ike_misc.c File Reference

Helper functions for IKEv2. More...

#include "ike/ike.h"
#include "ike/ike_key_exchange.h"
#include "ike/ike_payload_parse.h"
#include "ike/ike_misc.h"
#include "ike/ike_debug.h"
#include "ipsec/ipsec_misc.h"
#include "debug.h"

Go to the source code of this file.

Macros

#define TRACE_LEVEL   IKE_TRACE_LEVEL
 

Functions

error_t ikeRetransmitRequest (IkeSaEntry *sa)
 Retransmit IKE request message. More...
 
error_t ikeRetransmitResponse (IkeSaEntry *sa)
 Retransmit IKE response message. More...
 
IkeSaEntryikeCreateSaEntry (IkeContext *context)
 Create a new IKE Security Association. More...
 
IkeSaEntryikeFindSaEntry (IkeContext *context, const IkeHeader *ikeHeader)
 Find an IKE SA that matches an incoming IKE message. More...
 
IkeSaEntryikeFindHalfOpenSaEntry (IkeContext *context, const IkeHeader *ikeHeader, const IkeNoncePayload *noncePayload)
 Find an half-open IKE SA that matches an incoming IKE_SA_INIT request. More...
 
void ikeDeleteSaEntry (IkeSaEntry *sa)
 Delete an IKE Security Association. More...
 
void ikeDeleteDuplicateSaEntries (IkeSaEntry *sa)
 Delete an duplicate IKE Security Associations. More...
 
IkeChildSaEntryikeCreateChildSaEntry (IkeContext *context)
 Create a new Child Security Association. More...
 
IkeChildSaEntryikeFindChildSaEntry (IkeSaEntry *sa, uint8_t protocolId, const uint8_t *spi)
 Find an Child SA that matches the specified SPI. More...
 
void ikeDeleteChildSaEntry (IkeChildSaEntry *childSa)
 Delete a Child Security Association. More...
 
error_t ikeGenerateSaSpi (IkeSaEntry *sa, uint8_t *spi)
 Generate a new IKE SA SPI. More...
 
error_t ikeGenerateChildSaSpi (IkeChildSaEntry *childSa, uint8_t *spi)
 Generate a new Child SA SPI. More...
 
error_t ikeGenerateNonce (IkeContext *context, uint8_t *nonce, size_t *length)
 Generate a new nonce. More...
 
systime_t ikeRandomizeDelay (IkeContext *context, systime_t delay)
 Apply random jitter to a time interval. More...
 
error_t ikeSelectTs (IkeChildSaEntry *childSa, const IkeTsPayload *tsiPayload, const IkeTsPayload *tsrPayload)
 Traffic selector selection. More...
 
error_t ikeCheckTs (IkeChildSaEntry *childSa, const IkeTsPayload *tsiPayload, const IkeTsPayload *tsrPayload)
 Check whether the selected traffic selectors are acceptable. More...
 
error_t ikeCheckNonceLength (IkeSaEntry *sa, size_t nonceLen)
 Check the length of the nonce. More...
 
error_t ikeCreateIpsecSaPair (IkeChildSaEntry *childSa)
 Create AH or ESP SA pair. More...
 
bool_t ikeIsInitialContact (IkeSaEntry *sa)
 Test if the IKE SA is the only currently active with a given peer. More...
 

Variables

const uint8_t IKE_INVALID_SPI [8] = {0}
 

Detailed Description

Helper functions for IKEv2.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneIPSEC Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file ike_misc.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   IKE_TRACE_LEVEL

Definition at line 32 of file ike_misc.c.

Function Documentation

◆ ikeCheckNonceLength()

error_t ikeCheckNonceLength ( IkeSaEntry sa,
size_t  nonceLen 
)

Check the length of the nonce.

Parameters
[in]saPointer to the IKE SA
[in]nonceLenLength of the nonce, in bytes
Returns
Error code

Definition at line 934 of file ike_misc.c.

◆ ikeCheckTs()

error_t ikeCheckTs ( IkeChildSaEntry childSa,
const IkeTsPayload tsiPayload,
const IkeTsPayload tsrPayload 
)

Check whether the selected traffic selectors are acceptable.

Parameters
[in]childSaPointer to the Child SA
[in]tsiPayloadPointer to the TSi payload
[in]tsrPayloadPointer to the TSr payload
Returns
Error code

Definition at line 854 of file ike_misc.c.

◆ ikeCreateChildSaEntry()

IkeChildSaEntry* ikeCreateChildSaEntry ( IkeContext context)

Create a new Child Security Association.

Parameters
[in]contextPointer to the IKE context
Returns
Pointer to the newly created Child SA

Definition at line 396 of file ike_misc.c.

◆ ikeCreateIpsecSaPair()

error_t ikeCreateIpsecSaPair ( IkeChildSaEntry childSa)

Create AH or ESP SA pair.

Parameters
[in]childSaPointer to the Child SA
Returns
Error code

Definition at line 1010 of file ike_misc.c.

◆ ikeCreateSaEntry()

IkeSaEntry* ikeCreateSaEntry ( IkeContext context)

Create a new IKE Security Association.

Parameters
[in]contextPointer to the IKE context
Returns
Pointer to the newly created IKE SA

Definition at line 136 of file ike_misc.c.

◆ ikeDeleteChildSaEntry()

void ikeDeleteChildSaEntry ( IkeChildSaEntry childSa)

Delete a Child Security Association.

Parameters
[in]childSaPointer to the Child SA

Definition at line 501 of file ike_misc.c.

◆ ikeDeleteDuplicateSaEntries()

void ikeDeleteDuplicateSaEntries ( IkeSaEntry sa)

Delete an duplicate IKE Security Associations.

Parameters
[in]saPointer to the currently active IKE SA

Definition at line 353 of file ike_misc.c.

◆ ikeDeleteSaEntry()

void ikeDeleteSaEntry ( IkeSaEntry sa)

Delete an IKE Security Association.

Parameters
[in]saPointer to the IKE SA

Definition at line 298 of file ike_misc.c.

◆ ikeFindChildSaEntry()

IkeChildSaEntry* ikeFindChildSaEntry ( IkeSaEntry sa,
uint8_t  protocolId,
const uint8_t *  spi 
)

Find an Child SA that matches the specified SPI.

Parameters
[in]saPointer to the IKE SA
[in]protocolIdProtocol identifier (AH or ESP)
[in]spiSecurity parameter index
Returns
Pointer to the matching Child SA, if any

Definition at line 459 of file ike_misc.c.

◆ ikeFindHalfOpenSaEntry()

IkeSaEntry* ikeFindHalfOpenSaEntry ( IkeContext context,
const IkeHeader ikeHeader,
const IkeNoncePayload noncePayload 
)

Find an half-open IKE SA that matches an incoming IKE_SA_INIT request.

Parameters
[in]contextPointer to the IKE context
[in]ikeHeaderPointer to the IKE header
[in]noncePayloadPointer to the Ni payload
Returns
Pointer to the matching IKE SA, if any

Definition at line 244 of file ike_misc.c.

◆ ikeFindSaEntry()

IkeSaEntry* ikeFindSaEntry ( IkeContext context,
const IkeHeader ikeHeader 
)

Find an IKE SA that matches an incoming IKE message.

Parameters
[in]contextPointer to the IKE context
[in]ikeHeaderPointer to the IKE header
Returns
Pointer to the matching IKE SA, if any

Definition at line 183 of file ike_misc.c.

◆ ikeGenerateChildSaSpi()

error_t ikeGenerateChildSaSpi ( IkeChildSaEntry childSa,
uint8_t *  spi 
)

Generate a new Child SA SPI.

Parameters
[in]childSaPointer to the Child SA
[out]spiPointer to the buffer where to store the resulting SPI
Returns
Error code

Definition at line 615 of file ike_misc.c.

◆ ikeGenerateNonce()

error_t ikeGenerateNonce ( IkeContext context,
uint8_t *  nonce,
size_t *  length 
)

Generate a new nonce.

Parameters
[in]contextPointer to the IKE context
[out]noncePointer to the buffer where to store the resulting nonce
[in]lengthLength of the nonce, in bytes
Returns
Error code

Definition at line 689 of file ike_misc.c.

◆ ikeGenerateSaSpi()

error_t ikeGenerateSaSpi ( IkeSaEntry sa,
uint8_t *  spi 
)

Generate a new IKE SA SPI.

Parameters
[in]saPointer to the IKE SA
[out]spiPointer to the buffer where to store the resulting SPI
Returns
Error code

Definition at line 530 of file ike_misc.c.

◆ ikeIsInitialContact()

bool_t ikeIsInitialContact ( IkeSaEntry sa)

Test if the IKE SA is the only currently active with a given peer.

Parameters
[in]saPointer to the IKE SA
Returns
TRUE if this IKE SA is the only IKE SA currently active between the authenticated identities, else FALSE

Definition at line 1136 of file ike_misc.c.

◆ ikeRandomizeDelay()

systime_t ikeRandomizeDelay ( IkeContext context,
systime_t  delay 
)

Apply random jitter to a time interval.

Parameters
[in]contextPointer to the IKE context
[out]delayTime interval to be randomized
Returns
Randomized time interval

Definition at line 723 of file ike_misc.c.

◆ ikeRetransmitRequest()

error_t ikeRetransmitRequest ( IkeSaEntry sa)

Retransmit IKE request message.

Parameters
[in]saPointer to the IKE SA
Returns
Error code

Definition at line 56 of file ike_misc.c.

◆ ikeRetransmitResponse()

error_t ikeRetransmitResponse ( IkeSaEntry sa)

Retransmit IKE response message.

Parameters
[in]saPointer to the IKE SA
Returns
Error code

Definition at line 98 of file ike_misc.c.

◆ ikeSelectTs()

error_t ikeSelectTs ( IkeChildSaEntry childSa,
const IkeTsPayload tsiPayload,
const IkeTsPayload tsrPayload 
)

Traffic selector selection.

Parameters
[in]childSaPointer to the Child SA
[in]tsiPayloadPointer to the TSi payload
[in]tsrPayloadPointer to the TSr payload
Returns
Error code

Definition at line 760 of file ike_misc.c.

Variable Documentation

◆ IKE_INVALID_SPI

const uint8_t IKE_INVALID_SPI[8] = {0}

Definition at line 47 of file ike_misc.c.