"}
200 };
201 
202 //Extended sequence numbers
203 static const IkeParamName ikeEsnList[] =
204 {
205  {IKE_TRANSFORM_ID_ESN_NO, "No ESNs"},
206  {IKE_TRANSFORM_ID_ESN_YES, "ESNs"}
207 };
208 
209 //Transform attribute formats
210 static const IkeParamName ikeAttrFormatList[] =
211 {
212  {IKE_ATTR_FORMAT_TLV, "TLV"},
213  {IKE_ATTR_FORMAT_TV, "TV"}
214 };
215 
216 //Transform attribute types
217 static const IkeParamName ikeAttrTypeList[] =
218 {
219  {IKE_TRANSFORM_ATTR_TYPE_KEY_LEN, "Key Length"},
220 };
221 
222 //ID types
223 static const IkeParamName ikeIdTypeList[] =
224 {
225  {IKE_ID_TYPE_IPV4_ADDR, "ID_IPV4_ADDR"},
226  {IKE_ID_TYPE_FQDN, "ID_FQDN"},
227  {IKE_ID_TYPE_RFC822_ADDR, "ID_RFC822_ADDR"},
228  {IKE_ID_TYPE_IPV6_ADDR, "ID_IPV6_ADDR"},
229  {IKE_ID_TYPE_DER_ASN1_DN, "ID_DER_ASN1_DN"},
230  {IKE_ID_TYPE_DER_ASN1_GN, "ID_DER_ASN1_GN"},
231  {IKE_ID_TYPE_KEY_ID, "ID_KEY_ID"},
232  {IKE_ID_TYPE_FC_NAME, "ID_FC_NAME"},
233  {IKE_ID_TYPE_NULL, "ID_NULL"}
234 };
235 
236 //Certificate encoding
237 static const IkeParamName ikeCertEncodingList[] =
238 {
239  {IKE_CERT_ENCODING_PKCS7_X509_CERT, "PKCS #7 wrapped X.509 certificate"},
240  {IKE_CERT_ENCODING_PGP_CERT, "PGP certificate"},
241  {IKE_CERT_ENCODING_DNS_SIGNED_KEY, "DNS signed key"},
242  {IKE_CERT_ENCODING_X509_CERT_SIGN, "X.509 certificate - signature"},
243  {IKE_CERT_ENCODING_KERBEROS_TOKEN, "Kerberos token"},
244  {IKE_CERT_ENCODING_CRL, "Certificate revocation list"},
245  {IKE_CERT_ENCODING_ARL, "Authority revocation list"},
246  {IKE_CERT_ENCODING_SPKI_CERT, "SPKI certificate"},
247  {IKE_CERT_ENCODING_X509_CERT_ATTR, "X.509 certificate - attribute"},
248  {IKE_CERT_ENCODING_RAW_RSA_KEY, "Raw RSA key"},
249  {IKE_CERT_ENCODING_HASH_URL_X509_CERT, "Hash and URL of X.509 certificate"},
250  {IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE, "Hash and URL of X.509 bundle"},
251  {IKE_CERT_ENCODING_OCSP_CONTENT, "OCSP Content"},
252  {IKE_CERT_ENCODING_RAW_PUBLIC_KEY, "Raw Public Key"}
253 };
254 
255 //Authentication methods
256 static const IkeParamName ikeAuthMethodList[] =
257 {
258  {IKE_AUTH_METHOD_RSA, "RSA Digital Signature"},
259  {IKE_AUTH_METHOD_SHARED_KEY, "Shared Key Message Integrity Code"},
260  {IKE_AUTH_METHOD_DSS, "DSS Digital Signature"},
261  {IKE_AUTH_METHOD_ECDSA_P256_SHA256, "ECDSA with SHA-256 on the P-256 curve"},
262  {IKE_AUTH_METHOD_ECDSA_P384_SHA384, "ECDSA with SHA-384 on the P-384 curve"},
263  {IKE_AUTH_METHOD_ECDSA_P521_SHA512, "ECDSA with SHA-512 on the P-521 curve"},
264  {IKE_AUTH_METHOD_GSPAM, "Generic Secure Password Authentication Method"},
265  {IKE_AUTH_METHOD_NULL, "NULL Authentication"},
266  {IKE_AUTH_METHOD_DIGITAL_SIGN, "Digital Signature"},
267 };
268 
269 //Notify message types
270 static const IkeParamName ikeNotifyMsgTypeList[] =
271 {
272  {IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, "UNSUPPORTED_CRITICAL_PAYLOAD"},
273  {IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI, "INVALID_IKE_SPI"},
274  {IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION, "INVALID_MAJOR_VERSION"},
275  {IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX, "INVALID_SYNTAX"},
276  {IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID, "INVALID_MESSAGE_ID"},
277  {IKE_NOTIFY_MSG_TYPE_INVALID_SPI, "INVALID_SPI"},
278  {IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN, "NO_PROPOSAL_CHOSEN"},
279  {IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD, "INVALID_KE_PAYLOAD"},
280  {IKE_NOTIFY_MSG_TYPE_AUTH_FAILED, "AUTHENTICATION_FAILED"},
281  {IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED, "SINGLE_PAIR_REQUIRED"},
282  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS, "NO_ADDITIONAL_SAS"},
283  {IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE, "INTERNAL_ADDRESS_FAILURE"},
284  {IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED, "FAILED_CP_REQUIRED"},
285  {IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE, "TS_UNACCEPTABLE"},
286  {IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS, "INVALID_SELECTORS"},
287  {IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES, "UNACCEPTABLE_ADDRESSES"},
288  {IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED, "UNEXPECTED_NAT_DETECTED"},
289  {IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA, "USE_ASSIGNED_HOA"},
290  {IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE, "TEMPORARY_FAILURE"},
291  {IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND, "CHILD_SA_NOT_FOUND"},
292  {IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID, "INVALID_GROUP_ID"},
293  {IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED, "AUTHORIZATION_FAILED"},
294  {IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND, "STATE_NOT_FOUND"},
295  {IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT, "INITIAL_CONTACT"},
296  {IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE, "SET_WINDOW_SIZE"},
297  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE, "ADDITIONAL_TS_POSSIBLE"},
298  {IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED, "IPCOMP_SUPPORTED"},
299  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP, "NAT_DETECTION_SOURCE_IP"},
300  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP, "NAT_DETECTION_DESTINATION_IP"},
301  {IKE_NOTIFY_MSG_TYPE_COOKIE, "COOKIE"},
302  {IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE, "USE_TRANSPORT_MODE"},
303  {IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED, "HTTP_CERT_LOOKUP_SUPPORTED"},
304  {IKE_NOTIFY_MSG_TYPE_REKEY_SA, "REKEY_SA"},
305  {IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED, "ESP_TFC_PADDING_NOT_SUPPORTED"},
306  {IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO, "NON_FIRST_FRAGMENTS_ALSO"},
307  {IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED, "MOBIKE_SUPPORTED"},
308  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS, "ADDITIONAL_IP4_ADDRESS"},
309  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS, "ADDITIONAL_IP6_ADDRESS"},
310  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES, "NO_ADDITIONAL_ADDRESSES"},
311  {IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES, "UPDATE_SA_ADDRESSES"},
312  {IKE_NOTIFY_MSG_TYPE_COOKIE2, "COOKIE2"},
313  {IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED, "NO_NATS_ALLOWED"},
314  {IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME, "AUTH_LIFETIME"},
315  {IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED, "MULTIPLE_AUTH_SUPPORTED"},
316  {IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS, "ANOTHER_AUTH_FOLLOWS"},
317  {IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED, "REDIRECT_SUPPORTED"},
318  {IKE_NOTIFY_MSG_TYPE_REDIRECT, "REDIRECT"},
319  {IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM, "REDIRECTED_FROM"},
320  {IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE, "TICKET_LT_OPAQUE"},
321  {IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST, "TICKET_REQUEST"},
322  {IKE_NOTIFY_MSG_TYPE_TICKET_ACK, "TICKET_ACK"},
323  {IKE_NOTIFY_MSG_TYPE_TICKET_NACK, "TICKET_NACK"},
324  {IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE, "TICKET_OPAQUE"},
325  {IKE_NOTIFY_MSG_TYPE_LINK_ID, "LINK_ID"},
326  {IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE, "USE_WESP_MODE"},
327  {IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED, "ROHC_SUPPORTED"},
328  {IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION, "EAP_ONLY_AUTHENTICATION"},
329  {IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED, "CHILDLESS_IKEV2_SUPPORTED"},
330  {IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION, "QUICK_CRASH_DETECTION"},
331  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED"},
332  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED"},
333  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC, "IKEV2_MESSAGE_ID_SYNC"},
334  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC, "IPSEC_REPLAY_COUNTER_SYNC"},
335  {IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS, "SECURE_PASSWORD_METHODS"},
336  {IKE_NOTIFY_MSG_TYPE_PSK_PERSIST, "PSK_PERSIST"},
337  {IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM, "PSK_CONFIRM"},
338  {IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED, "ERX_SUPPORTED"},
339  {IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY, "IFOM_CAPABILITY"},
340  {IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID, "SENDER_REQUEST_ID"},
341  {IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED, "IKEV2_FRAGMENTATION_SUPPORTED"},
342  {IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS, "SIGNATURE_HASH_ALGORITHMS"},
343  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED, "CLONE_IKE_SA_SUPPORTED"},
344  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA, "CLONE_IKE_SA"},
345  {IKE_NOTIFY_MSG_TYPE_PUZZLE, "PUZZLE"},
346  {IKE_NOTIFY_MSG_TYPE_USE_PPK, "USE_PPK"},
347  {IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY, "PPK_IDENTITY"},
348  {IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH, "NO_PPK_AUTH"},
349  {IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED, "INTERMEDIATE_EXCHANGE_SUPPORTED"},
350  {IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED, "IP4_ALLOWED"},
351  {IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED, "IP6_ALLOWED"},
352  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE, "ADDITIONAL_KEY_EXCHANGE"},
353  {IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG, "USE_AGGFRAG"},
354 };
355 
356 //Traffic selector types
357 static const IkeParamName ikeTsTypeList[] =
358 {
359  {IKE_TS_TYPE_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
360  {IKE_TS_TYPE_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"}
361 };
362 
363 //IP protocol IDs
364 static const IkeParamName ikeIpProtocolIdList[] =
365 {
366  {IKE_IP_PROTOCOL_ID_ICMP, "ICMP"},
367  {IKE_IP_PROTOCOL_ID_TCP, "TCP"},
368  {IKE_IP_PROTOCOL_ID_UDP, "UDP"},
369  {IKE_IP_PROTOCOL_ID_ICMPV6, "ICMPv6"},
370 };
371 
372 
373 /**
374  * @brief Dump IKE message
375  * @param[in] message Pointer to the IKE message to dump
376  * @param[in] length Length of the IKE message, in bytes
377  **/
378 
379 void ikeDumpMessage(const uint8_t *message, size_t length)
380 {
381  const IkeHeader *header;
382 
383  //Check the length of the IKE message
384  if(length < sizeof(IkeHeader))
385  return;
386 
387  //Each message begins with the IKE header
388  header = (IkeHeader *) message;
389 
390  //Dump IKE header
391  ikeDumpHeader(header);
392 
393  //Determine the length of the IKE payloads
394  length -= sizeof(IkeHeader);
395 
396  //The Next Payload field indicates the type of payload that immediately
397  //follows the header
398  ikeDumpPayloads(message + sizeof(IkeHeader), length, header->nextPayload);
399 }
400 
401 
402 /**
403  * @brief Dump IKE header
404  * @param[in] header Pointer to the IKE header to dump
405  **/
406 
407 void ikeDumpHeader(const IkeHeader *header)
408 {
409  const char_t *nextPayloadName;
410  const char_t *exchangeTypeName;
411 
412  //Convert the Next Payload field to string representation
413  nextPayloadName = ikeGetParamName(header->nextPayload,
414  ikePayloadList, arraysize(ikePayloadList));
415 
416  //Convert the Exchange Type field to string representation
417  exchangeTypeName = ikeGetParamName(header->exchangeType,
418  ikeExchangeTypeList, arraysize(ikeExchangeTypeList));
419 
420  //Dump IKE header
421  TRACE_DEBUG_ARRAY(" Initiator SPI = ", header->initiatorSpi, IKE_SPI_SIZE);
422  TRACE_DEBUG_ARRAY(" Responder SPI = ", header->responderSpi, IKE_SPI_SIZE);
423  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
424  TRACE_DEBUG(" Major Version = %" PRIu8 "\r\n", header->majorVersion);
425  TRACE_DEBUG(" Minor Version = %" PRIu8 "\r\n", header->minorVersion);
426  TRACE_DEBUG(" Exchange Type = %" PRIu8 " (%s)\r\n", header->exchangeType, exchangeTypeName);
427  ikeDumpFlags(header->flags);
428  TRACE_DEBUG(" Message ID = %" PRIu32 "\r\n", ntohl(header->messageId));
429  TRACE_DEBUG(" Length = %" PRIu32 "\r\n", ntohl(header->length));
430 }
431 
432 
433 /**
434  * @brief Dump flags
435  * @param[in] flags specific options that are set for the IKE message
436  **/
437 
438 void ikeDumpFlags(uint8_t flags)
439 {
440  uint8_t r;
441  uint8_t v;
442  uint8_t i;
443 
444  //The R bit indicates that this message is a response to a message containing
445  //the same Message ID
446  r = (flags & IKE_FLAGS_R) ? 1 : 0;
447 
448  //The V bit indicates that the transmitter is capable of speaking a higher
449  //major version number of the protocol than the one indicated in the major
450  //version number field
451  v = (flags & IKE_FLAGS_V) ? 1 : 0;
452 
453  //The I bit must be set in messages sent by the original initiator of the
454  //IKE SA and must be cleared in messages sent by the original responder
455  i = (flags & IKE_FLAGS_I) ? 1 : 0;
456 
457  //Check whether any flag is set
458  if(r != 0 || v != 0 || i != 0)
459  {
460  //Dump the value of the Flags field
461  TRACE_DEBUG(" Flags = 0x%02" PRIX8 " (", flags);
462 
463  //Dump flags
464  while(1)
465  {
466  if(r != 0)
467  {
468  TRACE_DEBUG("Response");
469  r = FALSE;
470  }
471  else if(v != 0)
472  {
473  TRACE_DEBUG("Version");
474  v = FALSE;
475  }
476  else if(i != 0)
477  {
478  TRACE_DEBUG("Initiator");
479  i = FALSE;
480  }
481  else
482  {
483  }
484 
485  if(r != 0 || v != 0 || i != 0)
486  {
487  TRACE_DEBUG(", ");
488  }
489  else
490  {
491  TRACE_DEBUG(")\r\n");
492  break;
493  }
494  }
495  }
496  else
497  {
498  //Dump the value of the Flags field
499  TRACE_DEBUG(" Flags = 0x%02" PRIX8 "\r\n", flags);
500  }
501 }
502 
503 
504 /**
505  * @brief Dump IKE payloads
506  * @param[in] payloads Pointer to the IKE payloads to dump
507  * @param[in] length Length of the IKE payloads, in bytes
508  * @param[in] nextPayload Next payload type
509  **/
510 
511 void ikeDumpPayloads(const uint8_t *payloads, size_t length,
512  uint8_t nextPayload)
513 {
514  size_t n;
515  const char_t *payloadName;
516  const IkePayloadHeader *payload;
517 
518  //Following the header are one or more IKE payloads each identified by
519  //a Next Payload field in the preceding payload
520  while(nextPayload != IKE_PAYLOAD_TYPE_LAST &&
521  length >= sizeof(IkePayloadHeader))
522  {
523  //Retrieve the name of the current IKE payload
524  payloadName = ikeGetParamName(nextPayload, ikePayloadList,
525  arraysize(ikePayloadList));
526 
527  //Each IKE payload begins with a generic payload header
528  payload = (IkePayloadHeader *) payloads;
529 
530  //The Payload Length field indicates the length in octets of the current
531  //payload, including the generic payload header
532  n = ntohs(payload->payloadLength);
533 
534  //Display the name of the current IKE payload
535  TRACE_DEBUG(" %s Payload (%" PRIuSIZE " bytes)\r\n", payloadName, n);
536 
537  //Check the length of the IKE payload
538  if(n < sizeof(IkePayloadHeader) || n > length)
539  break;
540 
541  //Dump generic payload header
542  ikeDumpPayloadHeader(payload);
543 
544  //Check IKE payload type
545  if(nextPayload == IKE_PAYLOAD_TYPE_SA)
546  {
547  //Dump Security Association payload
548  ikeDumpSaPayload((IkeSaPayload *) payload, n);
549  }
550  else if(nextPayload == IKE_PAYLOAD_TYPE_KE)
551  {
552  //Dump Key Exchange payload
553  ikeDumpKePayload((IkeKePayload *) payload, n);
554  }
555  else if(nextPayload == IKE_PAYLOAD_TYPE_IDI ||
556  nextPayload == IKE_PAYLOAD_TYPE_IDR)
557  {
558  //Dump Identification payload
559  ikeDumpIdPayload((IkeIdPayload *) payload, n);
560  }
561  else if(nextPayload == IKE_PAYLOAD_TYPE_CERT)
562  {
563  //Dump Certificate
564  ikeDumpCertPayload((IkeCertPayload *) payload, n);
565  }
566  else if(nextPayload == IKE_PAYLOAD_TYPE_CERTREQ)
567  {
568  //Dump Certificate Request
569  ikeDumpCertReqPayload((IkeCertReqPayload *) payload, n);
570  }
571  else if(nextPayload == IKE_PAYLOAD_TYPE_AUTH)
572  {
573  //Dump Authentication payload
574  ikeDumpAuthPayload((IkeAuthPayload *) payload, n);
575  }
576  else if(nextPayload == IKE_PAYLOAD_TYPE_NONCE)
577  {
578  //Dump Nonce payload
579  ikeDumpNoncePayload((IkeNoncePayload *) payload, n);
580  }
581  else if(nextPayload == IKE_PAYLOAD_TYPE_N)
582  {
583  //Dump Notify payload
584  ikeDumpNotifyPayload((IkeNotifyPayload *) payload, n);
585  }
586  else if(nextPayload == IKE_PAYLOAD_TYPE_D)
587  {
588  //Dump Delete payload
589  ikeDumpDeletePayload((IkeDeletePayload *) payload, n);
590  }
591  else if(nextPayload == IKE_PAYLOAD_TYPE_TSI ||
592  nextPayload == IKE_PAYLOAD_TYPE_TSR)
593  {
594  //Dump Traffic Selector payload
595  ikeDumpTsPayload((IkeTsPayload *) payload, n);
596  }
597  else if(nextPayload == IKE_PAYLOAD_TYPE_SK)
598  {
599  //Dump Encrypted payload
600  ikeDumpEncryptedPayload((IkeEncryptedPayload *) payload, n);
601 
602  //The Encrypted payload, if present in a message, must be the last
603  //payload in the message (refer to RFC 7296, section 3.14)
604  break;
605  }
606  else if(nextPayload == IKE_PAYLOAD_TYPE_SKF)
607  {
608  //Dump Encrypted Fragment payload
609  ikeDumpEncryptedFragPayload((IkeEncryptedFragPayload *) payload, n);
610 
611  //As is the case for the Encrypted payload, the Encrypted Fragment
612  //payload, if present in a message, MUST be the last payload in the
613  //message (refer to RFC 7383, section 2.5)
614  break;
615  }
616  else
617  {
618  //Unknown IKE payload type
619  }
620 
621  //The Next Payload field indicates the payload type of the next payload
622  //in the message
623  nextPayload = payload->nextPayload;
624 
625  //Jump to the next IKE payload
626  payloads += n;
627  length -= n;
628  }
629 }
630 
631 
632 /**
633  * @brief Dump generic payload header
634  * @param[in] header Pointer to the generic payload header to dump
635  **/
636 
637 void ikeDumpPayloadHeader(const IkePayloadHeader *header)
638 {
639  const char_t *nextPayloadName;
640 
641  //Convert the Next Payload field to string representation
642  nextPayloadName = ikeGetParamName(header->nextPayload,
643  ikePayloadList, arraysize(ikePayloadList));
644 
645  //Dump generic payload header
646  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
647  TRACE_DEBUG(" Critical = %" PRIu8 "\r\n", header->critical);
648  TRACE_DEBUG(" Payload Length = %" PRIu16 "\r\n", ntohs(header->payloadLength));
649 }
650 
651 
652 /**
653  * @brief Dump Security Association payload
654  * @param[in] payload Pointer to the payload to dump
655  * @param[in] length Length of the payload, in bytes
656  **/
657 
658 void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
659 {
660  size_t n;
661  const uint8_t *p;
662  const IkeProposal *proposal;
663 
664  //Check the length of the payload
665  if(length < sizeof(IkeSaPayload))
666  return;
667 
668  //Point to the first byte of the Proposals field
669  p = payload->proposals;
670  //Determine the length of the Proposals field
671  length -= sizeof(IkeSaPayload);
672 
673  //The Security Association payload contains one or more Proposal
674  //substructures
675  while(length >= sizeof(IkeProposal))
676  {
677  //Point to the Proposal substructure
678  proposal = (IkeProposal *) p;
679 
680  //The Proposal Length field indicates the length of this proposal,
681  //including all transforms and attributes that follow
682  n = ntohs(proposal->proposalLength);
683 
684  //Debug message
685  TRACE_DEBUG(" Proposal (%" PRIuSIZE " bytes)\r\n", n);
686 
687  //Check the length of the proposal
688  if(n < sizeof(IkeProposal) || n > length)
689  break;
690 
691  //Dump Proposal substructure
692  ikeDumpProposal(proposal, n);
693 
694  //Jump to the next proposal
695  p += n;
696  length -= n;
697  }
698 }
699 
700 
701 /**
702  * @brief Dump Proposal substructure
703  * @param[in] proposal Pointer to the Proposal substructure to dump
704  * @param[in] length Length of the proposal, in bytes
705  **/
706 
707 void ikeDumpProposal(const IkeProposal *proposal, size_t length)
708 {
709  uint_t i;
710  size_t n;
711  const uint8_t *p;
712  const char_t *lastSubstrucName;
713  const char_t *protocolIdName;
714  const IkeTransform *transform;
715 
716  //Check the length of the Proposal substructure
717  if(length < sizeof(IkeProposal))
718  return;
719 
720  //The Last Substruc field specifies whether or not this is the last
721  //Proposal Substructure in the SA
722  lastSubstrucName = ikeGetParamName(proposal->lastSubstruc,
723  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
724 
725  //The Protocol ID specifies the IPsec protocol identifier for the
726  //current negotiation
727  protocolIdName = ikeGetParamName(proposal->protocolId,
728  ikeProtocolIdList, arraysize(ikeProtocolIdList));
729 
730  //Dump Proposal substructure
731  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
732  proposal->lastSubstruc, lastSubstrucName);
733 
734  TRACE_DEBUG(" Proposal Length = %" PRIu16 "\r\n",
735  ntohs(proposal->proposalLength));
736 
737  TRACE_DEBUG(" Proposal Num = %" PRIu8 "\r\n", proposal->proposalNum);
738 
739  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
740  proposal->protocolId, protocolIdName);
741 
742  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", proposal->spiSize);
743  TRACE_DEBUG(" Num Transforms = %" PRIu8 "\r\n", proposal->numTransforms);
744 
745  //Malformed substructure?
746  if(length < (sizeof(IkeProposal) + proposal->spiSize))
747  return;
748 
749  //Dump SPI
750  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", proposal->spiSize);
751  TRACE_DEBUG_ARRAY(" ", proposal->spi, proposal->spiSize);
752 
753  //Point to the first byte of the Transforms field
754  p = (uint8_t *) proposal + sizeof(IkeProposal) + proposal->spiSize;
755  //Determine the length of the Transforms field
756  length -= sizeof(IkeProposal) + proposal->spiSize;
757 
758  //The Transforms field contains one or more Transform substructures
759  for(i = 1; i <= proposal->numTransforms; i++)
760  {
761  //Malformed substructure?
762  if(length < sizeof(IkeTransform))
763  break;
764 
765  //Point to the Transform substructure
766  transform = (IkeTransform *) p;
767 
768  //The Transform Length field indicates the length of the Transform
769  //substructure including header and attributes
770  n = ntohs(transform->transformLength);
771 
772  //Debug message
773  TRACE_DEBUG(" Transform %u (%" PRIuSIZE " bytes)\r\n", i, n);
774 
775  //Check the length of the transform
776  if(n < sizeof(IkeTransform) || n > length)
777  break;
778 
779  //Dump Transform substructure
780  ikeDumpTransform(transform, n);
781 
782  //Jump to the next transform
783  p += n;
784  length -= n;
785  }
786 }
787 
788 
789 /**
790  * @brief Dump Transform substructure
791  * @param[in] transform Pointer to the Transform substructure to dump
792  * @param[in] length Length of the transform, in bytes
793  **/
794 
795 void ikeDumpTransform(const IkeTransform *transform, size_t length)
796 {
797  error_t error;
798  uint_t i;
799  size_t n;
800  uint16_t transformId;
801  const uint8_t *p;
802  const char_t *lastSubstrucName;
803  const char_t *transformName;
804  const char_t *algoName;
805  const IkeTransformAttr *attr;
806 
807  //Check the length of the Transform substructure
808  if(length < sizeof(IkeTransform))
809  return;
810 
811  //The Last Substruc field specifies whether or not this is the last
812  //Proposal Substructure in the SA
813  lastSubstrucName = ikeGetParamName(transform->lastSubstruc,
814  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
815 
816  //Retrieve the type of transform being specified in this transform
817  transformName = ikeGetParamName(transform->transformType,
818  ikeTransformTypeList, arraysize(ikeTransformTypeList));
819 
820  //Dump Transform substructure
821  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
822  transform->lastSubstruc, lastSubstrucName);
823 
824  TRACE_DEBUG(" Transform Length = %" PRIu16 "\r\n",
825  ntohs(transform->transformLength));
826 
827  TRACE_DEBUG(" Transform Type = %" PRIu8 " (%s)\r\n",
828  transform->transformType, transformName);
829 
830  //Convert the Transform ID field to host byte order
831  transformId = ntohs(transform->transformId);
832 
833  //Check transform type
834  if(transform->transformType == IKE_TRANSFORM_TYPE_ENCR)
835  {
836  //Transform type 1 (encryption algorithm)
837  algoName = ikeGetParamName(transformId, ikeEncrAlgoList,
838  arraysize(ikeEncrAlgoList));
839  }
840  else if(transform->transformType == IKE_TRANSFORM_TYPE_PRF)
841  {
842  //Transform type 2 (pseudorandom functions)
843  algoName = ikeGetParamName(transformId, ikePrfAlgoList,
844  arraysize(ikePrfAlgoList));
845  }
846  else if(transform->transformType == IKE_TRANSFORM_TYPE_INTEG)
847  {
848  //Transform type 3 (integrity algorithm)
849  algoName = ikeGetParamName(transformId, ikeAuthAlgoList,
850  arraysize(ikeAuthAlgoList));
851  }
852  else if(transform->transformType == IKE_TRANSFORM_TYPE_DH)
853  {
854  //Transform type 4 (Diffie-Hellman group)
855  algoName = ikeGetParamName(transformId, ikeDhGroupList,
856  arraysize(ikeDhGroupList));
857  }
858  else if(transform->transformType == IKE_TRANSFORM_TYPE_ESN)
859  {
860  //Transform type 5 (extended sequence numbers)
861  algoName = ikeGetParamName(transformId, ikeEsnList,
862  arraysize(ikeEsnList));
863  }
864  else
865  {
866  //Unknown transform
867  algoName = "Unknown";
868  }
869 
870  //Dump Transform ID field
871  TRACE_DEBUG(" Transform ID = %" PRIu16 " (%s)\r\n",
872  transformId, algoName);
873 
874  //Point to the first byte of the Transform Attributes field
875  p = transform->transformAttr;
876  //Get the length of the Transform Attributes field
877  length -= sizeof(IkeTransform);
878 
879  //The Transform Attributes field contains one or more attributes
880  for(i = 1; ; i++)
881  {
882  //Malformed attribute?
883  if(length < sizeof(IkeTransformAttr))
884  break;
885 
886  //Point to the transform attribute
887  attr = (IkeTransformAttr *) p;
888 
889  //Debug message
890  TRACE_DEBUG(" Transform Attribute %u\r\n", i);
891 
892  //Dump transform attribute
893  error = ikeDumpTransformAttr(attr, length, &n);
894  //Any error to report?
895  if(error)
896  break;
897 
898  //Jump to the next attribute
899  p += n;
900  length -= n;
901  }
902 }
903 
904 
905 /**
906  * @brief Dump transform attribute
907  * @param[in] attr Pointer to the transform attribute to dump
908  * @param[in] length Number of bytes available in the input stream
909  * @param[out] consumed Total number of characters that have been consumed
910  * @return Error code
911  **/
912 
913 error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length,
914  size_t *consumed)
915 {
916  size_t n;
917  uint16_t attrFormat;
918  uint16_t attrType;
919  const char_t *attrFormatName;
920  const char_t *attrTypeName;
921 
922  //Malformed attribute?
923  if(length < sizeof(IkeTransformAttr))
924  return ERROR_INVALID_SYNTAX;
925 
926  //Retrieve the format of the attribute
927  attrFormat = (ntohs(attr->type) & 0x8000) >> 15;
928  //Retrieve the type of the attribute
929  attrType = ntohs(attr->type) & 0x7FFF;
930 
931  //The AF field indicates whether the data attribute follows the TLV
932  //format or a shortened TV format
933  attrFormatName = ikeGetParamName(ntohs(attr->type) & 0x8000,
934  ikeAttrFormatList, arraysize(ikeAttrFormatList));
935 
936  //The Attribute Type field is a unique identifier for each type of
937  //attribute
938  attrTypeName = ikeGetParamName(attrType, ikeAttrTypeList,
939  arraysize(ikeAttrTypeList));
940 
941  //Dump Transform Attribute
942  TRACE_DEBUG(" Attribute Format = %" PRIu16 " (%s)\r\n",
943  attrFormat, attrFormatName);
944 
945  TRACE_DEBUG(" Attribute Type = %" PRIu16 " (%s)\r\n",
946  attrType, attrTypeName);
947 
948  //Check the format of the attribute
949  if((ntohs(attr->type) & IKE_ATTR_FORMAT_TV) != 0)
950  {
951  //If the AF bit is set, then the attribute value has a fixed length
952  n = 0;
953 
954  //Dump attribute value
955  TRACE_DEBUG(" Attribute Value = %" PRIu16 "\r\n",
956  ntohs(attr->length));
957  }
958  else
959  {
960  //If the AF bit is not set, then this attribute has a variable length
961  //defined by the Attribute Length field
962  n = ntohs(attr->length);
963 
964  //Dump attribute length
965  TRACE_DEBUG(" Attribute Length = %" PRIu16 "\r\n", n);
966 
967  //Malformed attribute?
968  if(length < (sizeof(IkeTransformAttr) + n))
969  return ERROR_INVALID_SYNTAX;
970 
971  //Dump attribute value
972  TRACE_DEBUG(" Attribute Value (%" PRIuSIZE " bytes)\r\n", n);
973  TRACE_DEBUG_ARRAY(" ", attr->value, n);
974  }
975 
976  //Total number of bytes that have been consumed
977  *consumed = sizeof(IkeTransformAttr) + n;
978 
979  //Parsing was successful
980  return NO_ERROR;
981 }
982 
983 
984 /**
985  * @brief Dump Key Exchange payload
986  * @param[in] payload Pointer to the payload to dump
987  * @param[in] length Length of the payload, in bytes
988  **/
989 
990 void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
991 {
992  size_t n;
993  uint16_t groupNum;
994  const char_t *groupName;
995 
996  //Check the length of the payload
997  if(length < sizeof(IkeKePayload))
998  return;
999 
1000  //Determine the length of the Key Exchange Data field
1001  n = length - sizeof(IkeKePayload);
1002 
1003  //The Diffie-Hellman Group Num identifies the Diffie-Hellman group in
1004  //which the Key Exchange Data was computed
1005  groupNum = ntohs(payload->dhGroupNum);
1006 
1007  //Convert the Diffie-Hellman Group Num field to string representation
1008  groupName = ikeGetParamName(groupNum, ikeDhGroupList,
1009  arraysize(ikeDhGroupList));
1010 
1011  //Dump Diffie-Hellman Group Num field
1012  TRACE_DEBUG(" Diffie-Hellman Group Num = 0x%" PRIX16 " (%s)\r\n",
1013  groupNum, groupName);
1014 
1015  //Dump Key Exchange Data field
1016  TRACE_DEBUG(" Key Exchange Data (%" PRIuSIZE " bytes)\r\n", n);
1017  TRACE_DEBUG_ARRAY(" ", payload->keyExchangeData, n);
1018 }
1019 
1020 
1021 /**
1022  * @brief Dump Identification payload
1023  * @param[in] payload Pointer to the payload to dump
1024  * @param[in] length Length of the payload, in bytes
1025  **/
1026 
1027 void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
1028 {
1029  const char_t *idTypeName;
1030 
1031  //Check the length of the payload
1032  if(length < sizeof(IkeIdPayload))
1033  return;
1034 
1035  //The ID Type field specifies the type of Identification being used
1036  idTypeName = ikeGetParamName(payload->idType, ikeIdTypeList,
1037  arraysize(ikeIdTypeList));
1038 
1039  //Dump ID Type field
1040  TRACE_DEBUG(" ID Type = %" PRIu8 " (%s)\r\n", payload->idType,
1041  idTypeName);
1042 
1043  //The Identification Data field has a variable length
1044  length -= sizeof(IkeIdPayload);
1045 
1046  //Dump Identification Data field
1047  TRACE_DEBUG(" Identification Data (%" PRIuSIZE " bytes)\r\n", length);
1048 
1049 #if (IPV4_SUPPORT == ENABLED)
1050  //IPv4 address?
1051  if(payload->idType == IKE_ID_TYPE_IPV4_ADDR && length == sizeof(Ipv4Addr))
1052  {
1053  Ipv4Addr ipv4Addr;
1054 
1055  //Copy IPv4 address
1056  ipv4CopyAddr(&ipv4Addr, payload->idData);
1057  //Dump IPv4 address
1058  TRACE_DEBUG(" %s\r\n", ipv4AddrToString(ipv4Addr, NULL));
1059  }
1060  else
1061 #endif
1062 #if (IPV6_SUPPORT == ENABLED)
1063  //IPv4 address?
1064  if(payload->idType == IKE_ID_TYPE_IPV6_ADDR && length == sizeof(Ipv6Addr))
1065  {
1066  Ipv6Addr ipv6Addr;
1067 
1068  //Copy IPv6 address
1069  ipv6CopyAddr(&ipv6Addr, payload->idData);
1070  //Dump IPv6 address
1071  TRACE_DEBUG(" %s\r\n", ipv6AddrToString(&ipv6Addr, NULL));
1072  }
1073  else
1074 #endif
1075  {
1076  //Dump Identification Data field
1077  TRACE_DEBUG_ARRAY(" ", payload->idData, length);
1078  }
1079 }
1080 
1081 
1082 /**
1083  * @brief Dump Certificate payload
1084  * @param[in] payload Pointer to the payload to dump
1085  * @param[in] length Length of the payload, in bytes
1086  **/
1087 
1088 void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
1089 {
1090  const char_t *certEncodingName;
1091 
1092  //Check the length of the payload
1093  if(length < sizeof(IkeCertPayload))
1094  return;
1095 
1096  //The Certificate Encoding field indicates the type of certificate or
1097  //certificate-related information contained in the Certificate Data field
1098  certEncodingName = ikeGetParamName(payload->certEncoding,
1099  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1100 
1101  //Dump Certificate Encoding field
1102  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1103  payload->certEncoding, certEncodingName);
1104 
1105  //The Certificate Data field has a variable length
1106  length -= sizeof(IkeCertPayload);
1107 
1108  //Dump Certificate Data field
1109  TRACE_DEBUG(" Certificate Data (%" PRIuSIZE " bytes)\r\n", length);
1110  TRACE_DEBUG_ARRAY(" ", payload->certData, length);
1111 }
1112 
1113 
1114 /**
1115  * @brief Dump Certificate Request payload
1116  * @param[in] payload Pointer to the payload to dump
1117  * @param[in] length Length of the payload, in bytes
1118  **/
1119 
1120 void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
1121 {
1122  const char_t *certEncodingName;
1123 
1124  //Check the length of the payload
1125  if(length < sizeof(IkeCertReqPayload))
1126  return;
1127 
1128  //The Certificate Encoding field contains an encoding of the type or
1129  //format of certificate requested
1130  certEncodingName = ikeGetParamName(payload->certEncoding,
1131  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1132 
1133  //Dump Certificate Encoding field
1134  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1135  payload->certEncoding, certEncodingName);
1136 
1137  //The Certification Authority field has a variable length
1138  length -= sizeof(IkeCertReqPayload);
1139 
1140  //Dump Certification Authority field
1141  TRACE_DEBUG(" Certification Authority (%" PRIuSIZE " bytes)\r\n", length);
1142  TRACE_DEBUG_ARRAY(" ", payload->certAuthority, length);
1143 }
1144 
1145 
1146 /**
1147  * @brief Dump Authentication payload
1148  * @param[in] payload Pointer to the payload to dump
1149  * @param[in] length Length of the payload, in bytes
1150  **/
1151 
1152 void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
1153 {
1154  size_t n;
1155  const char_t *authMethodName;
1156 
1157  //Check the length of the payload
1158  if(length < sizeof(IkeAuthPayload))
1159  return;
1160 
1161  //The Auth Method field specifies the method of authentication used
1162  authMethodName = ikeGetParamName(payload->authMethod, ikeAuthMethodList,
1163  arraysize(ikeAuthMethodList));
1164 
1165  //Dump Auth Method field
1166  TRACE_DEBUG(" Auth Method = %" PRIu8 " (%s)\r\n",
1167  payload->authMethod, authMethodName);
1168 
1169  //The Authentication Data field has a variable length
1170  n = length - sizeof(IkeAuthPayload);
1171 
1172  //Dump Authentication Data field
1173  TRACE_DEBUG(" Auth Data (%" PRIuSIZE " bytes)\r\n", n);
1174  TRACE_DEBUG_ARRAY(" ", payload->authData, n);
1175 }
1176 
1177 
1178 /**
1179  * @brief Dump Nonce payload
1180  * @param[in] payload Pointer to the payload to dump
1181  * @param[in] length Length of the payload, in bytes
1182  **/
1183 
1184 void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
1185 {
1186  size_t n;
1187 
1188  //Check the length of the payload
1189  if(length < sizeof(IkeNoncePayload))
1190  return;
1191 
1192  //The size of the Nonce Data must be between 16 and 256 octets, inclusive
1193  n = length - sizeof(IkeNoncePayload);
1194 
1195  //Dump Nonce Data field
1196  TRACE_DEBUG(" Nonce (%" PRIuSIZE " bytes)\r\n", n);
1197  TRACE_DEBUG_ARRAY(" ", payload->nonceData, n);
1198 }
1199 
1200 
1201 /**
1202  * @brief Dump Notify payload
1203  * @param[in] payload Pointer to the payload to dump
1204  * @param[in] length Length of the payload, in bytes
1205  **/
1206 
1207 void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
1208 {
1209  size_t n;
1210  const uint8_t *p;
1211  const char_t *protocolIdName;
1212  const char_t *notifyMsgName;
1213 
1214  //Check the length of the payload
1215  if(length < sizeof(IkeNotifyPayload))
1216  return;
1217 
1218  //Check the length of the SPI
1219  if(length < (sizeof(IkeNotifyPayload) + payload->spiSize))
1220  return;
1221 
1222  //Convert the Protocol ID to string representation
1223  protocolIdName = ikeGetParamName(payload->protocolId,
1224  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1225 
1226  //Convert the Notify Message Type to string representation
1227  notifyMsgName = ikeGetParamName(ntohs(payload->notifyMsgType),
1228  ikeNotifyMsgTypeList, arraysize(ikeNotifyMsgTypeList));
1229 
1230  //Dump Notify payload
1231  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1232  payload->protocolId, protocolIdName);
1233 
1234  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1235 
1236  TRACE_DEBUG(" Notify Message Type = %" PRIu16 " (%s)\r\n",
1237  ntohs(payload->notifyMsgType), notifyMsgName);
1238 
1239  //Dump SPI field
1240  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", payload->spiSize);
1241 
1242  if(payload->spiSize > 0)
1243  {
1244  TRACE_DEBUG_ARRAY(" ", payload->spi, payload->spiSize);
1245  }
1246 
1247  //The Notification Data field has a variable length
1248  p = payload->spi + payload->spiSize;
1249  n = length - sizeof(IkeNotifyPayload) - payload->spiSize;
1250 
1251  //Dump Notification Data field
1252  TRACE_DEBUG(" Notification Data (%" PRIuSIZE " bytes)\r\n", n);
1253 
1254  if(n > 0)
1255  {
1256  TRACE_DEBUG_ARRAY(" ", p, n);
1257  }
1258 }
1259 
1260 
1261 /**
1262  * @brief Dump Delete payload
1263  * @param[in] payload Pointer to the payload to dump
1264  * @param[in] length Length of the payload, in bytes
1265  **/
1266 
1267 void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
1268 {
1269  size_t n;
1270  const char_t *protocolIdName;
1271 
1272  //Check the length of the payload
1273  if(length < sizeof(IkeDeletePayload))
1274  return;
1275 
1276  //Convert the Protocol ID to string representation
1277  protocolIdName = ikeGetParamName(payload->protocolId,
1278  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1279 
1280  //Dump Delete payload
1281  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1282  payload->protocolId, protocolIdName);
1283 
1284  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1285 
1286  TRACE_DEBUG(" Number Of SPIs = %" PRIu16 "\r\n", ntohs(payload->numSpi));
1287 
1288  //The SPIs field has a variable length
1289  n = length - sizeof(IkeDeletePayload);
1290 
1291  //Dump SPIs field
1292  TRACE_DEBUG(" SPIs (%" PRIuSIZE " bytes)\r\n", n);
1293 
1294  //The SPI size must be zero for IKE (SPI is in message header) or four
1295  //for AH and ESP
1296  if(n > 0)
1297  {
1298  TRACE_DEBUG_ARRAY(" ", payload->spi, n);
1299  }
1300 }
1301 
1302 
1303 /**
1304  * @brief Dump Traffic Selector payload
1305  * @param[in] payload Pointer to the payload to dump
1306  * @param[in] length Length of the payload, in bytes
1307  **/
1308 
1309 void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
1310 {
1311  uint_t i;
1312  size_t n;
1313  const uint8_t *p;
1314  const IkeTs *ts;
1315 
1316  //Check the length of the payload
1317  if(length < sizeof(IkeTsPayload))
1318  return;
1319 
1320  //Dump Number of TSs field
1321  TRACE_DEBUG(" Number of TSs = %" PRIu8 "\r\n", payload->numTs);
1322 
1323  //Point to the first byte of the Traffic Selectors field
1324  p = (uint8_t *) payload + sizeof(IkeProposal);
1325  //Determine the length of the Traffic Selectors field
1326  length -= sizeof(IkeTsPayload);
1327 
1328  //The Traffic Selectors field contains one or more Traffic Selector
1329  //substructures
1330  for(i = 1; i <= payload->numTs; i++)
1331  {
1332  //Malformed substructure?
1333  if(length < sizeof(IkeTs))
1334  break;
1335 
1336  //Point to the Traffic Selector substructure
1337  ts = (IkeTs *) p;
1338 
1339  //The Selector Length field indicates the length of the Traffic Selector
1340  //substructure including the header
1341  n = ntohs(ts->selectorLength);
1342 
1343  //Debug message
1344  TRACE_DEBUG(" Traffic Selector (%" PRIuSIZE " bytes)\r\n", n);
1345 
1346  //Check the length of the selector
1347  if(n < sizeof(IkeTs) || n > length)
1348  break;
1349 
1350  //Dump Traffic Selector substructure
1351  ikeDumpTs(ts, n);
1352 
1353  //Jump to the next selector
1354  p += n;
1355  length -= n;
1356  }
1357 }
1358 
1359 
1360 /**
1361  * @brief Dump Traffic Selector substructure
1362  * @param[in] ts Pointer to the Traffic Selector substructure to dump
1363  * @param[in] length Length of the selector, in bytes
1364  **/
1365 
1366 void ikeDumpTs(const IkeTs *ts, size_t length)
1367 {
1368  size_t n;
1369  const char_t *tsTypeName;
1370  const char_t *ipProtocolIdName;
1371 
1372  //Check the length of the Traffic Selector substructure
1373  if(length < sizeof(IkeTs))
1374  return;
1375 
1376  //Convert the TS Type to string representation
1377  tsTypeName = ikeGetParamName(ts->tsType, ikeTsTypeList,
1378  arraysize(ikeTsTypeList));
1379 
1380  //Convert the IP Protocol ID to string representation
1381  ipProtocolIdName = ikeGetParamName(ts->ipProtocolId, ikeIpProtocolIdList,
1382  arraysize(ikeIpProtocolIdList));
1383 
1384  //Dump Traffic Selector substructure
1385  TRACE_DEBUG(" TS Type = %" PRIu8 " (%s)\r\n", ts->tsType,
1386  tsTypeName);
1387 
1388  TRACE_DEBUG(" IP Protocol ID = %" PRIu8 " (%s)\r\n",
1389  ts->ipProtocolId, ipProtocolIdName);
1390 
1391  TRACE_DEBUG(" Selector Length = %" PRIu16 "\r\n",
1392  ntohs(ts->selectorLength));
1393 
1394  TRACE_DEBUG(" Start Port = %" PRIu16 "\r\n", ntohs(ts->startPort));
1395  TRACE_DEBUG(" End Port = %" PRIu16 "\r\n", ntohs(ts->endPort));
1396 
1397  //The length of the Starting Address and Ending Address fields are
1398  //determined by the Traffic Selector type
1399  n = length - sizeof(IkeTs);
1400 
1401 #if (IPV4_SUPPORT == ENABLED)
1402  //IPv4 address range?
1403  if(ts->tsType == IKE_TS_TYPE_IPV4_ADDR_RANGE &&
1404  n == (2 * sizeof(Ipv4Addr)))
1405  {
1406  Ipv4Addr ipv4StartAddr;
1407  Ipv4Addr ipv4EndAddr;
1408 
1409  //Copy IPv4 addresses
1410  ipv4CopyAddr(&ipv4StartAddr, ts->startAddr);
1411  ipv4CopyAddr(&ipv4EndAddr, ts->startAddr + sizeof(Ipv4Addr));
1412 
1413  //Dump IPv4 address range
1414  TRACE_DEBUG(" Starting Address = %s\r\n",
1415  ipv4AddrToString(ipv4StartAddr, NULL));
1416 
1417  TRACE_DEBUG(" Ending Address = %s\r\n",
1418  ipv4AddrToString(ipv4EndAddr, NULL));
1419  }
1420  else
1421 #endif
1422 #if (IPV6_SUPPORT == ENABLED)
1423  //IPv6 address range?
1424  if(ts->tsType == IKE_TS_TYPE_IPV6_ADDR_RANGE &&
1425  length == (2 * sizeof(Ipv6Addr)))
1426  {
1427  Ipv6Addr ipv6StartAddr;
1428  Ipv6Addr ipv6EndAddr;
1429 
1430  //Copy IPv6 addresses
1431  ipv6CopyAddr(&ipv6StartAddr, ts->startAddr);
1432  ipv6CopyAddr(&ipv6EndAddr, ts->startAddr + sizeof(Ipv6Addr));
1433 
1434  //Dump IPv6 address range
1435  TRACE_DEBUG(" Starting Address = %s\r\n",
1436  ipv6AddrToString(&ipv6StartAddr, NULL));
1437 
1438  TRACE_DEBUG(" Ending Address = %s\r\n",
1439  ipv6AddrToString(&ipv6EndAddr, NULL));
1440  }
1441  else
1442 #endif
1443  {
1444  //Just for sanity
1445  }
1446 }
1447 
1448 
1449 /**
1450  * @brief Dump Encrypted payload
1451  * @param[in] payload Pointer to the payload to dump
1452  * @param[in] length Length of the payload, in bytes
1453  **/
1454 
1455 void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
1456 {
1457  size_t n;
1458 
1459  //Check the length of the payload
1460  if(length < sizeof(IkeEncryptedPayload))
1461  return;
1462 
1463  //The Payload Length field indicates the length of the encrypted data
1464  n = length - sizeof(IkeEncryptedPayload);
1465 
1466  //Dump encrypted data
1467  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1468  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1469 
1470 }
1471 
1472 
1473 /**
1474  * @brief Dump Encrypted Fragment payload
1475  * @param[in] payload Pointer to the payload to dump
1476  * @param[in] length Length of the payload, in bytes
1477  **/
1478 
1479 void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload,
1480  size_t length)
1481 {
1482  size_t n;
1483 
1484  //Check the length of the payload
1485  if(length < sizeof(IkeEncryptedFragPayload))
1486  return;
1487 
1488  //The Payload Length field indicates the length of the encrypted data
1489  n = length - sizeof(IkeEncryptedFragPayload);
1490 
1491  //The Fragment Number field specifies the current Fragment message number
1492  TRACE_DEBUG(" Fragment Number = %" PRIu16 "\r\n",
1493  ntohs(payload->fragNum));
1494 
1495  //The Total Fragments field specifies the number of Fragment messages into
1496  //which the original message was divided
1497  TRACE_DEBUG(" Total Fragments = %" PRIu16 "\r\n",
1498  ntohs(payload->totalFrags));
1499 
1500  //Dump encrypted data
1501  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1502  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1503 }
1504 
1505 
1506 /**
1507  * @brief Convert a parameter to string representation
1508  * @param[in] value Parameter value
1509  * @param[in] paramList List of acceptable parameters
1510  * @param[in] paramListLen Number of entries in the list
1511  * @return NULL-terminated string describing the parameter
1512  **/
1513 
1514 const char_t *ikeGetParamName(uint_t value, const IkeParamName *paramList,
1515  size_t paramListLen)
1516 {
1517  uint_t i;
1518 
1519  //Default name for unknown values
1520  static const char_t defaultName[] = "Unknown";
1521 
1522  //Loop through the list of acceptable parameters
1523  for(i = 0; i < paramListLen; i++)
1524  {
1525  if(paramList[i].value == value)
1526  return paramList[i].name;
1527  }
1528 
1529  //Unknown value
1530  return defaultName;
1531 }
1532 
1533 #endif
ikeDumpPayloads
void ikeDumpPayloads(const uint8_t *payloads, size_t length, uint8_t nextPayload)
Dump IKE payloads.
Definition: ike_debug.c:511
IKE_TRANSFORM_ID_ENCR_AES_GCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_8
Definition: ike.h:810
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
@ IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
Definition: ike.h:863
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
@ IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
Definition: ike.h:1071
IKE_ID_TYPE_FC_NAME
@ IKE_ID_TYPE_FC_NAME
Definition: ike.h:953
IKE_TRANSFORM_ID_DH_GROUP_CURVE448
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE448
Curve448.
Definition: ike.h:901
ipv6AddrToString
char_t * ipv6AddrToString(const Ipv6Addr *ipAddr, char_t *str)
Convert a binary IPv6 address to a string representation.
Definition: ipv6.c:2329
IkeParamName
Parameter value/name binding.
Definition: ike_debug.h:49
ikeDumpTransformAttr
error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length, size_t *consumed)
Dump transform attribute.
Definition: ike_debug.c:913
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
Definition: ike.h:868
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
1024-bit MODP Group
Definition: ike.h:881
IKE_TRANSFORM_ID_DH_GROUP_ECP_192
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_192
192-bit Random ECP Group
Definition: ike.h:894
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
Definition: ike.h:1078
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
Definition: ike.h:857
IKE_TS_TYPE_IPV4_ADDR_RANGE
@ IKE_TS_TYPE_IPV4_ADDR_RANGE
Definition: ike.h:1099
IKE_TRANSFORM_ID_PRF_AES128_CMAC
@ IKE_TRANSFORM_ID_PRF_AES128_CMAC
Definition: ike.h:844
IKE_TRANSFORM_ID_ENCR_AES_CCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_16
Definition: ike.h:809
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
Definition: ike.h:1032
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
Definition: ike.h:823
IkeCertReqPayload
IkeCertReqPayload
Definition: ike.h:1390
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
Definition: ike.h:1010
IKE_TRANSFORM_ID_ENCR_AES_CTR
@ IKE_TRANSFORM_ID_ENCR_AES_CTR
Definition: ike.h:806
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
Definition: ike.h:1072
IKE_TRANSFORM_ID_DH_GROUP_NONE
@ IKE_TRANSFORM_ID_DH_GROUP_NONE
None.
Definition: ike.h:879
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
Definition: ike.h:1075
ikeDumpKePayload
void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
Dump Key Exchange payload.
Definition: ike_debug.c:990
IKE_NOTIFY_MSG_TYPE_INVALID_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_SPI
Definition: ike.h:1011
IKE_CERT_ENCODING_RAW_RSA_KEY
@ IKE_CERT_ENCODING_RAW_RSA_KEY
Raw RSA key (deprecated)
Definition: ike.h:973
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
@ IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
Definition: ike.h:1030
IKE_IP_PROTOCOL_ID_ICMP
@ IKE_IP_PROTOCOL_ID_ICMP
Definition: ike.h:1110
IKE_IP_PROTOCOL_ID_TCP
@ IKE_IP_PROTOCOL_ID_TCP
Definition: ike.h:1111
IKE_ID_TYPE_NULL
@ IKE_ID_TYPE_NULL
Definition: ike.h:954
IKE_NOTIFY_MSG_TYPE_REKEY_SA
@ IKE_NOTIFY_MSG_TYPE_REKEY_SA
Definition: ike.h:1038
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
Definition: ike.h:1025
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
Definition: ike.h:862
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
Definition: ike.h:1031
IKE_ID_TYPE_IPV4_ADDR
@ IKE_ID_TYPE_IPV4_ADDR
Definition: ike.h:946
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
@ IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
Definition: ike.h:1012
IKE_PAYLOAD_TYPE_CP
@ IKE_PAYLOAD_TYPE_CP
Configuration.
Definition: ike.h:742
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
Definition: ike.h:1043
IkeKePayload
IkeKePayload
Definition: ike.h:1353
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
Definition: ike.h:814
p
uint8_t p
Definition: ndp.h:300
IKE_ID_TYPE_DER_ASN1_DN
@ IKE_ID_TYPE_DER_ASN1_DN
Definition: ike.h:950
IKE_TRANSFORM_ID_ENCR_IDEA
@ IKE_TRANSFORM_ID_ENCR_IDEA
Definition: ike.h:799
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
Definition: ike.h:864
message
uint8_t message[]
Definition: chap.h:154
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
Definition: ike.h:856
IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
4096-bit MODP Group
Definition: ike.h:885
IKE_CERT_ENCODING_DNS_SIGNED_KEY
@ IKE_CERT_ENCODING_DNS_SIGNED_KEY
DNS signed key.
Definition: ike.h:966
IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
@ IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
More transform substructures.
Definition: ike.h:758
IKE_AUTH_METHOD_ECDSA_P521_SHA512
@ IKE_AUTH_METHOD_ECDSA_P521_SHA512
ECDSA with SHA-512 on the P-521 curve.
Definition: ike.h:992
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
2048-bit MODP Group
Definition: ike.h:883
ikeDumpSaPayload
void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
Dump Security Association payload.
Definition: ike_debug.c:658
IKE_NOTIFY_MSG_TYPE_PUZZLE
@ IKE_NOTIFY_MSG_TYPE_PUZZLE
Definition: ike.h:1079
IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
8192-bit MODP Group
Definition: ike.h:887
IkeNotifyPayload
IkeNotifyPayload
Definition: ike.h:1439
IKE_TRANSFORM_TYPE_DH
@ IKE_TRANSFORM_TYPE_DH
Diffie-Hellman Group.
Definition: ike.h:783
numTransforms
uint8_t numTransforms
Definition: ike.h:1310
IKE_TRANSFORM_ID_ESN_NO
@ IKE_TRANSFORM_ID_ESN_NO
No Extended Sequence Numbers.
Definition: ike.h:913
IKE_AUTH_METHOD_GSPAM
@ IKE_AUTH_METHOD_GSPAM
Generic Secure Password Authentication Method.
Definition: ike.h:993
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
Definition: ike.h:1045
IKE_TRANSFORM_ID_ENCR_CAST
@ IKE_TRANSFORM_ID_ENCR_CAST
Definition: ike.h:800
IKE_AUTH_METHOD_RSA
@ IKE_AUTH_METHOD_RSA
RSA Digital Signature.
Definition: ike.h:987
IKE_PROTOCOL_ID_AH
@ IKE_PROTOCOL_ID_AH
AH protocol.
Definition: ike.h:769
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
Definition: ike.h:816
Ipv6Addr
Ipv6Addr
Definition: ipv6.h:260
IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
@ IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
IKE_SESSION_RESUME.
Definition: ike.h:704
IKE_LAST_SUBSTRUC_LAST
@ IKE_LAST_SUBSTRUC_LAST
Last proposal/transform substructure.
Definition: ike.h:756
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
Definition: ike.h:1060
IkePayloadHeader
IkePayloadHeader
Definition: ike.h:1284
ikeDumpEncryptedPayload
void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
Dump Encrypted payload.
Definition: ike_debug.c:1455
IKE_PAYLOAD_TYPE_CERTREQ
@ IKE_PAYLOAD_TYPE_CERTREQ
Certificate Request.
Definition: ike.h:733
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
Definition: ike.h:818
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
Definition: ike.h:826
IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
@ IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
Definition: ike.h:1074
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
Definition: ike.h:865
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
@ IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
Definition: ike.h:1073
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
Definition: ike.h:1061
IKE_NOTIFY_MSG_TYPE_TICKET_NACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_NACK
Definition: ike.h:1057
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
Definition: ike.h:822
IKE_IP_PROTOCOL_ID_UDP
@ IKE_IP_PROTOCOL_ID_UDP
Definition: ike.h:1112
IKE_TRANSFORM_ID_ENCR_DES_IV64
@ IKE_TRANSFORM_ID_ENCR_DES_IV64
Definition: ike.h:795
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
Definition: ike.h:821
IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
@ IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
Hash and URL of X.509 bundle.
Definition: ike.h:975
IKE_AUTH_METHOD_NULL
@ IKE_AUTH_METHOD_NULL
NULL Authentication.
Definition: ike.h:994
IkeTransform
IkeTransform
Definition: ike.h:1328
IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
Curve25519.
Definition: ike.h:900
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
224-bit Brainpool ECP Group
Definition: ike.h:896
Ipv4Addr
uint32_t Ipv4Addr
IPv4 network address.
Definition: ipv4.h:297
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
@ IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
Definition: ike.h:1076
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
Definition: ike.h:819
IKE_ATTR_FORMAT_TV
@ IKE_ATTR_FORMAT_TV
shortened Type/Value format
Definition: ike.h:925
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
@ IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
Definition: ike.h:860
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
Definition: ike.h:842
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
@ IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
Definition: ike.h:1087
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
Definition: ike.h:1033
r
uint8_t r
Definition: ndp.h:346
IKE_TRANSFORM_TYPE_ESN
@ IKE_TRANSFORM_TYPE_ESN
Extended Sequence Numbers.
Definition: ike.h:784
ikeDumpEncryptedFragPayload
void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload, size_t length)
Dump Encrypted Fragment payload.
Definition: ike_debug.c:1479
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
@ IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
Definition: ike.h:1019
IKE_TRANSFORM_ID_DH_GROUP_ECP_224
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_224
224-bit Random ECP Group
Definition: ike.h:895
IKE_NOTIFY_MSG_TYPE_LINK_ID
@ IKE_NOTIFY_MSG_TYPE_LINK_ID
Definition: ike.h:1059
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
Definition: ike.h:1034
IKE_TRANSFORM_ID_ENCR_AES_CBC
@ IKE_TRANSFORM_ID_ENCR_AES_CBC
Definition: ike.h:805
IKE_PAYLOAD_TYPE_EAP
@ IKE_PAYLOAD_TYPE_EAP
Extensible Authentication.
Definition: ike.h:743
IKE_ID_TYPE_DER_ASN1_GN
@ IKE_ID_TYPE_DER_ASN1_GN
Definition: ike.h:951
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
@ IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
Key Length (in bits)
Definition: ike.h:935
IkeAuthPayload
IkeAuthPayload
Definition: ike.h:1403
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
Definition: ike.h:1018
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
Definition: ike.h:1068
IKE_EXCHANGE_TYPE_IKE_AUTH
@ IKE_EXCHANGE_TYPE_IKE_AUTH
IKE_AUTH.
Definition: ike.h:701
ikeDumpCertReqPayload
void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
Dump Certificate Request payload.
Definition: ike_debug.c:1120
IKE_ID_TYPE_IPV6_ADDR
@ IKE_ID_TYPE_IPV6_ADDR
Definition: ike.h:949
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
Definition: ike.h:1063
FALSE
#define FALSE
Definition: os_port.h:46
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
@ IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
Definition: ike.h:1020
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
@ IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
Definition: ike.h:1050
IKE_ATTR_FORMAT_TLV
@ IKE_ATTR_FORMAT_TLV
Type/Length/Value format.
Definition: ike.h:924
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
Definition: ike.h:1084
ike_debug.h
Data logging functions for debugging purpose (IKEv2)
IKE_FLAGS_I
@ IKE_FLAGS_I
Initiator flag.
Definition: ike.h:717
error_t
error_t
Error codes.
Definition: error.h:43
IKE_PAYLOAD_TYPE_SK
@ IKE_PAYLOAD_TYPE_SK
Encrypted and Authenticated.
Definition: ike.h:741
IKE_TRANSFORM_ID_DH_GROUP_MODP_768
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_768
768-bit MODP Group
Definition: ike.h:880
IkeIdPayload
IkeIdPayload
Definition: ike.h:1366
ikeDumpTs
void ikeDumpTs(const IkeTs *ts, size_t length)
Dump Traffic Selector substructure.
Definition: ike_debug.c:1366
IKE_PAYLOAD_TYPE_AUTH
@ IKE_PAYLOAD_TYPE_AUTH
Authentication.
Definition: ike.h:734
IKE_TRANSFORM_ID_ENCR_NULL
@ IKE_TRANSFORM_ID_ENCR_NULL
Definition: ike.h:804
IKE_PAYLOAD_TYPE_CERT
@ IKE_PAYLOAD_TYPE_CERT
Certificate.
Definition: ike.h:732
IkeTsPayload
IkeTsPayload
Definition: ike.h:1477
IKE_AUTH_METHOD_DIGITAL_SIGN
@ IKE_AUTH_METHOD_DIGITAL_SIGN
Digital Signature.
Definition: ike.h:995
IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
@ IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
IKE_INTERMEDIATE.
Definition: ike.h:705
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
Definition: ike.h:1047
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
Definition: ike.h:825
IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:672
ikeDumpPayloadHeader
void ikeDumpPayloadHeader(const IkePayloadHeader *header)
Dump generic payload header.
Definition: ike_debug.c:637
IKE_PROTOCOL_ID_ESP
@ IKE_PROTOCOL_ID_ESP
ESP protocol.
Definition: ike.h:770
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
@ IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
Definition: ike.h:1082
IKE_TRANSFORM_ID_PRF_HMAC_MD5
@ IKE_TRANSFORM_ID_PRF_HMAC_MD5
Definition: ike.h:837
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
Definition: ike.h:1081
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
@ IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
Definition: ike.h:1064
IKE_CERT_ENCODING_PGP_CERT
@ IKE_CERT_ENCODING_PGP_CERT
PGP certificate.
Definition: ike.h:965
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
512-bit Brainpool ECP Group
Definition: ike.h:899
IKE_IP_PROTOCOL_ID_ICMPV6
@ IKE_IP_PROTOCOL_ID_ICMPV6
Definition: ike.h:1113
IKE_TRANSFORM_ID_PRF_HMAC_SHA1
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA1
Definition: ike.h:838
IKE_CERT_ENCODING_X509_CERT_ATTR
@ IKE_CERT_ENCODING_X509_CERT_ATTR
X.509 certificate - attribute.
Definition: ike.h:972
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
Definition: ike.h:1041
IKE_TRANSFORM_ID_ENCR_AES_GCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_12
Definition: ike.h:811
IkeTransformAttr
IkeTransformAttr
Definition: ike.h:1340
IKE_CERT_ENCODING_OCSP_CONTENT
@ IKE_CERT_ENCODING_OCSP_CONTENT
OCSP Content.
Definition: ike.h:976
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
Definition: ike.h:820
IKE_PAYLOAD_TYPE_V
@ IKE_PAYLOAD_TYPE_V
Vendor ID.
Definition: ike.h:738
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
Definition: ike.h:824
IKE_PAYLOAD_TYPE_IDI
@ IKE_PAYLOAD_TYPE_IDI
Identification - Initiator.
Definition: ike.h:730
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
@ IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
Definition: ike.h:1053
IKE_TRANSFORM_ID_ENCR_BLOWFISH
@ IKE_TRANSFORM_ID_ENCR_BLOWFISH
Definition: ike.h:801
IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
1536-bit MODP Group
Definition: ike.h:882
IKE_TRANSFORM_TYPE_ENCR
@ IKE_TRANSFORM_TYPE_ENCR
Encryption Algorithm.
Definition: ike.h:780
IKE_TRANSFORM_ID_ENCR_DES_IV32
@ IKE_TRANSFORM_ID_ENCR_DES_IV32
Definition: ike.h:803
length
uint8_t length
Definition: tcp.h:368
IKE_TRANSFORM_ID_PRF_AES128_XCBC
@ IKE_TRANSFORM_ID_PRF_AES128_XCBC
Definition: ike.h:840
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
Definition: ike.h:861
IKE_CERT_ENCODING_HASH_URL_X509_CERT
@ IKE_CERT_ENCODING_HASH_URL_X509_CERT
Hash and URL of X.509 certificate.
Definition: ike.h:974
IkeHeader
IkeHeader
Definition: ike.h:1266
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
2048-bit MODP Group with 224-bit Prime Order Subgroup
Definition: ike.h:892
IKE_NOTIFY_MSG_TYPE_USE_PPK
@ IKE_NOTIFY_MSG_TYPE_USE_PPK
Definition: ike.h:1080
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
Definition: ike.h:1085
IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
@ IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
CREATE_CHILD_SA.
Definition: ike.h:702
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
Definition: ike.h:1058
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
@ IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
Definition: ike.h:1022
IKE_AUTH_METHOD_SHARED_KEY
@ IKE_AUTH_METHOD_SHARED_KEY
Shared Key Message Integrity Code.
Definition: ike.h:988
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
Definition: ike.h:1037
IKE_TRANSFORM_ID_DH_GROUP_ECP_384
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_384
384-bit Random ECP Group
Definition: ike.h:889
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
Definition: ike.h:841
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
Definition: ike.h:1039
IkeEncryptedPayload
IkeEncryptedPayload
Definition: ike.h:1503
IKE_CERT_ENCODING_CRL
@ IKE_CERT_ENCODING_CRL
Certificate revocation list.
Definition: ike.h:969
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
Definition: ike.h:1028
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
@ IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
Definition: ike.h:1040
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
Definition: ike.h:867
IkeDeletePayload
IkeDeletePayload
Definition: ike.h:1453
ikeDumpCertPayload
void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
Dump Certificate payload.
Definition: ike_debug.c:1088
IKE_TRANSFORM_ID_ENCR_DES
@ IKE_TRANSFORM_ID_ENCR_DES
Definition: ike.h:796
ike.h
IKEv2 (Internet Key Exchange Protocol)
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
Definition: ike.h:1027
ntohs
#define ntohs(value)
Definition: cpu_endian.h:421
IKE_TRANSFORM_ID_AUTH_KPDK_MD5
@ IKE_TRANSFORM_ID_AUTH_KPDK_MD5
Definition: ike.h:859
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
Definition: ike.h:866
IkeTs
IkeTs
Definition: ike.h:1492
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
@ IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
Definition: ike.h:813
ikeDumpDeletePayload
void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
Dump Delete payload.
Definition: ike_debug.c:1267
flags
uint8_t flags
Definition: tcp.h:351
TRACE_DEBUG
#define TRACE_DEBUG(...)
Definition: debug.h:107
IkeProposal
IkeProposal
Definition: ike.h:1312
char_t
char char_t
Definition: compiler_port.h:48
IKE_CERT_ENCODING_PKCS7_X509_CERT
@ IKE_CERT_ENCODING_PKCS7_X509_CERT
PKCS #7 wrapped X.509 certificate.
Definition: ike.h:964
IKE_PAYLOAD_TYPE_PS
@ IKE_PAYLOAD_TYPE_PS
Puzzle Solution.
Definition: ike.h:746
ikeDumpAuthPayload
void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
Dump Authentication payload.
Definition: ike_debug.c:1152
IKE_EXCHANGE_TYPE_IKE_SA_INIT
@ IKE_EXCHANGE_TYPE_IKE_SA_INIT
IKE_SA_INIT.
Definition: ike.h:700
IKE_PAYLOAD_TYPE_NONCE
@ IKE_PAYLOAD_TYPE_NONCE
Nonce.
Definition: ike.h:735
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
Definition: ike.h:1013
ikeDumpHeader
void ikeDumpHeader(const IkeHeader *header)
Dump IKE header.
Definition: ike_debug.c:407
ikeDumpProposal
void ikeDumpProposal(const IkeProposal *proposal, size_t length)
Dump Proposal substructure.
Definition: ike_debug.c:707
ipv6CopyAddr
#define ipv6CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv6.h:123
ikeDumpNoncePayload
void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
Dump Nonce payload.
Definition: ike_debug.c:1184
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:108
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
1024-bit MODP Group with 160-bit Prime Order Subgroup
Definition: ike.h:891
IKE_TRANSFORM_ID_ENCR_3DES
@ IKE_TRANSFORM_ID_ENCR_3DES
Definition: ike.h:797
IKE_TRANSFORM_ID_ENCR_AES_GCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16
Definition: ike.h:812
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
Definition: ike.h:1083
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
Definition: ike.h:1016
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
Definition: ike.h:1006
n
uint8_t n
Definition: dhcpv6_common.h:416
IKE_TRANSFORM_ID_PRF_HMAC_TIGER
@ IKE_TRANSFORM_ID_PRF_HMAC_TIGER
Definition: ike.h:839
IKE_PAYLOAD_TYPE_SKF
@ IKE_PAYLOAD_TYPE_SKF
Encrypted and Authenticated Fragment.
Definition: ike.h:745
IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
3072-bit MODP Group
Definition: ike.h:884
IkeCertPayload
IkeCertPayload
Definition: ike.h:1378
payload
uint8_t payload[]
Definition: ipv6.h:286
IKE_TRANSFORM_ID_ENCR_AES_CCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_12
Definition: ike.h:808
IKE_TRANSFORM_TYPE_PRF
@ IKE_TRANSFORM_TYPE_PRF
Pseudorandom Function.
Definition: ike.h:781
IKE_TRANSFORM_ID_ESN_YES
@ IKE_TRANSFORM_ID_ESN_YES
Extended Sequence Numbers.
Definition: ike.h:914
ikeDumpTransform
void ikeDumpTransform(const IkeTransform *transform, size_t length)
Dump Transform substructure.
Definition: ike_debug.c:795
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
Definition: ike.h:1054
IkeEncryptedFragPayload
IkeEncryptedFragPayload
Definition: ike.h:1566
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
@ IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
Definition: ike.h:1069
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
Definition: ike.h:815
IkeParamName::name
const char_t * name
Definition: ike_debug.h:51
IKE_CERT_ENCODING_ARL
@ IKE_CERT_ENCODING_ARL
Authority revocation list.
Definition: ike.h:970
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
@ IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
Definition: ike.h:1023
IKE_ID_TYPE_RFC822_ADDR
@ IKE_ID_TYPE_RFC822_ADDR
Definition: ike.h:948
transformId
uint16_t transformId
Definition: ike.h:1326
IKE_PROTOCOL_ID_IKE
@ IKE_PROTOCOL_ID_IKE
IKE protocol.
Definition: ike.h:768
value
uint8_t value[]
Definition: tcp.h:369
IKE_AUTH_METHOD_DSS
@ IKE_AUTH_METHOD_DSS
DSS Digital Signature.
Definition: ike.h:989
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
Definition: ike.h:1014
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
@ IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
Definition: ike.h:1024
IKE_TRANSFORM_ID_ENCR_3IDEA
@ IKE_TRANSFORM_ID_ENCR_3IDEA
Definition: ike.h:802
IKE_EXCHANGE_TYPE_INFORMATIONAL
@ IKE_EXCHANGE_TYPE_INFORMATIONAL
INFORMATIONAL.
Definition: ike.h:703
IKE_PAYLOAD_TYPE_LAST
@ IKE_PAYLOAD_TYPE_LAST
No Next Payload.
Definition: ike.h:727
IKE_LAST_SUBSTRUC_MORE_PROPOSALS
@ IKE_LAST_SUBSTRUC_MORE_PROPOSALS
More proposal substructures.
Definition: ike.h:757
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
@ IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
Definition: ike.h:1055
ikeGetParamName
const char_t * ikeGetParamName(uint_t value, const IkeParamName *paramList, size_t paramListLen)
Convert a parameter to string representation.
Definition: ike_debug.c:1514
IKE_CERT_ENCODING_SPKI_CERT
@ IKE_CERT_ENCODING_SPKI_CERT
SPKI certificate.
Definition: ike.h:971
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
@ IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
Definition: ike.h:1029
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
@ IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
Definition: ike.h:1017
IKE_PAYLOAD_TYPE_KE
@ IKE_PAYLOAD_TYPE_KE
Key Exchange.
Definition: ike.h:729
ERROR_INVALID_SYNTAX
@ ERROR_INVALID_SYNTAX
Definition: error.h:68
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
Definition: ike.h:1065
IKE_NOTIFY_MSG_TYPE_REDIRECT
@ IKE_NOTIFY_MSG_TYPE_REDIRECT
Definition: ike.h:1052
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
@ IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
Definition: ike.h:1048
nextPayload
uint8_t nextPayload
Definition: ike.h:1254
IKE_AUTH_METHOD_ECDSA_P256_SHA256
@ IKE_AUTH_METHOD_ECDSA_P256_SHA256
ECDSA with SHA-256 on the P-256 curve.
Definition: ike.h:990
IKE_NOTIFY_MSG_TYPE_COOKIE
@ IKE_NOTIFY_MSG_TYPE_COOKIE
Definition: ike.h:1035
ipv4CopyAddr
#define ipv4CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv4.h:155
IKE_ID_TYPE_KEY_ID
@ IKE_ID_TYPE_KEY_ID
Definition: ike.h:952
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
Definition: ike.h:1066
IKE_FLAGS_R
@ IKE_FLAGS_R
Response flag.
Definition: ike.h:715
IKE_PAYLOAD_TYPE_TSI
@ IKE_PAYLOAD_TYPE_TSI
Traffic Selector - Initiator.
Definition: ike.h:739
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
Definition: ike.h:1036
IKE_CERT_ENCODING_X509_CERT_SIGN
@ IKE_CERT_ENCODING_X509_CERT_SIGN
X.509 certificate - signature.
Definition: ike.h:967
IkeNoncePayload
IkeNoncePayload
Definition: ike.h:1425
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
Definition: ike.h:1015
IKE_TRANSFORM_ID_AUTH_DES_MAC
@ IKE_TRANSFORM_ID_AUTH_DES_MAC
Definition: ike.h:858
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
2048-bit MODP Group with 256-bit Prime Order Subgroup
Definition: ike.h:893
IKE_TRANSFORM_ID_DH_GROUP_ECP_256
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_256
256-bit Random ECP Group
Definition: ike.h:888
IKE_NOTIFY_MSG_TYPE_TICKET_ACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_ACK
Definition: ike.h:1056
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
Definition: ike.h:1051
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
Definition: ike.h:1049
IKE_PAYLOAD_TYPE_IDR
@ IKE_PAYLOAD_TYPE_IDR
Identification - Responder.
Definition: ike.h:731
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
Definition: ike.h:1086
PRIuSIZE
#define PRIuSIZE
Definition: compiler_port.h:143
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
Definition: ike.h:869
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
IKE_PAYLOAD_TYPE_D
@ IKE_PAYLOAD_TYPE_D
Delete.
Definition: ike.h:737
ikeDumpNotifyPayload
void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
Dump Notify payload.
Definition: ike_debug.c:1207
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
@ IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
Definition: ike.h:1062
IKE_NOTIFY_MSG_TYPE_COOKIE2
@ IKE_NOTIFY_MSG_TYPE_COOKIE2
Definition: ike.h:1046
IKE_PAYLOAD_TYPE_SA
@ IKE_PAYLOAD_TYPE_SA
Security Association.
Definition: ike.h:728
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
Definition: ike.h:1026
IKE_TRANSFORM_ID_AUTH_NONE
@ IKE_TRANSFORM_ID_AUTH_NONE
Definition: ike.h:855
ipv4AddrToString
char_t * ipv4AddrToString(Ipv4Addr ipAddr, char_t *str)
Convert a binary IPv4 address to dot-decimal notation.
Definition: ipv4.c:1457
IKE_FLAGS_V
@ IKE_FLAGS_V
Version flag.
Definition: ike.h:716
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
@ IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
Definition: ike.h:1070
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
384-bit Brainpool ECP Group
Definition: ike.h:898
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
@ IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
Definition: ike.h:1008
IKE_CERT_ENCODING_KERBEROS_TOKEN
@ IKE_CERT_ENCODING_KERBEROS_TOKEN
Kerberos token.
Definition: ike.h:968
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
Definition: ike.h:1067
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
Definition: ike.h:1044
ikeDumpMessage
void ikeDumpMessage(const uint8_t *message, size_t length)
Dump IKE message.
Definition: ike_debug.c:379
ikeDumpIdPayload
void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
Dump Identification payload.
Definition: ike_debug.c:1027
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
Definition: ike.h:1007
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
Definition: ike.h:1021
IKE_TRANSFORM_ID_DH_GROUP_ECP_521
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_521
521-bit Random ECP Group
Definition: ike.h:890
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
Definition: ike.h:1077
IKE_AUTH_METHOD_ECDSA_P384_SHA384
@ IKE_AUTH_METHOD_ECDSA_P384_SHA384
ECDSA with SHA-384 on the P-384 curve.
Definition: ike.h:991
IKE_TRANSFORM_ID_ENCR_RC5
@ IKE_TRANSFORM_ID_ENCR_RC5
Definition: ike.h:798
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
Definition: ike.h:1042
IKE_PAYLOAD_TYPE_N
@ IKE_PAYLOAD_TYPE_N
Notify.
Definition: ike.h:736
ntohl
#define ntohl(value)
Definition: cpu_endian.h:422
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
256-bit Brainpool ECP Group
Definition: ike.h:897
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
Definition: ike.h:843
IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
6144-bit MODP Group
Definition: ike.h:886
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
IKE_TS_TYPE_IPV6_ADDR_RANGE
@ IKE_TS_TYPE_IPV6_ADDR_RANGE
Definition: ike.h:1100
debug.h
Debugging facilities.
IKE_ID_TYPE_FQDN
@ IKE_ID_TYPE_FQDN
Definition: ike.h:947
ikeDumpFlags
void ikeDumpFlags(uint8_t flags)
Dump flags.
Definition: ike_debug.c:438
IkeSaPayload
IkeSaPayload
Definition: ike.h:1295
IKE_CERT_ENCODING_RAW_PUBLIC_KEY
@ IKE_CERT_ENCODING_RAW_PUBLIC_KEY
Raw Public Key.
Definition: ike.h:977
arraysize
#define arraysize(a)
Definition: os_port.h:71
IKE_PAYLOAD_TYPE_GSPM
@ IKE_PAYLOAD_TYPE_GSPM
Generic Secure Password Method.
Definition: ike.h:744
IKE_PAYLOAD_TYPE_TSR
@ IKE_PAYLOAD_TYPE_TSR
Traffic Selector - Responder.
Definition: ike.h:740
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
@ IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
Definition: ike.h:1009
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
Definition: ike.h:817
IKE_TRANSFORM_ID_ENCR_AES_CCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8
Definition: ike.h:807
ikeDumpTsPayload
void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
Dump Traffic Selector payload.
Definition: ike_debug.c:1309
IKE_TRANSFORM_TYPE_INTEG
@ IKE_TRANSFORM_TYPE_INTEG
Integrity Algorithm.
Definition: ike.h:782