2 The Definitions related to IKEv2 payload.
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #ifndef _IKE_V2_PAYLOAD_H_
10 #define _IKE_V2_PAYLOAD_H_
13 // Payload Type for IKEv2
15 #define IKEV2_PAYLOAD_TYPE_NONE 0
16 #define IKEV2_PAYLOAD_TYPE_SA 33
17 #define IKEV2_PAYLOAD_TYPE_KE 34
18 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35
19 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36
20 #define IKEV2_PAYLOAD_TYPE_CERT 37
21 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38
22 #define IKEV2_PAYLOAD_TYPE_AUTH 39
23 #define IKEV2_PAYLOAD_TYPE_NONCE 40
24 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41
25 #define IKEV2_PAYLOAD_TYPE_DELETE 42
26 #define IKEV2_PAYLOAD_TYPE_VENDOR 43
27 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44
28 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45
29 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46
30 #define IKEV2_PAYLOAD_TYPE_CP 47
31 #define IKEV2_PAYLOAD_TYPE_EAP 48
34 // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
36 // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
37 // original initiator of the IKE_SA
39 // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
40 // a message containing the same message ID.
42 #define IKE_HEADER_FLAGS_INIT 0x08
43 #define IKE_HEADER_FLAGS_RESPOND 0x20
46 // IKE Header Exchange Type for IKEv2
48 #define IKEV2_EXCHANGE_TYPE_INIT 34
49 #define IKEV2_EXCHANGE_TYPE_AUTH 35
50 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
51 #define IKEV2_EXCHANGE_TYPE_INFO 37
58 } IKEV2_COMMON_PAYLOAD_HEADER
;
63 IKEV2_COMMON_PAYLOAD_HEADER Header
;
72 IKEV2_COMMON_PAYLOAD_HEADER Header
;
81 // IKEv2 Transform Type Values presented within Transform Payload
83 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm
84 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func
85 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm
86 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group
87 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number
90 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
92 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
93 #define IKEV2_TRANSFORM_ID_ENCR_DES 2
94 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3
95 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4
96 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5
97 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6
98 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
99 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8
100 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
101 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11
102 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12
103 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13
106 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
108 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1
109 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2
110 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3
111 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4
114 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
116 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0
117 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1
118 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2
119 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3
120 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4
121 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5
124 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
126 #define IKEV2_TRANSFORM_ID_DH_768MODP 1
127 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2
128 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14
131 // IKEv2 Attribute Type Values
133 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14
140 IKEV2_COMMON_PAYLOAD_HEADER Header
;
152 IKEV2_COMMON_PAYLOAD_HEADER Header
;
156 // Remaining part contains the key exchanged
158 } IKEV2_KEY_EXCHANGE
;
162 // Identification Type Values presented within Ikev2 ID payload
164 #define IKEV2_ID_TYPE_IPV4_ADDR 1
165 #define IKEV2_ID_TYPE_FQDN 2
166 #define IKEV2_ID_TYPE_RFC822_ADDR 3
167 #define IKEV2_ID_TYPE_IPV6_ADDR 5
168 #define IKEV2_ID_TYPE_DER_ASN1_DN 9
169 #define IKEV2_ID_TYPE_DER_ASN1_GN 10
170 #define IKEV2_ID_TYPE_KEY_ID 11
173 // Identification Payload
177 IKEV2_COMMON_PAYLOAD_HEADER Header
;
182 // Identification Data
188 // Encoding Type presented in IKEV2 Cert Payload
190 #define IKEV2_CERT_ENCODEING_RESERVED 0
191 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1
192 #define IKEV2_CERT_ENCODEING_PGP_CERT 2
193 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3
194 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4
195 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6
196 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7
197 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8
198 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9
199 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10
200 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11
201 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
204 // IKEV2 Certificate Payload
208 IKEV2_COMMON_PAYLOAD_HEADER Header
;
217 // IKEV2 Certificate Request Payload
221 IKEV2_COMMON_PAYLOAD_HEADER Header
;
230 // Authentication Payload
234 IKEV2_COMMON_PAYLOAD_HEADER Header
;
245 // Authmethod in Authentication Payload
247 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature
248 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity
249 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature
252 // IKEv2 Nonce Payload
256 IKEV2_COMMON_PAYLOAD_HEADER Header
;
264 // Notification Payload
268 IKEV2_COMMON_PAYLOAD_HEADER Header
;
273 // SPI and Notification Data
279 // Notify Message Types presented within IKEv2 Notify Payload
281 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1
282 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4
283 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5
284 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7
285 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9
286 #define IKEV2_NOTIFICATION_INVALID_SPI 11
287 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14
288 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17
289 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24
290 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34
291 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35
292 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36
293 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37
294 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38
295 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39
296 #define IKEV2_NOTIFICATION_COOKIE 16390
297 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391
298 #define IKEV2_NOTIFICATION_REKEY_SA 16393
304 // IKEv2 Delete Payload
308 IKEV2_COMMON_PAYLOAD_HEADER Header
;
319 // Traffic Selector Payload
323 IKEV2_COMMON_PAYLOAD_HEADER Header
;
344 // Starting Address && Ending Address
350 // Ts Type in Traffic Selector
352 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7
353 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8
360 IKEV2_COMMON_PAYLOAD_HEADER Header
;
372 IKEV2_COMMON_PAYLOAD_HEADER Header
;
374 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
386 // Configuration Payload
390 IKEV2_COMMON_PAYLOAD_HEADER Header
;
395 // Configuration Attributes
401 // Configuration Payload CPG type
403 #define IKEV2_CFG_TYPE_REQUEST 1
404 #define IKEV2_CFG_TYPE_REPLY 2
405 #define IKEV2_CFG_TYPE_SET 3
406 #define IKEV2_CFG_TYPE_ACK 4
409 // Configuration Attributes
415 } IKEV2_CFG_ATTRIBUTES
;
419 // Configuration Attributes
421 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1
422 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2
423 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3
424 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4
425 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5
426 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6
427 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7
428 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8
429 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10
430 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11
431 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12
432 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13
433 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14
434 #define IKEV2_CFG_ATTR_IP6_SUBNET 15