]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/Ikev2/Payload.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add IPsec/Ikev2 support.
[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Payload.h
1 /** @file
2 The Definitions related to IKEv2 payload.
3
4 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15 #ifndef _IKE_V2_PAYLOAD_H_
16 #define _IKE_V2_PAYLOAD_H_
17
18 //
19 // Payload Type for IKEv2
20 //
21 #define IKEV2_PAYLOAD_TYPE_NONE 0
22 #define IKEV2_PAYLOAD_TYPE_SA 33
23 #define IKEV2_PAYLOAD_TYPE_KE 34
24 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35
25 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36
26 #define IKEV2_PAYLOAD_TYPE_CERT 37
27 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38
28 #define IKEV2_PAYLOAD_TYPE_AUTH 39
29 #define IKEV2_PAYLOAD_TYPE_NONCE 40
30 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41
31 #define IKEV2_PAYLOAD_TYPE_DELETE 42
32 #define IKEV2_PAYLOAD_TYPE_VENDOR 43
33 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44
34 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45
35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46
36 #define IKEV2_PAYLOAD_TYPE_CP 47
37 #define IKEV2_PAYLOAD_TYPE_EAP 48
38
39 //
40 // IKE header Flag for IKEv2
41 //
42 #define IKE_HEADER_FLAGS_INIT 0x08
43 #define IKE_HEADER_FLAGS_RESPOND 0x20
44 #define IKE_HEADER_FLAGS_CHILD_INIT 0
45
46 //
47 // IKE Header Exchange Type for IKEv2
48 //
49 #define IKEV2_EXCHANGE_TYPE_INIT 34
50 #define IKEV2_EXCHANGE_TYPE_AUTH 35
51 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
52 #define IKEV2_EXCHANGE_TYPE_INFO 37
53
54 #pragma pack(1)
55 typedef struct {
56 UINT8 NextPayload;
57 UINT8 Reserved;
58 UINT16 PayloadLength;
59 } IKEV2_COMMON_PAYLOAD_HEADER;
60 #pragma pack()
61
62 #pragma pack(1)
63 typedef struct {
64 IKEV2_COMMON_PAYLOAD_HEADER Header;
65 //
66 // Proposals
67 //
68 } IKEV2_SA;
69 #pragma pack()
70
71 #pragma pack(1)
72 typedef struct {
73 IKEV2_COMMON_PAYLOAD_HEADER Header;
74 UINT8 ProposalIndex;
75 UINT8 ProtocolId;
76 UINT8 SpiSize;
77 UINT8 NumTransforms;
78 } IKEV2_PROPOSAL;
79 #pragma pack()
80
81 //
82 // IKEv2 Transform Type Values presented within Transform Payload
83 //
84 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm
85 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func
86 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm
87 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group
88 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number
89
90 //
91 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
92 //
93 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
94 #define IKEV2_TRANSFORM_ID_ENCR_DES 2
95 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3
96 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4
97 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5
98 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6
99 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
100 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8
101 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
102 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11
103 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12
104 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13
105
106 //
107 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
108 //
109 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1
110 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2
111 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3
112 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4
113
114 //
115 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
116 //
117 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0
118 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1
119 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2
120 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3
121 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4
122 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5
123
124 //
125 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
126 //
127 #define IKEV2_TRANSFORM_ID_DH_768MODP 1
128 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2
129 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14
130
131 //
132 // IKEv2 Attribute Type Values
133 //
134 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14
135
136 //
137 // Transform Payload
138 //
139 #pragma pack(1)
140 typedef struct {
141 IKEV2_COMMON_PAYLOAD_HEADER Header;
142 UINT8 TransformType;
143 UINT8 Reserved;
144 UINT16 TransformId;
145 //
146 // SA Attributes
147 //
148 } IKEV2_TRANSFORM;
149 #pragma pack()
150
151 #pragma pack(1)
152 typedef struct {
153 IKEV2_COMMON_PAYLOAD_HEADER Header;
154 UINT16 DhGroup;
155 UINT16 Reserved;
156 //
157 // Remaining part contains the key exchanged
158 //
159 } IKEV2_KEY_EXCHANGE;
160 #pragma pack()
161
162 //
163 // Identification Type Values presented within Ikev2 ID payload
164 //
165 #define IKEV2_ID_TYPE_IPV4_ADDR 1
166 #define IKEV2_ID_TYPE_FQDN 2
167 #define IKEV2_ID_TYPE_RFC822_ADDR 3
168 #define IKEV2_ID_TYPE_IPV6_ADDR 5
169 #define IKEV2_ID_TYPE_DER_ASN1_DN 9
170 #define IKEV2_ID_TYPE_DER_ASN1_GN 10
171 #define IKEV2_ID_TYPE_KEY_ID 11
172
173 //
174 // Identification Payload
175 //
176 #pragma pack(1)
177 typedef struct {
178 IKEV2_COMMON_PAYLOAD_HEADER Header;
179 UINT8 IdType;
180 UINT8 Reserver1;
181 UINT16 Reserver2;
182 //
183 // Identification Data
184 //
185 } IKEV2_ID;
186 #pragma pack()
187
188 //
189 // Encoding Type presented in IKEV2 Cert Payload
190 //
191 #define IKEV2_CERT_ENCODEING_RESERVED 0
192 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1
193 #define IKEV2_CERT_ENCODEING_PGP_CERT 2
194 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3
195 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4
196 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6
197 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7
198 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8
199 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9
200 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10
201 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11
202 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
203
204 //
205 // IKEV2 Certificate Payload
206 //
207 #pragma pack(1)
208 typedef struct {
209 IKEV2_COMMON_PAYLOAD_HEADER Header;
210 UINT8 CertEncoding;
211 //
212 // Cert Data
213 //
214 } IKEV2_CERT;
215 #pragma pack()
216
217 //
218 // IKEV2 Certificate Request Payload
219 //
220 #pragma pack(1)
221 typedef struct {
222 IKEV2_COMMON_PAYLOAD_HEADER Header;
223 UINT8 CertEncoding;
224 //
225 // Cert Authority
226 //
227 } IKEV2_CERT_REQ;
228 #pragma pack()
229
230 //
231 // Authentication Payload
232 //
233 #pragma pack(1)
234 typedef struct {
235 IKEV2_COMMON_PAYLOAD_HEADER Header;
236 UINT8 AuthMethod;
237 UINT8 Reserved1;
238 UINT16 Reserved2;
239 //
240 // Auth Data
241 //
242 } IKEV2_AUTH;
243 #pragma pack()
244
245 //
246 // Authmethod in Authentication Payload
247 //
248 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature
249 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity
250 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature
251
252 //
253 // IKEv2 Nonce Payload
254 //
255 #pragma pack(1)
256 typedef struct {
257 IKEV2_COMMON_PAYLOAD_HEADER Header;
258 //
259 // Nonce Data
260 //
261 } IKEV2_NONCE;
262 #pragma pack()
263
264 //
265 // Notification Payload
266 //
267 #pragma pack(1)
268 typedef struct {
269 IKEV2_COMMON_PAYLOAD_HEADER Header;
270 UINT8 ProtocolId;
271 UINT8 SpiSize;
272 UINT16 MessageType;
273 //
274 // SPI and Notification Data
275 //
276 } IKEV2_NOTIFY;
277 #pragma pack()
278
279 //
280 // Notify Message Types presented within IKEv2 Notify Payload
281 //
282 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1
283 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4
284 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5
285 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7
286 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9
287 #define IKEV2_NOTIFICATION_INVALID_SPI 11
288 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14
289 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17
290 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24
291 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34
292 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35
293 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36
294 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37
295 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38
296 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39
297 #define IKEV2_NOTIFICATION_COOKIE 16390
298 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391
299 #define IKEV2_NOTIFICATION_REKEY_SA 16393
300
301 //
302 // IKEv2 Protocol ID
303 //
304 //
305 // IKEv2 Delete Payload
306 //
307 #pragma pack(1)
308 typedef struct {
309 IKEV2_COMMON_PAYLOAD_HEADER Header;
310 UINT8 ProtocolId;
311 UINT8 SpiSize;
312 UINT16 NumSpis;
313 //
314 // SPIs
315 //
316 } IKEV2_DELETE;
317 #pragma pack()
318
319 //
320 // Traffic Selector Payload
321 //
322 #pragma pack(1)
323 typedef struct {
324 IKEV2_COMMON_PAYLOAD_HEADER Header;
325 UINT8 TSNumbers;
326 UINT8 Reserved1;
327 UINT16 Reserved2;
328 //
329 // Traffic Selector
330 //
331 } IKEV2_TS;
332 #pragma pack()
333
334 //
335 // Traffic Selector
336 //
337 #pragma pack(1)
338 typedef struct {
339 UINT8 TSType;
340 UINT8 IpProtocolId;
341 UINT16 SelecorLen;
342 UINT16 StartPort;
343 UINT16 EndPort;
344 //
345 // Starting Address && Ending Address
346 //
347 } TRAFFIC_SELECTOR;
348 #pragma pack()
349
350 //
351 // Ts Type in Traffic Selector
352 //
353 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7
354 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8
355
356 //
357 // Vendor Payload
358 //
359 #pragma pack(1)
360 typedef struct {
361 IKEV2_COMMON_PAYLOAD_HEADER Header;
362 //
363 // Vendor ID
364 //
365 } IKEV2_VENDOR;
366 #pragma pack()
367
368 //
369 // Encrypted Payload
370 //
371 #pragma pack(1)
372 typedef struct {
373 IKEV2_COMMON_PAYLOAD_HEADER Header;
374 //
375 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
376 //
377 } IKEV2_ENCRYPTED;
378 #pragma pack()
379
380 #pragma pack(1)
381 typedef struct {
382 UINT8 PadLength;
383 } IKEV2_PAD_LEN;
384 #pragma pack()
385
386 //
387 // Configuration Payload
388 //
389 #pragma pack(1)
390 typedef struct {
391 IKEV2_COMMON_PAYLOAD_HEADER Header;
392 UINT8 CfgType;
393 UINT8 Reserve1;
394 UINT16 Reserve2;
395 //
396 // Configuration Attributes
397 //
398 } IKEV2_CFG;
399 #pragma pack()
400
401 //
402 // Configuration Payload CPG type
403 //
404 #define IKEV2_CFG_TYPE_REQUEST 1
405 #define IKEV2_CFG_TYPE_REPLY 2
406 #define IKEV2_CFG_TYPE_SET 3
407 #define IKEV2_CFG_TYPE_ACK 4
408
409 //
410 // Configuration Attributes
411 //
412 #pragma pack(1)
413 typedef struct {
414 UINT16 AttritType;
415 UINT16 ValueLength;
416 } IKEV2_CFG_ATTRIBUTES;
417 #pragma pack()
418
419 //
420 // Configuration Attributes
421 //
422 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1
423 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2
424 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3
425 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4
426 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5
427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6
428 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7
429 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8
430 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10
431 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11
432 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12
433 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13
434 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14
435 #define IKEV2_CFG_ATTR_IP6_SUBNET 15
436
437 #endif
438
EFI Development Kit II mirror for PVE