ike.h File Reference
IKEv2 (Internet Key Exchange Protocol) More...
#include "ipsec/ipsec.h"#include "cipher/cipher_algorithms.h"#include "pkc/key_exch_algorithms.h"#include "pkix/x509_common.h"Go to the source code of this file.
Data Structures | |
| struct | IkeTsParams |
| Traffic selector parameters. More... | |
| struct | _IkeSaEntry |
| IKE Security Association entry. More... | |
| struct | _IkeChildSaEntry |
| Child Security Association entry. More... | |
| struct | IkeSettings |
| IKE settings. More... | |
| struct | _IkeContext |
| IKE context. More... | |
Typedefs | |
| typedef error_t(* | IkeCertVerifyCallback) (IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen) |
| Certificate verification callback function. More... | |
| typedef error_t(* | IkeCookieGenerateCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, uint8_t *cookie, size_t *cookieLen) |
| Cookie generation callback function. More... | |
| typedef error_t(* | IkeCookieVerifyCallback) (IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, const uint8_t *cookie, size_t cookieLen) |
| Cookie verification callback function. More... | |
Functions | |
| void | ikeGetDefaultSettings (IkeSettings *settings) |
| Initialize settings with default values. More... | |
| error_t | ikeInit (IkeContext *context, const IkeSettings *settings) |
| IKE service initialization. More... | |
| error_t | ikeStart (IkeContext *context) |
| Start IKE service. More... | |
| error_t | ikeStop (IkeContext *context) |
| Stop IKE service. More... | |
| error_t | ikeSetPreferredDhGroup (IkeContext *context, uint16_t dhGroupNum) |
| Specify the preferred Diffie-Hellman group. More... | |
| error_t | ikeSetId (IkeContext *context, IkeIdType idType, const void *id, size_t idLen) |
| Set entity's ID. More... | |
| error_t | ikeSetPsk (IkeContext *context, const uint8_t *psk, size_t pskLen) |
| Set entity's pre-shared key. More... | |
| error_t | ikeSetCertificate (IkeContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password) |
| Load entity's certificate. More... | |
| error_t | ikeCreateSa (IkeContext *context, const IpsecPacketInfo *packet) |
| error_t | ikeRekeySa (IkeSaEntry *sa) |
| error_t | ikeDeleteSa (IkeSaEntry *sa) |
| Delete an IKE SA. More... | |
| error_t | ikeCreateChildSa (IkeContext *context, const IpsecPacketInfo *packet) |
| Create a new Child SA. More... | |
| error_t | ikeRekeyChildSa (IkeChildSaEntry *childSa) |
| error_t | ikeDeleteChildSa (IkeChildSaEntry *childSa) |
| Delete a Child SA. More... | |
| void | ikeTask (IkeContext *context) |
| IKE task. More... | |
| void | ikeDeinit (IkeContext *context) |
| Release IKE context. More... | |
Detailed Description
IKEv2 (Internet Key Exchange Protocol)
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.0
Definition in file ike.h.
Macro Definition Documentation
◆ IKE_3DES_SUPPORT
◆ IKE_AES_128_SUPPORT
◆ IKE_AES_192_SUPPORT
◆ IKE_AES_256_SUPPORT
◆ IKE_ALT_PORT
◆ IKE_BRAINPOOLP224R1_SUPPORT
◆ IKE_BRAINPOOLP256R1_SUPPORT
◆ IKE_BRAINPOOLP384R1_SUPPORT
◆ IKE_BRAINPOOLP512R1_SUPPORT
◆ IKE_CAMELLIA_128_SUPPORT
◆ IKE_CAMELLIA_192_SUPPORT
◆ IKE_CAMELLIA_256_SUPPORT
◆ IKE_CBC_SUPPORT
◆ IKE_CCM_12_SUPPORT
◆ IKE_CCM_16_SUPPORT
◆ IKE_CCM_8_SUPPORT
◆ IKE_CERT_AUTH_SUPPORT
◆ IKE_CHACHA20_POLY1305_SUPPORT
◆ IKE_CMAC_AUTH_SUPPORT
◆ IKE_CMAC_PRF_SUPPORT
◆ IKE_COOKIE_SUPPORT
◆ IKE_CREATE_CHILD_SA_SUPPORT
◆ IKE_CTR_SUPPORT
◆ IKE_CURVE25519_SUPPORT
◆ IKE_CURVE448_SUPPORT
◆ IKE_DEFAULT_CHILD_SA_LIFETIME
◆ IKE_DEFAULT_NONCE_SIZE
◆ IKE_DEFAULT_SA_LIFETIME
◆ IKE_DES_SUPPORT
◆ IKE_DH_KE_SUPPORT
◆ IKE_DPD_SUPPORT
◆ IKE_DSA_SIGN_SUPPORT
◆ IKE_ECDH_KE_SUPPORT
◆ IKE_ECDSA_SIGN_SUPPORT
◆ IKE_ECP_192_SUPPORT
◆ IKE_ECP_224_SUPPORT
◆ IKE_ECP_256_SUPPORT
◆ IKE_ECP_384_SUPPORT
◆ IKE_ECP_521_SUPPORT
◆ IKE_ED25519_SIGN_SUPPORT
◆ IKE_ED448_SIGN_SUPPORT
◆ IKE_GCM_12_SUPPORT
◆ IKE_GCM_16_SUPPORT
◆ IKE_GCM_8_SUPPORT
◆ IKE_HALF_OPEN_TIMEOUT
◆ IKE_HMAC_AUTH_SUPPORT
◆ IKE_HMAC_PRF_SUPPORT
◆ IKE_IDEA_SUPPORT
◆ IKE_INIT_TIMEOUT
◆ IKE_INITIAL_CONTACT_SUPPORT
◆ IKE_MAJOR_VERSION
◆ IKE_MAX_CHILD_SA_KEY_MAT_LEN
◆ IKE_MAX_COOKIE_SIZE
◆ IKE_MAX_DH_MODULUS_SIZE
◆ IKE_MAX_DH_SHARED_SECRET_LEN
| #define IKE_MAX_DH_SHARED_SECRET_LEN ((IKE_MAX_DH_MODULUS_SIZE + 7) / 8) |
◆ IKE_MAX_DSA_MODULUS_SIZE
◆ IKE_MAX_ECDH_SHARED_SECRET_LEN
◆ IKE_MAX_ID_LEN
◆ IKE_MAX_MSG_SIZE
◆ IKE_MAX_NONCE_SIZE
◆ IKE_MAX_PASSWORD_LEN
◆ IKE_MAX_PSK_LEN
◆ IKE_MAX_RETRIES
◆ IKE_MAX_RSA_MODULUS_SIZE
◆ IKE_MAX_SA_KEY_MAT_LEN
◆ IKE_MAX_SHARED_SECRET_LEN
| #define IKE_MAX_SHARED_SECRET_LEN IKE_MAX_DH_SHARED_SECRET_LEN |
◆ IKE_MAX_TIMEOUT
◆ IKE_MD5_SUPPORT
◆ IKE_MIN_COOKIE_SIZE
◆ IKE_MIN_DH_MODULUS_SIZE
◆ IKE_MIN_DSA_MODULUS_SIZE
◆ IKE_MIN_NONCE_SIZE
◆ IKE_MIN_RSA_MODULUS_SIZE
◆ IKE_MINOR_VERSION
◆ IKE_PORT
◆ IKE_PRIORITY
| #define IKE_PRIORITY OS_TASK_PRIORITY_NORMAL |
◆ IKE_PSK_AUTH_SUPPORT
◆ IKE_RANDOM_JITTER
◆ IKE_RSA_PSS_SIGN_SUPPORT
◆ IKE_RSA_SIGN_SUPPORT
◆ IKE_SHA1_DIGEST_SIZE
◆ IKE_SHA1_SUPPORT
◆ IKE_SHA256_SUPPORT
◆ IKE_SHA384_SUPPORT
◆ IKE_SHA512_SUPPORT
◆ IKE_SIGN_HASH_ALGOS_SUPPORT
◆ IKE_SPI_SIZE
◆ IKE_STACK_SIZE
◆ IKE_SUPPORT
◆ IKE_TICK_INTERVAL
◆ IKE_TIGER_SUPPORT
◆ IKE_XCBC_MAC_AUTH_SUPPORT
◆ IKE_XCBC_MAC_PRF_SUPPORT
◆ ikeAllocMem
| #define ikeAllocMem | ( | size | ) | osAllocMem(size) |
◆ IkeChildSaEntry
| #define IkeChildSaEntry struct _IkeChildSaEntry |
◆ IkeContext
| #define IkeContext struct _IkeContext |
◆ ikeFreeMem
◆ IkeSaEntry
| #define IkeSaEntry struct _IkeSaEntry |
Typedef Documentation
◆ IkeCertVerifyCallback
| typedef error_t(* IkeCertVerifyCallback) (IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen) |
◆ IkeCookieGenerateCallback
◆ IkeCookieVerifyCallback
Enumeration Type Documentation
◆ IkeAttrType
| enum IkeAttrType |
Configuration attribute types.
◆ IkeAuthMethod
| enum IkeAuthMethod |
Authentication methods.
◆ IkeCertEncoding
| enum IkeCertEncoding |
Certificate encodings.
◆ IkeCertType
| enum IkeCertType |
Certificate types.
◆ IkeChildSaState
| enum IkeChildSaState |
◆ IkeConfigType
| enum IkeConfigType |
◆ IkeExchangeType
| enum IkeExchangeType |
Exchange types.
◆ IkeFlags
| enum IkeFlags |
◆ IkeHashAlgo
| enum IkeHashAlgo |
◆ IkeIdType
| enum IkeIdType |
◆ IkeIpProtocolId
| enum IkeIpProtocolId |
◆ IkeLastSubstruc
| enum IkeLastSubstruc |
◆ IkeNotifyMsgType
| enum IkeNotifyMsgType |
Notify message types.
◆ IkePayloadType
| enum IkePayloadType |
Payload types.
◆ IkeProtocolId
| enum IkeProtocolId |
◆ IkeSaState
| enum IkeSaState |
IKE Security Association state.
◆ IkeTransformAttrFormat
◆ IkeTransformAttrType
| enum IkeTransformAttrType |
◆ IkeTransformIdAuth
| enum IkeTransformIdAuth |
Transform IDs (Integrity Algorithm)
◆ IkeTransformIdDhGroup
Transform IDs (Diffie-Hellman Group)
◆ IkeTransformIdEncr
| enum IkeTransformIdEncr |
Transform IDs (Encryption Algorithm)
◆ IkeTransformIdEsn
| enum IkeTransformIdEsn |
◆ IkeTransformIdPrf
| enum IkeTransformIdPrf |
Transform IDs (Pseudorandom Function)
◆ IkeTransformType
| enum IkeTransformType |
◆ IkeTsType
| enum IkeTsType |
Function Documentation
◆ ikeCreateChildSa()
| error_t ikeCreateChildSa | ( | IkeContext * | context, |
| const IpsecPacketInfo * | packet | ||
| ) |
◆ ikeCreateSa()
| error_t ikeCreateSa | ( | IkeContext * | context, |
| const IpsecPacketInfo * | packet | ||
| ) |
◆ ikeDeinit()
| void ikeDeinit | ( | IkeContext * | context | ) |
◆ ikeDeleteChildSa()
| error_t ikeDeleteChildSa | ( | IkeChildSaEntry * | childSa | ) |
◆ ikeDeleteSa()
| error_t ikeDeleteSa | ( | IkeSaEntry * | sa | ) |
◆ ikeGetDefaultSettings()
| void ikeGetDefaultSettings | ( | IkeSettings * | settings | ) |
◆ ikeInit()
| error_t ikeInit | ( | IkeContext * | context, |
| const IkeSettings * | settings | ||
| ) |
◆ ikeRekeyChildSa()
| error_t ikeRekeyChildSa | ( | IkeChildSaEntry * | childSa | ) |
◆ ikeRekeySa()
| error_t ikeRekeySa | ( | IkeSaEntry * | sa | ) |
◆ ikeSetCertificate()
| error_t ikeSetCertificate | ( | IkeContext * | context, |
| const char_t * | certChain, | ||
| size_t | certChainLen, | ||
| const char_t * | privateKey, | ||
| size_t | privateKeyLen, | ||
| const char_t * | password | ||
| ) |
Load entity's certificate.
- Parameters
-
[in] context Pointer to the IKE context [in] certChain Certificate chain (PEM format). This parameter is taken as reference [in] certChainLen Length of the certificate chain [in] privateKey Private key (PEM format). This parameter is taken as reference [in] privateKeyLen Length of the private key [in] password NULL-terminated string containing the password. This parameter is required if the private key is encrypted
- Returns
- Error code
◆ ikeSetId()
| error_t ikeSetId | ( | IkeContext * | context, |
| IkeIdType | idType, | ||
| const void * | id, | ||
| size_t | idLen | ||
| ) |
◆ ikeSetPreferredDhGroup()
| error_t ikeSetPreferredDhGroup | ( | IkeContext * | context, |
| uint16_t | dhGroupNum | ||
| ) |
◆ ikeSetPsk()
| error_t ikeSetPsk | ( | IkeContext * | context, |
| const uint8_t * | psk, | ||
| size_t | pskLen | ||
| ) |
◆ ikeStart()
| error_t ikeStart | ( | IkeContext * | context | ) |
◆ ikeStop()
| error_t ikeStop | ( | IkeContext * | context | ) |
◆ ikeTask()
| void ikeTask | ( | IkeContext * | context | ) |
Variable Documentation
◆ __packed_struct
| typedef __packed_struct |
Initial value:
IKE header.
Encrypted Fragment payload.
EAP message.
EAP payload.
Configuration attribute.
Configuration payload.
Encrypted payload.
Traffic selector.
Traffic Selector payload.
Vendor ID payload.
Delete payload.
Notify payload.
Nonce payload.
Authentication data for digital signatures.
Authentication payload.
Certificate Request payload.
Certificate payload.
Identification payload.
Key Exchange payload.
Transform attribute.
Transform substructure.
Proposal substructure.
Security Association payload.
Generic payload header.
◆ algoId
◆ authData
◆ authMethod
◆ certAuthority
◆ certData
◆ certEncoding
◆ configAttributes
◆ configType
◆ critical
◆ data
◆ dhGroupNum
◆ eapMessage
◆ endPort
◆ exchangeType
◆ flags
◆ fragNum
◆ idData
◆ identifier
◆ idType
◆ IkeAuthData
◆ IkeAuthPayload
◆ IkeCertPayload
◆ IkeCertReqPayload
◆ IkeConfigAttr
◆ IkeConfigPayload
◆ IkeDeletePayload
◆ IkeEapMessage
◆ IkeEapPayload
◆ IkeEncryptedFragPayload
◆ IkeEncryptedPayload
◆ IkeHeader
◆ IkeIdPayload
◆ IkeKePayload
◆ IkeNoncePayload
◆ IkeNotifyPayload
◆ IkePayloadHeader
◆ IkeProposal
◆ IkeSaPayload
◆ IkeTransform
◆ IkeTransformAttr
◆ IkeTs
◆ IkeTsPayload
◆ IkeVendorIdPayload
◆ ipProtocolId
◆ iv
◆ keyExchangeData
◆ length
◆ majorVersion
◆ messageId
◆ minorVersion
◆ nextPayload
◆ nonceData
◆ notifyMsgType
◆ numSpi
◆ numTransforms
◆ numTs
◆ payloadLength
◆ proposalLength
◆ proposalNum
◆ proposals
◆ protocolId
◆ reserved
◆ reserved1
◆ reserved2
◆ responderSpi
| uint8_t responderSpi[IKE_SPI_SIZE] |