FD.io VPP  v16.06
Vector Packet Processing
ikev2_priv.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __included_ikev2_priv_h__
16 #define __included_ikev2_priv_h__
17 
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 #include <vnet/ethernet/ethernet.h>
21 
22 #include <vnet/ipsec/ikev2.h>
23 
24 #include <vppinfra/hash.h>
25 #include <vppinfra/elog.h>
26 #include <vppinfra/error.h>
27 
28 #include <openssl/rand.h>
29 #include <openssl/dh.h>
30 #include <openssl/hmac.h>
31 #include <openssl/evp.h>
32 
33 #define IKEV2_DEBUG_PAYLOAD 1
34 
35 #if IKEV2_DEBUG_PAYLOAD == 1
36 #define DBG_PLD(my_args...) clib_warning(my_args)
37 #else
38 #define DBG_PLD(my_args...)
39 #endif
40 
41 typedef enum {
42  IKEV2_STATE_UNKNOWN,
43  IKEV2_STATE_SA_INIT,
44  IKEV2_STATE_DELETED,
45  IKEV2_STATE_AUTH_FAILED,
46  IKEV2_STATE_AUTHENTICATED,
47  IKEV2_STATE_NOTIFY_AND_DELETE,
48  IKEV2_STATE_TS_UNACCEPTABLE,
49  IKEV2_STATE_NO_PROPOSAL_CHOSEN,
50 } ikev2_state_t;
51 
52 typedef struct {
53  ikev2_auth_method_t method:8;
54  u8 * data;
55  u8 hex; /* hex encoding of the shared secret */
56  EVP_PKEY * key;
57 } ikev2_auth_t;
58 
59 typedef enum {
60  IKEV2_DH_GROUP_MODP = 0,
61  IKEV2_DH_GROUP_ECP = 1,
62 } ikev2_dh_group_t;
63 
64 typedef struct {
65  ikev2_transform_type_t type;
66  union {
67  u16 transform_id;
68  ikev2_transform_encr_type_t encr_type:16;
69  ikev2_transform_prf_type_t prf_type:16;
70  ikev2_transform_integ_type_t integ_type:16;
71  ikev2_transform_dh_type_t dh_type:16;
72  ikev2_transform_esn_type_t esn_type:16;
73  };
74  u8 * attrs;
75  u16 key_len;
76  u16 key_trunc;
77  u16 block_size;
78  u8 dh_group;
79  int nid;
80  const char * dh_p;
81  const char * dh_g;
82  const void * md;
83  const void * cipher;
84 } ikev2_sa_transform_t;
85 
86 typedef struct {
87  u8 proposal_num;
88  ikev2_protocol_id_t protocol_id:8;
89  u32 spi;
90  ikev2_sa_transform_t * transforms;
91 } ikev2_sa_proposal_t;
92 
93 typedef struct {
94  u8 ts_type;
95  u8 protocol_id;
96  u16 selector_len;
97  u16 start_port;
98  u16 end_port;
99  ip4_address_t start_addr;
100  ip4_address_t end_addr;
101 } ikev2_ts_t;
102 
103 typedef struct {
104  ikev2_id_type_t type:8;
105  u8 * data;
106 } ikev2_id_t;
107 
108 typedef struct {
109  /* sa proposals vectors */
110  ikev2_sa_proposal_t * i_proposals;
111  ikev2_sa_proposal_t * r_proposals;
112 
113  /* Traffic Selectors */
114  ikev2_ts_t * tsi;
115  ikev2_ts_t * tsr;
116 
117  /* keys */
118  u8 * sk_ai;
119  u8 * sk_ar;
120  u8 * sk_ei;
121  u8 * sk_er;
122 } ikev2_child_sa_t;
123 
124 typedef struct {
125  u8 protocol_id;
126  u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */
127 } ikev2_delete_t;
128 
129 typedef struct {
130  u8 protocol_id;
131  u32 spi;
132  ikev2_sa_proposal_t * i_proposal;
133  ikev2_sa_proposal_t * r_proposal;
134  ikev2_ts_t * tsi;
135  ikev2_ts_t * tsr;
136 } ikev2_rekey_t;
137 
138 typedef struct {
139  u16 msg_type;
140  u8 protocol_id;
141  u32 spi;
142  u8 * data;
143 } ikev2_notify_t;
144 
145 
146 typedef struct {
147  ikev2_state_t state;
148  u8 unsupported_cp;
149  u8 initial_contact;
150  ip4_address_t iaddr;
151  ip4_address_t raddr;
152  u64 ispi;
153  u64 rspi;
154  u8 * i_nonce;
155  u8 * r_nonce;
156 
157  /* DH data */
158  u16 dh_group;
159  u8 * dh_shared_key;
160  u8 * i_dh_data;
161  u8 * r_dh_data;
162 
163  /* sa proposals vectors */
164  ikev2_sa_proposal_t * i_proposals;
165  ikev2_sa_proposal_t * r_proposals;
166 
167  /* keys */
168  u8 * sk_d;
169  u8 * sk_ai;
170  u8 * sk_ar;
171  u8 * sk_ei;
172  u8 * sk_er;
173  u8 * sk_pi;
174  u8 * sk_pr;
175 
176  /* auth */
177  ikev2_auth_t i_auth;
178  ikev2_auth_t r_auth;
179 
180  /* ID */
181  ikev2_id_t i_id;
182  ikev2_id_t r_id;
183 
184  /* pending deletes */
185  ikev2_delete_t * del;
186 
187  /* pending rekeyings */
188  ikev2_rekey_t * rekey;
189 
190  /* packet data */
191  u8 * last_sa_init_req_packet_data;
192  u8 * last_sa_init_res_packet_data;
193 
194  /* retransmit */
195  u32 last_msg_id;
196  u8 * last_res_packet_data;
197 
198  ikev2_child_sa_t * childs;
199 } ikev2_sa_t;
200 
201 typedef struct {
202  u8 * name;
203  u8 is_enabled;
204 
205  ikev2_auth_t auth;
206  ikev2_id_t loc_id;
207  ikev2_id_t rem_id;
208  ikev2_ts_t loc_ts;
209  ikev2_ts_t rem_ts;
210 } ikev2_profile_t;
211 
212 typedef struct {
213  /* pool of IKEv2 Security Associations */
214  ikev2_sa_t * sas;
215 
216  /* pool of IKEv2 profiles */
217  ikev2_profile_t * profiles;
218 
219  /* vector of supported transform types */
220  ikev2_sa_transform_t * supported_transforms;
221 
222  /* hashes */
223  uword * sa_by_rspi;
224  mhash_t profile_index_by_name;
225 
226  /* local private key */
227  EVP_PKEY * pkey;
228 
229  /* convenience */
230  vlib_main_t * vlib_main;
231  vnet_main_t * vnet_main;
232 } ikev2_main_t;
233 
234 ikev2_main_t ikev2_main;
235 
236 void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t ** v);
237 ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t * p,
238  ikev2_transform_type_t type);
239 
240 /* ikev2_crypto.c */
241 v8 * ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data);
242 u8 * ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len);
243 v8 * ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len);
244 v8 * ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len);
245 int ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst);
246 void ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t);
247 int ikev2_verify_sign(EVP_PKEY *pkey, u8 * sigbuf, u8 * data);
248 u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 * data);
249 EVP_PKEY * ikev2_load_cert_file(u8 * file);
250 EVP_PKEY * ikev2_load_key_file(u8 * file);
251 void ikev2_crypto_init (ikev2_main_t * km);
252 
253 /* ikev2_payload.c */
254 typedef struct {
255  u8 first_payload_type;
256  u16 last_hdr_off;
257  u8 * data;
258 } ikev2_payload_chain_t;
259 
260 #define ikev2_payload_new_chain(V) vec_validate (V, 0)
261 #define ikev2_payload_destroy_chain(V) do { \
262  vec_free((V)->data); \
263  vec_free(V); \
264 } while (0)
265 
266 void ikev2_payload_add_notify(ikev2_payload_chain_t * c, u16 msg_type, u8 * data);
267 void ikev2_payload_add_sa(ikev2_payload_chain_t * c, ikev2_sa_proposal_t * proposals);
268 void ikev2_payload_add_ke(ikev2_payload_chain_t * c, u16 dh_group, u8 * dh_data);
269 void ikev2_payload_add_nonce(ikev2_payload_chain_t * c, u8 * nonce);
270 void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t * id, u8 type);
271 void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t * auth);
272 void ikev2_payload_add_ts(ikev2_payload_chain_t * c, ikev2_ts_t * ts, u8 type);
273 void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t * d);
274 void ikev2_payload_chain_add_padding(ikev2_payload_chain_t * c, int bs);
275 void ikev2_parse_vendor_payload(ike_payload_header_t * ikep);
276 ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t * ikep);
277 ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t * ikep);
278 ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t * ikep);
279 ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t * ikep);
280 
281 #endif /* __included_ikev2_priv_h__ */
282 
ikev2_payload_chain_t
Definition: ikev2_priv.h:254
ikev2_auth_t
Definition: ikev2_priv.h:52
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:159
ikev2_profile_t
Definition: ikev2_priv.h:201
mhash_t
Definition: mhash.h:46
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:65
ikev2_payload_add_sa
void ikev2_payload_add_sa(ikev2_payload_chain_t *c, ikev2_sa_proposal_t *proposals)
Definition: ikev2_payload.c:131
ikev2_notify_t::msg_type
u16 msg_type
Definition: ikev2_priv.h:139
ikev2_sa_t::r_id
ikev2_id_t r_id
Definition: ikev2_priv.h:182
IKEV2_STATE_SA_INIT
Definition: ikev2_priv.h:43
ikev2_payload_add_notify
void ikev2_payload_add_notify(ikev2_payload_chain_t *c, u16 msg_type, u8 *data)
Definition: ikev2_payload.c:121
ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:257
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:61
ikev2_main_t::pkey
EVP_PKEY * pkey
Definition: ikev2_priv.h:227
type
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:278
ikev2_auth_method_t
ikev2_auth_method_t
Definition: ikev2.h:326
ikev2_child_sa_t
Definition: ikev2_priv.h:108
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:185
ikev2_main_t::profiles
ikev2_profile_t * profiles
Definition: ikev2_priv.h:217
ikev2_id_t
Definition: ikev2_priv.h:103
v8
u8 v8
Definition: ikev2.h:27
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:77
ikev2_ts_t
Definition: ikev2_priv.h:93
ikev2_rekey_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:130
ikev2_sa_proposal_t::spi
u32 spi
Definition: ikev2_priv.h:89
ikev2_sa_t::state
ikev2_state_t state
Definition: ikev2_priv.h:147
ikev2_sa_t::sk_pi
u8 * sk_pi
Definition: ikev2_priv.h:173
ikev2_main
ikev2_main_t ikev2_main
Definition: ikev2_priv.h:234
ikev2_sa_t::initial_contact
u8 initial_contact
Definition: ikev2_priv.h:149
ikev2_rekey_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:134
IKEV2_STATE_NO_PROPOSAL_CHOSEN
Definition: ikev2_priv.h:49
ikev2_payload_add_id
void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t *id, u8 type)
Definition: ikev2_payload.c:210
ikev2_sa_t::r_auth
ikev2_auth_t r_auth
Definition: ikev2_priv.h:178
ikev2_auth_t::hex
u8 hex
Definition: ikev2_priv.h:55
ikev2_sa_t::last_sa_init_res_packet_data
u8 * last_sa_init_res_packet_data
Definition: ikev2_priv.h:192
ikev2_profile_t::auth
ikev2_auth_t auth
Definition: ikev2_priv.h:205
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:79
ikev2_rekey_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:135
ikev2_parse_ts_payload
ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:381
ikev2_profile_t::rem_id
ikev2_id_t rem_id
Definition: ikev2_priv.h:207
ikev2_sa_t::sk_d
u8 * sk_d
Definition: ikev2_priv.h:168
ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:306
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:499
ikev2_main_t
Definition: ikev2_priv.h:212
ikev2_payload_add_ts
void ikev2_payload_add_ts(ikev2_payload_chain_t *c, ikev2_ts_t *ts, u8 type)
Definition: ikev2_payload.c:260
ikev2_sa_t::last_msg_id
u32 last_msg_id
Definition: ikev2_priv.h:195
ikev2_ts_t::ts_type
u8 ts_type
Definition: ikev2_priv.h:94
IKEV2_STATE_UNKNOWN
Definition: ikev2_priv.h:42
ikev2_child_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:111
ikev2_payload_chain_t::first_payload_type
u8 first_payload_type
Definition: ikev2_priv.h:255
ikev2_sa_transform_t::transform_id
u16 transform_id
Definition: ikev2_priv.h:67
ikev2_ts_t::start_addr
ip4_address_t start_addr
Definition: ikev2_priv.h:99
ikev2_ts_t::selector_len
u16 selector_len
Definition: ikev2_priv.h:96
ikev2_delete_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:125
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:529
u64
unsigned long u64
Definition: types.h:89
ikev2_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:164
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:470
ikev2_id_t::data
u8 * data
Definition: ikev2_priv.h:105
ikev2_sa_t::i_auth
ikev2_auth_t i_auth
Definition: ikev2_priv.h:177
ikev2_child_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:121
ikev2_sa_proposal_t::proposal_num
u8 proposal_num
Definition: ikev2_priv.h:87
ikev2_profile_t::loc_id
ikev2_id_t loc_id
Definition: ikev2_priv.h:206
ikev2_sa_proposal_t::transforms
ikev2_sa_transform_t * transforms
Definition: ikev2_priv.h:90
ikev2_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:170
ikev2_child_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:119
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:161
ip4_address_t
Definition: ip4_packet.h:49
ikev2_sa_t::last_sa_init_req_packet_data
u8 * last_sa_init_req_packet_data
Definition: ikev2_priv.h:191
ikev2_profile_t::rem_ts
ikev2_ts_t rem_ts
Definition: ikev2_priv.h:209
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:160
ikev2_main_t::sa_by_rspi
uword * sa_by_rspi
Definition: ikev2_priv.h:223
ikev2_child_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:110
ikev2_sa_t::r_nonce
u8 * r_nonce
Definition: ikev2_priv.h:155
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:60
ikev2_main_t::profile_index_by_name
mhash_t profile_index_by_name
Definition: ikev2_priv.h:224
ikev2_ts_t::end_port
u16 end_port
Definition: ikev2_priv.h:98
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:220
ikev2_sa_t::rekey
ikev2_rekey_t * rekey
Definition: ikev2_priv.h:188
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:78
ikev2_payload_chain_add_padding
void ikev2_payload_chain_add_padding(ikev2_payload_chain_t *c, int bs)
Definition: ikev2_payload.c:289
ikev2_sa_transform_t
Definition: ikev2_priv.h:64
ikev2_protocol_id_t
ikev2_protocol_id_t
Definition: ikev2.h:102
ikev2_auth_t::data
u8 * data
Definition: ikev2_priv.h:54
ikev2_ts_t::end_addr
ip4_address_t end_addr
Definition: ikev2_priv.h:100
ikev2_sa_t::rspi
u64 rspi
Definition: ikev2_priv.h:153
ikev2_sa_t::iaddr
ip4_address_t iaddr
Definition: ikev2_priv.h:150
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:481
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:260
ikev2_sa_t::i_nonce
u8 * i_nonce
Definition: ikev2_priv.h:154
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:171
ikev2_parse_delete_payload
ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:465
ikev2_sa_t
Definition: ikev2_priv.h:146
ikev2_parse_sa_payload
ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:298
ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:218
ikev2_sa_t::del
ikev2_delete_t * del
Definition: ikev2_priv.h:185
ikev2_child_sa_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:114
ikev2_decrypt_data
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:340
IKEV2_STATE_AUTH_FAILED
Definition: ikev2_priv.h:45
ikev2_payload_add_nonce
void ikev2_payload_add_nonce(ikev2_payload_chain_t *c, u8 *nonce)
Definition: ikev2_payload.c:203
IKEV2_STATE_NOTIFY_AND_DELETE
Definition: ikev2_priv.h:47
ikev2_main_t::sas
ikev2_sa_t * sas
Definition: ikev2_priv.h:214
ikev2_sa_t::raddr
ip4_address_t raddr
Definition: ikev2_priv.h:151
ikev2_child_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:120
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:172
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:83
ikev2_notify_t::data
u8 * data
Definition: ikev2_priv.h:142
ikev2_profile_t::loc_ts
ikev2_ts_t loc_ts
Definition: ikev2_priv.h:208
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:165
IKEV2_STATE_AUTHENTICATED
Definition: ikev2_priv.h:46
vnet_main_t
Definition: vnet.h:58
ikev2_ts_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:95
u32
unsigned int u32
Definition: types.h:88
ikev2_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ikev2_priv.h:231
ikev2_id_type_t
ikev2_id_type_t
Definition: ikev2.h:341
ikev2_parse_notify_payload
ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:407
ikev2_payload_chain_t::last_hdr_off
u16 last_hdr_off
Definition: ikev2_priv.h:256
ikev2_transform_esn_type_t
ikev2_transform_esn_type_t
Definition: ikev2.h:316
ikev2_rekey_t
Definition: ikev2_priv.h:129
ikev2_rekey_t::r_proposal
ikev2_sa_proposal_t * r_proposal
Definition: ikev2_priv.h:133
ikev2_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:169
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:317
ikev2_sa_proposal_t
Definition: ikev2_priv.h:86
ikev2_rekey_t::spi
u32 spi
Definition: ikev2_priv.h:131
ikev2_sa_t::dh_group
u16 dh_group
Definition: ikev2_priv.h:158
ikev2_delete_t::spi
u32 spi
Definition: ikev2_priv.h:126
ikev2_child_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:118
ikev2_notify_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:140
ikev2_rekey_t::i_proposal
ikev2_sa_proposal_t * i_proposal
Definition: ikev2_priv.h:132
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:80
ikev2_auth_t::key
EVP_PKEY * key
Definition: ikev2_priv.h:56
ikev2_dh_group_t
ikev2_dh_group_t
Definition: ikev2_priv.h:59
uword
u64 uword
Definition: types.h:112
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:82
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:551
ikev2_payload_chain_t::data
u8 * data
Definition: ikev2_priv.h:257
ikev2_sa_t::last_res_packet_data
u8 * last_res_packet_data
Definition: ikev2_priv.h:196
ikev2_sa_transform_t::attrs
u8 * attrs
Definition: ikev2_priv.h:74
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:81
u16
unsigned short u16
Definition: types.h:57
ikev2_delete_t
Definition: ikev2_priv.h:124
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:75
ikev2_payload_add_auth
void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t *auth)
Definition: ikev2_payload.c:249
ikev2_profile_t::is_enabled
u8 is_enabled
Definition: ikev2_priv.h:203
ikev2_ts_t::start_port
u16 start_port
Definition: ikev2_priv.h:97
ikev2_payload_add_ke
void ikev2_payload_add_ke(ikev2_payload_chain_t *c, u16 dh_group, u8 *dh_data)
Definition: ikev2_payload.c:192
u8
unsigned char u8
Definition: types.h:56
ikev2_sa_t::sk_pr
u8 * sk_pr
Definition: ikev2_priv.h:174
vlib_main_t
Definition: main.h:59
ikev2_sa_t::i_id
ikev2_id_t i_id
Definition: ikev2_priv.h:181
ikev2_child_sa_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:115
ikev2_sa_t::childs
ikev2_child_sa_t * childs
Definition: ikev2_priv.h:198
ikev2_profile_t::name
u8 * name
Definition: ikev2_priv.h:202
ikev2_parse_vendor_payload
void ikev2_parse_vendor_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:447
ikev2_notify_t
Definition: ikev2_priv.h:138
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:370
ikev2_payload_add_delete
void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t *d)
Definition: ikev2_payload.c:220
ikev2_transform_prf_type_t
ikev2_transform_prf_type_t
Definition: ikev2.h:234
ikev2_sa_t::unsupported_cp
u8 unsupported_cp
Definition: ikev2_priv.h:148
ikev2_sa_free_proposal_vector
void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t **v)
Definition: ikev2.c:214
ikev2_sa_t::ispi
u64 ispi
Definition: ikev2_priv.h:152
IKEV2_STATE_DELETED
Definition: ikev2_priv.h:44
ikev2_transform_type_t
ikev2_transform_type_t
Definition: ikev2.h:196
ikev2_notify_t::spi
u32 spi
Definition: ikev2_priv.h:141
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:396
ikev2_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ikev2_priv.h:230
IKEV2_STATE_TS_UNACCEPTABLE
Definition: ikev2_priv.h:48
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:76
ikev2_state_t
ikev2_state_t
Definition: ikev2_priv.h:41