@CHIP-RTOS - IP Security/IKE Error Codes

    IPC@CHIP® Documentation Index

IP Security / IKE Error Codes

All error codes here are stated in decimal.   These error codes can be viewed using the IKE console command when they are present (non-zero).

IP Security startup error codes

   0       Successful.

  -2       Policy file read failed.

  -3       Policy file too large, exceeded 64 Kbyte limit.

  -4       Memory allocation failed for policy file read.

  -5       Invalid policy file read contents.

  202      Policy file open failed, file not found.

  222 up to 999   Some internal error has occurred.

  1222     Invalid policy file contents.

  1234     Policy file's policy index out of range.

  1247     Policy from file not supported.

  1255     Policy memory space allocation failed.

  1560     Policy file contains a bad policy.

  2255     Memory space allocation failed for preshared key from policy file.

  6222     Invalid preshared key specified in CHIP.INI.

  6255     Memory space allocation failed for preshared key specified in CHIP.INI.

IKE error codes

    Error codes 1 through 25 are received from peer in an information exchange type message.

    1      Invalid payload type.

    2      DOI not supported.

    3      Situation not supported.

    4      Invalid cookie.

    5      Invalid major version.

    6      Invalid minor version.

    7      Invalid exchange type.

    8      Invalid flags.

    9      Invalid message ID.

   10      Invalid protocol ID.

   11      Invalid SPI.

   12      Invalid transform ID.

   13      Attributes not supported.

   14      No proposal chosen (all rejected).

   15      Bad proposal syntax.

   16      Payload malformed.

   17      Invalid key info.

   18      Invalid ID information.  (The peer may respond with this error code when AH protocol use is attempted with a NAT device in the path to the peer.)

   19      Invalid certificate encoding.

   20      Invalid certificate.

   21      Bad certificate request.

   22      Invalid certification authority.

   23      Invalid hash info.

   24      Authentication failed.

   25      Invalid signature.

  100      Message from peer too large for receiver buffer.

  101      Received clear text message, expected encrypted.

  102      Received encrypted message, expected clear text.

  103      Invalid message received (length error).

  104      DH group not available for use in aggressive mode.

  105      Message decryption failed.

  106      Policy with void content.

  107      IKE task has a receive problem at recvfrom() function.   (Datagram too short or a socket error.).

  110      Received invalid phase 1 SA header.

  111      No acceptable proposal found in phase 1 SA header.

  112      Shared secret key computation failed.

  113      Expected KE header not present in received message.

  114      Expected NOUNCE header not present in received message.

  115      NOUNCE header length error.

  116      Diffie-Hellman key pair generation failed.

  117      Preshared key specified by peer not found.

  118      Unexpected header in message.   (When AH protocol is used across NAT devices, this error can occur.)

  120      Requested authentication method not supported.

  121      Install of peer certificate received into database failed.

  122      Received message invalid (too many headers).

  123      IKE_LOCALCERT certificate missing.

  124      Requested CA certificate not found in database.

  125      Phase 1 authorization method does not fit local certificate.

  130      No phase 1 SA proposal accepted by responder.

  131      Internal error in phase 1 SA handling.

  133      PKI certificate output message build failed.

  134      PKI signature output header build failed.

  140      Expected phase 1 ID header not present in received message.

  141      Invalid phase 1 ID header length received.

  142      Phase 1 ID type specified by peer not supported.

  143      Phase 1 ID port of protocol incorrect.

  150      Expected phase 1 signature header not present.

  151      CA certificate needed to verify peer ID not found.

  152      Phase 1 hash computation for signature verification failed.

  153      Phase 1 signature verification failed.

  155      Expected phase 1 hash header not present.

  156      Phase 1 hash header lengthh invalid.

  157      Phase 1 hash compare failed for received hash.

  160      Quick Mode Initiator: No valid policy data available.

  161      Quick Mode Responder: No policy data found.

  162      Quick Mode: Internal error generating SA header.

  163      Quick Mode: Diffie-Hellman group invalid.

  170      Quick Mode: Expected ID header not present.

  171      Quick Mode: ID header length invalid.

  173      Quick Mode: ID protocol mismatch.

  174      Quick Mode: ID type not supported.

  180      Quick Mode: Expected SA header not present.

  181      Quick Mode: Unexpeced header.

  182      Quick Mode: Hash header length invalid.

  185      Quick Mode: Invalid SA header from peer.

  186      Quick Mode: No acceptable SA proposal found.

  187      Quick Mode: KE header either missing or unexpected.

  189      Quick Mode: Malformed CONNECTED notification.

  255      Memory allocation failed.

Related Topics

IKE console command
IP Security API

End of document