ike.h
Go to the documentation of this file.
1 /**
2  * @file ike.h
3  * @brief IKEv2 (Internet Key Exchange Protocol)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.4
29  **/
30 
31 #ifndef _IKE_H
32 #define _IKE_H
33 
34 //Dependencies
35 #include "ipsec/ipsec.h"
36 #include "cipher/cipher_algorithms.h"
37 #include "pkc/key_exch_algorithms.h"
38 #include "pkix/x509_common.h"
39 
40 //IKEv2 support
41 #ifndef IKE_SUPPORT
42  #define IKE_SUPPORT ENABLED
43 #elif (IKE_SUPPORT != ENABLED && IKE_SUPPORT != DISABLED)
44  #error IKE_SUPPORT parameter is not valid
45 #endif
46 
47 //Stack size required to run the IKE service
48 #ifndef IKE_STACK_SIZE
49  #define IKE_STACK_SIZE 650
50 #elif (IKE_STACK_SIZE < 1)
51  #error IKE_STACK_SIZE parameter is not valid
52 #endif
53 
54 //Priority at which the IKE service should run
55 #ifndef IKE_PRIORITY
56  #define IKE_PRIORITY OS_TASK_PRIORITY_NORMAL
57 #endif
58 
59 //IKE tick interval
60 #ifndef IKE_TICK_INTERVAL
61  #define IKE_TICK_INTERVAL 500
62 #elif (IKE_TICK_INTERVAL < 100)
63  #error IKE_TICK_INTERVAL parameter is not valid
64 #endif
65 
66 //Default lifetime for IKE SAs
67 #ifndef IKE_DEFAULT_SA_LIFETIME
68  #define IKE_DEFAULT_SA_LIFETIME 14400000
69 #elif (IKE_DEFAULT_SA_LIFETIME < 1000)
70  #error IKE_DEFAULT_SA_LIFETIME parameter is not valid
71 #endif
72 
73 //Default lifetime for Child SAs
74 #ifndef IKE_DEFAULT_CHILD_SA_LIFETIME
75  #define IKE_DEFAULT_CHILD_SA_LIFETIME 3600000
76 #elif (IKE_DEFAULT_CHILD_SA_LIFETIME < 1000)
77  #error IKE_DEFAULT_CHILD_SA_LIFETIME parameter is not valid
78 #endif
79 
80 //Certificate authentication
81 #ifndef IKE_CERT_AUTH_SUPPORT
82  #define IKE_CERT_AUTH_SUPPORT ENABLED
83 #elif (IKE_CERT_AUTH_SUPPORT != ENABLED && IKE_CERT_AUTH_SUPPORT != DISABLED)
84  #error IKE_CERT_AUTH_SUPPORT parameter is not valid
85 #endif
86 
87 //Pre-shared key authentication
88 #ifndef IKE_PSK_AUTH_SUPPORT
89  #define IKE_PSK_AUTH_SUPPORT ENABLED
90 #elif (IKE_PSK_AUTH_SUPPORT != ENABLED && IKE_PSK_AUTH_SUPPORT != DISABLED)
91  #error IKE_PSK_AUTH_SUPPORT parameter is not valid
92 #endif
93 
94 //Cookie support
95 #ifndef IKE_COOKIE_SUPPORT
96  #define IKE_COOKIE_SUPPORT DISABLED
97 #elif (IKE_COOKIE_SUPPORT != ENABLED && IKE_COOKIE_SUPPORT != DISABLED)
98  #error IKE_COOKIE_SUPPORT parameter is not valid
99 #endif
100 
101 //INITIAL_CONTACT notification support
102 #ifndef IKE_INITIAL_CONTACT_SUPPORT
103  #define IKE_INITIAL_CONTACT_SUPPORT ENABLED
104 #elif (IKE_INITIAL_CONTACT_SUPPORT != ENABLED && IKE_INITIAL_CONTACT_SUPPORT != DISABLED)
105  #error IKE_INITIAL_CONTACT_SUPPORT parameter is not valid
106 #endif
107 
108 //SIGNATURE_HASH_ALGORITHMS notification support
109 #ifndef IKE_SIGN_HASH_ALGOS_SUPPORT
110  #define IKE_SIGN_HASH_ALGOS_SUPPORT ENABLED
111 #elif (IKE_SIGN_HASH_ALGOS_SUPPORT != ENABLED && IKE_SIGN_HASH_ALGOS_SUPPORT != DISABLED)
112  #error IKE_SIGN_HASH_ALGOS_SUPPORT parameter is not valid
113 #endif
114 
115 //CREATE_CHILD_SA support
116 #ifndef IKE_CREATE_CHILD_SA_SUPPORT
117  #define IKE_CREATE_CHILD_SA_SUPPORT ENABLED
118 #elif (IKE_CREATE_CHILD_SA_SUPPORT != ENABLED && IKE_CREATE_CHILD_SA_SUPPORT != DISABLED)
119  #error IKE_CREATE_CHILD_SA_SUPPORT parameter is not valid
120 #endif
121 
122 //Dead peer detection support
123 #ifndef IKE_DPD_SUPPORT
124  #define IKE_DPD_SUPPORT ENABLED
125 #elif (IKE_DPD_SUPPORT != ENABLED && IKE_DPD_SUPPORT != DISABLED)
126  #error IKE_DPD_SUPPORT parameter is not valid
127 #endif
128 
129 //Maximum number of retransmissions of IKE requests
130 #ifndef IKE_MAX_RETRIES
131  #define IKE_MAX_RETRIES 5
132 #elif (IKE_MAX_RETRIES < 1)
133  #error IKE_MAX_RETRIES parameter is not valid
134 #endif
135 
136 //Initial retransmission timeout
137 #ifndef IKE_INIT_TIMEOUT
138  #define IKE_INIT_TIMEOUT 3000
139 #elif (IKE_INIT_TIMEOUT < 1000)
140  #error IKE_INIT_TIMEOUT parameter is not valid
141 #endif
142 
143 //Maximum retransmission timeout
144 #ifndef IKE_MAX_TIMEOUT
145  #define IKE_MAX_TIMEOUT 60000
146 #elif (IKE_MAX_TIMEOUT < 1000)
147  #error IKE_MAX_TIMEOUT parameter is not valid
148 #endif
149 
150 //Timeout for half-open IKE SAs
151 #ifndef IKE_HALF_OPEN_TIMEOUT
152  #define IKE_HALF_OPEN_TIMEOUT 30000
153 #elif (IKE_HALF_OPEN_TIMEOUT < 1000)
154  #error IKE_HALF_OPEN_TIMEOUT parameter is not valid
155 #endif
156 
157 //Maximum jitter in percent applied randomly to calculated timeouts
158 #ifndef IKE_RANDOM_JITTER
159  #define IKE_RANDOM_JITTER 10
160 #elif (IKE_RANDOM_JITTER < 0 || IKE_RANDOM_JITTER > 100)
161  #error IKE_RANDOM_JITTER parameter is not valid
162 #endif
163 
164 //Maximum size of IKE messages
165 #ifndef IKE_MAX_MSG_SIZE
166  #define IKE_MAX_MSG_SIZE 1452
167 #elif (IKE_MAX_MSG_SIZE < 1280)
168  #error IKE_MAX_MSG_SIZE parameter is not valid
169 #endif
170 
171 //Minimum size for cookies
172 #ifndef IKE_MIN_COOKIE_SIZE
173  #define IKE_MIN_COOKIE_SIZE 1
174 #elif (IKE_MIN_COOKIE_SIZE < 1)
175  #error IKE_MIN_COOKIE_SIZE parameter is not valid
176 #endif
177 
178 //Maximum size for cookies
179 #ifndef IKE_MAX_COOKIE_SIZE
180  #define IKE_MAX_COOKIE_SIZE 64
181 #elif (IKE_MAX_COOKIE_SIZE < 64)
182  #error IKE_MAX_COOKIE_SIZE parameter is not valid
183 #endif
184 
185 //Minimum size for nonce
186 #ifndef IKE_MIN_NONCE_SIZE
187  #define IKE_MIN_NONCE_SIZE 16
188 #elif (IKE_MIN_NONCE_SIZE < 16 || IKE_MIN_NONCE_SIZE > 256)
189  #error IKE_MIN_NONCE_SIZE parameter is not valid
190 #endif
191 
192 //Default size for nonce
193 #ifndef IKE_DEFAULT_NONCE_SIZE
194  #define IKE_DEFAULT_NONCE_SIZE 32
195 #elif (IKE_DEFAULT_NONCE_SIZE < 16 || IKE_DEFAULT_NONCE_SIZE > 256)
196  #error IKE_DEFAULT_NONCE_SIZE parameter is not valid
197 #endif
198 
199 //Maximum size for nonce
200 #ifndef IKE_MAX_NONCE_SIZE
201  #define IKE_MAX_NONCE_SIZE 64
202 #elif (IKE_MAX_NONCE_SIZE < 16 || IKE_MAX_NONCE_SIZE > 256)
203  #error IKE_MAX_NONCE_SIZE parameter is not valid
204 #endif
205 
206 //Maximum length of ID
207 #ifndef IKE_MAX_ID_LEN
208  #define IKE_MAX_ID_LEN 64
209 #elif (IKE_MAX_ID_LEN < 0)
210  #error IKE_MAX_ID_LEN is not valid
211 #endif
212 
213 //Maximum length of pre-shared keys
214 #ifndef IKE_MAX_PSK_LEN
215  #define IKE_MAX_PSK_LEN 64
216 #elif (IKE_MAX_PSK_LEN < 0)
217  #error IKE_MAX_PSK_LEN is not valid
218 #endif
219 
220 //Maximum length of password
221 #ifndef IKE_MAX_PASSWORD_LEN
222  #define IKE_MAX_PASSWORD_LEN 32
223 #elif (IKE_MAX_PASSWORD_LEN < 0)
224  #error IKE_MAX_PASSWORD_LEN parameter is not valid
225 #endif
226 
227 //CBC cipher mode support
228 #ifndef IKE_CBC_SUPPORT
229  #define IKE_CBC_SUPPORT ENABLED
230 #elif (IKE_CBC_SUPPORT != ENABLED && IKE_CBC_SUPPORT != DISABLED)
231  #error IKE_CBC_SUPPORT parameter is not valid
232 #endif
233 
234 //CTR cipher mode support
235 #ifndef IKE_CTR_SUPPORT
236  #define IKE_CTR_SUPPORT DISABLED
237 #elif (IKE_CTR_SUPPORT != ENABLED && IKE_CTR_SUPPORT != DISABLED)
238  #error IKE_CTR_SUPPORT parameter is not valid
239 #endif
240 
241 //CCM_8 AEAD support
242 #ifndef IKE_CCM_8_SUPPORT
243  #define IKE_CCM_8_SUPPORT DISABLED
244 #elif (IKE_CCM_8_SUPPORT != ENABLED && IKE_CCM_8_SUPPORT != DISABLED)
245  #error IKE_CCM_8_SUPPORT parameter is not valid
246 #endif
247 
248 //CCM_12 AEAD support
249 #ifndef IKE_CCM_12_SUPPORT
250  #define IKE_CCM_12_SUPPORT DISABLED
251 #elif (IKE_CCM_12_SUPPORT != ENABLED && IKE_CCM_12_SUPPORT != DISABLED)
252  #error IKE_CCM_12_SUPPORT parameter is not valid
253 #endif
254 
255 //CCM_16 AEAD support
256 #ifndef IKE_CCM_16_SUPPORT
257  #define IKE_CCM_16_SUPPORT DISABLED
258 #elif (IKE_CCM_16_SUPPORT != ENABLED && IKE_CCM_16_SUPPORT != DISABLED)
259  #error IKE_CCM_16_SUPPORT parameter is not valid
260 #endif
261 
262 //GCM_8 AEAD support
263 #ifndef IKE_GCM_8_SUPPORT
264  #define IKE_GCM_8_SUPPORT DISABLED
265 #elif (IKE_GCM_8_SUPPORT != ENABLED && IKE_GCM_8_SUPPORT != DISABLED)
266  #error IKE_GCM_8_SUPPORT parameter is not valid
267 #endif
268 
269 //GCM_12 AEAD support
270 #ifndef IKE_GCM_12_SUPPORT
271  #define IKE_GCM_12_SUPPORT DISABLED
272 #elif (IKE_GCM_12_SUPPORT != ENABLED && IKE_GCM_12_SUPPORT != DISABLED)
273  #error IKE_GCM_12_SUPPORT parameter is not valid
274 #endif
275 
276 //GCM_16 AEAD support
277 #ifndef IKE_GCM_16_SUPPORT
278  #define IKE_GCM_16_SUPPORT ENABLED
279 #elif (IKE_GCM_16_SUPPORT != ENABLED && IKE_GCM_16_SUPPORT != DISABLED)
280  #error IKE_GCM_16_SUPPORT parameter is not valid
281 #endif
282 
283 //ChaCha20Poly1305 AEAD support
284 #ifndef IKE_CHACHA20_POLY1305_SUPPORT
285  #define IKE_CHACHA20_POLY1305_SUPPORT ENABLED
286 #elif (IKE_CHACHA20_POLY1305_SUPPORT != ENABLED && IKE_CHACHA20_POLY1305_SUPPORT != DISABLED)
287  #error IKE_CHACHA20_POLY1305_SUPPORT parameter is not valid
288 #endif
289 
290 //CMAC integrity support
291 #ifndef IKE_CMAC_AUTH_SUPPORT
292  #define IKE_CMAC_AUTH_SUPPORT DISABLED
293 #elif (IKE_CMAC_AUTH_SUPPORT != ENABLED && IKE_CMAC_AUTH_SUPPORT != DISABLED)
294  #error IKE_CMAC_AUTH_SUPPORT parameter is not valid
295 #endif
296 
297 //HMAC integrity support
298 #ifndef IKE_HMAC_AUTH_SUPPORT
299  #define IKE_HMAC_AUTH_SUPPORT ENABLED
300 #elif (IKE_HMAC_AUTH_SUPPORT != ENABLED && IKE_HMAC_AUTH_SUPPORT != DISABLED)
301  #error IKE_HMAC_AUTH_SUPPORT parameter is not valid
302 #endif
303 
304 //KMAC128 integrity support (experimental)
305 #ifndef IKE_KMAC128_AUTH_SUPPORT
306  #define IKE_KMAC128_AUTH_SUPPORT DISABLED
307 #elif (IKE_KMAC128_AUTH_SUPPORT != ENABLED && IKE_KMAC128_AUTH_SUPPORT != DISABLED)
308  #error IKE_KMAC128_AUTH_SUPPORT parameter is not valid
309 #endif
310 
311 //KMAC256 integrity support (experimental)
312 #ifndef IKE_KMAC256_AUTH_SUPPORT
313  #define IKE_KMAC256_AUTH_SUPPORT DISABLED
314 #elif (IKE_KMAC256_AUTH_SUPPORT != ENABLED && IKE_KMAC256_AUTH_SUPPORT != DISABLED)
315  #error IKE_KMAC256_AUTH_SUPPORT parameter is not valid
316 #endif
317 
318 //XCBC-MAC integrity support
319 #ifndef IKE_XCBC_MAC_AUTH_SUPPORT
320  #define IKE_XCBC_MAC_AUTH_SUPPORT DISABLED
321 #elif (IKE_XCBC_MAC_AUTH_SUPPORT != ENABLED && IKE_XCBC_MAC_AUTH_SUPPORT != DISABLED)
322  #error IKE_XCBC_MAC_AUTH_SUPPORT parameter is not valid
323 #endif
324 
325 //CMAC PRF support
326 #ifndef IKE_CMAC_PRF_SUPPORT
327  #define IKE_CMAC_PRF_SUPPORT DISABLED
328 #elif (IKE_CMAC_PRF_SUPPORT != ENABLED && IKE_CMAC_PRF_SUPPORT != DISABLED)
329  #error IKE_CMAC_PRF_SUPPORT parameter is not valid
330 #endif
331 
332 //HMAC PRF support
333 #ifndef IKE_HMAC_PRF_SUPPORT
334  #define IKE_HMAC_PRF_SUPPORT ENABLED
335 #elif (IKE_HMAC_PRF_SUPPORT != ENABLED && IKE_HMAC_PRF_SUPPORT != DISABLED)
336  #error IKE_HMAC_PRF_SUPPORT parameter is not valid
337 #endif
338 
339 //KMAC128 PRF support (experimental)
340 #ifndef IKE_KMAC128_PRF_SUPPORT
341  #define IKE_KMAC128_PRF_SUPPORT DISABLED
342 #elif (IKE_KMAC128_PRF_SUPPORT != ENABLED && IKE_KMAC128_PRF_SUPPORT != DISABLED)
343  #error IKE_KMAC128_PRF_SUPPORT parameter is not valid
344 #endif
345 
346 //KMAC256 PRF support (experimental)
347 #ifndef IKE_KMAC256_PRF_SUPPORT
348  #define IKE_KMAC256_PRF_SUPPORT DISABLED
349 #elif (IKE_KMAC256_PRF_SUPPORT != ENABLED && IKE_KMAC256_PRF_SUPPORT != DISABLED)
350  #error IKE_KMAC256_PRF_SUPPORT parameter is not valid
351 #endif
352 
353 //XCBC-MAC PRF support
354 #ifndef IKE_XCBC_MAC_PRF_SUPPORT
355  #define IKE_XCBC_MAC_PRF_SUPPORT DISABLED
356 #elif (IKE_XCBC_MAC_PRF_SUPPORT != ENABLED && IKE_XCBC_MAC_PRF_SUPPORT != DISABLED)
357  #error IKE_XCBC_MAC_PRF_SUPPORT parameter is not valid
358 #endif
359 
360 //IDEA cipher support (insecure)
361 #ifndef IKE_IDEA_SUPPORT
362  #define IKE_IDEA_SUPPORT DISABLED
363 #elif (IKE_IDEA_SUPPORT != ENABLED && IKE_IDEA_SUPPORT != DISABLED)
364  #error IKE_IDEA_SUPPORT parameter is not valid
365 #endif
366 
367 //DES cipher support (insecure)
368 #ifndef IKE_DES_SUPPORT
369  #define IKE_DES_SUPPORT DISABLED
370 #elif (IKE_DES_SUPPORT != ENABLED && IKE_DES_SUPPORT != DISABLED)
371  #error IKE_DES_SUPPORT parameter is not valid
372 #endif
373 
374 //Triple DES cipher support (weak)
375 #ifndef IKE_3DES_SUPPORT
376  #define IKE_3DES_SUPPORT DISABLED
377 #elif (IKE_3DES_SUPPORT != ENABLED && IKE_3DES_SUPPORT != DISABLED)
378  #error IKE_3DES_SUPPORT parameter is not valid
379 #endif
380 
381 //AES 128-bit cipher support
382 #ifndef IKE_AES_128_SUPPORT
383  #define IKE_AES_128_SUPPORT ENABLED
384 #elif (IKE_AES_128_SUPPORT != ENABLED && IKE_AES_128_SUPPORT != DISABLED)
385  #error IKE_AES_128_SUPPORT parameter is not valid
386 #endif
387 
388 //AES 192-bit cipher support
389 #ifndef IKE_AES_192_SUPPORT
390  #define IKE_AES_192_SUPPORT ENABLED
391 #elif (IKE_AES_192_SUPPORT != ENABLED && IKE_AES_192_SUPPORT != DISABLED)
392  #error IKE_AES_192_SUPPORT parameter is not valid
393 #endif
394 
395 //AES 256-bit cipher support
396 #ifndef IKE_AES_256_SUPPORT
397  #define IKE_AES_256_SUPPORT ENABLED
398 #elif (IKE_AES_256_SUPPORT != ENABLED && IKE_AES_256_SUPPORT != DISABLED)
399  #error IKE_AES_256_SUPPORT parameter is not valid
400 #endif
401 
402 //Camellia 128-bit cipher support
403 #ifndef IKE_CAMELLIA_128_SUPPORT
404  #define IKE_CAMELLIA_128_SUPPORT DISABLED
405 #elif (IKE_CAMELLIA_128_SUPPORT != ENABLED && IKE_CAMELLIA_128_SUPPORT != DISABLED)
406  #error IKE_CAMELLIA_128_SUPPORT parameter is not valid
407 #endif
408 
409 //Camellia 192-bit cipher support
410 #ifndef IKE_CAMELLIA_192_SUPPORT
411  #define IKE_CAMELLIA_192_SUPPORT DISABLED
412 #elif (IKE_CAMELLIA_192_SUPPORT != ENABLED && IKE_CAMELLIA_192_SUPPORT != DISABLED)
413  #error IKE_CAMELLIA_192_SUPPORT parameter is not valid
414 #endif
415 
416 //Camellia 256-bit cipher support
417 #ifndef IKE_CAMELLIA_256_SUPPORT
418  #define IKE_CAMELLIA_256_SUPPORT DISABLED
419 #elif (IKE_CAMELLIA_256_SUPPORT != ENABLED && IKE_CAMELLIA_256_SUPPORT != DISABLED)
420  #error IKE_CAMELLIA_256_SUPPORT parameter is not valid
421 #endif
422 
423 //SM4 cipher support (experimental)
424 #ifndef IKE_SM4_SUPPORT
425  #define IKE_SM4_SUPPORT DISABLED
426 #elif (IKE_SM4_SUPPORT != ENABLED && IKE_SM4_SUPPORT != DISABLED)
427  #error IKE_SM4_SUPPORT parameter is not valid
428 #endif
429 
430 //MD5 hash support (insecure)
431 #ifndef IKE_MD5_SUPPORT
432  #define IKE_MD5_SUPPORT DISABLED
433 #elif (IKE_MD5_SUPPORT != ENABLED && IKE_MD5_SUPPORT != DISABLED)
434  #error IKE_MD5_SUPPORT parameter is not valid
435 #endif
436 
437 //SHA-1 hash support (weak)
438 #ifndef IKE_SHA1_SUPPORT
439  #define IKE_SHA1_SUPPORT ENABLED
440 #elif (IKE_SHA1_SUPPORT != ENABLED && IKE_SHA1_SUPPORT != DISABLED)
441  #error IKE_SHA1_SUPPORT parameter is not valid
442 #endif
443 
444 //SHA-256 hash support
445 #ifndef IKE_SHA256_SUPPORT
446  #define IKE_SHA256_SUPPORT ENABLED
447 #elif (IKE_SHA256_SUPPORT != ENABLED && IKE_SHA256_SUPPORT != DISABLED)
448  #error IKE_SHA256_SUPPORT parameter is not valid
449 #endif
450 
451 //SHA-384 hash support
452 #ifndef IKE_SHA384_SUPPORT
453  #define IKE_SHA384_SUPPORT ENABLED
454 #elif (IKE_SHA384_SUPPORT != ENABLED && IKE_SHA384_SUPPORT != DISABLED)
455  #error IKE_SHA384_SUPPORT parameter is not valid
456 #endif
457 
458 //SHA-512 hash support
459 #ifndef IKE_SHA512_SUPPORT
460  #define IKE_SHA512_SUPPORT ENABLED
461 #elif (IKE_SHA512_SUPPORT != ENABLED && IKE_SHA512_SUPPORT != DISABLED)
462  #error IKE_SHA512_SUPPORT parameter is not valid
463 #endif
464 
465 //SHA3-256 hash support (experimental)
466 #ifndef IKE_SHA3_256_SUPPORT
467  #define IKE_SHA3_256_SUPPORT DISABLED
468 #elif (IKE_SHA3_256_SUPPORT != ENABLED && IKE_SHA3_256_SUPPORT != DISABLED)
469  #error IKE_SHA3_256_SUPPORT parameter is not valid
470 #endif
471 
472 //SHA3-384 hash support (experimental)
473 #ifndef IKE_SHA3_384_SUPPORT
474  #define IKE_SHA3_384_SUPPORT DISABLED
475 #elif (IKE_SHA3_384_SUPPORT != ENABLED && IKE_SHA3_384_SUPPORT != DISABLED)
476  #error IKE_SHA3_384_SUPPORT parameter is not valid
477 #endif
478 
479 //SHA3-512 hash support (experimental)
480 #ifndef IKE_SHA3_512_SUPPORT
481  #define IKE_SHA3_512_SUPPORT DISABLED
482 #elif (IKE_SHA3_512_SUPPORT != ENABLED && IKE_SHA3_512_SUPPORT != DISABLED)
483  #error IKE_SHA3_512_SUPPORT parameter is not valid
484 #endif
485 
486 //SM3 hash support (experimental)
487 #ifndef IKE_SM3_SUPPORT
488  #define IKE_SM3_SUPPORT DISABLED
489 #elif (IKE_SM3_SUPPORT != ENABLED && IKE_SM3_SUPPORT != DISABLED)
490  #error IKE_SM3_SUPPORT parameter is not valid
491 #endif
492 
493 //Tiger hash support
494 #ifndef IKE_TIGER_SUPPORT
495  #define IKE_TIGER_SUPPORT DISABLED
496 #elif (IKE_TIGER_SUPPORT != ENABLED && IKE_TIGER_SUPPORT != DISABLED)
497  #error IKE_TIGER_SUPPORT parameter is not valid
498 #endif
499 
500 //Diffie-Hellman key exchange support
501 #ifndef IKE_DH_KE_SUPPORT
502  #define IKE_DH_KE_SUPPORT ENABLED
503 #elif (IKE_DH_KE_SUPPORT != ENABLED && IKE_DH_KE_SUPPORT != DISABLED)
504  #error IKE_DH_KE_SUPPORT parameter is not valid
505 #endif
506 
507 //ECDH key exchange support
508 #ifndef IKE_ECDH_KE_SUPPORT
509  #define IKE_ECDH_KE_SUPPORT ENABLED
510 #elif (IKE_ECDH_KE_SUPPORT != ENABLED && IKE_ECDH_KE_SUPPORT != DISABLED)
511  #error IKE_ECDH_KE_SUPPORT parameter is not valid
512 #endif
513 
514 //RSA signature support
515 #ifndef IKE_RSA_SIGN_SUPPORT
516  #define IKE_RSA_SIGN_SUPPORT ENABLED
517 #elif (IKE_RSA_SIGN_SUPPORT != ENABLED && IKE_RSA_SIGN_SUPPORT != DISABLED)
518  #error IKE_RSA_SIGN_SUPPORT parameter is not valid
519 #endif
520 
521 //RSA-PSS signature support
522 #ifndef IKE_RSA_PSS_SIGN_SUPPORT
523  #define IKE_RSA_PSS_SIGN_SUPPORT DISABLED
524 #elif (IKE_RSA_PSS_SIGN_SUPPORT != ENABLED && IKE_RSA_PSS_SIGN_SUPPORT != DISABLED)
525  #error IKE_RSA_PSS_SIGN_SUPPORT parameter is not valid
526 #endif
527 
528 //DSA signature support
529 #ifndef IKE_DSA_SIGN_SUPPORT
530  #define IKE_DSA_SIGN_SUPPORT DISABLED
531 #elif (IKE_DSA_SIGN_SUPPORT != ENABLED && IKE_DSA_SIGN_SUPPORT != DISABLED)
532  #error IKE_DSA_SIGN_SUPPORT parameter is not valid
533 #endif
534 
535 //ECDSA signature support
536 #ifndef IKE_ECDSA_SIGN_SUPPORT
537  #define IKE_ECDSA_SIGN_SUPPORT ENABLED
538 #elif (IKE_ECDSA_SIGN_SUPPORT != ENABLED && IKE_ECDSA_SIGN_SUPPORT != DISABLED)
539  #error IKE_ECDSA_SIGN_SUPPORT parameter is not valid
540 #endif
541 
542 //SM2 signature capability (experimental)
543 #ifndef IKE_SM2_SIGN_SUPPORT
544  #define IKE_SM2_SIGN_SUPPORT DISABLED
545 #elif (IKE_SM2_SIGN_SUPPORT != ENABLED && IKE_SM2_SIGN_SUPPORT != DISABLED)
546  #error IKE_SM2_SIGN_SUPPORT parameter is not valid
547 #endif
548 
549 //Ed25519 signature support
550 #ifndef IKE_ED25519_SIGN_SUPPORT
551  #define IKE_ED25519_SIGN_SUPPORT ENABLED
552 #elif (IKE_ED25519_SIGN_SUPPORT != ENABLED && IKE_ED25519_SIGN_SUPPORT != DISABLED)
553  #error IKE_ED25519_SIGN_SUPPORT parameter is not valid
554 #endif
555 
556 //Ed448 signature support
557 #ifndef IKE_ED448_SIGN_SUPPORT
558  #define IKE_ED448_SIGN_SUPPORT DISABLED
559 #elif (IKE_ED448_SIGN_SUPPORT != ENABLED && IKE_ED448_SIGN_SUPPORT != DISABLED)
560  #error IKE_ED448_SIGN_SUPPORT parameter is not valid
561 #endif
562 
563 //NIST P-192 elliptic curve support (weak)
564 #ifndef IKE_ECP_192_SUPPORT
565  #define IKE_ECP_192_SUPPORT DISABLED
566 #elif (IKE_ECP_192_SUPPORT != ENABLED && IKE_ECP_192_SUPPORT != DISABLED)
567  #error IKE_ECP_192_SUPPORT parameter is not valid
568 #endif
569 
570 //NIST P-224 elliptic curve support
571 #ifndef IKE_ECP_224_SUPPORT
572  #define IKE_ECP_224_SUPPORT DISABLED
573 #elif (IKE_ECP_224_SUPPORT != ENABLED && IKE_ECP_224_SUPPORT != DISABLED)
574  #error IKE_ECP_224_SUPPORT parameter is not valid
575 #endif
576 
577 //NIST P-256 elliptic curve support
578 #ifndef IKE_ECP_256_SUPPORT
579  #define IKE_ECP_256_SUPPORT ENABLED
580 #elif (IKE_ECP_256_SUPPORT != ENABLED && IKE_ECP_256_SUPPORT != DISABLED)
581  #error IKE_ECP_256_SUPPORT parameter is not valid
582 #endif
583 
584 //NIST P-384 elliptic curve support
585 #ifndef IKE_ECP_384_SUPPORT
586  #define IKE_ECP_384_SUPPORT ENABLED
587 #elif (IKE_ECP_384_SUPPORT != ENABLED && IKE_ECP_384_SUPPORT != DISABLED)
588  #error IKE_ECP_384_SUPPORT parameter is not valid
589 #endif
590 
591 //NIST P-521 elliptic curve support
592 #ifndef IKE_ECP_521_SUPPORT
593  #define IKE_ECP_521_SUPPORT DISABLED
594 #elif (IKE_ECP_521_SUPPORT != ENABLED && IKE_ECP_521_SUPPORT != DISABLED)
595  #error IKE_ECP_521_SUPPORT parameter is not valid
596 #endif
597 
598 //brainpoolP224r1 elliptic curve support
599 #ifndef IKE_BRAINPOOLP224R1_SUPPORT
600  #define IKE_BRAINPOOLP224R1_SUPPORT DISABLED
601 #elif (IKE_BRAINPOOLP224R1_SUPPORT != ENABLED && IKE_BRAINPOOLP224R1_SUPPORT != DISABLED)
602  #error IKE_BRAINPOOLP224R1_SUPPORT parameter is not valid
603 #endif
604 
605 //brainpoolP256r1 elliptic curve support
606 #ifndef IKE_BRAINPOOLP256R1_SUPPORT
607  #define IKE_BRAINPOOLP256R1_SUPPORT DISABLED
608 #elif (IKE_BRAINPOOLP256R1_SUPPORT != ENABLED && IKE_BRAINPOOLP256R1_SUPPORT != DISABLED)
609  #error IKE_BRAINPOOLP256R1_SUPPORT parameter is not valid
610 #endif
611 
612 //brainpoolP384r1 elliptic curve support
613 #ifndef IKE_BRAINPOOLP384R1_SUPPORT
614  #define IKE_BRAINPOOLP384R1_SUPPORT DISABLED
615 #elif (IKE_BRAINPOOLP384R1_SUPPORT != ENABLED && IKE_BRAINPOOLP384R1_SUPPORT != DISABLED)
616  #error IKE_BRAINPOOLP384R1_SUPPORT parameter is not valid
617 #endif
618 
619 //brainpoolP512r1 elliptic curve support
620 #ifndef IKE_BRAINPOOLP512R1_SUPPORT
621  #define IKE_BRAINPOOLP512R1_SUPPORT DISABLED
622 #elif (IKE_BRAINPOOLP512R1_SUPPORT != ENABLED && IKE_BRAINPOOLP512R1_SUPPORT != DISABLED)
623  #error IKE_BRAINPOOLP512R1_SUPPORT parameter is not valid
624 #endif
625 
626 //SM2 elliptic curve support (experimental)
627 #ifndef IKE_SM2_SUPPORT
628  #define IKE_SM2_SUPPORT DISABLED
629 #elif (IKE_SM2_SUPPORT != ENABLED && IKE_SM2_SUPPORT != DISABLED)
630  #error IKE_SM2_SUPPORT parameter is not valid
631 #endif
632 
633 //Curve25519 elliptic curve support
634 #ifndef IKE_CURVE25519_SUPPORT
635  #define IKE_CURVE25519_SUPPORT ENABLED
636 #elif (IKE_CURVE25519_SUPPORT != ENABLED && IKE_CURVE25519_SUPPORT != DISABLED)
637  #error IKE_CURVE25519_SUPPORT parameter is not valid
638 #endif
639 
640 //Curve448 elliptic curve support
641 #ifndef IKE_CURVE448_SUPPORT
642  #define IKE_CURVE448_SUPPORT DISABLED
643 #elif (IKE_CURVE448_SUPPORT != ENABLED && IKE_CURVE448_SUPPORT != DISABLED)
644  #error IKE_CURVE448_SUPPORT parameter is not valid
645 #endif
646 
647 //ML-KEM-512 key encapsulation mechanism support (experimental)
648 #ifndef IKE_MLKEM512_SUPPORT
649  #define IKE_MLKEM512_SUPPORT DISABLED
650 #elif (IKE_MLKEM512_SUPPORT != ENABLED && IKE_MLKEM512_SUPPORT != DISABLED)
651  #error IKE_MLKEM512_SUPPORT parameter is not valid
652 #endif
653 
654 //ML-KEM-768 key encapsulation mechanism support (experimental)
655 #ifndef IKE_MLKEM768_SUPPORT
656  #define IKE_MLKEM768_SUPPORT DISABLED
657 #elif (IKE_MLKEM768_SUPPORT != ENABLED && IKE_MLKEM768_SUPPORT != DISABLED)
658  #error IKE_MLKEM768_SUPPORT parameter is not valid
659 #endif
660 
661 //ML-KEM-1024 key encapsulation mechanism support (experimental)
662 #ifndef IKE_MLKEM1024_SUPPORT
663  #define IKE_MLKEM1024_SUPPORT DISABLED
664 #elif (IKE_MLKEM1024_SUPPORT != ENABLED && IKE_MLKEM1024_SUPPORT != DISABLED)
665  #error IKE_MLKEM1024_SUPPORT parameter is not valid
666 #endif
667 
668 //Minimum acceptable size for Diffie-Hellman prime modulus
669 #ifndef IKE_MIN_DH_MODULUS_SIZE
670  #define IKE_MIN_DH_MODULUS_SIZE 1024
671 #elif (IKE_MIN_DH_MODULUS_SIZE < 768)
672  #error IKE_MIN_DH_MODULUS_SIZE parameter is not valid
673 #endif
674 
675 //Maximum acceptable size for Diffie-Hellman prime modulus
676 #ifndef IKE_MAX_DH_MODULUS_SIZE
677  #define IKE_MAX_DH_MODULUS_SIZE 2048
678 #elif (IKE_MAX_DH_MODULUS_SIZE < IKE_PREFERRED_DH_MODULUS_SIZE)
679  #error IKE_MAX_DH_MODULUS_SIZE parameter is not valid
680 #endif
681 
682 //Minimum acceptable size for RSA modulus
683 #ifndef IKE_MIN_RSA_MODULUS_SIZE
684  #define IKE_MIN_RSA_MODULUS_SIZE 1024
685 #elif (IKE_MIN_RSA_MODULUS_SIZE < 512)
686  #error IKE_MIN_RSA_MODULUS_SIZE parameter is not valid
687 #endif
688 
689 //Maximum acceptable size for RSA modulus
690 #ifndef IKE_MAX_RSA_MODULUS_SIZE
691  #define IKE_MAX_RSA_MODULUS_SIZE 4096
692 #elif (IKE_MAX_RSA_MODULUS_SIZE < IKE_MIN_RSA_MODULUS_SIZE)
693  #error IKE_MAX_RSA_MODULUS_SIZE parameter is not valid
694 #endif
695 
696 //Minimum acceptable size for DSA prime modulus
697 #ifndef IKE_MIN_DSA_MODULUS_SIZE
698  #define IKE_MIN_DSA_MODULUS_SIZE 1024
699 #elif (IKE_MIN_DSA_MODULUS_SIZE < 512)
700  #error IKE_MIN_DSA_MODULUS_SIZE parameter is not valid
701 #endif
702 
703 //Maximum acceptable size for DSA prime modulus
704 #ifndef IKE_MAX_DSA_MODULUS_SIZE
705  #define IKE_MAX_DSA_MODULUS_SIZE 4096
706 #elif (IKE_MAX_DSA_MODULUS_SIZE < IKE_MIN_DSA_MODULUS_SIZE)
707  #error IKE_MAX_DSA_MODULUS_SIZE parameter is not valid
708 #endif
709 
710 //Maximum length of IKE SA key material
711 #ifndef IKE_MAX_SA_KEY_MAT_LEN
712  #define IKE_MAX_SA_KEY_MAT_LEN 392
713 #elif (IKE_MAX_SA_KEY_MAT_LEN < 1)
714  #error IKE_MAX_SA_KEY_MAT_LEN parameter is not valid
715 #endif
716 
717 //Maximum length of Child SA key material
718 #ifndef IKE_MAX_CHILD_SA_KEY_MAT_LEN
719  #define IKE_MAX_CHILD_SA_KEY_MAT_LEN 200
720 #elif (IKE_MAX_CHILD_SA_KEY_MAT_LEN < 1)
721  #error IKE_MAX_CHILD_SA_KEY_MAT_LEN parameter is not valid
722 #endif
723 
724 //Allocate memory block
725 #ifndef ikeAllocMem
726  #define ikeAllocMem(size) osAllocMem(size)
727 #endif
728 
729 //Deallocate memory block
730 #ifndef ikeFreeMem
731  #define ikeFreeMem(p) osFreeMem(p)
732 #endif
733 
734 //Maximum digest size
735 #if (IKE_SHA512_SUPPORT == ENABLED)
736  #define IKE_MAX_DIGEST_SIZE 64
737 #elif (IKE_SHA384_SUPPORT == ENABLED)
738  #define IKE_MAX_DIGEST_SIZE 48
739 #else
740  #define IKE_MAX_DIGEST_SIZE 32
741 #endif
742 
743 //Maximum size of the ICV field
744 #if (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA512_SUPPORT == ENABLED)
745  #define IKE_MAX_ICV_SIZE 32
746 #elif (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA384_SUPPORT == ENABLED)
747  #define IKE_MAX_ICV_SIZE 24
748 #elif (IKE_HMAC_AUTH_SUPPORT == ENABLED && IKE_SHA256_SUPPORT == ENABLED)
749  #define IKE_MAX_ICV_SIZE 16
750 #else
751  #define IKE_MAX_ICV_SIZE 12
752 #endif
753 
754 //Maximum shared secret length (Diffie-Hellman key exchange)
755 #if (IKE_DH_KE_SUPPORT == ENABLED)
756  #define IKE_MAX_DH_SHARED_SECRET_LEN ((IKE_MAX_DH_MODULUS_SIZE + 7) / 8)
757 #else
758  #define IKE_MAX_DH_SHARED_SECRET_LEN 0
759 #endif
760 
761 //Maximum shared secret length (ECDH key exchange)
762 #if (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_ECP_521_SUPPORT == ENABLED)
763  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 66
764 #elif (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_CURVE448_SUPPORT == ENABLED)
765  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 56
766 #elif (IKE_ECDH_KE_SUPPORT == ENABLED && IKE_ECP_384_SUPPORT == ENABLED)
767  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 48
768 #else
769  #define IKE_MAX_ECDH_SHARED_SECRET_LEN 32
770 #endif
771 
772 //Maximum shared secret length
773 #if (IKE_MAX_DH_SHARED_SECRET_LEN >= IKE_MAX_ECDH_SHARED_SECRET_LEN)
774  #define IKE_MAX_SHARED_SECRET_LEN IKE_MAX_DH_SHARED_SECRET_LEN
775 #else
776  #define IKE_MAX_SHARED_SECRET_LEN IKE_MAX_ECDH_SHARED_SECRET_LEN
777 #endif
778 
779 //Major version of the IKE protocol
780 #define IKE_MAJOR_VERSION 2
781 //Minor version of the IKE protocol
782 #define IKE_MINOR_VERSION 0
783 
784 //UDP port number used by IKE
785 #define IKE_PORT 500
786 //UDP port number used by UDP-encapsulated IKE
787 #define IKE_ALT_PORT 4500
788 
789 //Size of IKE SPI
790 #define IKE_SPI_SIZE 8
791 //Size of SHA-1 digest
792 #define IKE_SHA1_DIGEST_SIZE 20
793 
794 //Forward declaration of IkeContext structure
795 struct _IkeContext;
796 #define IkeContext struct _IkeContext
797 
798 //Forward declaration of IkeSaEntry structure
799 struct _IkeSaEntry;
800 #define IkeSaEntry struct _IkeSaEntry
801 
802 //Forward declaration of IkeChildSaEntry structure
803 struct _IkeChildSaEntry;
804 #define IkeChildSaEntry struct _IkeChildSaEntry
805 
806 //C++ guard
807 #ifdef __cplusplus
808 extern "C" {
809 #endif
810 
811 
812 /**
813  * @brief Exchange types
814  **/
815 
816 typedef enum
817 {
818  IKE_EXCHANGE_TYPE_IKE_SA_INIT = 34, ///<IKE_SA_INIT
819  IKE_EXCHANGE_TYPE_IKE_AUTH = 35, ///<IKE_AUTH
820  IKE_EXCHANGE_TYPE_CREATE_CHILD_SA = 36, ///<CREATE_CHILD_SA
821  IKE_EXCHANGE_TYPE_INFORMATIONAL = 37, ///<INFORMATIONAL
822  IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME = 38, ///<IKE_SESSION_RESUME
823  IKE_EXCHANGE_TYPE_GSA_AUTH = 39, ///<GSA_AUTH
824  IKE_EXCHANGE_TYPE_GSA_REGISTRATION = 40, ///<GSA_REGISTRATION
825  IKE_EXCHANGE_TYPE_GSA_REKEY = 41, ///<GSA_REKEY
826  IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY = 42, ///<GSA_INBAND_REKEY
827  IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE = 43, ///<IKE_INTERMEDIATE
828  IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE = 44 ///<IKE_FOLLOWUP_KE
829 } IkeExchangeType;
830 
831 
832 /**
833  * @brief Flags
834  **/
835 
836 typedef enum
837 {
838  IKE_FLAGS_R = 0x20, ///<Response flag
839  IKE_FLAGS_V = 0x10, ///<Version flag
840  IKE_FLAGS_I = 0x08 ///<Initiator flag
841 } IkeFlags;
842 
843 
844 /**
845  * @brief Payload types
846  **/
847 
848 typedef enum
849 {
850  IKE_PAYLOAD_TYPE_LAST = 0, ///<No Next Payload
851  IKE_PAYLOAD_TYPE_SA = 33, ///<Security Association
852  IKE_PAYLOAD_TYPE_KE = 34, ///<Key Exchange
853  IKE_PAYLOAD_TYPE_IDI = 35, ///<Identification - Initiator
854  IKE_PAYLOAD_TYPE_IDR = 36, ///<Identification - Responder
855  IKE_PAYLOAD_TYPE_CERT = 37, ///<Certificate
856  IKE_PAYLOAD_TYPE_CERTREQ = 38, ///<Certificate Request
857  IKE_PAYLOAD_TYPE_AUTH = 39, ///<Authentication
858  IKE_PAYLOAD_TYPE_NONCE = 40, ///<Nonce
859  IKE_PAYLOAD_TYPE_N = 41, ///<Notify
860  IKE_PAYLOAD_TYPE_D = 42, ///<Delete
861  IKE_PAYLOAD_TYPE_V = 43, ///<Vendor ID
862  IKE_PAYLOAD_TYPE_TSI = 44, ///<Traffic Selector - Initiator
863  IKE_PAYLOAD_TYPE_TSR = 45, ///<Traffic Selector - Responder
864  IKE_PAYLOAD_TYPE_SK = 46, ///<Encrypted and Authenticated
865  IKE_PAYLOAD_TYPE_CP = 47, ///<Configuration
866  IKE_PAYLOAD_TYPE_EAP = 48, ///<Extensible Authentication
867  IKE_PAYLOAD_TYPE_GSPM = 49, ///<Generic Secure Password Method
868  IKE_PAYLOAD_TYPE_IDG = 50, ///<Group Identification
869  IKE_PAYLOAD_TYPE_GSA = 51, ///<Group Security Association
870  IKE_PAYLOAD_TYPE_KD = 52, ///<Key Download
871  IKE_PAYLOAD_TYPE_SKF = 53, ///<Encrypted and Authenticated Fragment
872  IKE_PAYLOAD_TYPE_PS = 54 ///<Puzzle Solution
873 } IkePayloadType;
874 
875 
876 /**
877  * @brief Last Substruc values
878  **/
879 
880 typedef enum
881 {
882  IKE_LAST_SUBSTRUC_LAST = 0, ///<Last proposal/transform substructure
883  IKE_LAST_SUBSTRUC_MORE_PROPOSALS = 2, ///<More proposal substructures
884  IKE_LAST_SUBSTRUC_MORE_TRANSFORMS = 3 ///<More transform substructures
885 } IkeLastSubstruc;
886 
887 
888 /**
889  * @brief Protocol IDs
890  **/
891 
892 typedef enum
893 {
894  IKE_PROTOCOL_ID_IKE = 1, ///<IKE
895  IKE_PROTOCOL_ID_AH = 2, ///<AH
896  IKE_PROTOCOL_ID_ESP = 3, ///<ESP
897  IKE_PROTOCOL_ID_FC_ESP_HEADER = 4, ///<FC_ESP_HEADER
898  IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION = 5, ///<FC_CT_AUTHENTICATION
899  IKE_PROTOCOL_ID_GIKE_UPDATE = 6 ///<GIKE_UPDATE
900 } IkeProtocolId;
901 
902 
903 /**
904  * @brief Transform types
905  **/
906 
907 typedef enum
908 {
909  IKE_TRANSFORM_TYPE_ENCR = 1, ///<Encryption Algorithm
910  IKE_TRANSFORM_TYPE_PRF = 2, ///<Pseudorandom Function
911  IKE_TRANSFORM_TYPE_INTEG = 3, ///<Integrity Algorithm
912  IKE_TRANSFORM_TYPE_DH = 4, ///<Diffie-Hellman Group
913  IKE_TRANSFORM_TYPE_ESN = 5, ///<Extended Sequence Numbers
914  IKE_TRANSFORM_TYPE_ADDKE1 = 6, ///<Additional Key Exchange 1
915  IKE_TRANSFORM_TYPE_ADDKE2 = 7, ///<Additional Key Exchange 2
916  IKE_TRANSFORM_TYPE_ADDKE3 = 8, ///<Additional Key Exchange 3
917  IKE_TRANSFORM_TYPE_ADDKE4 = 9, ///<Additional Key Exchange 4
918  IKE_TRANSFORM_TYPE_ADDKE5 = 10, ///<Additional Key Exchange 5
919  IKE_TRANSFORM_TYPE_ADDKE6 = 11, ///<Additional Key Exchange 6
920  IKE_TRANSFORM_TYPE_ADDKE7 = 12, ///<Additional Key Exchange 7
921  IKE_TRANSFORM_TYPE_KWA = 13, ///<Key Wrap Algorithm
922  IKE_TRANSFORM_TYPE_GCAUTH = 14 ///<Group Controller Authentication Method
923 } IkeTransformType;
924 
925 
926 /**
927  * @brief Transform IDs (Encryption Algorithm)
928  **/
929 
930 typedef enum
931 {
932  IKE_TRANSFORM_ID_ENCR_RESERVED = 0,
933  IKE_TRANSFORM_ID_ENCR_DES_IV64 = 1,
934  IKE_TRANSFORM_ID_ENCR_DES = 2,
935  IKE_TRANSFORM_ID_ENCR_3DES = 3,
936  IKE_TRANSFORM_ID_ENCR_RC5 = 4,
937  IKE_TRANSFORM_ID_ENCR_IDEA = 5,
938  IKE_TRANSFORM_ID_ENCR_CAST = 6,
939  IKE_TRANSFORM_ID_ENCR_BLOWFISH = 7,
940  IKE_TRANSFORM_ID_ENCR_3IDEA = 8,
941  IKE_TRANSFORM_ID_ENCR_DES_IV32 = 9,
942  IKE_TRANSFORM_ID_ENCR_NULL = 11,
943  IKE_TRANSFORM_ID_ENCR_AES_CBC = 12,
944  IKE_TRANSFORM_ID_ENCR_AES_CTR = 13,
945  IKE_TRANSFORM_ID_ENCR_AES_CCM_8 = 14,
946  IKE_TRANSFORM_ID_ENCR_AES_CCM_12 = 15,
947  IKE_TRANSFORM_ID_ENCR_AES_CCM_16 = 16,
948  IKE_TRANSFORM_ID_ENCR_AES_GCM_8 = 18,
949  IKE_TRANSFORM_ID_ENCR_AES_GCM_12 = 19,
950  IKE_TRANSFORM_ID_ENCR_AES_GCM_16 = 20,
951  IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC = 21,
952  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC = 23,
953  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR = 24,
954  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8 = 25,
955  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12 = 26,
956  IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16 = 27,
957  IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305 = 28,
958  IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV = 29,
959  IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV = 30,
960  IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV = 31,
961  IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE = 32,
962  IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE = 33,
963  IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE = 34,
964  IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE = 35,
965 } IkeTransformIdEncr;
966 
967 
968 /**
969  * @brief Transform IDs (Pseudorandom Function)
970  **/
971 
972 typedef enum
973 {
974  IKE_TRANSFORM_ID_PRF_RESERVED = 0,
975  IKE_TRANSFORM_ID_PRF_HMAC_MD5 = 1,
976  IKE_TRANSFORM_ID_PRF_HMAC_SHA1 = 2,
977  IKE_TRANSFORM_ID_PRF_HMAC_TIGER = 3,
978  IKE_TRANSFORM_ID_PRF_AES128_XCBC = 4,
979  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256 = 5,
980  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384 = 6,
981  IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512 = 7,
982  IKE_TRANSFORM_ID_PRF_AES128_CMAC = 8,
983  IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512 = 9,
984 } IkeTransformIdPrf;
985 
986 
987 /**
988  * @brief Transform IDs (Integrity Algorithm)
989  **/
990 
991 typedef enum
992 {
993  IKE_TRANSFORM_ID_AUTH_NONE = 0,
994  IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96 = 1,
995  IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96 = 2,
996  IKE_TRANSFORM_ID_AUTH_DES_MAC = 3,
997  IKE_TRANSFORM_ID_AUTH_KPDK_MD5 = 4,
998  IKE_TRANSFORM_ID_AUTH_AES_XCBC_96 = 5,
999  IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128 = 6,
1000  IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160 = 7,
1001  IKE_TRANSFORM_ID_AUTH_AES_CMAC_96 = 8,
1002  IKE_TRANSFORM_ID_AUTH_AES_128_GMAC = 9,
1003  IKE_TRANSFORM_ID_AUTH_AES_192_GMAC = 10,
1004  IKE_TRANSFORM_ID_AUTH_AES_256_GMAC = 11,
1005  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128 = 12,
1006  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192 = 13,
1007  IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256 = 14,
1008 } IkeTransformIdAuth;
1009 
1010 
1011 /**
1012  * @brief Transform IDs (Diffie-Hellman Group)
1013  **/
1014 
1015 typedef enum
1016 {
1017  IKE_TRANSFORM_ID_DH_GROUP_NONE = 0, ///<None
1018  IKE_TRANSFORM_ID_DH_GROUP_MODP_768 = 1, ///<768-bit MODP Group
1019  IKE_TRANSFORM_ID_DH_GROUP_MODP_1024 = 2, ///<1024-bit MODP Group
1020  IKE_TRANSFORM_ID_DH_GROUP_MODP_1536 = 5, ///<1536-bit MODP Group
1021  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048 = 14, ///<2048-bit MODP Group
1022  IKE_TRANSFORM_ID_DH_GROUP_MODP_3072 = 15, ///<3072-bit MODP Group
1023  IKE_TRANSFORM_ID_DH_GROUP_MODP_4096 = 16, ///<4096-bit MODP Group
1024  IKE_TRANSFORM_ID_DH_GROUP_MODP_6144 = 17, ///<6144-bit MODP Group
1025  IKE_TRANSFORM_ID_DH_GROUP_MODP_8192 = 18, ///<8192-bit MODP Group
1026  IKE_TRANSFORM_ID_DH_GROUP_ECP_256 = 19, ///<256-bit Random ECP Group
1027  IKE_TRANSFORM_ID_DH_GROUP_ECP_384 = 20, ///<384-bit Random ECP Group
1028  IKE_TRANSFORM_ID_DH_GROUP_ECP_521 = 21, ///<521-bit Random ECP Group
1029  IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160 = 22, ///<1024-bit MODP Group with 160-bit Prime Order Subgroup
1030  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224 = 23, ///<2048-bit MODP Group with 224-bit Prime Order Subgroup
1031  IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256 = 24, ///<2048-bit MODP Group with 256-bit Prime Order Subgroup
1032  IKE_TRANSFORM_ID_DH_GROUP_ECP_192 = 25, ///<192-bit Random ECP Group
1033  IKE_TRANSFORM_ID_DH_GROUP_ECP_224 = 26, ///<224-bit Random ECP Group
1034  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1 = 27, ///<224-bit Brainpool ECP Group
1035  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1 = 28, ///<256-bit Brainpool ECP Group
1036  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1 = 29, ///<384-bit Brainpool ECP Group
1037  IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1 = 30, ///<512-bit Brainpool ECP Group
1038  IKE_TRANSFORM_ID_DH_GROUP_CURVE25519 = 31, ///<curve25519
1039  IKE_TRANSFORM_ID_DH_GROUP_CURVE448 = 32, ///<curve448
1040  IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256 = 33, ///<GOST3410_2012_256
1041  IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512 = 34, ///<GOST3410_2012_512
1042  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512 = 35, ///<ML-KEM-512
1043  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768 = 36, ///<ML-KEM-768
1044  IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024 = 37, ///<ML-KEM-1024
1045 } IkeTransformIdDhGroup;
1046 
1047 
1048 /**
1049  * @brief Transform IDs (Extended Sequence Numbers)
1050  **/
1051 
1052 typedef enum
1053 {
1054  IKE_TRANSFORM_ID_ESN_NO = 0, ///<No Extended Sequence Numbers
1055  IKE_TRANSFORM_ID_ESN_YES = 1 ///<Extended Sequence Numbers
1056 } IkeTransformIdEsn;
1057 
1058 
1059 /**
1060  * @brief Transform attribute format
1061  **/
1062 
1063 typedef enum
1064 {
1065  IKE_ATTR_FORMAT_TLV = 0x0000, ///<Type/Length/Value format
1066  IKE_ATTR_FORMAT_TV = 0x8000 ///<shortened Type/Value format
1067 } IkeTransformAttrFormat;
1068 
1069 
1070 /**
1071  * @brief Transform attribute types
1072  **/
1073 
1074 typedef enum
1075 {
1076  IKE_TRANSFORM_ATTR_TYPE_KEY_LEN = 14 ///<Key Length (in bits)
1077 } IkeTransformAttrType;
1078 
1079 
1080 /**
1081  * @brief ID types
1082  **/
1083 
1084 typedef enum
1085 {
1086  IKE_ID_TYPE_INVALID = 0,
1087  IKE_ID_TYPE_IPV4_ADDR = 1,
1088  IKE_ID_TYPE_FQDN = 2,
1089  IKE_ID_TYPE_RFC822_ADDR = 3,
1090  IKE_ID_TYPE_IPV6_ADDR = 5,
1091  IKE_ID_TYPE_DER_ASN1_DN = 9,
1092  IKE_ID_TYPE_DER_ASN1_GN = 10,
1093  IKE_ID_TYPE_KEY_ID = 11,
1094  IKE_ID_TYPE_FC_NAME = 12,
1095  IKE_ID_TYPE_NULL = 13
1096 } IkeIdType;
1097 
1098 
1099 /**
1100  * @brief Certificate encodings
1101  **/
1102 
1103 typedef enum
1104 {
1105  IKE_CERT_ENCODING_PKCS7_X509_CERT = 1, ///<PKCS #7 wrapped X.509 certificate
1106  IKE_CERT_ENCODING_PGP_CERT = 2, ///<PGP certificate
1107  IKE_CERT_ENCODING_DNS_SIGNED_KEY = 3, ///<DNS signed key
1108  IKE_CERT_ENCODING_X509_CERT_SIGN = 4, ///<X.509 certificate - signature
1109  IKE_CERT_ENCODING_KERBEROS_TOKEN = 6, ///<Kerberos token
1110  IKE_CERT_ENCODING_CRL = 7, ///<Certificate revocation list
1111  IKE_CERT_ENCODING_ARL = 8, ///<Authority revocation list
1112  IKE_CERT_ENCODING_SPKI_CERT = 9, ///<SPKI certificate
1113  IKE_CERT_ENCODING_X509_CERT_ATTR = 10, ///<X.509 certificate - attribute
1114  IKE_CERT_ENCODING_RAW_RSA_KEY = 11, ///<Raw RSA key (deprecated)
1115  IKE_CERT_ENCODING_HASH_URL_X509_CERT = 12, ///<Hash and URL of X.509 certificate
1116  IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE = 13, ///<Hash and URL of X.509 bundle
1117  IKE_CERT_ENCODING_OCSP_CONTENT = 14, ///<OCSP Content
1118  IKE_CERT_ENCODING_RAW_PUBLIC_KEY = 15 ///<Raw Public Key
1119 } IkeCertEncoding;
1120 
1121 
1122 /**
1123  * @brief Authentication methods
1124  **/
1125 
1126 typedef enum
1127 {
1128  IKE_AUTH_METHOD_RSA = 1, ///<RSA Digital Signature
1129  IKE_AUTH_METHOD_SHARED_KEY = 2, ///<Shared Key Message Integrity Code
1130  IKE_AUTH_METHOD_DSS = 3, ///<DSS Digital Signature
1131  IKE_AUTH_METHOD_ECDSA_P256_SHA256 = 9, ///<ECDSA with SHA-256 on the P-256 curve
1132  IKE_AUTH_METHOD_ECDSA_P384_SHA384 = 10, ///<ECDSA with SHA-384 on the P-384 curve
1133  IKE_AUTH_METHOD_ECDSA_P521_SHA512 = 11, ///<ECDSA with SHA-512 on the P-521 curve
1134  IKE_AUTH_METHOD_GSPAM = 12, ///<Generic Secure Password Authentication Method
1135  IKE_AUTH_METHOD_NULL = 13, ///<NULL Authentication
1136  IKE_AUTH_METHOD_DIGITAL_SIGN = 14 ///<Digital Signature
1137 } IkeAuthMethod;
1138 
1139 
1140 /**
1141  * @brief Notify message types
1142  **/
1143 
1144 typedef enum
1145 {
1146  IKE_NOTIFY_MSG_TYPE_NONE = 0,
1147  IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD = 1, //RFC 7296
1148  IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI = 4, //RFC 7296
1149  IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION = 5, //RFC 7296
1150  IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX = 7, //RFC 7296
1151  IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID = 9, //RFC 7296
1152  IKE_NOTIFY_MSG_TYPE_INVALID_SPI = 11, //RFC 7296
1153  IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN = 14, //RFC 7296
1154  IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD = 17, //RFC 7296
1155  IKE_NOTIFY_MSG_TYPE_AUTH_FAILED = 24, //RFC 7296
1156  IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED = 34, //RFC 7296
1157  IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS = 35, //RFC 7296
1158  IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE = 36, //RFC 7296
1159  IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED = 37, //RFC 7296
1160  IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE = 38, //RFC 7296
1161  IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS = 39, //RFC 7296
1162  IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES = 40, //RFC 4555
1163  IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED = 41, //RFC 4555
1164  IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA = 42, //RFC 5026
1165  IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE = 43, //RFC 7296
1166  IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND = 44, //RFC 7296
1167  IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID = 45, //Draft
1168  IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED = 46, //Draft
1169  IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND = 47, //RFC 9370
1170  IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE = 48, //RFC 9611
1171  IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED = 49, //Draft
1172  IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT = 16384, //RFC 7296
1173  IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE = 16385, //RFC 7296
1174  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE = 16386, //RFC 7296
1175  IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED = 16387, //RFC 7296
1176  IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP = 16388, //RFC 7296
1177  IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP = 16389, //RFC 7296
1178  IKE_NOTIFY_MSG_TYPE_COOKIE = 16390, //RFC 7296
1179  IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE = 16391, //RFC 7296
1180  IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED = 16392, //RFC 7296
1181  IKE_NOTIFY_MSG_TYPE_REKEY_SA = 16393, //RFC 7296
1182  IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED = 16394, //RFC 7296
1183  IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO = 16395, //RFC 7296
1184  IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED = 16396, //RFC 4555
1185  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS = 16397, //RFC 4555
1186  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS = 16398, //RFC 4555
1187  IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES = 16399, //RFC 4555
1188  IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES = 16400, //RFC 4555
1189  IKE_NOTIFY_MSG_TYPE_COOKIE2 = 16401, //RFC 4555
1190  IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED = 16402, //RFC 4555
1191  IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME = 16403, //RFC 4478
1192  IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED = 16404, //RFC 4739
1193  IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS = 16405, //RFC 4739
1194  IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED = 16406, //RFC 5685
1195  IKE_NOTIFY_MSG_TYPE_REDIRECT = 16407, //RFC 5685
1196  IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM = 16408, //RFC 5685
1197  IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE = 16409, //RFC 5723
1198  IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST = 16410, //RFC 5723
1199  IKE_NOTIFY_MSG_TYPE_TICKET_ACK = 16411, //RFC 5723
1200  IKE_NOTIFY_MSG_TYPE_TICKET_NACK = 16412, //RFC 5723
1201  IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE = 16413, //RFC 5723
1202  IKE_NOTIFY_MSG_TYPE_LINK_ID = 16414, //RFC 5739
1203  IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE = 16415, //RFC 5840
1204  IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED = 16416, //RFC 5857
1205  IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION = 16417, //RFC 5998
1206  IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED = 16418, //RFC 6023
1207  IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION = 16419, //RFC 6290
1208  IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED = 16420, //RFC 6311
1209  IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, //RFC 6311
1210  IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC = 16422, //RFC 6311
1211  IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC = 16423, //RFC 6311
1212  IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS = 16424, //RFC 6467
1213  IKE_NOTIFY_MSG_TYPE_PSK_PERSIST = 16425, //RFC 6631
1214  IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM = 16426, //RFC 6631
1215  IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED = 16427, //RFC 6867
1216  IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY = 16428, //Draft
1217  IKE_NOTIFY_MSG_TYPE_GROUP_SENDER = 16429, //Draft
1218  IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED = 16430, //RFC 7383
1219  IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS = 16431, //RFC 7427
1220  IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED = 16432, //RFC 7791
1221  IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA = 16433, //RFC 7791
1222  IKE_NOTIFY_MSG_TYPE_PUZZLE = 16434, //RFC 8019
1223  IKE_NOTIFY_MSG_TYPE_USE_PPK = 16435, //RFC 8784
1224  IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY = 16436, //RFC 8784
1225  IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH = 16437, //RFC 8784
1226  IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED = 16438, //RFC 9242
1227  IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED = 16439, //RFC 8983
1228  IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED = 16440, //RFC 8983
1229  IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE = 16441, //RFC 9370
1230  IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG = 16442, //RFC 9347
1231  IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS = 16443, //RFC 9593
1232  IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO = 16444, //RFC 9611
1233  IKE_NOTIFY_MSG_TYPE_USE_PPK_INT = 16445, //Draft
1234  IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY = 16446 //Draft
1235 } IkeNotifyMsgType;
1236 
1237 
1238 /**
1239  * @brief Traffic selector types
1240  **/
1241 
1242 typedef enum
1243 {
1244  IKE_TS_TYPE_IPV4_ADDR_RANGE = 7, ///<TS_IPV4_ADDR_RANGE
1245  IKE_TS_TYPE_IPV6_ADDR_RANGE = 8, ///<TS_IPV6_ADDR_RANGE
1246  IKE_TS_TYPE_FC_ADDR_RANGE = 9, ///<TS_FC_ADDR_RANGE
1247  IKE_TS_TYPE_SECLABEL = 10 ///<TS_SECLABEL
1248 } IkeTsType;
1249 
1250 
1251 /**
1252  * @brief IP protocol IDs
1253  **/
1254 
1255 typedef enum
1256 {
1257  IKE_IP_PROTOCOL_ID_ICMP = 1,
1258  IKE_IP_PROTOCOL_ID_TCP = 6,
1259  IKE_IP_PROTOCOL_ID_UDP = 17,
1260  IKE_IP_PROTOCOL_ID_ICMPV6 = 58,
1261 } IkeIpProtocolId;
1262 
1263 
1264 /**
1265  * @brief Configuration types
1266  **/
1267 
1268 typedef enum
1269 {
1270  IKE_CONFIG_TYPE_REQUEST = 1,
1271  IKE_CONFIG_TYPE_REPLY = 2,
1272  IKE_CONFIG_TYPE_SET = 3,
1273  IKE_CONFIG_TYPE_ACK = 4
1274 } IkeConfigType;
1275 
1276 
1277 /**
1278  * @brief Configuration attribute types
1279  **/
1280 
1281 typedef enum
1282 {
1283  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS = 1,
1284  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK = 2,
1285  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS = 3,
1286  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS = 4,
1287  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP = 6,
1288  IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION = 7,
1289  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS = 8,
1290  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS = 10,
1291  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP = 12,
1292  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET = 13,
1293  IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES = 14,
1294  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET = 15,
1295  IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX = 16,
1296  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK = 17,
1297  IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX = 18,
1298  IKE_CONFIG_ATTR_TYPE_HOME_AGENT_ADDRESS = 19,
1299  IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS = 20,
1300  IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS = 21,
1301  IKE_CONFIG_ATTR_TYPE_FTT_KAT = 22,
1302  IKE_CONFIG_ATTR_TYPE_EXTERNAL_SOURCE_IP4_NAT_INFO = 23,
1303  IKE_CONFIG_ATTR_TYPE_TIMEOUT_PERIOD_FOR_LIVENESS_CHECK = 24,
1304  IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN = 25,
1305  IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA = 26,
1306  IKE_CONFIG_ATTR_TYPE_ENCDNS_IP4 = 27,
1307  IKE_CONFIG_ATTR_TYPE_ENCDNS_IP6 = 28,
1308  IKE_CONFIG_ATTR_TYPE_ENCDNS_DIGEST_INFO = 29
1309 } IkeConfigAttrType;
1310 
1311 
1312 /**
1313  * @brief IKE Security Association state
1314  **/
1315 
1316 typedef enum
1317 {
1318  IKE_SA_STATE_CLOSED = 0,
1319  IKE_SA_STATE_RESERVED = 1,
1320  IKE_SA_STATE_INIT_REQ = 2,
1321  IKE_SA_STATE_INIT_RESP = 3,
1322  IKE_SA_STATE_AUTH_REQ = 4,
1323  IKE_SA_STATE_AUTH_RESP = 5,
1324  IKE_SA_STATE_OPEN = 6,
1325  IKE_SA_STATE_DPD_REQ = 7,
1326  IKE_SA_STATE_DPD_RESP = 8,
1327  IKE_SA_STATE_REKEY_REQ = 9,
1328  IKE_SA_STATE_REKEY_RESP = 10,
1329  IKE_SA_STATE_DELETE_REQ = 11,
1330  IKE_SA_STATE_DELETE_RESP = 12,
1331  IKE_SA_STATE_CREATE_CHILD_REQ = 13,
1332  IKE_SA_STATE_CREATE_CHILD_RESP = 14,
1333  IKE_SA_STATE_REKEY_CHILD_REQ = 15,
1334  IKE_SA_STATE_REKEY_CHILD_RESP = 16,
1335  IKE_SA_STATE_DELETE_CHILD_REQ = 17,
1336  IKE_SA_STATE_DELETE_CHILD_RESP = 18,
1337  IKE_SA_STATE_AUTH_FAILURE_REQ = 19,
1338  IKE_SA_STATE_AUTH_FAILURE_RESP = 20
1339 } IkeSaState;
1340 
1341 
1342 /**
1343  * @brief Child Security Association state
1344  **/
1345 
1346 typedef enum
1347 {
1348  IKE_CHILD_SA_STATE_CLOSED = 0,
1349  IKE_CHILD_SA_STATE_RESERVED = 1,
1350  IKE_CHILD_SA_STATE_INIT = 2,
1351  IKE_CHILD_SA_STATE_OPEN = 3,
1352  IKE_CHILD_SA_STATE_REKEY = 4,
1353  IKE_CHILD_SA_STATE_DELETE = 5
1354 } IkeChildSaState;
1355 
1356 
1357 /**
1358  * @brief Hash algorithms
1359  **/
1360 
1361 typedef enum
1362 {
1363  IKE_HASH_ALGO_SHA1 = 1,
1364  IKE_HASH_ALGO_SHA256 = 2,
1365  IKE_HASH_ALGO_SHA384 = 3,
1366  IKE_HASH_ALGO_SHA512 = 4,
1367  IKE_HASH_ALGO_IDENTITY = 5,
1368  IKE_HASH_ALGO_STREEBOG_256 = 6,
1369  IKE_HASH_ALGO_STREEBOG_512 = 7,
1370 } IkeHashAlgo;
1371 
1372 
1373 /**
1374  * @brief Certificate types
1375  **/
1376 
1377 typedef enum
1378 {
1379  IKE_CERT_TYPE_INVALID = 0,
1380  IKE_CERT_TYPE_RSA = 1,
1381  IKE_CERT_TYPE_RSA_PSS = 2,
1382  IKE_CERT_TYPE_DSA = 3,
1383  IKE_CERT_TYPE_ECDSA_P256 = 4,
1384  IKE_CERT_TYPE_ECDSA_P384 = 5,
1385  IKE_CERT_TYPE_ECDSA_P521 = 6,
1386  IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1 = 7,
1387  IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1 = 8,
1388  IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1 = 9,
1389  IKE_CERT_TYPE_SM2 = 10,
1390  IKE_CERT_TYPE_ED25519 = 11,
1391  IKE_CERT_TYPE_ED448 = 12
1392 } IkeCertType;
1393 
1394 
1395 //CC-RX, CodeWarrior or Win32 compiler?
1396 #if defined(__CCRX__)
1397  #pragma pack
1398 #elif defined(__CWCC__) || defined(_WIN32)
1399  #pragma pack(push, 1)
1400 #endif
1401 
1402 
1403 /**
1404  * @brief IKE header
1405  **/
1406 
1407 typedef __packed_struct
1408 {
1409  uint8_t initiatorSpi[IKE_SPI_SIZE]; //0-7
1410  uint8_t responderSpi[IKE_SPI_SIZE]; //8-15
1411  uint8_t nextPayload; //16
1412 #if defined(_CPU_BIG_ENDIAN) && !defined(__ICCRX__)
1413  uint8_t majorVersion : 4; //17
1414  uint8_t minorVersion : 4;
1415 #else
1416  uint8_t minorVersion : 4; //17
1417  uint8_t majorVersion : 4;
1418 #endif
1419  uint8_t exchangeType; //18
1420  uint8_t flags; //19
1421  uint32_t messageId; //20-23
1422  uint32_t length; //24-27
1423 } IkeHeader;
1424 
1425 
1426 /**
1427  * @brief Generic payload header
1428  **/
1429 
1430 typedef __packed_struct
1431 {
1432  uint8_t nextPayload; //0
1433 #if defined(_CPU_BIG_ENDIAN) && !defined(__ICCRX__)
1434  uint8_t critical : 1; //1
1435  uint8_t reserved : 7;
1436 #else
1437  uint8_t reserved : 7; //1
1438  uint8_t critical : 1;
1439 #endif
1440  uint16_t payloadLength; //2-3
1441 } IkePayloadHeader;
1442 
1443 
1444 /**
1445  * @brief Security Association payload
1446  **/
1447 
1448 typedef __packed_struct
1449 {
1450  IkePayloadHeader header; //0-3
1451  uint8_t proposals[]; //4
1452 } IkeSaPayload;
1453 
1454 
1455 /**
1456  * @brief Proposal substructure
1457  **/
1458 
1459 typedef __packed_struct
1460 {
1461  uint8_t lastSubstruc; //0
1462  uint8_t reserved; //1
1463  uint16_t proposalLength; //2-3
1464  uint8_t proposalNum; //4
1465  uint8_t protocolId; //5
1466  uint8_t spiSize; //6
1467  uint8_t numTransforms; //7
1468  uint8_t spi[]; //8
1469 } IkeProposal;
1470 
1471 
1472 /**
1473  * @brief Transform substructure
1474  **/
1475 
1476 typedef __packed_struct
1477 {
1478  uint8_t lastSubstruc; //0
1479  uint8_t reserved1; //1
1480  uint16_t transformLength; //2-3
1481  uint8_t transformType; //4
1482  uint8_t reserved2; //5
1483  uint16_t transformId; //6-7
1484  uint8_t transformAttr[]; //8
1485 } IkeTransform;
1486 
1487 
1488 /**
1489  * @brief Transform attribute
1490  **/
1491 
1492 typedef __packed_struct
1493 {
1494  uint16_t type; //0-1
1495  uint16_t length; //2-3
1496  uint8_t value[]; //4
1497 } IkeTransformAttr;
1498 
1499 
1500 /**
1501  * @brief Key Exchange payload
1502  **/
1503 
1504 typedef __packed_struct
1505 {
1506  IkePayloadHeader header; //0-3
1507  uint16_t dhGroupNum; //4-5
1508  uint16_t reserved; //6-7
1509  uint8_t keyExchangeData[]; //8
1510 } IkeKePayload;
1511 
1512 
1513 /**
1514  * @brief Identification payload
1515  **/
1516 
1517 typedef __packed_struct
1518 {
1519  IkePayloadHeader header; //0-3
1520  uint8_t idType; //4
1521  uint8_t reserved[3]; //5-7
1522  uint8_t idData[]; //8
1523 } IkeIdPayload;
1524 
1525 
1526 /**
1527  * @brief Certificate payload
1528  **/
1529 
1530 typedef __packed_struct
1531 {
1532  IkePayloadHeader header; //0-3
1533  uint8_t certEncoding; //4
1534  uint8_t certData[]; //5
1535 } IkeCertPayload;
1536 
1537 
1538 /**
1539  * @brief Certificate Request payload
1540  **/
1541 
1542 typedef __packed_struct
1543 {
1544  IkePayloadHeader header; //0-3
1545  uint8_t certEncoding; //4
1546  uint8_t certAuthority[]; //5
1547 } IkeCertReqPayload;
1548 
1549 
1550 /**
1551  * @brief Authentication payload
1552  **/
1553 
1554 typedef __packed_struct
1555 {
1556  IkePayloadHeader header; //0-3
1557  uint8_t authMethod; //4
1558  uint8_t reserved[3]; //4-7
1559  uint8_t authData[]; //8
1560 } IkeAuthPayload;
1561 
1562 
1563 /**
1564  * @brief Authentication data for digital signatures
1565  **/
1566 
1567 typedef __packed_struct
1568 {
1569  uint8_t algoIdLen; //0
1570  uint8_t algoId[]; //1
1571 } IkeAuthData;
1572 
1573 
1574 /**
1575  * @brief Nonce payload
1576  **/
1577 
1578 typedef __packed_struct
1579 {
1580  IkePayloadHeader header; //0-3
1581  uint8_t nonceData[]; //4
1582 } IkeNoncePayload;
1583 
1584 
1585 /**
1586  * @brief Notify payload
1587  **/
1588 
1589 typedef __packed_struct
1590 {
1591  IkePayloadHeader header; //0-3
1592  uint8_t protocolId; //4
1593  uint8_t spiSize; //5
1594  uint16_t notifyMsgType; //6-7
1595  uint8_t spi[]; //8
1596 } IkeNotifyPayload;
1597 
1598 
1599 /**
1600  * @brief Delete payload
1601  **/
1602 
1603 typedef __packed_struct
1604 {
1605  IkePayloadHeader header; //0-3
1606  uint8_t protocolId; //4
1607  uint8_t spiSize; //5
1608  uint16_t numSpi; //6-7
1609  uint8_t spi[]; //8
1610 } IkeDeletePayload;
1611 
1612 
1613 /**
1614  * @brief Vendor ID payload
1615  **/
1616 
1617 typedef __packed_struct
1618 {
1619  IkePayloadHeader header; //0-3
1620  uint8_t vid[]; //4
1621 } IkeVendorIdPayload;
1622 
1623 
1624 /**
1625  * @brief Traffic Selector payload
1626  **/
1627 
1628 typedef __packed_struct
1629 {
1630  IkePayloadHeader header; //0-3
1631  uint8_t numTs; //4
1632  uint8_t reserved[3]; //5-7
1633  uint8_t trafficSelectors[]; //8
1634 } IkeTsPayload;
1635 
1636 
1637 /**
1638  * @brief Traffic selector
1639  **/
1640 
1641 typedef __packed_struct
1642 {
1643  uint8_t tsType; //0
1644  uint8_t ipProtocolId; //1
1645  uint16_t selectorLength; //2-3
1646  uint16_t startPort; //4-5
1647  uint16_t endPort; //6-7
1648  uint8_t startAddr[]; //8
1649 } IkeTs;
1650 
1651 
1652 /**
1653  * @brief Encrypted payload
1654  **/
1655 
1656 typedef __packed_struct
1657 {
1658  IkePayloadHeader header; //0-3
1659  uint8_t iv[]; //4
1660 } IkeEncryptedPayload;
1661 
1662 
1663 /**
1664  * @brief Configuration payload
1665  **/
1666 
1667 typedef __packed_struct
1668 {
1669  IkePayloadHeader header; //0-3
1670  uint8_t configType; //4
1671  uint8_t reserved[3]; //5-7
1672  uint8_t configAttributes[]; //8
1673 } IkeConfigPayload;
1674 
1675 
1676 /**
1677  * @brief Configuration attribute
1678  **/
1679 
1680 typedef __packed_struct
1681 {
1682  uint16_t type; //0-1
1683  uint16_t length; //2-3
1684  uint8_t value[]; //4
1685 } IkeConfigAttr;
1686 
1687 
1688 /**
1689  * @brief EAP payload
1690  **/
1691 
1692 typedef __packed_struct
1693 {
1694  IkePayloadHeader header; //0-3
1695  uint8_t eapMessage[]; //4
1696 } IkeEapPayload;
1697 
1698 
1699 /**
1700  * @brief EAP message
1701  **/
1702 
1703 typedef __packed_struct
1704 {
1705  uint8_t code; //0
1706  uint8_t identifier; //1
1707  uint16_t length; //2-3
1708  uint8_t type; //4
1709  uint8_t data[]; //5
1710 } IkeEapMessage;
1711 
1712 
1713 /**
1714  * @brief Encrypted Fragment payload
1715  **/
1716 
1717 typedef __packed_struct
1718 {
1719  IkePayloadHeader header; //0-3
1720  uint16_t fragNum; //4-5
1721  uint16_t totalFrags; //6-7
1722  uint8_t iv[]; //8
1723 } IkeEncryptedFragPayload;
1724 
1725 
1726 //CC-RX, CodeWarrior or Win32 compiler?
1727 #if defined(__CCRX__)
1728  #pragma unpack
1729 #elif defined(__CWCC__) || defined(_WIN32)
1730  #pragma pack(pop)
1731 #endif
1732 
1733 
1734 /**
1735  * @brief Certificate verification callback function
1736  **/
1737 
1738 typedef error_t (*IkeCertVerifyCallback)(IkeSaEntry *sa,
1739  const X509CertInfo *certInfo, uint_t pathLen);
1740 
1741 
1742 /**
1743  * @brief Cookie generation callback function
1744  **/
1745 
1746 typedef error_t (*IkeCookieGenerateCallback)(IkeContext *context,
1747  const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce,
1748  size_t nonceLen, uint8_t *cookie, size_t *cookieLen);
1749 
1750 
1751 /**
1752  * @brief Cookie verification callback function
1753  **/
1754 
1755 typedef error_t (*IkeCookieVerifyCallback)(IkeContext *context,
1756  const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce,
1757  size_t nonceLen, const uint8_t *cookie, size_t cookieLen);
1758 
1759 
1760 /**
1761  * @brief Traffic selector parameters
1762  **/
1763 
1764 typedef struct
1765 {
1766  IpAddr startAddr;
1767  IpAddr endAddr;
1768  uint8_t ipProtocolId;
1769  uint16_t startPort;
1770  uint16_t endPort;
1771 } IkeTsParams;
1772 
1773 
1774 /**
1775  * @brief IKE Security Association entry
1776  **/
1777 
1778 struct _IkeSaEntry
1779 {
1780  IkeSaState state; ///<IKE SA state
1781  IkeContext *context; ///<IKE context
1782  IkeSaEntry *oldSa; ///<Old IKE SA
1783  IkeSaEntry *newSa; ///<New IKE SA
1784  IkeChildSaEntry *childSa; ///<Child SA
1785  IpAddr remoteIpAddr; ///<IP address of the peer
1786  uint16_t remotePort;
1787  bool_t originalInitiator; ///<Original initiator of the IKE SA
1788  systime_t lifetimeStart;
1789  systime_t lifetime; ///<Lifetime of the IKE SA
1790  systime_t reauthPeriod; ///<Reauthentication period
1791 #if (IKE_DPD_SUPPORT == ENABLED)
1792  systime_t dpdStart;
1793  systime_t dpdPeriod; ///<Dead peer detection period
1794 #endif
1795  systime_t timestamp;
1796  systime_t timeout;
1797  uint_t retransmitCount;
1798  uint32_t txMessageId;
1799  uint32_t rxMessageId;
1800  uint8_t cookie[IKE_MAX_COOKIE_SIZE]; ///<Cookie
1801  size_t cookieLen; ///<Length of the cookie, in bytes
1802 
1803  uint8_t initiatorSpi[IKE_SPI_SIZE]; ///<Initiator SPI
1804  uint8_t responderSpi[IKE_SPI_SIZE]; ///<Responder SPI
1805 
1806  uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE];
1807  size_t initiatorNonceLen;
1808  uint8_t responderNonce[IKE_MAX_NONCE_SIZE];
1809  size_t responderNonceLen;
1810 
1811  IkeIdType peerIdType; ///<Peer ID type
1812  uint8_t peerId[IKE_MAX_ID_LEN]; ///<Peer ID
1813  size_t peerIdLen; ///<Length of the peer ID, in bytes
1814 
1815  IkeNotifyMsgType notifyMsgType;
1816  uint8_t unsupportedCriticalPayload;
1817  uint8_t notifyProtocolId;
1818  uint8_t notifySpi[4];
1819 
1820  uint16_t encAlgoId; ///<Encryption algorithm
1821  uint16_t prfAlgoId; ///<Pseudorandom function
1822  uint16_t authAlgoId; ///<Integrity algorithm
1823  uint16_t dhGroupNum; ///<Diffie-Hellman group number
1824  uint8_t acceptedProposalNum; ///<Number of the accepted proposal
1825 
1826  uint8_t sharedSecret[IKE_MAX_SHARED_SECRET_LEN]; ///<Shared secret
1827  size_t sharedSecretLen; ///<Length of the shared secret, in bytes
1828  uint8_t keyMaterial[IKE_MAX_SA_KEY_MAT_LEN]; ///<Keying material
1829  const uint8_t *skd; ///<Key used for deriving new keys for Child SAs
1830  const uint8_t *skai; ///<Integrity protection key (initiator)
1831  const uint8_t *skar; ///<Integrity protection key (responder)
1832  const uint8_t *skei; ///<Encryption key (initiator)
1833  const uint8_t *sker; ///<Encryption key (responder)
1834  const uint8_t *skpi; ///<Key used for generating AUTH payload (initiator)
1835  const uint8_t *skpr; ///<Key used for generating AUTH payload (responder)
1836 
1837  CipherMode cipherMode; ///<Cipher mode of operation
1838  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1839  CipherContext cipherContext; ///<Cipher context
1840  const HashAlgo *authHashAlgo; ///<Hash algorithm for HMAC-based integrity calculations
1841  const CipherAlgo *authCipherAlgo; ///<Cipher algorithm for CMAC-based integrity calculations
1842  const HashAlgo *prfHashAlgo; ///<Hash algorithm for HMAC-based PRF calculations
1843  const CipherAlgo *prfCipherAlgo; ///<Cipher algorithm for CMAC-based PRF calculations
1844  size_t encKeyLen; ///<Size of the encryption key, in bytes
1845  size_t authKeyLen; ///<Size of the integrity protection key, in bytes
1846  size_t prfKeyLen; ///<Preferred size of the PRF key, in bytes
1847  size_t saltLen; ///<Length of the salt, in bytes
1848  size_t ivLen; ///<Length of the initialization vector, in bytes
1849  size_t icvLen; ///<Length of the ICV tag, in bytes
1850  uint8_t iv[8]; ///<Initialization vector
1851 
1852 #if (IKE_DH_KE_SUPPORT == ENABLED)
1853  DhContext dhContext; ///<Diffie-Hellman context
1854 #endif
1855 #if (IKE_ECDH_KE_SUPPORT == ENABLED)
1856  EcdhContext ecdhContext; ///<ECDH context
1857 #endif
1858 
1859  uint8_t *initiatorSaInit; ///<Pointer to the IKE_SA_INIT request
1860  size_t initiatorSaInitLen; ///<Length of the IKE_SA_INIT request, in bytes
1861  uint8_t *responderSaInit; ///<Pointer to the IKE_SA_INIT response
1862  size_t responderSaInitLen; ///<Length of the IKE_SA_INIT response, in bytes
1863 
1864  uint8_t request[IKE_MAX_MSG_SIZE]; ///<Request message
1865  size_t requestLen; ///<Length of the request message, in bytes
1866  uint8_t response[IKE_MAX_MSG_SIZE]; ///<Response message
1867  size_t responseLen; ///<Length of the response message, in bytes
1868 
1869  bool_t rekeyRequest; ///<IKE SA rekey request
1870  bool_t reauthRequest; ///<IKE SA reauthentication request
1871  bool_t reauthPending; ///<Reauthentication process is on-going
1872  bool_t deleteRequest; ///<IKE SA delete request
1873  bool_t deleteReceived;
1874  bool_t nonAdditionalSas; ///<NO_ADDITIONAL_SAS notification received
1875 #if (IKE_INITIAL_CONTACT_SUPPORT == ENABLED)
1876  bool_t initialContact; ///<INITIAL_CONTACT notification received
1877 #endif
1878 #if (IKE_SIGN_HASH_ALGOS_SUPPORT == ENABLED)
1879  uint32_t signHashAlgos; ///<List of hash algorithms supported by the peer
1880 #endif
1881 };
1882 
1883 
1884 /**
1885  * @brief Child Security Association entry
1886  **/
1887 
1888 struct _IkeChildSaEntry
1889 {
1890  IkeChildSaState state; ///<Child SA state
1891  IkeContext *context; ///<IKE context
1892  IkeSaEntry *sa; ///<IKE SA entry
1893  IkeChildSaEntry *oldChildSa; ///<Old Child SA
1894  IpAddr remoteIpAddr; ///<IP address of the peer
1895  IpsecMode mode; ///<IPsec mode (tunnel or transport)
1896  IpsecProtocol protocol; ///<Security protocol (AH or ESP)
1897  bool_t initiator; ///<Initiator of the CREATE_CHILD_SA exchange
1898  systime_t lifetimeStart;
1899 
1900  uint8_t localSpi[4]; ///<Initiator SPI
1901  uint8_t remoteSpi[4]; ///<Responder SPI
1902 
1903  uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]; ///<Initiator nonce
1904  size_t initiatorNonceLen; ///<Length of the initiator nonce
1905  uint8_t responderNonce[IKE_MAX_NONCE_SIZE]; ///<Responder nonce
1906  size_t responderNonceLen; ///<Length of the responder nonce
1907 
1908  uint16_t encAlgoId; ///<Encryption algorithm
1909  uint16_t authAlgoId; ///<Integrity algorithm
1910  uint16_t esn; ///<Extended sequence numbers
1911  uint8_t acceptedProposalNum; ///<Number of the accepted proposal
1912 
1913  uint8_t keyMaterial[IKE_MAX_CHILD_SA_KEY_MAT_LEN]; ///<Keying material
1914  const uint8_t *skai; ///<Integrity protection key (initiator)
1915  const uint8_t *skar; ///<Integrity protection key (responder)
1916  const uint8_t *skei; ///<Encryption key (initiator)
1917  const uint8_t *sker; ///<Encryption key (responder)
1918 
1919  CipherMode cipherMode; ///<Cipher mode of operation
1920  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1921  const HashAlgo *authHashAlgo; ///<Hash algorithm for HMAC-based integrity calculations
1922  const CipherAlgo *authCipherAlgo; ///<Cipher algorithm for CMAC-based integrity calculations
1923  size_t encKeyLen; ///<Length of the encryption key, in bytes
1924  size_t authKeyLen; ///<Length of the integrity protection key, in bytes
1925  size_t saltLen; ///<Length of the salt, in bytes
1926  size_t ivLen; ///<Length of the initialization vector, in bytes
1927  size_t icvLen; ///<Length of the ICV tag, in bytes
1928  uint8_t iv[8]; ///<Initialization vector
1929 
1930  IpsecPacketInfo packetInfo;
1931  IpsecSelector selector;
1932 
1933  bool_t rekeyRequest; ///<Child SA rekey request
1934  bool_t deleteRequest; ///<Child SA delete request
1935  bool_t deleteReceived;
1936 
1937  int_t inboundSa; ///<Inbound SAD entry
1938  int_t outboundSa; ///<Outbound SAD entry
1939 };
1940 
1941 
1942 /**
1943  * @brief IKE settings
1944  **/
1945 
1946 typedef struct
1947 {
1948  OsTaskParameters task; ///<Task parameters
1949  NetInterface *interface; ///<Underlying network interface
1950  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1951  void *prngContext; ///<Pseudo-random number generator context
1952  IkeSaEntry *saEntries; ///<IKE SA entries
1953  uint_t numSaEntries; ///<Number of IKE SA entries
1954  IkeChildSaEntry *childSaEntries; ///<Child SA entries
1955  uint_t numChildSaEntries; ///<Number of Child SA entries
1956  systime_t saLifetime; ///<Lifetime of IKE SAs
1957  systime_t childSaLifetime; ///<Lifetime of Child SAs
1958  systime_t reauthPeriod; ///<Reauthentication period
1959 #if (IKE_DPD_SUPPORT == ENABLED)
1960  systime_t dpdPeriod; ///<Dead peer detection period
1961 #endif
1962 #if (IKE_COOKIE_SUPPORT == ENABLED)
1963  IkeCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
1964  IkeCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
1965 #endif
1966 #if (IKE_CERT_AUTH_SUPPORT == ENABLED)
1967  IkeCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
1968 #endif
1969 } IkeSettings;
1970 
1971 
1972 /**
1973  * @brief IKE context
1974  **/
1975 
1976 struct _IkeContext
1977 {
1978  bool_t running; ///<Operational state of IKEv2
1979  bool_t stop; ///<Stop request
1980  OsEvent event; ///<Event object used to poll the underlying socket
1981  OsTaskParameters taskParams; ///<Task parameters
1982  OsTaskId taskId; ///<Task identifier
1983  NetInterface *interface; ///<Underlying network interface
1984  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1985  void *prngContext; ///<Pseudo-random number generator context
1986  systime_t saLifetime; ///<Lifetime of IKE SAs
1987  systime_t childSaLifetime; ///<Lifetime of Child SAs
1988  systime_t reauthPeriod; ///<Reauthentication period
1989 #if (IKE_DPD_SUPPORT == ENABLED)
1990  systime_t dpdPeriod; ///<Dead peer detection period
1991 #endif
1992  uint16_t preferredDhGroupNum; ///<Preferred Diffie-Hellman group number
1993  IkeIdType idType; ///<ID type
1994  uint8_t id[IKE_MAX_ID_LEN]; ///<ID
1995  size_t idLen; ///<Length of the ID, in bytes
1996  uint8_t psk[IKE_MAX_PSK_LEN]; ///<Pre-shared key
1997  size_t pskLen; ///<Length of the pre-shared key, in bytes
1998  IkeCertType certType; ///<Certificate type
1999  const char_t *certChain; ///<Entity's certificate chain (PEM format)
2000  size_t certChainLen; ///<Length of the certificate chain
2001  const char_t *privateKey; ///<Entity's private key (PEM format)
2002  size_t privateKeyLen; ///<Length of the private key
2003  char_t password[IKE_MAX_PASSWORD_LEN + 1]; ///<Password used to decrypt the private key
2004 
2005  Socket *socket; ///<Underlying UDP socket
2006  IpAddr localIpAddr; ///<Destination IP address of the received IKE message
2007  IpAddr remoteIpAddr; ///<Source IP address of the received IKE message
2008  uint16_t remotePort; ///<Source port of the received IKE message
2009  IkeSaEntry *sa; ///<IKE SA entries
2010  uint_t numSaEntries; ///<Number of IKE SA entries
2011  IkeChildSaEntry *childSa; ///<Child SA entries
2012  uint_t numChildSaEntries; ///<Number of Child SA entries
2013  uint8_t message[IKE_MAX_MSG_SIZE]; ///<Incoming IKE message
2014  size_t messageLen; ///<Length of the incoming IKE message, in bytes
2015 
2016 #if (IKE_CMAC_AUTH_SUPPORT == ENABLED || IKE_CMAC_PRF_SUPPORT == ENABLED)
2017  CmacContext cmacContext; ///<CMAC context
2018 #endif
2019 #if (IKE_HMAC_AUTH_SUPPORT == ENABLED || IKE_HMAC_PRF_SUPPORT == ENABLED)
2020  HmacContext hmacContext; ///<HMAC context
2021 #endif
2022 #if (IKE_XCBC_MAC_AUTH_SUPPORT == ENABLED || IKE_XCBC_MAC_PRF_SUPPORT == ENABLED)
2023  XcbcMacContext xcbcMacContext; ///<XCBC-MAC context
2024 #endif
2025 
2026 #if (IKE_COOKIE_SUPPORT == ENABLED)
2027  IkeCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
2028  IkeCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
2029 #endif
2030 #if (IKE_CERT_AUTH_SUPPORT == ENABLED)
2031  IkeCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
2032 #endif
2033 };
2034 
2035 
2036 //IKEv2 related functions
2037 void ikeGetDefaultSettings(IkeSettings *settings);
2038 
2039 error_t ikeInit(IkeContext *context, const IkeSettings *settings);
2040 error_t ikeStart(IkeContext *context);
2041 error_t ikeStop(IkeContext *context);
2042 
2043 error_t ikeSetPreferredDhGroup(IkeContext *context, uint16_t dhGroupNum);
2044 
2045 error_t ikeSetId(IkeContext *context, IkeIdType idType, const void *id,
2046  size_t idLen);
2047 
2048 error_t ikeSetPsk(IkeContext *context, const uint8_t *psk, size_t pskLen);
2049 
2050 error_t ikeSetCertificate(IkeContext *context, const char_t *certChain,
2051  size_t certChainLen, const char_t *privateKey, size_t privateKeyLen,
2052  const char_t *password);
2053 
2054 error_t ikeCreateSa(IkeContext *context, const IpsecPacketInfo *packet);
2055 error_t ikeRekeySa(IkeSaEntry *sa);
2056 error_t ikeDeleteSa(IkeSaEntry *sa);
2057 
2058 error_t ikeCreateChildSa(IkeContext *context, const IpsecPacketInfo *packet);
2059 error_t ikeRekeyChildSa(IkeChildSaEntry *childSa);
2060 error_t ikeDeleteChildSa(IkeChildSaEntry *childSa);
2061 
2062 void ikeTask(IkeContext *context);
2063 
2064 void ikeDeinit(IkeContext *context);
2065 
2066 //C++ guard
2067 #ifdef __cplusplus
2068 }
2069 #endif
2070 
2071 #endif
_IkeSaEntry::remotePort
uint16_t remotePort
Definition: ike.h:1786
IkeSaState
IkeSaState
IKE Security Association state.
Definition: ike.h:1317
IKE_TRANSFORM_ID_ENCR_AES_GCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_8
Definition: ike.h:948
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_DNSSEC_TA
Definition: ike.h:1305
_IkeSaEntry::dhContext
DhContext dhContext
Diffie-Hellman context.
Definition: ike.h:1853
IKE_CHILD_SA_STATE_DELETE
@ IKE_CHILD_SA_STATE_DELETE
Definition: ike.h:1353
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
@ IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
Definition: ike.h:1001
IKE_TRANSFORM_ID_ENCR_RESERVED
@ IKE_TRANSFORM_ID_ENCR_RESERVED
Definition: ike.h:932
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
@ IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
Definition: ike.h:1214
IKE_ID_TYPE_FC_NAME
@ IKE_ID_TYPE_FC_NAME
Definition: ike.h:1094
IKE_TRANSFORM_ID_DH_GROUP_CURVE448
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE448
curve448
Definition: ike.h:1039
reserved2
uint8_t reserved2
Definition: ike.h:1482
_IkeSaEntry::encKeyLen
size_t encKeyLen
Size of the encryption key, in bytes.
Definition: ike.h:1844
IKE_CONFIG_TYPE_REPLY
@ IKE_CONFIG_TYPE_REPLY
Definition: ike.h:1271
IkeCertType
IkeCertType
Certificate types.
Definition: ike.h:1378
IkeTransformIdEncr
IkeTransformIdEncr
Transform IDs (Encryption Algorithm)
Definition: ike.h:931
x509_common.h
X.509 common definitions.
_IkeContext::cookieVerifyCallback
IkeCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: ike.h:2028
IKE_CONFIG_ATTR_TYPE_HOME_AGENT_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_HOME_AGENT_ADDRESS
Definition: ike.h:1298
XcbcMacContext
XCBC-MAC algorithm context.
Definition: xcbc_mac.h:54
_IkeChildSaEntry::selector
IpsecSelector selector
Definition: ike.h:1931
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
Definition: ike.h:1006
IKE_MAX_MSG_SIZE
#define IKE_MAX_MSG_SIZE
Definition: ike.h:166
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
1024-bit MODP Group
Definition: ike.h:1019
key_exch_algorithms.h
Collection of key exchange algorithms.
_IkeChildSaEntry::responderNonceLen
size_t responderNonceLen
Length of the responder nonce.
Definition: ike.h:1906
IKE_TRANSFORM_ID_DH_GROUP_ECP_192
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_192
192-bit Random ECP Group
Definition: ike.h:1032
_IkeSaEntry::acceptedProposalNum
uint8_t acceptedProposalNum
Number of the accepted proposal.
Definition: ike.h:1824
IkeAuthData
IkeAuthData
Definition: ike.h:1571
_IkeChildSaEntry::saltLen
size_t saltLen
Length of the salt, in bytes.
Definition: ike.h:1925
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
Definition: ike.h:1221
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY
Definition: ike.h:1234
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
Definition: ike.h:995
IKE_TS_TYPE_IPV4_ADDR_RANGE
@ IKE_TS_TYPE_IPV4_ADDR_RANGE
TS_IPV4_ADDR_RANGE.
Definition: ike.h:1244
_IkeSaEntry::initiatorNonce
uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]
Definition: ike.h:1806
IpsecMode
IpsecMode
IPsec protocol modes.
Definition: ipsec.h:202
code
uint8_t code
Definition: coap_common.h:179
bool_t
int bool_t
Definition: compiler_port.h:61
HmacContext
HMAC algorithm context.
Definition: hmac.h:59
IKE_TRANSFORM_ID_PRF_AES128_CMAC
@ IKE_TRANSFORM_ID_PRF_AES128_CMAC
Definition: ike.h:982
_IkeChildSaEntry::context
IkeContext * context
IKE context.
Definition: ike.h:1891
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_SUBNET
Definition: ike.h:1292
IKE_TRANSFORM_ID_ENCR_AES_CCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_16
Definition: ike.h:947
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
Definition: ike.h:1175
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
Definition: ike.h:961
IkeCertReqPayload
IkeCertReqPayload
Definition: ike.h:1547
startAddr
uint8_t startAddr[]
Definition: ike.h:1648
payloadLength
uint16_t payloadLength
Definition: ike.h:1440
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
Definition: ike.h:1151
IKE_TRANSFORM_ID_ENCR_AES_CTR
@ IKE_TRANSFORM_ID_ENCR_AES_CTR
Definition: ike.h:944
IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP384R1
Definition: ike.h:1387
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
Definition: ike.h:1215
flags
uint8_t flags
Definition: ike.h:1420
IKE_TRANSFORM_ID_DH_GROUP_NONE
@ IKE_TRANSFORM_ID_DH_GROUP_NONE
None.
Definition: ike.h:1017
IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED
Definition: ike.h:1171
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
Definition: ike.h:1218
IkeVendorIdPayload
IkeVendorIdPayload
Definition: ike.h:1621
IKE_HASH_ALGO_SHA256
@ IKE_HASH_ALGO_SHA256
Definition: ike.h:1364
IKE_NOTIFY_MSG_TYPE_INVALID_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_SPI
Definition: ike.h:1152
IKE_CERT_ENCODING_RAW_RSA_KEY
@ IKE_CERT_ENCODING_RAW_RSA_KEY
Raw RSA key (deprecated)
Definition: ike.h:1114
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
@ IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
Definition: ike.h:1173
IKE_IP_PROTOCOL_ID_ICMP
@ IKE_IP_PROTOCOL_ID_ICMP
Definition: ike.h:1257
IKE_IP_PROTOCOL_ID_TCP
@ IKE_IP_PROTOCOL_ID_TCP
Definition: ike.h:1258
IkeCookieVerifyCallback
error_t(* IkeCookieVerifyCallback)(IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, const uint8_t *cookie, size_t cookieLen)
Cookie verification callback function.
Definition: ike.h:1755
_IkeSaEntry::initiatorNonceLen
size_t initiatorNonceLen
Definition: ike.h:1807
fragNum
uint16_t fragNum
Definition: ike.h:1720
__packed_struct
typedef __packed_struct
IKE header.
Definition: ike.h:1408
int_t
signed int int_t
Definition: compiler_port.h:56
_IkeContext::cookieGenerateCallback
IkeCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: ike.h:2027
_IkeContext::saLifetime
systime_t saLifetime
Lifetime of IKE SAs.
Definition: ike.h:1986
IKE_ID_TYPE_NULL
@ IKE_ID_TYPE_NULL
Definition: ike.h:1095
IKE_NOTIFY_MSG_TYPE_REKEY_SA
@ IKE_NOTIFY_MSG_TYPE_REKEY_SA
Definition: ike.h:1181
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
Definition: ike.h:1166
IKE_MAX_SA_KEY_MAT_LEN
#define IKE_MAX_SA_KEY_MAT_LEN
Definition: ike.h:712
IpsecSelector
IPsec selector.
Definition: ipsec.h:302
certEncoding
uint8_t certEncoding
Definition: ike.h:1533
IpAddr
IP network address.
Definition: ip.h:90
_IkeChildSaEntry::authAlgoId
uint16_t authAlgoId
Integrity algorithm.
Definition: ike.h:1909
_IkeContext::stop
bool_t stop
Stop request.
Definition: ike.h:1979
_IkeSaEntry::nonAdditionalSas
bool_t nonAdditionalSas
NO_ADDITIONAL_SAS notification received.
Definition: ike.h:1874
_IkeSaEntry::responseLen
size_t responseLen
Length of the response message, in bytes.
Definition: ike.h:1867
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
Definition: ike.h:1000
_IkeSaEntry::authHashAlgo
const HashAlgo * authHashAlgo
Hash algorithm for HMAC-based integrity calculations.
Definition: ike.h:1840
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
Definition: ike.h:1174
IKE_HASH_ALGO_SHA1
@ IKE_HASH_ALGO_SHA1
Definition: ike.h:1363
_IkeSaEntry::dpdStart
systime_t dpdStart
Definition: ike.h:1792
keyExchangeData
uint8_t keyExchangeData[]
Definition: ike.h:1509
PrngAlgo
#define PrngAlgo
Definition: crypto.h:1008
IKE_ID_TYPE_IPV4_ADDR
@ IKE_ID_TYPE_IPV4_ADDR
Definition: ike.h:1087
_IkeContext::idType
IkeIdType idType
ID type.
Definition: ike.h:1993
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
@ IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
Definition: ike.h:1153
ikeSetCertificate
error_t ikeSetCertificate(IkeContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
Definition: ike.c:426
IKE_PAYLOAD_TYPE_CP
@ IKE_PAYLOAD_TYPE_CP
Configuration.
Definition: ike.h:865
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
Definition: ike.h:1186
_IkeContext::interface
NetInterface * interface
Underlying network interface.
Definition: ike.h:1983
_IkeContext::certChain
const char_t * certChain
Entity's certificate chain (PEM format)
Definition: ike.h:1999
IkeTransformAttrFormat
IkeTransformAttrFormat
Transform attribute format.
Definition: ike.h:1064
_IkeChildSaEntry::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: ike.h:1920
IkeKePayload
IkeKePayload
Definition: ike.h:1510
_IkeSaEntry::childSa
IkeChildSaEntry * childSa
Child SA.
Definition: ike.h:1784
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
Definition: ike.h:952
IKE_ID_TYPE_DER_ASN1_DN
@ IKE_ID_TYPE_DER_ASN1_DN
Definition: ike.h:1091
IKE_HASH_ALGO_STREEBOG_256
@ IKE_HASH_ALGO_STREEBOG_256
Definition: ike.h:1368
IKE_CERT_TYPE_RSA_PSS
@ IKE_CERT_TYPE_RSA_PSS
Definition: ike.h:1381
IKE_TRANSFORM_ID_ENCR_IDEA
@ IKE_TRANSFORM_ID_ENCR_IDEA
Definition: ike.h:937
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
Definition: ike.h:1002
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
Definition: ike.h:994
IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
4096-bit MODP Group
Definition: ike.h:1023
IKE_SA_STATE_DELETE_REQ
@ IKE_SA_STATE_DELETE_REQ
Definition: ike.h:1329
IkeConfigPayload
IkeConfigPayload
Definition: ike.h:1673
IKE_CONFIG_TYPE_REQUEST
@ IKE_CONFIG_TYPE_REQUEST
Definition: ike.h:1270
ikeSetPsk
error_t ikeSetPsk(IkeContext *context, const uint8_t *psk, size_t pskLen)
Set entity's pre-shared key.
Definition: ike.c:388
proposalLength
uint16_t proposalLength
Definition: ike.h:1463
IKE_CERT_ENCODING_DNS_SIGNED_KEY
@ IKE_CERT_ENCODING_DNS_SIGNED_KEY
DNS signed key.
Definition: ike.h:1107
IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
@ IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
More transform substructures.
Definition: ike.h:884
IKE_AUTH_METHOD_ECDSA_P521_SHA512
@ IKE_AUTH_METHOD_ECDSA_P521_SHA512
ECDSA with SHA-512 on the P-521 curve.
Definition: ike.h:1133
IkeTsParams::startAddr
IpAddr startAddr
Definition: ike.h:1766
cipher_algorithms.h
Collection of AEAD algorithms.
_IkeSaEntry::peerIdLen
size_t peerIdLen
Length of the peer ID, in bytes.
Definition: ike.h:1813
IKE_NOTIFY_MSG_TYPE_USE_PPK_INT
@ IKE_NOTIFY_MSG_TYPE_USE_PPK_INT
Definition: ike.h:1233
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
2048-bit MODP Group
Definition: ike.h:1021
reserved
uint8_t reserved
Definition: ike.h:1437
_IkeChildSaEntry::mode
IpsecMode mode
IPsec mode (tunnel or transport)
Definition: ike.h:1895
idData
uint8_t idData[]
Definition: ike.h:1522
IKE_NOTIFY_MSG_TYPE_PUZZLE
@ IKE_NOTIFY_MSG_TYPE_PUZZLE
Definition: ike.h:1222
IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
8192-bit MODP Group
Definition: ike.h:1025
IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES
@ IKE_CONFIG_ATTR_TYPE_SUPPORTED_ATTRIBUTES
Definition: ike.h:1293
OsEvent
Event object.
Definition: os_port_cmsis_rtos.h:110
_IkeChildSaEntry::inboundSa
int_t inboundSa
Inbound SAD entry.
Definition: ike.h:1937
CipherContext
Generic cipher algorithm context.
Definition: cipher_algorithms.h:209
_IkeSaEntry::signHashAlgos
uint32_t signHashAlgos
List of hash algorithms supported by the peer.
Definition: ike.h:1879
IkeNotifyPayload
IkeNotifyPayload
Definition: ike.h:1596
IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO
@ IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO
Definition: ike.h:1232
IKE_TRANSFORM_TYPE_DH
@ IKE_TRANSFORM_TYPE_DH
Diffie-Hellman Group.
Definition: ike.h:912
numTransforms
uint8_t numTransforms
Definition: ike.h:1467
_IkeChildSaEntry::packetInfo
IpsecPacketInfo packetInfo
Definition: ike.h:1930
IKE_TRANSFORM_ID_ESN_NO
@ IKE_TRANSFORM_ID_ESN_NO
No Extended Sequence Numbers.
Definition: ike.h:1054
_IkeChildSaEntry::encKeyLen
size_t encKeyLen
Length of the encryption key, in bytes.
Definition: ike.h:1923
IKE_TRANSFORM_TYPE_ADDKE2
@ IKE_TRANSFORM_TYPE_ADDKE2
Additional Key Exchange 2.
Definition: ike.h:915
IKE_AUTH_METHOD_GSPAM
@ IKE_AUTH_METHOD_GSPAM
Generic Secure Password Authentication Method.
Definition: ike.h:1134
IkeSettings::numChildSaEntries
uint_t numChildSaEntries
Number of Child SA entries.
Definition: ike.h:1955
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
Definition: ike.h:1188
_IkeContext::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1990
IKE_TRANSFORM_ID_ENCR_CAST
@ IKE_TRANSFORM_ID_ENCR_CAST
Definition: ike.h:938
_IkeSaEntry::responderNonceLen
size_t responderNonceLen
Definition: ike.h:1809
_IkeContext::remoteIpAddr
IpAddr remoteIpAddr
Source IP address of the received IKE message.
Definition: ike.h:2007
_IkeSaEntry::newSa
IkeSaEntry * newSa
New IKE SA.
Definition: ike.h:1783
IKE_AUTH_METHOD_RSA
@ IKE_AUTH_METHOD_RSA
RSA Digital Signature.
Definition: ike.h:1128
IkeTsParams::endAddr
IpAddr endAddr
Definition: ike.h:1767
IKE_PROTOCOL_ID_AH
@ IKE_PROTOCOL_ID_AH
AH.
Definition: ike.h:895
IKE_CONFIG_ATTR_TYPE_ENCDNS_DIGEST_INFO
@ IKE_CONFIG_ATTR_TYPE_ENCDNS_DIGEST_INFO
Definition: ike.h:1308
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
Definition: ike.h:954
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_LINK
Definition: ike.h:1296
IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
@ IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
IKE_SESSION_RESUME.
Definition: ike.h:822
configType
uint8_t configType
Definition: ike.h:1670
IKE_LAST_SUBSTRUC_LAST
@ IKE_LAST_SUBSTRUC_LAST
Last proposal/transform substructure.
Definition: ike.h:882
_IkeChildSaEntry::keyMaterial
uint8_t keyMaterial[IKE_MAX_CHILD_SA_KEY_MAT_LEN]
Keying material.
Definition: ike.h:1913
IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY
@ IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY
GSA_INBAND_REKEY.
Definition: ike.h:826
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_ADDRESS
Definition: ike.h:1289
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
Definition: ike.h:1203
_IkeSaEntry::icvLen
size_t icvLen
Length of the ICV tag, in bytes.
Definition: ike.h:1849
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_P_CSCF_IP4_ADDRESS
Definition: ike.h:1299
IkePayloadHeader
IkePayloadHeader
Definition: ike.h:1441
_IkeSaEntry::notifyMsgType
IkeNotifyMsgType notifyMsgType
Definition: ike.h:1815
IKE_PAYLOAD_TYPE_CERTREQ
@ IKE_PAYLOAD_TYPE_CERTREQ
Certificate Request.
Definition: ike.h:856
ikeRekeyChildSa
error_t ikeRekeyChildSa(IkeChildSaEntry *childSa)
value
uint8_t value[]
Definition: ike.h:1496
_IkeSaEntry::context
IkeContext * context
IKE context.
Definition: ike.h:1781
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
Definition: ike.h:956
_IkeSaEntry::peerIdType
IkeIdType peerIdType
Peer ID type.
Definition: ike.h:1811
_IkeSaEntry::prfKeyLen
size_t prfKeyLen
Preferred size of the PRF key, in bytes.
Definition: ike.h:1846
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
Definition: ike.h:964
protocolId
uint8_t protocolId
Definition: ike.h:1465
_IkeSaEntry::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1790
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
GOST3410_2012_256.
Definition: ike.h:1040
_IkeSaEntry::timestamp
systime_t timestamp
Definition: ike.h:1795
_IkeContext::sa
IkeSaEntry * sa
IKE SA entries.
Definition: ike.h:2009
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
Definition: ike.h:1003
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
@ IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
Definition: ike.h:1216
ikeRekeySa
error_t ikeRekeySa(IkeSaEntry *sa)
IKE_TRANSFORM_TYPE_GCAUTH
@ IKE_TRANSFORM_TYPE_GCAUTH
Group Controller Authentication Method.
Definition: ike.h:922
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
Definition: ike.h:1204
_IkeChildSaEntry::rekeyRequest
bool_t rekeyRequest
Child SA rekey request.
Definition: ike.h:1933
IkeIdType
IkeIdType
ID types.
Definition: ike.h:1085
IKE_NOTIFY_MSG_TYPE_TICKET_NACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_NACK
Definition: ike.h:1200
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
Definition: ike.h:960
_IkeSaEntry::initiatorSaInit
uint8_t * initiatorSaInit
Pointer to the IKE_SA_INIT request.
Definition: ike.h:1859
IKE_IP_PROTOCOL_ID_UDP
@ IKE_IP_PROTOCOL_ID_UDP
Definition: ike.h:1259
_IkeSaEntry::iv
uint8_t iv[8]
Initialization vector.
Definition: ike.h:1850
IKE_TRANSFORM_ID_ENCR_DES_IV64
@ IKE_TRANSFORM_ID_ENCR_DES_IV64
Definition: ike.h:933
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
Definition: ike.h:959
IkePayloadType
IkePayloadType
Payload types.
Definition: ike.h:849
IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
@ IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
Hash and URL of X.509 bundle.
Definition: ike.h:1116
ikeCreateSa
error_t ikeCreateSa(IkeContext *context, const IpsecPacketInfo *packet)
_IkeSaEntry::prfHashAlgo
const HashAlgo * prfHashAlgo
Hash algorithm for HMAC-based PRF calculations.
Definition: ike.h:1842
_IkeContext::remotePort
uint16_t remotePort
Source port of the received IKE message.
Definition: ike.h:2008
_IkeSaEntry::skd
const uint8_t * skd
Key used for deriving new keys for Child SAs.
Definition: ike.h:1829
IKE_CERT_TYPE_ECDSA_P384
@ IKE_CERT_TYPE_ECDSA_P384
Definition: ike.h:1384
ikeTask
void ikeTask(IkeContext *context)
IKE task.
Definition: ike.c:720
messageId
uint32_t messageId
Definition: ike.h:1421
dhGroupNum
uint16_t dhGroupNum
Definition: ike.h:1507
IKE_TRANSFORM_TYPE_KWA
@ IKE_TRANSFORM_TYPE_KWA
Key Wrap Algorithm.
Definition: ike.h:921
_IkeSaEntry::timeout
systime_t timeout
Definition: ike.h:1796
IKE_AUTH_METHOD_NULL
@ IKE_AUTH_METHOD_NULL
NULL Authentication.
Definition: ike.h:1135
IkeTransform
IkeTransform
Definition: ike.h:1485
IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
curve25519
Definition: ike.h:1038
_IkeChildSaEntry::skei
const uint8_t * skei
Encryption key (initiator)
Definition: ike.h:1916
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
224-bit Brainpool ECP Group
Definition: ike.h:1034
_IkeSaEntry::response
uint8_t response[IKE_MAX_MSG_SIZE]
Response message.
Definition: ike.h:1866
IKE_TS_TYPE_SECLABEL
@ IKE_TS_TYPE_SECLABEL
TS_SECLABEL.
Definition: ike.h:1247
_IkeChildSaEntry::initiatorNonce
uint8_t initiatorNonce[IKE_MAX_NONCE_SIZE]
Initiator nonce.
Definition: ike.h:1903
_IkeContext::password
char_t password[IKE_MAX_PASSWORD_LEN+1]
Password used to decrypt the private key.
Definition: ike.h:2003
proposals
uint8_t proposals[]
Definition: ike.h:1451
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
@ IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
Definition: ike.h:1219
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
Definition: ike.h:957
IKE_TRANSFORM_TYPE_ADDKE7
@ IKE_TRANSFORM_TYPE_ADDKE7
Additional Key Exchange 7.
Definition: ike.h:920
_IkeContext::certType
IkeCertType certType
Certificate type.
Definition: ike.h:1998
IKE_ATTR_FORMAT_TV
@ IKE_ATTR_FORMAT_TV
shortened Type/Value format
Definition: ike.h:1066
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
@ IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
Definition: ike.h:998
_IkeSaEntry::cipherMode
CipherMode cipherMode
Cipher mode of operation.
Definition: ike.h:1837
_IkeChildSaEntry::responderNonce
uint8_t responderNonce[IKE_MAX_NONCE_SIZE]
Responder nonce.
Definition: ike.h:1905
_IkeSaEntry::ecdhContext
EcdhContext ecdhContext
ECDH context.
Definition: ike.h:1856
IKE_SA_STATE_CLOSED
@ IKE_SA_STATE_CLOSED
Definition: ike.h:1318
IKE_CONFIG_ATTR_TYPE_ENCDNS_IP6
@ IKE_CONFIG_ATTR_TYPE_ENCDNS_IP6
Definition: ike.h:1307
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
Definition: ike.h:980
_IkeSaEntry::initialContact
bool_t initialContact
INITIAL_CONTACT notification received.
Definition: ike.h:1876
IKE_CHILD_SA_STATE_REKEY
@ IKE_CHILD_SA_STATE_REKEY
Definition: ike.h:1352
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
@ IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
Definition: ike.h:1230
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
Definition: ike.h:1176
IkeAuthMethod
IkeAuthMethod
Authentication methods.
Definition: ike.h:1127
IKE_SA_STATE_REKEY_REQ
@ IKE_SA_STATE_REKEY_REQ
Definition: ike.h:1327
IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP256R1
Definition: ike.h:1386
ikeCreateChildSa
error_t ikeCreateChildSa(IkeContext *context, const IpsecPacketInfo *packet)
Create a new Child SA.
Definition: ike.c:583
identifier
uint8_t identifier
Definition: ike.h:1706
IKE_CONFIG_TYPE_ACK
@ IKE_CONFIG_TYPE_ACK
Definition: ike.h:1273
IKE_TRANSFORM_TYPE_ESN
@ IKE_TRANSFORM_TYPE_ESN
Extended Sequence Numbers.
Definition: ike.h:913
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
@ IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
Definition: ike.h:1160
_IkeSaEntry::saltLen
size_t saltLen
Length of the salt, in bytes.
Definition: ike.h:1847
IkeSettings::certVerifyCallback
IkeCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: ike.h:1967
IKE_MAX_SHARED_SECRET_LEN
#define IKE_MAX_SHARED_SECRET_LEN
Definition: ike.h:774
_IkeContext::certVerifyCallback
IkeCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: ike.h:2031
IKE_TRANSFORM_ID_DH_GROUP_ECP_224
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_224
224-bit Random ECP Group
Definition: ike.h:1033
IKE_NOTIFY_MSG_TYPE_LINK_ID
@ IKE_NOTIFY_MSG_TYPE_LINK_ID
Definition: ike.h:1202
_IkeSaEntry::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1793
_IkeChildSaEntry::protocol
IpsecProtocol protocol
Security protocol (AH or ESP)
Definition: ike.h:1896
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
Definition: ike.h:1177
IKE_TRANSFORM_ID_ENCR_AES_CBC
@ IKE_TRANSFORM_ID_ENCR_AES_CBC
Definition: ike.h:943
IKE_PAYLOAD_TYPE_EAP
@ IKE_PAYLOAD_TYPE_EAP
Extensible Authentication.
Definition: ike.h:866
IKE_ID_TYPE_DER_ASN1_GN
@ IKE_ID_TYPE_DER_ASN1_GN
Definition: ike.h:1092
IKE_CONFIG_ATTR_TYPE_EXTERNAL_SOURCE_IP4_NAT_INFO
@ IKE_CONFIG_ATTR_TYPE_EXTERNAL_SOURCE_IP4_NAT_INFO
Definition: ike.h:1302
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
@ IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
Key Length (in bits)
Definition: ike.h:1076
IkeTsParams
Traffic selector parameters.
Definition: ike.h:1765
spi
uint8_t spi[]
Definition: ike.h:1468
majorVersion
uint8_t majorVersion
Definition: ike.h:1417
_IkeContext::privateKey
const char_t * privateKey
Entity's private key (PEM format)
Definition: ike.h:2001
_IkeSaEntry::skar
const uint8_t * skar
Integrity protection key (responder)
Definition: ike.h:1831
IkeContext
#define IkeContext
Definition: ike.h:796
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NETMASK
Definition: ike.h:1284
IkeAuthPayload
IkeAuthPayload
Definition: ike.h:1560
IkeSettings::numSaEntries
uint_t numSaEntries
Number of IKE SA entries.
Definition: ike.h:1953
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
Definition: ike.h:1159
_IkeChildSaEntry::icvLen
size_t icvLen
Length of the ICV tag, in bytes.
Definition: ike.h:1927
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
Definition: ike.h:1211
IKE_EXCHANGE_TYPE_IKE_AUTH
@ IKE_EXCHANGE_TYPE_IKE_AUTH
IKE_AUTH.
Definition: ike.h:819
IKE_SA_STATE_DELETE_CHILD_RESP
@ IKE_SA_STATE_DELETE_CHILD_RESP
Definition: ike.h:1336
_IkeContext::taskParams
OsTaskParameters taskParams
Task parameters.
Definition: ike.h:1981
IKE_ID_TYPE_IPV6_ADDR
@ IKE_ID_TYPE_IPV6_ADDR
Definition: ike.h:1090
_IkeSaEntry::requestLen
size_t requestLen
Length of the request message, in bytes.
Definition: ike.h:1865
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
Definition: ike.h:1206
_IkeContext::psk
uint8_t psk[IKE_MAX_PSK_LEN]
Pre-shared key.
Definition: ike.h:1996
DhContext
Diffie-Hellman context.
Definition: dh.h:60
IkeConfigAttrType
IkeConfigAttrType
Configuration attribute types.
Definition: ike.h:1282
_IkeSaEntry::authAlgoId
uint16_t authAlgoId
Integrity algorithm.
Definition: ike.h:1822
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
@ IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
Definition: ike.h:1161
_IkeContext
IKE context.
Definition: ike.h:1977
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
@ IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
Definition: ike.h:1193
IKE_ATTR_FORMAT_TLV
@ IKE_ATTR_FORMAT_TLV
Type/Length/Value format.
Definition: ike.h:1065
notifyMsgType
uint16_t notifyMsgType
Definition: ike.h:1594
_IkeContext::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1988
IKE_CONFIG_ATTR_TYPE_FTT_KAT
@ IKE_CONFIG_ATTR_TYPE_FTT_KAT
Definition: ike.h:1301
IkeHashAlgo
IkeHashAlgo
Hash algorithms.
Definition: ike.h:1362
_IkeContext::childSaLifetime
systime_t childSaLifetime
Lifetime of Child SAs.
Definition: ike.h:1987
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
Definition: ike.h:1227
_IkeSaEntry::prfAlgoId
uint16_t prfAlgoId
Pseudorandom function.
Definition: ike.h:1821
IKE_SA_STATE_RESERVED
@ IKE_SA_STATE_RESERVED
Definition: ike.h:1319
IKE_TRANSFORM_TYPE_ADDKE3
@ IKE_TRANSFORM_TYPE_ADDKE3
Additional Key Exchange 3.
Definition: ike.h:916
X509CertInfo
X.509 certificate.
Definition: x509_common.h:1121
_IkeSaEntry::state
IkeSaState state
IKE SA state.
Definition: ike.h:1780
IkeSettings::dpdPeriod
systime_t dpdPeriod
Dead peer detection period.
Definition: ike.h:1960
IKE_FLAGS_I
@ IKE_FLAGS_I
Initiator flag.
Definition: ike.h:840
IKE_SA_STATE_OPEN
@ IKE_SA_STATE_OPEN
Definition: ike.h:1324
error_t
error_t
Error codes.
Definition: error.h:43
IKE_CERT_TYPE_INVALID
@ IKE_CERT_TYPE_INVALID
Definition: ike.h:1379
_IkeSaEntry::notifyProtocolId
uint8_t notifyProtocolId
Definition: ike.h:1817
_IkeContext::event
OsEvent event
Event object used to poll the underlying socket.
Definition: ike.h:1980
IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE
@ IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE
IKE_FOLLOWUP_KE.
Definition: ike.h:828
_IkeContext::childSa
IkeChildSaEntry * childSa
Child SA entries.
Definition: ike.h:2011
IKE_PAYLOAD_TYPE_SK
@ IKE_PAYLOAD_TYPE_SK
Encrypted and Authenticated.
Definition: ike.h:864
IKE_TRANSFORM_ID_DH_GROUP_MODP_768
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_768
768-bit MODP Group
Definition: ike.h:1018
IkeIdPayload
IkeIdPayload
Definition: ike.h:1523
algoId
uint8_t algoId[]
Definition: ike.h:1570
IKE_SA_STATE_AUTH_FAILURE_RESP
@ IKE_SA_STATE_AUTH_FAILURE_RESP
Definition: ike.h:1338
IKE_TRANSFORM_ID_PRF_RESERVED
@ IKE_TRANSFORM_ID_PRF_RESERVED
Definition: ike.h:974
_IkeChildSaEntry::lifetimeStart
systime_t lifetimeStart
Definition: ike.h:1898
IKE_PAYLOAD_TYPE_AUTH
@ IKE_PAYLOAD_TYPE_AUTH
Authentication.
Definition: ike.h:857
IKE_TRANSFORM_ID_ENCR_NULL
@ IKE_TRANSFORM_ID_ENCR_NULL
Definition: ike.h:942
_IkeSaEntry::originalInitiator
bool_t originalInitiator
Original initiator of the IKE SA.
Definition: ike.h:1787
IKE_PAYLOAD_TYPE_CERT
@ IKE_PAYLOAD_TYPE_CERT
Certificate.
Definition: ike.h:855
_IkeSaEntry::deleteRequest
bool_t deleteRequest
IKE SA delete request.
Definition: ike.h:1872
spiSize
uint8_t spiSize
Definition: ike.h:1466
IKE_SA_STATE_REKEY_CHILD_REQ
@ IKE_SA_STATE_REKEY_CHILD_REQ
Definition: ike.h:1333
IkeTsPayload
IkeTsPayload
Definition: ike.h:1634
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_PREFIX
Definition: ike.h:1297
_IkeChildSaEntry::ivLen
size_t ivLen
Length of the initialization vector, in bytes.
Definition: ike.h:1926
IKE_AUTH_METHOD_DIGITAL_SIGN
@ IKE_AUTH_METHOD_DIGITAL_SIGN
Digital Signature.
Definition: ike.h:1136
_IkeSaEntry::reauthPending
bool_t reauthPending
Reauthentication process is on-going.
Definition: ike.h:1871
_IkeContext::idLen
size_t idLen
Length of the ID, in bytes.
Definition: ike.h:1995
IKE_TS_TYPE_FC_ADDR_RANGE
@ IKE_TS_TYPE_FC_ADDR_RANGE
TS_FC_ADDR_RANGE.
Definition: ike.h:1246
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_SUBNET
Definition: ike.h:1294
_IkeContext::certChainLen
size_t certChainLen
Length of the certificate chain.
Definition: ike.h:2000
IkeTsParams::ipProtocolId
uint8_t ipProtocolId
Definition: ike.h:1768
IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
@ IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
IKE_INTERMEDIATE.
Definition: ike.h:827
IkeLastSubstruc
IkeLastSubstruc
Last Substruc values.
Definition: ike.h:881
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
Definition: ike.h:1190
_IkeChildSaEntry::authCipherAlgo
const CipherAlgo * authCipherAlgo
Cipher algorithm for CMAC-based integrity calculations.
Definition: ike.h:1922
_IkeSaEntry::lifetimeStart
systime_t lifetimeStart
Definition: ike.h:1788
IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX
@ IKE_CONFIG_ATTR_TYPE_MIP6_HOME_PREFIX
Definition: ike.h:1295
IKE_TRANSFORM_TYPE_ADDKE5
@ IKE_TRANSFORM_TYPE_ADDKE5
Additional Key Exchange 5.
Definition: ike.h:918
_IkeChildSaEntry::encAlgoId
uint16_t encAlgoId
Encryption algorithm.
Definition: ike.h:1908
_IkeContext::prngAlgo
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ike.h:1984
_IkeSaEntry::sker
const uint8_t * sker
Encryption key (responder)
Definition: ike.h:1833
proposalNum
uint8_t proposalNum
Definition: ike.h:1464
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
Definition: ike.h:963
IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:790
IKE_HASH_ALGO_SHA512
@ IKE_HASH_ALGO_SHA512
Definition: ike.h:1366
_IkeContext::hmacContext
HmacContext hmacContext
HMAC context.
Definition: ike.h:2020
IkeChildSaState
IkeChildSaState
Child Security Association state.
Definition: ike.h:1347
IkeSettings::interface
NetInterface * interface
Underlying network interface.
Definition: ike.h:1949
IKE_SA_STATE_INIT_REQ
@ IKE_SA_STATE_INIT_REQ
Definition: ike.h:1320
IkeSettings::prngAlgo
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ike.h:1950
IKE_SA_STATE_AUTH_REQ
@ IKE_SA_STATE_AUTH_REQ
Definition: ike.h:1322
IKE_PROTOCOL_ID_ESP
@ IKE_PROTOCOL_ID_ESP
ESP.
Definition: ike.h:896
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DNS
Definition: ike.h:1290
ikeStart
error_t ikeStart(IkeContext *context)
Start IKE service.
Definition: ike.c:207
IKE_MAX_NONCE_SIZE
#define IKE_MAX_NONCE_SIZE
Definition: ike.h:201
_IkeSaEntry::ivLen
size_t ivLen
Length of the initialization vector, in bytes.
Definition: ike.h:1848
NetInterface
#define NetInterface
Definition: net.h:36
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
@ IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
Definition: ike.h:1225
_IkeSaEntry::remoteIpAddr
IpAddr remoteIpAddr
IP address of the peer.
Definition: ike.h:1785
IKE_TRANSFORM_ID_PRF_HMAC_MD5
@ IKE_TRANSFORM_ID_PRF_HMAC_MD5
Definition: ike.h:975
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
Definition: ike.h:1224
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
@ IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
Definition: ike.h:1207
IKE_MAX_PASSWORD_LEN
#define IKE_MAX_PASSWORD_LEN
Definition: ike.h:222
ikeStop
error_t ikeStop(IkeContext *context)
Stop IKE service.
Definition: ike.c:290
_IkeChildSaEntry::localSpi
uint8_t localSpi[4]
Initiator SPI.
Definition: ike.h:1900
IKE_CERT_ENCODING_PGP_CERT
@ IKE_CERT_ENCODING_PGP_CERT
PGP certificate.
Definition: ike.h:1106
_IkeSaEntry::skai
const uint8_t * skai
Integrity protection key (initiator)
Definition: ike.h:1830
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
512-bit Brainpool ECP Group
Definition: ike.h:1037
IKE_MAX_ID_LEN
#define IKE_MAX_ID_LEN
Definition: ike.h:208
IKE_IP_PROTOCOL_ID_ICMPV6
@ IKE_IP_PROTOCOL_ID_ICMPV6
Definition: ike.h:1260
IkeExchangeType
IkeExchangeType
Exchange types.
Definition: ike.h:817
_IkeSaEntry::txMessageId
uint32_t txMessageId
Definition: ike.h:1798
_IkeChildSaEntry::iv
uint8_t iv[8]
Initialization vector.
Definition: ike.h:1928
startPort
uint16_t startPort
Definition: ike.h:1646
exchangeType
uint8_t exchangeType
Definition: ike.h:1419
ipProtocolId
uint8_t ipProtocolId
Definition: ike.h:1644
IKE_TRANSFORM_ID_PRF_HMAC_SHA1
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA1
Definition: ike.h:976
IKE_CERT_ENCODING_X509_CERT_ATTR
@ IKE_CERT_ENCODING_X509_CERT_ATTR
X.509 certificate - attribute.
Definition: ike.h:1113
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
Definition: ike.h:1184
IKE_MAX_PSK_LEN
#define IKE_MAX_PSK_LEN
Definition: ike.h:215
endPort
uint16_t endPort
Definition: ike.h:1647
IKE_TRANSFORM_ID_ENCR_AES_GCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_12
Definition: ike.h:949
IKE_CHILD_SA_STATE_INIT
@ IKE_CHILD_SA_STATE_INIT
Definition: ike.h:1350
IkeSettings::cookieGenerateCallback
IkeCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: ike.h:1963
IkeTransformAttr
IkeTransformAttr
Definition: ike.h:1497
IKE_CERT_ENCODING_OCSP_CONTENT
@ IKE_CERT_ENCODING_OCSP_CONTENT
OCSP Content.
Definition: ike.h:1117
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
Definition: ike.h:958
IKE_PAYLOAD_TYPE_V
@ IKE_PAYLOAD_TYPE_V
Vendor ID.
Definition: ike.h:861
certAuthority
uint8_t certAuthority[]
Definition: ike.h:1546
IKE_TRANSFORM_TYPE_ADDKE1
@ IKE_TRANSFORM_TYPE_ADDKE1
Additional Key Exchange 1.
Definition: ike.h:914
authMethod
uint8_t authMethod
Definition: ike.h:1557
iv
uint8_t iv[]
Definition: ike.h:1659
idType
uint8_t idType
Definition: ike.h:1520
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
Definition: ike.h:962
transformType
uint8_t transformType
Definition: ike.h:1481
IKE_PAYLOAD_TYPE_IDI
@ IKE_PAYLOAD_TYPE_IDI
Identification - Initiator.
Definition: ike.h:853
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
@ IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
Definition: ike.h:1196
IkeCertVerifyCallback
error_t(* IkeCertVerifyCallback)(IkeSaEntry *sa, const X509CertInfo *certInfo, uint_t pathLen)
Certificate verification callback function.
Definition: ike.h:1738
_IkeContext::xcbcMacContext
XcbcMacContext xcbcMacContext
XCBC-MAC context.
Definition: ike.h:2023
OsTaskParameters
Task parameters.
Definition: os_port_chibios.h:116
IkeSettings::prngContext
void * prngContext
Pseudo-random number generator context.
Definition: ike.h:1951
_IkeChildSaEntry::initiator
bool_t initiator
Initiator of the CREATE_CHILD_SA exchange.
Definition: ike.h:1897
IKE_TRANSFORM_ID_ENCR_BLOWFISH
@ IKE_TRANSFORM_ID_ENCR_BLOWFISH
Definition: ike.h:939
IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
1536-bit MODP Group
Definition: ike.h:1020
ikeSetPreferredDhGroup
error_t ikeSetPreferredDhGroup(IkeContext *context, uint16_t dhGroupNum)
Specify the preferred Diffie-Hellman group.
Definition: ike.c:332
IKE_CERT_TYPE_SM2
@ IKE_CERT_TYPE_SM2
Definition: ike.h:1389
IKE_TRANSFORM_TYPE_ENCR
@ IKE_TRANSFORM_TYPE_ENCR
Encryption Algorithm.
Definition: ike.h:909
IKE_TRANSFORM_ID_ENCR_DES_IV32
@ IKE_TRANSFORM_ID_ENCR_DES_IV32
Definition: ike.h:941
IKE_TRANSFORM_ID_PRF_AES128_XCBC
@ IKE_TRANSFORM_ID_PRF_AES128_XCBC
Definition: ike.h:978
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
Definition: ike.h:999
transformAttr
uint8_t transformAttr[]
Definition: ike.h:1484
numSpi
uint16_t numSpi
Definition: ike.h:1608
IKE_CERT_ENCODING_HASH_URL_X509_CERT
@ IKE_CERT_ENCODING_HASH_URL_X509_CERT
Hash and URL of X.509 certificate.
Definition: ike.h:1115
_IkeSaEntry::lifetime
systime_t lifetime
Lifetime of the IKE SA.
Definition: ike.h:1789
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
ML-KEM-768.
Definition: ike.h:1043
IkeHeader
IkeHeader
Definition: ike.h:1423
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DNS
Definition: ike.h:1285
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
2048-bit MODP Group with 224-bit Prime Order Subgroup
Definition: ike.h:1030
IkeIpProtocolId
IkeIpProtocolId
IP protocol IDs.
Definition: ike.h:1256
IKE_NOTIFY_MSG_TYPE_USE_PPK
@ IKE_NOTIFY_MSG_TYPE_USE_PPK
Definition: ike.h:1223
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
Definition: ike.h:1228
IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
@ IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
CREATE_CHILD_SA.
Definition: ike.h:820
_IkeSaEntry::responderSaInit
uint8_t * responderSaInit
Pointer to the IKE_SA_INIT response.
Definition: ike.h:1861
transformLength
uint16_t transformLength
Definition: ike.h:1480
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
Definition: ike.h:1201
_IkeChildSaEntry::sa
IkeSaEntry * sa
IKE SA entry.
Definition: ike.h:1892
ikeDeleteSa
error_t ikeDeleteSa(IkeSaEntry *sa)
Delete an IKE SA.
Definition: ike.c:548
CipherMode
CipherMode
Cipher operation modes.
Definition: crypto.h:1032
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
@ IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
Definition: ike.h:1163
IKE_AUTH_METHOD_SHARED_KEY
@ IKE_AUTH_METHOD_SHARED_KEY
Shared Key Message Integrity Code.
Definition: ike.h:1129
IkeTransformType
IkeTransformType
Transform types.
Definition: ike.h:908
IKE_CERT_TYPE_DSA
@ IKE_CERT_TYPE_DSA
Definition: ike.h:1382
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
Definition: ike.h:1180
IKE_TRANSFORM_ID_DH_GROUP_ECP_384
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_384
384-bit Random ECP Group
Definition: ike.h:1027
IkeCertEncoding
IkeCertEncoding
Certificate encodings.
Definition: ike.h:1104
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_NBNS
Definition: ike.h:1286
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
Definition: ike.h:979
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
Definition: ike.h:1182
IKE_CHILD_SA_STATE_CLOSED
@ IKE_CHILD_SA_STATE_CLOSED
Definition: ike.h:1348
IkeCookieGenerateCallback
error_t(* IkeCookieGenerateCallback)(IkeContext *context, const IpAddr *ipAddr, const uint8_t *spi, const uint8_t *nonce, size_t nonceLen, uint8_t *cookie, size_t *cookieLen)
Cookie generation callback function.
Definition: ike.h:1746
IkeEncryptedPayload
IkeEncryptedPayload
Definition: ike.h:1660
IKE_CERT_ENCODING_CRL
@ IKE_CERT_ENCODING_CRL
Certificate revocation list.
Definition: ike.h:1110
CmacContext
CMAC algorithm context.
Definition: cmac.h:54
eapMessage
uint8_t eapMessage[]
Definition: ike.h:1695
IpsecProtocol
IpsecProtocol
Security protocols.
Definition: ipsec.h:190
configAttributes
uint8_t configAttributes[]
Definition: ike.h:1672
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
Definition: ike.h:1169
IKE_NOTIFY_MSG_TYPE_GROUP_SENDER
@ IKE_NOTIFY_MSG_TYPE_GROUP_SENDER
Definition: ike.h:1217
IKE_CERT_TYPE_RSA
@ IKE_CERT_TYPE_RSA
Definition: ike.h:1380
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
@ IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
Definition: ike.h:1183
IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1
@ IKE_CERT_TYPE_ECDSA_BRAINPOOLP512R1
Definition: ike.h:1388
IKE_EXCHANGE_TYPE_GSA_AUTH
@ IKE_EXCHANGE_TYPE_GSA_AUTH
GSA_AUTH.
Definition: ike.h:823
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
GOST3410_2012_512.
Definition: ike.h:1041
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
Definition: ike.h:1005
_IkeSaEntry::authKeyLen
size_t authKeyLen
Size of the integrity protection key, in bytes.
Definition: ike.h:1845
IkeDeletePayload
IkeDeletePayload
Definition: ike.h:1610
IKE_MAX_COOKIE_SIZE
#define IKE_MAX_COOKIE_SIZE
Definition: ike.h:180
_IkeContext::preferredDhGroupNum
uint16_t preferredDhGroupNum
Preferred Diffie-Hellman group number.
Definition: ike.h:1992
IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE
@ IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE
Definition: ike.h:1170
_IkeSaEntry::encAlgoId
uint16_t encAlgoId
Encryption algorithm.
Definition: ike.h:1820
IKE_TRANSFORM_ID_ENCR_DES
@ IKE_TRANSFORM_ID_ENCR_DES
Definition: ike.h:934
_IkeContext::privateKeyLen
size_t privateKeyLen
Length of the private key.
Definition: ike.h:2002
_IkeChildSaEntry::deleteReceived
bool_t deleteReceived
Definition: ike.h:1935
IKE_CERT_TYPE_ED25519
@ IKE_CERT_TYPE_ED25519
Definition: ike.h:1390
IKE_CERT_TYPE_ED448
@ IKE_CERT_TYPE_ED448
Definition: ike.h:1391
_IkeChildSaEntry::deleteRequest
bool_t deleteRequest
Child SA delete request.
Definition: ike.h:1934
_IkeSaEntry::unsupportedCriticalPayload
uint8_t unsupportedCriticalPayload
Definition: ike.h:1816
numTs
uint8_t numTs
Definition: ike.h:1631
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
Definition: ike.h:1168
systime_t
uint32_t systime_t
System time.
Definition: os_port_chibios.h:101
IKE_TRANSFORM_ID_AUTH_KPDK_MD5
@ IKE_TRANSFORM_ID_AUTH_KPDK_MD5
Definition: ike.h:997
IkeTsParams::startPort
uint16_t startPort
Definition: ike.h:1769
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
Definition: ike.h:1004
_IkeChildSaEntry::skai
const uint8_t * skai
Integrity protection key (initiator)
Definition: ike.h:1914
IkeTs
IkeTs
Definition: ike.h:1649
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
@ IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
Definition: ike.h:951
_IkeContext::message
uint8_t message[IKE_MAX_MSG_SIZE]
Incoming IKE message.
Definition: ike.h:2013
IKE_CONFIG_TYPE_SET
@ IKE_CONFIG_TYPE_SET
Definition: ike.h:1272
IkeProposal
IkeProposal
Definition: ike.h:1469
IKE_SA_STATE_CREATE_CHILD_REQ
@ IKE_SA_STATE_CREATE_CHILD_REQ
Definition: ike.h:1331
IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_P_CSCF_IP6_ADDRESS
Definition: ike.h:1300
IKE_HASH_ALGO_STREEBOG_512
@ IKE_HASH_ALGO_STREEBOG_512
Definition: ike.h:1369
char_t
char char_t
Definition: compiler_port.h:55
IKE_CERT_ENCODING_PKCS7_X509_CERT
@ IKE_CERT_ENCODING_PKCS7_X509_CERT
PKCS #7 wrapped X.509 certificate.
Definition: ike.h:1105
IKE_PAYLOAD_TYPE_PS
@ IKE_PAYLOAD_TYPE_PS
Puzzle Solution.
Definition: ike.h:872
IKE_EXCHANGE_TYPE_IKE_SA_INIT
@ IKE_EXCHANGE_TYPE_IKE_SA_INIT
IKE_SA_INIT.
Definition: ike.h:818
IKE_PAYLOAD_TYPE_NONCE
@ IKE_PAYLOAD_TYPE_NONCE
Nonce.
Definition: ike.h:858
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
Definition: ike.h:1154
_IkeSaEntry::initiatorSpi
uint8_t initiatorSpi[IKE_SPI_SIZE]
Initiator SPI.
Definition: ike.h:1803
_IkeContext::messageLen
size_t messageLen
Length of the incoming IKE message, in bytes.
Definition: ike.h:2014
IkeSettings
IKE settings.
Definition: ike.h:1947
IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
@ IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
Definition: ike.h:983
IkeSaEntry
#define IkeSaEntry
Definition: ike.h:800
minorVersion
uint8_t minorVersion
Definition: ike.h:1416
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
1024-bit MODP Group with 160-bit Prime Order Subgroup
Definition: ike.h:1029
_IkeSaEntry::rekeyRequest
bool_t rekeyRequest
IKE SA rekey request.
Definition: ike.h:1869
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_ADDRESS
Definition: ike.h:1283
IKE_TRANSFORM_ID_ENCR_3DES
@ IKE_TRANSFORM_ID_ENCR_3DES
Definition: ike.h:935
_IkeChildSaEntry::outboundSa
int_t outboundSa
Outbound SAD entry.
Definition: ike.h:1938
IKE_TRANSFORM_ID_ENCR_AES_GCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16
Definition: ike.h:950
_IkeSaEntry::oldSa
IkeSaEntry * oldSa
Old IKE SA.
Definition: ike.h:1782
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
Definition: ike.h:1226
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
Definition: ike.h:1157
ikeDeinit
void ikeDeinit(IkeContext *context)
Release IKE context.
Definition: ike.c:783
_IkeChildSaEntry::oldChildSa
IkeChildSaEntry * oldChildSa
Old Child SA.
Definition: ike.h:1893
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
Definition: ike.h:1147
_IkeChildSaEntry::cipherMode
CipherMode cipherMode
Cipher mode of operation.
Definition: ike.h:1919
IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS
@ IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS
Definition: ike.h:1231
IkeConfigAttr
IkeConfigAttr
Definition: ike.h:1685
ipsec.h
IPsec (IP security)
IKE_PAYLOAD_TYPE_IDG
@ IKE_PAYLOAD_TYPE_IDG
Group Identification.
Definition: ike.h:868
IkeSettings::childSaLifetime
systime_t childSaLifetime
Lifetime of Child SAs.
Definition: ike.h:1957
IKE_CONFIG_ATTR_TYPE_ENCDNS_IP4
@ IKE_CONFIG_ATTR_TYPE_ENCDNS_IP4
Definition: ike.h:1306
IKE_TRANSFORM_ID_PRF_HMAC_TIGER
@ IKE_TRANSFORM_ID_PRF_HMAC_TIGER
Definition: ike.h:977
responderSpi
uint8_t responderSpi[IKE_SPI_SIZE]
Definition: ike.h:1410
IKE_NOTIFY_MSG_TYPE_NONE
@ IKE_NOTIFY_MSG_TYPE_NONE
Definition: ike.h:1146
_IkeSaEntry::peerId
uint8_t peerId[IKE_MAX_ID_LEN]
Peer ID.
Definition: ike.h:1812
IKE_PAYLOAD_TYPE_SKF
@ IKE_PAYLOAD_TYPE_SKF
Encrypted and Authenticated Fragment.
Definition: ike.h:871
IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
3072-bit MODP Group
Definition: ike.h:1022
_IkeContext::cmacContext
CmacContext cmacContext
CMAC context.
Definition: ike.h:2017
trafficSelectors
uint8_t trafficSelectors[]
Definition: ike.h:1633
IKE_SA_STATE_REKEY_CHILD_RESP
@ IKE_SA_STATE_REKEY_CHILD_RESP
Definition: ike.h:1334
IkeCertPayload
IkeCertPayload
Definition: ike.h:1535
ikeInit
error_t ikeInit(IkeContext *context, const IkeSettings *settings)
IKE service initialization.
Definition: ike.c:109
IkeEapMessage
IkeEapMessage
Definition: ike.h:1710
_IkeSaEntry::request
uint8_t request[IKE_MAX_MSG_SIZE]
Request message.
Definition: ike.h:1864
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
ML-KEM-1024.
Definition: ike.h:1044
_IkeSaEntry::initiatorSaInitLen
size_t initiatorSaInitLen
Length of the IKE_SA_INIT request, in bytes.
Definition: ike.h:1860
ikeSetId
error_t ikeSetId(IkeContext *context, IkeIdType idType, const void *id, size_t idLen)
Set entity's ID.
Definition: ike.c:359
IkeSettings::childSaEntries
IkeChildSaEntry * childSaEntries
Child SA entries.
Definition: ike.h:1954
IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION
@ IKE_CONFIG_ATTR_TYPE_APPLICATION_VERSION
Definition: ike.h:1288
_IkeSaEntry::notifySpi
uint8_t notifySpi[4]
Definition: ike.h:1818
IpsecPacketInfo
IP packet information.
Definition: ipsec.h:316
data
uint8_t data[]
Definition: ike.h:1709
IKE_TRANSFORM_ID_ENCR_AES_CCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_12
Definition: ike.h:946
IkeSettings::task
OsTaskParameters task
Task parameters.
Definition: ike.h:1948
_IkeSaEntry::skei
const uint8_t * skei
Encryption key (initiator)
Definition: ike.h:1832
IKE_TRANSFORM_TYPE_PRF
@ IKE_TRANSFORM_TYPE_PRF
Pseudorandom Function.
Definition: ike.h:910
IKE_TRANSFORM_ID_ESN_YES
@ IKE_TRANSFORM_ID_ESN_YES
Extended Sequence Numbers.
Definition: ike.h:1055
_IkeChildSaEntry::authHashAlgo
const HashAlgo * authHashAlgo
Hash algorithm for HMAC-based integrity calculations.
Definition: ike.h:1921
IKE_PAYLOAD_TYPE_KD
@ IKE_PAYLOAD_TYPE_KD
Key Download.
Definition: ike.h:870
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
Definition: ike.h:1197
_IkeContext::localIpAddr
IpAddr localIpAddr
Destination IP address of the received IKE message.
Definition: ike.h:2006
_IkeChildSaEntry::sker
const uint8_t * sker
Encryption key (responder)
Definition: ike.h:1917
IkeEncryptedFragPayload
IkeEncryptedFragPayload
Definition: ike.h:1723
_IkeSaEntry::skpr
const uint8_t * skpr
Key used for generating AUTH payload (responder)
Definition: ike.h:1835
_IkeSaEntry::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: ike.h:1838
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
@ IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
Definition: ike.h:1212
length
uint32_t length
Definition: ike.h:1422
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
Definition: ike.h:953
Socket
#define Socket
Definition: socket.h:36
IKE_CERT_ENCODING_ARL
@ IKE_CERT_ENCODING_ARL
Authority revocation list.
Definition: ike.h:1111
_IkeSaEntry::reauthRequest
bool_t reauthRequest
IKE SA reauthentication request.
Definition: ike.h:1870
IKE_SA_STATE_DPD_REQ
@ IKE_SA_STATE_DPD_REQ
Definition: ike.h:1325
_IkeContext::socket
Socket * socket
Underlying UDP socket.
Definition: ike.h:2005
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
@ IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
Definition: ike.h:1164
_IkeChildSaEntry::esn
uint16_t esn
Extended sequence numbers.
Definition: ike.h:1910
IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION
@ IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION
FC_CT_AUTHENTICATION.
Definition: ike.h:898
IkeTransformIdDhGroup
IkeTransformIdDhGroup
Transform IDs (Diffie-Hellman Group)
Definition: ike.h:1016
ikeGetDefaultSettings
void ikeGetDefaultSettings(IkeSettings *settings)
Initialize settings with default values.
Definition: ike.c:56
IKE_ID_TYPE_RFC822_ADDR
@ IKE_ID_TYPE_RFC822_ADDR
Definition: ike.h:1089
IKE_SA_STATE_DELETE_RESP
@ IKE_SA_STATE_DELETE_RESP
Definition: ike.h:1330
IKE_MAX_CHILD_SA_KEY_MAT_LEN
#define IKE_MAX_CHILD_SA_KEY_MAT_LEN
Definition: ike.h:719
transformId
uint16_t transformId
Definition: ike.h:1483
IKE_PROTOCOL_ID_IKE
@ IKE_PROTOCOL_ID_IKE
IKE.
Definition: ike.h:894
IKE_ID_TYPE_INVALID
@ IKE_ID_TYPE_INVALID
Definition: ike.h:1086
_IkeSaEntry::deleteReceived
bool_t deleteReceived
Definition: ike.h:1873
_IkeSaEntry::cookieLen
size_t cookieLen
Length of the cookie, in bytes.
Definition: ike.h:1801
IKE_AUTH_METHOD_DSS
@ IKE_AUTH_METHOD_DSS
DSS Digital Signature.
Definition: ike.h:1130
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
Definition: ike.h:1155
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
@ IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
Definition: ike.h:1165
IkeSettings::saLifetime
systime_t saLifetime
Lifetime of IKE SAs.
Definition: ike.h:1956
IKE_TRANSFORM_ID_ENCR_3IDEA
@ IKE_TRANSFORM_ID_ENCR_3IDEA
Definition: ike.h:940
IKE_SA_STATE_AUTH_RESP
@ IKE_SA_STATE_AUTH_RESP
Definition: ike.h:1323
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1164
_IkeChildSaEntry::authKeyLen
size_t authKeyLen
Length of the integrity protection key, in bytes.
Definition: ike.h:1924
IKE_EXCHANGE_TYPE_INFORMATIONAL
@ IKE_EXCHANGE_TYPE_INFORMATIONAL
INFORMATIONAL.
Definition: ike.h:821
IKE_PAYLOAD_TYPE_LAST
@ IKE_PAYLOAD_TYPE_LAST
No Next Payload.
Definition: ike.h:850
critical
uint8_t critical
Definition: ike.h:1438
_IkeSaEntry::cookie
uint8_t cookie[IKE_MAX_COOKIE_SIZE]
Cookie.
Definition: ike.h:1800
IkeNotifyMsgType
IkeNotifyMsgType
Notify message types.
Definition: ike.h:1145
IKE_LAST_SUBSTRUC_MORE_PROPOSALS
@ IKE_LAST_SUBSTRUC_MORE_PROPOSALS
More proposal substructures.
Definition: ike.h:883
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
@ IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
Definition: ike.h:1198
IKE_SA_STATE_INIT_RESP
@ IKE_SA_STATE_INIT_RESP
Definition: ike.h:1321
_IkeSaEntry::authCipherAlgo
const CipherAlgo * authCipherAlgo
Cipher algorithm for CMAC-based integrity calculations.
Definition: ike.h:1841
IkeSettings::cookieVerifyCallback
IkeCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: ike.h:1964
cookie
uint8_t cookie[]
Definition: dtls_misc.h:206
IKE_CERT_ENCODING_SPKI_CERT
@ IKE_CERT_ENCODING_SPKI_CERT
SPKI certificate.
Definition: ike.h:1112
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
@ IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
Definition: ike.h:1172
_IkeChildSaEntry::acceptedProposalNum
uint8_t acceptedProposalNum
Number of the accepted proposal.
Definition: ike.h:1911
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
@ IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
Definition: ike.h:1158
IKE_PAYLOAD_TYPE_KE
@ IKE_PAYLOAD_TYPE_KE
Key Exchange.
Definition: ike.h:852
IkeProtocolId
IkeProtocolId
Protocol IDs.
Definition: ike.h:893
_IkeSaEntry::cipherContext
CipherContext cipherContext
Cipher context.
Definition: ike.h:1839
_IkeSaEntry::responderSaInitLen
size_t responderSaInitLen
Length of the IKE_SA_INIT response, in bytes.
Definition: ike.h:1862
_IkeChildSaEntry
Child Security Association entry.
Definition: ike.h:1889
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
Definition: ike.h:1208
IKE_SA_STATE_AUTH_FAILURE_REQ
@ IKE_SA_STATE_AUTH_FAILURE_REQ
Definition: ike.h:1337
IKE_NOTIFY_MSG_TYPE_REDIRECT
@ IKE_NOTIFY_MSG_TYPE_REDIRECT
Definition: ike.h:1195
_IkeSaEntry::rxMessageId
uint32_t rxMessageId
Definition: ike.h:1799
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
@ IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
Definition: ike.h:1191
nextPayload
uint8_t nextPayload
Definition: ike.h:1411
IKE_AUTH_METHOD_ECDSA_P256_SHA256
@ IKE_AUTH_METHOD_ECDSA_P256_SHA256
ECDSA with SHA-256 on the P-256 curve.
Definition: ike.h:1131
IKE_NOTIFY_MSG_TYPE_COOKIE
@ IKE_NOTIFY_MSG_TYPE_COOKIE
Definition: ike.h:1178
IKE_ID_TYPE_KEY_ID
@ IKE_ID_TYPE_KEY_ID
Definition: ike.h:1093
IkeSettings::reauthPeriod
systime_t reauthPeriod
Reauthentication period.
Definition: ike.h:1958
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
Definition: ike.h:1209
IKE_FLAGS_R
@ IKE_FLAGS_R
Response flag.
Definition: ike.h:838
IKE_PAYLOAD_TYPE_TSI
@ IKE_PAYLOAD_TYPE_TSI
Traffic Selector - Initiator.
Definition: ike.h:862
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
Definition: ike.h:1179
IKE_PROTOCOL_ID_FC_ESP_HEADER
@ IKE_PROTOCOL_ID_FC_ESP_HEADER
FC_ESP_HEADER.
Definition: ike.h:897
IKE_SA_STATE_REKEY_RESP
@ IKE_SA_STATE_REKEY_RESP
Definition: ike.h:1328
_IkeSaEntry::sharedSecret
uint8_t sharedSecret[IKE_MAX_SHARED_SECRET_LEN]
Shared secret.
Definition: ike.h:1826
IKE_CERT_ENCODING_X509_CERT_SIGN
@ IKE_CERT_ENCODING_X509_CERT_SIGN
X.509 certificate - signature.
Definition: ike.h:1108
ipAddr
Ipv4Addr ipAddr
Definition: ipcp.h:105
IkeNoncePayload
IkeNoncePayload
Definition: ike.h:1582
IKE_TRANSFORM_TYPE_ADDKE6
@ IKE_TRANSFORM_TYPE_ADDKE6
Additional Key Exchange 6.
Definition: ike.h:919
_IkeSaEntry::sharedSecretLen
size_t sharedSecretLen
Length of the shared secret, in bytes.
Definition: ike.h:1827
_IkeSaEntry::keyMaterial
uint8_t keyMaterial[IKE_MAX_SA_KEY_MAT_LEN]
Keying material.
Definition: ike.h:1828
reserved1
uint8_t reserved1
Definition: ike.h:1479
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1124
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
Definition: ike.h:1156
IKE_TRANSFORM_ID_AUTH_DES_MAC
@ IKE_TRANSFORM_ID_AUTH_DES_MAC
Definition: ike.h:996
IKE_SA_STATE_CREATE_CHILD_RESP
@ IKE_SA_STATE_CREATE_CHILD_RESP
Definition: ike.h:1332
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
2048-bit MODP Group with 256-bit Prime Order Subgroup
Definition: ike.h:1031
IKE_SA_STATE_DPD_RESP
@ IKE_SA_STATE_DPD_RESP
Definition: ike.h:1326
IKE_TRANSFORM_ID_DH_GROUP_ECP_256
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_256
256-bit Random ECP Group
Definition: ike.h:1026
type
uint8_t type
Definition: ike.h:1708
certData
uint8_t certData[]
Definition: ike.h:1534
OsTaskId
thread_t * OsTaskId
Task identifier.
Definition: os_port_chibios.h:108
IKE_CERT_TYPE_ECDSA_P521
@ IKE_CERT_TYPE_ECDSA_P521
Definition: ike.h:1385
IKE_NOTIFY_MSG_TYPE_TICKET_ACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_ACK
Definition: ike.h:1199
_IkeSaEntry::skpi
const uint8_t * skpi
Key used for generating AUTH payload (initiator)
Definition: ike.h:1834
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
Definition: ike.h:1194
IKE_EXCHANGE_TYPE_GSA_REKEY
@ IKE_EXCHANGE_TYPE_GSA_REKEY
GSA_REKEY.
Definition: ike.h:825
_IkeContext::prngContext
void * prngContext
Pseudo-random number generator context.
Definition: ike.h:1985
_IkeContext::running
bool_t running
Operational state of IKEv2.
Definition: ike.h:1978
IKE_EXCHANGE_TYPE_GSA_REGISTRATION
@ IKE_EXCHANGE_TYPE_GSA_REGISTRATION
GSA_REGISTRATION.
Definition: ike.h:824
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
Definition: ike.h:1192
IKE_PAYLOAD_TYPE_IDR
@ IKE_PAYLOAD_TYPE_IDR
Identification - Responder.
Definition: ike.h:854
IKE_PROTOCOL_ID_GIKE_UPDATE
@ IKE_PROTOCOL_ID_GIKE_UPDATE
GIKE_UPDATE.
Definition: ike.h:899
_IkeContext::taskId
OsTaskId taskId
Task identifier.
Definition: ike.h:1982
_IkeContext::numSaEntries
uint_t numSaEntries
Number of IKE SA entries.
Definition: ike.h:2010
_IkeSaEntry::prfCipherAlgo
const CipherAlgo * prfCipherAlgo
Cipher algorithm for CMAC-based PRF calculations.
Definition: ike.h:1843
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
Definition: ike.h:1229
vid
uint8_t vid[]
Definition: ike.h:1620
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
Definition: ike.h:1007
_IkeSaEntry::responderNonce
uint8_t responderNonce[IKE_MAX_NONCE_SIZE]
Definition: ike.h:1808
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
ML-KEM-512.
Definition: ike.h:1042
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
IKE_PAYLOAD_TYPE_D
@ IKE_PAYLOAD_TYPE_D
Delete.
Definition: ike.h:860
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
@ IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
Definition: ike.h:1205
IKE_NOTIFY_MSG_TYPE_COOKIE2
@ IKE_NOTIFY_MSG_TYPE_COOKIE2
Definition: ike.h:1189
authData
uint8_t authData[]
Definition: ike.h:1559
IKE_PAYLOAD_TYPE_SA
@ IKE_PAYLOAD_TYPE_SA
Security Association.
Definition: ike.h:851
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
Definition: ike.h:1167
IKE_TRANSFORM_TYPE_ADDKE4
@ IKE_TRANSFORM_TYPE_ADDKE4
Additional Key Exchange 4.
Definition: ike.h:917
_IkeSaEntry
IKE Security Association entry.
Definition: ike.h:1779
IKE_TRANSFORM_ID_AUTH_NONE
@ IKE_TRANSFORM_ID_AUTH_NONE
Definition: ike.h:993
_IkeChildSaEntry::remoteIpAddr
IpAddr remoteIpAddr
IP address of the peer.
Definition: ike.h:1894
IkeEapPayload
IkeEapPayload
Definition: ike.h:1696
IkeSettings::saEntries
IkeSaEntry * saEntries
IKE SA entries.
Definition: ike.h:1952
_IkeSaEntry::responderSpi
uint8_t responderSpi[IKE_SPI_SIZE]
Responder SPI.
Definition: ike.h:1804
nonceData
uint8_t nonceData[]
Definition: ike.h:1581
IKE_FLAGS_V
@ IKE_FLAGS_V
Version flag.
Definition: ike.h:839
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
@ IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
Definition: ike.h:1213
IkeTransformIdPrf
IkeTransformIdPrf
Transform IDs (Pseudorandom Function)
Definition: ike.h:973
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
384-bit Brainpool ECP Group
Definition: ike.h:1036
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
@ IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
Definition: ike.h:1149
IKE_CERT_ENCODING_KERBEROS_TOKEN
@ IKE_CERT_ENCODING_KERBEROS_TOKEN
Kerberos token.
Definition: ike.h:1109
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
Definition: ike.h:1210
IkeFlags
IkeFlags
Flags.
Definition: ike.h:837
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
Definition: ike.h:1187
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
Definition: ike.h:1148
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
Definition: ike.h:1162
IkeTransformIdAuth
IkeTransformIdAuth
Transform IDs (Integrity Algorithm)
Definition: ike.h:992
IKE_TRANSFORM_ID_DH_GROUP_ECP_521
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_521
521-bit Random ECP Group
Definition: ike.h:1028
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
Definition: ike.h:1220
IkeChildSaEntry
#define IkeChildSaEntry
Definition: ike.h:804
totalFrags
uint16_t totalFrags
Definition: ike.h:1721
IkeTsParams::endPort
uint16_t endPort
Definition: ike.h:1770
IKE_AUTH_METHOD_ECDSA_P384_SHA384
@ IKE_AUTH_METHOD_ECDSA_P384_SHA384
ECDSA with SHA-384 on the P-384 curve.
Definition: ike.h:1132
_IkeChildSaEntry::remoteSpi
uint8_t remoteSpi[4]
Responder SPI.
Definition: ike.h:1901
IkeTransformAttrType
IkeTransformAttrType
Transform attribute types.
Definition: ike.h:1075
IKE_TRANSFORM_ID_ENCR_RC5
@ IKE_TRANSFORM_ID_ENCR_RC5
Definition: ike.h:936
IKE_HASH_ALGO_SHA384
@ IKE_HASH_ALGO_SHA384
Definition: ike.h:1365
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
Definition: ike.h:1185
_IkeChildSaEntry::initiatorNonceLen
size_t initiatorNonceLen
Length of the initiator nonce.
Definition: ike.h:1904
IKE_HASH_ALGO_IDENTITY
@ IKE_HASH_ALGO_IDENTITY
Definition: ike.h:1367
IkeTransformIdEsn
IkeTransformIdEsn
Transform IDs (Extended Sequence Numbers)
Definition: ike.h:1053
IKE_PAYLOAD_TYPE_N
@ IKE_PAYLOAD_TYPE_N
Notify.
Definition: ike.h:859
IKE_CHILD_SA_STATE_RESERVED
@ IKE_CHILD_SA_STATE_RESERVED
Definition: ike.h:1349
IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_DNS_DOMAIN
Definition: ike.h:1304
_IkeContext::numChildSaEntries
uint_t numChildSaEntries
Number of Child SA entries.
Definition: ike.h:2012
_IkeSaEntry::dhGroupNum
uint16_t dhGroupNum
Diffie-Hellman group number.
Definition: ike.h:1823
IKE_CONFIG_ATTR_TYPE_TIMEOUT_PERIOD_FOR_LIVENESS_CHECK
@ IKE_CONFIG_ATTR_TYPE_TIMEOUT_PERIOD_FOR_LIVENESS_CHECK
Definition: ike.h:1303
_IkeContext::pskLen
size_t pskLen
Length of the pre-shared key, in bytes.
Definition: ike.h:1997
EcdhContext
ECDH context.
Definition: ecdh.h:60
nonce
uint8_t nonce[]
Definition: ntp_common.h:239
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
256-bit Brainpool ECP Group
Definition: ike.h:1035
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
Definition: ike.h:981
IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
6144-bit MODP Group
Definition: ike.h:1024
_IkeSaEntry::retransmitCount
uint_t retransmitCount
Definition: ike.h:1797
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP4_DHCP
Definition: ike.h:1287
_IkeChildSaEntry::skar
const uint8_t * skar
Integrity protection key (responder)
Definition: ike.h:1915
IKE_TS_TYPE_IPV6_ADDR_RANGE
@ IKE_TS_TYPE_IPV6_ADDR_RANGE
TS_IPV6_ADDR_RANGE.
Definition: ike.h:1245
IkeConfigType
IkeConfigType
Configuration types.
Definition: ike.h:1269
IKE_ID_TYPE_FQDN
@ IKE_ID_TYPE_FQDN
Definition: ike.h:1088
selectorLength
uint16_t selectorLength
Definition: ike.h:1645
IkeTsType
IkeTsType
Traffic selector types.
Definition: ike.h:1243
IkeSaPayload
IkeSaPayload
Definition: ike.h:1452
IKE_SA_STATE_DELETE_CHILD_REQ
@ IKE_SA_STATE_DELETE_CHILD_REQ
Definition: ike.h:1335
IKE_CERT_ENCODING_RAW_PUBLIC_KEY
@ IKE_CERT_ENCODING_RAW_PUBLIC_KEY
Raw Public Key.
Definition: ike.h:1118
IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP
@ IKE_CONFIG_ATTR_TYPE_INTERNAL_IP6_DHCP
Definition: ike.h:1291
IKE_PAYLOAD_TYPE_GSA
@ IKE_PAYLOAD_TYPE_GSA
Group Security Association.
Definition: ike.h:869
IKE_PAYLOAD_TYPE_GSPM
@ IKE_PAYLOAD_TYPE_GSPM
Generic Secure Password Method.
Definition: ike.h:867
IKE_PAYLOAD_TYPE_TSR
@ IKE_PAYLOAD_TYPE_TSR
Traffic Selector - Responder.
Definition: ike.h:863
ikeDeleteChildSa
error_t ikeDeleteChildSa(IkeChildSaEntry *childSa)
Delete a Child SA.
Definition: ike.c:687
_IkeChildSaEntry::state
IkeChildSaState state
Child SA state.
Definition: ike.h:1890
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
@ IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
Definition: ike.h:1150
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
Definition: ike.h:955
IKE_CHILD_SA_STATE_OPEN
@ IKE_CHILD_SA_STATE_OPEN
Definition: ike.h:1351
IKE_TRANSFORM_ID_ENCR_AES_CCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8
Definition: ike.h:945
IKE_CERT_TYPE_ECDSA_P256
@ IKE_CERT_TYPE_ECDSA_P256
Definition: ike.h:1383
IKE_TRANSFORM_TYPE_INTEG
@ IKE_TRANSFORM_TYPE_INTEG
Integrity Algorithm.
Definition: ike.h:911