ikev2: add support for AES-GCM cipher in IKE

[vpp.git] / src / plugins / ikev2 / ikev2.h

diff --git a/src/plugins/ikev2/ikev2.h b/src/plugins/ikev2/ikev2.h
index c73df15..dd1c646 100644 (file)
--- a/src/plugins/ikev2/ikev2.h
+++ b/src/plugins/ikev2/ikev2.h
@@ -21,9 +21,15 @@
 #include <vppinfra/error.h>
 
 #define IKEV2_NONCE_SIZE  32
-
+#define IKEV2_PORT        500
+#define IKEV2_PORT_NATT   4500
 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
 
+#define IKEV2_GCM_ICV_SIZE 16
+#define IKEV2_GCM_NONCE_SIZE 12
+#define IKEV2_GCM_SALT_SIZE 4
+#define IKEV2_GCM_IV_SIZE (IKEV2_GCM_NONCE_SIZE - IKEV2_GCM_SALT_SIZE)
+
 typedef u8 v8;
 
 /* *INDENT-OFF* */
@@ -91,6 +97,8 @@ typedef CLIB_PACKED (struct {
 #define IKEV2_PAYLOAD_FLAG_CRITICAL      (1<<7)
 
 #define IKEV2_PAYLOAD_NONE      0
+#define IKEV2_PAYLOAD_NAT_D     20
+#define IKEV2_PAYLOAD_NAT_OA    21
 #define IKEV2_PAYLOAD_SA        33
 #define IKEV2_PAYLOAD_KE        34
 #define IKEV2_PAYLOAD_IDI       35
@@ -394,6 +402,9 @@ clib_error_t *ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name,
                                             u32 handover, u64 maxdata);
 clib_error_t *ikev2_set_profile_tunnel_interface (vlib_main_t * vm, u8 * name,
                                                  u32 sw_if_index);
+vnet_api_error_t ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm,
+                                                  u8 * name, u16 port,
+                                                  u8 is_set);
 clib_error_t *ikev2_set_profile_udp_encap (vlib_main_t * vm, u8 * name);
 clib_error_t *ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name);
 clib_error_t *ikev2_initiate_delete_child_sa (vlib_main_t * vm, u32 ispi);
@@ -428,6 +439,8 @@ uword unformat_ikev2_transform_esn_type (unformat_input_t * input,
                                         va_list * args);
 void ikev2_cli_reference (void);
 
+clib_error_t *ikev2_set_liveness_params (u32 period, u32 max_retries);
+
 #endif /* __included_ikev2_h__ */