]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/Ikev2/Payload.h
projects / mirror_edk2.git / blob
? search:


544c9b9948ae00b191cfc2f0216fda28680918f4
[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Payload.h
1 /** @file
2 The Definitions related to IKEv2 payload.
3
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15 #ifndef _IKE_V2_PAYLOAD_H_
16 #define _IKE_V2_PAYLOAD_H_
17
18 //
19 // Payload Type for IKEv2
20 //
21 #define IKEV2_PAYLOAD_TYPE_NONE 0
22 #define IKEV2_PAYLOAD_TYPE_SA 33
23 #define IKEV2_PAYLOAD_TYPE_KE 34
24 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35
25 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36
26 #define IKEV2_PAYLOAD_TYPE_CERT 37
27 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38
28 #define IKEV2_PAYLOAD_TYPE_AUTH 39
29 #define IKEV2_PAYLOAD_TYPE_NONCE 40
30 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41
31 #define IKEV2_PAYLOAD_TYPE_DELETE 42
32 #define IKEV2_PAYLOAD_TYPE_VENDOR 43
33 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44
34 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45
35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46
36 #define IKEV2_PAYLOAD_TYPE_CP 47
37 #define IKEV2_PAYLOAD_TYPE_EAP 48
38
39 //
40 // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
41 //
42 // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
43 // original initiator of the IKE_SA
44 //
45 // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
46 // a message containing the same message ID.
47 //
48 #define IKE_HEADER_FLAGS_INIT 0x08
49 #define IKE_HEADER_FLAGS_RESPOND 0x20
50
51 //
52 // IKE Header Exchange Type for IKEv2
53 //
54 #define IKEV2_EXCHANGE_TYPE_INIT 34
55 #define IKEV2_EXCHANGE_TYPE_AUTH 35
56 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
57 #define IKEV2_EXCHANGE_TYPE_INFO 37
58
59 #pragma pack(1)
60 typedef struct {
61 UINT8 NextPayload;
62 UINT8 Reserved;
63 UINT16 PayloadLength;
64 } IKEV2_COMMON_PAYLOAD_HEADER;
65 #pragma pack()
66
67 #pragma pack(1)
68 typedef struct {
69 IKEV2_COMMON_PAYLOAD_HEADER Header;
70 //
71 // Proposals
72 //
73 } IKEV2_SA;
74 #pragma pack()
75
76 #pragma pack(1)
77 typedef struct {
78 IKEV2_COMMON_PAYLOAD_HEADER Header;
79 UINT8 ProposalIndex;
80 UINT8 ProtocolId;
81 UINT8 SpiSize;
82 UINT8 NumTransforms;
83 } IKEV2_PROPOSAL;
84 #pragma pack()
85
86 //
87 // IKEv2 Transform Type Values presented within Transform Payload
88 //
89 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm
90 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func
91 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm
92 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group
93 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number
94
95 //
96 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
97 //
98 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
99 #define IKEV2_TRANSFORM_ID_ENCR_DES 2
100 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3
101 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4
102 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5
103 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6
104 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
105 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8
106 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
107 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11
108 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12
109 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13
110
111 //
112 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
113 //
114 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1
115 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2
116 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3
117 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4
118
119 //
120 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
121 //
122 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0
123 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1
124 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2
125 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3
126 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4
127 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5
128
129 //
130 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
131 //
132 #define IKEV2_TRANSFORM_ID_DH_768MODP 1
133 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2
134 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14
135
136 //
137 // IKEv2 Attribute Type Values
138 //
139 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14
140
141 //
142 // Transform Payload
143 //
144 #pragma pack(1)
145 typedef struct {
146 IKEV2_COMMON_PAYLOAD_HEADER Header;
147 UINT8 TransformType;
148 UINT8 Reserved;
149 UINT16 TransformId;
150 //
151 // SA Attributes
152 //
153 } IKEV2_TRANSFORM;
154 #pragma pack()
155
156 #pragma pack(1)
157 typedef struct {
158 IKEV2_COMMON_PAYLOAD_HEADER Header;
159 UINT16 DhGroup;
160 UINT16 Reserved;
161 //
162 // Remaining part contains the key exchanged
163 //
164 } IKEV2_KEY_EXCHANGE;
165 #pragma pack()
166
167 //
168 // Identification Type Values presented within Ikev2 ID payload
169 //
170 #define IKEV2_ID_TYPE_IPV4_ADDR 1
171 #define IKEV2_ID_TYPE_FQDN 2
172 #define IKEV2_ID_TYPE_RFC822_ADDR 3
173 #define IKEV2_ID_TYPE_IPV6_ADDR 5
174 #define IKEV2_ID_TYPE_DER_ASN1_DN 9
175 #define IKEV2_ID_TYPE_DER_ASN1_GN 10
176 #define IKEV2_ID_TYPE_KEY_ID 11
177
178 //
179 // Identification Payload
180 //
181 #pragma pack(1)
182 typedef struct {
183 IKEV2_COMMON_PAYLOAD_HEADER Header;
184 UINT8 IdType;
185 UINT8 Reserver1;
186 UINT16 Reserver2;
187 //
188 // Identification Data
189 //
190 } IKEV2_ID;
191 #pragma pack()
192
193 //
194 // Encoding Type presented in IKEV2 Cert Payload
195 //
196 #define IKEV2_CERT_ENCODEING_RESERVED 0
197 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1
198 #define IKEV2_CERT_ENCODEING_PGP_CERT 2
199 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3
200 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4
201 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6
202 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7
203 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8
204 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9
205 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10
206 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11
207 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
208
209 //
210 // IKEV2 Certificate Payload
211 //
212 #pragma pack(1)
213 typedef struct {
214 IKEV2_COMMON_PAYLOAD_HEADER Header;
215 UINT8 CertEncoding;
216 //
217 // Cert Data
218 //
219 } IKEV2_CERT;
220 #pragma pack()
221
222 //
223 // IKEV2 Certificate Request Payload
224 //
225 #pragma pack(1)
226 typedef struct {
227 IKEV2_COMMON_PAYLOAD_HEADER Header;
228 UINT8 CertEncoding;
229 //
230 // Cert Authority
231 //
232 } IKEV2_CERT_REQ;
233 #pragma pack()
234
235 //
236 // Authentication Payload
237 //
238 #pragma pack(1)
239 typedef struct {
240 IKEV2_COMMON_PAYLOAD_HEADER Header;
241 UINT8 AuthMethod;
242 UINT8 Reserved1;
243 UINT16 Reserved2;
244 //
245 // Auth Data
246 //
247 } IKEV2_AUTH;
248 #pragma pack()
249
250 //
251 // Authmethod in Authentication Payload
252 //
253 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature
254 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity
255 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature
256
257 //
258 // IKEv2 Nonce Payload
259 //
260 #pragma pack(1)
261 typedef struct {
262 IKEV2_COMMON_PAYLOAD_HEADER Header;
263 //
264 // Nonce Data
265 //
266 } IKEV2_NONCE;
267 #pragma pack()
268
269 //
270 // Notification Payload
271 //
272 #pragma pack(1)
273 typedef struct {
274 IKEV2_COMMON_PAYLOAD_HEADER Header;
275 UINT8 ProtocolId;
276 UINT8 SpiSize;
277 UINT16 MessageType;
278 //
279 // SPI and Notification Data
280 //
281 } IKEV2_NOTIFY;
282 #pragma pack()
283
284 //
285 // Notify Message Types presented within IKEv2 Notify Payload
286 //
287 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1
288 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4
289 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5
290 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7
291 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9
292 #define IKEV2_NOTIFICATION_INVALID_SPI 11
293 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14
294 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17
295 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24
296 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34
297 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35
298 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36
299 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37
300 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38
301 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39
302 #define IKEV2_NOTIFICATION_COOKIE 16390
303 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391
304 #define IKEV2_NOTIFICATION_REKEY_SA 16393
305
306 //
307 // IKEv2 Protocol ID
308 //
309 //
310 // IKEv2 Delete Payload
311 //
312 #pragma pack(1)
313 typedef struct {
314 IKEV2_COMMON_PAYLOAD_HEADER Header;
315 UINT8 ProtocolId;
316 UINT8 SpiSize;
317 UINT16 NumSpis;
318 //
319 // SPIs
320 //
321 } IKEV2_DELETE;
322 #pragma pack()
323
324 //
325 // Traffic Selector Payload
326 //
327 #pragma pack(1)
328 typedef struct {
329 IKEV2_COMMON_PAYLOAD_HEADER Header;
330 UINT8 TSNumbers;
331 UINT8 Reserved1;
332 UINT16 Reserved2;
333 //
334 // Traffic Selector
335 //
336 } IKEV2_TS;
337 #pragma pack()
338
339 //
340 // Traffic Selector
341 //
342 #pragma pack(1)
343 typedef struct {
344 UINT8 TSType;
345 UINT8 IpProtocolId;
346 UINT16 SelecorLen;
347 UINT16 StartPort;
348 UINT16 EndPort;
349 //
350 // Starting Address && Ending Address
351 //
352 } TRAFFIC_SELECTOR;
353 #pragma pack()
354
355 //
356 // Ts Type in Traffic Selector
357 //
358 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7
359 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8
360
361 //
362 // Vendor Payload
363 //
364 #pragma pack(1)
365 typedef struct {
366 IKEV2_COMMON_PAYLOAD_HEADER Header;
367 //
368 // Vendor ID
369 //
370 } IKEV2_VENDOR;
371 #pragma pack()
372
373 //
374 // Encrypted Payload
375 //
376 #pragma pack(1)
377 typedef struct {
378 IKEV2_COMMON_PAYLOAD_HEADER Header;
379 //
380 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
381 //
382 } IKEV2_ENCRYPTED;
383 #pragma pack()
384
385 #pragma pack(1)
386 typedef struct {
387 UINT8 PadLength;
388 } IKEV2_PAD_LEN;
389 #pragma pack()
390
391 //
392 // Configuration Payload
393 //
394 #pragma pack(1)
395 typedef struct {
396 IKEV2_COMMON_PAYLOAD_HEADER Header;
397 UINT8 CfgType;
398 UINT8 Reserve1;
399 UINT16 Reserve2;
400 //
401 // Configuration Attributes
402 //
403 } IKEV2_CFG;
404 #pragma pack()
405
406 //
407 // Configuration Payload CPG type
408 //
409 #define IKEV2_CFG_TYPE_REQUEST 1
410 #define IKEV2_CFG_TYPE_REPLY 2
411 #define IKEV2_CFG_TYPE_SET 3
412 #define IKEV2_CFG_TYPE_ACK 4
413
414 //
415 // Configuration Attributes
416 //
417 #pragma pack(1)
418 typedef struct {
419 UINT16 AttritType;
420 UINT16 ValueLength;
421 } IKEV2_CFG_ATTRIBUTES;
422 #pragma pack()
423
424 //
425 // Configuration Attributes
426 //
427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1
428 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2
429 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3
430 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4
431 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5
432 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6
433 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7
434 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8
435 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10
436 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11
437 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12
438 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13
439 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14
440 #define IKEV2_CFG_ATTR_IP6_SUBNET 15
441
442 #endif
443
EFI Development Kit II mirror for PVE