protocol

package
v0.0.0-...-2e9568b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 7, 2017 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	IKE_PORT      = 500
	IKE_NATT_PORT = 4500
)
View Source 
const (
	LOG_PACKET_JS = 3
	LOG_CODEC     = 4
	LOG_CODEC_ERR = 2
)
View Source 
const (
	IKEV2_MAJOR_VERSION = 2
	IKEV2_MINOR_VERSION = 0
)
View Source 
const (
	IKE_HEADER_LEN      = 28
	MAX_IKE_MESSAGE_LEN = 3000 // section 2
)
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IKE SA Initiator's SPI | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IKE SA Responder's SPI | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload | MjVer | MnVer | Exchange Type | Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

View Source 
const (
	MIN_LEN_ATTRIBUTE = 4
)
View Source 
const (
	MIN_LEN_PROPOSAL = 8
)
View Source 
const (
	MIN_LEN_SELECTOR = 8
)
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TS Type |IP Protocol ID*| Selector Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Start Port* | End Port* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Starting Address* ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Ending Address* ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

View Source 
const (
	MIN_LEN_TRAFFIC_SELECTOR = 4
)
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Number of TSs | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ <Traffic Selectors> ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

View Source 
const (
	MIN_LEN_TRANSFORM = 8
)
View Source 
const (
	PAYLOAD_HEADER_LENGTH = 4
)
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Variables

View Source 
var PacketLog = false

Functions

func EncodePayloads 

func EncodePayloads(payloads *Payloads) (b []byte)

Types

type AttributeType 

type AttributeType uint16
const (
	ATTRIBUTE_TYPE_KEY_LENGTH AttributeType = 14
)

type AuthMethod 

type AuthMethod uint8
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Auth Method | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Authentication Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 

const (
	AUTH_RSA_DIGITAL_SIGNATURE             AuthMethod = 1
	AUTH_SHARED_KEY_MESSAGE_INTEGRITY_CODE AuthMethod = 2
	AUTH_DSS_DIGITAL_SIGNATURE             AuthMethod = 3
	AUTH_ECDSA_256                         AuthMethod = 9  // RFC4754
	AUTH_ECDSA_384                         AuthMethod = 10 // RFC4754
	AUTH_ECDSA_521                         AuthMethod = 11 // RFC4754
	AUTH_DIGITAL_SIGNATURE                 AuthMethod = 14 // RFC7427
)

func (AuthMethod) String 

func (i AuthMethod) String() string

type AuthPayload 

type AuthPayload struct {
	*PayloadHeader
	AuthMethod AuthMethod
	Data       []byte
}

func (*AuthPayload) Decode 

func (s *AuthPayload) Decode(b []byte) error

func (*AuthPayload) Encode 

func (s *AuthPayload) Encode() (b []byte)

func (*AuthPayload) Type 

func (s *AuthPayload) Type() PayloadType

type AuthTransformId 

type AuthTransformId uint16
const (
	AUTH_NONE              AuthTransformId = 0  //	[RFC7296]
	AUTH_HMAC_MD5_96       AuthTransformId = 1  //	[RFC2403][RFC7296]
	AUTH_HMAC_SHA1_96      AuthTransformId = 2  //	[RFC2404][RFC7296]
	AUTH_DES_MAC           AuthTransformId = 3  //	[RFC7296]
	AUTH_KPDK_MD5          AuthTransformId = 4  //	[RFC7296]
	AUTH_AES_XCBC_96       AuthTransformId = 5  //	[RFC3566][RFC7296]
	AUTH_HMAC_MD5_128      AuthTransformId = 6  //	[RFC4595]
	AUTH_HMAC_SHA1_160     AuthTransformId = 7  //	[RFC4595]
	AUTH_AES_CMAC_96       AuthTransformId = 8  //	[RFC4494]
	AUTH_AES_128_GMAC      AuthTransformId = 9  //	[RFC4543]
	AUTH_AES_192_GMAC      AuthTransformId = 10 //	[RFC4543]
	AUTH_AES_256_GMAC      AuthTransformId = 11 //	[RFC4543]
	AUTH_HMAC_SHA2_256_128 AuthTransformId = 12 //	[RFC4868]
	AUTH_HMAC_SHA2_384_192 AuthTransformId = 13 //	[RFC4868]
	AUTH_HMAC_SHA2_512_256 AuthTransformId = 14 //	[RFC4868]

)

func (AuthTransformId) String 

func (i AuthTransformId) String() string

type CertEncodingType 

type CertEncodingType uint8
const (
	PKCS_7_WRAPPED_X_509_CERTIFICATE CertEncodingType = 1 // UNSPECIFIED
	PGP_CERTIFICATE                  CertEncodingType = 2 // UNSPECIFIED
	DNS_SIGNED_KEY                   CertEncodingType = 3 // UNSPECIFIED
	X_509_CERTIFICATE_SIGNATURE      CertEncodingType = 4
	KERBEROS_TOKEN                   CertEncodingType = 6 // UNSPECIFIED
	CERTIFICATE_REVOCATION_LIST      CertEncodingType = 7
	AUTHORITY_REVOCATION_LIST        CertEncodingType = 8  // UNSPECIFIED
	SPKI_CERTIFICATE                 CertEncodingType = 9  // UNSPECIFIED
	X_509_CERTIFICATE_ATTRIBUTE      CertEncodingType = 10 // UNSPECIFIED
	RAW_RSA_KEY                      CertEncodingType = 11 // DEPRECATED
	HASH_URL_OF_X_509_CERTIFICATE    CertEncodingType = 12
	HASH_URL_OF_X_509_BUNDLE         CertEncodingType = 13
)

rfc7296 section 3.6

type CertPayload 

type CertPayload struct {
	*PayloadHeader
	CertEncodingType
	Data []byte
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cert Encoding | | +-+-+-+-+-+-+-+-+ | ~ Certificate Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*CertPayload) Decode 

func (s *CertPayload) Decode(b []byte) error

func (*CertPayload) Encode 

func (s *CertPayload) Encode() (b []byte)

func (*CertPayload) Type 

func (s *CertPayload) Type() PayloadType

type CertRequestPayload 

type CertRequestPayload struct {
	*PayloadHeader
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cert Encoding | | +-+-+-+-+-+-+-+-+ | ~ Certification Authority ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*CertRequestPayload) Decode 

func (s *CertRequestPayload) Decode(b []byte) (err error)

func (*CertRequestPayload) Encode 

func (s *CertRequestPayload) Encode() (b []byte)

func (*CertRequestPayload) Type 

func (s *CertRequestPayload) Type() PayloadType

type ConfigurationAttribute 

type ConfigurationAttribute struct {
	ConfigurationAttributeType
	Value []byte
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R| Attribute Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Value ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

type ConfigurationAttributeType 

type ConfigurationAttributeType uint16
const (
	// Attribute Type		Value 							 Multi-Valued  Length
	INTERNAL_IP4_ADDRESS ConfigurationAttributeType = 1  //     YES*          0 or 4 octets
	INTERNAL_IP4_NETMASK ConfigurationAttributeType = 2  //     NO            0 or 4 octets
	INTERNAL_IP4_DNS     ConfigurationAttributeType = 3  //     YES           0 or 4 octets
	INTERNAL_IP4_NBNS    ConfigurationAttributeType = 4  //     YES           0 or 4 octets
	INTERNAL_IP4_DHCP    ConfigurationAttributeType = 6  //     YES           0 or 4 octets
	APPLICATION_VERSION  ConfigurationAttributeType = 7  //     NO            0 or more
	INTERNAL_IP6_ADDRESS ConfigurationAttributeType = 8  //     YES*          0 or 17 octets
	INTERNAL_IP6_DNS     ConfigurationAttributeType = 10 //    YES           0 or 16 octets
	INTERNAL_IP6_DHCP    ConfigurationAttributeType = 12 //    YES           0 or 16 octets
	INTERNAL_IP4_SUBNET  ConfigurationAttributeType = 13 //    YES           0 or 8 octets
	SUPPORTED_ATTRIBUTES ConfigurationAttributeType = 14 //    NO            Multiple of 2
	INTERNAL_IP6_SUBNET  ConfigurationAttributeType = 15 //    YES           17 octets
)

type ConfigurationPayload 

type ConfigurationPayload struct {
	*PayloadHeader
	ConfigurationType
	ConfigurationAttributes []*ConfigurationAttribute
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CFG Type | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Configuration Attributes ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*ConfigurationPayload) Decode 

func (s *ConfigurationPayload) Decode(b []byte) error

func (*ConfigurationPayload) Encode 

func (s *ConfigurationPayload) Encode() (b []byte)

func (*ConfigurationPayload) Type 

func (s *ConfigurationPayload) Type() PayloadType

type ConfigurationType 

type ConfigurationType uint8
const (
	CFG_REQUEST ConfigurationType = 1
	CFG_REPLY   ConfigurationType = 2
	CFG_SET     ConfigurationType = 3
	CFG_ACK     ConfigurationType = 4
)

type DeletePayload 

type DeletePayload struct {
	*PayloadHeader
	ProtocolId ProtocolID
	Spis       []Spi
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Protocol ID | SPI Size | Num of SPIs | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index(es) (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*DeletePayload) Decode 

func (s *DeletePayload) Decode(b []byte) error

func (*DeletePayload) Encode 

func (s *DeletePayload) Encode() (b []byte)

func (*DeletePayload) Type 

func (s *DeletePayload) Type() PayloadType

type DhTransformId 

type DhTransformId uint16
const (
	MODP_NONE DhTransformId = 0 // [RFC7296]
	MODP_768  DhTransformId = 1 // [RFC6989], Sec. 2.1	[RFC7296]
	MODP_1024 DhTransformId = 2 // [RFC6989], Sec. 2.1	[RFC7296]
	// 3-4	Reserved		[RFC7296]
	MODP_1536 DhTransformId = 5 // [RFC6989], Sec. 2.1	[RFC3526]
	// 6-13	Unassigned		[RFC7296]
	MODP_2048           DhTransformId = 14 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_3072           DhTransformId = 15 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_4096           DhTransformId = 16 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_6144           DhTransformId = 17 // [RFC6989], Sec. 2.1	[RFC3526]
	MODP_8192           DhTransformId = 18 // [RFC6989], Sec. 2.1	[RFC3526]
	ECP_256             DhTransformId = 19 // [RFC6989], Sec. 2.3	[RFC5903]
	ECP_384             DhTransformId = 20 // [RFC6989], Sec. 2.3	[RFC5903]
	ECP_521             DhTransformId = 21 // [RFC6989], Sec. 2.3	[RFC5903]
	MODP_1024_PRIME_160 DhTransformId = 22 // [RFC6989], Sec. 2.2	[RFC5114]
	MODP_2048_PRIME_224 DhTransformId = 23 // [RFC6989], Sec. 2.2	[RFC5114]
	MODP_2048_PRIME_256 DhTransformId = 24 // [RFC6989], Sec. 2.2	[RFC5114]
	ECP_192             DhTransformId = 25 // [RFC6989], Sec. 2.3	[RFC5114]
	ECP_224             DhTransformId = 26 // [RFC6989], Sec. 2.3	[RFC5114]
	BRAINPOOLP224R1     DhTransformId = 27 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP256R1     DhTransformId = 28 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP384R1     DhTransformId = 29 // [RFC6989], Sec. 2.3	[RFC6954]
	BRAINPOOLP512R1     DhTransformId = 30 // [RFC6989], Sec. 2.3	[RFC6954]

)

func (DhTransformId) String 

func (i DhTransformId) String() string

type EapPayload 

type EapPayload struct {
	*PayloadHeader
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ EAP Message ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*EapPayload) Decode 

func (s *EapPayload) Decode(b []byte) (err error)

func (*EapPayload) Encode 

func (s *EapPayload) Encode() (b []byte)

func (*EapPayload) Type 

func (s *EapPayload) Type() PayloadType

type EncrTransformId 

type EncrTransformId uint16
const (
	// Name -                               ESP ref - IKE ref
	// Reserved	[RFC7296]	-0	//
	ENCR_DES_IV64 EncrTransformId = 1 //    [RFC1827]	-
	ENCR_DES      EncrTransformId = 2 //	[RFC2405]	[RFC7296]
	ENCR_3DES     EncrTransformId = 3 //	[RFC2451]	[RFC7296]
	ENCR_RC5      EncrTransformId = 4 //	[RFC2451]	[RFC7296]
	ENCR_IDEA     EncrTransformId = 5 //	[RFC2451]	[RFC7296]
	ENCR_CAST     EncrTransformId = 6 //	[RFC2451]	[RFC7296]
	ENCR_BLOWFISH EncrTransformId = 7 //	[RFC2451]	[RFC7296]
	ENCR_3IDEA    EncrTransformId = 8 //	[RFC2451]	[RFC7296]
	ENCR_DES_IV32 EncrTransformId = 9 //	[RFC7296]	-
	// Reserved                       //	[RFC7296]	-
	ENCR_NULL    EncrTransformId = 11 //	[RFC2410]	Not allowed
	ENCR_AES_CBC EncrTransformId = 12 //	[RFC3602]	[RFC7296]
	ENCR_AES_CTR EncrTransformId = 13 //	[RFC3686]	[RFC5930]
	// CCM, 8B IV & _*B ICV
	AEAD_AES_CCM_SHORT_8  EncrTransformId = 14 // 128 & 256b keys [RFC4309]	[RFC5282]
	AEAD_AES_CCM_SHORT_12 EncrTransformId = 15 // 128 & 256b keys [RFC4309]	[RFC5282]
	AEAD_AES_CCM_SHORT_16 EncrTransformId = 16 // 128 & 256b keys [RFC4309]	[RFC5282]
	// Unassigned
	// GCM, 8B IV & _*B ICV
	AEAD_AES_GCM_8  EncrTransformId = 18 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	AEAD_AES_GCM_12 EncrTransformId = 19 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	AEAD_AES_GCM_16 EncrTransformId = 20 // 128, 196 & 256b keys [RFC4106] [RFC5282]
	// NULL, not really used
	ENCR_NULL_AUTH_AES_GMAC EncrTransformId = 21 //[RFC4543]	Not allowed
	// Reserved for IEEE P1619 XTS-AES
	ENCR_CAMELLIA_CBC        EncrTransformId = 23 //[RFC5529]	[RFC5529]
	ENCR_CAMELLIA_CTR        EncrTransformId = 24 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_8_ICV  EncrTransformId = 25 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_12_ICV EncrTransformId = 26 //[RFC5529]	-
	ENCR_CAMELLIA_CCM_16_ICV EncrTransformId = 27 //[RFC5529]	-
	AEAD_CHACHA20_POLY1305   EncrTransformId = 28 //[RFC7634]	-

)

func (EncrTransformId) String 

func (i EncrTransformId) String() string

type EncryptedPayload 

type EncryptedPayload struct {
	*PayloadHeader
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | (length is block size for encryption algorithm) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Encrypted IKE Payloads ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding (0-255 octets) | +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ | | Pad Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Integrity Checksum Data ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*EncryptedPayload) Decode 

func (s *EncryptedPayload) Decode(b []byte) (err error)

func (*EncryptedPayload) Encode 

func (s *EncryptedPayload) Encode() (b []byte)

func (*EncryptedPayload) Type 

func (s *EncryptedPayload) Type() PayloadType

type EsnTransformId 

type EsnTransformId uint16
const (
	ESN_NONE EsnTransformId = 0
	ESN      EsnTransformId = 1
)

type HashAlgorithmId 

type HashAlgorithmId uint16
const (
	HASH_RESERVED HashAlgorithmId = 0
	HASH_SHA1     HashAlgorithmId = 1
	HASH_SHA2_256 HashAlgorithmId = 2
	HASH_SHA2_384 HashAlgorithmId = 3
	HASH_SHA2_512 HashAlgorithmId = 4
)

func (HashAlgorithmId) String 

func (i HashAlgorithmId) String() string

type IdPayload 

type IdPayload struct {
	*PayloadHeader
	IdPayloadType PayloadType
	IdType        IdType
	Data          []byte
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ID Type | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Identification Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*IdPayload) Decode 

func (s *IdPayload) Decode(b []byte) error

func (*IdPayload) Encode 

func (s *IdPayload) Encode() (b []byte)

func (*IdPayload) Type 

func (s *IdPayload) Type() PayloadType

type IdType 

type IdType uint8
const (
	ID_IPV4_ADDR   IdType = 1
	ID_FQDN        IdType = 2
	ID_RFC822_ADDR IdType = 3
	ID_IPV6_ADDR   IdType = 5
	ID_DER_ASN1_DN IdType = 9
	ID_DER_ASN1_GN IdType = 10
	ID_KEY_ID      IdType = 11
)

func (IdType) String 

func (i IdType) String() string

type IkeErrorCode 

type IkeErrorCode uint16
const (
	ERR_UNSUPPORTED_CRITICAL_PAYLOAD IkeErrorCode = 1
	ERR_INVALID_IKE_SPI              IkeErrorCode = 4
	ERR_INVALID_MAJOR_VERSION        IkeErrorCode = 5
	ERR_INVALID_SYNTAX               IkeErrorCode = 7
	ERR_INVALID_MESSAGE_ID           IkeErrorCode = 9
	ERR_INVALID_SPI                  IkeErrorCode = 11
	ERR_NO_PROPOSAL_CHOSEN           IkeErrorCode = 14
	ERR_INVALID_KE_PAYLOAD           IkeErrorCode = 17
	ERR_AUTHENTICATION_FAILED        IkeErrorCode = 24
	ERR_SINGLE_PAIR_REQUIRED         IkeErrorCode = 34
	ERR_NO_ADDITIONAL_SAS            IkeErrorCode = 35
	ERR_INTERNAL_ADDRESS_FAILURE     IkeErrorCode = 36
	ERR_FAILED_CP_REQUIRED           IkeErrorCode = 37
	ERR_TS_UNACCEPTABLE              IkeErrorCode = 38
	ERR_INVALID_SELECTORS            IkeErrorCode = 39 // appears in INFORMATIONAL
	ERR_TEMPORARY_FAILURE            IkeErrorCode = 43
	ERR_CHILD_SA_NOT_FOUND           IkeErrorCode = 44
)

func GetIkeErrorCode 

func GetIkeErrorCode(nt NotificationType) (IkeErrorCode, bool)

func (IkeErrorCode) Error 

func (e IkeErrorCode) Error() string

type IkeExchangeType 

type IkeExchangeType uint16
const (
	// 0-33	Reserved	[RFC7296]
	IKE_SA_INIT        IkeExchangeType = 34 //	[RFC7296]
	IKE_AUTH           IkeExchangeType = 35 //	[RFC7296]
	CREATE_CHILD_SA    IkeExchangeType = 36 //	[RFC7296]
	INFORMATIONAL      IkeExchangeType = 37 //	[RFC7296]
	IKE_SESSION_RESUME IkeExchangeType = 38 //	[RFC5723]
	GSA_AUTH           IkeExchangeType = 39 //	[draft-yeung-g-ikev2]
	GSA_REGISTRATION   IkeExchangeType = 40 //	[draft-yeung-g-ikev2]
	GSA_REKEY          IkeExchangeType = 41 //	[draft-yeung-g-ikev2]

)

func (IkeExchangeType) String 

func (i IkeExchangeType) String() string

type IkeFlags 

type IkeFlags uint8
const (
	RESPONSE  IkeFlags = 1 << 5
	VERSION   IkeFlags = 1 << 4
	INITIATOR IkeFlags = 1 << 3
)

func (IkeFlags) IsInitiator 

func (f IkeFlags) IsInitiator() bool

func (IkeFlags) IsResponse 

func (f IkeFlags) IsResponse() bool

func (IkeFlags) String 

func (f IkeFlags) String() string

type IkeHeader 

type IkeHeader struct {
	SpiI, SpiR                 Spi
	NextPayload                PayloadType
	MajorVersion, MinorVersion uint8 // 4 bits
	ExchangeType               IkeExchangeType
	Flags                      IkeFlags
	MsgID                      uint32
	MsgLength                  uint32
}

func DecodeIkeHeader 

func DecodeIkeHeader(b []byte) (h *IkeHeader, err error)

func (*IkeHeader) Encode 

func (h *IkeHeader) Encode() (b []byte)

type KePayload 

type KePayload struct {
	*PayloadHeader
	DhTransformId DhTransformId
	KeyData       *big.Int
}

start ke payload 

 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Payload  |C|  RESERVED   |         Payload Length        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   Diffie-Hellman Group Num    |           RESERVED            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
~                       Key Exchange Data                       ~
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*KePayload) Decode 

func (s *KePayload) Decode(b []byte) error

func (*KePayload) Encode 

func (s *KePayload) Encode() (b []byte)

func (*KePayload) Type 

func (s *KePayload) Type() PayloadType

type NoncePayload 

type NoncePayload struct {
	*PayloadHeader
	Nonce *big.Int
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Nonce Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*NoncePayload) Decode 

func (s *NoncePayload) Decode(b []byte) error

func (*NoncePayload) Encode 

func (s *NoncePayload) Encode() (b []byte)

func (*NoncePayload) Type 

func (s *NoncePayload) Type() PayloadType

type NotificationType 

type NotificationType uint16
const (
	// Error types
	UNSUPPORTED_CRITICAL_PAYLOAD NotificationType = 1
	INVALID_IKE_SPI              NotificationType = 4
	INVALID_MAJOR_VERSION        NotificationType = 5
	INVALID_SYNTAX               NotificationType = 7
	INVALID_MESSAGE_ID           NotificationType = 9
	INVALID_SPI                  NotificationType = 11
	NO_PROPOSAL_CHOSEN           NotificationType = 14
	INVALID_KE_PAYLOAD           NotificationType = 17
	AUTHENTICATION_FAILED        NotificationType = 24
	SINGLE_PAIR_REQUIRED         NotificationType = 34
	NO_ADDITIONAL_SAS            NotificationType = 35
	INTERNAL_ADDRESS_FAILURE     NotificationType = 36
	FAILED_CP_REQUIRED           NotificationType = 37
	TS_UNACCEPTABLE              NotificationType = 38
	INVALID_SELECTORS            NotificationType = 39
	TEMPORARY_FAILURE            NotificationType = 43
	CHILD_SA_NOT_FOUND           NotificationType = 44
	// Status Types
	INITIAL_CONTACT               NotificationType = 16384
	SET_WINDOW_SIZE               NotificationType = 16385
	ADDITIONAL_TS_POSSIBLE        NotificationType = 16386
	IPCOMP_SUPPORTED              NotificationType = 16387
	NAT_DETECTION_SOURCE_IP       NotificationType = 16388
	NAT_DETECTION_DESTINATION_IP  NotificationType = 16389
	COOKIE                        NotificationType = 16390
	USE_TRANSPORT_MODE            NotificationType = 16391
	HTTP_CERT_LOOKUP_SUPPORTED    NotificationType = 16392
	REKEY_SA                      NotificationType = 16393
	ESP_TFC_PADDING_NOT_SUPPORTED NotificationType = 16394
	NON_FIRST_FRAGMENTS_ALSO      NotificationType = 16395
	// non rfc7396
	MOBIKE_SUPPORTED                    NotificationType = 16396 //	[RFC4555]
	ADDITIONAL_IP4_ADDRESS              NotificationType = 16397 //	[RFC4555]
	ADDITIONAL_IP6_ADDRESS              NotificationType = 16398 //	[RFC4555]
	NO_ADDITIONAL_ADDRESSES             NotificationType = 16399 //	[RFC4555]
	UPDATE_SA_ADDRESSES                 NotificationType = 16400 //	[RFC4555]
	COOKIE2                             NotificationType = 16401 //	[RFC4555]
	NO_NATS_ALLOWED                     NotificationType = 16402 //	[RFC4555]
	AUTH_LIFETIME                       NotificationType = 16403 //	[RFC4478]
	MULTIPLE_AUTH_SUPPORTED             NotificationType = 16404 //	[RFC4739]
	ANOTHER_AUTH_FOLLOWS                NotificationType = 16405 //	[RFC4739]
	REDIRECT_SUPPORTED                  NotificationType = 16406 //	[RFC5685]
	REDIRECT                            NotificationType = 16407 //	[RFC5685]
	REDIRECTED_FROM                     NotificationType = 16408 //	[RFC5685]
	TICKET_LT_OPAQUE                    NotificationType = 16409 //	[RFC5723]
	TICKET_REQUEST                      NotificationType = 16410 //	[RFC5723]
	TICKET_ACK                          NotificationType = 16411 //	[RFC5723]
	TICKET_NACK                         NotificationType = 16412 //	[RFC5723]
	TICKET_OPAQUE                       NotificationType = 16413 //	[RFC5723]
	LINK_ID                             NotificationType = 16414 //	[RFC5739]
	USE_WESP_MODE                       NotificationType = 16415 //	[RFC5840]
	ROHC_SUPPORTED                      NotificationType = 16416 //	[RFC5857]
	EAP_ONLY_AUTHENTICATION             NotificationType = 16417 //	[RFC5998]
	CHILDLESS_IKEV2_SUPPORTED           NotificationType = 16418 //	[RFC6023]
	QUICK_CRASH_DETECTION               NotificationType = 16419 //	[RFC6290]
	IKEV2_MESSAGE_ID_SYNC_SUPPORTED     NotificationType = 16420 //	[RFC6311]
	IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED NotificationType = 16421 //	[RFC6311]
	IKEV2_MESSAGE_ID_SYNC               NotificationType = 16422 //	[RFC6311]
	IPSEC_REPLAY_COUNTER_SYNC           NotificationType = 16423 //	[RFC6311]
	SECURE_PASSWORD_METHODS             NotificationType = 16424 //	[RFC6467]
	PSK_PERSIST                         NotificationType = 16425 //	[RFC6631]
	PSK_CONFIRM                         NotificationType = 16426 //	[RFC6631]
	ERX_SUPPORTED                       NotificationType = 16427 //	[RFC6867]
	IFOM_CAPABILITY                     NotificationType = 16428 //	[Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2]
	SENDER_REQUEST_ID                   NotificationType = 16429 //	[draft-yeung-g-ikev2]
	IKEV2_FRAGMENTATION_SUPPORTED       NotificationType = 16430 //	[RFC7383]
	SIGNATURE_HASH_ALGORITHMS           NotificationType = 16431 //	[RFC7427]
)

func (NotificationType) String 

func (i NotificationType) String() string

type NotifyPayload 

type NotifyPayload struct {
	*PayloadHeader
	ProtocolId          ProtocolID
	NotificationType    NotificationType
	Spi                 []byte
	NotificationMessage interface{}
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Protocol ID | SPI Size | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Security Parameter Index (SPI) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Notification Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*NotifyPayload) Decode 

func (s *NotifyPayload) Decode(b []byte) (err error)

func (*NotifyPayload) Encode 

func (s *NotifyPayload) Encode() (b []byte)

func (*NotifyPayload) Type 

func (s *NotifyPayload) Type() PayloadType

type Packet 

type Packet interface {
	Decode([]byte) error
	Encode() []byte
}

type Payload 

type Payload interface {
	Type() PayloadType
	Decode([]byte) error
	Encode() []byte
	NextPayloadType() PayloadType
	Header() *PayloadHeader
}

Payload is interface expected from all payloads

type PayloadHeader 

type PayloadHeader struct {
	NextPayload   PayloadType
	IsCritical    bool
	PayloadLength uint16
}

func (*PayloadHeader) Decode 

func (h *PayloadHeader) Decode(b []byte) error

func (PayloadHeader) Encode 

func (h PayloadHeader) Encode() (b []byte)

func (*PayloadHeader) Header 

func (h *PayloadHeader) Header() *PayloadHeader

func (*PayloadHeader) NextPayloadType 

func (h *PayloadHeader) NextPayloadType() PayloadType

type PayloadType 

type PayloadType uint8
const (
	PayloadTypeNone PayloadType = 0 // No Next Payload		[RFC7296]
	// 1-32	Reserved		[RFC7296]
	PayloadTypeSA      PayloadType = 33 // Security Association	 [RFC7296]
	PayloadTypeKE      PayloadType = 34 // Key Exchange	 [RFC7296]
	PayloadTypeIDi     PayloadType = 35 // Identification - Initiator	 [RFC7296]
	PayloadTypeIDr     PayloadType = 36 // Identification - Responder	 [RFC7296]
	PayloadTypeCERT    PayloadType = 37 // Certificate	 [RFC7296]
	PayloadTypeCERTREQ PayloadType = 38 // Certificate Request	 [RFC7296]
	PayloadTypeAUTH    PayloadType = 39 // Authentication	 [RFC7296]
	PayloadTypeNonce   PayloadType = 40 // Nonce	Ni, Nr [RFC7296]
	PayloadTypeN       PayloadType = 41 // Notify	 [RFC7296]
	PayloadTypeD       PayloadType = 42 // Delete	 [RFC7296]
	PayloadTypeV       PayloadType = 43 // Vendor ID	 [RFC7296]
	PayloadTypeTSi     PayloadType = 44 // Traffic Selector - Initiator	 [RFC7296]
	PayloadTypeTSr     PayloadType = 45 // Traffic Selector - Responder	 [RFC7296]
	PayloadTypeSK      PayloadType = 46 // Encrypted and Authenticated	 [RFC7296]
	PayloadTypeCP      PayloadType = 47 // Configuration	 [RFC7296]
	PayloadTypeEAP     PayloadType = 48 // Extensible Authentication	 [RFC7296]
	PayloadTypeGSPM    PayloadType = 49 // Generic Secure Password Method	 [RFC6467]
	PayloadTypeIDg     PayloadType = 50 // Group Identification	[draft-yeung-g-ikev2]
	PayloadTypeGSA     PayloadType = 51 // Group Security Association		[draft-yeung-g-ikev2]
	PayloadTypeKD      PayloadType = 52 // Key Download		[draft-yeung-g-ikev2]
	PayloadTypeSKF     PayloadType = 53 // Encrypted and Authenticated Fragment	 [RFC7383]

)

func (PayloadType) String 

func (p PayloadType) String() string

type Payloads 

type Payloads struct {
	Array []Payload
}

Payloads

func DecodePayloads 

func DecodePayloads(b []byte, nextPayload PayloadType) (*Payloads, error)

func MakePayloads 

func MakePayloads() *Payloads

func (*Payloads) Add 

func (p *Payloads) Add(t Payload)

func (*Payloads) Get 

func (p *Payloads) Get(t PayloadType) Payload

func (*Payloads) GetCertchain 

func (p *Payloads) GetCertchain() (chain []*x509.Certificate, err error)

GetCertchain there may be multiple CERT payloads

func (*Payloads) GetNotification 

func (p *Payloads) GetNotification(nt NotificationType) *NotifyPayload

func (*Payloads) GetNotifications 

func (p *Payloads) GetNotifications() (ns []*NotifyPayload)

func (Payloads) MarshalJSON 

func (p Payloads) MarshalJSON() ([]byte, error)

func (Payloads) String 

func (p Payloads) String() string

type PolicyParams 

type PolicyParams struct {
	Ini, Res         net.IP // tunnel endpoints
	IniPort, ResPort int
	IniNet, ResNet   *net.IPNet
	IsTransportMode  bool
}

type PrfTransformId 

type PrfTransformId uint16
const (
	// 0	Reserved	[RFC7296]
	PRF_HMAC_MD5      PrfTransformId = 1 //	[RFC2104]
	PRF_HMAC_SHA1     PrfTransformId = 2 //	[RFC2104]
	PRF_HMAC_TIGER    PrfTransformId = 3 //	[RFC2104]
	PRF_AES128_XCBC   PrfTransformId = 4 //	[RFC4434]
	PRF_HMAC_SHA2_256 PrfTransformId = 5 //	[RFC4868]
	PRF_HMAC_SHA2_384 PrfTransformId = 6 //	[RFC4868]
	PRF_HMAC_SHA2_512 PrfTransformId = 7 //	[RFC4868]
	PRF_AES128_CMAC   PrfTransformId = 8 //	[RFC4615]

)

func (PrfTransformId) String 

func (i PrfTransformId) String() string

type Proposals 

type Proposals []*SaProposal

func ProposalFromTransform 

func ProposalFromTransform(prot ProtocolID, trs TransformMap, spi []byte) Proposals

type ProtocolID 

type ProtocolID uint8
const (
	IKE ProtocolID = 1
	AH  ProtocolID = 2
	ESP ProtocolID = 3
)

func (ProtocolID) String 

func (p ProtocolID) String() string

type SaPayload 

type SaPayload struct {
	*PayloadHeader
	Proposals
}
                    1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ <Proposals> ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*SaPayload) Decode 

func (s *SaPayload) Decode(b []byte) (err error)

func (*SaPayload) Encode 

func (s *SaPayload) Encode() (b []byte)

func (*SaPayload) Type 

func (s *SaPayload) Type() PayloadType

type SaProposal 

type SaProposal struct {
	IsLast     bool
	Number     uint8
	ProtocolID ProtocolID
	Spi        []byte
	Transforms []*SaTransform
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Last Substruc | RESERVED | Proposal Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Proposal Num | Protocol ID | SPI Size |Num Transforms| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ SPI (variable) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ <Transforms> ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*SaProposal) IsSpiSizeCorrect 

func (prop *SaProposal) IsSpiSizeCorrect(spiSize int) bool

type SaTransform 

type SaTransform struct {
	Transform Transform
	KeyLength uint16
	IsLast    bool
}

func (*SaTransform) IsEqual 

func (tr *SaTransform) IsEqual(other *SaTransform) bool

type Selector 

type Selector struct {
	Type                     SelectorType
	IpProtocolId             uint8
	StartPort, Endport       uint16
	StartAddress, EndAddress net.IP
}

func (Selector) String 

func (s Selector) String() string

type SelectorType 

type SelectorType uint8
const (
	TS_IPV4_ADDR_RANGE SelectorType = 7
	TS_IPV6_ADDR_RANGE SelectorType = 8
)

type Selectors 

type Selectors []*Selector

type SignatureAuth 

type SignatureAuth struct {
	Asn1Data  []byte
	Signature []byte
}
                    1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASN.1 Length | AlgorithmIdentifier ASN.1 object | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ AlgorithmIdentifier ASN.1 object continuing ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Signature Value ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*SignatureAuth) Decode 

func (s *SignatureAuth) Decode(b []byte) error

func (*SignatureAuth) Encode 

func (s *SignatureAuth) Encode() (b []byte)

type Spi 

type Spi []byte

func (*Spi) MarshalJSON 

func (s *Spi) MarshalJSON() ([]byte, error)

func (Spi) String 

func (s Spi) String() string

type TrafficSelectorPayload 

type TrafficSelectorPayload struct {
	*PayloadHeader
	TrafficSelectorPayloadType PayloadType
	Selectors                  Selectors
}

func (*TrafficSelectorPayload) Decode 

func (s *TrafficSelectorPayload) Decode(b []byte) error

func (*TrafficSelectorPayload) Encode 

func (s *TrafficSelectorPayload) Encode() (b []byte)

func (*TrafficSelectorPayload) Type 

func (s *TrafficSelectorPayload) Type() PayloadType

type Transform 

type Transform struct {
	Type        TransformType
	TransformId uint16
}

type TransformAttribute 

type TransformAttribute struct {
	Type  AttributeType
	Value uint16 // fixed 2 octet length for now
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A| Attribute Type | AF=0 Attribute Length | |F| | AF=1 Attribute Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AF=0 Attribute Value | | AF=1 Not Transmitted | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

type TransformMap 

type TransformMap map[TransformType]*SaTransform

TransformMap store the configured crypto suite NOTE that this cannot be used to parse incoming list of transforms incoming list can have many Transforms of same type in 1 proposal

func EspTransform 

func EspTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, esn EsnTransformId) TransformMap

EspTransform builds an ESP cipher suite

func IkeTransform 

func IkeTransform(encr EncrTransformId, keyBits uint16, auth AuthTransformId, prf PrfTransformId, dh DhTransformId) TransformMap

IkeTransform builds a IKE cipher suite

func (TransformMap) AsList 

func (t TransformMap) AsList() (trs []*SaTransform)

AsList converts transforms to flat list

func (TransformMap) GetType 

func (t TransformMap) GetType(ty TransformType) *Transform

func (TransformMap) Within 

func (t TransformMap) Within(proposed []*SaTransform) bool

Within checks if the configured set of transforms occurs within list of proposed transforms

type TransformType 

type TransformType uint8
const (
	TRANSFORM_TYPE_ENCR  TransformType = 1 // Encryption Algorithm  used in IKE and ESP [RFC7296]
	TRANSFORM_TYPE_PRF   TransformType = 2 // Pseudorandom Function used in IKE [RFC7296]
	TRANSFORM_TYPE_INTEG TransformType = 3 // Integrity Algorithm  used in   IKE*, AH, optional in ESP [RFC7296]
	TRANSFORM_TYPE_DH    TransformType = 4 // Diffie-Hellman Group used in   IKE, optional in AH & ESP [RFC7296]
	TRANSFORM_TYPE_ESN   TransformType = 5 // Extended Sequence Numbers used in AH and ESP [RFC7296]
)

func (TransformType) String 

func (p TransformType) String() string

type VendorIdPayload 

type VendorIdPayload struct {
	*PayloadHeader
}
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Vendor ID (VID) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*VendorIdPayload) Decode 

func (s *VendorIdPayload) Decode(b []byte) (err error)

func (*VendorIdPayload) Encode 

func (s *VendorIdPayload) Encode() (b []byte)

func (*VendorIdPayload) Type 

func (s *VendorIdPayload) Type() PayloadType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.