2 The Definitions related to IKEv2 payload.
4 Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #ifndef _IKE_V2_PAYLOAD_H_
16 #define _IKE_V2_PAYLOAD_H_
19 // Payload Type for IKEv2
21 #define IKEV2_PAYLOAD_TYPE_NONE 0
22 #define IKEV2_PAYLOAD_TYPE_SA 33
23 #define IKEV2_PAYLOAD_TYPE_KE 34
24 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35
25 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36
26 #define IKEV2_PAYLOAD_TYPE_CERT 37
27 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38
28 #define IKEV2_PAYLOAD_TYPE_AUTH 39
29 #define IKEV2_PAYLOAD_TYPE_NONCE 40
30 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41
31 #define IKEV2_PAYLOAD_TYPE_DELETE 42
32 #define IKEV2_PAYLOAD_TYPE_VENDOR 43
33 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44
34 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45
35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46
36 #define IKEV2_PAYLOAD_TYPE_CP 47
37 #define IKEV2_PAYLOAD_TYPE_EAP 48
40 // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
42 // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
43 // original initiator of the IKE_SA
45 // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
46 // a message containing the same message ID.
48 #define IKE_HEADER_FLAGS_INIT 0x08
49 #define IKE_HEADER_FLAGS_RESPOND 0x20
52 // IKE Header Exchange Type for IKEv2
54 #define IKEV2_EXCHANGE_TYPE_INIT 34
55 #define IKEV2_EXCHANGE_TYPE_AUTH 35
56 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
57 #define IKEV2_EXCHANGE_TYPE_INFO 37
64 } IKEV2_COMMON_PAYLOAD_HEADER
;
69 IKEV2_COMMON_PAYLOAD_HEADER Header
;
78 IKEV2_COMMON_PAYLOAD_HEADER Header
;
87 // IKEv2 Transform Type Values presented within Transform Payload
89 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm
90 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func
91 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm
92 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group
93 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number
96 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
98 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
99 #define IKEV2_TRANSFORM_ID_ENCR_DES 2
100 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3
101 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4
102 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5
103 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6
104 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
105 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8
106 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
107 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11
108 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12
109 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13
112 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
114 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1
115 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2
116 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3
117 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4
120 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
122 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0
123 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1
124 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2
125 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3
126 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4
127 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5
130 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
132 #define IKEV2_TRANSFORM_ID_DH_768MODP 1
133 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2
134 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14
137 // IKEv2 Attribute Type Values
139 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14
146 IKEV2_COMMON_PAYLOAD_HEADER Header
;
158 IKEV2_COMMON_PAYLOAD_HEADER Header
;
162 // Remaining part contains the key exchanged
164 } IKEV2_KEY_EXCHANGE
;
168 // Identification Type Values presented within Ikev2 ID payload
170 #define IKEV2_ID_TYPE_IPV4_ADDR 1
171 #define IKEV2_ID_TYPE_FQDN 2
172 #define IKEV2_ID_TYPE_RFC822_ADDR 3
173 #define IKEV2_ID_TYPE_IPV6_ADDR 5
174 #define IKEV2_ID_TYPE_DER_ASN1_DN 9
175 #define IKEV2_ID_TYPE_DER_ASN1_GN 10
176 #define IKEV2_ID_TYPE_KEY_ID 11
179 // Identification Payload
183 IKEV2_COMMON_PAYLOAD_HEADER Header
;
188 // Identification Data
194 // Encoding Type presented in IKEV2 Cert Payload
196 #define IKEV2_CERT_ENCODEING_RESERVED 0
197 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1
198 #define IKEV2_CERT_ENCODEING_PGP_CERT 2
199 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3
200 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4
201 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6
202 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7
203 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8
204 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9
205 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10
206 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11
207 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
210 // IKEV2 Certificate Payload
214 IKEV2_COMMON_PAYLOAD_HEADER Header
;
223 // IKEV2 Certificate Request Payload
227 IKEV2_COMMON_PAYLOAD_HEADER Header
;
236 // Authentication Payload
240 IKEV2_COMMON_PAYLOAD_HEADER Header
;
251 // Authmethod in Authentication Payload
253 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature
254 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity
255 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature
258 // IKEv2 Nonce Payload
262 IKEV2_COMMON_PAYLOAD_HEADER Header
;
270 // Notification Payload
274 IKEV2_COMMON_PAYLOAD_HEADER Header
;
279 // SPI and Notification Data
285 // Notify Message Types presented within IKEv2 Notify Payload
287 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1
288 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4
289 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5
290 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7
291 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9
292 #define IKEV2_NOTIFICATION_INVALID_SPI 11
293 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14
294 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17
295 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24
296 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34
297 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35
298 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36
299 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37
300 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38
301 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39
302 #define IKEV2_NOTIFICATION_COOKIE 16390
303 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391
304 #define IKEV2_NOTIFICATION_REKEY_SA 16393
310 // IKEv2 Delete Payload
314 IKEV2_COMMON_PAYLOAD_HEADER Header
;
325 // Traffic Selector Payload
329 IKEV2_COMMON_PAYLOAD_HEADER Header
;
350 // Starting Address && Ending Address
356 // Ts Type in Traffic Selector
358 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7
359 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8
366 IKEV2_COMMON_PAYLOAD_HEADER Header
;
378 IKEV2_COMMON_PAYLOAD_HEADER Header
;
380 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
392 // Configuration Payload
396 IKEV2_COMMON_PAYLOAD_HEADER Header
;
401 // Configuration Attributes
407 // Configuration Payload CPG type
409 #define IKEV2_CFG_TYPE_REQUEST 1
410 #define IKEV2_CFG_TYPE_REPLY 2
411 #define IKEV2_CFG_TYPE_SET 3
412 #define IKEV2_CFG_TYPE_ACK 4
415 // Configuration Attributes
421 } IKEV2_CFG_ATTRIBUTES
;
425 // Configuration Attributes
427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1
428 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2
429 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3
430 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4
431 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5
432 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6
433 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7
434 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8
435 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10
436 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11
437 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12
438 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13
439 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14
440 #define IKEV2_CFG_ATTR_IP6_SUBNET 15