ike_debug.c
Go to the documentation of this file.
1 /**
2  * @file ike_debug.c
3  * @brief Data logging functions for debugging purpose (IKEv2)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL IKE_TRACE_LEVEL
33 
34 //Dependencies
35 #include "ike/ike.h"
36 #include "ike/ike_debug.h"
37 #include "debug.h"
38 
39 //Check IKEv2 library configuration
40 #if (IKE_SUPPORT == ENABLED && IKE_TRACE_LEVEL >= TRACE_LEVEL_DEBUG)
41 
42 //Exchange types
43 static const IkeParamName ikeExchangeTypeList[] =
44 {
45  {IKE_EXCHANGE_TYPE_IKE_SA_INIT, "IKE_SA_INIT"},
46  {IKE_EXCHANGE_TYPE_IKE_AUTH, "IKE_AUTH"},
47  {IKE_EXCHANGE_TYPE_CREATE_CHILD_SA, "CREATE_CHILD_SA"},
48  {IKE_EXCHANGE_TYPE_INFORMATIONAL, "INFORMATIONAL"},
49  {IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME, "IKE_SESSION_RESUME"},
50  {IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE, "IKE_INTERMEDIATE"}
51 };
52 
53 //Payload types
54 static const IkeParamName ikePayloadList[] =
55 {
56  {IKE_PAYLOAD_TYPE_LAST, "No Next Payload"},
57  {IKE_PAYLOAD_TYPE_SA, "Security Association"},
58  {IKE_PAYLOAD_TYPE_KE, "Key Exchange"},
59  {IKE_PAYLOAD_TYPE_IDI, "Identification - Initiator"},
60  {IKE_PAYLOAD_TYPE_IDR, "Identification - Responder"},
61  {IKE_PAYLOAD_TYPE_CERT, "Certificate"},
62  {IKE_PAYLOAD_TYPE_CERTREQ, "Certificate Request"},
63  {IKE_PAYLOAD_TYPE_AUTH, "Authentication"},
64  {IKE_PAYLOAD_TYPE_NONCE, "Nonce"},
65  {IKE_PAYLOAD_TYPE_N, "Notify"},
66  {IKE_PAYLOAD_TYPE_D, "Delete"},
67  {IKE_PAYLOAD_TYPE_V, "Vendor ID"},
68  {IKE_PAYLOAD_TYPE_TSI, "Traffic Selector - Initiator"},
69  {IKE_PAYLOAD_TYPE_TSR, "Traffic Selector - Responder"},
70  {IKE_PAYLOAD_TYPE_SK, "Encrypted and Authenticated"},
71  {IKE_PAYLOAD_TYPE_CP, "Configuration"},
72  {IKE_PAYLOAD_TYPE_EAP, "Extensible Authentication"},
73  {IKE_PAYLOAD_TYPE_GSPM, "Generic Secure Password Method"},
74  {IKE_PAYLOAD_TYPE_SKF, "Encrypted and Authenticated Fragment"},
75  {IKE_PAYLOAD_TYPE_PS, "Puzzle Solution"}
76 };
77 
78 //Last Substruc values
79 static const IkeParamName ikeLastSubstrucList[] =
80 {
81  {IKE_LAST_SUBSTRUC_LAST, "Last"},
82  {IKE_LAST_SUBSTRUC_MORE_PROPOSALS, "More Proposals"},
83  {IKE_LAST_SUBSTRUC_MORE_TRANSFORMS, "More Transforms"}
84 };
85 
86 //Protocol IDs
87 static const IkeParamName ikeProtocolIdList[] =
88 {
89  {IKE_PROTOCOL_ID_IKE, "IKE"},
90  {IKE_PROTOCOL_ID_AH, "AH"},
91  {IKE_PROTOCOL_ID_ESP, "ESP"}
92 };
93 
94 //Transform types
95 static const IkeParamName ikeTransformTypeList[] =
96 {
97  {IKE_TRANSFORM_TYPE_ENCR, "Encryption Algorithm"},
98  {IKE_TRANSFORM_TYPE_PRF, "Pseudorandom Function"},
99  {IKE_TRANSFORM_TYPE_INTEG, "Integrity Algorithm"},
100  {IKE_TRANSFORM_TYPE_DH, "Diffie-Hellman Group"},
101  {IKE_TRANSFORM_TYPE_ESN, "Extended Sequence Numbers"}
102 };
103 
104 //Encryption algorithms
105 static const IkeParamName ikeEncrAlgoList[] =
106 {
107  {IKE_TRANSFORM_ID_ENCR_DES_IV64, "ENCR_DES_IV64"},
108  {IKE_TRANSFORM_ID_ENCR_DES, "ENCR_DES"},
109  {IKE_TRANSFORM_ID_ENCR_3DES, "ENCR_3DES"},
110  {IKE_TRANSFORM_ID_ENCR_RC5, "ENCR_RC5"},
111  {IKE_TRANSFORM_ID_ENCR_IDEA, "ENCR_IDEA"},
112  {IKE_TRANSFORM_ID_ENCR_CAST, "ENCR_CAST"},
113  {IKE_TRANSFORM_ID_ENCR_BLOWFISH, "ENCR_BLOWFISH"},
114  {IKE_TRANSFORM_ID_ENCR_3IDEA, "ENCR_3IDEA"},
115  {IKE_TRANSFORM_ID_ENCR_DES_IV32, "ENCR_DES_IV32"},
116  {IKE_TRANSFORM_ID_ENCR_NULL, "ENCR_NULL"},
117  {IKE_TRANSFORM_ID_ENCR_AES_CBC, "ENCR_AES_CBC"},
118  {IKE_TRANSFORM_ID_ENCR_AES_CTR, "ENCR_AES_CTR"},
119  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8, "ENCR_AES_CCM_8"},
120  {IKE_TRANSFORM_ID_ENCR_AES_CCM_12, "ENCR_AES_CCM_12"},
121  {IKE_TRANSFORM_ID_ENCR_AES_CCM_16, "ENCR_AES_CCM_16"},
122  {IKE_TRANSFORM_ID_ENCR_AES_GCM_8, "ENCR_AES_GCM_8"},
123  {IKE_TRANSFORM_ID_ENCR_AES_GCM_12, "ENCR_AES_GCM_12"},
124  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16, "ENCR_AES_GCM_16"},
125  {IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC, "ENCR_NULL_AUTH_AES_GMAC"},
126  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC, "ENCR_CAMELLIA_CBC"},
127  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR, "ENCR_CAMELLIA_CTR"},
128  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8, "ENCR_CAMELLIA_CCM_8"},
129  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12, "ENCR_CAMELLIA_CCM_12"},
130  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16, "ENCR_CAMELLIA_CCM_16"},
131  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305, "ENCR_CHACHA20_POLY1305"},
132  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV, "ENCR_AES_CCM_8_IIV"},
133  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV, "ENCR_AES_GCM_16_IIV"},
134  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV, "ENCR_CHACHA20_POLY1305_IIV"},
135  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE, "ENCR_KUZNYECHIK_MGM_KTREE"},
136  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE, "ENCR_MAGMA_MGM_KTREE"},
137  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE, "ENCR_KUZNYECHIK_MGM_MAC_KTREE"},
138  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE, "ENCR_MAGMA_MGM_MAC_KTREE"},
139 };
140 
141 //Pseudorandom functions
142 static const IkeParamName ikePrfAlgoList[] =
143 {
144  {IKE_TRANSFORM_ID_PRF_HMAC_MD5, "PRF_HMAC_MD5"},
145  {IKE_TRANSFORM_ID_PRF_HMAC_SHA1, "PRF_HMAC_SHA1"},
146  {IKE_TRANSFORM_ID_PRF_HMAC_TIGER, "PRF_HMAC_TIGER"},
147  {IKE_TRANSFORM_ID_PRF_AES128_XCBC, "PRF_AES128_XCBC"},
148  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256, "PRF_HMAC_SHA2_256"},
149  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384, "PRF_HMAC_SHA2_384"},
150  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512, "PRF_HMAC_SHA2_512"},
151  {IKE_TRANSFORM_ID_PRF_AES128_CMAC, "PRF_AES128_CMAC"},
152  {IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512, "PRF_HMAC_STREEBOG_512"},
153 };
154 
155 //Integrity algorithms
156 static const IkeParamName ikeAuthAlgoList[] =
157 {
158  {IKE_TRANSFORM_ID_AUTH_NONE, "AUTH_NONE"},
159  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96, "AUTH_HMAC_MD5_96"},
160  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96"},
161  {IKE_TRANSFORM_ID_AUTH_DES_MAC, "AUTH_DES_MAC"},
162  {IKE_TRANSFORM_ID_AUTH_KPDK_MD5, "AUTH_KPDK_MD5"},
163  {IKE_TRANSFORM_ID_AUTH_AES_XCBC_96, "AUTH_AES_XCBC_96"},
164  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128, "AUTH_HMAC_MD5_128"},
165  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160, "AUTH_HMAC_SHA1_160"},
166  {IKE_TRANSFORM_ID_AUTH_AES_CMAC_96, "AUTH_AES_CMAC_96"},
167  {IKE_TRANSFORM_ID_AUTH_AES_128_GMAC, "AUTH_AES_128_GMAC"},
168  {IKE_TRANSFORM_ID_AUTH_AES_192_GMAC, "AUTH_AES_192_GMAC"},
169  {IKE_TRANSFORM_ID_AUTH_AES_256_GMAC, "AUTH_AES_256_GMAC"},
170  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128, "AUTH_HMAC_SHA2_256_128"},
171  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192, "AUTH_HMAC_SHA2_384_192"},
172  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256, "AUTH_HMAC_SHA2_512_256"},
173 };
174 
175 //Diffie-Hellman groups
176 static const IkeParamName ikeDhGroupList[] =
177 {
178  {IKE_TRANSFORM_ID_DH_GROUP_NONE, "None"},
179  {IKE_TRANSFORM_ID_DH_GROUP_MODP_768, "768-bit MODP Group"},
180  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024, "1024-bit MODP Group"},
181  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1536, "1536-bit MODP Group"},
182  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048, "2048-bit MODP Group"},
183  {IKE_TRANSFORM_ID_DH_GROUP_MODP_3072, "3072-bit MODP group"},
184  {IKE_TRANSFORM_ID_DH_GROUP_MODP_4096, "4096-bit MODP Group"},
185  {IKE_TRANSFORM_ID_DH_GROUP_MODP_6144, "6144-bit MODP Group"},
186  {IKE_TRANSFORM_ID_DH_GROUP_MODP_8192, "8192-bit MODP Group"},
187  {IKE_TRANSFORM_ID_DH_GROUP_ECP_256, "256-bit random ECP Group"},
188  {IKE_TRANSFORM_ID_DH_GROUP_ECP_384, "384-bit random ECP Group"},
189  {IKE_TRANSFORM_ID_DH_GROUP_ECP_521, "521-bit random ECP Group"},
190  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160, "1024-bit MODP Group with 160-bit Prime Order Subgroup"},
191  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224, "2048-bit MODP Group with 224-bit Prime Order Subgroup"},
192  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256, "2048-bit MODP Group with 256-bit Prime Order Subgroup"},
193  {IKE_TRANSFORM_ID_DH_GROUP_ECP_192, "192-bit Random ECP Group"},
194  {IKE_TRANSFORM_ID_DH_GROUP_ECP_224, "224-bit Random ECP Group"},
195  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1, "brainpoolP224r1"},
196  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1, "brainpoolP256r1"},
197  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1, "brainpoolP384r1"},
198  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1, "brainpoolP512r1"},
199  {IKE_TRANSFORM_ID_DH_GROUP_CURVE25519, "curve25519"},
200  {IKE_TRANSFORM_ID_DH_GROUP_CURVE448, "curve448"},
201  {IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256, "GOST3410_2012_256"},
202  {IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512, "GOST3410_2012_512"},
203  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512, "ML-KEM-512"},
204  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768, "ML-KEM-768"},
205  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024, "ML-KEM-1024"},
206 };
207 
208 //Extended sequence numbers
209 static const IkeParamName ikeEsnList[] =
210 {
211  {IKE_TRANSFORM_ID_ESN_NO, "No ESNs"},
212  {IKE_TRANSFORM_ID_ESN_YES, "ESNs"}
213 };
214 
215 //Transform attribute formats
216 static const IkeParamName ikeAttrFormatList[] =
217 {
218  {IKE_ATTR_FORMAT_TLV, "TLV"},
219  {IKE_ATTR_FORMAT_TV, "TV"}
220 };
221 
222 //Transform attribute types
223 static const IkeParamName ikeAttrTypeList[] =
224 {
225  {IKE_TRANSFORM_ATTR_TYPE_KEY_LEN, "Key Length"},
226 };
227 
228 //ID types
229 static const IkeParamName ikeIdTypeList[] =
230 {
231  {IKE_ID_TYPE_IPV4_ADDR, "ID_IPV4_ADDR"},
232  {IKE_ID_TYPE_FQDN, "ID_FQDN"},
233  {IKE_ID_TYPE_RFC822_ADDR, "ID_RFC822_ADDR"},
234  {IKE_ID_TYPE_IPV6_ADDR, "ID_IPV6_ADDR"},
235  {IKE_ID_TYPE_DER_ASN1_DN, "ID_DER_ASN1_DN"},
236  {IKE_ID_TYPE_DER_ASN1_GN, "ID_DER_ASN1_GN"},
237  {IKE_ID_TYPE_KEY_ID, "ID_KEY_ID"},
238  {IKE_ID_TYPE_FC_NAME, "ID_FC_NAME"},
239  {IKE_ID_TYPE_NULL, "ID_NULL"}
240 };
241 
242 //Certificate encoding
243 static const IkeParamName ikeCertEncodingList[] =
244 {
245  {IKE_CERT_ENCODING_PKCS7_X509_CERT, "PKCS #7 wrapped X.509 certificate"},
246  {IKE_CERT_ENCODING_PGP_CERT, "PGP certificate"},
247  {IKE_CERT_ENCODING_DNS_SIGNED_KEY, "DNS signed key"},
248  {IKE_CERT_ENCODING_X509_CERT_SIGN, "X.509 certificate - signature"},
249  {IKE_CERT_ENCODING_KERBEROS_TOKEN, "Kerberos token"},
250  {IKE_CERT_ENCODING_CRL, "Certificate revocation list"},
251  {IKE_CERT_ENCODING_ARL, "Authority revocation list"},
252  {IKE_CERT_ENCODING_SPKI_CERT, "SPKI certificate"},
253  {IKE_CERT_ENCODING_X509_CERT_ATTR, "X.509 certificate - attribute"},
254  {IKE_CERT_ENCODING_RAW_RSA_KEY, "Raw RSA key"},
255  {IKE_CERT_ENCODING_HASH_URL_X509_CERT, "Hash and URL of X.509 certificate"},
256  {IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE, "Hash and URL of X.509 bundle"},
257  {IKE_CERT_ENCODING_OCSP_CONTENT, "OCSP Content"},
258  {IKE_CERT_ENCODING_RAW_PUBLIC_KEY, "Raw Public Key"}
259 };
260 
261 //Authentication methods
262 static const IkeParamName ikeAuthMethodList[] =
263 {
264  {IKE_AUTH_METHOD_RSA, "RSA Digital Signature"},
265  {IKE_AUTH_METHOD_SHARED_KEY, "Shared Key Message Integrity Code"},
266  {IKE_AUTH_METHOD_DSS, "DSS Digital Signature"},
267  {IKE_AUTH_METHOD_ECDSA_P256_SHA256, "ECDSA with SHA-256 on the P-256 curve"},
268  {IKE_AUTH_METHOD_ECDSA_P384_SHA384, "ECDSA with SHA-384 on the P-384 curve"},
269  {IKE_AUTH_METHOD_ECDSA_P521_SHA512, "ECDSA with SHA-512 on the P-521 curve"},
270  {IKE_AUTH_METHOD_GSPAM, "Generic Secure Password Authentication Method"},
271  {IKE_AUTH_METHOD_NULL, "NULL Authentication"},
272  {IKE_AUTH_METHOD_DIGITAL_SIGN, "Digital Signature"},
273 };
274 
275 //Notify message types
276 static const IkeParamName ikeNotifyMsgTypeList[] =
277 {
278  {IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, "UNSUPPORTED_CRITICAL_PAYLOAD"},
279  {IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI, "INVALID_IKE_SPI"},
280  {IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION, "INVALID_MAJOR_VERSION"},
281  {IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX, "INVALID_SYNTAX"},
282  {IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID, "INVALID_MESSAGE_ID"},
283  {IKE_NOTIFY_MSG_TYPE_INVALID_SPI, "INVALID_SPI"},
284  {IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN, "NO_PROPOSAL_CHOSEN"},
285  {IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD, "INVALID_KE_PAYLOAD"},
286  {IKE_NOTIFY_MSG_TYPE_AUTH_FAILED, "AUTHENTICATION_FAILED"},
287  {IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED, "SINGLE_PAIR_REQUIRED"},
288  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS, "NO_ADDITIONAL_SAS"},
289  {IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE, "INTERNAL_ADDRESS_FAILURE"},
290  {IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED, "FAILED_CP_REQUIRED"},
291  {IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE, "TS_UNACCEPTABLE"},
292  {IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS, "INVALID_SELECTORS"},
293  {IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES, "UNACCEPTABLE_ADDRESSES"},
294  {IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED, "UNEXPECTED_NAT_DETECTED"},
295  {IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA, "USE_ASSIGNED_HOA"},
296  {IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE, "TEMPORARY_FAILURE"},
297  {IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND, "CHILD_SA_NOT_FOUND"},
298  {IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID, "INVALID_GROUP_ID"},
299  {IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED, "AUTHORIZATION_FAILED"},
300  {IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND, "STATE_NOT_FOUND"},
301  {IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT, "INITIAL_CONTACT"},
302  {IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE, "SET_WINDOW_SIZE"},
303  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE, "ADDITIONAL_TS_POSSIBLE"},
304  {IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED, "IPCOMP_SUPPORTED"},
305  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP, "NAT_DETECTION_SOURCE_IP"},
306  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP, "NAT_DETECTION_DESTINATION_IP"},
307  {IKE_NOTIFY_MSG_TYPE_COOKIE, "COOKIE"},
308  {IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE, "USE_TRANSPORT_MODE"},
309  {IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED, "HTTP_CERT_LOOKUP_SUPPORTED"},
310  {IKE_NOTIFY_MSG_TYPE_REKEY_SA, "REKEY_SA"},
311  {IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED, "ESP_TFC_PADDING_NOT_SUPPORTED"},
312  {IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO, "NON_FIRST_FRAGMENTS_ALSO"},
313  {IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED, "MOBIKE_SUPPORTED"},
314  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS, "ADDITIONAL_IP4_ADDRESS"},
315  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS, "ADDITIONAL_IP6_ADDRESS"},
316  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES, "NO_ADDITIONAL_ADDRESSES"},
317  {IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES, "UPDATE_SA_ADDRESSES"},
318  {IKE_NOTIFY_MSG_TYPE_COOKIE2, "COOKIE2"},
319  {IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED, "NO_NATS_ALLOWED"},
320  {IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME, "AUTH_LIFETIME"},
321  {IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED, "MULTIPLE_AUTH_SUPPORTED"},
322  {IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS, "ANOTHER_AUTH_FOLLOWS"},
323  {IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED, "REDIRECT_SUPPORTED"},
324  {IKE_NOTIFY_MSG_TYPE_REDIRECT, "REDIRECT"},
325  {IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM, "REDIRECTED_FROM"},
326  {IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE, "TICKET_LT_OPAQUE"},
327  {IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST, "TICKET_REQUEST"},
328  {IKE_NOTIFY_MSG_TYPE_TICKET_ACK, "TICKET_ACK"},
329  {IKE_NOTIFY_MSG_TYPE_TICKET_NACK, "TICKET_NACK"},
330  {IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE, "TICKET_OPAQUE"},
331  {IKE_NOTIFY_MSG_TYPE_LINK_ID, "LINK_ID"},
332  {IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE, "USE_WESP_MODE"},
333  {IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED, "ROHC_SUPPORTED"},
334  {IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION, "EAP_ONLY_AUTHENTICATION"},
335  {IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED, "CHILDLESS_IKEV2_SUPPORTED"},
336  {IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION, "QUICK_CRASH_DETECTION"},
337  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED"},
338  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED"},
339  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC, "IKEV2_MESSAGE_ID_SYNC"},
340  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC, "IPSEC_REPLAY_COUNTER_SYNC"},
341  {IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS, "SECURE_PASSWORD_METHODS"},
342  {IKE_NOTIFY_MSG_TYPE_PSK_PERSIST, "PSK_PERSIST"},
343  {IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM, "PSK_CONFIRM"},
344  {IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED, "ERX_SUPPORTED"},
345  {IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY, "IFOM_CAPABILITY"},
346  {IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID, "SENDER_REQUEST_ID"},
347  {IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED, "IKEV2_FRAGMENTATION_SUPPORTED"},
348  {IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS, "SIGNATURE_HASH_ALGORITHMS"},
349  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED, "CLONE_IKE_SA_SUPPORTED"},
350  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA, "CLONE_IKE_SA"},
351  {IKE_NOTIFY_MSG_TYPE_PUZZLE, "PUZZLE"},
352  {IKE_NOTIFY_MSG_TYPE_USE_PPK, "USE_PPK"},
353  {IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY, "PPK_IDENTITY"},
354  {IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH, "NO_PPK_AUTH"},
355  {IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED, "INTERMEDIATE_EXCHANGE_SUPPORTED"},
356  {IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED, "IP4_ALLOWED"},
357  {IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED, "IP6_ALLOWED"},
358  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE, "ADDITIONAL_KEY_EXCHANGE"},
359  {IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG, "USE_AGGFRAG"},
360 };
361 
362 //Traffic selector types
363 static const IkeParamName ikeTsTypeList[] =
364 {
365  {IKE_TS_TYPE_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
366  {IKE_TS_TYPE_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"}
367 };
368 
369 //IP protocol IDs
370 static const IkeParamName ikeIpProtocolIdList[] =
371 {
372  {IKE_IP_PROTOCOL_ID_ICMP, "ICMP"},
373  {IKE_IP_PROTOCOL_ID_TCP, "TCP"},
374  {IKE_IP_PROTOCOL_ID_UDP, "UDP"},
375  {IKE_IP_PROTOCOL_ID_ICMPV6, "ICMPv6"},
376 };
377 
378 
379 /**
380  * @brief Dump IKE message
381  * @param[in] message Pointer to the IKE message to dump
382  * @param[in] length Length of the IKE message, in bytes
383  **/
384 
385 void ikeDumpMessage(const uint8_t *message, size_t length)
386 {
387  const IkeHeader *header;
388 
389  //Check the length of the IKE message
390  if(length < sizeof(IkeHeader))
391  return;
392 
393  //Each message begins with the IKE header
394  header = (IkeHeader *) message;
395 
396  //Dump IKE header
397  ikeDumpHeader(header);
398 
399  //Determine the length of the IKE payloads
400  length -= sizeof(IkeHeader);
401 
402  //The Next Payload field indicates the type of payload that immediately
403  //follows the header
404  ikeDumpPayloads(message + sizeof(IkeHeader), length, header->nextPayload);
405 }
406 
407 
408 /**
409  * @brief Dump IKE header
410  * @param[in] header Pointer to the IKE header to dump
411  **/
412 
413 void ikeDumpHeader(const IkeHeader *header)
414 {
415  const char_t *nextPayloadName;
416  const char_t *exchangeTypeName;
417 
418  //Convert the Next Payload field to string representation
419  nextPayloadName = ikeGetParamName(header->nextPayload,
420  ikePayloadList, arraysize(ikePayloadList));
421 
422  //Convert the Exchange Type field to string representation
423  exchangeTypeName = ikeGetParamName(header->exchangeType,
424  ikeExchangeTypeList, arraysize(ikeExchangeTypeList));
425 
426  //Dump IKE header
427  TRACE_DEBUG_ARRAY(" Initiator SPI = ", header->initiatorSpi, IKE_SPI_SIZE);
428  TRACE_DEBUG_ARRAY(" Responder SPI = ", header->responderSpi, IKE_SPI_SIZE);
429  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
430  TRACE_DEBUG(" Major Version = %" PRIu8 "\r\n", header->majorVersion);
431  TRACE_DEBUG(" Minor Version = %" PRIu8 "\r\n", header->minorVersion);
432  TRACE_DEBUG(" Exchange Type = %" PRIu8 " (%s)\r\n", header->exchangeType, exchangeTypeName);
433  ikeDumpFlags(header->flags);
434  TRACE_DEBUG(" Message ID = %" PRIu32 "\r\n", ntohl(header->messageId));
435  TRACE_DEBUG(" Length = %" PRIu32 "\r\n", ntohl(header->length));
436 }
437 
438 
439 /**
440  * @brief Dump flags
441  * @param[in] flags specific options that are set for the IKE message
442  **/
443 
444 void ikeDumpFlags(uint8_t flags)
445 {
446  uint8_t r;
447  uint8_t v;
448  uint8_t i;
449 
450  //The R bit indicates that this message is a response to a message containing
451  //the same Message ID
452  r = (flags & IKE_FLAGS_R) ? 1 : 0;
453 
454  //The V bit indicates that the transmitter is capable of speaking a higher
455  //major version number of the protocol than the one indicated in the major
456  //version number field
457  v = (flags & IKE_FLAGS_V) ? 1 : 0;
458 
459  //The I bit must be set in messages sent by the original initiator of the
460  //IKE SA and must be cleared in messages sent by the original responder
461  i = (flags & IKE_FLAGS_I) ? 1 : 0;
462 
463  //Check whether any flag is set
464  if(r != 0 || v != 0 || i != 0)
465  {
466  //Dump the value of the Flags field
467  TRACE_DEBUG(" Flags = 0x%02" PRIX8 " (", flags);
468 
469  //Dump flags
470  while(1)
471  {
472  if(r != 0)
473  {
474  TRACE_DEBUG("Response");
475  r = FALSE;
476  }
477  else if(v != 0)
478  {
479  TRACE_DEBUG("Version");
480  v = FALSE;
481  }
482  else if(i != 0)
483  {
484  TRACE_DEBUG("Initiator");
485  i = FALSE;
486  }
487  else
488  {
489  }
490 
491  if(r != 0 || v != 0 || i != 0)
492  {
493  TRACE_DEBUG(", ");
494  }
495  else
496  {
497  TRACE_DEBUG(")\r\n");
498  break;
499  }
500  }
501  }
502  else
503  {
504  //Dump the value of the Flags field
505  TRACE_DEBUG(" Flags = 0x%02" PRIX8 "\r\n", flags);
506  }
507 }
508 
509 
510 /**
511  * @brief Dump IKE payloads
512  * @param[in] payloads Pointer to the IKE payloads to dump
513  * @param[in] length Length of the IKE payloads, in bytes
514  * @param[in] nextPayload Next payload type
515  **/
516 
517 void ikeDumpPayloads(const uint8_t *payloads, size_t length,
518  uint8_t nextPayload)
519 {
520  size_t n;
521  const char_t *payloadName;
522  const IkePayloadHeader *payload;
523 
524  //Following the header are one or more IKE payloads each identified by
525  //a Next Payload field in the preceding payload
526  while(nextPayload != IKE_PAYLOAD_TYPE_LAST &&
527  length >= sizeof(IkePayloadHeader))
528  {
529  //Retrieve the name of the current IKE payload
530  payloadName = ikeGetParamName(nextPayload, ikePayloadList,
531  arraysize(ikePayloadList));
532 
533  //Each IKE payload begins with a generic payload header
534  payload = (IkePayloadHeader *) payloads;
535 
536  //The Payload Length field indicates the length in octets of the current
537  //payload, including the generic payload header
538  n = ntohs(payload->payloadLength);
539 
540  //Display the name of the current IKE payload
541  TRACE_DEBUG(" %s Payload (%" PRIuSIZE " bytes)\r\n", payloadName, n);
542 
543  //Check the length of the IKE payload
544  if(n < sizeof(IkePayloadHeader) || n > length)
545  break;
546 
547  //Dump generic payload header
548  ikeDumpPayloadHeader(payload);
549 
550  //Check IKE payload type
551  if(nextPayload == IKE_PAYLOAD_TYPE_SA)
552  {
553  //Dump Security Association payload
554  ikeDumpSaPayload((IkeSaPayload *) payload, n);
555  }
556  else if(nextPayload == IKE_PAYLOAD_TYPE_KE)
557  {
558  //Dump Key Exchange payload
559  ikeDumpKePayload((IkeKePayload *) payload, n);
560  }
561  else if(nextPayload == IKE_PAYLOAD_TYPE_IDI ||
562  nextPayload == IKE_PAYLOAD_TYPE_IDR)
563  {
564  //Dump Identification payload
565  ikeDumpIdPayload((IkeIdPayload *) payload, n);
566  }
567  else if(nextPayload == IKE_PAYLOAD_TYPE_CERT)
568  {
569  //Dump Certificate
570  ikeDumpCertPayload((IkeCertPayload *) payload, n);
571  }
572  else if(nextPayload == IKE_PAYLOAD_TYPE_CERTREQ)
573  {
574  //Dump Certificate Request
575  ikeDumpCertReqPayload((IkeCertReqPayload *) payload, n);
576  }
577  else if(nextPayload == IKE_PAYLOAD_TYPE_AUTH)
578  {
579  //Dump Authentication payload
580  ikeDumpAuthPayload((IkeAuthPayload *) payload, n);
581  }
582  else if(nextPayload == IKE_PAYLOAD_TYPE_NONCE)
583  {
584  //Dump Nonce payload
585  ikeDumpNoncePayload((IkeNoncePayload *) payload, n);
586  }
587  else if(nextPayload == IKE_PAYLOAD_TYPE_N)
588  {
589  //Dump Notify payload
590  ikeDumpNotifyPayload((IkeNotifyPayload *) payload, n);
591  }
592  else if(nextPayload == IKE_PAYLOAD_TYPE_D)
593  {
594  //Dump Delete payload
595  ikeDumpDeletePayload((IkeDeletePayload *) payload, n);
596  }
597  else if(nextPayload == IKE_PAYLOAD_TYPE_TSI ||
598  nextPayload == IKE_PAYLOAD_TYPE_TSR)
599  {
600  //Dump Traffic Selector payload
601  ikeDumpTsPayload((IkeTsPayload *) payload, n);
602  }
603  else if(nextPayload == IKE_PAYLOAD_TYPE_SK)
604  {
605  //Dump Encrypted payload
606  ikeDumpEncryptedPayload((IkeEncryptedPayload *) payload, n);
607 
608  //The Encrypted payload, if present in a message, must be the last
609  //payload in the message (refer to RFC 7296, section 3.14)
610  break;
611  }
612  else if(nextPayload == IKE_PAYLOAD_TYPE_SKF)
613  {
614  //Dump Encrypted Fragment payload
615  ikeDumpEncryptedFragPayload((IkeEncryptedFragPayload *) payload, n);
616 
617  //As is the case for the Encrypted payload, the Encrypted Fragment
618  //payload, if present in a message, MUST be the last payload in the
619  //message (refer to RFC 7383, section 2.5)
620  break;
621  }
622  else
623  {
624  //Unknown IKE payload type
625  }
626 
627  //The Next Payload field indicates the payload type of the next payload
628  //in the message
629  nextPayload = payload->nextPayload;
630 
631  //Jump to the next IKE payload
632  payloads += n;
633  length -= n;
634  }
635 }
636 
637 
638 /**
639  * @brief Dump generic payload header
640  * @param[in] header Pointer to the generic payload header to dump
641  **/
642 
643 void ikeDumpPayloadHeader(const IkePayloadHeader *header)
644 {
645  const char_t *nextPayloadName;
646 
647  //Convert the Next Payload field to string representation
648  nextPayloadName = ikeGetParamName(header->nextPayload,
649  ikePayloadList, arraysize(ikePayloadList));
650 
651  //Dump generic payload header
652  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
653  TRACE_DEBUG(" Critical = %" PRIu8 "\r\n", header->critical);
654  TRACE_DEBUG(" Payload Length = %" PRIu16 "\r\n", ntohs(header->payloadLength));
655 }
656 
657 
658 /**
659  * @brief Dump Security Association payload
660  * @param[in] payload Pointer to the payload to dump
661  * @param[in] length Length of the payload, in bytes
662  **/
663 
664 void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
665 {
666  size_t n;
667  const uint8_t *p;
668  const IkeProposal *proposal;
669 
670  //Check the length of the payload
671  if(length < sizeof(IkeSaPayload))
672  return;
673 
674  //Point to the first byte of the Proposals field
675  p = payload->proposals;
676  //Determine the length of the Proposals field
677  length -= sizeof(IkeSaPayload);
678 
679  //The Security Association payload contains one or more Proposal
680  //substructures
681  while(length >= sizeof(IkeProposal))
682  {
683  //Point to the Proposal substructure
684  proposal = (IkeProposal *) p;
685 
686  //The Proposal Length field indicates the length of this proposal,
687  //including all transforms and attributes that follow
688  n = ntohs(proposal->proposalLength);
689 
690  //Debug message
691  TRACE_DEBUG(" Proposal (%" PRIuSIZE " bytes)\r\n", n);
692 
693  //Check the length of the proposal
694  if(n < sizeof(IkeProposal) || n > length)
695  break;
696 
697  //Dump Proposal substructure
698  ikeDumpProposal(proposal, n);
699 
700  //Jump to the next proposal
701  p += n;
702  length -= n;
703  }
704 }
705 
706 
707 /**
708  * @brief Dump Proposal substructure
709  * @param[in] proposal Pointer to the Proposal substructure to dump
710  * @param[in] length Length of the proposal, in bytes
711  **/
712 
713 void ikeDumpProposal(const IkeProposal *proposal, size_t length)
714 {
715  uint_t i;
716  size_t n;
717  const uint8_t *p;
718  const char_t *lastSubstrucName;
719  const char_t *protocolIdName;
720  const IkeTransform *transform;
721 
722  //Check the length of the Proposal substructure
723  if(length < sizeof(IkeProposal))
724  return;
725 
726  //The Last Substruc field specifies whether or not this is the last
727  //Proposal Substructure in the SA
728  lastSubstrucName = ikeGetParamName(proposal->lastSubstruc,
729  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
730 
731  //The Protocol ID specifies the IPsec protocol identifier for the
732  //current negotiation
733  protocolIdName = ikeGetParamName(proposal->protocolId,
734  ikeProtocolIdList, arraysize(ikeProtocolIdList));
735 
736  //Dump Proposal substructure
737  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
738  proposal->lastSubstruc, lastSubstrucName);
739 
740  TRACE_DEBUG(" Proposal Length = %" PRIu16 "\r\n",
741  ntohs(proposal->proposalLength));
742 
743  TRACE_DEBUG(" Proposal Num = %" PRIu8 "\r\n", proposal->proposalNum);
744 
745  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
746  proposal->protocolId, protocolIdName);
747 
748  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", proposal->spiSize);
749  TRACE_DEBUG(" Num Transforms = %" PRIu8 "\r\n", proposal->numTransforms);
750 
751  //Malformed substructure?
752  if(length < (sizeof(IkeProposal) + proposal->spiSize))
753  return;
754 
755  //Dump SPI
756  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", proposal->spiSize);
757  TRACE_DEBUG_ARRAY(" ", proposal->spi, proposal->spiSize);
758 
759  //Point to the first byte of the Transforms field
760  p = (uint8_t *) proposal + sizeof(IkeProposal) + proposal->spiSize;
761  //Determine the length of the Transforms field
762  length -= sizeof(IkeProposal) + proposal->spiSize;
763 
764  //The Transforms field contains one or more Transform substructures
765  for(i = 1; i <= proposal->numTransforms; i++)
766  {
767  //Malformed substructure?
768  if(length < sizeof(IkeTransform))
769  break;
770 
771  //Point to the Transform substructure
772  transform = (IkeTransform *) p;
773 
774  //The Transform Length field indicates the length of the Transform
775  //substructure including header and attributes
776  n = ntohs(transform->transformLength);
777 
778  //Debug message
779  TRACE_DEBUG(" Transform %u (%" PRIuSIZE " bytes)\r\n", i, n);
780 
781  //Check the length of the transform
782  if(n < sizeof(IkeTransform) || n > length)
783  break;
784 
785  //Dump Transform substructure
786  ikeDumpTransform(transform, n);
787 
788  //Jump to the next transform
789  p += n;
790  length -= n;
791  }
792 }
793 
794 
795 /**
796  * @brief Dump Transform substructure
797  * @param[in] transform Pointer to the Transform substructure to dump
798  * @param[in] length Length of the transform, in bytes
799  **/
800 
801 void ikeDumpTransform(const IkeTransform *transform, size_t length)
802 {
803  error_t error;
804  uint_t i;
805  size_t n;
806  uint16_t transformId;
807  const uint8_t *p;
808  const char_t *lastSubstrucName;
809  const char_t *transformName;
810  const char_t *algoName;
811  const IkeTransformAttr *attr;
812 
813  //Check the length of the Transform substructure
814  if(length < sizeof(IkeTransform))
815  return;
816 
817  //The Last Substruc field specifies whether or not this is the last
818  //Proposal Substructure in the SA
819  lastSubstrucName = ikeGetParamName(transform->lastSubstruc,
820  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
821 
822  //Retrieve the type of transform being specified in this transform
823  transformName = ikeGetParamName(transform->transformType,
824  ikeTransformTypeList, arraysize(ikeTransformTypeList));
825 
826  //Dump Transform substructure
827  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
828  transform->lastSubstruc, lastSubstrucName);
829 
830  TRACE_DEBUG(" Transform Length = %" PRIu16 "\r\n",
831  ntohs(transform->transformLength));
832 
833  TRACE_DEBUG(" Transform Type = %" PRIu8 " (%s)\r\n",
834  transform->transformType, transformName);
835 
836  //Convert the Transform ID field to host byte order
837  transformId = ntohs(transform->transformId);
838 
839  //Check transform type
840  if(transform->transformType == IKE_TRANSFORM_TYPE_ENCR)
841  {
842  //Transform type 1 (encryption algorithm)
843  algoName = ikeGetParamName(transformId, ikeEncrAlgoList,
844  arraysize(ikeEncrAlgoList));
845  }
846  else if(transform->transformType == IKE_TRANSFORM_TYPE_PRF)
847  {
848  //Transform type 2 (pseudorandom functions)
849  algoName = ikeGetParamName(transformId, ikePrfAlgoList,
850  arraysize(ikePrfAlgoList));
851  }
852  else if(transform->transformType == IKE_TRANSFORM_TYPE_INTEG)
853  {
854  //Transform type 3 (integrity algorithm)
855  algoName = ikeGetParamName(transformId, ikeAuthAlgoList,
856  arraysize(ikeAuthAlgoList));
857  }
858  else if(transform->transformType == IKE_TRANSFORM_TYPE_DH)
859  {
860  //Transform type 4 (Diffie-Hellman group)
861  algoName = ikeGetParamName(transformId, ikeDhGroupList,
862  arraysize(ikeDhGroupList));
863  }
864  else if(transform->transformType == IKE_TRANSFORM_TYPE_ESN)
865  {
866  //Transform type 5 (extended sequence numbers)
867  algoName = ikeGetParamName(transformId, ikeEsnList,
868  arraysize(ikeEsnList));
869  }
870  else
871  {
872  //Unknown transform
873  algoName = "Unknown";
874  }
875 
876  //Dump Transform ID field
877  TRACE_DEBUG(" Transform ID = %" PRIu16 " (%s)\r\n",
878  transformId, algoName);
879 
880  //Point to the first byte of the Transform Attributes field
881  p = transform->transformAttr;
882  //Get the length of the Transform Attributes field
883  length -= sizeof(IkeTransform);
884 
885  //The Transform Attributes field contains one or more attributes
886  for(i = 1; ; i++)
887  {
888  //Malformed attribute?
889  if(length < sizeof(IkeTransformAttr))
890  break;
891 
892  //Point to the transform attribute
893  attr = (IkeTransformAttr *) p;
894 
895  //Debug message
896  TRACE_DEBUG(" Transform Attribute %u\r\n", i);
897 
898  //Dump transform attribute
899  error = ikeDumpTransformAttr(attr, length, &n);
900  //Any error to report?
901  if(error)
902  break;
903 
904  //Jump to the next attribute
905  p += n;
906  length -= n;
907  }
908 }
909 
910 
911 /**
912  * @brief Dump transform attribute
913  * @param[in] attr Pointer to the transform attribute to dump
914  * @param[in] length Number of bytes available in the input stream
915  * @param[out] consumed Total number of characters that have been consumed
916  * @return Error code
917  **/
918 
919 error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length,
920  size_t *consumed)
921 {
922  size_t n;
923  uint16_t attrFormat;
924  uint16_t attrType;
925  const char_t *attrFormatName;
926  const char_t *attrTypeName;
927 
928  //Malformed attribute?
929  if(length < sizeof(IkeTransformAttr))
930  return ERROR_INVALID_SYNTAX;
931 
932  //Retrieve the format of the attribute
933  attrFormat = (ntohs(attr->type) & 0x8000) >> 15;
934  //Retrieve the type of the attribute
935  attrType = ntohs(attr->type) & 0x7FFF;
936 
937  //The AF field indicates whether the data attribute follows the TLV
938  //format or a shortened TV format
939  attrFormatName = ikeGetParamName(ntohs(attr->type) & 0x8000,
940  ikeAttrFormatList, arraysize(ikeAttrFormatList));
941 
942  //The Attribute Type field is a unique identifier for each type of
943  //attribute
944  attrTypeName = ikeGetParamName(attrType, ikeAttrTypeList,
945  arraysize(ikeAttrTypeList));
946 
947  //Dump Transform Attribute
948  TRACE_DEBUG(" Attribute Format = %" PRIu16 " (%s)\r\n",
949  attrFormat, attrFormatName);
950 
951  TRACE_DEBUG(" Attribute Type = %" PRIu16 " (%s)\r\n",
952  attrType, attrTypeName);
953 
954  //Check the format of the attribute
955  if((ntohs(attr->type) & IKE_ATTR_FORMAT_TV) != 0)
956  {
957  //If the AF bit is set, then the attribute value has a fixed length
958  n = 0;
959 
960  //Dump attribute value
961  TRACE_DEBUG(" Attribute Value = %" PRIu16 "\r\n",
962  ntohs(attr->length));
963  }
964  else
965  {
966  //If the AF bit is not set, then this attribute has a variable length
967  //defined by the Attribute Length field
968  n = ntohs(attr->length);
969 
970  //Dump attribute length
971  TRACE_DEBUG(" Attribute Length = %" PRIu16 "\r\n", n);
972 
973  //Malformed attribute?
974  if(length < (sizeof(IkeTransformAttr) + n))
975  return ERROR_INVALID_SYNTAX;
976 
977  //Dump attribute value
978  TRACE_DEBUG(" Attribute Value (%" PRIuSIZE " bytes)\r\n", n);
979  TRACE_DEBUG_ARRAY(" ", attr->value, n);
980  }
981 
982  //Total number of bytes that have been consumed
983  *consumed = sizeof(IkeTransformAttr) + n;
984 
985  //Parsing was successful
986  return NO_ERROR;
987 }
988 
989 
990 /**
991  * @brief Dump Key Exchange payload
992  * @param[in] payload Pointer to the payload to dump
993  * @param[in] length Length of the payload, in bytes
994  **/
995 
996 void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
997 {
998  size_t n;
999  uint16_t groupNum;
1000  const char_t *groupName;
1001 
1002  //Check the length of the payload
1003  if(length < sizeof(IkeKePayload))
1004  return;
1005 
1006  //Determine the length of the Key Exchange Data field
1007  n = length - sizeof(IkeKePayload);
1008 
1009  //The Diffie-Hellman Group Num identifies the Diffie-Hellman group in
1010  //which the Key Exchange Data was computed
1011  groupNum = ntohs(payload->dhGroupNum);
1012 
1013  //Convert the Diffie-Hellman Group Num field to string representation
1014  groupName = ikeGetParamName(groupNum, ikeDhGroupList,
1015  arraysize(ikeDhGroupList));
1016 
1017  //Dump Diffie-Hellman Group Num field
1018  TRACE_DEBUG(" Diffie-Hellman Group Num = 0x%" PRIX16 " (%s)\r\n",
1019  groupNum, groupName);
1020 
1021  //Dump Key Exchange Data field
1022  TRACE_DEBUG(" Key Exchange Data (%" PRIuSIZE " bytes)\r\n", n);
1023  TRACE_DEBUG_ARRAY(" ", payload->keyExchangeData, n);
1024 }
1025 
1026 
1027 /**
1028  * @brief Dump Identification payload
1029  * @param[in] payload Pointer to the payload to dump
1030  * @param[in] length Length of the payload, in bytes
1031  **/
1032 
1033 void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
1034 {
1035  const char_t *idTypeName;
1036 
1037  //Check the length of the payload
1038  if(length < sizeof(IkeIdPayload))
1039  return;
1040 
1041  //The ID Type field specifies the type of Identification being used
1042  idTypeName = ikeGetParamName(payload->idType, ikeIdTypeList,
1043  arraysize(ikeIdTypeList));
1044 
1045  //Dump ID Type field
1046  TRACE_DEBUG(" ID Type = %" PRIu8 " (%s)\r\n", payload->idType,
1047  idTypeName);
1048 
1049  //The Identification Data field has a variable length
1050  length -= sizeof(IkeIdPayload);
1051 
1052  //Dump Identification Data field
1053  TRACE_DEBUG(" Identification Data (%" PRIuSIZE " bytes)\r\n", length);
1054 
1055 #if (IPV4_SUPPORT == ENABLED)
1056  //IPv4 address?
1057  if(payload->idType == IKE_ID_TYPE_IPV4_ADDR && length == sizeof(Ipv4Addr))
1058  {
1059  Ipv4Addr ipv4Addr;
1060 
1061  //Copy IPv4 address
1062  ipv4CopyAddr(&ipv4Addr, payload->idData);
1063  //Dump IPv4 address
1064  TRACE_DEBUG(" %s\r\n", ipv4AddrToString(ipv4Addr, NULL));
1065  }
1066  else
1067 #endif
1068 #if (IPV6_SUPPORT == ENABLED)
1069  //IPv4 address?
1070  if(payload->idType == IKE_ID_TYPE_IPV6_ADDR && length == sizeof(Ipv6Addr))
1071  {
1072  Ipv6Addr ipv6Addr;
1073 
1074  //Copy IPv6 address
1075  ipv6CopyAddr(&ipv6Addr, payload->idData);
1076  //Dump IPv6 address
1077  TRACE_DEBUG(" %s\r\n", ipv6AddrToString(&ipv6Addr, NULL));
1078  }
1079  else
1080 #endif
1081  {
1082  //Dump Identification Data field
1083  TRACE_DEBUG_ARRAY(" ", payload->idData, length);
1084  }
1085 }
1086 
1087 
1088 /**
1089  * @brief Dump Certificate payload
1090  * @param[in] payload Pointer to the payload to dump
1091  * @param[in] length Length of the payload, in bytes
1092  **/
1093 
1094 void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
1095 {
1096  const char_t *certEncodingName;
1097 
1098  //Check the length of the payload
1099  if(length < sizeof(IkeCertPayload))
1100  return;
1101 
1102  //The Certificate Encoding field indicates the type of certificate or
1103  //certificate-related information contained in the Certificate Data field
1104  certEncodingName = ikeGetParamName(payload->certEncoding,
1105  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1106 
1107  //Dump Certificate Encoding field
1108  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1109  payload->certEncoding, certEncodingName);
1110 
1111  //The Certificate Data field has a variable length
1112  length -= sizeof(IkeCertPayload);
1113 
1114  //Dump Certificate Data field
1115  TRACE_DEBUG(" Certificate Data (%" PRIuSIZE " bytes)\r\n", length);
1116  TRACE_DEBUG_ARRAY(" ", payload->certData, length);
1117 }
1118 
1119 
1120 /**
1121  * @brief Dump Certificate Request payload
1122  * @param[in] payload Pointer to the payload to dump
1123  * @param[in] length Length of the payload, in bytes
1124  **/
1125 
1126 void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
1127 {
1128  const char_t *certEncodingName;
1129 
1130  //Check the length of the payload
1131  if(length < sizeof(IkeCertReqPayload))
1132  return;
1133 
1134  //The Certificate Encoding field contains an encoding of the type or
1135  //format of certificate requested
1136  certEncodingName = ikeGetParamName(payload->certEncoding,
1137  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1138 
1139  //Dump Certificate Encoding field
1140  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1141  payload->certEncoding, certEncodingName);
1142 
1143  //The Certification Authority field has a variable length
1144  length -= sizeof(IkeCertReqPayload);
1145 
1146  //Dump Certification Authority field
1147  TRACE_DEBUG(" Certification Authority (%" PRIuSIZE " bytes)\r\n", length);
1148  TRACE_DEBUG_ARRAY(" ", payload->certAuthority, length);
1149 }
1150 
1151 
1152 /**
1153  * @brief Dump Authentication payload
1154  * @param[in] payload Pointer to the payload to dump
1155  * @param[in] length Length of the payload, in bytes
1156  **/
1157 
1158 void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
1159 {
1160  size_t n;
1161  const char_t *authMethodName;
1162 
1163  //Check the length of the payload
1164  if(length < sizeof(IkeAuthPayload))
1165  return;
1166 
1167  //The Auth Method field specifies the method of authentication used
1168  authMethodName = ikeGetParamName(payload->authMethod, ikeAuthMethodList,
1169  arraysize(ikeAuthMethodList));
1170 
1171  //Dump Auth Method field
1172  TRACE_DEBUG(" Auth Method = %" PRIu8 " (%s)\r\n",
1173  payload->authMethod, authMethodName);
1174 
1175  //The Authentication Data field has a variable length
1176  n = length - sizeof(IkeAuthPayload);
1177 
1178  //Dump Authentication Data field
1179  TRACE_DEBUG(" Auth Data (%" PRIuSIZE " bytes)\r\n", n);
1180  TRACE_DEBUG_ARRAY(" ", payload->authData, n);
1181 }
1182 
1183 
1184 /**
1185  * @brief Dump Nonce payload
1186  * @param[in] payload Pointer to the payload to dump
1187  * @param[in] length Length of the payload, in bytes
1188  **/
1189 
1190 void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
1191 {
1192  size_t n;
1193 
1194  //Check the length of the payload
1195  if(length < sizeof(IkeNoncePayload))
1196  return;
1197 
1198  //The size of the Nonce Data must be between 16 and 256 octets, inclusive
1199  n = length - sizeof(IkeNoncePayload);
1200 
1201  //Dump Nonce Data field
1202  TRACE_DEBUG(" Nonce (%" PRIuSIZE " bytes)\r\n", n);
1203  TRACE_DEBUG_ARRAY(" ", payload->nonceData, n);
1204 }
1205 
1206 
1207 /**
1208  * @brief Dump Notify payload
1209  * @param[in] payload Pointer to the payload to dump
1210  * @param[in] length Length of the payload, in bytes
1211  **/
1212 
1213 void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
1214 {
1215  size_t n;
1216  const uint8_t *p;
1217  const char_t *protocolIdName;
1218  const char_t *notifyMsgName;
1219 
1220  //Check the length of the payload
1221  if(length < sizeof(IkeNotifyPayload))
1222  return;
1223 
1224  //Check the length of the SPI
1225  if(length < (sizeof(IkeNotifyPayload) + payload->spiSize))
1226  return;
1227 
1228  //Convert the Protocol ID to string representation
1229  protocolIdName = ikeGetParamName(payload->protocolId,
1230  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1231 
1232  //Convert the Notify Message Type to string representation
1233  notifyMsgName = ikeGetParamName(ntohs(payload->notifyMsgType),
1234  ikeNotifyMsgTypeList, arraysize(ikeNotifyMsgTypeList));
1235 
1236  //Dump Notify payload
1237  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1238  payload->protocolId, protocolIdName);
1239 
1240  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1241 
1242  TRACE_DEBUG(" Notify Message Type = %" PRIu16 " (%s)\r\n",
1243  ntohs(payload->notifyMsgType), notifyMsgName);
1244 
1245  //Dump SPI field
1246  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", payload->spiSize);
1247 
1248  if(payload->spiSize > 0)
1249  {
1250  TRACE_DEBUG_ARRAY(" ", payload->spi, payload->spiSize);
1251  }
1252 
1253  //The Notification Data field has a variable length
1254  p = payload->spi + payload->spiSize;
1255  n = length - sizeof(IkeNotifyPayload) - payload->spiSize;
1256 
1257  //Dump Notification Data field
1258  TRACE_DEBUG(" Notification Data (%" PRIuSIZE " bytes)\r\n", n);
1259 
1260  if(n > 0)
1261  {
1262  TRACE_DEBUG_ARRAY(" ", p, n);
1263  }
1264 }
1265 
1266 
1267 /**
1268  * @brief Dump Delete payload
1269  * @param[in] payload Pointer to the payload to dump
1270  * @param[in] length Length of the payload, in bytes
1271  **/
1272 
1273 void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
1274 {
1275  size_t n;
1276  const char_t *protocolIdName;
1277 
1278  //Check the length of the payload
1279  if(length < sizeof(IkeDeletePayload))
1280  return;
1281 
1282  //Convert the Protocol ID to string representation
1283  protocolIdName = ikeGetParamName(payload->protocolId,
1284  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1285 
1286  //Dump Delete payload
1287  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1288  payload->protocolId, protocolIdName);
1289 
1290  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1291 
1292  TRACE_DEBUG(" Number Of SPIs = %" PRIu16 "\r\n", ntohs(payload->numSpi));
1293 
1294  //The SPIs field has a variable length
1295  n = length - sizeof(IkeDeletePayload);
1296 
1297  //Dump SPIs field
1298  TRACE_DEBUG(" SPIs (%" PRIuSIZE " bytes)\r\n", n);
1299 
1300  //The SPI size must be zero for IKE (SPI is in message header) or four
1301  //for AH and ESP
1302  if(n > 0)
1303  {
1304  TRACE_DEBUG_ARRAY(" ", payload->spi, n);
1305  }
1306 }
1307 
1308 
1309 /**
1310  * @brief Dump Traffic Selector payload
1311  * @param[in] payload Pointer to the payload to dump
1312  * @param[in] length Length of the payload, in bytes
1313  **/
1314 
1315 void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
1316 {
1317  uint_t i;
1318  size_t n;
1319  const uint8_t *p;
1320  const IkeTs *ts;
1321 
1322  //Check the length of the payload
1323  if(length < sizeof(IkeTsPayload))
1324  return;
1325 
1326  //Dump Number of TSs field
1327  TRACE_DEBUG(" Number of TSs = %" PRIu8 "\r\n", payload->numTs);
1328 
1329  //Point to the first byte of the Traffic Selectors field
1330  p = (uint8_t *) payload + sizeof(IkeProposal);
1331  //Determine the length of the Traffic Selectors field
1332  length -= sizeof(IkeTsPayload);
1333 
1334  //The Traffic Selectors field contains one or more Traffic Selector
1335  //substructures
1336  for(i = 1; i <= payload->numTs; i++)
1337  {
1338  //Malformed substructure?
1339  if(length < sizeof(IkeTs))
1340  break;
1341 
1342  //Point to the Traffic Selector substructure
1343  ts = (IkeTs *) p;
1344 
1345  //The Selector Length field indicates the length of the Traffic Selector
1346  //substructure including the header
1347  n = ntohs(ts->selectorLength);
1348 
1349  //Debug message
1350  TRACE_DEBUG(" Traffic Selector (%" PRIuSIZE " bytes)\r\n", n);
1351 
1352  //Check the length of the selector
1353  if(n < sizeof(IkeTs) || n > length)
1354  break;
1355 
1356  //Dump Traffic Selector substructure
1357  ikeDumpTs(ts, n);
1358 
1359  //Jump to the next selector
1360  p += n;
1361  length -= n;
1362  }
1363 }
1364 
1365 
1366 /**
1367  * @brief Dump Traffic Selector substructure
1368  * @param[in] ts Pointer to the Traffic Selector substructure to dump
1369  * @param[in] length Length of the selector, in bytes
1370  **/
1371 
1372 void ikeDumpTs(const IkeTs *ts, size_t length)
1373 {
1374  size_t n;
1375  const char_t *tsTypeName;
1376  const char_t *ipProtocolIdName;
1377 
1378  //Check the length of the Traffic Selector substructure
1379  if(length < sizeof(IkeTs))
1380  return;
1381 
1382  //Convert the TS Type to string representation
1383  tsTypeName = ikeGetParamName(ts->tsType, ikeTsTypeList,
1384  arraysize(ikeTsTypeList));
1385 
1386  //Convert the IP Protocol ID to string representation
1387  ipProtocolIdName = ikeGetParamName(ts->ipProtocolId, ikeIpProtocolIdList,
1388  arraysize(ikeIpProtocolIdList));
1389 
1390  //Dump Traffic Selector substructure
1391  TRACE_DEBUG(" TS Type = %" PRIu8 " (%s)\r\n", ts->tsType,
1392  tsTypeName);
1393 
1394  TRACE_DEBUG(" IP Protocol ID = %" PRIu8 " (%s)\r\n",
1395  ts->ipProtocolId, ipProtocolIdName);
1396 
1397  TRACE_DEBUG(" Selector Length = %" PRIu16 "\r\n",
1398  ntohs(ts->selectorLength));
1399 
1400  TRACE_DEBUG(" Start Port = %" PRIu16 "\r\n", ntohs(ts->startPort));
1401  TRACE_DEBUG(" End Port = %" PRIu16 "\r\n", ntohs(ts->endPort));
1402 
1403  //The length of the Starting Address and Ending Address fields are
1404  //determined by the Traffic Selector type
1405  n = length - sizeof(IkeTs);
1406 
1407 #if (IPV4_SUPPORT == ENABLED)
1408  //IPv4 address range?
1409  if(ts->tsType == IKE_TS_TYPE_IPV4_ADDR_RANGE &&
1410  n == (2 * sizeof(Ipv4Addr)))
1411  {
1412  Ipv4Addr ipv4StartAddr;
1413  Ipv4Addr ipv4EndAddr;
1414 
1415  //Copy IPv4 addresses
1416  ipv4CopyAddr(&ipv4StartAddr, ts->startAddr);
1417  ipv4CopyAddr(&ipv4EndAddr, ts->startAddr + sizeof(Ipv4Addr));
1418 
1419  //Dump IPv4 address range
1420  TRACE_DEBUG(" Starting Address = %s\r\n",
1421  ipv4AddrToString(ipv4StartAddr, NULL));
1422 
1423  TRACE_DEBUG(" Ending Address = %s\r\n",
1424  ipv4AddrToString(ipv4EndAddr, NULL));
1425  }
1426  else
1427 #endif
1428 #if (IPV6_SUPPORT == ENABLED)
1429  //IPv6 address range?
1430  if(ts->tsType == IKE_TS_TYPE_IPV6_ADDR_RANGE &&
1431  length == (2 * sizeof(Ipv6Addr)))
1432  {
1433  Ipv6Addr ipv6StartAddr;
1434  Ipv6Addr ipv6EndAddr;
1435 
1436  //Copy IPv6 addresses
1437  ipv6CopyAddr(&ipv6StartAddr, ts->startAddr);
1438  ipv6CopyAddr(&ipv6EndAddr, ts->startAddr + sizeof(Ipv6Addr));
1439 
1440  //Dump IPv6 address range
1441  TRACE_DEBUG(" Starting Address = %s\r\n",
1442  ipv6AddrToString(&ipv6StartAddr, NULL));
1443 
1444  TRACE_DEBUG(" Ending Address = %s\r\n",
1445  ipv6AddrToString(&ipv6EndAddr, NULL));
1446  }
1447  else
1448 #endif
1449  {
1450  //Just for sanity
1451  }
1452 }
1453 
1454 
1455 /**
1456  * @brief Dump Encrypted payload
1457  * @param[in] payload Pointer to the payload to dump
1458  * @param[in] length Length of the payload, in bytes
1459  **/
1460 
1461 void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
1462 {
1463  size_t n;
1464 
1465  //Check the length of the payload
1466  if(length < sizeof(IkeEncryptedPayload))
1467  return;
1468 
1469  //The Payload Length field indicates the length of the encrypted data
1470  n = length - sizeof(IkeEncryptedPayload);
1471 
1472  //Dump encrypted data
1473  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1474  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1475 
1476 }
1477 
1478 
1479 /**
1480  * @brief Dump Encrypted Fragment payload
1481  * @param[in] payload Pointer to the payload to dump
1482  * @param[in] length Length of the payload, in bytes
1483  **/
1484 
1485 void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload,
1486  size_t length)
1487 {
1488  size_t n;
1489 
1490  //Check the length of the payload
1491  if(length < sizeof(IkeEncryptedFragPayload))
1492  return;
1493 
1494  //The Payload Length field indicates the length of the encrypted data
1495  n = length - sizeof(IkeEncryptedFragPayload);
1496 
1497  //The Fragment Number field specifies the current Fragment message number
1498  TRACE_DEBUG(" Fragment Number = %" PRIu16 "\r\n",
1499  ntohs(payload->fragNum));
1500 
1501  //The Total Fragments field specifies the number of Fragment messages into
1502  //which the original message was divided
1503  TRACE_DEBUG(" Total Fragments = %" PRIu16 "\r\n",
1504  ntohs(payload->totalFrags));
1505 
1506  //Dump encrypted data
1507  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1508  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1509 }
1510 
1511 
1512 /**
1513  * @brief Convert a parameter to string representation
1514  * @param[in] value Parameter value
1515  * @param[in] paramList List of acceptable parameters
1516  * @param[in] paramListLen Number of entries in the list
1517  * @return NULL-terminated string describing the parameter
1518  **/
1519 
1520 const char_t *ikeGetParamName(uint_t value, const IkeParamName *paramList,
1521  size_t paramListLen)
1522 {
1523  uint_t i;
1524 
1525  //Default name for unknown values
1526  static const char_t defaultName[] = "Unknown";
1527 
1528  //Loop through the list of acceptable parameters
1529  for(i = 0; i < paramListLen; i++)
1530  {
1531  if(paramList[i].value == value)
1532  return paramList[i].name;
1533  }
1534 
1535  //Unknown value
1536  return defaultName;
1537 }
1538 
1539 #endif
ikeDumpPayloads
void ikeDumpPayloads(const uint8_t *payloads, size_t length, uint8_t nextPayload)
Dump IKE payloads.
Definition: ike_debug.c:517
IKE_TRANSFORM_ID_ENCR_AES_GCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_8
Definition: ike.h:928
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
@ IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
Definition: ike.h:981
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
@ IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
Definition: ike.h:1192
IKE_ID_TYPE_FC_NAME
@ IKE_ID_TYPE_FC_NAME
Definition: ike.h:1074
IKE_TRANSFORM_ID_DH_GROUP_CURVE448
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE448
curve448
Definition: ike.h:1019
ipv6AddrToString
char_t * ipv6AddrToString(const Ipv6Addr *ipAddr, char_t *str)
Convert a binary IPv6 address to a string representation.
Definition: ipv6.c:2339
IkeParamName
Parameter value/name binding.
Definition: ike_debug.h:49
ikeDumpTransformAttr
error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length, size_t *consumed)
Dump transform attribute.
Definition: ike_debug.c:919
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
Definition: ike.h:986
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
1024-bit MODP Group
Definition: ike.h:999
IKE_TRANSFORM_ID_DH_GROUP_ECP_192
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_192
192-bit Random ECP Group
Definition: ike.h:1012
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
Definition: ike.h:1199
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
Definition: ike.h:975
IKE_TS_TYPE_IPV4_ADDR_RANGE
@ IKE_TS_TYPE_IPV4_ADDR_RANGE
Definition: ike.h:1220
IKE_TRANSFORM_ID_PRF_AES128_CMAC
@ IKE_TRANSFORM_ID_PRF_AES128_CMAC
Definition: ike.h:962
IKE_TRANSFORM_ID_ENCR_AES_CCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_16
Definition: ike.h:927
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
Definition: ike.h:1153
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
Definition: ike.h:941
IkeCertReqPayload
IkeCertReqPayload
Definition: ike.h:1514
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
Definition: ike.h:1131
IKE_TRANSFORM_ID_ENCR_AES_CTR
@ IKE_TRANSFORM_ID_ENCR_AES_CTR
Definition: ike.h:924
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
Definition: ike.h:1193
IKE_TRANSFORM_ID_DH_GROUP_NONE
@ IKE_TRANSFORM_ID_DH_GROUP_NONE
None.
Definition: ike.h:997
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
Definition: ike.h:1196
ikeDumpKePayload
void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
Dump Key Exchange payload.
Definition: ike_debug.c:996
IKE_NOTIFY_MSG_TYPE_INVALID_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_SPI
Definition: ike.h:1132
IKE_CERT_ENCODING_RAW_RSA_KEY
@ IKE_CERT_ENCODING_RAW_RSA_KEY
Raw RSA key (deprecated)
Definition: ike.h:1094
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
@ IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
Definition: ike.h:1151
IKE_IP_PROTOCOL_ID_ICMP
@ IKE_IP_PROTOCOL_ID_ICMP
Definition: ike.h:1231
IKE_IP_PROTOCOL_ID_TCP
@ IKE_IP_PROTOCOL_ID_TCP
Definition: ike.h:1232
IKE_ID_TYPE_NULL
@ IKE_ID_TYPE_NULL
Definition: ike.h:1075
IKE_NOTIFY_MSG_TYPE_REKEY_SA
@ IKE_NOTIFY_MSG_TYPE_REKEY_SA
Definition: ike.h:1159
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
Definition: ike.h:1146
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
Definition: ike.h:980
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
Definition: ike.h:1152
IKE_ID_TYPE_IPV4_ADDR
@ IKE_ID_TYPE_IPV4_ADDR
Definition: ike.h:1067
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
@ IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
Definition: ike.h:1133
IKE_PAYLOAD_TYPE_CP
@ IKE_PAYLOAD_TYPE_CP
Configuration.
Definition: ike.h:860
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
Definition: ike.h:1164
IkeKePayload
IkeKePayload
Definition: ike.h:1477
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
Definition: ike.h:932
p
uint8_t p
Definition: ndp.h:300
IKE_ID_TYPE_DER_ASN1_DN
@ IKE_ID_TYPE_DER_ASN1_DN
Definition: ike.h:1071
IKE_TRANSFORM_ID_ENCR_IDEA
@ IKE_TRANSFORM_ID_ENCR_IDEA
Definition: ike.h:917
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
Definition: ike.h:982
message
uint8_t message[]
Definition: chap.h:154
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
Definition: ike.h:974
IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
4096-bit MODP Group
Definition: ike.h:1003
IKE_CERT_ENCODING_DNS_SIGNED_KEY
@ IKE_CERT_ENCODING_DNS_SIGNED_KEY
DNS signed key.
Definition: ike.h:1087
IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
@ IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
More transform substructures.
Definition: ike.h:876
IKE_AUTH_METHOD_ECDSA_P521_SHA512
@ IKE_AUTH_METHOD_ECDSA_P521_SHA512
ECDSA with SHA-512 on the P-521 curve.
Definition: ike.h:1113
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
2048-bit MODP Group
Definition: ike.h:1001
ikeDumpSaPayload
void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
Dump Security Association payload.
Definition: ike_debug.c:664
IKE_NOTIFY_MSG_TYPE_PUZZLE
@ IKE_NOTIFY_MSG_TYPE_PUZZLE
Definition: ike.h:1200
IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
8192-bit MODP Group
Definition: ike.h:1005
IkeNotifyPayload
IkeNotifyPayload
Definition: ike.h:1563
IKE_TRANSFORM_TYPE_DH
@ IKE_TRANSFORM_TYPE_DH
Diffie-Hellman Group.
Definition: ike.h:901
numTransforms
uint8_t numTransforms
Definition: ike.h:1434
IKE_TRANSFORM_ID_ESN_NO
@ IKE_TRANSFORM_ID_ESN_NO
No Extended Sequence Numbers.
Definition: ike.h:1034
IKE_AUTH_METHOD_GSPAM
@ IKE_AUTH_METHOD_GSPAM
Generic Secure Password Authentication Method.
Definition: ike.h:1114
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
Definition: ike.h:1166
IKE_TRANSFORM_ID_ENCR_CAST
@ IKE_TRANSFORM_ID_ENCR_CAST
Definition: ike.h:918
IKE_AUTH_METHOD_RSA
@ IKE_AUTH_METHOD_RSA
RSA Digital Signature.
Definition: ike.h:1108
IKE_PROTOCOL_ID_AH
@ IKE_PROTOCOL_ID_AH
AH protocol.
Definition: ike.h:887
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
Definition: ike.h:934
Ipv6Addr
Ipv6Addr
Definition: ipv6.h:260
IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
@ IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
IKE_SESSION_RESUME.
Definition: ike.h:822
IKE_LAST_SUBSTRUC_LAST
@ IKE_LAST_SUBSTRUC_LAST
Last proposal/transform substructure.
Definition: ike.h:874
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
Definition: ike.h:1181
IkePayloadHeader
IkePayloadHeader
Definition: ike.h:1408
ikeDumpEncryptedPayload
void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
Dump Encrypted payload.
Definition: ike_debug.c:1461
IKE_PAYLOAD_TYPE_CERTREQ
@ IKE_PAYLOAD_TYPE_CERTREQ
Certificate Request.
Definition: ike.h:851
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
Definition: ike.h:936
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
Definition: ike.h:944
IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
@ IKE_NOTIFY_MSG_TYPE_SENDER_REQUEST_ID
Definition: ike.h:1195
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
GOST3410_2012_256.
Definition: ike.h:1020
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
Definition: ike.h:983
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
@ IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
Definition: ike.h:1194
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
Definition: ike.h:1182
IKE_NOTIFY_MSG_TYPE_TICKET_NACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_NACK
Definition: ike.h:1178
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
Definition: ike.h:940
IKE_IP_PROTOCOL_ID_UDP
@ IKE_IP_PROTOCOL_ID_UDP
Definition: ike.h:1233
IKE_TRANSFORM_ID_ENCR_DES_IV64
@ IKE_TRANSFORM_ID_ENCR_DES_IV64
Definition: ike.h:913
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
Definition: ike.h:939
IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
@ IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
Hash and URL of X.509 bundle.
Definition: ike.h:1096
IKE_AUTH_METHOD_NULL
@ IKE_AUTH_METHOD_NULL
NULL Authentication.
Definition: ike.h:1115
IkeTransform
IkeTransform
Definition: ike.h:1452
IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
curve25519
Definition: ike.h:1018
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
224-bit Brainpool ECP Group
Definition: ike.h:1014
Ipv4Addr
uint32_t Ipv4Addr
IPv4 network address.
Definition: ipv4.h:298
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
@ IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
Definition: ike.h:1197
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
Definition: ike.h:937
IKE_ATTR_FORMAT_TV
@ IKE_ATTR_FORMAT_TV
shortened Type/Value format
Definition: ike.h:1046
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
@ IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
Definition: ike.h:978
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
Definition: ike.h:960
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
@ IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
Definition: ike.h:1208
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
Definition: ike.h:1154
r
uint8_t r
Definition: ndp.h:346
IKE_TRANSFORM_TYPE_ESN
@ IKE_TRANSFORM_TYPE_ESN
Extended Sequence Numbers.
Definition: ike.h:902
ikeDumpEncryptedFragPayload
void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload, size_t length)
Dump Encrypted Fragment payload.
Definition: ike_debug.c:1485
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
@ IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
Definition: ike.h:1140
IKE_TRANSFORM_ID_DH_GROUP_ECP_224
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_224
224-bit Random ECP Group
Definition: ike.h:1013
IKE_NOTIFY_MSG_TYPE_LINK_ID
@ IKE_NOTIFY_MSG_TYPE_LINK_ID
Definition: ike.h:1180
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
Definition: ike.h:1155
IKE_TRANSFORM_ID_ENCR_AES_CBC
@ IKE_TRANSFORM_ID_ENCR_AES_CBC
Definition: ike.h:923
IKE_PAYLOAD_TYPE_EAP
@ IKE_PAYLOAD_TYPE_EAP
Extensible Authentication.
Definition: ike.h:861
IKE_ID_TYPE_DER_ASN1_GN
@ IKE_ID_TYPE_DER_ASN1_GN
Definition: ike.h:1072
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
@ IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
Key Length (in bits)
Definition: ike.h:1056
IkeAuthPayload
IkeAuthPayload
Definition: ike.h:1527
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
Definition: ike.h:1139
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
Definition: ike.h:1189
IKE_EXCHANGE_TYPE_IKE_AUTH
@ IKE_EXCHANGE_TYPE_IKE_AUTH
IKE_AUTH.
Definition: ike.h:819
ikeDumpCertReqPayload
void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
Dump Certificate Request payload.
Definition: ike_debug.c:1126
IKE_ID_TYPE_IPV6_ADDR
@ IKE_ID_TYPE_IPV6_ADDR
Definition: ike.h:1070
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
Definition: ike.h:1184
FALSE
#define FALSE
Definition: os_port.h:46
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
@ IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
Definition: ike.h:1141
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
@ IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
Definition: ike.h:1171
IKE_ATTR_FORMAT_TLV
@ IKE_ATTR_FORMAT_TLV
Type/Length/Value format.
Definition: ike.h:1045
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
Definition: ike.h:1205
ike_debug.h
Data logging functions for debugging purpose (IKEv2)
IKE_FLAGS_I
@ IKE_FLAGS_I
Initiator flag.
Definition: ike.h:835
error_t
error_t
Error codes.
Definition: error.h:43
IKE_PAYLOAD_TYPE_SK
@ IKE_PAYLOAD_TYPE_SK
Encrypted and Authenticated.
Definition: ike.h:859
IKE_TRANSFORM_ID_DH_GROUP_MODP_768
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_768
768-bit MODP Group
Definition: ike.h:998
IkeIdPayload
IkeIdPayload
Definition: ike.h:1490
ikeDumpTs
void ikeDumpTs(const IkeTs *ts, size_t length)
Dump Traffic Selector substructure.
Definition: ike_debug.c:1372
IKE_PAYLOAD_TYPE_AUTH
@ IKE_PAYLOAD_TYPE_AUTH
Authentication.
Definition: ike.h:852
IKE_TRANSFORM_ID_ENCR_NULL
@ IKE_TRANSFORM_ID_ENCR_NULL
Definition: ike.h:922
IKE_PAYLOAD_TYPE_CERT
@ IKE_PAYLOAD_TYPE_CERT
Certificate.
Definition: ike.h:850
IkeTsPayload
IkeTsPayload
Definition: ike.h:1601
IKE_AUTH_METHOD_DIGITAL_SIGN
@ IKE_AUTH_METHOD_DIGITAL_SIGN
Digital Signature.
Definition: ike.h:1116
IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
@ IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
IKE_INTERMEDIATE.
Definition: ike.h:823
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
Definition: ike.h:1168
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
Definition: ike.h:943
IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:790
ikeDumpPayloadHeader
void ikeDumpPayloadHeader(const IkePayloadHeader *header)
Dump generic payload header.
Definition: ike_debug.c:643
IKE_PROTOCOL_ID_ESP
@ IKE_PROTOCOL_ID_ESP
ESP protocol.
Definition: ike.h:888
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
@ IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
Definition: ike.h:1203
IKE_TRANSFORM_ID_PRF_HMAC_MD5
@ IKE_TRANSFORM_ID_PRF_HMAC_MD5
Definition: ike.h:955
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
Definition: ike.h:1202
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
@ IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
Definition: ike.h:1185
IKE_CERT_ENCODING_PGP_CERT
@ IKE_CERT_ENCODING_PGP_CERT
PGP certificate.
Definition: ike.h:1086
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
512-bit Brainpool ECP Group
Definition: ike.h:1017
IKE_IP_PROTOCOL_ID_ICMPV6
@ IKE_IP_PROTOCOL_ID_ICMPV6
Definition: ike.h:1234
IKE_TRANSFORM_ID_PRF_HMAC_SHA1
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA1
Definition: ike.h:956
IKE_CERT_ENCODING_X509_CERT_ATTR
@ IKE_CERT_ENCODING_X509_CERT_ATTR
X.509 certificate - attribute.
Definition: ike.h:1093
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
Definition: ike.h:1162
IKE_TRANSFORM_ID_ENCR_AES_GCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_12
Definition: ike.h:929
IkeTransformAttr
IkeTransformAttr
Definition: ike.h:1464
IKE_CERT_ENCODING_OCSP_CONTENT
@ IKE_CERT_ENCODING_OCSP_CONTENT
OCSP Content.
Definition: ike.h:1097
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
Definition: ike.h:938
IKE_PAYLOAD_TYPE_V
@ IKE_PAYLOAD_TYPE_V
Vendor ID.
Definition: ike.h:856
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
Definition: ike.h:942
IKE_PAYLOAD_TYPE_IDI
@ IKE_PAYLOAD_TYPE_IDI
Identification - Initiator.
Definition: ike.h:848
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
@ IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
Definition: ike.h:1174
IKE_TRANSFORM_ID_ENCR_BLOWFISH
@ IKE_TRANSFORM_ID_ENCR_BLOWFISH
Definition: ike.h:919
IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
1536-bit MODP Group
Definition: ike.h:1000
IKE_TRANSFORM_TYPE_ENCR
@ IKE_TRANSFORM_TYPE_ENCR
Encryption Algorithm.
Definition: ike.h:898
IKE_TRANSFORM_ID_ENCR_DES_IV32
@ IKE_TRANSFORM_ID_ENCR_DES_IV32
Definition: ike.h:921
length
uint8_t length
Definition: tcp.h:375
IKE_TRANSFORM_ID_PRF_AES128_XCBC
@ IKE_TRANSFORM_ID_PRF_AES128_XCBC
Definition: ike.h:958
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
Definition: ike.h:979
IKE_CERT_ENCODING_HASH_URL_X509_CERT
@ IKE_CERT_ENCODING_HASH_URL_X509_CERT
Hash and URL of X.509 certificate.
Definition: ike.h:1095
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
ML-KEM-768.
Definition: ike.h:1023
IkeHeader
IkeHeader
Definition: ike.h:1390
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
2048-bit MODP Group with 224-bit Prime Order Subgroup
Definition: ike.h:1010
IKE_NOTIFY_MSG_TYPE_USE_PPK
@ IKE_NOTIFY_MSG_TYPE_USE_PPK
Definition: ike.h:1201
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
Definition: ike.h:1206
IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
@ IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
CREATE_CHILD_SA.
Definition: ike.h:820
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
Definition: ike.h:1179
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
@ IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
Definition: ike.h:1143
IKE_AUTH_METHOD_SHARED_KEY
@ IKE_AUTH_METHOD_SHARED_KEY
Shared Key Message Integrity Code.
Definition: ike.h:1109
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
Definition: ike.h:1158
IKE_TRANSFORM_ID_DH_GROUP_ECP_384
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_384
384-bit Random ECP Group
Definition: ike.h:1007
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
Definition: ike.h:959
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
Definition: ike.h:1160
IkeEncryptedPayload
IkeEncryptedPayload
Definition: ike.h:1627
IKE_CERT_ENCODING_CRL
@ IKE_CERT_ENCODING_CRL
Certificate revocation list.
Definition: ike.h:1090
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
Definition: ike.h:1149
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
@ IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
Definition: ike.h:1161
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
GOST3410_2012_512.
Definition: ike.h:1021
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
Definition: ike.h:985
IkeDeletePayload
IkeDeletePayload
Definition: ike.h:1577
ikeDumpCertPayload
void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
Dump Certificate payload.
Definition: ike_debug.c:1094
IKE_TRANSFORM_ID_ENCR_DES
@ IKE_TRANSFORM_ID_ENCR_DES
Definition: ike.h:914
ike.h
IKEv2 (Internet Key Exchange Protocol)
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
Definition: ike.h:1148
ntohs
#define ntohs(value)
Definition: cpu_endian.h:421
IKE_TRANSFORM_ID_AUTH_KPDK_MD5
@ IKE_TRANSFORM_ID_AUTH_KPDK_MD5
Definition: ike.h:977
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
Definition: ike.h:984
IkeTs
IkeTs
Definition: ike.h:1616
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
@ IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
Definition: ike.h:931
ikeDumpDeletePayload
void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
Dump Delete payload.
Definition: ike_debug.c:1273
flags
uint8_t flags
Definition: tcp.h:358
TRACE_DEBUG
#define TRACE_DEBUG(...)
Definition: debug.h:119
IkeProposal
IkeProposal
Definition: ike.h:1436
char_t
char char_t
Definition: compiler_port.h:55
IKE_CERT_ENCODING_PKCS7_X509_CERT
@ IKE_CERT_ENCODING_PKCS7_X509_CERT
PKCS #7 wrapped X.509 certificate.
Definition: ike.h:1085
IKE_PAYLOAD_TYPE_PS
@ IKE_PAYLOAD_TYPE_PS
Puzzle Solution.
Definition: ike.h:864
ikeDumpAuthPayload
void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
Dump Authentication payload.
Definition: ike_debug.c:1158
IKE_EXCHANGE_TYPE_IKE_SA_INIT
@ IKE_EXCHANGE_TYPE_IKE_SA_INIT
IKE_SA_INIT.
Definition: ike.h:818
IKE_PAYLOAD_TYPE_NONCE
@ IKE_PAYLOAD_TYPE_NONCE
Nonce.
Definition: ike.h:853
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
Definition: ike.h:1134
ikeDumpHeader
void ikeDumpHeader(const IkeHeader *header)
Dump IKE header.
Definition: ike_debug.c:413
ikeDumpProposal
void ikeDumpProposal(const IkeProposal *proposal, size_t length)
Dump Proposal substructure.
Definition: ike_debug.c:713
IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
@ IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
Definition: ike.h:963
ipv6CopyAddr
#define ipv6CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv6.h:123
ikeDumpNoncePayload
void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
Dump Nonce payload.
Definition: ike_debug.c:1190
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:120
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
1024-bit MODP Group with 160-bit Prime Order Subgroup
Definition: ike.h:1009
IKE_TRANSFORM_ID_ENCR_3DES
@ IKE_TRANSFORM_ID_ENCR_3DES
Definition: ike.h:915
IKE_TRANSFORM_ID_ENCR_AES_GCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16
Definition: ike.h:930
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
Definition: ike.h:1204
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
Definition: ike.h:1137
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
Definition: ike.h:1127
n
uint8_t n
Definition: dhcpv6_common.h:416
IKE_TRANSFORM_ID_PRF_HMAC_TIGER
@ IKE_TRANSFORM_ID_PRF_HMAC_TIGER
Definition: ike.h:957
IKE_PAYLOAD_TYPE_SKF
@ IKE_PAYLOAD_TYPE_SKF
Encrypted and Authenticated Fragment.
Definition: ike.h:863
IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
3072-bit MODP Group
Definition: ike.h:1002
IkeCertPayload
IkeCertPayload
Definition: ike.h:1502
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
ML-KEM-1024.
Definition: ike.h:1024
payload
uint8_t payload[]
Definition: ipv6.h:286
IKE_TRANSFORM_ID_ENCR_AES_CCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_12
Definition: ike.h:926
IKE_TRANSFORM_TYPE_PRF
@ IKE_TRANSFORM_TYPE_PRF
Pseudorandom Function.
Definition: ike.h:899
IKE_TRANSFORM_ID_ESN_YES
@ IKE_TRANSFORM_ID_ESN_YES
Extended Sequence Numbers.
Definition: ike.h:1035
ikeDumpTransform
void ikeDumpTransform(const IkeTransform *transform, size_t length)
Dump Transform substructure.
Definition: ike_debug.c:801
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
Definition: ike.h:1175
IkeEncryptedFragPayload
IkeEncryptedFragPayload
Definition: ike.h:1690
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
@ IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
Definition: ike.h:1190
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
Definition: ike.h:933
IkeParamName::name
const char_t * name
Definition: ike_debug.h:51
IKE_CERT_ENCODING_ARL
@ IKE_CERT_ENCODING_ARL
Authority revocation list.
Definition: ike.h:1091
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
@ IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
Definition: ike.h:1144
IKE_ID_TYPE_RFC822_ADDR
@ IKE_ID_TYPE_RFC822_ADDR
Definition: ike.h:1069
transformId
uint16_t transformId
Definition: ike.h:1450
IKE_PROTOCOL_ID_IKE
@ IKE_PROTOCOL_ID_IKE
IKE protocol.
Definition: ike.h:886
value
uint8_t value[]
Definition: tcp.h:376
IKE_AUTH_METHOD_DSS
@ IKE_AUTH_METHOD_DSS
DSS Digital Signature.
Definition: ike.h:1110
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
Definition: ike.h:1135
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
@ IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
Definition: ike.h:1145
IKE_TRANSFORM_ID_ENCR_3IDEA
@ IKE_TRANSFORM_ID_ENCR_3IDEA
Definition: ike.h:920
IKE_EXCHANGE_TYPE_INFORMATIONAL
@ IKE_EXCHANGE_TYPE_INFORMATIONAL
INFORMATIONAL.
Definition: ike.h:821
IKE_PAYLOAD_TYPE_LAST
@ IKE_PAYLOAD_TYPE_LAST
No Next Payload.
Definition: ike.h:845
IKE_LAST_SUBSTRUC_MORE_PROPOSALS
@ IKE_LAST_SUBSTRUC_MORE_PROPOSALS
More proposal substructures.
Definition: ike.h:875
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
@ IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
Definition: ike.h:1176
ikeGetParamName
const char_t * ikeGetParamName(uint_t value, const IkeParamName *paramList, size_t paramListLen)
Convert a parameter to string representation.
Definition: ike_debug.c:1520
IKE_CERT_ENCODING_SPKI_CERT
@ IKE_CERT_ENCODING_SPKI_CERT
SPKI certificate.
Definition: ike.h:1092
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
@ IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
Definition: ike.h:1150
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
@ IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
Definition: ike.h:1138
IKE_PAYLOAD_TYPE_KE
@ IKE_PAYLOAD_TYPE_KE
Key Exchange.
Definition: ike.h:847
ERROR_INVALID_SYNTAX
@ ERROR_INVALID_SYNTAX
Definition: error.h:68
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
Definition: ike.h:1186
IKE_NOTIFY_MSG_TYPE_REDIRECT
@ IKE_NOTIFY_MSG_TYPE_REDIRECT
Definition: ike.h:1173
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
@ IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
Definition: ike.h:1169
nextPayload
uint8_t nextPayload
Definition: ike.h:1378
IKE_AUTH_METHOD_ECDSA_P256_SHA256
@ IKE_AUTH_METHOD_ECDSA_P256_SHA256
ECDSA with SHA-256 on the P-256 curve.
Definition: ike.h:1111
IKE_NOTIFY_MSG_TYPE_COOKIE
@ IKE_NOTIFY_MSG_TYPE_COOKIE
Definition: ike.h:1156
ipv4CopyAddr
#define ipv4CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv4.h:155
IKE_ID_TYPE_KEY_ID
@ IKE_ID_TYPE_KEY_ID
Definition: ike.h:1073
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
Definition: ike.h:1187
IKE_FLAGS_R
@ IKE_FLAGS_R
Response flag.
Definition: ike.h:833
IKE_PAYLOAD_TYPE_TSI
@ IKE_PAYLOAD_TYPE_TSI
Traffic Selector - Initiator.
Definition: ike.h:857
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
Definition: ike.h:1157
IKE_CERT_ENCODING_X509_CERT_SIGN
@ IKE_CERT_ENCODING_X509_CERT_SIGN
X.509 certificate - signature.
Definition: ike.h:1088
IkeNoncePayload
IkeNoncePayload
Definition: ike.h:1549
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
Definition: ike.h:1136
IKE_TRANSFORM_ID_AUTH_DES_MAC
@ IKE_TRANSFORM_ID_AUTH_DES_MAC
Definition: ike.h:976
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
2048-bit MODP Group with 256-bit Prime Order Subgroup
Definition: ike.h:1011
IKE_TRANSFORM_ID_DH_GROUP_ECP_256
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_256
256-bit Random ECP Group
Definition: ike.h:1006
IKE_NOTIFY_MSG_TYPE_TICKET_ACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_ACK
Definition: ike.h:1177
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
Definition: ike.h:1172
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
Definition: ike.h:1170
IKE_PAYLOAD_TYPE_IDR
@ IKE_PAYLOAD_TYPE_IDR
Identification - Responder.
Definition: ike.h:849
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
Definition: ike.h:1207
PRIuSIZE
#define PRIuSIZE
Definition: compiler_port.h:160
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
Definition: ike.h:987
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
ML-KEM-512.
Definition: ike.h:1022
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
IKE_PAYLOAD_TYPE_D
@ IKE_PAYLOAD_TYPE_D
Delete.
Definition: ike.h:855
ikeDumpNotifyPayload
void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
Dump Notify payload.
Definition: ike_debug.c:1213
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
@ IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
Definition: ike.h:1183
IKE_NOTIFY_MSG_TYPE_COOKIE2
@ IKE_NOTIFY_MSG_TYPE_COOKIE2
Definition: ike.h:1167
IKE_PAYLOAD_TYPE_SA
@ IKE_PAYLOAD_TYPE_SA
Security Association.
Definition: ike.h:846
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
Definition: ike.h:1147
IKE_TRANSFORM_ID_AUTH_NONE
@ IKE_TRANSFORM_ID_AUTH_NONE
Definition: ike.h:973
ipv4AddrToString
char_t * ipv4AddrToString(Ipv4Addr ipAddr, char_t *str)
Convert a binary IPv4 address to dot-decimal notation.
Definition: ipv4.c:1478
IKE_FLAGS_V
@ IKE_FLAGS_V
Version flag.
Definition: ike.h:834
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
@ IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
Definition: ike.h:1191
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
384-bit Brainpool ECP Group
Definition: ike.h:1016
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
@ IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
Definition: ike.h:1129
IKE_CERT_ENCODING_KERBEROS_TOKEN
@ IKE_CERT_ENCODING_KERBEROS_TOKEN
Kerberos token.
Definition: ike.h:1089
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
Definition: ike.h:1188
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
Definition: ike.h:1165
ikeDumpMessage
void ikeDumpMessage(const uint8_t *message, size_t length)
Dump IKE message.
Definition: ike_debug.c:385
ikeDumpIdPayload
void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
Dump Identification payload.
Definition: ike_debug.c:1033
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
Definition: ike.h:1128
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
Definition: ike.h:1142
IKE_TRANSFORM_ID_DH_GROUP_ECP_521
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_521
521-bit Random ECP Group
Definition: ike.h:1008
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
Definition: ike.h:1198
IKE_AUTH_METHOD_ECDSA_P384_SHA384
@ IKE_AUTH_METHOD_ECDSA_P384_SHA384
ECDSA with SHA-384 on the P-384 curve.
Definition: ike.h:1112
IKE_TRANSFORM_ID_ENCR_RC5
@ IKE_TRANSFORM_ID_ENCR_RC5
Definition: ike.h:916
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
Definition: ike.h:1163
IKE_PAYLOAD_TYPE_N
@ IKE_PAYLOAD_TYPE_N
Notify.
Definition: ike.h:854
ntohl
#define ntohl(value)
Definition: cpu_endian.h:422
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
256-bit Brainpool ECP Group
Definition: ike.h:1015
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
Definition: ike.h:961
IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
6144-bit MODP Group
Definition: ike.h:1004
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
IKE_TS_TYPE_IPV6_ADDR_RANGE
@ IKE_TS_TYPE_IPV6_ADDR_RANGE
Definition: ike.h:1221
debug.h
Debugging facilities.
IKE_ID_TYPE_FQDN
@ IKE_ID_TYPE_FQDN
Definition: ike.h:1068
ikeDumpFlags
void ikeDumpFlags(uint8_t flags)
Dump flags.
Definition: ike_debug.c:444
IkeSaPayload
IkeSaPayload
Definition: ike.h:1419
IKE_CERT_ENCODING_RAW_PUBLIC_KEY
@ IKE_CERT_ENCODING_RAW_PUBLIC_KEY
Raw Public Key.
Definition: ike.h:1098
arraysize
#define arraysize(a)
Definition: os_port.h:71
IKE_PAYLOAD_TYPE_GSPM
@ IKE_PAYLOAD_TYPE_GSPM
Generic Secure Password Method.
Definition: ike.h:862
IKE_PAYLOAD_TYPE_TSR
@ IKE_PAYLOAD_TYPE_TSR
Traffic Selector - Responder.
Definition: ike.h:858
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
@ IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
Definition: ike.h:1130
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
Definition: ike.h:935
IKE_TRANSFORM_ID_ENCR_AES_CCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8
Definition: ike.h:925
ikeDumpTsPayload
void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
Dump Traffic Selector payload.
Definition: ike_debug.c:1315
IKE_TRANSFORM_TYPE_INTEG
@ IKE_TRANSFORM_TYPE_INTEG
Integrity Algorithm.
Definition: ike.h:900