]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | The Definitions related to IKEv2 payload.\r | |
3 | \r | |
f75a7f56 | 4 | Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 5 | \r |
ecf98fbc | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9166f840 | 7 | \r |
8 | **/\r | |
9 | #ifndef _IKE_V2_PAYLOAD_H_\r | |
10 | #define _IKE_V2_PAYLOAD_H_\r | |
11 | \r | |
12 | //\r | |
13 | // Payload Type for IKEv2\r | |
14 | //\r | |
15 | #define IKEV2_PAYLOAD_TYPE_NONE 0\r | |
16 | #define IKEV2_PAYLOAD_TYPE_SA 33\r | |
17 | #define IKEV2_PAYLOAD_TYPE_KE 34\r | |
18 | #define IKEV2_PAYLOAD_TYPE_ID_INIT 35\r | |
19 | #define IKEV2_PAYLOAD_TYPE_ID_RSP 36\r | |
20 | #define IKEV2_PAYLOAD_TYPE_CERT 37\r | |
21 | #define IKEV2_PAYLOAD_TYPE_CERTREQ 38\r | |
22 | #define IKEV2_PAYLOAD_TYPE_AUTH 39\r | |
23 | #define IKEV2_PAYLOAD_TYPE_NONCE 40\r | |
24 | #define IKEV2_PAYLOAD_TYPE_NOTIFY 41\r | |
25 | #define IKEV2_PAYLOAD_TYPE_DELETE 42\r | |
26 | #define IKEV2_PAYLOAD_TYPE_VENDOR 43\r | |
27 | #define IKEV2_PAYLOAD_TYPE_TS_INIT 44\r | |
28 | #define IKEV2_PAYLOAD_TYPE_TS_RSP 45\r | |
29 | #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46\r | |
30 | #define IKEV2_PAYLOAD_TYPE_CP 47\r | |
31 | #define IKEV2_PAYLOAD_TYPE_EAP 48\r | |
32 | \r | |
33 | //\r | |
f75a7f56 | 34 | // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1\r |
7822a1d9 | 35 | //\r |
f75a7f56 | 36 | // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the\r |
7822a1d9 JW |
37 | // original initiator of the IKE_SA\r |
38 | //\r | |
f75a7f56 | 39 | // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to\r |
7822a1d9 | 40 | // a message containing the same message ID.\r |
9166f840 | 41 | //\r |
42 | #define IKE_HEADER_FLAGS_INIT 0x08\r | |
43 | #define IKE_HEADER_FLAGS_RESPOND 0x20\r | |
9166f840 | 44 | \r |
45 | //\r | |
46 | // IKE Header Exchange Type for IKEv2\r | |
47 | //\r | |
48 | #define IKEV2_EXCHANGE_TYPE_INIT 34\r | |
49 | #define IKEV2_EXCHANGE_TYPE_AUTH 35\r | |
50 | #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36\r | |
51 | #define IKEV2_EXCHANGE_TYPE_INFO 37\r | |
52 | \r | |
53 | #pragma pack(1)\r | |
54 | typedef struct {\r | |
55 | UINT8 NextPayload;\r | |
56 | UINT8 Reserved;\r | |
57 | UINT16 PayloadLength;\r | |
58 | } IKEV2_COMMON_PAYLOAD_HEADER;\r | |
59 | #pragma pack()\r | |
60 | \r | |
61 | #pragma pack(1)\r | |
62 | typedef struct {\r | |
63 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
f75a7f56 | 64 | //\r |
9166f840 | 65 | // Proposals\r |
66 | //\r | |
67 | } IKEV2_SA;\r | |
68 | #pragma pack()\r | |
69 | \r | |
70 | #pragma pack(1)\r | |
71 | typedef struct {\r | |
72 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
73 | UINT8 ProposalIndex;\r | |
74 | UINT8 ProtocolId;\r | |
75 | UINT8 SpiSize;\r | |
76 | UINT8 NumTransforms;\r | |
77 | } IKEV2_PROPOSAL;\r | |
78 | #pragma pack()\r | |
79 | \r | |
80 | //\r | |
81 | // IKEv2 Transform Type Values presented within Transform Payload\r | |
82 | //\r | |
83 | #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm\r | |
84 | #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func\r | |
85 | #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm\r | |
86 | #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group\r | |
87 | #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number\r | |
88 | \r | |
89 | //\r | |
90 | // IKEv2 Transform ID for Encrypt Algorithm (ENCR)\r | |
f75a7f56 | 91 | //\r |
9166f840 | 92 | #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1\r |
93 | #define IKEV2_TRANSFORM_ID_ENCR_DES 2\r | |
94 | #define IKEV2_TRANSFORM_ID_ENCR_3DES 3\r | |
95 | #define IKEV2_TRANSFORM_ID_ENCR_RC5 4\r | |
96 | #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5\r | |
97 | #define IKEV2_TRANSFORM_ID_ENCR_CAST 6\r | |
98 | #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7\r | |
99 | #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8\r | |
100 | #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9\r | |
101 | #define IKEV2_TRANSFORM_ID_ENCR_NULL 11\r | |
102 | #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12\r | |
103 | #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13\r | |
104 | \r | |
105 | //\r | |
106 | // IKEv2 Transform ID for Pseudo-Random Function (PRF)\r | |
107 | //\r | |
108 | #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1\r | |
109 | #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2\r | |
110 | #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3\r | |
111 | #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4\r | |
112 | \r | |
113 | //\r | |
114 | // IKEv2 Transform ID for Integrity Algorithm (INTEG)\r | |
115 | //\r | |
116 | #define IKEV2_TRANSFORM_ID_AUTH_NONE 0\r | |
117 | #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1\r | |
118 | #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2\r | |
119 | #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3\r | |
120 | #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4\r | |
121 | #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5\r | |
122 | \r | |
123 | //\r | |
124 | // IKEv2 Transform ID for Diffie-Hellman Group (DH)\r | |
125 | //\r | |
126 | #define IKEV2_TRANSFORM_ID_DH_768MODP 1\r | |
127 | #define IKEV2_TRANSFORM_ID_DH_1024MODP 2\r | |
128 | #define IKEV2_TRANSFORM_ID_DH_2048MODP 14\r | |
129 | \r | |
130 | //\r | |
131 | // IKEv2 Attribute Type Values\r | |
132 | //\r | |
133 | #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14\r | |
134 | \r | |
135 | //\r | |
136 | // Transform Payload\r | |
137 | //\r | |
138 | #pragma pack(1)\r | |
139 | typedef struct {\r | |
140 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
141 | UINT8 TransformType;\r | |
142 | UINT8 Reserved;\r | |
143 | UINT16 TransformId;\r | |
144 | //\r | |
145 | // SA Attributes\r | |
146 | //\r | |
147 | } IKEV2_TRANSFORM;\r | |
148 | #pragma pack()\r | |
149 | \r | |
150 | #pragma pack(1)\r | |
151 | typedef struct {\r | |
152 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
153 | UINT16 DhGroup;\r | |
154 | UINT16 Reserved;\r | |
155 | //\r | |
156 | // Remaining part contains the key exchanged\r | |
157 | //\r | |
158 | } IKEV2_KEY_EXCHANGE;\r | |
159 | #pragma pack()\r | |
160 | \r | |
161 | //\r | |
162 | // Identification Type Values presented within Ikev2 ID payload\r | |
163 | //\r | |
164 | #define IKEV2_ID_TYPE_IPV4_ADDR 1\r | |
165 | #define IKEV2_ID_TYPE_FQDN 2\r | |
166 | #define IKEV2_ID_TYPE_RFC822_ADDR 3\r | |
167 | #define IKEV2_ID_TYPE_IPV6_ADDR 5\r | |
168 | #define IKEV2_ID_TYPE_DER_ASN1_DN 9\r | |
169 | #define IKEV2_ID_TYPE_DER_ASN1_GN 10\r | |
170 | #define IKEV2_ID_TYPE_KEY_ID 11\r | |
171 | \r | |
172 | //\r | |
173 | // Identification Payload\r | |
174 | //\r | |
175 | #pragma pack(1)\r | |
176 | typedef struct {\r | |
177 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
178 | UINT8 IdType;\r | |
179 | UINT8 Reserver1;\r | |
180 | UINT16 Reserver2;\r | |
181 | //\r | |
182 | // Identification Data\r | |
183 | //\r | |
184 | } IKEV2_ID;\r | |
185 | #pragma pack()\r | |
186 | \r | |
187 | //\r | |
188 | // Encoding Type presented in IKEV2 Cert Payload\r | |
189 | //\r | |
190 | #define IKEV2_CERT_ENCODEING_RESERVED 0\r | |
191 | #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1\r | |
192 | #define IKEV2_CERT_ENCODEING_PGP_CERT 2\r | |
193 | #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3\r | |
194 | #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4\r | |
195 | #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6\r | |
196 | #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7\r | |
197 | #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8\r | |
198 | #define IKEV2_CERT_ENCODEING_SPKI_CERT 9\r | |
199 | #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10\r | |
200 | #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11\r | |
201 | #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12\r | |
202 | \r | |
203 | //\r | |
204 | // IKEV2 Certificate Payload\r | |
205 | //\r | |
206 | #pragma pack(1)\r | |
207 | typedef struct {\r | |
208 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
209 | UINT8 CertEncoding;\r | |
210 | //\r | |
211 | // Cert Data\r | |
212 | //\r | |
213 | } IKEV2_CERT;\r | |
214 | #pragma pack()\r | |
215 | \r | |
216 | //\r | |
217 | // IKEV2 Certificate Request Payload\r | |
218 | //\r | |
219 | #pragma pack(1)\r | |
220 | typedef struct {\r | |
221 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
222 | UINT8 CertEncoding;\r | |
223 | //\r | |
224 | // Cert Authority\r | |
225 | //\r | |
226 | } IKEV2_CERT_REQ;\r | |
227 | #pragma pack()\r | |
228 | \r | |
229 | //\r | |
230 | // Authentication Payload\r | |
231 | //\r | |
232 | #pragma pack(1)\r | |
233 | typedef struct {\r | |
234 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
235 | UINT8 AuthMethod;\r | |
236 | UINT8 Reserved1;\r | |
237 | UINT16 Reserved2;\r | |
238 | //\r | |
239 | // Auth Data\r | |
240 | //\r | |
241 | } IKEV2_AUTH;\r | |
242 | #pragma pack()\r | |
243 | \r | |
244 | //\r | |
245 | // Authmethod in Authentication Payload\r | |
246 | //\r | |
247 | #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature\r | |
248 | #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity\r | |
249 | #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature\r | |
250 | \r | |
251 | //\r | |
252 | // IKEv2 Nonce Payload\r | |
253 | //\r | |
254 | #pragma pack(1)\r | |
255 | typedef struct {\r | |
256 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
257 | //\r | |
258 | // Nonce Data\r | |
259 | //\r | |
260 | } IKEV2_NONCE;\r | |
261 | #pragma pack()\r | |
262 | \r | |
263 | //\r | |
264 | // Notification Payload\r | |
265 | //\r | |
266 | #pragma pack(1)\r | |
267 | typedef struct {\r | |
268 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
269 | UINT8 ProtocolId;\r | |
270 | UINT8 SpiSize;\r | |
271 | UINT16 MessageType;\r | |
272 | //\r | |
273 | // SPI and Notification Data\r | |
274 | //\r | |
275 | } IKEV2_NOTIFY;\r | |
276 | #pragma pack()\r | |
277 | \r | |
278 | //\r | |
279 | // Notify Message Types presented within IKEv2 Notify Payload\r | |
280 | //\r | |
281 | #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1\r | |
282 | #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4\r | |
283 | #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5\r | |
284 | #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7\r | |
285 | #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9\r | |
286 | #define IKEV2_NOTIFICATION_INVALID_SPI 11\r | |
287 | #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14\r | |
288 | #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17\r | |
289 | #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24\r | |
290 | #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34\r | |
291 | #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35\r | |
292 | #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36\r | |
293 | #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37\r | |
294 | #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38\r | |
295 | #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39\r | |
296 | #define IKEV2_NOTIFICATION_COOKIE 16390\r | |
297 | #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391\r | |
298 | #define IKEV2_NOTIFICATION_REKEY_SA 16393\r | |
299 | \r | |
300 | //\r | |
301 | // IKEv2 Protocol ID\r | |
302 | //\r | |
303 | //\r | |
304 | // IKEv2 Delete Payload\r | |
305 | //\r | |
306 | #pragma pack(1)\r | |
307 | typedef struct {\r | |
308 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
309 | UINT8 ProtocolId;\r | |
310 | UINT8 SpiSize;\r | |
311 | UINT16 NumSpis;\r | |
312 | //\r | |
313 | // SPIs\r | |
314 | //\r | |
315 | } IKEV2_DELETE;\r | |
316 | #pragma pack()\r | |
317 | \r | |
318 | //\r | |
319 | // Traffic Selector Payload\r | |
320 | //\r | |
321 | #pragma pack(1)\r | |
322 | typedef struct {\r | |
323 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
324 | UINT8 TSNumbers;\r | |
325 | UINT8 Reserved1;\r | |
326 | UINT16 Reserved2;\r | |
327 | //\r | |
328 | // Traffic Selector\r | |
329 | //\r | |
330 | } IKEV2_TS;\r | |
331 | #pragma pack()\r | |
332 | \r | |
333 | //\r | |
334 | // Traffic Selector\r | |
335 | //\r | |
336 | #pragma pack(1)\r | |
337 | typedef struct {\r | |
338 | UINT8 TSType;\r | |
339 | UINT8 IpProtocolId;\r | |
340 | UINT16 SelecorLen;\r | |
341 | UINT16 StartPort;\r | |
342 | UINT16 EndPort;\r | |
343 | //\r | |
344 | // Starting Address && Ending Address\r | |
345 | //\r | |
346 | } TRAFFIC_SELECTOR;\r | |
347 | #pragma pack()\r | |
348 | \r | |
349 | //\r | |
350 | // Ts Type in Traffic Selector\r | |
351 | //\r | |
352 | #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7\r | |
353 | #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8\r | |
354 | \r | |
355 | //\r | |
356 | // Vendor Payload\r | |
357 | //\r | |
358 | #pragma pack(1)\r | |
359 | typedef struct {\r | |
360 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
361 | //\r | |
362 | // Vendor ID\r | |
363 | //\r | |
364 | } IKEV2_VENDOR;\r | |
365 | #pragma pack()\r | |
366 | \r | |
367 | //\r | |
368 | // Encrypted Payload\r | |
369 | //\r | |
370 | #pragma pack(1)\r | |
371 | typedef struct {\r | |
372 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
373 | //\r | |
374 | // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum\r | |
375 | //\r | |
376 | } IKEV2_ENCRYPTED;\r | |
377 | #pragma pack()\r | |
378 | \r | |
379 | #pragma pack(1)\r | |
380 | typedef struct {\r | |
381 | UINT8 PadLength;\r | |
382 | } IKEV2_PAD_LEN;\r | |
383 | #pragma pack()\r | |
384 | \r | |
385 | //\r | |
386 | // Configuration Payload\r | |
387 | //\r | |
388 | #pragma pack(1)\r | |
389 | typedef struct {\r | |
390 | IKEV2_COMMON_PAYLOAD_HEADER Header;\r | |
391 | UINT8 CfgType;\r | |
392 | UINT8 Reserve1;\r | |
393 | UINT16 Reserve2;\r | |
394 | //\r | |
395 | // Configuration Attributes\r | |
396 | //\r | |
397 | } IKEV2_CFG;\r | |
398 | #pragma pack()\r | |
399 | \r | |
400 | //\r | |
401 | // Configuration Payload CPG type\r | |
402 | //\r | |
403 | #define IKEV2_CFG_TYPE_REQUEST 1\r | |
404 | #define IKEV2_CFG_TYPE_REPLY 2\r | |
405 | #define IKEV2_CFG_TYPE_SET 3\r | |
406 | #define IKEV2_CFG_TYPE_ACK 4\r | |
407 | \r | |
408 | //\r | |
409 | // Configuration Attributes\r | |
410 | //\r | |
411 | #pragma pack(1)\r | |
412 | typedef struct {\r | |
413 | UINT16 AttritType;\r | |
414 | UINT16 ValueLength;\r | |
415 | } IKEV2_CFG_ATTRIBUTES;\r | |
416 | #pragma pack()\r | |
417 | \r | |
418 | //\r | |
419 | // Configuration Attributes\r | |
420 | //\r | |
421 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1\r | |
422 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2\r | |
423 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3\r | |
424 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4\r | |
425 | #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5\r | |
426 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6\r | |
427 | #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7\r | |
428 | #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8\r | |
429 | #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10\r | |
430 | #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11\r | |
431 | #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12\r | |
432 | #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13\r | |
433 | #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14\r | |
434 | #define IKEV2_CFG_ATTR_IP6_SUBNET 15\r | |
435 | \r | |
436 | #endif\r | |
437 | \r |