Data Structures | Macros | Enumerations | Functions
ipsec.h File Reference

IPsec (IP security) More...

#include "ipsec_config.h"
#include "core/net.h"
#include "core/udp.h"
#include "core/tcp.h"
#include "ipv4/icmp.h"
#include "core/crypto.h"
#include "ah/ah.h"
#include "esp/esp.h"
#include "cipher/cipher_algorithms.h"
#include "cipher_modes/cipher_modes.h"
#include "hash/hash_algorithms.h"
#include "mac/mac_algorithms.h"

Go to the source code of this file.

Data Structures

struct  IpsecAddrRange
 IP address range. More...
 
struct  IpsecPortRange
 Port range. More...
 
struct  IpsecSelector
 IPsec selector. More...
 
struct  IpsecPacketInfo
 IP packet information. More...
 
union  IpsecId
 IPsec ID. More...
 
struct  IpsecSpdEntry
 Security Policy Database (SPD) entry. More...
 
struct  _IpsecSadEntry
 Security Association Database (SAD) entry. More...
 
struct  IpsecPadEntry
 Peer Authorization Database (PAD) entry. More...
 
struct  IpsecSettings
 IPsec settings. More...
 
struct  IpsecContext
 IPsec context. More...
 

Macros

#define IpsecSadEntry   struct _IpsecSadEntry
 
#define CYCLONE_IPSEC_VERSION_STRING   "2.5.4"
 
#define CYCLONE_IPSEC_MAJOR_VERSION   2
 
#define CYCLONE_IPSEC_MINOR_VERSION   5
 
#define CYCLONE_IPSEC_REV_NUMBER   4
 
#define IPSEC_SUPPORT   ENABLED
 
#define IPSEC_ANTI_REPLAY_SUPPORT   ENABLED
 
#define IPSEC_ANTI_REPLAY_WINDOW_SIZE   64
 
#define IPSEC_MAX_ID_LEN   64
 
#define IPSEC_MAX_PSK_LEN   64
 
#define IPSEC_MAX_ENC_KEY_LEN   36
 
#define IPSEC_MAX_AUTH_KEY_LEN   64
 
#define IPSEC_SPI_SIZE   4
 
#define IPSEC_PROTOCOL_ANY   0
 
#define IPSEC_PORT_START_ANY   0
 
#define IPSEC_PORT_END_ANY   65535
 
#define IPSEC_PORT_START_OPAQUE   65535
 
#define IPSEC_PORT_END_OPAQUE   0
 
#define IPSEC_ICMP_PORT(type, code)   (((type) * 256) + (code))
 

Enumerations

enum  IpsecDirection { IPSEC_DIR_INVALID = 0, IPSEC_DIR_INBOUND = 1, IPSEC_DIR_OUTBOUND = 2 }
 Direction. More...
 
enum  IpsecAuthMethod { IPSEC_AUTH_METHOD_INVALID = 0, IPSEC_AUTH_METHOD_IKEV1 = 1, IPSEC_AUTH_METHOD_IKEV2 = 2, IPSEC_AUTH_METHOD_KINK = 3 }
 Authentication methods. More...
 
enum  IpsecProtocol { IPSEC_PROTOCOL_INVALID = 0, IPSEC_PROTOCOL_AH = 2, IPSEC_PROTOCOL_ESP = 3 }
 Security protocols. More...
 
enum  IpsecMode { IPSEC_MODE_INVALID = 0, IPSEC_MODE_TUNNEL = 1, IPSEC_MODE_TRANSPORT = 2 }
 IPsec protocol modes. More...
 
enum  IpsecIdType {
  IPSEC_ID_TYPE_IPV4_ADDR = 1, IPSEC_ID_TYPE_FQDN = 2, IPSEC_ID_TYPE_RFC822_ADDR = 3, IPSEC_ID_TYPE_IPV6_ADDR = 5,
  IPSEC_ID_TYPE_DN = 9, IPSEC_ID_TYPE_KEY_ID = 11
}
 ID types. More...
 
enum  IpsecPolicyAction { IPSEC_POLICY_ACTION_INVALID = 0, IPSEC_POLICY_ACTION_DISCARD = 1, IPSEC_POLICY_ACTION_BYPASS = 2, IPSEC_POLICY_ACTION_PROTECT = 3 }
 Policy action. More...
 
enum  IpsecPfpFlags {
  IPSEC_PFP_FLAG_LOCAL_ADDR = 0x01, IPSEC_PFP_FLAG_REMOTE_ADDR = 0x02, IPSEC_PFP_FLAG_NEXT_PROTOCOL = 0x04, IPSEC_PFP_FLAG_LOCAL_PORT = 0x08,
  IPSEC_PFP_FLAG_REMOTE_PORT = 0x10
}
 PFP flags. More...
 
enum  IpsecDfPolicy { IPSEC_DF_POLICY_CLEAR = 0, IPSEC_DF_POLICY_SET = 1, IPSEC_DF_POLICY_COPY = 2 }
 DF flag policy. More...
 
enum  IpsecSaState { IPSEC_SA_STATE_CLOSED = 0, IPSEC_SA_STATE_RESERVED = 1, IPSEC_SA_STATE_OPEN = 2 }
 IPsec SAD entry state. More...
 

Functions

void ipsecGetDefaultSettings (IpsecSettings *settings)
 Initialize settings with default values. More...
 
error_t ipsecInit (IpsecContext *context, const IpsecSettings *settings)
 IPsec service initialization. More...
 
error_t ipsecSetSpdEntry (IpsecContext *context, uint_t index, IpsecSpdEntry *params)
 Set entry at specified index in SPD database. More...
 
error_t ipsecClearSpdEntry (IpsecContext *context, uint_t index)
 Clear entry at specified index in SPD database. More...
 
error_t ipsecSetSadEntry (IpsecContext *context, uint_t index, IpsecSadEntry *params)
 Set entry at specified index in SAD database. More...
 
error_t ipsecClearSadEntry (IpsecContext *context, uint_t index)
 Clear entry at specified index in SAD database. More...
 
error_t ipsecSetPadEntry (IpsecContext *context, uint_t index, IpsecPadEntry *params)
 Set entry at specified index in PAD database. More...
 
error_t ipsecClearPadEntry (IpsecContext *context, uint_t index)
 Clear entry at specified index in PAD database. More...
 

Detailed Description

IPsec (IP security)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneIPSEC Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.5.4

Definition in file ipsec.h.

Macro Definition Documentation

◆ CYCLONE_IPSEC_MAJOR_VERSION

#define CYCLONE_IPSEC_MAJOR_VERSION   2

Definition at line 82 of file ipsec.h.

◆ CYCLONE_IPSEC_MINOR_VERSION

#define CYCLONE_IPSEC_MINOR_VERSION   5

Definition at line 84 of file ipsec.h.

◆ CYCLONE_IPSEC_REV_NUMBER

#define CYCLONE_IPSEC_REV_NUMBER   4

Definition at line 86 of file ipsec.h.

◆ CYCLONE_IPSEC_VERSION_STRING

#define CYCLONE_IPSEC_VERSION_STRING   "2.5.4"

Definition at line 80 of file ipsec.h.

◆ IPSEC_ANTI_REPLAY_SUPPORT

#define IPSEC_ANTI_REPLAY_SUPPORT   ENABLED

Definition at line 97 of file ipsec.h.

◆ IPSEC_ANTI_REPLAY_WINDOW_SIZE

#define IPSEC_ANTI_REPLAY_WINDOW_SIZE   64

Definition at line 104 of file ipsec.h.

◆ IPSEC_ICMP_PORT

#define IPSEC_ICMP_PORT (   type,
  code 
)    (((type) * 256) + (code))

Definition at line 152 of file ipsec.h.

◆ IPSEC_MAX_AUTH_KEY_LEN

#define IPSEC_MAX_AUTH_KEY_LEN   64

Definition at line 132 of file ipsec.h.

◆ IPSEC_MAX_ENC_KEY_LEN

#define IPSEC_MAX_ENC_KEY_LEN   36

Definition at line 125 of file ipsec.h.

◆ IPSEC_MAX_ID_LEN

#define IPSEC_MAX_ID_LEN   64

Definition at line 111 of file ipsec.h.

◆ IPSEC_MAX_PSK_LEN

#define IPSEC_MAX_PSK_LEN   64

Definition at line 118 of file ipsec.h.

◆ IPSEC_PORT_END_ANY

#define IPSEC_PORT_END_ANY   65535

Definition at line 145 of file ipsec.h.

◆ IPSEC_PORT_END_OPAQUE

#define IPSEC_PORT_END_OPAQUE   0

Definition at line 149 of file ipsec.h.

◆ IPSEC_PORT_START_ANY

#define IPSEC_PORT_START_ANY   0

Definition at line 144 of file ipsec.h.

◆ IPSEC_PORT_START_OPAQUE

#define IPSEC_PORT_START_OPAQUE   65535

Definition at line 148 of file ipsec.h.

◆ IPSEC_PROTOCOL_ANY

#define IPSEC_PROTOCOL_ANY   0

Definition at line 141 of file ipsec.h.

◆ IPSEC_SPI_SIZE

#define IPSEC_SPI_SIZE   4

Definition at line 138 of file ipsec.h.

◆ IPSEC_SUPPORT

#define IPSEC_SUPPORT   ENABLED

Definition at line 90 of file ipsec.h.

◆ IpsecSadEntry

#define IpsecSadEntry   struct _IpsecSadEntry

Definition at line 36 of file ipsec.h.

Enumeration Type Documentation

◆ IpsecAuthMethod

enum IpsecAuthMethod

Authentication methods.

Enumerator
IPSEC_AUTH_METHOD_INVALID 
IPSEC_AUTH_METHOD_IKEV1 
IPSEC_AUTH_METHOD_IKEV2 
IPSEC_AUTH_METHOD_KINK 

Definition at line 176 of file ipsec.h.

◆ IpsecDfPolicy

enum IpsecDfPolicy

DF flag policy.

Enumerator
IPSEC_DF_POLICY_CLEAR 
IPSEC_DF_POLICY_SET 
IPSEC_DF_POLICY_COPY 

Definition at line 255 of file ipsec.h.

◆ IpsecDirection

enum IpsecDirection

Direction.

Enumerator
IPSEC_DIR_INVALID 
IPSEC_DIR_INBOUND 
IPSEC_DIR_OUTBOUND 

Definition at line 164 of file ipsec.h.

◆ IpsecIdType

enum IpsecIdType

ID types.

Enumerator
IPSEC_ID_TYPE_IPV4_ADDR 

IPv4 address.

IPSEC_ID_TYPE_FQDN 

Fully-qualified domain name.

IPSEC_ID_TYPE_RFC822_ADDR 

RFC 822 email address.

IPSEC_ID_TYPE_IPV6_ADDR 

IPv6 address.

IPSEC_ID_TYPE_DN 

X.500 distinguished name.

IPSEC_ID_TYPE_KEY_ID 

Key ID.

Definition at line 213 of file ipsec.h.

◆ IpsecMode

enum IpsecMode

IPsec protocol modes.

Enumerator
IPSEC_MODE_INVALID 
IPSEC_MODE_TUNNEL 
IPSEC_MODE_TRANSPORT 

Definition at line 201 of file ipsec.h.

◆ IpsecPfpFlags

enum IpsecPfpFlags

PFP flags.

Enumerator
IPSEC_PFP_FLAG_LOCAL_ADDR 
IPSEC_PFP_FLAG_REMOTE_ADDR 
IPSEC_PFP_FLAG_NEXT_PROTOCOL 
IPSEC_PFP_FLAG_LOCAL_PORT 
IPSEC_PFP_FLAG_REMOTE_PORT 

Definition at line 241 of file ipsec.h.

◆ IpsecPolicyAction

enum IpsecPolicyAction

Policy action.

Enumerator
IPSEC_POLICY_ACTION_INVALID 
IPSEC_POLICY_ACTION_DISCARD 
IPSEC_POLICY_ACTION_BYPASS 
IPSEC_POLICY_ACTION_PROTECT 

Definition at line 228 of file ipsec.h.

◆ IpsecProtocol

enum IpsecProtocol

Security protocols.

Enumerator
IPSEC_PROTOCOL_INVALID 
IPSEC_PROTOCOL_AH 
IPSEC_PROTOCOL_ESP 

Definition at line 189 of file ipsec.h.

◆ IpsecSaState

enum IpsecSaState

IPsec SAD entry state.

Enumerator
IPSEC_SA_STATE_CLOSED 
IPSEC_SA_STATE_RESERVED 
IPSEC_SA_STATE_OPEN 

Definition at line 267 of file ipsec.h.

Function Documentation

◆ ipsecClearPadEntry()

error_t ipsecClearPadEntry ( IpsecContext context,
uint_t  index 
)

Clear entry at specified index in PAD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
Returns
Error code

Definition at line 355 of file ipsec.c.

◆ ipsecClearSadEntry()

error_t ipsecClearSadEntry ( IpsecContext context,
uint_t  index 
)

Clear entry at specified index in SAD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
Returns
Error code

Definition at line 268 of file ipsec.c.

◆ ipsecClearSpdEntry()

error_t ipsecClearSpdEntry ( IpsecContext context,
uint_t  index 
)

Clear entry at specified index in SPD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
Returns
Error code

Definition at line 159 of file ipsec.c.

◆ ipsecGetDefaultSettings()

void ipsecGetDefaultSettings ( IpsecSettings settings)

Initialize settings with default values.

Parameters
[out]settingsStructure that contains IPsec settings

Definition at line 48 of file ipsec.c.

◆ ipsecInit()

error_t ipsecInit ( IpsecContext context,
const IpsecSettings settings 
)

IPsec service initialization.

Parameters
[in]contextPointer to the IPsec context
[in]settingsIPsec specific settings
Returns
Error code

Definition at line 75 of file ipsec.c.

◆ ipsecSetPadEntry()

error_t ipsecSetPadEntry ( IpsecContext context,
uint_t  index,
IpsecPadEntry params 
)

Set entry at specified index in PAD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
[in]paramsPointer to the structure describing the PAD entry
Returns
Error code

Definition at line 329 of file ipsec.c.

◆ ipsecSetSadEntry()

error_t ipsecSetSadEntry ( IpsecContext context,
uint_t  index,
IpsecSadEntry params 
)

Set entry at specified index in SAD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
[in]paramsPointer to the structure describing the SAD entry
Returns
Error code

Definition at line 185 of file ipsec.c.

◆ ipsecSetSpdEntry()

error_t ipsecSetSpdEntry ( IpsecContext context,
uint_t  index,
IpsecSpdEntry params 
)

Set entry at specified index in SPD database.

Parameters
[in]contextPointer to the IPsec context
[in]indexZero-based index identifying a given entry
[in]paramsPointer to the structure describing the SPD entry
Returns
Error code

Definition at line 133 of file ipsec.c.