ike_debug.c
Go to the documentation of this file.
1 /**
2  * @file ike_debug.c
3  * @brief Data logging functions for debugging purpose (IKEv2)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL IKE_TRACE_LEVEL
33 
34 //Dependencies
35 #include "ike/ike.h"
36 #include "ike/ike_debug.h"
37 #include "debug.h"
38 
39 //Check IKEv2 library configuration
40 #if (IKE_SUPPORT == ENABLED && IKE_TRACE_LEVEL >= TRACE_LEVEL_DEBUG)
41 
42 //Exchange types
43 static const IkeParamName ikeExchangeTypeList[] =
44 {
45  {IKE_EXCHANGE_TYPE_IKE_SA_INIT, "IKE_SA_INIT"},
46  {IKE_EXCHANGE_TYPE_IKE_AUTH, "IKE_AUTH"},
47  {IKE_EXCHANGE_TYPE_CREATE_CHILD_SA, "CREATE_CHILD_SA"},
48  {IKE_EXCHANGE_TYPE_INFORMATIONAL, "INFORMATIONAL"},
49  {IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME, "IKE_SESSION_RESUME"},
50  {IKE_EXCHANGE_TYPE_GSA_AUTH, "GSA_AUTH"},
51  {IKE_EXCHANGE_TYPE_GSA_REGISTRATION, "GSA_REGISTRATION"},
52  {IKE_EXCHANGE_TYPE_GSA_REKEY, "GSA_REKEY"},
53  {IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY, "GSA_INBAND_REKEY"},
54  {IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE, "IKE_INTERMEDIATE"},
55  {IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE, "IKE_FOLLOWUP_KE"}
56 };
57 
58 //Payload types
59 static const IkeParamName ikePayloadList[] =
60 {
61  {IKE_PAYLOAD_TYPE_LAST, "No Next Payload"},
62  {IKE_PAYLOAD_TYPE_SA, "Security Association"},
63  {IKE_PAYLOAD_TYPE_KE, "Key Exchange"},
64  {IKE_PAYLOAD_TYPE_IDI, "Identification - Initiator"},
65  {IKE_PAYLOAD_TYPE_IDR, "Identification - Responder"},
66  {IKE_PAYLOAD_TYPE_CERT, "Certificate"},
67  {IKE_PAYLOAD_TYPE_CERTREQ, "Certificate Request"},
68  {IKE_PAYLOAD_TYPE_AUTH, "Authentication"},
69  {IKE_PAYLOAD_TYPE_NONCE, "Nonce"},
70  {IKE_PAYLOAD_TYPE_N, "Notify"},
71  {IKE_PAYLOAD_TYPE_D, "Delete"},
72  {IKE_PAYLOAD_TYPE_V, "Vendor ID"},
73  {IKE_PAYLOAD_TYPE_TSI, "Traffic Selector - Initiator"},
74  {IKE_PAYLOAD_TYPE_TSR, "Traffic Selector - Responder"},
75  {IKE_PAYLOAD_TYPE_SK, "Encrypted and Authenticated"},
76  {IKE_PAYLOAD_TYPE_CP, "Configuration"},
77  {IKE_PAYLOAD_TYPE_EAP, "Extensible Authentication"},
78  {IKE_PAYLOAD_TYPE_GSPM, "Generic Secure Password Method"},
79  {IKE_PAYLOAD_TYPE_IDG, "Group Identification"},
80  {IKE_PAYLOAD_TYPE_GSA, "Group Security Association"},
81  {IKE_PAYLOAD_TYPE_KD, "Key Download"},
82  {IKE_PAYLOAD_TYPE_SKF, "Encrypted and Authenticated Fragment"},
83  {IKE_PAYLOAD_TYPE_PS, "Puzzle Solution"}
84 };
85 
86 //Last Substruc values
87 static const IkeParamName ikeLastSubstrucList[] =
88 {
89  {IKE_LAST_SUBSTRUC_LAST, "Last"},
90  {IKE_LAST_SUBSTRUC_MORE_PROPOSALS, "More Proposals"},
91  {IKE_LAST_SUBSTRUC_MORE_TRANSFORMS, "More Transforms"}
92 };
93 
94 //Protocol IDs
95 static const IkeParamName ikeProtocolIdList[] =
96 {
97  {IKE_PROTOCOL_ID_IKE, "IKE"},
98  {IKE_PROTOCOL_ID_AH, "AH"},
99  {IKE_PROTOCOL_ID_ESP, "ESP"},
100  {IKE_PROTOCOL_ID_FC_ESP_HEADER, "FC_ESP_HEADER"},
101  {IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION, "FC_CT_AUTHENTICATION"},
102  {IKE_PROTOCOL_ID_GIKE_UPDATE, "GIKE_UPDATE"}
103 };
104 
105 //Transform types
106 static const IkeParamName ikeTransformTypeList[] =
107 {
108  {IKE_TRANSFORM_TYPE_ENCR, "Encryption Algorithm"},
109  {IKE_TRANSFORM_TYPE_PRF, "Pseudorandom Function"},
110  {IKE_TRANSFORM_TYPE_INTEG, "Integrity Algorithm"},
111  {IKE_TRANSFORM_TYPE_DH, "Diffie-Hellman Group"},
112  {IKE_TRANSFORM_TYPE_ESN, "Extended Sequence Numbers"},
113  {IKE_TRANSFORM_TYPE_ADDKE1, "Additional Key Exchange 1"},
114  {IKE_TRANSFORM_TYPE_ADDKE2, "Additional Key Exchange 2"},
115  {IKE_TRANSFORM_TYPE_ADDKE3, "Additional Key Exchange 3"},
116  {IKE_TRANSFORM_TYPE_ADDKE4, "Additional Key Exchange 4"},
117  {IKE_TRANSFORM_TYPE_ADDKE5, "Additional Key Exchange 5"},
118  {IKE_TRANSFORM_TYPE_ADDKE6, "Additional Key Exchange 6"},
119  {IKE_TRANSFORM_TYPE_ADDKE7, "Additional Key Exchange 7"},
120  {IKE_TRANSFORM_TYPE_KWA, "Key Wrap Algorithm"},
121  {IKE_TRANSFORM_TYPE_GCAUTH, "Group Controller Authentication Method"}
122 };
123 
124 //Encryption algorithms
125 static const IkeParamName ikeEncrAlgoList[] =
126 {
127  {IKE_TRANSFORM_ID_ENCR_DES_IV64, "ENCR_DES_IV64"},
128  {IKE_TRANSFORM_ID_ENCR_DES, "ENCR_DES"},
129  {IKE_TRANSFORM_ID_ENCR_3DES, "ENCR_3DES"},
130  {IKE_TRANSFORM_ID_ENCR_RC5, "ENCR_RC5"},
131  {IKE_TRANSFORM_ID_ENCR_IDEA, "ENCR_IDEA"},
132  {IKE_TRANSFORM_ID_ENCR_CAST, "ENCR_CAST"},
133  {IKE_TRANSFORM_ID_ENCR_BLOWFISH, "ENCR_BLOWFISH"},
134  {IKE_TRANSFORM_ID_ENCR_3IDEA, "ENCR_3IDEA"},
135  {IKE_TRANSFORM_ID_ENCR_DES_IV32, "ENCR_DES_IV32"},
136  {IKE_TRANSFORM_ID_ENCR_NULL, "ENCR_NULL"},
137  {IKE_TRANSFORM_ID_ENCR_AES_CBC, "ENCR_AES_CBC"},
138  {IKE_TRANSFORM_ID_ENCR_AES_CTR, "ENCR_AES_CTR"},
139  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8, "ENCR_AES_CCM_8"},
140  {IKE_TRANSFORM_ID_ENCR_AES_CCM_12, "ENCR_AES_CCM_12"},
141  {IKE_TRANSFORM_ID_ENCR_AES_CCM_16, "ENCR_AES_CCM_16"},
142  {IKE_TRANSFORM_ID_ENCR_AES_GCM_8, "ENCR_AES_GCM_8"},
143  {IKE_TRANSFORM_ID_ENCR_AES_GCM_12, "ENCR_AES_GCM_12"},
144  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16, "ENCR_AES_GCM_16"},
145  {IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC, "ENCR_NULL_AUTH_AES_GMAC"},
146  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC, "ENCR_CAMELLIA_CBC"},
147  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR, "ENCR_CAMELLIA_CTR"},
148  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8, "ENCR_CAMELLIA_CCM_8"},
149  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12, "ENCR_CAMELLIA_CCM_12"},
150  {IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16, "ENCR_CAMELLIA_CCM_16"},
151  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305, "ENCR_CHACHA20_POLY1305"},
152  {IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV, "ENCR_AES_CCM_8_IIV"},
153  {IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV, "ENCR_AES_GCM_16_IIV"},
154  {IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV, "ENCR_CHACHA20_POLY1305_IIV"},
155  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE, "ENCR_KUZNYECHIK_MGM_KTREE"},
156  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE, "ENCR_MAGMA_MGM_KTREE"},
157  {IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE, "ENCR_KUZNYECHIK_MGM_MAC_KTREE"},
158  {IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE, "ENCR_MAGMA_MGM_MAC_KTREE"},
159 };
160 
161 //Pseudorandom functions
162 static const IkeParamName ikePrfAlgoList[] =
163 {
164  {IKE_TRANSFORM_ID_PRF_HMAC_MD5, "PRF_HMAC_MD5"},
165  {IKE_TRANSFORM_ID_PRF_HMAC_SHA1, "PRF_HMAC_SHA1"},
166  {IKE_TRANSFORM_ID_PRF_HMAC_TIGER, "PRF_HMAC_TIGER"},
167  {IKE_TRANSFORM_ID_PRF_AES128_XCBC, "PRF_AES128_XCBC"},
168  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256, "PRF_HMAC_SHA2_256"},
169  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384, "PRF_HMAC_SHA2_384"},
170  {IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512, "PRF_HMAC_SHA2_512"},
171  {IKE_TRANSFORM_ID_PRF_AES128_CMAC, "PRF_AES128_CMAC"},
172  {IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512, "PRF_HMAC_STREEBOG_512"},
173 };
174 
175 //Integrity algorithms
176 static const IkeParamName ikeAuthAlgoList[] =
177 {
178  {IKE_TRANSFORM_ID_AUTH_NONE, "AUTH_NONE"},
179  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96, "AUTH_HMAC_MD5_96"},
180  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96"},
181  {IKE_TRANSFORM_ID_AUTH_DES_MAC, "AUTH_DES_MAC"},
182  {IKE_TRANSFORM_ID_AUTH_KPDK_MD5, "AUTH_KPDK_MD5"},
183  {IKE_TRANSFORM_ID_AUTH_AES_XCBC_96, "AUTH_AES_XCBC_96"},
184  {IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128, "AUTH_HMAC_MD5_128"},
185  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160, "AUTH_HMAC_SHA1_160"},
186  {IKE_TRANSFORM_ID_AUTH_AES_CMAC_96, "AUTH_AES_CMAC_96"},
187  {IKE_TRANSFORM_ID_AUTH_AES_128_GMAC, "AUTH_AES_128_GMAC"},
188  {IKE_TRANSFORM_ID_AUTH_AES_192_GMAC, "AUTH_AES_192_GMAC"},
189  {IKE_TRANSFORM_ID_AUTH_AES_256_GMAC, "AUTH_AES_256_GMAC"},
190  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128, "AUTH_HMAC_SHA2_256_128"},
191  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192, "AUTH_HMAC_SHA2_384_192"},
192  {IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256, "AUTH_HMAC_SHA2_512_256"},
193 };
194 
195 //Diffie-Hellman groups
196 static const IkeParamName ikeDhGroupList[] =
197 {
198  {IKE_TRANSFORM_ID_DH_GROUP_NONE, "None"},
199  {IKE_TRANSFORM_ID_DH_GROUP_MODP_768, "768-bit MODP Group"},
200  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024, "1024-bit MODP Group"},
201  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1536, "1536-bit MODP Group"},
202  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048, "2048-bit MODP Group"},
203  {IKE_TRANSFORM_ID_DH_GROUP_MODP_3072, "3072-bit MODP group"},
204  {IKE_TRANSFORM_ID_DH_GROUP_MODP_4096, "4096-bit MODP Group"},
205  {IKE_TRANSFORM_ID_DH_GROUP_MODP_6144, "6144-bit MODP Group"},
206  {IKE_TRANSFORM_ID_DH_GROUP_MODP_8192, "8192-bit MODP Group"},
207  {IKE_TRANSFORM_ID_DH_GROUP_ECP_256, "256-bit random ECP Group"},
208  {IKE_TRANSFORM_ID_DH_GROUP_ECP_384, "384-bit random ECP Group"},
209  {IKE_TRANSFORM_ID_DH_GROUP_ECP_521, "521-bit random ECP Group"},
210  {IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160, "1024-bit MODP Group with 160-bit Prime Order Subgroup"},
211  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224, "2048-bit MODP Group with 224-bit Prime Order Subgroup"},
212  {IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256, "2048-bit MODP Group with 256-bit Prime Order Subgroup"},
213  {IKE_TRANSFORM_ID_DH_GROUP_ECP_192, "192-bit Random ECP Group"},
214  {IKE_TRANSFORM_ID_DH_GROUP_ECP_224, "224-bit Random ECP Group"},
215  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1, "brainpoolP224r1"},
216  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1, "brainpoolP256r1"},
217  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1, "brainpoolP384r1"},
218  {IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1, "brainpoolP512r1"},
219  {IKE_TRANSFORM_ID_DH_GROUP_CURVE25519, "curve25519"},
220  {IKE_TRANSFORM_ID_DH_GROUP_CURVE448, "curve448"},
221  {IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256, "GOST3410_2012_256"},
222  {IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512, "GOST3410_2012_512"},
223  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512, "ML-KEM-512"},
224  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768, "ML-KEM-768"},
225  {IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024, "ML-KEM-1024"},
226 };
227 
228 //Extended sequence numbers
229 static const IkeParamName ikeEsnList[] =
230 {
231  {IKE_TRANSFORM_ID_ESN_NO, "No ESNs"},
232  {IKE_TRANSFORM_ID_ESN_YES, "ESNs"}
233 };
234 
235 //Transform attribute formats
236 static const IkeParamName ikeAttrFormatList[] =
237 {
238  {IKE_ATTR_FORMAT_TLV, "TLV"},
239  {IKE_ATTR_FORMAT_TV, "TV"}
240 };
241 
242 //Transform attribute types
243 static const IkeParamName ikeAttrTypeList[] =
244 {
245  {IKE_TRANSFORM_ATTR_TYPE_KEY_LEN, "Key Length"},
246 };
247 
248 //ID types
249 static const IkeParamName ikeIdTypeList[] =
250 {
251  {IKE_ID_TYPE_IPV4_ADDR, "ID_IPV4_ADDR"},
252  {IKE_ID_TYPE_FQDN, "ID_FQDN"},
253  {IKE_ID_TYPE_RFC822_ADDR, "ID_RFC822_ADDR"},
254  {IKE_ID_TYPE_IPV6_ADDR, "ID_IPV6_ADDR"},
255  {IKE_ID_TYPE_DER_ASN1_DN, "ID_DER_ASN1_DN"},
256  {IKE_ID_TYPE_DER_ASN1_GN, "ID_DER_ASN1_GN"},
257  {IKE_ID_TYPE_KEY_ID, "ID_KEY_ID"},
258  {IKE_ID_TYPE_FC_NAME, "ID_FC_NAME"},
259  {IKE_ID_TYPE_NULL, "ID_NULL"}
260 };
261 
262 //Certificate encoding
263 static const IkeParamName ikeCertEncodingList[] =
264 {
265  {IKE_CERT_ENCODING_PKCS7_X509_CERT, "PKCS #7 wrapped X.509 certificate"},
266  {IKE_CERT_ENCODING_PGP_CERT, "PGP certificate"},
267  {IKE_CERT_ENCODING_DNS_SIGNED_KEY, "DNS signed key"},
268  {IKE_CERT_ENCODING_X509_CERT_SIGN, "X.509 certificate - signature"},
269  {IKE_CERT_ENCODING_KERBEROS_TOKEN, "Kerberos token"},
270  {IKE_CERT_ENCODING_CRL, "Certificate revocation list"},
271  {IKE_CERT_ENCODING_ARL, "Authority revocation list"},
272  {IKE_CERT_ENCODING_SPKI_CERT, "SPKI certificate"},
273  {IKE_CERT_ENCODING_X509_CERT_ATTR, "X.509 certificate - attribute"},
274  {IKE_CERT_ENCODING_RAW_RSA_KEY, "Raw RSA key"},
275  {IKE_CERT_ENCODING_HASH_URL_X509_CERT, "Hash and URL of X.509 certificate"},
276  {IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE, "Hash and URL of X.509 bundle"},
277  {IKE_CERT_ENCODING_OCSP_CONTENT, "OCSP Content"},
278  {IKE_CERT_ENCODING_RAW_PUBLIC_KEY, "Raw Public Key"}
279 };
280 
281 //Authentication methods
282 static const IkeParamName ikeAuthMethodList[] =
283 {
284  {IKE_AUTH_METHOD_RSA, "RSA Digital Signature"},
285  {IKE_AUTH_METHOD_SHARED_KEY, "Shared Key Message Integrity Code"},
286  {IKE_AUTH_METHOD_DSS, "DSS Digital Signature"},
287  {IKE_AUTH_METHOD_ECDSA_P256_SHA256, "ECDSA with SHA-256 on the P-256 curve"},
288  {IKE_AUTH_METHOD_ECDSA_P384_SHA384, "ECDSA with SHA-384 on the P-384 curve"},
289  {IKE_AUTH_METHOD_ECDSA_P521_SHA512, "ECDSA with SHA-512 on the P-521 curve"},
290  {IKE_AUTH_METHOD_GSPAM, "Generic Secure Password Authentication Method"},
291  {IKE_AUTH_METHOD_NULL, "NULL Authentication"},
292  {IKE_AUTH_METHOD_DIGITAL_SIGN, "Digital Signature"}
293 };
294 
295 //Notify message types
296 static const IkeParamName ikeNotifyMsgTypeList[] =
297 {
298  {IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD, "UNSUPPORTED_CRITICAL_PAYLOAD"},
299  {IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI, "INVALID_IKE_SPI"},
300  {IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION, "INVALID_MAJOR_VERSION"},
301  {IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX, "INVALID_SYNTAX"},
302  {IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID, "INVALID_MESSAGE_ID"},
303  {IKE_NOTIFY_MSG_TYPE_INVALID_SPI, "INVALID_SPI"},
304  {IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN, "NO_PROPOSAL_CHOSEN"},
305  {IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD, "INVALID_KE_PAYLOAD"},
306  {IKE_NOTIFY_MSG_TYPE_AUTH_FAILED, "AUTHENTICATION_FAILED"},
307  {IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED, "SINGLE_PAIR_REQUIRED"},
308  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS, "NO_ADDITIONAL_SAS"},
309  {IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE, "INTERNAL_ADDRESS_FAILURE"},
310  {IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED, "FAILED_CP_REQUIRED"},
311  {IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE, "TS_UNACCEPTABLE"},
312  {IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS, "INVALID_SELECTORS"},
313  {IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES, "UNACCEPTABLE_ADDRESSES"},
314  {IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED, "UNEXPECTED_NAT_DETECTED"},
315  {IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA, "USE_ASSIGNED_HOA"},
316  {IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE, "TEMPORARY_FAILURE"},
317  {IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND, "CHILD_SA_NOT_FOUND"},
318  {IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID, "INVALID_GROUP_ID"},
319  {IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED, "AUTHORIZATION_FAILED"},
320  {IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND, "STATE_NOT_FOUND"},
321  {IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE, "TS_MAX_QUEUE"},
322  {IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED, "REGISTRATION_FAILED"},
323  {IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT, "INITIAL_CONTACT"},
324  {IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE, "SET_WINDOW_SIZE"},
325  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE, "ADDITIONAL_TS_POSSIBLE"},
326  {IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED, "IPCOMP_SUPPORTED"},
327  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP, "NAT_DETECTION_SOURCE_IP"},
328  {IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP, "NAT_DETECTION_DESTINATION_IP"},
329  {IKE_NOTIFY_MSG_TYPE_COOKIE, "COOKIE"},
330  {IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE, "USE_TRANSPORT_MODE"},
331  {IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED, "HTTP_CERT_LOOKUP_SUPPORTED"},
332  {IKE_NOTIFY_MSG_TYPE_REKEY_SA, "REKEY_SA"},
333  {IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED, "ESP_TFC_PADDING_NOT_SUPPORTED"},
334  {IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO, "NON_FIRST_FRAGMENTS_ALSO"},
335  {IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED, "MOBIKE_SUPPORTED"},
336  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS, "ADDITIONAL_IP4_ADDRESS"},
337  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS, "ADDITIONAL_IP6_ADDRESS"},
338  {IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES, "NO_ADDITIONAL_ADDRESSES"},
339  {IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES, "UPDATE_SA_ADDRESSES"},
340  {IKE_NOTIFY_MSG_TYPE_COOKIE2, "COOKIE2"},
341  {IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED, "NO_NATS_ALLOWED"},
342  {IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME, "AUTH_LIFETIME"},
343  {IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED, "MULTIPLE_AUTH_SUPPORTED"},
344  {IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS, "ANOTHER_AUTH_FOLLOWS"},
345  {IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED, "REDIRECT_SUPPORTED"},
346  {IKE_NOTIFY_MSG_TYPE_REDIRECT, "REDIRECT"},
347  {IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM, "REDIRECTED_FROM"},
348  {IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE, "TICKET_LT_OPAQUE"},
349  {IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST, "TICKET_REQUEST"},
350  {IKE_NOTIFY_MSG_TYPE_TICKET_ACK, "TICKET_ACK"},
351  {IKE_NOTIFY_MSG_TYPE_TICKET_NACK, "TICKET_NACK"},
352  {IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE, "TICKET_OPAQUE"},
353  {IKE_NOTIFY_MSG_TYPE_LINK_ID, "LINK_ID"},
354  {IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE, "USE_WESP_MODE"},
355  {IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED, "ROHC_SUPPORTED"},
356  {IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION, "EAP_ONLY_AUTHENTICATION"},
357  {IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED, "CHILDLESS_IKEV2_SUPPORTED"},
358  {IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION, "QUICK_CRASH_DETECTION"},
359  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED"},
360  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED"},
361  {IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC, "IKEV2_MESSAGE_ID_SYNC"},
362  {IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC, "IPSEC_REPLAY_COUNTER_SYNC"},
363  {IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS, "SECURE_PASSWORD_METHODS"},
364  {IKE_NOTIFY_MSG_TYPE_PSK_PERSIST, "PSK_PERSIST"},
365  {IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM, "PSK_CONFIRM"},
366  {IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED, "ERX_SUPPORTED"},
367  {IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY, "IFOM_CAPABILITY"},
368  {IKE_NOTIFY_MSG_TYPE_GROUP_SENDER, "GROUP_SENDER"},
369  {IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED, "IKEV2_FRAGMENTATION_SUPPORTED"},
370  {IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS, "SIGNATURE_HASH_ALGORITHMS"},
371  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED, "CLONE_IKE_SA_SUPPORTED"},
372  {IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA, "CLONE_IKE_SA"},
373  {IKE_NOTIFY_MSG_TYPE_PUZZLE, "PUZZLE"},
374  {IKE_NOTIFY_MSG_TYPE_USE_PPK, "USE_PPK"},
375  {IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY, "PPK_IDENTITY"},
376  {IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH, "NO_PPK_AUTH"},
377  {IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED, "INTERMEDIATE_EXCHANGE_SUPPORTED"},
378  {IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED, "IP4_ALLOWED"},
379  {IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED, "IP6_ALLOWED"},
380  {IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE, "ADDITIONAL_KEY_EXCHANGE"},
381  {IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG, "USE_AGGFRAG"},
382  {IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS, "SUPPORTED_AUTH_METHODS"},
383  {IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO, "SA_RESOURCE_INFO"},
384  {IKE_NOTIFY_MSG_TYPE_USE_PPK_INT, "USE_PPK_INT"},
385  {IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY, "PPK_IDENTITY_KEY"}
386 };
387 
388 //Traffic selector types
389 static const IkeParamName ikeTsTypeList[] =
390 {
391  {IKE_TS_TYPE_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
392  {IKE_TS_TYPE_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"},
393  {IKE_TS_TYPE_FC_ADDR_RANGE, "TS_FC_ADDR_RANGE"},
394  {IKE_TS_TYPE_SECLABEL, "TS_SECLABEL"}
395 };
396 
397 //IP protocol IDs
398 static const IkeParamName ikeIpProtocolIdList[] =
399 {
400  {IKE_IP_PROTOCOL_ID_ICMP, "ICMP"},
401  {IKE_IP_PROTOCOL_ID_TCP, "TCP"},
402  {IKE_IP_PROTOCOL_ID_UDP, "UDP"},
403  {IKE_IP_PROTOCOL_ID_ICMPV6, "ICMPv6"},
404 };
405 
406 
407 /**
408  * @brief Dump IKE message
409  * @param[in] message Pointer to the IKE message to dump
410  * @param[in] length Length of the IKE message, in bytes
411  **/
412 
413 void ikeDumpMessage(const uint8_t *message, size_t length)
414 {
415  const IkeHeader *header;
416 
417  //Check the length of the IKE message
418  if(length < sizeof(IkeHeader))
419  return;
420 
421  //Each message begins with the IKE header
422  header = (IkeHeader *) message;
423 
424  //Dump IKE header
425  ikeDumpHeader(header);
426 
427  //Determine the length of the IKE payloads
428  length -= sizeof(IkeHeader);
429 
430  //The Next Payload field indicates the type of payload that immediately
431  //follows the header
432  ikeDumpPayloads(message + sizeof(IkeHeader), length, header->nextPayload);
433 }
434 
435 
436 /**
437  * @brief Dump IKE header
438  * @param[in] header Pointer to the IKE header to dump
439  **/
440 
441 void ikeDumpHeader(const IkeHeader *header)
442 {
443  const char_t *nextPayloadName;
444  const char_t *exchangeTypeName;
445 
446  //Convert the Next Payload field to string representation
447  nextPayloadName = ikeGetParamName(header->nextPayload,
448  ikePayloadList, arraysize(ikePayloadList));
449 
450  //Convert the Exchange Type field to string representation
451  exchangeTypeName = ikeGetParamName(header->exchangeType,
452  ikeExchangeTypeList, arraysize(ikeExchangeTypeList));
453 
454  //Dump IKE header
455  TRACE_DEBUG_ARRAY(" Initiator SPI = ", header->initiatorSpi, IKE_SPI_SIZE);
456  TRACE_DEBUG_ARRAY(" Responder SPI = ", header->responderSpi, IKE_SPI_SIZE);
457  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
458  TRACE_DEBUG(" Major Version = %" PRIu8 "\r\n", header->majorVersion);
459  TRACE_DEBUG(" Minor Version = %" PRIu8 "\r\n", header->minorVersion);
460  TRACE_DEBUG(" Exchange Type = %" PRIu8 " (%s)\r\n", header->exchangeType, exchangeTypeName);
461  ikeDumpFlags(header->flags);
462  TRACE_DEBUG(" Message ID = %" PRIu32 "\r\n", ntohl(header->messageId));
463  TRACE_DEBUG(" Length = %" PRIu32 "\r\n", ntohl(header->length));
464 }
465 
466 
467 /**
468  * @brief Dump flags
469  * @param[in] flags specific options that are set for the IKE message
470  **/
471 
472 void ikeDumpFlags(uint8_t flags)
473 {
474  uint8_t r;
475  uint8_t v;
476  uint8_t i;
477 
478  //The R bit indicates that this message is a response to a message containing
479  //the same Message ID
480  r = (flags & IKE_FLAGS_R) ? 1 : 0;
481 
482  //The V bit indicates that the transmitter is capable of speaking a higher
483  //major version number of the protocol than the one indicated in the major
484  //version number field
485  v = (flags & IKE_FLAGS_V) ? 1 : 0;
486 
487  //The I bit must be set in messages sent by the original initiator of the
488  //IKE SA and must be cleared in messages sent by the original responder
489  i = (flags & IKE_FLAGS_I) ? 1 : 0;
490 
491  //Check whether any flag is set
492  if(r != 0 || v != 0 || i != 0)
493  {
494  //Dump the value of the Flags field
495  TRACE_DEBUG(" Flags = 0x%02" PRIX8 " (", flags);
496 
497  //Dump flags
498  while(1)
499  {
500  if(r != 0)
501  {
502  TRACE_DEBUG("Response");
503  r = FALSE;
504  }
505  else if(v != 0)
506  {
507  TRACE_DEBUG("Version");
508  v = FALSE;
509  }
510  else if(i != 0)
511  {
512  TRACE_DEBUG("Initiator");
513  i = FALSE;
514  }
515  else
516  {
517  }
518 
519  if(r != 0 || v != 0 || i != 0)
520  {
521  TRACE_DEBUG(", ");
522  }
523  else
524  {
525  TRACE_DEBUG(")\r\n");
526  break;
527  }
528  }
529  }
530  else
531  {
532  //Dump the value of the Flags field
533  TRACE_DEBUG(" Flags = 0x%02" PRIX8 "\r\n", flags);
534  }
535 }
536 
537 
538 /**
539  * @brief Dump IKE payloads
540  * @param[in] payloads Pointer to the IKE payloads to dump
541  * @param[in] length Length of the IKE payloads, in bytes
542  * @param[in] nextPayload Next payload type
543  **/
544 
545 void ikeDumpPayloads(const uint8_t *payloads, size_t length,
546  uint8_t nextPayload)
547 {
548  size_t n;
549  const char_t *payloadName;
550  const IkePayloadHeader *payload;
551 
552  //Following the header are one or more IKE payloads each identified by
553  //a Next Payload field in the preceding payload
554  while(nextPayload != IKE_PAYLOAD_TYPE_LAST &&
555  length >= sizeof(IkePayloadHeader))
556  {
557  //Retrieve the name of the current IKE payload
558  payloadName = ikeGetParamName(nextPayload, ikePayloadList,
559  arraysize(ikePayloadList));
560 
561  //Each IKE payload begins with a generic payload header
562  payload = (IkePayloadHeader *) payloads;
563 
564  //The Payload Length field indicates the length in octets of the current
565  //payload, including the generic payload header
566  n = ntohs(payload->payloadLength);
567 
568  //Display the name of the current IKE payload
569  TRACE_DEBUG(" %s Payload (%" PRIuSIZE " bytes)\r\n", payloadName, n);
570 
571  //Check the length of the IKE payload
572  if(n < sizeof(IkePayloadHeader) || n > length)
573  break;
574 
575  //Dump generic payload header
576  ikeDumpPayloadHeader(payload);
577 
578  //Check IKE payload type
579  if(nextPayload == IKE_PAYLOAD_TYPE_SA)
580  {
581  //Dump Security Association payload
582  ikeDumpSaPayload((IkeSaPayload *) payload, n);
583  }
584  else if(nextPayload == IKE_PAYLOAD_TYPE_KE)
585  {
586  //Dump Key Exchange payload
587  ikeDumpKePayload((IkeKePayload *) payload, n);
588  }
589  else if(nextPayload == IKE_PAYLOAD_TYPE_IDI ||
590  nextPayload == IKE_PAYLOAD_TYPE_IDR)
591  {
592  //Dump Identification payload
593  ikeDumpIdPayload((IkeIdPayload *) payload, n);
594  }
595  else if(nextPayload == IKE_PAYLOAD_TYPE_CERT)
596  {
597  //Dump Certificate
598  ikeDumpCertPayload((IkeCertPayload *) payload, n);
599  }
600  else if(nextPayload == IKE_PAYLOAD_TYPE_CERTREQ)
601  {
602  //Dump Certificate Request
603  ikeDumpCertReqPayload((IkeCertReqPayload *) payload, n);
604  }
605  else if(nextPayload == IKE_PAYLOAD_TYPE_AUTH)
606  {
607  //Dump Authentication payload
608  ikeDumpAuthPayload((IkeAuthPayload *) payload, n);
609  }
610  else if(nextPayload == IKE_PAYLOAD_TYPE_NONCE)
611  {
612  //Dump Nonce payload
613  ikeDumpNoncePayload((IkeNoncePayload *) payload, n);
614  }
615  else if(nextPayload == IKE_PAYLOAD_TYPE_N)
616  {
617  //Dump Notify payload
618  ikeDumpNotifyPayload((IkeNotifyPayload *) payload, n);
619  }
620  else if(nextPayload == IKE_PAYLOAD_TYPE_D)
621  {
622  //Dump Delete payload
623  ikeDumpDeletePayload((IkeDeletePayload *) payload, n);
624  }
625  else if(nextPayload == IKE_PAYLOAD_TYPE_TSI ||
626  nextPayload == IKE_PAYLOAD_TYPE_TSR)
627  {
628  //Dump Traffic Selector payload
629  ikeDumpTsPayload((IkeTsPayload *) payload, n);
630  }
631  else if(nextPayload == IKE_PAYLOAD_TYPE_SK)
632  {
633  //Dump Encrypted payload
634  ikeDumpEncryptedPayload((IkeEncryptedPayload *) payload, n);
635 
636  //The Encrypted payload, if present in a message, must be the last
637  //payload in the message (refer to RFC 7296, section 3.14)
638  break;
639  }
640  else if(nextPayload == IKE_PAYLOAD_TYPE_SKF)
641  {
642  //Dump Encrypted Fragment payload
643  ikeDumpEncryptedFragPayload((IkeEncryptedFragPayload *) payload, n);
644 
645  //As is the case for the Encrypted payload, the Encrypted Fragment
646  //payload, if present in a message, MUST be the last payload in the
647  //message (refer to RFC 7383, section 2.5)
648  break;
649  }
650  else
651  {
652  //Unknown IKE payload type
653  }
654 
655  //The Next Payload field indicates the payload type of the next payload
656  //in the message
657  nextPayload = payload->nextPayload;
658 
659  //Jump to the next IKE payload
660  payloads += n;
661  length -= n;
662  }
663 }
664 
665 
666 /**
667  * @brief Dump generic payload header
668  * @param[in] header Pointer to the generic payload header to dump
669  **/
670 
671 void ikeDumpPayloadHeader(const IkePayloadHeader *header)
672 {
673  const char_t *nextPayloadName;
674 
675  //Convert the Next Payload field to string representation
676  nextPayloadName = ikeGetParamName(header->nextPayload,
677  ikePayloadList, arraysize(ikePayloadList));
678 
679  //Dump generic payload header
680  TRACE_DEBUG(" Next Payload = %" PRIu8 " (%s)\r\n", header->nextPayload, nextPayloadName);
681  TRACE_DEBUG(" Critical = %" PRIu8 "\r\n", header->critical);
682  TRACE_DEBUG(" Payload Length = %" PRIu16 "\r\n", ntohs(header->payloadLength));
683 }
684 
685 
686 /**
687  * @brief Dump Security Association payload
688  * @param[in] payload Pointer to the payload to dump
689  * @param[in] length Length of the payload, in bytes
690  **/
691 
692 void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
693 {
694  size_t n;
695  const uint8_t *p;
696  const IkeProposal *proposal;
697 
698  //Check the length of the payload
699  if(length < sizeof(IkeSaPayload))
700  return;
701 
702  //Point to the first byte of the Proposals field
703  p = payload->proposals;
704  //Determine the length of the Proposals field
705  length -= sizeof(IkeSaPayload);
706 
707  //The Security Association payload contains one or more Proposal
708  //substructures
709  while(length >= sizeof(IkeProposal))
710  {
711  //Point to the Proposal substructure
712  proposal = (IkeProposal *) p;
713 
714  //The Proposal Length field indicates the length of this proposal,
715  //including all transforms and attributes that follow
716  n = ntohs(proposal->proposalLength);
717 
718  //Debug message
719  TRACE_DEBUG(" Proposal (%" PRIuSIZE " bytes)\r\n", n);
720 
721  //Check the length of the proposal
722  if(n < sizeof(IkeProposal) || n > length)
723  break;
724 
725  //Dump Proposal substructure
726  ikeDumpProposal(proposal, n);
727 
728  //Jump to the next proposal
729  p += n;
730  length -= n;
731  }
732 }
733 
734 
735 /**
736  * @brief Dump Proposal substructure
737  * @param[in] proposal Pointer to the Proposal substructure to dump
738  * @param[in] length Length of the proposal, in bytes
739  **/
740 
741 void ikeDumpProposal(const IkeProposal *proposal, size_t length)
742 {
743  uint_t i;
744  size_t n;
745  const uint8_t *p;
746  const char_t *lastSubstrucName;
747  const char_t *protocolIdName;
748  const IkeTransform *transform;
749 
750  //Check the length of the Proposal substructure
751  if(length < sizeof(IkeProposal))
752  return;
753 
754  //The Last Substruc field specifies whether or not this is the last
755  //Proposal Substructure in the SA
756  lastSubstrucName = ikeGetParamName(proposal->lastSubstruc,
757  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
758 
759  //The Protocol ID specifies the IPsec protocol identifier for the
760  //current negotiation
761  protocolIdName = ikeGetParamName(proposal->protocolId,
762  ikeProtocolIdList, arraysize(ikeProtocolIdList));
763 
764  //Dump Proposal substructure
765  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
766  proposal->lastSubstruc, lastSubstrucName);
767 
768  TRACE_DEBUG(" Proposal Length = %" PRIu16 "\r\n",
769  ntohs(proposal->proposalLength));
770 
771  TRACE_DEBUG(" Proposal Num = %" PRIu8 "\r\n", proposal->proposalNum);
772 
773  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
774  proposal->protocolId, protocolIdName);
775 
776  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", proposal->spiSize);
777  TRACE_DEBUG(" Num Transforms = %" PRIu8 "\r\n", proposal->numTransforms);
778 
779  //Malformed substructure?
780  if(length < (sizeof(IkeProposal) + proposal->spiSize))
781  return;
782 
783  //Dump SPI
784  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", proposal->spiSize);
785  TRACE_DEBUG_ARRAY(" ", proposal->spi, proposal->spiSize);
786 
787  //Point to the first byte of the Transforms field
788  p = (uint8_t *) proposal + sizeof(IkeProposal) + proposal->spiSize;
789  //Determine the length of the Transforms field
790  length -= sizeof(IkeProposal) + proposal->spiSize;
791 
792  //The Transforms field contains one or more Transform substructures
793  for(i = 1; i <= proposal->numTransforms; i++)
794  {
795  //Malformed substructure?
796  if(length < sizeof(IkeTransform))
797  break;
798 
799  //Point to the Transform substructure
800  transform = (IkeTransform *) p;
801 
802  //The Transform Length field indicates the length of the Transform
803  //substructure including header and attributes
804  n = ntohs(transform->transformLength);
805 
806  //Debug message
807  TRACE_DEBUG(" Transform %u (%" PRIuSIZE " bytes)\r\n", i, n);
808 
809  //Check the length of the transform
810  if(n < sizeof(IkeTransform) || n > length)
811  break;
812 
813  //Dump Transform substructure
814  ikeDumpTransform(transform, n);
815 
816  //Jump to the next transform
817  p += n;
818  length -= n;
819  }
820 }
821 
822 
823 /**
824  * @brief Dump Transform substructure
825  * @param[in] transform Pointer to the Transform substructure to dump
826  * @param[in] length Length of the transform, in bytes
827  **/
828 
829 void ikeDumpTransform(const IkeTransform *transform, size_t length)
830 {
831  error_t error;
832  uint_t i;
833  size_t n;
834  uint16_t transformId;
835  const uint8_t *p;
836  const char_t *lastSubstrucName;
837  const char_t *transformName;
838  const char_t *algoName;
839  const IkeTransformAttr *attr;
840 
841  //Check the length of the Transform substructure
842  if(length < sizeof(IkeTransform))
843  return;
844 
845  //The Last Substruc field specifies whether or not this is the last
846  //Proposal Substructure in the SA
847  lastSubstrucName = ikeGetParamName(transform->lastSubstruc,
848  ikeLastSubstrucList, arraysize(ikeLastSubstrucList));
849 
850  //Retrieve the type of transform being specified in this transform
851  transformName = ikeGetParamName(transform->transformType,
852  ikeTransformTypeList, arraysize(ikeTransformTypeList));
853 
854  //Dump Transform substructure
855  TRACE_DEBUG(" Last Substruc = %" PRIu8 " (%s)\r\n",
856  transform->lastSubstruc, lastSubstrucName);
857 
858  TRACE_DEBUG(" Transform Length = %" PRIu16 "\r\n",
859  ntohs(transform->transformLength));
860 
861  TRACE_DEBUG(" Transform Type = %" PRIu8 " (%s)\r\n",
862  transform->transformType, transformName);
863 
864  //Convert the Transform ID field to host byte order
865  transformId = ntohs(transform->transformId);
866 
867  //Check transform type
868  if(transform->transformType == IKE_TRANSFORM_TYPE_ENCR)
869  {
870  //Transform type 1 (encryption algorithm)
871  algoName = ikeGetParamName(transformId, ikeEncrAlgoList,
872  arraysize(ikeEncrAlgoList));
873  }
874  else if(transform->transformType == IKE_TRANSFORM_TYPE_PRF)
875  {
876  //Transform type 2 (pseudorandom functions)
877  algoName = ikeGetParamName(transformId, ikePrfAlgoList,
878  arraysize(ikePrfAlgoList));
879  }
880  else if(transform->transformType == IKE_TRANSFORM_TYPE_INTEG)
881  {
882  //Transform type 3 (integrity algorithm)
883  algoName = ikeGetParamName(transformId, ikeAuthAlgoList,
884  arraysize(ikeAuthAlgoList));
885  }
886  else if(transform->transformType == IKE_TRANSFORM_TYPE_DH)
887  {
888  //Transform type 4 (Diffie-Hellman group)
889  algoName = ikeGetParamName(transformId, ikeDhGroupList,
890  arraysize(ikeDhGroupList));
891  }
892  else if(transform->transformType == IKE_TRANSFORM_TYPE_ESN)
893  {
894  //Transform type 5 (extended sequence numbers)
895  algoName = ikeGetParamName(transformId, ikeEsnList,
896  arraysize(ikeEsnList));
897  }
898  else
899  {
900  //Unknown transform
901  algoName = "Unknown";
902  }
903 
904  //Dump Transform ID field
905  TRACE_DEBUG(" Transform ID = %" PRIu16 " (%s)\r\n",
906  transformId, algoName);
907 
908  //Point to the first byte of the Transform Attributes field
909  p = transform->transformAttr;
910  //Get the length of the Transform Attributes field
911  length -= sizeof(IkeTransform);
912 
913  //The Transform Attributes field contains one or more attributes
914  for(i = 1; ; i++)
915  {
916  //Malformed attribute?
917  if(length < sizeof(IkeTransformAttr))
918  break;
919 
920  //Point to the transform attribute
921  attr = (IkeTransformAttr *) p;
922 
923  //Debug message
924  TRACE_DEBUG(" Transform Attribute %u\r\n", i);
925 
926  //Dump transform attribute
927  error = ikeDumpTransformAttr(attr, length, &n);
928  //Any error to report?
929  if(error)
930  break;
931 
932  //Jump to the next attribute
933  p += n;
934  length -= n;
935  }
936 }
937 
938 
939 /**
940  * @brief Dump transform attribute
941  * @param[in] attr Pointer to the transform attribute to dump
942  * @param[in] length Number of bytes available in the input stream
943  * @param[out] consumed Total number of characters that have been consumed
944  * @return Error code
945  **/
946 
947 error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length,
948  size_t *consumed)
949 {
950  size_t n;
951  uint16_t attrFormat;
952  uint16_t attrType;
953  const char_t *attrFormatName;
954  const char_t *attrTypeName;
955 
956  //Malformed attribute?
957  if(length < sizeof(IkeTransformAttr))
958  return ERROR_INVALID_SYNTAX;
959 
960  //Retrieve the format of the attribute
961  attrFormat = (ntohs(attr->type) & 0x8000) >> 15;
962  //Retrieve the type of the attribute
963  attrType = ntohs(attr->type) & 0x7FFF;
964 
965  //The AF field indicates whether the data attribute follows the TLV
966  //format or a shortened TV format
967  attrFormatName = ikeGetParamName(ntohs(attr->type) & 0x8000,
968  ikeAttrFormatList, arraysize(ikeAttrFormatList));
969 
970  //The Attribute Type field is a unique identifier for each type of
971  //attribute
972  attrTypeName = ikeGetParamName(attrType, ikeAttrTypeList,
973  arraysize(ikeAttrTypeList));
974 
975  //Dump Transform Attribute
976  TRACE_DEBUG(" Attribute Format = %" PRIu16 " (%s)\r\n",
977  attrFormat, attrFormatName);
978 
979  TRACE_DEBUG(" Attribute Type = %" PRIu16 " (%s)\r\n",
980  attrType, attrTypeName);
981 
982  //Check the format of the attribute
983  if((ntohs(attr->type) & IKE_ATTR_FORMAT_TV) != 0)
984  {
985  //If the AF bit is set, then the attribute value has a fixed length
986  n = 0;
987 
988  //Dump attribute value
989  TRACE_DEBUG(" Attribute Value = %" PRIu16 "\r\n",
990  ntohs(attr->length));
991  }
992  else
993  {
994  //If the AF bit is not set, then this attribute has a variable length
995  //defined by the Attribute Length field
996  n = ntohs(attr->length);
997 
998  //Dump attribute length
999  TRACE_DEBUG(" Attribute Length = %" PRIu16 "\r\n", n);
1000 
1001  //Malformed attribute?
1002  if(length < (sizeof(IkeTransformAttr) + n))
1003  return ERROR_INVALID_SYNTAX;
1004 
1005  //Dump attribute value
1006  TRACE_DEBUG(" Attribute Value (%" PRIuSIZE " bytes)\r\n", n);
1007  TRACE_DEBUG_ARRAY(" ", attr->value, n);
1008  }
1009 
1010  //Total number of bytes that have been consumed
1011  *consumed = sizeof(IkeTransformAttr) + n;
1012 
1013  //Parsing was successful
1014  return NO_ERROR;
1015 }
1016 
1017 
1018 /**
1019  * @brief Dump Key Exchange payload
1020  * @param[in] payload Pointer to the payload to dump
1021  * @param[in] length Length of the payload, in bytes
1022  **/
1023 
1024 void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
1025 {
1026  size_t n;
1027  uint16_t groupNum;
1028  const char_t *groupName;
1029 
1030  //Check the length of the payload
1031  if(length < sizeof(IkeKePayload))
1032  return;
1033 
1034  //Determine the length of the Key Exchange Data field
1035  n = length - sizeof(IkeKePayload);
1036 
1037  //The Diffie-Hellman Group Num identifies the Diffie-Hellman group in
1038  //which the Key Exchange Data was computed
1039  groupNum = ntohs(payload->dhGroupNum);
1040 
1041  //Convert the Diffie-Hellman Group Num field to string representation
1042  groupName = ikeGetParamName(groupNum, ikeDhGroupList,
1043  arraysize(ikeDhGroupList));
1044 
1045  //Dump Diffie-Hellman Group Num field
1046  TRACE_DEBUG(" Diffie-Hellman Group Num = 0x%" PRIX16 " (%s)\r\n",
1047  groupNum, groupName);
1048 
1049  //Dump Key Exchange Data field
1050  TRACE_DEBUG(" Key Exchange Data (%" PRIuSIZE " bytes)\r\n", n);
1051  TRACE_DEBUG_ARRAY(" ", payload->keyExchangeData, n);
1052 }
1053 
1054 
1055 /**
1056  * @brief Dump Identification payload
1057  * @param[in] payload Pointer to the payload to dump
1058  * @param[in] length Length of the payload, in bytes
1059  **/
1060 
1061 void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
1062 {
1063  const char_t *idTypeName;
1064 
1065  //Check the length of the payload
1066  if(length < sizeof(IkeIdPayload))
1067  return;
1068 
1069  //The ID Type field specifies the type of Identification being used
1070  idTypeName = ikeGetParamName(payload->idType, ikeIdTypeList,
1071  arraysize(ikeIdTypeList));
1072 
1073  //Dump ID Type field
1074  TRACE_DEBUG(" ID Type = %" PRIu8 " (%s)\r\n", payload->idType,
1075  idTypeName);
1076 
1077  //The Identification Data field has a variable length
1078  length -= sizeof(IkeIdPayload);
1079 
1080  //Dump Identification Data field
1081  TRACE_DEBUG(" Identification Data (%" PRIuSIZE " bytes)\r\n", length);
1082 
1083 #if (IPV4_SUPPORT == ENABLED)
1084  //IPv4 address?
1085  if(payload->idType == IKE_ID_TYPE_IPV4_ADDR && length == sizeof(Ipv4Addr))
1086  {
1087  Ipv4Addr ipv4Addr;
1088 
1089  //Copy IPv4 address
1090  ipv4CopyAddr(&ipv4Addr, payload->idData);
1091  //Dump IPv4 address
1092  TRACE_DEBUG(" %s\r\n", ipv4AddrToString(ipv4Addr, NULL));
1093  }
1094  else
1095 #endif
1096 #if (IPV6_SUPPORT == ENABLED)
1097  //IPv4 address?
1098  if(payload->idType == IKE_ID_TYPE_IPV6_ADDR && length == sizeof(Ipv6Addr))
1099  {
1100  Ipv6Addr ipv6Addr;
1101 
1102  //Copy IPv6 address
1103  ipv6CopyAddr(&ipv6Addr, payload->idData);
1104  //Dump IPv6 address
1105  TRACE_DEBUG(" %s\r\n", ipv6AddrToString(&ipv6Addr, NULL));
1106  }
1107  else
1108 #endif
1109  {
1110  //Dump Identification Data field
1111  TRACE_DEBUG_ARRAY(" ", payload->idData, length);
1112  }
1113 }
1114 
1115 
1116 /**
1117  * @brief Dump Certificate payload
1118  * @param[in] payload Pointer to the payload to dump
1119  * @param[in] length Length of the payload, in bytes
1120  **/
1121 
1122 void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
1123 {
1124  const char_t *certEncodingName;
1125 
1126  //Check the length of the payload
1127  if(length < sizeof(IkeCertPayload))
1128  return;
1129 
1130  //The Certificate Encoding field indicates the type of certificate or
1131  //certificate-related information contained in the Certificate Data field
1132  certEncodingName = ikeGetParamName(payload->certEncoding,
1133  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1134 
1135  //Dump Certificate Encoding field
1136  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1137  payload->certEncoding, certEncodingName);
1138 
1139  //The Certificate Data field has a variable length
1140  length -= sizeof(IkeCertPayload);
1141 
1142  //Dump Certificate Data field
1143  TRACE_DEBUG(" Certificate Data (%" PRIuSIZE " bytes)\r\n", length);
1144  TRACE_DEBUG_ARRAY(" ", payload->certData, length);
1145 }
1146 
1147 
1148 /**
1149  * @brief Dump Certificate Request payload
1150  * @param[in] payload Pointer to the payload to dump
1151  * @param[in] length Length of the payload, in bytes
1152  **/
1153 
1154 void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
1155 {
1156  const char_t *certEncodingName;
1157 
1158  //Check the length of the payload
1159  if(length < sizeof(IkeCertReqPayload))
1160  return;
1161 
1162  //The Certificate Encoding field contains an encoding of the type or
1163  //format of certificate requested
1164  certEncodingName = ikeGetParamName(payload->certEncoding,
1165  ikeCertEncodingList, arraysize(ikeCertEncodingList));
1166 
1167  //Dump Certificate Encoding field
1168  TRACE_DEBUG(" Certificate Encoding = %" PRIu8 " (%s)\r\n",
1169  payload->certEncoding, certEncodingName);
1170 
1171  //The Certification Authority field has a variable length
1172  length -= sizeof(IkeCertReqPayload);
1173 
1174  //Dump Certification Authority field
1175  TRACE_DEBUG(" Certification Authority (%" PRIuSIZE " bytes)\r\n", length);
1176  TRACE_DEBUG_ARRAY(" ", payload->certAuthority, length);
1177 }
1178 
1179 
1180 /**
1181  * @brief Dump Authentication payload
1182  * @param[in] payload Pointer to the payload to dump
1183  * @param[in] length Length of the payload, in bytes
1184  **/
1185 
1186 void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
1187 {
1188  size_t n;
1189  const char_t *authMethodName;
1190 
1191  //Check the length of the payload
1192  if(length < sizeof(IkeAuthPayload))
1193  return;
1194 
1195  //The Auth Method field specifies the method of authentication used
1196  authMethodName = ikeGetParamName(payload->authMethod, ikeAuthMethodList,
1197  arraysize(ikeAuthMethodList));
1198 
1199  //Dump Auth Method field
1200  TRACE_DEBUG(" Auth Method = %" PRIu8 " (%s)\r\n",
1201  payload->authMethod, authMethodName);
1202 
1203  //The Authentication Data field has a variable length
1204  n = length - sizeof(IkeAuthPayload);
1205 
1206  //Dump Authentication Data field
1207  TRACE_DEBUG(" Auth Data (%" PRIuSIZE " bytes)\r\n", n);
1208  TRACE_DEBUG_ARRAY(" ", payload->authData, n);
1209 }
1210 
1211 
1212 /**
1213  * @brief Dump Nonce payload
1214  * @param[in] payload Pointer to the payload to dump
1215  * @param[in] length Length of the payload, in bytes
1216  **/
1217 
1218 void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
1219 {
1220  size_t n;
1221 
1222  //Check the length of the payload
1223  if(length < sizeof(IkeNoncePayload))
1224  return;
1225 
1226  //The size of the Nonce Data must be between 16 and 256 octets, inclusive
1227  n = length - sizeof(IkeNoncePayload);
1228 
1229  //Dump Nonce Data field
1230  TRACE_DEBUG(" Nonce (%" PRIuSIZE " bytes)\r\n", n);
1231  TRACE_DEBUG_ARRAY(" ", payload->nonceData, n);
1232 }
1233 
1234 
1235 /**
1236  * @brief Dump Notify payload
1237  * @param[in] payload Pointer to the payload to dump
1238  * @param[in] length Length of the payload, in bytes
1239  **/
1240 
1241 void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
1242 {
1243  size_t n;
1244  const uint8_t *p;
1245  const char_t *protocolIdName;
1246  const char_t *notifyMsgName;
1247 
1248  //Check the length of the payload
1249  if(length < sizeof(IkeNotifyPayload))
1250  return;
1251 
1252  //Check the length of the SPI
1253  if(length < (sizeof(IkeNotifyPayload) + payload->spiSize))
1254  return;
1255 
1256  //Convert the Protocol ID to string representation
1257  protocolIdName = ikeGetParamName(payload->protocolId,
1258  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1259 
1260  //Convert the Notify Message Type to string representation
1261  notifyMsgName = ikeGetParamName(ntohs(payload->notifyMsgType),
1262  ikeNotifyMsgTypeList, arraysize(ikeNotifyMsgTypeList));
1263 
1264  //Dump Notify payload
1265  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1266  payload->protocolId, protocolIdName);
1267 
1268  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1269 
1270  TRACE_DEBUG(" Notify Message Type = %" PRIu16 " (%s)\r\n",
1271  ntohs(payload->notifyMsgType), notifyMsgName);
1272 
1273  //Dump SPI field
1274  TRACE_DEBUG(" SPI (%" PRIu8 " bytes)\r\n", payload->spiSize);
1275 
1276  if(payload->spiSize > 0)
1277  {
1278  TRACE_DEBUG_ARRAY(" ", payload->spi, payload->spiSize);
1279  }
1280 
1281  //The Notification Data field has a variable length
1282  p = payload->spi + payload->spiSize;
1283  n = length - sizeof(IkeNotifyPayload) - payload->spiSize;
1284 
1285  //Dump Notification Data field
1286  TRACE_DEBUG(" Notification Data (%" PRIuSIZE " bytes)\r\n", n);
1287 
1288  if(n > 0)
1289  {
1290  TRACE_DEBUG_ARRAY(" ", p, n);
1291  }
1292 }
1293 
1294 
1295 /**
1296  * @brief Dump Delete payload
1297  * @param[in] payload Pointer to the payload to dump
1298  * @param[in] length Length of the payload, in bytes
1299  **/
1300 
1301 void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
1302 {
1303  size_t n;
1304  const char_t *protocolIdName;
1305 
1306  //Check the length of the payload
1307  if(length < sizeof(IkeDeletePayload))
1308  return;
1309 
1310  //Convert the Protocol ID to string representation
1311  protocolIdName = ikeGetParamName(payload->protocolId,
1312  ikeProtocolIdList, arraysize(ikeProtocolIdList));
1313 
1314  //Dump Delete payload
1315  TRACE_DEBUG(" Protocol ID = %" PRIu8 " (%s)\r\n",
1316  payload->protocolId, protocolIdName);
1317 
1318  TRACE_DEBUG(" SPI Size = %" PRIu8 "\r\n", payload->spiSize);
1319 
1320  TRACE_DEBUG(" Number Of SPIs = %" PRIu16 "\r\n", ntohs(payload->numSpi));
1321 
1322  //The SPIs field has a variable length
1323  n = length - sizeof(IkeDeletePayload);
1324 
1325  //Dump SPIs field
1326  TRACE_DEBUG(" SPIs (%" PRIuSIZE " bytes)\r\n", n);
1327 
1328  //The SPI size must be zero for IKE (SPI is in message header) or four
1329  //for AH and ESP
1330  if(n > 0)
1331  {
1332  TRACE_DEBUG_ARRAY(" ", payload->spi, n);
1333  }
1334 }
1335 
1336 
1337 /**
1338  * @brief Dump Traffic Selector payload
1339  * @param[in] payload Pointer to the payload to dump
1340  * @param[in] length Length of the payload, in bytes
1341  **/
1342 
1343 void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
1344 {
1345  uint_t i;
1346  size_t n;
1347  const uint8_t *p;
1348  const IkeTs *ts;
1349 
1350  //Check the length of the payload
1351  if(length < sizeof(IkeTsPayload))
1352  return;
1353 
1354  //Dump Number of TSs field
1355  TRACE_DEBUG(" Number of TSs = %" PRIu8 "\r\n", payload->numTs);
1356 
1357  //Point to the first byte of the Traffic Selectors field
1358  p = (uint8_t *) payload + sizeof(IkeProposal);
1359  //Determine the length of the Traffic Selectors field
1360  length -= sizeof(IkeTsPayload);
1361 
1362  //The Traffic Selectors field contains one or more Traffic Selector
1363  //substructures
1364  for(i = 1; i <= payload->numTs; i++)
1365  {
1366  //Malformed substructure?
1367  if(length < sizeof(IkeTs))
1368  break;
1369 
1370  //Point to the Traffic Selector substructure
1371  ts = (IkeTs *) p;
1372 
1373  //The Selector Length field indicates the length of the Traffic Selector
1374  //substructure including the header
1375  n = ntohs(ts->selectorLength);
1376 
1377  //Debug message
1378  TRACE_DEBUG(" Traffic Selector (%" PRIuSIZE " bytes)\r\n", n);
1379 
1380  //Check the length of the selector
1381  if(n < sizeof(IkeTs) || n > length)
1382  break;
1383 
1384  //Dump Traffic Selector substructure
1385  ikeDumpTs(ts, n);
1386 
1387  //Jump to the next selector
1388  p += n;
1389  length -= n;
1390  }
1391 }
1392 
1393 
1394 /**
1395  * @brief Dump Traffic Selector substructure
1396  * @param[in] ts Pointer to the Traffic Selector substructure to dump
1397  * @param[in] length Length of the selector, in bytes
1398  **/
1399 
1400 void ikeDumpTs(const IkeTs *ts, size_t length)
1401 {
1402  size_t n;
1403  const char_t *tsTypeName;
1404  const char_t *ipProtocolIdName;
1405 
1406  //Check the length of the Traffic Selector substructure
1407  if(length < sizeof(IkeTs))
1408  return;
1409 
1410  //Convert the TS Type to string representation
1411  tsTypeName = ikeGetParamName(ts->tsType, ikeTsTypeList,
1412  arraysize(ikeTsTypeList));
1413 
1414  //Convert the IP Protocol ID to string representation
1415  ipProtocolIdName = ikeGetParamName(ts->ipProtocolId, ikeIpProtocolIdList,
1416  arraysize(ikeIpProtocolIdList));
1417 
1418  //Dump Traffic Selector substructure
1419  TRACE_DEBUG(" TS Type = %" PRIu8 " (%s)\r\n", ts->tsType,
1420  tsTypeName);
1421 
1422  TRACE_DEBUG(" IP Protocol ID = %" PRIu8 " (%s)\r\n",
1423  ts->ipProtocolId, ipProtocolIdName);
1424 
1425  TRACE_DEBUG(" Selector Length = %" PRIu16 "\r\n",
1426  ntohs(ts->selectorLength));
1427 
1428  TRACE_DEBUG(" Start Port = %" PRIu16 "\r\n", ntohs(ts->startPort));
1429  TRACE_DEBUG(" End Port = %" PRIu16 "\r\n", ntohs(ts->endPort));
1430 
1431  //The length of the Starting Address and Ending Address fields are
1432  //determined by the Traffic Selector type
1433  n = length - sizeof(IkeTs);
1434 
1435 #if (IPV4_SUPPORT == ENABLED)
1436  //IPv4 address range?
1437  if(ts->tsType == IKE_TS_TYPE_IPV4_ADDR_RANGE &&
1438  n == (2 * sizeof(Ipv4Addr)))
1439  {
1440  Ipv4Addr ipv4StartAddr;
1441  Ipv4Addr ipv4EndAddr;
1442 
1443  //Copy IPv4 addresses
1444  ipv4CopyAddr(&ipv4StartAddr, ts->startAddr);
1445  ipv4CopyAddr(&ipv4EndAddr, ts->startAddr + sizeof(Ipv4Addr));
1446 
1447  //Dump IPv4 address range
1448  TRACE_DEBUG(" Starting Address = %s\r\n",
1449  ipv4AddrToString(ipv4StartAddr, NULL));
1450 
1451  TRACE_DEBUG(" Ending Address = %s\r\n",
1452  ipv4AddrToString(ipv4EndAddr, NULL));
1453  }
1454  else
1455 #endif
1456 #if (IPV6_SUPPORT == ENABLED)
1457  //IPv6 address range?
1458  if(ts->tsType == IKE_TS_TYPE_IPV6_ADDR_RANGE &&
1459  length == (2 * sizeof(Ipv6Addr)))
1460  {
1461  Ipv6Addr ipv6StartAddr;
1462  Ipv6Addr ipv6EndAddr;
1463 
1464  //Copy IPv6 addresses
1465  ipv6CopyAddr(&ipv6StartAddr, ts->startAddr);
1466  ipv6CopyAddr(&ipv6EndAddr, ts->startAddr + sizeof(Ipv6Addr));
1467 
1468  //Dump IPv6 address range
1469  TRACE_DEBUG(" Starting Address = %s\r\n",
1470  ipv6AddrToString(&ipv6StartAddr, NULL));
1471 
1472  TRACE_DEBUG(" Ending Address = %s\r\n",
1473  ipv6AddrToString(&ipv6EndAddr, NULL));
1474  }
1475  else
1476 #endif
1477  {
1478  //Just for sanity
1479  }
1480 }
1481 
1482 
1483 /**
1484  * @brief Dump Encrypted payload
1485  * @param[in] payload Pointer to the payload to dump
1486  * @param[in] length Length of the payload, in bytes
1487  **/
1488 
1489 void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
1490 {
1491  size_t n;
1492 
1493  //Check the length of the payload
1494  if(length < sizeof(IkeEncryptedPayload))
1495  return;
1496 
1497  //The Payload Length field indicates the length of the encrypted data
1498  n = length - sizeof(IkeEncryptedPayload);
1499 
1500  //Dump encrypted data
1501  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1502  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1503 
1504 }
1505 
1506 
1507 /**
1508  * @brief Dump Encrypted Fragment payload
1509  * @param[in] payload Pointer to the payload to dump
1510  * @param[in] length Length of the payload, in bytes
1511  **/
1512 
1513 void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload,
1514  size_t length)
1515 {
1516  size_t n;
1517 
1518  //Check the length of the payload
1519  if(length < sizeof(IkeEncryptedFragPayload))
1520  return;
1521 
1522  //The Payload Length field indicates the length of the encrypted data
1523  n = length - sizeof(IkeEncryptedFragPayload);
1524 
1525  //The Fragment Number field specifies the current Fragment message number
1526  TRACE_DEBUG(" Fragment Number = %" PRIu16 "\r\n",
1527  ntohs(payload->fragNum));
1528 
1529  //The Total Fragments field specifies the number of Fragment messages into
1530  //which the original message was divided
1531  TRACE_DEBUG(" Total Fragments = %" PRIu16 "\r\n",
1532  ntohs(payload->totalFrags));
1533 
1534  //Dump encrypted data
1535  TRACE_DEBUG(" Encrypted Data (%" PRIuSIZE " bytes)\r\n", n);
1536  TRACE_DEBUG_ARRAY(" ", payload->iv, n);
1537 }
1538 
1539 
1540 /**
1541  * @brief Convert a parameter to string representation
1542  * @param[in] value Parameter value
1543  * @param[in] paramList List of acceptable parameters
1544  * @param[in] paramListLen Number of entries in the list
1545  * @return NULL-terminated string describing the parameter
1546  **/
1547 
1548 const char_t *ikeGetParamName(uint_t value, const IkeParamName *paramList,
1549  size_t paramListLen)
1550 {
1551  uint_t i;
1552 
1553  //Default name for unknown values
1554  static const char_t defaultName[] = "Unknown";
1555 
1556  //Loop through the list of acceptable parameters
1557  for(i = 0; i < paramListLen; i++)
1558  {
1559  if(paramList[i].value == value)
1560  return paramList[i].name;
1561  }
1562 
1563  //Unknown value
1564  return defaultName;
1565 }
1566 
1567 #endif
ikeDumpPayloads
void ikeDumpPayloads(const uint8_t *payloads, size_t length, uint8_t nextPayload)
Dump IKE payloads.
Definition: ike_debug.c:545
IKE_TRANSFORM_ID_ENCR_AES_GCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_8
Definition: ike.h:948
IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
@ IKE_TRANSFORM_ID_AUTH_AES_CMAC_96
Definition: ike.h:1001
IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
@ IKE_NOTIFY_MSG_TYPE_PSK_CONFIRM
Definition: ike.h:1214
IKE_ID_TYPE_FC_NAME
@ IKE_ID_TYPE_FC_NAME
Definition: ike.h:1094
IKE_TRANSFORM_ID_DH_GROUP_CURVE448
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE448
curve448
Definition: ike.h:1039
ipv6AddrToString
char_t * ipv6AddrToString(const Ipv6Addr *ipAddr, char_t *str)
Convert a binary IPv6 address to a string representation.
Definition: ipv6.c:2339
IkeParamName
Parameter value/name binding.
Definition: ike_debug.h:49
ikeDumpTransformAttr
error_t ikeDumpTransformAttr(const IkeTransformAttr *attr, size_t length, size_t *consumed)
Dump transform attribute.
Definition: ike_debug.c:947
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_384_192
Definition: ike.h:1006
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024
1024-bit MODP Group
Definition: ike.h:1019
IKE_TRANSFORM_ID_DH_GROUP_ECP_192
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_192
192-bit Random ECP Group
Definition: ike.h:1032
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA
Definition: ike.h:1221
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY_KEY
Definition: ike.h:1234
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_96
Definition: ike.h:995
IKE_TS_TYPE_IPV4_ADDR_RANGE
@ IKE_TS_TYPE_IPV4_ADDR_RANGE
TS_IPV4_ADDR_RANGE.
Definition: ike.h:1244
IKE_TRANSFORM_ID_PRF_AES128_CMAC
@ IKE_TRANSFORM_ID_PRF_AES128_CMAC
Definition: ike.h:982
IKE_TRANSFORM_ID_ENCR_AES_CCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_16
Definition: ike.h:947
IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPCOMP_SUPPORTED
Definition: ike.h:1175
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_KTREE
Definition: ike.h:961
IkeCertReqPayload
IkeCertReqPayload
Definition: ike.h:1547
IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_MESSAGE_ID
Definition: ike.h:1151
IKE_TRANSFORM_ID_ENCR_AES_CTR
@ IKE_TRANSFORM_ID_ENCR_AES_CTR
Definition: ike.h:944
IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ERX_SUPPORTED
Definition: ike.h:1215
IKE_TRANSFORM_ID_DH_GROUP_NONE
@ IKE_TRANSFORM_ID_DH_GROUP_NONE
None.
Definition: ike.h:1017
IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_REGISTRATION_FAILED
Definition: ike.h:1171
IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_FRAGMENTATION_SUPPORTED
Definition: ike.h:1218
ikeDumpKePayload
void ikeDumpKePayload(const IkeKePayload *payload, size_t length)
Dump Key Exchange payload.
Definition: ike_debug.c:1024
IKE_NOTIFY_MSG_TYPE_INVALID_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_SPI
Definition: ike.h:1152
IKE_CERT_ENCODING_RAW_RSA_KEY
@ IKE_CERT_ENCODING_RAW_RSA_KEY
Raw RSA key (deprecated)
Definition: ike.h:1114
IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
@ IKE_NOTIFY_MSG_TYPE_SET_WINDOW_SIZE
Definition: ike.h:1173
IKE_IP_PROTOCOL_ID_ICMP
@ IKE_IP_PROTOCOL_ID_ICMP
Definition: ike.h:1257
IKE_IP_PROTOCOL_ID_TCP
@ IKE_IP_PROTOCOL_ID_TCP
Definition: ike.h:1258
IKE_ID_TYPE_NULL
@ IKE_ID_TYPE_NULL
Definition: ike.h:1095
IKE_NOTIFY_MSG_TYPE_REKEY_SA
@ IKE_NOTIFY_MSG_TYPE_REKEY_SA
Definition: ike.h:1181
IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_CHILD_SA_NOT_FOUND
Definition: ike.h:1166
IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA1_160
Definition: ike.h:1000
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_TS_POSSIBLE
Definition: ike.h:1174
IKE_ID_TYPE_IPV4_ADDR
@ IKE_ID_TYPE_IPV4_ADDR
Definition: ike.h:1087
IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
@ IKE_NOTIFY_MSG_TYPE_NO_PROPOSAL_CHOSEN
Definition: ike.h:1153
IKE_PAYLOAD_TYPE_CP
@ IKE_PAYLOAD_TYPE_CP
Configuration.
Definition: ike.h:865
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP6_ADDRESS
Definition: ike.h:1186
IkeKePayload
IkeKePayload
Definition: ike.h:1510
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CBC
Definition: ike.h:952
p
uint8_t p
Definition: ndp.h:300
IKE_ID_TYPE_DER_ASN1_DN
@ IKE_ID_TYPE_DER_ASN1_DN
Definition: ike.h:1091
IKE_TRANSFORM_ID_ENCR_IDEA
@ IKE_TRANSFORM_ID_ENCR_IDEA
Definition: ike.h:937
IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_128_GMAC
Definition: ike.h:1002
message
uint8_t message[]
Definition: chap.h:154
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_96
Definition: ike.h:994
IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_4096
4096-bit MODP Group
Definition: ike.h:1023
IKE_CERT_ENCODING_DNS_SIGNED_KEY
@ IKE_CERT_ENCODING_DNS_SIGNED_KEY
DNS signed key.
Definition: ike.h:1107
IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
@ IKE_LAST_SUBSTRUC_MORE_TRANSFORMS
More transform substructures.
Definition: ike.h:884
IKE_AUTH_METHOD_ECDSA_P521_SHA512
@ IKE_AUTH_METHOD_ECDSA_P521_SHA512
ECDSA with SHA-512 on the P-521 curve.
Definition: ike.h:1133
IKE_NOTIFY_MSG_TYPE_USE_PPK_INT
@ IKE_NOTIFY_MSG_TYPE_USE_PPK_INT
Definition: ike.h:1233
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048
2048-bit MODP Group
Definition: ike.h:1021
ikeDumpSaPayload
void ikeDumpSaPayload(const IkeSaPayload *payload, size_t length)
Dump Security Association payload.
Definition: ike_debug.c:692
IKE_NOTIFY_MSG_TYPE_PUZZLE
@ IKE_NOTIFY_MSG_TYPE_PUZZLE
Definition: ike.h:1222
IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_8192
8192-bit MODP Group
Definition: ike.h:1025
IkeNotifyPayload
IkeNotifyPayload
Definition: ike.h:1596
IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO
@ IKE_NOTIFY_MSG_TYPE_SA_RESOURCE_INFO
Definition: ike.h:1232
IKE_TRANSFORM_TYPE_DH
@ IKE_TRANSFORM_TYPE_DH
Diffie-Hellman Group.
Definition: ike.h:912
numTransforms
uint8_t numTransforms
Definition: ike.h:1467
IKE_TRANSFORM_ID_ESN_NO
@ IKE_TRANSFORM_ID_ESN_NO
No Extended Sequence Numbers.
Definition: ike.h:1054
IKE_TRANSFORM_TYPE_ADDKE2
@ IKE_TRANSFORM_TYPE_ADDKE2
Additional Key Exchange 2.
Definition: ike.h:915
IKE_AUTH_METHOD_GSPAM
@ IKE_AUTH_METHOD_GSPAM
Generic Secure Password Authentication Method.
Definition: ike.h:1134
IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UPDATE_SA_ADDRESSES
Definition: ike.h:1188
IKE_TRANSFORM_ID_ENCR_CAST
@ IKE_TRANSFORM_ID_ENCR_CAST
Definition: ike.h:938
IKE_AUTH_METHOD_RSA
@ IKE_AUTH_METHOD_RSA
RSA Digital Signature.
Definition: ike.h:1128
IKE_PROTOCOL_ID_AH
@ IKE_PROTOCOL_ID_AH
AH.
Definition: ike.h:895
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_8
Definition: ike.h:954
Ipv6Addr
Ipv6Addr
Definition: ipv6.h:260
IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
@ IKE_EXCHANGE_TYPE_IKE_SESSION_RESUME
IKE_SESSION_RESUME.
Definition: ike.h:822
IKE_LAST_SUBSTRUC_LAST
@ IKE_LAST_SUBSTRUC_LAST
Last proposal/transform substructure.
Definition: ike.h:882
IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY
@ IKE_EXCHANGE_TYPE_GSA_INBAND_REKEY
GSA_INBAND_REKEY.
Definition: ike.h:826
IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_WESP_MODE
Definition: ike.h:1203
IkePayloadHeader
IkePayloadHeader
Definition: ike.h:1441
ikeDumpEncryptedPayload
void ikeDumpEncryptedPayload(const IkeEncryptedPayload *payload, size_t length)
Dump Encrypted payload.
Definition: ike_debug.c:1489
IKE_PAYLOAD_TYPE_CERTREQ
@ IKE_PAYLOAD_TYPE_CERTREQ
Certificate Request.
Definition: ike.h:856
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_16
Definition: ike.h:956
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_MAC_KTREE
Definition: ike.h:964
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_256
GOST3410_2012_256.
Definition: ike.h:1040
IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_192_GMAC
Definition: ike.h:1003
IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
@ IKE_NOTIFY_MSG_TYPE_IFOM_CAPABILITY
Definition: ike.h:1216
IKE_TRANSFORM_TYPE_GCAUTH
@ IKE_TRANSFORM_TYPE_GCAUTH
Group Controller Authentication Method.
Definition: ike.h:922
IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ROHC_SUPPORTED
Definition: ike.h:1204
IKE_NOTIFY_MSG_TYPE_TICKET_NACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_NACK
Definition: ike.h:1200
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305_IIV
Definition: ike.h:960
IKE_IP_PROTOCOL_ID_UDP
@ IKE_IP_PROTOCOL_ID_UDP
Definition: ike.h:1259
IKE_TRANSFORM_ID_ENCR_DES_IV64
@ IKE_TRANSFORM_ID_ENCR_DES_IV64
Definition: ike.h:933
IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16_IIV
Definition: ike.h:959
IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
@ IKE_CERT_ENCODING_HASH_URL_X509_BUNDLE
Hash and URL of X.509 bundle.
Definition: ike.h:1116
IKE_TRANSFORM_TYPE_KWA
@ IKE_TRANSFORM_TYPE_KWA
Key Wrap Algorithm.
Definition: ike.h:921
IKE_AUTH_METHOD_NULL
@ IKE_AUTH_METHOD_NULL
NULL Authentication.
Definition: ike.h:1135
IkeTransform
IkeTransform
Definition: ike.h:1485
IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
@ IKE_TRANSFORM_ID_DH_GROUP_CURVE25519
curve25519
Definition: ike.h:1038
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP224R1
224-bit Brainpool ECP Group
Definition: ike.h:1034
IKE_TS_TYPE_SECLABEL
@ IKE_TS_TYPE_SECLABEL
TS_SECLABEL.
Definition: ike.h:1247
Ipv4Addr
uint32_t Ipv4Addr
IPv4 network address.
Definition: ipv4.h:298
IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
@ IKE_NOTIFY_MSG_TYPE_SIGNATURE_HASH_ALGORITHMS
Definition: ike.h:1219
IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
@ IKE_TRANSFORM_ID_ENCR_CHACHA20_POLY1305
Definition: ike.h:957
IKE_TRANSFORM_TYPE_ADDKE7
@ IKE_TRANSFORM_TYPE_ADDKE7
Additional Key Exchange 7.
Definition: ike.h:920
IKE_ATTR_FORMAT_TV
@ IKE_ATTR_FORMAT_TV
shortened Type/Value format
Definition: ike.h:1066
IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
@ IKE_TRANSFORM_ID_AUTH_AES_XCBC_96
Definition: ike.h:998
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_384
Definition: ike.h:980
IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
@ IKE_NOTIFY_MSG_TYPE_USE_AGGFRAG
Definition: ike.h:1230
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_SOURCE_IP
Definition: ike.h:1176
r
uint8_t r
Definition: ndp.h:346
IKE_TRANSFORM_TYPE_ESN
@ IKE_TRANSFORM_TYPE_ESN
Extended Sequence Numbers.
Definition: ike.h:913
ikeDumpEncryptedFragPayload
void ikeDumpEncryptedFragPayload(const IkeEncryptedFragPayload *payload, size_t length)
Dump Encrypted Fragment payload.
Definition: ike_debug.c:1513
IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
@ IKE_NOTIFY_MSG_TYPE_TS_UNACCEPTABLE
Definition: ike.h:1160
IKE_TRANSFORM_ID_DH_GROUP_ECP_224
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_224
224-bit Random ECP Group
Definition: ike.h:1033
IKE_NOTIFY_MSG_TYPE_LINK_ID
@ IKE_NOTIFY_MSG_TYPE_LINK_ID
Definition: ike.h:1202
IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
@ IKE_NOTIFY_MSG_TYPE_NAT_DETECTION_DESTINATION_IP
Definition: ike.h:1177
IKE_TRANSFORM_ID_ENCR_AES_CBC
@ IKE_TRANSFORM_ID_ENCR_AES_CBC
Definition: ike.h:943
IKE_PAYLOAD_TYPE_EAP
@ IKE_PAYLOAD_TYPE_EAP
Extensible Authentication.
Definition: ike.h:866
IKE_ID_TYPE_DER_ASN1_GN
@ IKE_ID_TYPE_DER_ASN1_GN
Definition: ike.h:1092
IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
@ IKE_TRANSFORM_ATTR_TYPE_KEY_LEN
Key Length (in bits)
Definition: ike.h:1076
IkeAuthPayload
IkeAuthPayload
Definition: ike.h:1560
IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_FAILED_CP_REQUIRED
Definition: ike.h:1159
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC
Definition: ike.h:1211
IKE_EXCHANGE_TYPE_IKE_AUTH
@ IKE_EXCHANGE_TYPE_IKE_AUTH
IKE_AUTH.
Definition: ike.h:819
ikeDumpCertReqPayload
void ikeDumpCertReqPayload(const IkeCertReqPayload *payload, size_t length)
Dump Certificate Request payload.
Definition: ike_debug.c:1154
IKE_ID_TYPE_IPV6_ADDR
@ IKE_ID_TYPE_IPV6_ADDR
Definition: ike.h:1090
IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CHILDLESS_IKEV2_SUPPORTED
Definition: ike.h:1206
FALSE
#define FALSE
Definition: os_port.h:46
IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
@ IKE_NOTIFY_MSG_TYPE_INVALID_SELECTORS
Definition: ike.h:1161
IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
@ IKE_NOTIFY_MSG_TYPE_ANOTHER_AUTH_FOLLOWS
Definition: ike.h:1193
IKE_ATTR_FORMAT_TLV
@ IKE_ATTR_FORMAT_TLV
Type/Length/Value format.
Definition: ike.h:1065
IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP4_ALLOWED
Definition: ike.h:1227
ike_debug.h
Data logging functions for debugging purpose (IKEv2)
IKE_TRANSFORM_TYPE_ADDKE3
@ IKE_TRANSFORM_TYPE_ADDKE3
Additional Key Exchange 3.
Definition: ike.h:916
IKE_FLAGS_I
@ IKE_FLAGS_I
Initiator flag.
Definition: ike.h:840
error_t
error_t
Error codes.
Definition: error.h:43
IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE
@ IKE_EXCHANGE_TYPE_IKE_FOLLOWUP_KE
IKE_FOLLOWUP_KE.
Definition: ike.h:828
IKE_PAYLOAD_TYPE_SK
@ IKE_PAYLOAD_TYPE_SK
Encrypted and Authenticated.
Definition: ike.h:864
IKE_TRANSFORM_ID_DH_GROUP_MODP_768
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_768
768-bit MODP Group
Definition: ike.h:1018
IkeIdPayload
IkeIdPayload
Definition: ike.h:1523
ikeDumpTs
void ikeDumpTs(const IkeTs *ts, size_t length)
Dump Traffic Selector substructure.
Definition: ike_debug.c:1400
IKE_PAYLOAD_TYPE_AUTH
@ IKE_PAYLOAD_TYPE_AUTH
Authentication.
Definition: ike.h:857
IKE_TRANSFORM_ID_ENCR_NULL
@ IKE_TRANSFORM_ID_ENCR_NULL
Definition: ike.h:942
IKE_PAYLOAD_TYPE_CERT
@ IKE_PAYLOAD_TYPE_CERT
Certificate.
Definition: ike.h:855
IkeTsPayload
IkeTsPayload
Definition: ike.h:1634
IKE_AUTH_METHOD_DIGITAL_SIGN
@ IKE_AUTH_METHOD_DIGITAL_SIGN
Digital Signature.
Definition: ike.h:1136
IKE_TS_TYPE_FC_ADDR_RANGE
@ IKE_TS_TYPE_FC_ADDR_RANGE
TS_FC_ADDR_RANGE.
Definition: ike.h:1246
IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
@ IKE_EXCHANGE_TYPE_IKE_INTERMEDIATE
IKE_INTERMEDIATE.
Definition: ike.h:827
IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_NO_NATS_ALLOWED
Definition: ike.h:1190
IKE_TRANSFORM_TYPE_ADDKE5
@ IKE_TRANSFORM_TYPE_ADDKE5
Additional Key Exchange 5.
Definition: ike.h:918
IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
@ IKE_TRANSFORM_ID_ENCR_KUZNYECHIK_MGM_MAC_KTREE
Definition: ike.h:963
IKE_SPI_SIZE
#define IKE_SPI_SIZE
Definition: ike.h:790
ikeDumpPayloadHeader
void ikeDumpPayloadHeader(const IkePayloadHeader *header)
Dump generic payload header.
Definition: ike_debug.c:671
IKE_PROTOCOL_ID_ESP
@ IKE_PROTOCOL_ID_ESP
ESP.
Definition: ike.h:896
IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
@ IKE_NOTIFY_MSG_TYPE_NO_PPK_AUTH
Definition: ike.h:1225
IKE_TRANSFORM_ID_PRF_HMAC_MD5
@ IKE_TRANSFORM_ID_PRF_HMAC_MD5
Definition: ike.h:975
IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
@ IKE_NOTIFY_MSG_TYPE_PPK_IDENTITY
Definition: ike.h:1224
IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
@ IKE_NOTIFY_MSG_TYPE_QUICK_CRASH_DETECTION
Definition: ike.h:1207
IKE_CERT_ENCODING_PGP_CERT
@ IKE_CERT_ENCODING_PGP_CERT
PGP certificate.
Definition: ike.h:1106
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP512R1
512-bit Brainpool ECP Group
Definition: ike.h:1037
IKE_IP_PROTOCOL_ID_ICMPV6
@ IKE_IP_PROTOCOL_ID_ICMPV6
Definition: ike.h:1260
IKE_TRANSFORM_ID_PRF_HMAC_SHA1
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA1
Definition: ike.h:976
IKE_CERT_ENCODING_X509_CERT_ATTR
@ IKE_CERT_ENCODING_X509_CERT_ATTR
X.509 certificate - attribute.
Definition: ike.h:1113
IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MOBIKE_SUPPORTED
Definition: ike.h:1184
IKE_TRANSFORM_ID_ENCR_AES_GCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_12
Definition: ike.h:949
IkeTransformAttr
IkeTransformAttr
Definition: ike.h:1497
IKE_CERT_ENCODING_OCSP_CONTENT
@ IKE_CERT_ENCODING_OCSP_CONTENT
OCSP Content.
Definition: ike.h:1117
IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8_IIV
Definition: ike.h:958
IKE_PAYLOAD_TYPE_V
@ IKE_PAYLOAD_TYPE_V
Vendor ID.
Definition: ike.h:861
IKE_TRANSFORM_TYPE_ADDKE1
@ IKE_TRANSFORM_TYPE_ADDKE1
Additional Key Exchange 1.
Definition: ike.h:914
IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
@ IKE_TRANSFORM_ID_ENCR_MAGMA_MGM_KTREE
Definition: ike.h:962
IKE_PAYLOAD_TYPE_IDI
@ IKE_PAYLOAD_TYPE_IDI
Identification - Initiator.
Definition: ike.h:853
IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
@ IKE_NOTIFY_MSG_TYPE_REDIRECTED_FROM
Definition: ike.h:1196
IKE_TRANSFORM_ID_ENCR_BLOWFISH
@ IKE_TRANSFORM_ID_ENCR_BLOWFISH
Definition: ike.h:939
IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1536
1536-bit MODP Group
Definition: ike.h:1020
IKE_TRANSFORM_TYPE_ENCR
@ IKE_TRANSFORM_TYPE_ENCR
Encryption Algorithm.
Definition: ike.h:909
IKE_TRANSFORM_ID_ENCR_DES_IV32
@ IKE_TRANSFORM_ID_ENCR_DES_IV32
Definition: ike.h:941
length
uint8_t length
Definition: tcp.h:375
IKE_TRANSFORM_ID_PRF_AES128_XCBC
@ IKE_TRANSFORM_ID_PRF_AES128_XCBC
Definition: ike.h:978
IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_MD5_128
Definition: ike.h:999
IKE_CERT_ENCODING_HASH_URL_X509_CERT
@ IKE_CERT_ENCODING_HASH_URL_X509_CERT
Hash and URL of X.509 certificate.
Definition: ike.h:1115
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_768
ML-KEM-768.
Definition: ike.h:1043
IkeHeader
IkeHeader
Definition: ike.h:1423
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_224
2048-bit MODP Group with 224-bit Prime Order Subgroup
Definition: ike.h:1030
IKE_NOTIFY_MSG_TYPE_USE_PPK
@ IKE_NOTIFY_MSG_TYPE_USE_PPK
Definition: ike.h:1223
IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
@ IKE_NOTIFY_MSG_TYPE_IP6_ALLOWED
Definition: ike.h:1228
IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
@ IKE_EXCHANGE_TYPE_CREATE_CHILD_SA
CREATE_CHILD_SA.
Definition: ike.h:820
IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_OPAQUE
Definition: ike.h:1201
IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
@ IKE_NOTIFY_MSG_TYPE_UNEXPECTED_NAT_DETECTED
Definition: ike.h:1163
IKE_AUTH_METHOD_SHARED_KEY
@ IKE_AUTH_METHOD_SHARED_KEY
Shared Key Message Integrity Code.
Definition: ike.h:1129
IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_HTTP_CERT_LOOKUP_SUPPORTED
Definition: ike.h:1180
IKE_TRANSFORM_ID_DH_GROUP_ECP_384
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_384
384-bit Random ECP Group
Definition: ike.h:1027
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_256
Definition: ike.h:979
IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_ESP_TFC_PADDING_NOT_SUPPORTED
Definition: ike.h:1182
IkeEncryptedPayload
IkeEncryptedPayload
Definition: ike.h:1660
IKE_CERT_ENCODING_CRL
@ IKE_CERT_ENCODING_CRL
Certificate revocation list.
Definition: ike.h:1110
IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
@ IKE_NOTIFY_MSG_TYPE_STATE_NOT_FOUND
Definition: ike.h:1169
IKE_NOTIFY_MSG_TYPE_GROUP_SENDER
@ IKE_NOTIFY_MSG_TYPE_GROUP_SENDER
Definition: ike.h:1217
IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
@ IKE_NOTIFY_MSG_TYPE_NON_FIRST_FRAGMENTS_ALSO
Definition: ike.h:1183
IKE_EXCHANGE_TYPE_GSA_AUTH
@ IKE_EXCHANGE_TYPE_GSA_AUTH
GSA_AUTH.
Definition: ike.h:823
IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
@ IKE_TRANSFORM_ID_DH_GROUP_GOST3410_2012_512
GOST3410_2012_512.
Definition: ike.h:1041
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_256_128
Definition: ike.h:1005
IkeDeletePayload
IkeDeletePayload
Definition: ike.h:1610
IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE
@ IKE_NOTIFY_MSG_TYPE_TS_MAX_QUEUE
Definition: ike.h:1170
ikeDumpCertPayload
void ikeDumpCertPayload(const IkeCertPayload *payload, size_t length)
Dump Certificate payload.
Definition: ike_debug.c:1122
IKE_TRANSFORM_ID_ENCR_DES
@ IKE_TRANSFORM_ID_ENCR_DES
Definition: ike.h:934
ike.h
IKEv2 (Internet Key Exchange Protocol)
IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTHORIZATION_FAILED
Definition: ike.h:1168
ntohs
#define ntohs(value)
Definition: cpu_endian.h:421
IKE_TRANSFORM_ID_AUTH_KPDK_MD5
@ IKE_TRANSFORM_ID_AUTH_KPDK_MD5
Definition: ike.h:997
IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
@ IKE_TRANSFORM_ID_AUTH_AES_256_GMAC
Definition: ike.h:1004
IkeTs
IkeTs
Definition: ike.h:1649
IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
@ IKE_TRANSFORM_ID_ENCR_NULL_AUTH_AES_GMAC
Definition: ike.h:951
ikeDumpDeletePayload
void ikeDumpDeletePayload(const IkeDeletePayload *payload, size_t length)
Dump Delete payload.
Definition: ike_debug.c:1301
TRACE_DEBUG
#define TRACE_DEBUG(...)
Definition: debug.h:119
IkeProposal
IkeProposal
Definition: ike.h:1469
char_t
char char_t
Definition: compiler_port.h:55
IKE_CERT_ENCODING_PKCS7_X509_CERT
@ IKE_CERT_ENCODING_PKCS7_X509_CERT
PKCS #7 wrapped X.509 certificate.
Definition: ike.h:1105
IKE_PAYLOAD_TYPE_PS
@ IKE_PAYLOAD_TYPE_PS
Puzzle Solution.
Definition: ike.h:872
ikeDumpAuthPayload
void ikeDumpAuthPayload(const IkeAuthPayload *payload, size_t length)
Dump Authentication payload.
Definition: ike_debug.c:1186
IKE_EXCHANGE_TYPE_IKE_SA_INIT
@ IKE_EXCHANGE_TYPE_IKE_SA_INIT
IKE_SA_INIT.
Definition: ike.h:818
IKE_PAYLOAD_TYPE_NONCE
@ IKE_PAYLOAD_TYPE_NONCE
Nonce.
Definition: ike.h:858
IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_INVALID_KE_PAYLOAD
Definition: ike.h:1154
ikeDumpHeader
void ikeDumpHeader(const IkeHeader *header)
Dump IKE header.
Definition: ike_debug.c:441
ikeDumpProposal
void ikeDumpProposal(const IkeProposal *proposal, size_t length)
Dump Proposal substructure.
Definition: ike_debug.c:741
IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
@ IKE_TRANSFORM_ID_PRF_HMAC_STREEBOG_512
Definition: ike.h:983
ipv6CopyAddr
#define ipv6CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv6.h:123
ikeDumpNoncePayload
void ikeDumpNoncePayload(const IkeNoncePayload *payload, size_t length)
Dump Nonce payload.
Definition: ike_debug.c:1218
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:120
IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_1024_160
1024-bit MODP Group with 160-bit Prime Order Subgroup
Definition: ike.h:1029
IKE_TRANSFORM_ID_ENCR_3DES
@ IKE_TRANSFORM_ID_ENCR_3DES
Definition: ike.h:935
IKE_TRANSFORM_ID_ENCR_AES_GCM_16
@ IKE_TRANSFORM_ID_ENCR_AES_GCM_16
Definition: ike.h:950
IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_INTERMEDIATE_EXCHANGE_SUPPORTED
Definition: ike.h:1226
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_SAS
Definition: ike.h:1157
IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
@ IKE_NOTIFY_MSG_TYPE_UNSUPPORTED_CRITICAL_PAYLOAD
Definition: ike.h:1147
IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS
@ IKE_NOTIFY_MSG_TYPE_SUPPORTED_AUTH_METHODS
Definition: ike.h:1231
IKE_PAYLOAD_TYPE_IDG
@ IKE_PAYLOAD_TYPE_IDG
Group Identification.
Definition: ike.h:868
n
uint8_t n
Definition: dhcpv6_common.h:416
IKE_TRANSFORM_ID_PRF_HMAC_TIGER
@ IKE_TRANSFORM_ID_PRF_HMAC_TIGER
Definition: ike.h:977
IKE_PAYLOAD_TYPE_SKF
@ IKE_PAYLOAD_TYPE_SKF
Encrypted and Authenticated Fragment.
Definition: ike.h:871
IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_3072
3072-bit MODP Group
Definition: ike.h:1022
IkeCertPayload
IkeCertPayload
Definition: ike.h:1535
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_1024
ML-KEM-1024.
Definition: ike.h:1044
payload
uint8_t payload[]
Definition: ipv6.h:286
IKE_TRANSFORM_ID_ENCR_AES_CCM_12
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_12
Definition: ike.h:946
IKE_TRANSFORM_TYPE_PRF
@ IKE_TRANSFORM_TYPE_PRF
Pseudorandom Function.
Definition: ike.h:910
IKE_TRANSFORM_ID_ESN_YES
@ IKE_TRANSFORM_ID_ESN_YES
Extended Sequence Numbers.
Definition: ike.h:1055
IKE_PAYLOAD_TYPE_KD
@ IKE_PAYLOAD_TYPE_KD
Key Download.
Definition: ike.h:870
ikeDumpTransform
void ikeDumpTransform(const IkeTransform *transform, size_t length)
Dump Transform substructure.
Definition: ike_debug.c:829
IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
@ IKE_NOTIFY_MSG_TYPE_TICKET_LT_OPAQUE
Definition: ike.h:1197
IkeEncryptedFragPayload
IkeEncryptedFragPayload
Definition: ike.h:1723
IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
@ IKE_NOTIFY_MSG_TYPE_SECURE_PASSWORD_METHODS
Definition: ike.h:1212
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CTR
Definition: ike.h:953
IkeParamName::name
const char_t * name
Definition: ike_debug.h:51
IKE_CERT_ENCODING_ARL
@ IKE_CERT_ENCODING_ARL
Authority revocation list.
Definition: ike.h:1111
IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
@ IKE_NOTIFY_MSG_TYPE_USE_ASSIGNED_HOA
Definition: ike.h:1164
IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION
@ IKE_PROTOCOL_ID_FC_CT_AUTHENTICATION
FC_CT_AUTHENTICATION.
Definition: ike.h:898
IKE_ID_TYPE_RFC822_ADDR
@ IKE_ID_TYPE_RFC822_ADDR
Definition: ike.h:1089
transformId
uint16_t transformId
Definition: ike.h:1483
IKE_PROTOCOL_ID_IKE
@ IKE_PROTOCOL_ID_IKE
IKE.
Definition: ike.h:894
value
uint8_t value[]
Definition: tcp.h:376
IKE_AUTH_METHOD_DSS
@ IKE_AUTH_METHOD_DSS
DSS Digital Signature.
Definition: ike.h:1130
IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
@ IKE_NOTIFY_MSG_TYPE_AUTH_FAILED
Definition: ike.h:1155
IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
@ IKE_NOTIFY_MSG_TYPE_TEMPORARY_FAILURE
Definition: ike.h:1165
IKE_TRANSFORM_ID_ENCR_3IDEA
@ IKE_TRANSFORM_ID_ENCR_3IDEA
Definition: ike.h:940
IKE_EXCHANGE_TYPE_INFORMATIONAL
@ IKE_EXCHANGE_TYPE_INFORMATIONAL
INFORMATIONAL.
Definition: ike.h:821
IKE_PAYLOAD_TYPE_LAST
@ IKE_PAYLOAD_TYPE_LAST
No Next Payload.
Definition: ike.h:850
IKE_LAST_SUBSTRUC_MORE_PROPOSALS
@ IKE_LAST_SUBSTRUC_MORE_PROPOSALS
More proposal substructures.
Definition: ike.h:883
IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
@ IKE_NOTIFY_MSG_TYPE_TICKET_REQUEST
Definition: ike.h:1198
ikeGetParamName
const char_t * ikeGetParamName(uint_t value, const IkeParamName *paramList, size_t paramListLen)
Convert a parameter to string representation.
Definition: ike_debug.c:1548
IKE_CERT_ENCODING_SPKI_CERT
@ IKE_CERT_ENCODING_SPKI_CERT
SPKI certificate.
Definition: ike.h:1112
IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
@ IKE_NOTIFY_MSG_TYPE_INITIAL_CONTACT
Definition: ike.h:1172
IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
@ IKE_NOTIFY_MSG_TYPE_INTERNAL_ADDRESS_FAILURE
Definition: ike.h:1158
IKE_PAYLOAD_TYPE_KE
@ IKE_PAYLOAD_TYPE_KE
Key Exchange.
Definition: ike.h:852
ERROR_INVALID_SYNTAX
@ ERROR_INVALID_SYNTAX
Definition: error.h:68
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC_SUPPORTED
Definition: ike.h:1208
IKE_NOTIFY_MSG_TYPE_REDIRECT
@ IKE_NOTIFY_MSG_TYPE_REDIRECT
Definition: ike.h:1195
IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
@ IKE_NOTIFY_MSG_TYPE_AUTH_LIFETIME
Definition: ike.h:1191
nextPayload
uint8_t nextPayload
Definition: ike.h:1411
IKE_AUTH_METHOD_ECDSA_P256_SHA256
@ IKE_AUTH_METHOD_ECDSA_P256_SHA256
ECDSA with SHA-256 on the P-256 curve.
Definition: ike.h:1131
IKE_NOTIFY_MSG_TYPE_COOKIE
@ IKE_NOTIFY_MSG_TYPE_COOKIE
Definition: ike.h:1178
ipv4CopyAddr
#define ipv4CopyAddr(destIpAddr, srcIpAddr)
Definition: ipv4.h:155
IKE_ID_TYPE_KEY_ID
@ IKE_ID_TYPE_KEY_ID
Definition: ike.h:1093
IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED
Definition: ike.h:1209
IKE_FLAGS_R
@ IKE_FLAGS_R
Response flag.
Definition: ike.h:838
IKE_PAYLOAD_TYPE_TSI
@ IKE_PAYLOAD_TYPE_TSI
Traffic Selector - Initiator.
Definition: ike.h:862
IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
@ IKE_NOTIFY_MSG_TYPE_USE_TRANSPORT_MODE
Definition: ike.h:1179
IKE_PROTOCOL_ID_FC_ESP_HEADER
@ IKE_PROTOCOL_ID_FC_ESP_HEADER
FC_ESP_HEADER.
Definition: ike.h:897
IKE_CERT_ENCODING_X509_CERT_SIGN
@ IKE_CERT_ENCODING_X509_CERT_SIGN
X.509 certificate - signature.
Definition: ike.h:1108
IkeNoncePayload
IkeNoncePayload
Definition: ike.h:1582
IKE_TRANSFORM_TYPE_ADDKE6
@ IKE_TRANSFORM_TYPE_ADDKE6
Additional Key Exchange 6.
Definition: ike.h:919
IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
@ IKE_NOTIFY_MSG_TYPE_SINGLE_PAIR_REQUIRED
Definition: ike.h:1156
IKE_TRANSFORM_ID_AUTH_DES_MAC
@ IKE_TRANSFORM_ID_AUTH_DES_MAC
Definition: ike.h:996
IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_2048_256
2048-bit MODP Group with 256-bit Prime Order Subgroup
Definition: ike.h:1031
IKE_TRANSFORM_ID_DH_GROUP_ECP_256
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_256
256-bit Random ECP Group
Definition: ike.h:1026
IKE_NOTIFY_MSG_TYPE_TICKET_ACK
@ IKE_NOTIFY_MSG_TYPE_TICKET_ACK
Definition: ike.h:1199
IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_REDIRECT_SUPPORTED
Definition: ike.h:1194
IKE_EXCHANGE_TYPE_GSA_REKEY
@ IKE_EXCHANGE_TYPE_GSA_REKEY
GSA_REKEY.
Definition: ike.h:825
IKE_EXCHANGE_TYPE_GSA_REGISTRATION
@ IKE_EXCHANGE_TYPE_GSA_REGISTRATION
GSA_REGISTRATION.
Definition: ike.h:824
flags
uint8_t flags
Definition: tcp.h:358
IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_MULTIPLE_AUTH_SUPPORTED
Definition: ike.h:1192
IKE_PAYLOAD_TYPE_IDR
@ IKE_PAYLOAD_TYPE_IDR
Identification - Responder.
Definition: ike.h:854
IKE_PROTOCOL_ID_GIKE_UPDATE
@ IKE_PROTOCOL_ID_GIKE_UPDATE
GIKE_UPDATE.
Definition: ike.h:899
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_KEY_EXCHANGE
Definition: ike.h:1229
PRIuSIZE
#define PRIuSIZE
Definition: compiler_port.h:160
IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
@ IKE_TRANSFORM_ID_AUTH_HMAC_SHA2_512_256
Definition: ike.h:1007
IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
@ IKE_TRANSFORM_ID_DH_GROUP_ML_KEM_512
ML-KEM-512.
Definition: ike.h:1042
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
IKE_PAYLOAD_TYPE_D
@ IKE_PAYLOAD_TYPE_D
Delete.
Definition: ike.h:860
ikeDumpNotifyPayload
void ikeDumpNotifyPayload(const IkeNotifyPayload *payload, size_t length)
Dump Notify payload.
Definition: ike_debug.c:1241
IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
@ IKE_NOTIFY_MSG_TYPE_EAP_ONLY_AUTHENTICATION
Definition: ike.h:1205
IKE_NOTIFY_MSG_TYPE_COOKIE2
@ IKE_NOTIFY_MSG_TYPE_COOKIE2
Definition: ike.h:1189
IKE_PAYLOAD_TYPE_SA
@ IKE_PAYLOAD_TYPE_SA
Security Association.
Definition: ike.h:851
IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
@ IKE_NOTIFY_MSG_TYPE_INVALID_GROUP_ID
Definition: ike.h:1167
IKE_TRANSFORM_TYPE_ADDKE4
@ IKE_TRANSFORM_TYPE_ADDKE4
Additional Key Exchange 4.
Definition: ike.h:917
IKE_TRANSFORM_ID_AUTH_NONE
@ IKE_TRANSFORM_ID_AUTH_NONE
Definition: ike.h:993
ipv4AddrToString
char_t * ipv4AddrToString(Ipv4Addr ipAddr, char_t *str)
Convert a binary IPv4 address to dot-decimal notation.
Definition: ipv4.c:1478
IKE_FLAGS_V
@ IKE_FLAGS_V
Version flag.
Definition: ike.h:839
IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
@ IKE_NOTIFY_MSG_TYPE_PSK_PERSIST
Definition: ike.h:1213
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP384R1
384-bit Brainpool ECP Group
Definition: ike.h:1036
IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
@ IKE_NOTIFY_MSG_TYPE_INVALID_MAJOR_VERSION
Definition: ike.h:1149
IKE_CERT_ENCODING_KERBEROS_TOKEN
@ IKE_CERT_ENCODING_KERBEROS_TOKEN
Kerberos token.
Definition: ike.h:1109
IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
@ IKE_NOTIFY_MSG_TYPE_IKEV2_MESSAGE_ID_SYNC
Definition: ike.h:1210
IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_NO_ADDITIONAL_ADDRESSES
Definition: ike.h:1187
ikeDumpMessage
void ikeDumpMessage(const uint8_t *message, size_t length)
Dump IKE message.
Definition: ike_debug.c:413
ikeDumpIdPayload
void ikeDumpIdPayload(const IkeIdPayload *payload, size_t length)
Dump Identification payload.
Definition: ike_debug.c:1061
IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
@ IKE_NOTIFY_MSG_TYPE_INVALID_IKE_SPI
Definition: ike.h:1148
IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
@ IKE_NOTIFY_MSG_TYPE_UNACCEPTABLE_ADDRESSES
Definition: ike.h:1162
IKE_TRANSFORM_ID_DH_GROUP_ECP_521
@ IKE_TRANSFORM_ID_DH_GROUP_ECP_521
521-bit Random ECP Group
Definition: ike.h:1028
IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
@ IKE_NOTIFY_MSG_TYPE_CLONE_IKE_SA_SUPPORTED
Definition: ike.h:1220
IKE_AUTH_METHOD_ECDSA_P384_SHA384
@ IKE_AUTH_METHOD_ECDSA_P384_SHA384
ECDSA with SHA-384 on the P-384 curve.
Definition: ike.h:1132
IKE_TRANSFORM_ID_ENCR_RC5
@ IKE_TRANSFORM_ID_ENCR_RC5
Definition: ike.h:936
IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
@ IKE_NOTIFY_MSG_TYPE_ADDITIONAL_IP4_ADDRESS
Definition: ike.h:1185
IKE_PAYLOAD_TYPE_N
@ IKE_PAYLOAD_TYPE_N
Notify.
Definition: ike.h:859
ntohl
#define ntohl(value)
Definition: cpu_endian.h:422
IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
@ IKE_TRANSFORM_ID_DH_GROUP_BRAINPOOLP256R1
256-bit Brainpool ECP Group
Definition: ike.h:1035
IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
@ IKE_TRANSFORM_ID_PRF_HMAC_SHA2_512
Definition: ike.h:981
IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
@ IKE_TRANSFORM_ID_DH_GROUP_MODP_6144
6144-bit MODP Group
Definition: ike.h:1024
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
IKE_TS_TYPE_IPV6_ADDR_RANGE
@ IKE_TS_TYPE_IPV6_ADDR_RANGE
TS_IPV6_ADDR_RANGE.
Definition: ike.h:1245
debug.h
Debugging facilities.
IKE_ID_TYPE_FQDN
@ IKE_ID_TYPE_FQDN
Definition: ike.h:1088
ikeDumpFlags
void ikeDumpFlags(uint8_t flags)
Dump flags.
Definition: ike_debug.c:472
IkeSaPayload
IkeSaPayload
Definition: ike.h:1452
IKE_CERT_ENCODING_RAW_PUBLIC_KEY
@ IKE_CERT_ENCODING_RAW_PUBLIC_KEY
Raw Public Key.
Definition: ike.h:1118
arraysize
#define arraysize(a)
Definition: os_port.h:71
IKE_PAYLOAD_TYPE_GSA
@ IKE_PAYLOAD_TYPE_GSA
Group Security Association.
Definition: ike.h:869
IKE_PAYLOAD_TYPE_GSPM
@ IKE_PAYLOAD_TYPE_GSPM
Generic Secure Password Method.
Definition: ike.h:867
IKE_PAYLOAD_TYPE_TSR
@ IKE_PAYLOAD_TYPE_TSR
Traffic Selector - Responder.
Definition: ike.h:863
IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
@ IKE_NOTIFY_MSG_TYPE_INVALID_SYNTAX
Definition: ike.h:1150
IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
@ IKE_TRANSFORM_ID_ENCR_CAMELLIA_CCM_12
Definition: ike.h:955
IKE_TRANSFORM_ID_ENCR_AES_CCM_8
@ IKE_TRANSFORM_ID_ENCR_AES_CCM_8
Definition: ike.h:945
ikeDumpTsPayload
void ikeDumpTsPayload(const IkeTsPayload *payload, size_t length)
Dump Traffic Selector payload.
Definition: ike_debug.c:1343
IKE_TRANSFORM_TYPE_INTEG
@ IKE_TRANSFORM_TYPE_INTEG
Integrity Algorithm.
Definition: ike.h:911