[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Payload.h

/** @file\r
  The Definitions related to IKEv2 payload.\r
\r
  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
#ifndef _IKE_V2_PAYLOAD_H_\r
#define _IKE_V2_PAYLOAD_H_\r
\r
//\r
// Payload Type for IKEv2\r
//\r
#define IKEV2_PAYLOAD_TYPE_NONE     0\r
#define IKEV2_PAYLOAD_TYPE_SA       33\r
#define IKEV2_PAYLOAD_TYPE_KE       34\r
#define IKEV2_PAYLOAD_TYPE_ID_INIT  35\r
#define IKEV2_PAYLOAD_TYPE_ID_RSP   36\r
#define IKEV2_PAYLOAD_TYPE_CERT     37\r
#define IKEV2_PAYLOAD_TYPE_CERTREQ  38\r
#define IKEV2_PAYLOAD_TYPE_AUTH     39\r
#define IKEV2_PAYLOAD_TYPE_NONCE    40\r
#define IKEV2_PAYLOAD_TYPE_NOTIFY   41\r
#define IKEV2_PAYLOAD_TYPE_DELETE   42\r
#define IKEV2_PAYLOAD_TYPE_VENDOR   43\r
#define IKEV2_PAYLOAD_TYPE_TS_INIT  44\r
#define IKEV2_PAYLOAD_TYPE_TS_RSP   45\r
#define IKEV2_PAYLOAD_TYPE_ENCRYPT  46\r
#define IKEV2_PAYLOAD_TYPE_CP       47\r
#define IKEV2_PAYLOAD_TYPE_EAP      48\r
\r
//\r
// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1\r
//\r
// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the\r
//                                      original initiator of the IKE_SA\r
//\r
// R(esponse) (bit 5 of Flags, 0x20)  - This bit indicates that this message is a response to\r
//                                      a message containing the same message ID.\r
//\r
#define IKE_HEADER_FLAGS_INIT       0x08\r
#define IKE_HEADER_FLAGS_RESPOND    0x20\r
\r
//\r
// IKE Header Exchange Type for IKEv2\r
//\r
#define IKEV2_EXCHANGE_TYPE_INIT         34\r
#define IKEV2_EXCHANGE_TYPE_AUTH         35\r
#define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36\r
#define IKEV2_EXCHANGE_TYPE_INFO         37\r
\r
#pragma pack(1)\r
typedef struct {\r
  UINT8   NextPayload;\r
  UINT8   Reserved;\r
  UINT16  PayloadLength;\r
} IKEV2_COMMON_PAYLOAD_HEADER;\r
#pragma pack()\r
\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  //\r
  // Proposals\r
  //\r
} IKEV2_SA;\r
#pragma pack()\r
\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       ProposalIndex;\r
  UINT8                       ProtocolId;\r
  UINT8                       SpiSize;\r
  UINT8                       NumTransforms;\r
} IKEV2_PROPOSAL;\r
#pragma pack()\r
\r
//\r
// IKEv2 Transform Type Values presented within Transform Payload\r
//\r
#define IKEV2_TRANSFORM_TYPE_ENCR      1  // Encryption Algorithm\r
#define IKEV2_TRANSFORM_TYPE_PRF       2  // Pseduo-Random Func\r
#define IKEV2_TRANSFORM_TYPE_INTEG     3  // Integrity Algorithm\r
#define IKEV2_TRANSFORM_TYPE_DH        4  // DH Group\r
#define IKEV2_TRANSFORM_TYPE_ESN       5  // Extended Sequence Number\r
\r
//\r
// IKEv2 Transform ID for Encrypt Algorithm (ENCR)\r
//\r
#define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1\r
#define IKEV2_TRANSFORM_ID_ENCR_DES      2\r
#define IKEV2_TRANSFORM_ID_ENCR_3DES     3\r
#define IKEV2_TRANSFORM_ID_ENCR_RC5      4\r
#define IKEV2_TRANSFORM_ID_ENCR_IDEA     5\r
#define IKEV2_TRANSFORM_ID_ENCR_CAST     6\r
#define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7\r
#define IKEV2_TRANSFORM_ID_ENCR_3IDEA    8\r
#define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9\r
#define IKEV2_TRANSFORM_ID_ENCR_NULL     11\r
#define IKEV2_TRANSFORM_ID_ENCR_AES_CBC  12\r
#define IKEV2_TRANSFORM_ID_ENCR_AES_CTR  13\r
\r
//\r
// IKEv2 Transform ID for Pseudo-Random Function (PRF)\r
//\r
#define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5     1\r
#define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1    2\r
#define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER   3\r
#define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC  4\r
\r
//\r
// IKEv2 Transform ID for Integrity Algorithm (INTEG)\r
//\r
#define IKEV2_TRANSFORM_ID_AUTH_NONE              0\r
#define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96       1\r
#define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96      2\r
#define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC      3\r
#define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5     4\r
#define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96  5\r
\r
//\r
// IKEv2 Transform ID for Diffie-Hellman Group (DH)\r
//\r
#define IKEV2_TRANSFORM_ID_DH_768MODP             1\r
#define IKEV2_TRANSFORM_ID_DH_1024MODP            2\r
#define IKEV2_TRANSFORM_ID_DH_2048MODP            14\r
\r
//\r
// IKEv2 Attribute Type Values\r
//\r
#define IKEV2_ATTRIBUTE_TYPE_KEYLEN               14\r
\r
//\r
// Transform Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       TransformType;\r
  UINT8                       Reserved;\r
  UINT16                      TransformId;\r
  //\r
  // SA Attributes\r
  //\r
} IKEV2_TRANSFORM;\r
#pragma pack()\r
\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT16                      DhGroup;\r
  UINT16                      Reserved;\r
  //\r
  // Remaining part contains the key exchanged\r
  //\r
} IKEV2_KEY_EXCHANGE;\r
#pragma pack()\r
\r
//\r
// Identification Type Values presented within Ikev2 ID payload\r
//\r
#define IKEV2_ID_TYPE_IPV4_ADDR        1\r
#define IKEV2_ID_TYPE_FQDN             2\r
#define IKEV2_ID_TYPE_RFC822_ADDR      3\r
#define IKEV2_ID_TYPE_IPV6_ADDR        5\r
#define IKEV2_ID_TYPE_DER_ASN1_DN      9\r
#define IKEV2_ID_TYPE_DER_ASN1_GN      10\r
#define IKEV2_ID_TYPE_KEY_ID           11\r
\r
//\r
// Identification Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       IdType;\r
  UINT8                       Reserver1;\r
  UINT16                      Reserver2;\r
  //\r
  // Identification Data\r
  //\r
} IKEV2_ID;\r
#pragma pack()\r
\r
//\r
// Encoding Type presented in IKEV2 Cert Payload\r
//\r
#define IKEV2_CERT_ENCODEING_RESERVED                  0\r
#define IKEV2_CERT_ENCODEING_X509_CERT_WRAP            1\r
#define IKEV2_CERT_ENCODEING_PGP_CERT                  2\r
#define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY              3\r
#define IKEV2_CERT_ENCODEING_X509_CERT_SIGN            4\r
#define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN            6\r
#define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT      7\r
#define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST      8\r
#define IKEV2_CERT_ENCODEING_SPKI_CERT                 9\r
#define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE       10\r
#define IKEV2_CERT_ENCODEING_RAW_RSA_KEY               11\r
#define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12\r
\r
//\r
// IKEV2 Certificate Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       CertEncoding;\r
  //\r
  // Cert Data\r
  //\r
} IKEV2_CERT;\r
#pragma pack()\r
\r
//\r
// IKEV2 Certificate Request Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       CertEncoding;\r
  //\r
  // Cert Authority\r
  //\r
} IKEV2_CERT_REQ;\r
#pragma pack()\r
\r
//\r
// Authentication Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       AuthMethod;\r
  UINT8                       Reserved1;\r
  UINT16                      Reserved2;\r
  //\r
  // Auth Data\r
  //\r
} IKEV2_AUTH;\r
#pragma pack()\r
\r
//\r
// Authmethod in Authentication Payload\r
//\r
#define IKEV2_AUTH_METHOD_RSA        1; // RSA Digital Signature\r
#define IKEV2_AUTH_METHOD_SKMI       2; // Shared Key Message Integrity\r
#define IKEV2_AUTH_METHOD_DSS        3; // DSS Digital Signature\r
\r
//\r
// IKEv2 Nonce Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  //\r
  // Nonce Data\r
  //\r
} IKEV2_NONCE;\r
#pragma pack()\r
\r
//\r
// Notification Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       ProtocolId;\r
  UINT8                       SpiSize;\r
  UINT16                      MessageType;\r
  //\r
  // SPI and Notification Data\r
  //\r
} IKEV2_NOTIFY;\r
#pragma pack()\r
\r
//\r
//  Notify Message Types presented within IKEv2 Notify Payload\r
//\r
#define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD       1\r
#define IKEV2_NOTIFICATION_INVALID_IKE_SPI                  4\r
#define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION            5\r
#define IKEV2_NOTIFICATION_INVALID_SYNTAX                   7\r
#define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID               9\r
#define IKEV2_NOTIFICATION_INVALID_SPI                     11\r
#define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN              14\r
#define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD             17\r
#define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED           24\r
#define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED            34\r
#define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS               35\r
#define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE        36\r
#define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED              37\r
#define IKEV2_NOTIFICATION_TS_UNCCEPTABLE                  38\r
#define IKEV2_NOTIFICATION_INVALID_SELECTORS               39\r
#define IKEV2_NOTIFICATION_COOKIE                          16390\r
#define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE              16391\r
#define IKEV2_NOTIFICATION_REKEY_SA                        16393\r
\r
//\r
// IKEv2 Protocol ID\r
//\r
//\r
// IKEv2 Delete Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       ProtocolId;\r
  UINT8                       SpiSize;\r
  UINT16                      NumSpis;\r
  //\r
  // SPIs\r
  //\r
} IKEV2_DELETE;\r
#pragma pack()\r
\r
//\r
// Traffic Selector Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       TSNumbers;\r
  UINT8                       Reserved1;\r
  UINT16                      Reserved2;\r
  //\r
  // Traffic Selector\r
  //\r
} IKEV2_TS;\r
#pragma pack()\r
\r
//\r
// Traffic Selector\r
//\r
#pragma pack(1)\r
typedef struct {\r
  UINT8                       TSType;\r
  UINT8                       IpProtocolId;\r
  UINT16                      SelecorLen;\r
  UINT16                      StartPort;\r
  UINT16                      EndPort;\r
  //\r
  // Starting Address && Ending Address\r
  //\r
} TRAFFIC_SELECTOR;\r
#pragma pack()\r
\r
//\r
// Ts Type in Traffic Selector\r
//\r
#define IKEV2_TS_TYPE_IPV4_ADDR_RANGE     7\r
#define IKEV2_TS_TYPS_IPV6_ADDR_RANGE     8\r
\r
//\r
// Vendor Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  //\r
  // Vendor ID\r
  //\r
} IKEV2_VENDOR;\r
#pragma pack()\r
\r
//\r
// Encrypted Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  //\r
  // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum\r
  //\r
} IKEV2_ENCRYPTED;\r
#pragma pack()\r
\r
#pragma pack(1)\r
typedef struct {\r
  UINT8 PadLength;\r
} IKEV2_PAD_LEN;\r
#pragma pack()\r
\r
//\r
// Configuration Payload\r
//\r
#pragma pack(1)\r
typedef struct {\r
  IKEV2_COMMON_PAYLOAD_HEADER Header;\r
  UINT8                       CfgType;\r
  UINT8                       Reserve1;\r
  UINT16                      Reserve2;\r
  //\r
  // Configuration Attributes\r
  //\r
} IKEV2_CFG;\r
#pragma pack()\r
\r
//\r
// Configuration Payload CPG type\r
//\r
#define IKEV2_CFG_TYPE_REQUEST    1\r
#define IKEV2_CFG_TYPE_REPLY      2\r
#define IKEV2_CFG_TYPE_SET        3\r
#define IKEV2_CFG_TYPE_ACK        4\r
\r
//\r
// Configuration Attributes\r
//\r
#pragma pack(1)\r
typedef struct {\r
  UINT16    AttritType;\r
  UINT16    ValueLength;\r
} IKEV2_CFG_ATTRIBUTES;\r
#pragma pack()\r
\r
//\r
// Configuration Attributes\r
//\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS      1\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK      2\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS          3\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS         4\r
#define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY    5\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP         6\r
#define IKEV2_CFG_ATTR_APPLICATION_VERSION       7\r
#define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS      8\r
#define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS          10\r
#define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS         11\r
#define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP         12\r
#define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET       13\r
#define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES      14\r
#define IKEV2_CFG_ATTR_IP6_SUBNET                15\r
\r
#endif\r
\r
Commit	Line	Data
9166f840	1	/** @file\r
	2	The Definitions related to IKEv2 payload.\r
	3	\r
f75a7f56	4	Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
9166f840	5	\r
ecf98fbc	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
9166f840	7	\r
	8	**/\r
	9	#ifndef _IKE_V2_PAYLOAD_H_\r
	10	#define _IKE_V2_PAYLOAD_H_\r
	11	\r
	12	//\r
	13	// Payload Type for IKEv2\r
	14	//\r
	15	#define IKEV2_PAYLOAD_TYPE_NONE 0\r
	16	#define IKEV2_PAYLOAD_TYPE_SA 33\r
	17	#define IKEV2_PAYLOAD_TYPE_KE 34\r
	18	#define IKEV2_PAYLOAD_TYPE_ID_INIT 35\r
	19	#define IKEV2_PAYLOAD_TYPE_ID_RSP 36\r
	20	#define IKEV2_PAYLOAD_TYPE_CERT 37\r
	21	#define IKEV2_PAYLOAD_TYPE_CERTREQ 38\r
	22	#define IKEV2_PAYLOAD_TYPE_AUTH 39\r
	23	#define IKEV2_PAYLOAD_TYPE_NONCE 40\r
	24	#define IKEV2_PAYLOAD_TYPE_NOTIFY 41\r
	25	#define IKEV2_PAYLOAD_TYPE_DELETE 42\r
	26	#define IKEV2_PAYLOAD_TYPE_VENDOR 43\r
	27	#define IKEV2_PAYLOAD_TYPE_TS_INIT 44\r
	28	#define IKEV2_PAYLOAD_TYPE_TS_RSP 45\r
	29	#define IKEV2_PAYLOAD_TYPE_ENCRYPT 46\r
	30	#define IKEV2_PAYLOAD_TYPE_CP 47\r
	31	#define IKEV2_PAYLOAD_TYPE_EAP 48\r
	32	\r
	33	//\r
f75a7f56	34	// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1\r
7822a1d9	35	//\r
f75a7f56	36	// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the\r
7822a1d9 JW	37	// original initiator of the IKE_SA\r
7822a1d9 JW	38	//\r
f75a7f56	39	// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to\r
7822a1d9	40	// a message containing the same message ID.\r
9166f840	41	//\r
	42	#define IKE_HEADER_FLAGS_INIT 0x08\r
	43	#define IKE_HEADER_FLAGS_RESPOND 0x20\r
9166f840	44	\r
	45	//\r
	46	// IKE Header Exchange Type for IKEv2\r
	47	//\r
	48	#define IKEV2_EXCHANGE_TYPE_INIT 34\r
	49	#define IKEV2_EXCHANGE_TYPE_AUTH 35\r
	50	#define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36\r
	51	#define IKEV2_EXCHANGE_TYPE_INFO 37\r
	52	\r
	53	#pragma pack(1)\r
	54	typedef struct {\r
	55	UINT8 NextPayload;\r
	56	UINT8 Reserved;\r
	57	UINT16 PayloadLength;\r
	58	} IKEV2_COMMON_PAYLOAD_HEADER;\r
	59	#pragma pack()\r
	60	\r
	61	#pragma pack(1)\r
	62	typedef struct {\r
	63	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
f75a7f56	64	//\r
9166f840	65	// Proposals\r
	66	//\r
	67	} IKEV2_SA;\r
	68	#pragma pack()\r
	69	\r
	70	#pragma pack(1)\r
	71	typedef struct {\r
	72	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
	73	UINT8 ProposalIndex;\r
	74	UINT8 ProtocolId;\r
	75	UINT8 SpiSize;\r
	76	UINT8 NumTransforms;\r
	77	} IKEV2_PROPOSAL;\r
	78	#pragma pack()\r
	79	\r
	80	//\r
	81	// IKEv2 Transform Type Values presented within Transform Payload\r
	82	//\r
	83	#define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm\r
	84	#define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func\r
	85	#define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm\r
	86	#define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group\r
	87	#define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number\r
	88	\r
	89	//\r
	90	// IKEv2 Transform ID for Encrypt Algorithm (ENCR)\r
f75a7f56	91	//\r
9166f840	92	#define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1\r
	93	#define IKEV2_TRANSFORM_ID_ENCR_DES 2\r
	94	#define IKEV2_TRANSFORM_ID_ENCR_3DES 3\r
	95	#define IKEV2_TRANSFORM_ID_ENCR_RC5 4\r
	96	#define IKEV2_TRANSFORM_ID_ENCR_IDEA 5\r
	97	#define IKEV2_TRANSFORM_ID_ENCR_CAST 6\r
	98	#define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7\r
	99	#define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8\r
	100	#define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9\r
	101	#define IKEV2_TRANSFORM_ID_ENCR_NULL 11\r
	102	#define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12\r
	103	#define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13\r
	104	\r
	105	//\r
	106	// IKEv2 Transform ID for Pseudo-Random Function (PRF)\r
	107	//\r
	108	#define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1\r
	109	#define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2\r
	110	#define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3\r
	111	#define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4\r
	112	\r
	113	//\r
	114	// IKEv2 Transform ID for Integrity Algorithm (INTEG)\r
	115	//\r
	116	#define IKEV2_TRANSFORM_ID_AUTH_NONE 0\r
	117	#define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1\r
	118	#define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2\r
	119	#define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3\r
	120	#define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4\r
	121	#define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5\r
	122	\r
	123	//\r
	124	// IKEv2 Transform ID for Diffie-Hellman Group (DH)\r
	125	//\r
	126	#define IKEV2_TRANSFORM_ID_DH_768MODP 1\r
	127	#define IKEV2_TRANSFORM_ID_DH_1024MODP 2\r
	128	#define IKEV2_TRANSFORM_ID_DH_2048MODP 14\r
	129	\r
	130	//\r
	131	// IKEv2 Attribute Type Values\r
	132	//\r
	133	#define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14\r
	134	\r
	135	//\r
	136	// Transform Payload\r
	137	//\r
	138	#pragma pack(1)\r
	139	typedef struct {\r
	140	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
	141	UINT8 TransformType;\r
	142	UINT8 Reserved;\r
	143	UINT16 TransformId;\r
	144	//\r
	145	// SA Attributes\r
	146	//\r
	147	} IKEV2_TRANSFORM;\r
	148	#pragma pack()\r
	149	\r
	150	#pragma pack(1)\r
	151	typedef struct {\r
	152	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
	153	UINT16 DhGroup;\r
	154	UINT16 Reserved;\r
	155	//\r
156	// Remaining part contains the key exchanged\r
157	//\r
158	} IKEV2_KEY_EXCHANGE;\r
159	#pragma pack()\r
160	\r
161	//\r
162	// Identification Type Values presented within Ikev2 ID payload\r
163	//\r
164	#define IKEV2_ID_TYPE_IPV4_ADDR 1\r
165	#define IKEV2_ID_TYPE_FQDN 2\r
166	#define IKEV2_ID_TYPE_RFC822_ADDR 3\r
167	#define IKEV2_ID_TYPE_IPV6_ADDR 5\r
168	#define IKEV2_ID_TYPE_DER_ASN1_DN 9\r
169	#define IKEV2_ID_TYPE_DER_ASN1_GN 10\r
170	#define IKEV2_ID_TYPE_KEY_ID 11\r
171	\r
172	//\r
173	// Identification Payload\r
174	//\r
175	#pragma pack(1)\r
176	typedef struct {\r
177	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
178	UINT8 IdType;\r
179	UINT8 Reserver1;\r
180	UINT16 Reserver2;\r
181	//\r
182	// Identification Data\r
183	//\r
184	} IKEV2_ID;\r
185	#pragma pack()\r
186	\r
187	//\r
188	// Encoding Type presented in IKEV2 Cert Payload\r
189	//\r
190	#define IKEV2_CERT_ENCODEING_RESERVED 0\r
191	#define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1\r
192	#define IKEV2_CERT_ENCODEING_PGP_CERT 2\r
193	#define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3\r
194	#define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4\r
195	#define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6\r
196	#define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7\r
197	#define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8\r
198	#define IKEV2_CERT_ENCODEING_SPKI_CERT 9\r
199	#define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10\r
200	#define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11\r
201	#define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12\r
202	\r
203	//\r
204	// IKEV2 Certificate Payload\r
205	//\r
206	#pragma pack(1)\r
207	typedef struct {\r
208	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
209	UINT8 CertEncoding;\r
210	//\r
211	// Cert Data\r
212	//\r
213	} IKEV2_CERT;\r
214	#pragma pack()\r
215	\r
216	//\r
217	// IKEV2 Certificate Request Payload\r
218	//\r
219	#pragma pack(1)\r
220	typedef struct {\r
221	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
222	UINT8 CertEncoding;\r
223	//\r
224	// Cert Authority\r
225	//\r
226	} IKEV2_CERT_REQ;\r
227	#pragma pack()\r
228	\r
229	//\r
230	// Authentication Payload\r
231	//\r
232	#pragma pack(1)\r
233	typedef struct {\r
234	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
235	UINT8 AuthMethod;\r
236	UINT8 Reserved1;\r
237	UINT16 Reserved2;\r
238	//\r
239	// Auth Data\r
240	//\r
241	} IKEV2_AUTH;\r
242	#pragma pack()\r
243	\r
244	//\r
245	// Authmethod in Authentication Payload\r
246	//\r
247	#define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature\r
248	#define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity\r
249	#define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature\r
250	\r
251	//\r
252	// IKEv2 Nonce Payload\r
253	//\r
254	#pragma pack(1)\r
255	typedef struct {\r
256	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
257	//\r
258	// Nonce Data\r
259	//\r
260	} IKEV2_NONCE;\r
261	#pragma pack()\r
262	\r
263	//\r
264	// Notification Payload\r
265	//\r
266	#pragma pack(1)\r
267	typedef struct {\r
268	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
269	UINT8 ProtocolId;\r
270	UINT8 SpiSize;\r
271	UINT16 MessageType;\r
272	//\r
273	// SPI and Notification Data\r
274	//\r
275	} IKEV2_NOTIFY;\r
276	#pragma pack()\r
277	\r
278	//\r
279	// Notify Message Types presented within IKEv2 Notify Payload\r
280	//\r
281	#define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1\r
282	#define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4\r
283	#define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5\r
284	#define IKEV2_NOTIFICATION_INVALID_SYNTAX 7\r
285	#define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9\r
286	#define IKEV2_NOTIFICATION_INVALID_SPI 11\r
287	#define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14\r
288	#define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17\r
289	#define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24\r
290	#define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34\r
291	#define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35\r
292	#define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36\r
293	#define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37\r
294	#define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38\r
295	#define IKEV2_NOTIFICATION_INVALID_SELECTORS 39\r
296	#define IKEV2_NOTIFICATION_COOKIE 16390\r
297	#define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391\r
298	#define IKEV2_NOTIFICATION_REKEY_SA 16393\r
299	\r
300	//\r
301	// IKEv2 Protocol ID\r
302	//\r
303	//\r
304	// IKEv2 Delete Payload\r
305	//\r
306	#pragma pack(1)\r
307	typedef struct {\r
308	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
309	UINT8 ProtocolId;\r
310	UINT8 SpiSize;\r
311	UINT16 NumSpis;\r
312	//\r
313	// SPIs\r
314	//\r
315	} IKEV2_DELETE;\r
316	#pragma pack()\r
317	\r
318	//\r
319	// Traffic Selector Payload\r
320	//\r
321	#pragma pack(1)\r
322	typedef struct {\r
323	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
324	UINT8 TSNumbers;\r
325	UINT8 Reserved1;\r
326	UINT16 Reserved2;\r
327	//\r
328	// Traffic Selector\r
329	//\r
330	} IKEV2_TS;\r
331	#pragma pack()\r
332	\r
333	//\r
334	// Traffic Selector\r
335	//\r
336	#pragma pack(1)\r
337	typedef struct {\r
338	UINT8 TSType;\r
339	UINT8 IpProtocolId;\r
340	UINT16 SelecorLen;\r
341	UINT16 StartPort;\r
342	UINT16 EndPort;\r
343	//\r
344	// Starting Address && Ending Address\r
345	//\r
346	} TRAFFIC_SELECTOR;\r
347	#pragma pack()\r
348	\r
349	//\r
350	// Ts Type in Traffic Selector\r
351	//\r
352	#define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7\r
353	#define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8\r
354	\r
355	//\r
356	// Vendor Payload\r
357	//\r
358	#pragma pack(1)\r
359	typedef struct {\r
360	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
361	//\r
362	// Vendor ID\r
363	//\r
364	} IKEV2_VENDOR;\r
365	#pragma pack()\r
366	\r
367	//\r
368	// Encrypted Payload\r
369	//\r
370	#pragma pack(1)\r
371	typedef struct {\r
372	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
373	//\r
374	// IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum\r
375	//\r
376	} IKEV2_ENCRYPTED;\r
377	#pragma pack()\r
378	\r
379	#pragma pack(1)\r
380	typedef struct {\r
381	UINT8 PadLength;\r
382	} IKEV2_PAD_LEN;\r
383	#pragma pack()\r
384	\r
385	//\r
386	// Configuration Payload\r
387	//\r
388	#pragma pack(1)\r
389	typedef struct {\r
390	IKEV2_COMMON_PAYLOAD_HEADER Header;\r
391	UINT8 CfgType;\r
392	UINT8 Reserve1;\r
393	UINT16 Reserve2;\r
394	//\r
395	// Configuration Attributes\r
396	//\r
397	} IKEV2_CFG;\r
398	#pragma pack()\r
399	\r
400	//\r
401	// Configuration Payload CPG type\r
402	//\r
403	#define IKEV2_CFG_TYPE_REQUEST 1\r
404	#define IKEV2_CFG_TYPE_REPLY 2\r
405	#define IKEV2_CFG_TYPE_SET 3\r
406	#define IKEV2_CFG_TYPE_ACK 4\r
407	\r
408	//\r
409	// Configuration Attributes\r
410	//\r
411	#pragma pack(1)\r
412	typedef struct {\r
413	UINT16 AttritType;\r
414	UINT16 ValueLength;\r
415	} IKEV2_CFG_ATTRIBUTES;\r
416	#pragma pack()\r
417	\r
418	//\r
419	// Configuration Attributes\r
420	//\r
421	#define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1\r
422	#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2\r
423	#define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3\r
424	#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4\r
425	#define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5\r
426	#define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6\r
427	#define IKEV2_CFG_ATTR_APPLICATION_VERSION 7\r
428	#define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8\r
429	#define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10\r
430	#define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11\r
431	#define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12\r
432	#define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13\r
433	#define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14\r
434	#define IKEV2_CFG_ATTR_IP6_SUBNET 15\r
435	\r
436	#endif\r
437	\r