protocol

package

v0.0.0-...-2e9568b Latest Latest Go to latest Published: Jul 7, 2017 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/msgboxio/ike

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func EncodePayloads(payloads *Payloads) (b []byte)
type AttributeType
type AuthMethod
- func (i AuthMethod) String() string
type AuthPayload
- func (s *AuthPayload) Decode(b []byte) error
- func (s *AuthPayload) Encode() (b []byte)
- func (s *AuthPayload) Type() PayloadType
type AuthTransformId
- func (i AuthTransformId) String() string
type CertEncodingType
type CertPayload
- func (s *CertPayload) Decode(b []byte) error
- func (s *CertPayload) Encode() (b []byte)
- func (s *CertPayload) Type() PayloadType
type CertRequestPayload
- func (s *CertRequestPayload) Decode(b []byte) (err error)
- func (s *CertRequestPayload) Encode() (b []byte)
- func (s *CertRequestPayload) Type() PayloadType
type ConfigurationAttribute
type ConfigurationAttributeType
type ConfigurationPayload
- func (s *ConfigurationPayload) Decode(b []byte) error
- func (s *ConfigurationPayload) Encode() (b []byte)
- func (s *ConfigurationPayload) Type() PayloadType
type ConfigurationType
type DeletePayload
- func (s *DeletePayload) Decode(b []byte) error
- func (s *DeletePayload) Encode() (b []byte)
- func (s *DeletePayload) Type() PayloadType
type DhTransformId
- func (i DhTransformId) String() string
type EapPayload
- func (s *EapPayload) Decode(b []byte) (err error)
- func (s *EapPayload) Encode() (b []byte)
- func (s *EapPayload) Type() PayloadType
type EncrTransformId
- func (i EncrTransformId) String() string
type EncryptedPayload
- func (s *EncryptedPayload) Decode(b []byte) (err error)
- func (s *EncryptedPayload) Encode() (b []byte)
- func (s *EncryptedPayload) Type() PayloadType
type EsnTransformId
type HashAlgorithmId
- func (i HashAlgorithmId) String() string
type IdPayload
- func (s *IdPayload) Decode(b []byte) error
- func (s *IdPayload) Encode() (b []byte)
- func (s *IdPayload) Type() PayloadType
type IdType
- func (i IdType) String() string
type IkeErrorCode
- func GetIkeErrorCode(nt NotificationType) (IkeErrorCode, bool)
- func (e IkeErrorCode) Error() string
type IkeExchangeType
- func (i IkeExchangeType) String() string
type IkeFlags
- func (f IkeFlags) IsInitiator() bool
- func (f IkeFlags) IsResponse() bool
- func (f IkeFlags) String() string
type IkeHeader
- func DecodeIkeHeader(b []byte) (h *IkeHeader, err error)
- func (h *IkeHeader) Encode() (b []byte)
type KePayload
- func (s *KePayload) Decode(b []byte) error
- func (s *KePayload) Encode() (b []byte)
- func (s *KePayload) Type() PayloadType
type NoncePayload
- func (s *NoncePayload) Decode(b []byte) error
- func (s *NoncePayload) Encode() (b []byte)
- func (s *NoncePayload) Type() PayloadType
type NotificationType
- func (i NotificationType) String() string
type NotifyPayload
- func (s *NotifyPayload) Decode(b []byte) (err error)
- func (s *NotifyPayload) Encode() (b []byte)
- func (s *NotifyPayload) Type() PayloadType
type Packet
type Payload
type PayloadHeader
- func (h *PayloadHeader) Decode(b []byte) error
- func (h PayloadHeader) Encode() (b []byte)
- func (h *PayloadHeader) Header() *PayloadHeader
- func (h *PayloadHeader) NextPayloadType() PayloadType
type PayloadType
- func (p PayloadType) String() string
type Payloads
- func DecodePayloads(b []byte, nextPayload PayloadType) (*Payloads, error)
- func MakePayloads() *Payloads
- func (p *Payloads) Add(t Payload)
- func (p *Payloads) Get(t PayloadType) Payload
- func (p *Payloads) GetCertchain() (chain []*x509.Certificate, err error)
- func (p *Payloads) GetNotification(nt NotificationType) *NotifyPayload
- func (p *Payloads) GetNotifications() (ns []*NotifyPayload)
- func (p Payloads) MarshalJSON() ([]byte, error)
- func (p Payloads) String() string
type PolicyParams
type PrfTransformId
- func (i PrfTransformId) String() string
type Proposals
- func ProposalFromTransform(prot ProtocolID, trs TransformMap, spi []byte) Proposals
type ProtocolID
- func (p ProtocolID) String() string
type SaPayload
- func (s *SaPayload) Decode(b []byte) (err error)
- func (s *SaPayload) Encode() (b []byte)
- func (s *SaPayload) Type() PayloadType
type SaProposal
- func (prop *SaProposal) IsSpiSizeCorrect(spiSize int) bool
type SaTransform
- func (tr *SaTransform) IsEqual(other *SaTransform) bool
type Selector
- func (s Selector) String() string
type SelectorType
type Selectors
type SignatureAuth
- func (s *SignatureAuth) Decode(b []byte) error
- func (s *SignatureAuth) Encode() (b []byte)
type Spi
- func (s *Spi) MarshalJSON() ([]byte, error)
- func (s Spi) String() string
type TrafficSelectorPayload
- func (s *TrafficSelectorPayload) Decode(b []byte) error
- func (s *TrafficSelectorPayload) Encode() (b []byte)
- func (s *TrafficSelectorPayload) Type() PayloadType
type Transform
type TransformAttribute
type TransformMap
- func EspTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, esn EsnTransformId) TransformMap
- func IkeTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, prf PrfTransformId, ...) TransformMap
- func (t TransformMap) AsList() (trs []*SaTransform)
- func (t TransformMap) GetType(ty TransformType) *Transform
- func (t TransformMap) Within(proposed []*SaTransform) bool
type TransformType
- func (p TransformType) String() string
type VendorIdPayload
- func (s *VendorIdPayload) Decode(b []byte) (err error)
- func (s *VendorIdPayload) Encode() (b []byte)
- func (s *VendorIdPayload) Type() PayloadType

Constants ¶

View Source

const (
	IKE_PORT      = 500
	IKE_NATT_PORT = 4500
)

View Source

const (
	LOG_PACKET_JS = 3
	LOG_CODEC     = 4
	LOG_CODEC_ERR = 2
)

View Source

const (
	IKEV2_MAJOR_VERSION = 2
	IKEV2_MINOR_VERSION = 0
)

View Source

const (
	IKE_HEADER_LEN      = 28
	MAX_IKE_MESSAGE_LEN = 3000 // section 2
)

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

View Source

const (
	MIN_LEN_ATTRIBUTE = 4
)

View Source

const (
	MIN_LEN_PROPOSAL = 8
)

View Source

const (
	MIN_LEN_SELECTOR = 8
)

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TS Type |IP Protocol ID*| Selector Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Start Port* | End Port* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Starting Address* ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Ending Address* ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

View Source

const (
	MIN_LEN_TRAFFIC_SELECTOR = 4
)

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of TSs | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ <Traffic Selectors> ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

View Source

const (
	MIN_LEN_TRANSFORM = 8
)

View Source

const (
	PAYLOAD_HEADER_LENGTH = 4
)

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Variables ¶

View Source

var PacketLog = false

Functions ¶

func EncodePayloads ¶

func EncodePayloads(payloads *Payloads) (b []byte)

Types ¶

type AttributeType ¶

type AttributeType uint16

const (
	ATTRIBUTE_TYPE_KEY_LENGTH AttributeType = 14
)

type AuthMethod ¶

type AuthMethod uint8

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Auth Method | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Authentication Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

const (
	AUTH_RSA_DIGITAL_SIGNATURE             AuthMethod = 1
	AUTH_SHARED_KEY_MESSAGE_INTEGRITY_CODE AuthMethod = 2
	AUTH_DSS_DIGITAL_SIGNATURE             AuthMethod = 3
	AUTH_ECDSA_256                         AuthMethod = 9  // RFC4754
	AUTH_ECDSA_384                         AuthMethod = 10 // RFC4754
	AUTH_ECDSA_521                         AuthMethod = 11 // RFC4754
	AUTH_DIGITAL_SIGNATURE                 AuthMethod = 14 // RFC7427
)

func (AuthMethod) String ¶

func (i AuthMethod) String() string

type AuthPayload ¶

type AuthPayload struct {
	*PayloadHeader
	AuthMethod AuthMethod
	Data       []byte
}

func (*AuthPayload) Decode ¶

func (s *AuthPayload) Decode(b []byte) error

func (*AuthPayload) Encode ¶

func (s *AuthPayload) Encode() (b []byte)

func (*AuthPayload) Type ¶

func (s *AuthPayload) Type() PayloadType

type AuthTransformId ¶

type AuthTransformId uint16

const (
	AUTH_NONE              AuthTransformId = 0  //	[RFC7296]
	AUTH_HMAC_MD5_96       AuthTransformId = 1  //	[RFC2403][RFC7296]
	AUTH_HMAC_SHA1_96      AuthTransformId = 2  //	[RFC2404][RFC7296]
	AUTH_DES_MAC           AuthTransformId = 3  //	[RFC7296]
	AUTH_KPDK_MD5          AuthTransformId = 4  //	[RFC7296]
	AUTH_AES_XCBC_96       AuthTransformId = 5  //	[RFC3566][RFC7296]
	AUTH_HMAC_MD5_128      AuthTransformId = 6  //	[RFC4595]
	AUTH_HMAC_SHA1_160     AuthTransformId = 7  //	[RFC4595]
	AUTH_AES_CMAC_96       AuthTransformId = 8  //	[RFC4494]
	AUTH_AES_128_GMAC      AuthTransformId = 9  //	[RFC4543]
	AUTH_AES_192_GMAC      AuthTransformId = 10 //	[RFC4543]
	AUTH_AES_256_GMAC      AuthTransformId = 11 //	[RFC4543]
	AUTH_HMAC_SHA2_256_128 AuthTransformId = 12 //	[RFC4868]
	AUTH_HMAC_SHA2_384_192 AuthTransformId = 13 //	[RFC4868]
	AUTH_HMAC_SHA2_512_256 AuthTransformId = 14 //	[RFC4868]

)

func (AuthTransformId) String ¶

func (i AuthTransformId) String() string

type CertEncodingType ¶

type CertEncodingType uint8

const (
	PKCS_7_WRAPPED_X_509_CERTIFICATE CertEncodingType = 1 // UNSPECIFIED
	PGP_CERTIFICATE                  CertEncodingType = 2 // UNSPECIFIED
	DNS_SIGNED_KEY                   CertEncodingType = 3 // UNSPECIFIED
	X_509_CERTIFICATE_SIGNATURE      CertEncodingType = 4
	KERBEROS_TOKEN                   CertEncodingType = 6 // UNSPECIFIED
	CERTIFICATE_REVOCATION_LIST      CertEncodingType = 7
	AUTHORITY_REVOCATION_LIST        CertEncodingType = 8  // UNSPECIFIED
	SPKI_CERTIFICATE                 CertEncodingType = 9  // UNSPECIFIED
	X_509_CERTIFICATE_ATTRIBUTE      CertEncodingType = 10 // UNSPECIFIED
	RAW_RSA_KEY                      CertEncodingType = 11 // DEPRECATED
	HASH_URL_OF_X_509_CERTIFICATE    CertEncodingType = 12
	HASH_URL_OF_X_509_BUNDLE         CertEncodingType = 13
)

rfc7296 section 3.6

type CertPayload ¶

type CertPayload struct {
	*PayloadHeader
	CertEncodingType
	Data []byte
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cert Encoding | | +-+-+-+-+-+-+-+-+ | ~ Certificate Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*CertPayload) Decode ¶

func (s *CertPayload) Decode(b []byte) error

func (*CertPayload) Encode ¶

func (s *CertPayload) Encode() (b []byte)

func (*CertPayload) Type ¶

func (s *CertPayload) Type() PayloadType

type CertRequestPayload ¶

type CertRequestPayload struct {
	*PayloadHeader
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cert Encoding | | +-+-+-+-+-+-+-+-+ | ~ Certification Authority ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*CertRequestPayload) Decode ¶

func (s *CertRequestPayload) Decode(b []byte) (err error)

func (*CertRequestPayload) Encode ¶

func (s *CertRequestPayload) Encode() (b []byte)

func (*CertRequestPayload) Type ¶

func (s *CertRequestPayload) Type() PayloadType

type ConfigurationAttribute ¶

type ConfigurationAttribute struct {
	ConfigurationAttributeType
	Value []byte
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R| Attribute Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Value ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

type ConfigurationAttributeType ¶

type ConfigurationAttributeType uint16

const (
	// Attribute Type		Value 							 Multi-Valued  Length
	INTERNAL_IP4_ADDRESS ConfigurationAttributeType = 1  //     YES*          0 or 4 octets
	INTERNAL_IP4_NETMASK ConfigurationAttributeType = 2  //     NO            0 or 4 octets
	INTERNAL_IP4_DNS     ConfigurationAttributeType = 3  //     YES           0 or 4 octets
	INTERNAL_IP4_NBNS    ConfigurationAttributeType = 4  //     YES           0 or 4 octets
	INTERNAL_IP4_DHCP    ConfigurationAttributeType = 6  //     YES           0 or 4 octets
	APPLICATION_VERSION  ConfigurationAttributeType = 7  //     NO            0 or more
	INTERNAL_IP6_ADDRESS ConfigurationAttributeType = 8  //     YES*          0 or 17 octets
	INTERNAL_IP6_DNS     ConfigurationAttributeType = 10 //    YES           0 or 16 octets
	INTERNAL_IP6_DHCP    ConfigurationAttributeType = 12 //    YES           0 or 16 octets
	INTERNAL_IP4_SUBNET  ConfigurationAttributeType = 13 //    YES           0 or 8 octets
	SUPPORTED_ATTRIBUTES ConfigurationAttributeType = 14 //    NO            Multiple of 2
	INTERNAL_IP6_SUBNET  ConfigurationAttributeType = 15 //    YES           17 octets
)

type ConfigurationPayload ¶

type ConfigurationPayload struct {
	*PayloadHeader
	ConfigurationType
	ConfigurationAttributes []*ConfigurationAttribute
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CFG Type | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Configuration Attributes ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*ConfigurationPayload) Decode ¶

func (s *ConfigurationPayload) Decode(b []byte) error

func (*ConfigurationPayload) Encode ¶

func (s *ConfigurationPayload) Encode() (b []byte)

func (*ConfigurationPayload) Type ¶

func (s *ConfigurationPayload) Type() PayloadType

type ConfigurationType ¶

type ConfigurationType uint8

const (
	CFG_REQUEST ConfigurationType = 1
	CFG_REPLY   ConfigurationType = 2
	CFG_SET     ConfigurationType = 3
	CFG_ACK     ConfigurationType = 4
)

type DeletePayload ¶

type DeletePayload struct {
	*PayloadHeader
	ProtocolId ProtocolID
	Spis       []Spi
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Protocol ID | SPI Size | Num of SPIs | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index(es) (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*DeletePayload) Decode ¶

func (s *DeletePayload) Decode(b []byte) error

func (*DeletePayload) Encode ¶

func (s *DeletePayload) Encode() (b []byte)

func (*DeletePayload) Type ¶

func (s *DeletePayload) Type() PayloadType

type DhTransformId ¶

type DhTransformId uint16

const (
	MODP_NONE DhTransformId = 0 // [RFC7296]
	MODP_768  DhTransformId = 1 // [RFC6989], Sec. 2.1	[RFC7296]
	MODP_1024 DhTransformId = 2 // [RFC6989], Sec. 2.1	[RFC7296]
	// 3-4	Reserved		[RFC7296]
	MODP_1536 DhTransformId = 5 // [RFC6989], Sec. 2.1	[RFC3526]
	// 6-13	Unassigned		[RFC7296]
	MODP_2048           DhTransformId = 14 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_3072           DhTransformId = 15 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_4096           DhTransformId = 16 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_6144           DhTransformId = 17 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_8192           DhTransformId = 18 // [RFC6989], Sec. 2.1	[RFC3526]
	ECP_256             DhTransformId = 19 // [RFC6989], Sec. 2.3	[RFC5903]
	ECP_384             DhTransformId = 20 // [RFC6989], Sec. 2.3	[RFC5903]
	ECP_521             DhTransformId = 21 // [RFC6989], Sec. 2.3	[RFC5903]
	MODP_1024_PRIME_160 DhTransformId = 22 // [RFC6989], Sec. 2.2	[RFC5114]
	MODP_2048_PRIME_224 DhTransformId = 23 // [RFC6989], Sec. 2.2	[RFC5114]
	MODP_2048_PRIME_256 DhTransformId = 24 // [RFC6989], Sec. 2.2	[RFC5114]
	ECP_192             DhTransformId = 25 // [RFC6989], Sec. 2.3	[RFC5114]
	ECP_224             DhTransformId = 26 // [RFC6989], Sec. 2.3	[RFC5114]
	BRAINPOOLP224R1     DhTransformId = 27 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP256R1     DhTransformId = 28 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP384R1     DhTransformId = 29 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP512R1     DhTransformId = 30 // [RFC6989], Sec. 2.3	[RFC6954]

)

func (DhTransformId) String ¶

func (i DhTransformId) String() string

type EapPayload ¶

type EapPayload struct {
	*PayloadHeader
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ EAP Message ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*EapPayload) Decode ¶

func (s *EapPayload) Decode(b []byte) (err error)

func (*EapPayload) Encode ¶

func (s *EapPayload) Encode() (b []byte)

func (*EapPayload) Type ¶

func (s *EapPayload) Type() PayloadType

type EncrTransformId ¶

type EncrTransformId uint16

const (
	// Name -                               ESP ref - IKE ref
	// Reserved	[RFC7296]	-0	//
	ENCR_DES_IV64 EncrTransformId = 1 //    [RFC1827]	-
	ENCR_DES      EncrTransformId = 2 //	[RFC2405]	[RFC7296]
	ENCR_3DES     EncrTransformId = 3 //	[RFC2451]	[RFC7296]
	ENCR_RC5      EncrTransformId = 4 //	[RFC2451]	[RFC7296]
	ENCR_IDEA     EncrTransformId = 5 //	[RFC2451]	[RFC7296]
	ENCR_CAST     EncrTransformId = 6 //	[RFC2451]	[RFC7296]
	ENCR_BLOWFISH EncrTransformId = 7 //	[RFC2451]	[RFC7296]
	ENCR_3IDEA    EncrTransformId = 8 //	[RFC2451]	[RFC7296]
	ENCR_DES_IV32 EncrTransformId = 9 //	[RFC7296]	-
	// Reserved                       //	[RFC7296]	-
	ENCR_NULL    EncrTransformId = 11 //	[RFC2410]	Not allowed
	ENCR_AES_CBC EncrTransformId = 12 //	[RFC3602]	[RFC7296]
	ENCR_AES_CTR EncrTransformId = 13 //	[RFC3686]	[RFC5930]
	// CCM, 8B IV & _*B ICV
	AEAD_AES_CCM_SHORT_8  EncrTransformId = 14 // 128 & 256b keys [RFC4309]	[RFC5282]
	AEAD_AES_CCM_SHORT_12 EncrTransformId = 15 // 128 & 256b keys [RFC4309]	[RFC5282]
	AEAD_AES_CCM_SHORT_16 EncrTransformId = 16 // 128 & 256b keys [RFC4309]	[RFC5282]
	// Unassigned
	// GCM, 8B IV & _*B ICV
	AEAD_AES_GCM_8  EncrTransformId = 18 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	AEAD_AES_GCM_12 EncrTransformId = 19 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	AEAD_AES_GCM_16 EncrTransformId = 20 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	// NULL, not really used
	ENCR_NULL_AUTH_AES_GMAC EncrTransformId = 21 //[RFC4543]	Not allowed
	// Reserved for IEEE P1619 XTS-AES
	ENCR_CAMELLIA_CBC        EncrTransformId = 23 //[RFC5529]	[RFC5529]
	ENCR_CAMELLIA_CTR        EncrTransformId = 24 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_8_ICV  EncrTransformId = 25 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_12_ICV EncrTransformId = 26 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_16_ICV EncrTransformId = 27 //[RFC5529]	-
	AEAD_CHACHA20_POLY1305   EncrTransformId = 28 //[RFC7634]	-

)

func (EncrTransformId) String ¶

func (i EncrTransformId) String() string

type EncryptedPayload ¶

type EncryptedPayload struct {
	*PayloadHeader
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | (length is block size for encryption algorithm) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Encrypted IKE Payloads ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (0-255 octets) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ | | Pad Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Integrity Checksum Data ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*EncryptedPayload) Decode ¶

func (s *EncryptedPayload) Decode(b []byte) (err error)

func (*EncryptedPayload) Encode ¶

func (s *EncryptedPayload) Encode() (b []byte)

func (*EncryptedPayload) Type ¶

func (s *EncryptedPayload) Type() PayloadType

type EsnTransformId ¶

type EsnTransformId uint16

const (
	ESN_NONE EsnTransformId = 0
	ESN      EsnTransformId = 1
)

type HashAlgorithmId ¶

type HashAlgorithmId uint16

const (
	HASH_RESERVED HashAlgorithmId = 0
	HASH_SHA1     HashAlgorithmId = 1
	HASH_SHA2_256 HashAlgorithmId = 2
	HASH_SHA2_384 HashAlgorithmId = 3
	HASH_SHA2_512 HashAlgorithmId = 4
)

func (HashAlgorithmId) String ¶

func (i HashAlgorithmId) String() string

type IdPayload ¶

type IdPayload struct {
	*PayloadHeader
	IdPayloadType PayloadType
	IdType        IdType
	Data          []byte
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ID Type | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Identification Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*IdPayload) Decode ¶

func (s *IdPayload) Decode(b []byte) error

func (*IdPayload) Encode ¶

func (s *IdPayload) Encode() (b []byte)

func (*IdPayload) Type ¶

func (s *IdPayload) Type() PayloadType

type IdType ¶

type IdType uint8

const (
	ID_IPV4_ADDR   IdType = 1
	ID_FQDN        IdType = 2
	ID_RFC822_ADDR IdType = 3
	ID_IPV6_ADDR   IdType = 5
	ID_DER_ASN1_DN IdType = 9
	ID_DER_ASN1_GN IdType = 10
	ID_KEY_ID      IdType = 11
)

func (IdType) String ¶

func (i IdType) String() string

type IkeErrorCode ¶

type IkeErrorCode uint16

const (
	ERR_UNSUPPORTED_CRITICAL_PAYLOAD IkeErrorCode = 1
	ERR_INVALID_IKE_SPI              IkeErrorCode = 4
	ERR_INVALID_MAJOR_VERSION        IkeErrorCode = 5
	ERR_INVALID_SYNTAX               IkeErrorCode = 7
	ERR_INVALID_MESSAGE_ID           IkeErrorCode = 9
	ERR_INVALID_SPI                  IkeErrorCode = 11
	ERR_NO_PROPOSAL_CHOSEN           IkeErrorCode = 14
	ERR_INVALID_KE_PAYLOAD           IkeErrorCode = 17
	ERR_AUTHENTICATION_FAILED        IkeErrorCode = 24
	ERR_SINGLE_PAIR_REQUIRED         IkeErrorCode = 34
	ERR_NO_ADDITIONAL_SAS            IkeErrorCode = 35
	ERR_INTERNAL_ADDRESS_FAILURE     IkeErrorCode = 36
	ERR_FAILED_CP_REQUIRED           IkeErrorCode = 37
	ERR_TS_UNACCEPTABLE              IkeErrorCode = 38
	ERR_INVALID_SELECTORS            IkeErrorCode = 39 // appears in INFORMATIONAL
	ERR_TEMPORARY_FAILURE            IkeErrorCode = 43
	ERR_CHILD_SA_NOT_FOUND           IkeErrorCode = 44
)

func GetIkeErrorCode ¶

func GetIkeErrorCode(nt NotificationType) (IkeErrorCode, bool)

func (IkeErrorCode) Error ¶

func (e IkeErrorCode) Error() string

type IkeExchangeType ¶

type IkeExchangeType uint16

const (
	// 0-33	Reserved	[RFC7296]
	IKE_SA_INIT        IkeExchangeType = 34 //	[RFC7296]
	IKE_AUTH           IkeExchangeType = 35 //	[RFC7296]
	CREATE_CHILD_SA    IkeExchangeType = 36 //	[RFC7296]
	INFORMATIONAL      IkeExchangeType = 37 //	[RFC7296]
	IKE_SESSION_RESUME IkeExchangeType = 38 //	[RFC5723]
	GSA_AUTH           IkeExchangeType = 39 //	[draft-yeung-g-ikev2]
	GSA_REGISTRATION   IkeExchangeType = 40 //	[draft-yeung-g-ikev2]
	GSA_REKEY          IkeExchangeType = 41 //	[draft-yeung-g-ikev2]

)

func (IkeExchangeType) String ¶

func (i IkeExchangeType) String() string

type IkeFlags ¶

type IkeFlags uint8

const (
	RESPONSE  IkeFlags = 1 << 5
	VERSION   IkeFlags = 1 << 4
	INITIATOR IkeFlags = 1 << 3
)

func (IkeFlags) IsInitiator ¶

func (f IkeFlags) IsInitiator() bool

func (IkeFlags) IsResponse ¶

func (f IkeFlags) IsResponse() bool

func (IkeFlags) String ¶

func (f IkeFlags) String() string

type IkeHeader ¶

type IkeHeader struct {
	SpiI, SpiR                 Spi
	NextPayload                PayloadType
	MajorVersion, MinorVersion uint8 // 4 bits
	ExchangeType               IkeExchangeType
	Flags                      IkeFlags
	MsgID                      uint32
	MsgLength                  uint32
}

func DecodeIkeHeader ¶

func DecodeIkeHeader(b []byte) (h *IkeHeader, err error)

func (*IkeHeader) Encode ¶

func (h *IkeHeader) Encode() (b []byte)

type KePayload ¶

type KePayload struct {
	*PayloadHeader
	DhTransformId DhTransformId
	KeyData       *big.Int
}

start ke payload

 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Payload  |C|  RESERVED   |         Payload Length        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   Diffie-Hellman Group Num    |           RESERVED            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
~                       Key Exchange Data                       ~
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*KePayload) Decode ¶

func (s *KePayload) Decode(b []byte) error

func (*KePayload) Encode ¶

func (s *KePayload) Encode() (b []byte)

func (*KePayload) Type ¶

func (s *KePayload) Type() PayloadType

type NoncePayload ¶

type NoncePayload struct {
	*PayloadHeader
	Nonce *big.Int
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Nonce Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*NoncePayload) Decode ¶

func (s *NoncePayload) Decode(b []byte) error

func (*NoncePayload) Encode ¶

func (s *NoncePayload) Encode() (b []byte)

func (*NoncePayload) Type ¶

func (s *NoncePayload) Type() PayloadType

type NotificationType ¶

type NotificationType uint16

const (
	// Error types
	UNSUPPORTED_CRITICAL_PAYLOAD NotificationType = 1
	INVALID_IKE_SPI              NotificationType = 4
	INVALID_MAJOR_VERSION        NotificationType = 5
	INVALID_SYNTAX               NotificationType = 7
	INVALID_MESSAGE_ID           NotificationType = 9
	INVALID_SPI                  NotificationType = 11
	NO_PROPOSAL_CHOSEN           NotificationType = 14
	INVALID_KE_PAYLOAD           NotificationType = 17
	AUTHENTICATION_FAILED        NotificationType = 24
	SINGLE_PAIR_REQUIRED         NotificationType = 34
	NO_ADDITIONAL_SAS            NotificationType = 35
	INTERNAL_ADDRESS_FAILURE     NotificationType = 36
	FAILED_CP_REQUIRED           NotificationType = 37
	TS_UNACCEPTABLE              NotificationType = 38
	INVALID_SELECTORS            NotificationType = 39
	TEMPORARY_FAILURE            NotificationType = 43
	CHILD_SA_NOT_FOUND           NotificationType = 44
	// Status Types
	INITIAL_CONTACT               NotificationType = 16384
	SET_WINDOW_SIZE               NotificationType = 16385
	ADDITIONAL_TS_POSSIBLE        NotificationType = 16386
	IPCOMP_SUPPORTED              NotificationType = 16387
	NAT_DETECTION_SOURCE_IP       NotificationType = 16388
	NAT_DETECTION_DESTINATION_IP  NotificationType = 16389
	COOKIE                        NotificationType = 16390
	USE_TRANSPORT_MODE            NotificationType = 16391
	HTTP_CERT_LOOKUP_SUPPORTED    NotificationType = 16392
	REKEY_SA                      NotificationType = 16393
	ESP_TFC_PADDING_NOT_SUPPORTED NotificationType = 16394
	NON_FIRST_FRAGMENTS_ALSO      NotificationType = 16395
	// non rfc7396
	MOBIKE_SUPPORTED                    NotificationType = 16396 //	[RFC4555]
	ADDITIONAL_IP4_ADDRESS              NotificationType = 16397 //	[RFC4555]
	ADDITIONAL_IP6_ADDRESS              NotificationType = 16398 //	[RFC4555]
	NO_ADDITIONAL_ADDRESSES             NotificationType = 16399 //	[RFC4555]
	UPDATE_SA_ADDRESSES                 NotificationType = 16400 //	[RFC4555]
	COOKIE2                             NotificationType = 16401 //	[RFC4555]
	NO_NATS_ALLOWED                     NotificationType = 16402 //	[RFC4555]
	AUTH_LIFETIME                       NotificationType = 16403 //	[RFC4478]
	MULTIPLE_AUTH_SUPPORTED             NotificationType = 16404 //	[RFC4739]
	ANOTHER_AUTH_FOLLOWS                NotificationType = 16405 //	[RFC4739]
	REDIRECT_SUPPORTED                  NotificationType = 16406 //	[RFC5685]
	REDIRECT                            NotificationType = 16407 //	[RFC5685]
	REDIRECTED_FROM                     NotificationType = 16408 //	[RFC5685]
	TICKET_LT_OPAQUE                    NotificationType = 16409 //	[RFC5723]
	TICKET_REQUEST                      NotificationType = 16410 //	[RFC5723]
	TICKET_ACK                          NotificationType = 16411 //	[RFC5723]
	TICKET_NACK                         NotificationType = 16412 //	[RFC5723]
	TICKET_OPAQUE                       NotificationType = 16413 //	[RFC5723]
	LINK_ID                             NotificationType = 16414 //	[RFC5739]
	USE_WESP_MODE                       NotificationType = 16415 //	[RFC5840]
	ROHC_SUPPORTED                      NotificationType = 16416 //	[RFC5857]
	EAP_ONLY_AUTHENTICATION             NotificationType = 16417 //	[RFC5998]
	CHILDLESS_IKEV2_SUPPORTED           NotificationType = 16418 //	[RFC6023]
	QUICK_CRASH_DETECTION               NotificationType = 16419 //	[RFC6290]
	IKEV2_MESSAGE_ID_SYNC_SUPPORTED     NotificationType = 16420 //	[RFC6311]
	IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED NotificationType = 16421 //	[RFC6311]
	IKEV2_MESSAGE_ID_SYNC               NotificationType = 16422 //	[RFC6311]
	IPSEC_REPLAY_COUNTER_SYNC           NotificationType = 16423 //	[RFC6311]
	SECURE_PASSWORD_METHODS             NotificationType = 16424 //	[RFC6467]
	PSK_PERSIST                         NotificationType = 16425 //	[RFC6631]
	PSK_CONFIRM                         NotificationType = 16426 //	[RFC6631]
	ERX_SUPPORTED                       NotificationType = 16427 //	[RFC6867]
	IFOM_CAPABILITY                     NotificationType = 16428 //	[Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2]
	SENDER_REQUEST_ID                   NotificationType = 16429 //	[draft-yeung-g-ikev2]
	IKEV2_FRAGMENTATION_SUPPORTED       NotificationType = 16430 //	[RFC7383]
	SIGNATURE_HASH_ALGORITHMS           NotificationType = 16431 //	[RFC7427]
)

func (NotificationType) String ¶

func (i NotificationType) String() string

type NotifyPayload ¶

type NotifyPayload struct {
	*PayloadHeader
	ProtocolId          ProtocolID
	NotificationType    NotificationType
	Spi                 []byte
	NotificationMessage interface{}
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Protocol ID | SPI Size | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Notification Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*NotifyPayload) Decode ¶

func (s *NotifyPayload) Decode(b []byte) (err error)

func (*NotifyPayload) Encode ¶

func (s *NotifyPayload) Encode() (b []byte)

func (*NotifyPayload) Type ¶

func (s *NotifyPayload) Type() PayloadType

type Packet ¶

type Packet interface {
	Decode([]byte) error
	Encode() []byte
}

type Payload ¶

type Payload interface {
	Type() PayloadType
	Decode([]byte) error
	Encode() []byte
	NextPayloadType() PayloadType
	Header() *PayloadHeader
}

Payload is interface expected from all payloads

type PayloadHeader ¶

type PayloadHeader struct {
	NextPayload   PayloadType
	IsCritical    bool
	PayloadLength uint16
}

func (*PayloadHeader) Decode ¶

func (h *PayloadHeader) Decode(b []byte) error

func (PayloadHeader) Encode ¶

func (h PayloadHeader) Encode() (b []byte)

func (h *PayloadHeader) Header() *PayloadHeader

func (*PayloadHeader) NextPayloadType ¶

func (h *PayloadHeader) NextPayloadType() PayloadType

type PayloadType ¶

type PayloadType uint8

const (
	PayloadTypeNone PayloadType = 0 // No Next Payload		[RFC7296]
	// 1-32	Reserved		[RFC7296]
	PayloadTypeSA      PayloadType = 33 // Security Association	 [RFC7296]
	PayloadTypeKE      PayloadType = 34 // Key Exchange	 [RFC7296]
	PayloadTypeIDi     PayloadType = 35 // Identification - Initiator	 [RFC7296]
	PayloadTypeIDr     PayloadType = 36 // Identification - Responder	 [RFC7296]
	PayloadTypeCERT    PayloadType = 37 // Certificate	 [RFC7296]
	PayloadTypeCERTREQ PayloadType = 38 // Certificate Request	 [RFC7296]
	PayloadTypeAUTH    PayloadType = 39 // Authentication	 [RFC7296]
	PayloadTypeNonce   PayloadType = 40 // Nonce	Ni, Nr [RFC7296]
	PayloadTypeN       PayloadType = 41 // Notify	 [RFC7296]
	PayloadTypeD       PayloadType = 42 // Delete	 [RFC7296]
	PayloadTypeV       PayloadType = 43 // Vendor ID	 [RFC7296]
	PayloadTypeTSi     PayloadType = 44 // Traffic Selector - Initiator	 [RFC7296]
	PayloadTypeTSr     PayloadType = 45 // Traffic Selector - Responder	 [RFC7296]
	PayloadTypeSK      PayloadType = 46 // Encrypted and Authenticated	 [RFC7296]
	PayloadTypeCP      PayloadType = 47 // Configuration	 [RFC7296]
	PayloadTypeEAP     PayloadType = 48 // Extensible Authentication	 [RFC7296]
	PayloadTypeGSPM    PayloadType = 49 // Generic Secure Password Method	 [RFC6467]
	PayloadTypeIDg     PayloadType = 50 // Group Identification	[draft-yeung-g-ikev2]
	PayloadTypeGSA     PayloadType = 51 // Group Security Association		[draft-yeung-g-ikev2]
	PayloadTypeKD      PayloadType = 52 // Key Download		[draft-yeung-g-ikev2]
	PayloadTypeSKF     PayloadType = 53 // Encrypted and Authenticated Fragment	 [RFC7383]

)

func (PayloadType) String ¶

func (p PayloadType) String() string

type Payloads ¶

type Payloads struct {
	Array []Payload
}

Payloads

func DecodePayloads ¶

func DecodePayloads(b []byte, nextPayload PayloadType) (*Payloads, error)

func MakePayloads ¶

func MakePayloads() *Payloads

func (*Payloads) Add ¶

func (p *Payloads) Add(t Payload)

func (*Payloads) Get ¶

func (p *Payloads) Get(t PayloadType) Payload

func (*Payloads) GetCertchain ¶

func (p *Payloads) GetCertchain() (chain []*x509.Certificate, err error)

GetCertchain there may be multiple CERT payloads

func (*Payloads) GetNotification ¶

func (p *Payloads) GetNotification(nt NotificationType) *NotifyPayload

func (*Payloads) GetNotifications ¶

func (p *Payloads) GetNotifications() (ns []*NotifyPayload)

func (Payloads) MarshalJSON ¶

func (p Payloads) MarshalJSON() ([]byte, error)

func (Payloads) String ¶

func (p Payloads) String() string

type PolicyParams ¶

type PolicyParams struct {
	Ini, Res         net.IP // tunnel endpoints
	IniPort, ResPort int
	IniNet, ResNet   *net.IPNet
	IsTransportMode  bool
}

type PrfTransformId ¶

type PrfTransformId uint16

const (
	// 0	Reserved	[RFC7296]
	PRF_HMAC_MD5      PrfTransformId = 1 //	[RFC2104]
	PRF_HMAC_SHA1     PrfTransformId = 2 //	[RFC2104]
	PRF_HMAC_TIGER    PrfTransformId = 3 //	[RFC2104]
	PRF_AES128_XCBC   PrfTransformId = 4 //	[RFC4434]
	PRF_HMAC_SHA2_256 PrfTransformId = 5 //	[RFC4868]
	PRF_HMAC_SHA2_384 PrfTransformId = 6 //	[RFC4868]
	PRF_HMAC_SHA2_512 PrfTransformId = 7 //	[RFC4868]
	PRF_AES128_CMAC   PrfTransformId = 8 //	[RFC4615]

)

func (PrfTransformId) String ¶

func (i PrfTransformId) String() string

type Proposals ¶

type Proposals []*SaProposal

func ProposalFromTransform ¶

func ProposalFromTransform(prot ProtocolID, trs TransformMap, spi []byte) Proposals

type ProtocolID ¶

type ProtocolID uint8

const (
	IKE ProtocolID = 1
	AH  ProtocolID = 2
	ESP ProtocolID = 3
)

func (ProtocolID) String ¶

func (p ProtocolID) String() string

type SaPayload ¶

type SaPayload struct {
	*PayloadHeader
	Proposals
}

                    1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ <Proposals> ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*SaPayload) Decode ¶

func (s *SaPayload) Decode(b []byte) (err error)

func (*SaPayload) Encode ¶

func (s *SaPayload) Encode() (b []byte)

func (*SaPayload) Type ¶

func (s *SaPayload) Type() PayloadType

type SaProposal ¶

type SaProposal struct {
	IsLast     bool
	Number     uint8
	ProtocolID ProtocolID
	Spi        []byte
	Transforms []*SaTransform
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

func (*SaProposal) IsSpiSizeCorrect ¶

func (prop *SaProposal) IsSpiSizeCorrect(spiSize int) bool

type SaTransform ¶

type SaTransform struct {
	Transform Transform
	KeyLength uint16
	IsLast    bool
}

func (*SaTransform) IsEqual ¶

func (tr *SaTransform) IsEqual(other *SaTransform) bool

type Selector ¶

type Selector struct {
	Type                     SelectorType
	IpProtocolId             uint8
	StartPort, Endport       uint16
	StartAddress, EndAddress net.IP
}

func (Selector) String ¶

func (s Selector) String() string

type SelectorType ¶

type SelectorType uint8

const (
	TS_IPV4_ADDR_RANGE SelectorType = 7
	TS_IPV6_ADDR_RANGE SelectorType = 8
)

type Selectors ¶

type Selectors []*Selector

type SignatureAuth ¶

type SignatureAuth struct {
	Asn1Data  []byte
	Signature []byte
}

                    1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASN.1 Length | AlgorithmIdentifier ASN.1 object | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ AlgorithmIdentifier ASN.1 object continuing ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Signature Value ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*SignatureAuth) Decode ¶

func (s *SignatureAuth) Decode(b []byte) error

func (*SignatureAuth) Encode ¶

func (s *SignatureAuth) Encode() (b []byte)

type Spi ¶

type Spi []byte

func (*Spi) MarshalJSON ¶

func (s *Spi) MarshalJSON() ([]byte, error)

func (Spi) String ¶

func (s Spi) String() string

type TrafficSelectorPayload ¶

type TrafficSelectorPayload struct {
	*PayloadHeader
	TrafficSelectorPayloadType PayloadType
	Selectors                  Selectors
}

func (*TrafficSelectorPayload) Decode ¶

func (s *TrafficSelectorPayload) Decode(b []byte) error

func (*TrafficSelectorPayload) Encode ¶

func (s *TrafficSelectorPayload) Encode() (b []byte)

func (*TrafficSelectorPayload) Type ¶

func (s *TrafficSelectorPayload) Type() PayloadType

type Transform ¶

type Transform struct {
	Type        TransformType
	TransformId uint16
}

type TransformAttribute ¶

type TransformAttribute struct {
	Type  AttributeType
	Value uint16 // fixed 2 octet length for now
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A| Attribute Type | AF=0 Attribute Length | |F| | AF=1 Attribute Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AF=0 Attribute Value | | AF=1 Not Transmitted | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

type TransformMap ¶

type TransformMap map[TransformType]*SaTransform

TransformMap store the configured crypto suite NOTE that this cannot be used to parse incoming list of transforms incoming list can have many Transforms of same type in 1 proposal

func EspTransform ¶

func EspTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, esn EsnTransformId) TransformMap

EspTransform builds an ESP cipher suite

func IkeTransform ¶

func IkeTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, prf PrfTransformId, dh DhTransformId) TransformMap

IkeTransform builds a IKE cipher suite

func (TransformMap) AsList ¶

func (t TransformMap) AsList() (trs []*SaTransform)

AsList converts transforms to flat list

func (TransformMap) GetType ¶

func (t TransformMap) GetType(ty TransformType) *Transform

func (TransformMap) Within ¶

func (t TransformMap) Within(proposed []*SaTransform) bool

Within checks if the configured set of transforms occurs within list of proposed transforms

type TransformType ¶

type TransformType uint8

const (
	TRANSFORM_TYPE_ENCR  TransformType = 1 // Encryption Algorithm  used in IKE and ESP [RFC7296]
	TRANSFORM_TYPE_PRF   TransformType = 2 // Pseudorandom Function used in IKE [RFC7296]
	TRANSFORM_TYPE_INTEG TransformType = 3 // Integrity Algorithm  used in   IKE*, AH, optional in ESP [RFC7296]
	TRANSFORM_TYPE_DH    TransformType = 4 // Diffie-Hellman Group used in   IKE, optional in AH & ESP [RFC7296]
	TRANSFORM_TYPE_ESN   TransformType = 5 // Extended Sequence Numbers used in AH and ESP [RFC7296]
)

func (TransformType) String ¶

func (p TransformType) String() string

type VendorIdPayload ¶

type VendorIdPayload struct {
	*PayloadHeader
}

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Vendor ID (VID) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*VendorIdPayload) Decode ¶

func (s *VendorIdPayload) Decode(b []byte) (err error)

func (*VendorIdPayload) Encode ¶

func (s *VendorIdPayload) Encode() (b []byte)

func (*VendorIdPayload) Type ¶

func (s *VendorIdPayload) Type() PayloadType

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL