Helper functions for IKEv2. More...
#include "ike/ike.h"Go to the source code of this file.
Functions | |
| error_t | ikeRetransmitRequest (IkeSaEntry *sa) |
| Retransmit IKE request message. More... | |
| error_t | ikeRetransmitResponse (IkeSaEntry *sa) |
| Retransmit IKE response message. More... | |
| IkeSaEntry * | ikeCreateSaEntry (IkeContext *context) |
| Create a new IKE Security Association. More... | |
| IkeSaEntry * | ikeFindSaEntry (IkeContext *context, const IkeHeader *ikeHeader) |
| Find an IKE SA that matches an incoming IKE message. More... | |
| IkeSaEntry * | ikeFindHalfOpenSaEntry (IkeContext *context, const IkeHeader *ikeHeader, const IkeNoncePayload *noncePayload) |
| Find an half-open IKE SA that matches an incoming IKE_SA_INIT request. More... | |
| void | ikeDeleteSaEntry (IkeSaEntry *sa) |
| Delete an IKE Security Association. More... | |
| void | ikeDeleteDuplicateSaEntries (IkeSaEntry *sa) |
| Delete an duplicate IKE Security Associations. More... | |
| IkeChildSaEntry * | ikeCreateChildSaEntry (IkeContext *context) |
| Create a new Child Security Association. More... | |
| IkeChildSaEntry * | ikeFindChildSaEntry (IkeSaEntry *sa, uint8_t protocolId, const uint8_t *spi) |
| Find an Child SA that matches the specified SPI. More... | |
| void | ikeDeleteChildSaEntry (IkeChildSaEntry *childSa) |
| Delete a Child Security Association. More... | |
| error_t | ikeGenerateSaSpi (IkeSaEntry *sa, uint8_t *spi) |
| Generate a new IKE SA SPI. More... | |
| error_t | ikeGenerateChildSaSpi (IkeChildSaEntry *childSa, uint8_t *spi) |
| Generate a new Child SA SPI. More... | |
| error_t | ikeGenerateNonce (IkeContext *context, uint8_t *nonce, size_t *length) |
| Generate a new nonce. More... | |
| systime_t | ikeRandomizeDelay (IkeContext *context, systime_t delay) |
| Apply random jitter to a time interval. More... | |
| error_t | ikeSelectTs (IkeChildSaEntry *childSa, const IkeTsPayload *tsiPayload, const IkeTsPayload *tsrPayload) |
| Traffic selector selection. More... | |
| error_t | ikeCheckTs (IkeChildSaEntry *childSa, const IkeTsPayload *tsiPayload, const IkeTsPayload *tsrPayload) |
| Check whether the selected traffic selectors are acceptable. More... | |
| error_t | ikeCheckNonceLength (IkeSaEntry *sa, size_t nonceLen) |
| Check the length of the nonce. More... | |
| error_t | ikeCreateIpsecSaPair (IkeChildSaEntry *childSa) |
| Create AH or ESP SA pair. More... | |
| bool_t | ikeIsInitialContact (IkeSaEntry *sa) |
| Test if the IKE SA is the only currently active with a given peer. More... | |
Variables | |
| const uint8_t | IKE_INVALID_SPI [8] |
Detailed Description
Helper functions for IKEv2.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file ike_misc.h.
Function Documentation
◆ ikeCheckNonceLength()
| error_t ikeCheckNonceLength | ( | IkeSaEntry * | sa, |
| size_t | nonceLen | ||
| ) |
Check the length of the nonce.
- Parameters
-
[in] sa Pointer to the IKE SA [in] nonceLen Length of the nonce, in bytes
- Returns
- Error code
Definition at line 935 of file ike_misc.c.
◆ ikeCheckTs()
| error_t ikeCheckTs | ( | IkeChildSaEntry * | childSa, |
| const IkeTsPayload * | tsiPayload, | ||
| const IkeTsPayload * | tsrPayload | ||
| ) |
Check whether the selected traffic selectors are acceptable.
- Parameters
-
[in] childSa Pointer to the Child SA [in] tsiPayload Pointer to the TSi payload [in] tsrPayload Pointer to the TSr payload
- Returns
- Error code
Definition at line 855 of file ike_misc.c.
◆ ikeCreateChildSaEntry()
| IkeChildSaEntry* ikeCreateChildSaEntry | ( | IkeContext * | context | ) |
Create a new Child Security Association.
- Parameters
-
[in] context Pointer to the IKE context
- Returns
- Pointer to the newly created Child SA
Definition at line 396 of file ike_misc.c.
◆ ikeCreateIpsecSaPair()
| error_t ikeCreateIpsecSaPair | ( | IkeChildSaEntry * | childSa | ) |
Create AH or ESP SA pair.
- Parameters
-
[in] childSa Pointer to the Child SA
- Returns
- Error code
Definition at line 1027 of file ike_misc.c.
◆ ikeCreateSaEntry()
| IkeSaEntry* ikeCreateSaEntry | ( | IkeContext * | context | ) |
Create a new IKE Security Association.
- Parameters
-
[in] context Pointer to the IKE context
- Returns
- Pointer to the newly created IKE SA
Definition at line 136 of file ike_misc.c.
◆ ikeDeleteChildSaEntry()
| void ikeDeleteChildSaEntry | ( | IkeChildSaEntry * | childSa | ) |
Delete a Child Security Association.
- Parameters
-
[in] childSa Pointer to the Child SA
Definition at line 501 of file ike_misc.c.
◆ ikeDeleteDuplicateSaEntries()
| void ikeDeleteDuplicateSaEntries | ( | IkeSaEntry * | sa | ) |
Delete an duplicate IKE Security Associations.
- Parameters
-
[in] sa Pointer to the currently active IKE SA
Definition at line 353 of file ike_misc.c.
◆ ikeDeleteSaEntry()
| void ikeDeleteSaEntry | ( | IkeSaEntry * | sa | ) |
Delete an IKE Security Association.
- Parameters
-
[in] sa Pointer to the IKE SA
Definition at line 298 of file ike_misc.c.
◆ ikeFindChildSaEntry()
| IkeChildSaEntry* ikeFindChildSaEntry | ( | IkeSaEntry * | sa, |
| uint8_t | protocolId, | ||
| const uint8_t * | spi | ||
| ) |
Find an Child SA that matches the specified SPI.
- Parameters
-
[in] sa Pointer to the IKE SA [in] protocolId Protocol identifier (AH or ESP) [in] spi Security parameter index
- Returns
- Pointer to the matching Child SA, if any
Definition at line 459 of file ike_misc.c.
◆ ikeFindHalfOpenSaEntry()
| IkeSaEntry* ikeFindHalfOpenSaEntry | ( | IkeContext * | context, |
| const IkeHeader * | ikeHeader, | ||
| const IkeNoncePayload * | noncePayload | ||
| ) |
Find an half-open IKE SA that matches an incoming IKE_SA_INIT request.
- Parameters
-
[in] context Pointer to the IKE context [in] ikeHeader Pointer to the IKE header [in] noncePayload Pointer to the Ni payload
- Returns
- Pointer to the matching IKE SA, if any
Definition at line 244 of file ike_misc.c.
◆ ikeFindSaEntry()
| IkeSaEntry* ikeFindSaEntry | ( | IkeContext * | context, |
| const IkeHeader * | ikeHeader | ||
| ) |
Find an IKE SA that matches an incoming IKE message.
- Parameters
-
[in] context Pointer to the IKE context [in] ikeHeader Pointer to the IKE header
- Returns
- Pointer to the matching IKE SA, if any
Definition at line 183 of file ike_misc.c.
◆ ikeGenerateChildSaSpi()
| error_t ikeGenerateChildSaSpi | ( | IkeChildSaEntry * | childSa, |
| uint8_t * | spi | ||
| ) |
Generate a new Child SA SPI.
- Parameters
-
[in] childSa Pointer to the Child SA [out] spi Pointer to the buffer where to store the resulting SPI
- Returns
- Error code
Definition at line 616 of file ike_misc.c.
◆ ikeGenerateNonce()
| error_t ikeGenerateNonce | ( | IkeContext * | context, |
| uint8_t * | nonce, | ||
| size_t * | length | ||
| ) |
Generate a new nonce.
- Parameters
-
[in] context Pointer to the IKE context [out] nonce Pointer to the buffer where to store the resulting nonce [in] length Length of the nonce, in bytes
- Returns
- Error code
Definition at line 690 of file ike_misc.c.
◆ ikeGenerateSaSpi()
| error_t ikeGenerateSaSpi | ( | IkeSaEntry * | sa, |
| uint8_t * | spi | ||
| ) |
Generate a new IKE SA SPI.
- Parameters
-
[in] sa Pointer to the IKE SA [out] spi Pointer to the buffer where to store the resulting SPI
- Returns
- Error code
Definition at line 530 of file ike_misc.c.
◆ ikeIsInitialContact()
| bool_t ikeIsInitialContact | ( | IkeSaEntry * | sa | ) |
Test if the IKE SA is the only currently active with a given peer.
- Parameters
-
[in] sa Pointer to the IKE SA
- Returns
- TRUE if this IKE SA is the only IKE SA currently active between the authenticated identities, else FALSE
Definition at line 1161 of file ike_misc.c.
◆ ikeRandomizeDelay()
| systime_t ikeRandomizeDelay | ( | IkeContext * | context, |
| systime_t | delay | ||
| ) |
Apply random jitter to a time interval.
- Parameters
-
[in] context Pointer to the IKE context [out] delay Time interval to be randomized
- Returns
- Randomized time interval
Definition at line 724 of file ike_misc.c.
◆ ikeRetransmitRequest()
| error_t ikeRetransmitRequest | ( | IkeSaEntry * | sa | ) |
Retransmit IKE request message.
- Parameters
-
[in] sa Pointer to the IKE SA
- Returns
- Error code
Definition at line 56 of file ike_misc.c.
◆ ikeRetransmitResponse()
| error_t ikeRetransmitResponse | ( | IkeSaEntry * | sa | ) |
Retransmit IKE response message.
- Parameters
-
[in] sa Pointer to the IKE SA
- Returns
- Error code
Definition at line 98 of file ike_misc.c.
◆ ikeSelectTs()
| error_t ikeSelectTs | ( | IkeChildSaEntry * | childSa, |
| const IkeTsPayload * | tsiPayload, | ||
| const IkeTsPayload * | tsrPayload | ||
| ) |
Traffic selector selection.
- Parameters
-
[in] childSa Pointer to the Child SA [in] tsiPayload Pointer to the TSi payload [in] tsrPayload Pointer to the TSr payload
- Returns
- Error code
Definition at line 761 of file ike_misc.c.
Variable Documentation
◆ IKE_INVALID_SPI
|
extern |
Definition at line 47 of file ike_misc.c.