Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2015 Cisco and/or its affiliates. |
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | * you may not use this file except in compliance with the License. |
| 5 | * You may obtain a copy of the License at: |
| 6 | * |
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | * |
| 9 | * Unless required by applicable law or agreed to in writing, software |
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | * See the License for the specific language governing permissions and |
| 13 | * limitations under the License. |
| 14 | */ |
| 15 | #ifndef __included_ikev2_h__ |
| 16 | #define __included_ikev2_h__ |
| 17 | |
| 18 | #include <vnet/vnet.h> |
| 19 | #include <vnet/ip/ip.h> |
| 20 | |
| 21 | #include <vppinfra/error.h> |
| 22 | |
| 23 | #define IKEV2_NONCE_SIZE 32 |
| 24 | |
| 25 | #define IKEV2_KEY_PAD "Key Pad for IKEv2" |
| 26 | |
| 27 | typedef u8 v8; |
| 28 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 29 | /* *INDENT-OFF* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 30 | typedef CLIB_PACKED (struct { |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 31 | u64 ispi; |
| 32 | u64 rspi; |
| 33 | u8 nextpayload; |
| 34 | u8 version; |
| 35 | u8 exchange; |
| 36 | u8 flags; |
| 37 | u32 msgid; u32 length; u8 payload[0]; |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 38 | }) ike_header_t; |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 39 | /* *INDENT-ON* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 40 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 41 | /* *INDENT-OFF* */ |
| 42 | typedef CLIB_PACKED (struct |
| 43 | { |
| 44 | u8 nextpayload; |
| 45 | u8 flags; |
| 46 | u16 length; |
| 47 | u16 dh_group; |
| 48 | u8 reserved[2]; u8 payload[0];}) ike_ke_payload_header_t; |
| 49 | /* *INDENT-ON* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 50 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 51 | /* *INDENT-OFF* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 52 | typedef CLIB_PACKED (struct { |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 53 | u8 nextpayload; |
| 54 | u8 flags; |
| 55 | u16 length; u8 payload[0]; |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 56 | }) ike_payload_header_t; |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 57 | /* *INDENT-ON* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 58 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 59 | /* *INDENT-OFF* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 60 | typedef CLIB_PACKED (struct { |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 61 | u8 nextpayload; |
| 62 | u8 flags; |
| 63 | u16 length; |
| 64 | u8 auth_method; |
| 65 | u8 reserved[3]; |
| 66 | u8 payload[0]; |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 67 | }) ike_auth_payload_header_t; |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 68 | /* *INDENT-ON* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 69 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 70 | /* *INDENT-OFF* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 71 | typedef CLIB_PACKED (struct { |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 72 | u8 nextpayload; |
| 73 | u8 flags; |
| 74 | u16 length; |
| 75 | u8 id_type; |
| 76 | u8 reserved[3]; u8 payload[0]; |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 77 | }) ike_id_payload_header_t; |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 78 | /* *INDENT-ON* */ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 79 | |
| 80 | #define IKE_VERSION_2 0x20 |
| 81 | |
| 82 | #define IKEV2_EXCHANGE_SA_INIT 34 |
| 83 | #define IKEV2_EXCHANGE_IKE_AUTH 35 |
| 84 | #define IKEV2_EXCHANGE_CREATE_CHILD_SA 36 |
| 85 | #define IKEV2_EXCHANGE_INFORMATIONAL 37 |
| 86 | |
| 87 | #define IKEV2_HDR_FLAG_INITIATOR (1<<3) |
| 88 | #define IKEV2_HDR_FLAG_VERSION (1<<4) |
| 89 | #define IKEV2_HDR_FLAG_RESPONSE (1<<5) |
| 90 | |
| 91 | #define IKEV2_PAYLOAD_FLAG_CRITICAL (1<<7) |
| 92 | |
| 93 | #define IKEV2_PAYLOAD_NONE 0 |
| 94 | #define IKEV2_PAYLOAD_SA 33 |
| 95 | #define IKEV2_PAYLOAD_KE 34 |
| 96 | #define IKEV2_PAYLOAD_IDI 35 |
| 97 | #define IKEV2_PAYLOAD_IDR 36 |
| 98 | #define IKEV2_PAYLOAD_AUTH 39 |
| 99 | #define IKEV2_PAYLOAD_NONCE 40 |
| 100 | #define IKEV2_PAYLOAD_NOTIFY 41 |
| 101 | #define IKEV2_PAYLOAD_DELETE 42 |
| 102 | #define IKEV2_PAYLOAD_VENDOR 43 |
| 103 | #define IKEV2_PAYLOAD_TSI 44 |
| 104 | #define IKEV2_PAYLOAD_TSR 45 |
| 105 | #define IKEV2_PAYLOAD_SK 46 |
| 106 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 107 | typedef enum |
| 108 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 109 | IKEV2_PROTOCOL_IKE = 1, |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 110 | IKEV2_PROTOCOL_AH = 2, |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 111 | IKEV2_PROTOCOL_ESP = 3, |
| 112 | } ikev2_protocol_id_t; |
| 113 | |
| 114 | #define foreach_ikev2_notify_msg_type \ |
| 115 | _( 0, NONE) \ |
| 116 | _( 1, UNSUPPORTED_CRITICAL_PAYLOAD) \ |
| 117 | _( 4, INVALID_IKE_SPI) \ |
| 118 | _( 5, INVALID_MAJOR_VERSION) \ |
| 119 | _( 7, INVALID_SYNTAX) \ |
| 120 | _( 8, INVALID_MESSAGE_ID) \ |
| 121 | _( 11, INVALID_SPI) \ |
| 122 | _( 14, NO_PROPOSAL_CHOSEN) \ |
| 123 | _( 17, INVALID_KE_PAYLOAD) \ |
| 124 | _( 24, AUTHENTICATION_FAILED) \ |
| 125 | _( 34, SINGLE_PAIR_REQUIRED) \ |
| 126 | _( 35, NO_ADDITIONAL_SAS) \ |
| 127 | _( 36, INTERNAL_ADDRESS_FAILURE) \ |
| 128 | _( 37, FAILED_CP_REQUIRED) \ |
| 129 | _( 38, TS_UNACCEPTABLE) \ |
| 130 | _( 39, INVALID_SELECTORS) \ |
| 131 | _( 40, UNACCEPTABLE_ADDRESSES) \ |
| 132 | _( 41, UNEXPECTED_NAT_DETECTED) \ |
| 133 | _( 42, USE_ASSIGNED_HoA) \ |
| 134 | _( 43, TEMPORARY_FAILURE) \ |
| 135 | _( 44, CHILD_SA_NOT_FOUND) \ |
| 136 | _( 45, INVALID_GROUP_ID) \ |
| 137 | _( 46, AUTHORIZATION_FAILED) \ |
| 138 | _(16384, INITIAL_CONTACT) \ |
| 139 | _(16385, SET_WINDOW_SIZE) \ |
| 140 | _(16386, ADDITIONAL_TS_POSSIBLE) \ |
| 141 | _(16387, IPCOMP_SUPPORTED) \ |
| 142 | _(16388, NAT_DETECTION_SOURCE_IP) \ |
| 143 | _(16389, NAT_DETECTION_DESTINATION_IP) \ |
| 144 | _(16390, COOKIE) \ |
| 145 | _(16391, USE_TRANSPORT_MODE) \ |
| 146 | _(16392, HTTP_CERT_LOOKUP_SUPPORTED) \ |
| 147 | _(16393, REKEY_SA) \ |
| 148 | _(16394, ESP_TFC_PADDING_NOT_SUPPORTED) \ |
| 149 | _(16395, NON_FIRST_FRAGMENTS_ALSO) \ |
| 150 | _(16396, MOBIKE_SUPPORTED) \ |
| 151 | _(16397, ADDITIONAL_IP4_ADDRESS) \ |
| 152 | _(16398, ADDITIONAL_IP6_ADDRESS) \ |
| 153 | _(16399, NO_ADDITIONAL_ADDRESSES) \ |
| 154 | _(16400, UPDATE_SA_ADDRESSES) \ |
| 155 | _(16401, COOKIE2) \ |
| 156 | _(16402, NO_NATS_ALLOWED) \ |
| 157 | _(16403, AUTH_LIFETIME) \ |
| 158 | _(16404, MULTIPLE_AUTH_SUPPORTED) \ |
| 159 | _(16405, ANOTHER_AUTH_FOLLOWS) \ |
| 160 | _(16406, REDIRECT_SUPPORTED) \ |
| 161 | _(16407, REDIRECT) \ |
| 162 | _(16408, REDIRECTED_FROM) \ |
| 163 | _(16409, TICKET_LT_OPAQUE) \ |
| 164 | _(16410, TICKET_REQUEST) \ |
| 165 | _(16411, TICKET_ACK) \ |
| 166 | _(16412, TICKET_NACK) \ |
| 167 | _(16413, TICKET_OPAQUE) \ |
| 168 | _(16414, LINK_ID) \ |
| 169 | _(16415, USE_WESP_MODE) \ |
| 170 | _(16416, ROHC_SUPPORTED) \ |
| 171 | _(16417, EAP_ONLY_AUTHENTICATION) \ |
| 172 | _(16418, CHILDLESS_IKEV2_SUPPORTED) \ |
| 173 | _(16419, QUICK_CRASH_DETECTION) \ |
| 174 | _(16420, IKEV2_MESSAGE_ID_SYNC_SUPPORTED) \ |
| 175 | _(16421, IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED) \ |
| 176 | _(16422, IKEV2_MESSAGE_ID_SYNC) \ |
| 177 | _(16423, IPSEC_REPLAY_COUNTER_SYNC) \ |
| 178 | _(16424, SECURE_PASSWORD_METHODS) \ |
| 179 | _(16425, PSK_PERSIST) \ |
| 180 | _(16426, PSK_CONFIRM) \ |
| 181 | _(16427, ERX_SUPPORTED) \ |
| 182 | _(16428, IFOM_CAPABILITY) \ |
| 183 | _(16429, SENDER_REQUEST_ID) \ |
| 184 | _(16430, IKEV2_FRAGMENTATION_SUPPORTED) \ |
| 185 | _(16431, SIGNATURE_HASH_ALGORITHMS) |
| 186 | |
| 187 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 188 | typedef enum |
| 189 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 190 | #define _(v,f) IKEV2_NOTIFY_MSG_##f = v, |
| 191 | foreach_ikev2_notify_msg_type |
| 192 | #undef _ |
| 193 | } ikev2_notify_msg_type_t; |
| 194 | |
| 195 | #define foreach_ikev2_transform_type \ |
Paul Vinciguerra | bdc0e6b | 2018-09-22 05:32:50 -0700 | [diff] [blame] | 196 | _(0, UNDEFINED, "undefined") \ |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 197 | _(1, ENCR, "encr") \ |
| 198 | _(2, PRF, "prf") \ |
| 199 | _(3, INTEG, "integ") \ |
| 200 | _(4, DH, "dh-group") \ |
| 201 | _(5, ESN, "esn") |
| 202 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 203 | typedef enum |
| 204 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 205 | #define _(v,f,s) IKEV2_TRANSFORM_TYPE_##f = v, |
| 206 | foreach_ikev2_transform_type |
| 207 | #undef _ |
| 208 | IKEV2_TRANSFORM_NUM_TYPES |
| 209 | } ikev2_transform_type_t; |
| 210 | |
| 211 | |
| 212 | #define foreach_ikev2_transform_encr_type \ |
| 213 | _(1 , DES_IV64, "des-iv64") \ |
| 214 | _(2 , DES, "des") \ |
| 215 | _(3 , 3DES, "3des") \ |
| 216 | _(4 , RC5, "rc5") \ |
| 217 | _(5 , IDEA, "idea") \ |
| 218 | _(6 , CAST, "cast") \ |
| 219 | _(7 , BLOWFISH, "blowfish") \ |
| 220 | _(8 , 3IDEA, "3idea") \ |
| 221 | _(9 , DES_IV32, "des-iv32") \ |
| 222 | _(11, NULL, "null") \ |
| 223 | _(12, AES_CBC, "aes-cbc") \ |
| 224 | _(13, AES_CTR, "aes-ctr") |
| 225 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 226 | typedef enum |
| 227 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 228 | #define _(v,f,str) IKEV2_TRANSFORM_ENCR_TYPE_##f = v, |
| 229 | foreach_ikev2_transform_encr_type |
| 230 | #undef _ |
| 231 | } ikev2_transform_encr_type_t; |
| 232 | |
| 233 | #define foreach_ikev2_transform_prf_type \ |
| 234 | _(1, PRF_HMAC_MD5, "hmac-md5") \ |
| 235 | _(2, PRF_HMAC_SHA1, "hmac-sha1") \ |
| 236 | _(3, PRF_MAC_TIGER, "mac-tiger") \ |
| 237 | _(4, PRF_AES128_XCBC, "aes128-xcbc") \ |
| 238 | _(5, PRF_HMAC_SHA2_256, "hmac-sha2-256") \ |
| 239 | _(6, PRF_HMAC_SHA2_384, "hmac-sha2-384") \ |
| 240 | _(7, PRF_HMAC_SHA2_512, "hmac-sha2-512") \ |
| 241 | _(8, PRF_AES128_CMAC, "aes128-cmac") |
| 242 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 243 | typedef enum |
| 244 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 245 | #define _(v,f,str) IKEV2_TRANSFORM_PRF_TYPE_##f = v, |
| 246 | foreach_ikev2_transform_prf_type |
| 247 | #undef _ |
| 248 | } ikev2_transform_prf_type_t; |
| 249 | |
| 250 | #define foreach_ikev2_transform_integ_type \ |
| 251 | _(0, NONE, "none") \ |
| 252 | _(1, AUTH_HMAC_MD5_96, "md5-96") \ |
| 253 | _(2, AUTH_HMAC_SHA1_96, "sha1-96") \ |
| 254 | _(3, AUTH_DES_MAC, "des-mac") \ |
| 255 | _(4, AUTH_KPDK_MD5, "kpdk-md5") \ |
| 256 | _(5, AUTH_AES_XCBC_96, "aes-xcbc-96") \ |
| 257 | _(6, AUTH_HMAC_MD5_128, "md5-128") \ |
| 258 | _(7, AUTH_HMAC_SHA1_160, "sha1-160") \ |
| 259 | _(8, AUTH_AES_CMAC_96, "cmac-96") \ |
| 260 | _(9, AUTH_AES_128_GMAC, "aes-128-gmac") \ |
| 261 | _(10, AUTH_AES_192_GMAC, "aes-192-gmac") \ |
| 262 | _(11, AUTH_AES_256_GMAC, "aes-256-gmac") \ |
| 263 | _(12, AUTH_HMAC_SHA2_256_128, "hmac-sha2-256-128") \ |
| 264 | _(13, AUTH_HMAC_SHA2_384_192, "hmac-sha2-384-192") \ |
| 265 | _(14, AUTH_HMAC_SHA2_512_256, "hmac-sha2-512-256") |
| 266 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 267 | typedef enum |
| 268 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 269 | #define _(v,f, str) IKEV2_TRANSFORM_INTEG_TYPE_##f = v, |
| 270 | foreach_ikev2_transform_integ_type |
| 271 | #undef _ |
| 272 | } ikev2_transform_integ_type_t; |
| 273 | |
| 274 | #if defined(OPENSSL_NO_CISCO_FECDH) |
| 275 | #define foreach_ikev2_transform_dh_type \ |
| 276 | _(0, NONE, "none") \ |
| 277 | _(1, MODP_768, "modp-768") \ |
| 278 | _(2, MODP_1024, "modp-1024") \ |
| 279 | _(5, MODP_1536, "modp-1536") \ |
| 280 | _(14, MODP_2048, "modp-2048") \ |
| 281 | _(15, MODP_3072, "modp-3072") \ |
| 282 | _(16, MODP_4096, "modp-4096") \ |
| 283 | _(17, MODP_6144, "modp-6144") \ |
| 284 | _(18, MODP_8192, "modp-8192") \ |
| 285 | _(19, ECP_256, "ecp-256") \ |
| 286 | _(20, ECP_384, "ecp-384") \ |
| 287 | _(21, ECP_521, "ecp-521") \ |
| 288 | _(22, MODP_1024_160, "modp-1024-160") \ |
| 289 | _(23, MODP_2048_224, "modp-2048-224") \ |
| 290 | _(24, MODP_2048_256, "modp-2048-256") \ |
| 291 | _(25, ECP_192, "ecp-192") \ |
| 292 | _(26, ECP_224, "ecp-224") \ |
| 293 | _(27, BRAINPOOL_224, "brainpool-224") \ |
| 294 | _(28, BRAINPOOL_256, "brainpool-256") \ |
| 295 | _(29, BRAINPOOL_384, "brainpool-384") \ |
| 296 | _(30, BRAINPOOL_512, "brainpool-512") |
| 297 | #else |
| 298 | #define foreach_ikev2_transform_dh_type \ |
| 299 | _(0, NONE, "none") \ |
| 300 | _(1, MODP_768, "modp-768") \ |
| 301 | _(2, MODP_1024, "modp-1024") \ |
| 302 | _(5, MODP_1536, "modp-1536") \ |
| 303 | _(14, MODP_2048, "modp-2048") \ |
| 304 | _(15, MODP_3072, "modp-3072") \ |
| 305 | _(16, MODP_4096, "modp-4096") \ |
| 306 | _(17, MODP_6144, "modp-6144") \ |
| 307 | _(18, MODP_8192, "modp-8192") \ |
| 308 | _(19, ECP_256, "ecp-256") \ |
| 309 | _(20, ECP_384, "ecp-384") \ |
| 310 | _(21, ECP_521, "ecp-521") \ |
| 311 | _(22, MODP_1024_160, "modp-1024-160") \ |
| 312 | _(23, MODP_2048_224, "modp-2048-224") \ |
| 313 | _(24, MODP_2048_256, "modp-2048-256") \ |
| 314 | _(25, ECP_192, "ecp-192") |
| 315 | #endif |
| 316 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 317 | typedef enum |
| 318 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 319 | #define _(v,f, str) IKEV2_TRANSFORM_DH_TYPE_##f = v, |
| 320 | foreach_ikev2_transform_dh_type |
| 321 | #undef _ |
| 322 | } ikev2_transform_dh_type_t; |
| 323 | |
| 324 | #define foreach_ikev2_transform_esn_type \ |
| 325 | _(0, NO_ESN, "no") \ |
| 326 | _(1, ESN, "yes") |
| 327 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 328 | typedef enum |
| 329 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 330 | #define _(v,f,str) IKEV2_TRANSFORM_ESN_TYPE_##f = v, |
| 331 | foreach_ikev2_transform_esn_type |
| 332 | #undef _ |
| 333 | } ikev2_transform_esn_type_t; |
| 334 | |
| 335 | #define foreach_ikev2_auth_method \ |
| 336 | _( 1, RSA_SIG, "rsa-sig") \ |
| 337 | _( 2, SHARED_KEY_MIC, "shared-key-mic") |
| 338 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 339 | typedef enum |
| 340 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 341 | #define _(v,f,s) IKEV2_AUTH_METHOD_##f = v, |
| 342 | foreach_ikev2_auth_method |
| 343 | #undef _ |
| 344 | } ikev2_auth_method_t; |
| 345 | |
| 346 | #define foreach_ikev2_id_type \ |
| 347 | _( 1, ID_IPV4_ADDR, "ip4-addr") \ |
| 348 | _( 2, ID_FQDN, "fqdn") \ |
| 349 | _( 3, ID_RFC822_ADDR, "rfc822") \ |
| 350 | _( 5, ID_IPV6_ADDR, "ip6-addr") \ |
| 351 | _( 9, ID_DER_ASN1_DN, "der-asn1-dn") \ |
| 352 | _(10, ID_DER_ASN1_GN, "der-asn1-gn") \ |
| 353 | _(11, ID_KEY_ID, "key-id") |
| 354 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 355 | typedef enum |
| 356 | { |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 357 | #define _(v,f,s) IKEV2_ID_TYPE_##f = v, |
| 358 | foreach_ikev2_id_type |
| 359 | #undef _ |
| 360 | } ikev2_id_type_t; |
| 361 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 362 | clib_error_t *ikev2_init (vlib_main_t * vm); |
| 363 | clib_error_t *ikev2_set_local_key (vlib_main_t * vm, u8 * file); |
| 364 | clib_error_t *ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add); |
| 365 | clib_error_t *ikev2_set_profile_auth (vlib_main_t * vm, u8 * name, |
| 366 | u8 auth_method, u8 * data, |
| 367 | u8 data_hex_format); |
| 368 | clib_error_t *ikev2_set_profile_id (vlib_main_t * vm, u8 * name, |
| 369 | u8 id_type, u8 * data, int is_local); |
| 370 | clib_error_t *ikev2_set_profile_ts (vlib_main_t * vm, u8 * name, |
| 371 | u8 protocol_id, u16 start_port, |
| 372 | u16 end_port, ip4_address_t start_addr, |
| 373 | ip4_address_t end_addr, int is_local); |
Radu Nicolau | cb33dc2 | 2017-02-16 16:49:46 +0000 | [diff] [blame] | 374 | clib_error_t *ikev2_set_profile_responder (vlib_main_t * vm, u8 * name, |
| 375 | u32 sw_if_index, |
| 376 | ip4_address_t ip4); |
| 377 | clib_error_t *ikev2_set_profile_ike_transforms (vlib_main_t * vm, u8 * name, |
| 378 | ikev2_transform_encr_type_t |
| 379 | crypto_alg, |
| 380 | ikev2_transform_integ_type_t |
| 381 | integ_alg, |
| 382 | ikev2_transform_dh_type_t |
| 383 | dh_type, u32 crypto_key_size); |
| 384 | clib_error_t *ikev2_set_profile_esp_transforms (vlib_main_t * vm, u8 * name, |
| 385 | ikev2_transform_encr_type_t |
| 386 | crypto_alg, |
| 387 | ikev2_transform_integ_type_t |
| 388 | integ_alg, |
| 389 | ikev2_transform_dh_type_t |
| 390 | dh_type, u32 crypto_key_size); |
| 391 | clib_error_t *ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name, |
| 392 | u64 lifetime, u32 jitter, |
| 393 | u32 handover, u64 maxdata); |
| 394 | clib_error_t *ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name); |
| 395 | clib_error_t *ikev2_initiate_delete_child_sa (vlib_main_t * vm, u32 ispi); |
| 396 | clib_error_t *ikev2_initiate_delete_ike_sa (vlib_main_t * vm, u64 ispi); |
| 397 | clib_error_t *ikev2_initiate_rekey_child_sa (vlib_main_t * vm, u32 ispi); |
| 398 | |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 399 | /* ikev2_format.c */ |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 400 | u8 *format_ikev2_auth_method (u8 * s, va_list * args); |
| 401 | u8 *format_ikev2_id_type (u8 * s, va_list * args); |
| 402 | u8 *format_ikev2_transform_type (u8 * s, va_list * args); |
| 403 | u8 *format_ikev2_notify_msg_type (u8 * s, va_list * args); |
| 404 | u8 *format_ikev2_transform_encr_type (u8 * s, va_list * args); |
| 405 | u8 *format_ikev2_transform_prf_type (u8 * s, va_list * args); |
| 406 | u8 *format_ikev2_transform_integ_type (u8 * s, va_list * args); |
| 407 | u8 *format_ikev2_transform_dh_type (u8 * s, va_list * args); |
| 408 | u8 *format_ikev2_transform_esn_type (u8 * s, va_list * args); |
| 409 | u8 *format_ikev2_sa_transform (u8 * s, va_list * args); |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 410 | |
| 411 | uword unformat_ikev2_auth_method (unformat_input_t * input, va_list * args); |
| 412 | uword unformat_ikev2_id_type (unformat_input_t * input, va_list * args); |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 413 | uword unformat_ikev2_transform_type (unformat_input_t * input, |
| 414 | va_list * args); |
| 415 | uword unformat_ikev2_transform_encr_type (unformat_input_t * input, |
| 416 | va_list * args); |
| 417 | uword unformat_ikev2_transform_prf_type (unformat_input_t * input, |
| 418 | va_list * args); |
| 419 | uword unformat_ikev2_transform_integ_type (unformat_input_t * input, |
| 420 | va_list * args); |
| 421 | uword unformat_ikev2_transform_dh_type (unformat_input_t * input, |
| 422 | va_list * args); |
| 423 | uword unformat_ikev2_transform_esn_type (unformat_input_t * input, |
| 424 | va_list * args); |
Ed Warnicke | cb9cada | 2015-12-08 15:45:58 -0700 | [diff] [blame] | 425 | |
| 426 | #endif /* __included_ikev2_h__ */ |
| 427 | |
Keith Burns (alagalah) | 166a9d4 | 2016-08-06 11:00:56 -0700 | [diff] [blame] | 428 | |
| 429 | /* |
| 430 | * fd.io coding-style-patch-verification: ON |
| 431 | * |
| 432 | * Local Variables: |
| 433 | * eval: (c-set-style "gnu") |
| 434 | * End: |
| 435 | */ |