]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/Ikev2/Payload.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NetworkPkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Payload.h
1 /** @file
2 The Definitions related to IKEv2 payload.
3
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9 #ifndef _IKE_V2_PAYLOAD_H_
10 #define _IKE_V2_PAYLOAD_H_
11
12 //
13 // Payload Type for IKEv2
14 //
15 #define IKEV2_PAYLOAD_TYPE_NONE 0
16 #define IKEV2_PAYLOAD_TYPE_SA 33
17 #define IKEV2_PAYLOAD_TYPE_KE 34
18 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35
19 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36
20 #define IKEV2_PAYLOAD_TYPE_CERT 37
21 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38
22 #define IKEV2_PAYLOAD_TYPE_AUTH 39
23 #define IKEV2_PAYLOAD_TYPE_NONCE 40
24 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41
25 #define IKEV2_PAYLOAD_TYPE_DELETE 42
26 #define IKEV2_PAYLOAD_TYPE_VENDOR 43
27 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44
28 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45
29 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46
30 #define IKEV2_PAYLOAD_TYPE_CP 47
31 #define IKEV2_PAYLOAD_TYPE_EAP 48
32
33 //
34 // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
35 //
36 // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
37 // original initiator of the IKE_SA
38 //
39 // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
40 // a message containing the same message ID.
41 //
42 #define IKE_HEADER_FLAGS_INIT 0x08
43 #define IKE_HEADER_FLAGS_RESPOND 0x20
44
45 //
46 // IKE Header Exchange Type for IKEv2
47 //
48 #define IKEV2_EXCHANGE_TYPE_INIT 34
49 #define IKEV2_EXCHANGE_TYPE_AUTH 35
50 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
51 #define IKEV2_EXCHANGE_TYPE_INFO 37
52
53 #pragma pack(1)
54 typedef struct {
55 UINT8 NextPayload;
56 UINT8 Reserved;
57 UINT16 PayloadLength;
58 } IKEV2_COMMON_PAYLOAD_HEADER;
59 #pragma pack()
60
61 #pragma pack(1)
62 typedef struct {
63 IKEV2_COMMON_PAYLOAD_HEADER Header;
64 //
65 // Proposals
66 //
67 } IKEV2_SA;
68 #pragma pack()
69
70 #pragma pack(1)
71 typedef struct {
72 IKEV2_COMMON_PAYLOAD_HEADER Header;
73 UINT8 ProposalIndex;
74 UINT8 ProtocolId;
75 UINT8 SpiSize;
76 UINT8 NumTransforms;
77 } IKEV2_PROPOSAL;
78 #pragma pack()
79
80 //
81 // IKEv2 Transform Type Values presented within Transform Payload
82 //
83 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm
84 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func
85 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm
86 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group
87 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number
88
89 //
90 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
91 //
92 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
93 #define IKEV2_TRANSFORM_ID_ENCR_DES 2
94 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3
95 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4
96 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5
97 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6
98 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
99 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8
100 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
101 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11
102 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12
103 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13
104
105 //
106 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
107 //
108 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1
109 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2
110 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3
111 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4
112
113 //
114 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
115 //
116 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0
117 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1
118 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2
119 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3
120 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4
121 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5
122
123 //
124 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
125 //
126 #define IKEV2_TRANSFORM_ID_DH_768MODP 1
127 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2
128 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14
129
130 //
131 // IKEv2 Attribute Type Values
132 //
133 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14
134
135 //
136 // Transform Payload
137 //
138 #pragma pack(1)
139 typedef struct {
140 IKEV2_COMMON_PAYLOAD_HEADER Header;
141 UINT8 TransformType;
142 UINT8 Reserved;
143 UINT16 TransformId;
144 //
145 // SA Attributes
146 //
147 } IKEV2_TRANSFORM;
148 #pragma pack()
149
150 #pragma pack(1)
151 typedef struct {
152 IKEV2_COMMON_PAYLOAD_HEADER Header;
153 UINT16 DhGroup;
154 UINT16 Reserved;
155 //
156 // Remaining part contains the key exchanged
157 //
158 } IKEV2_KEY_EXCHANGE;
159 #pragma pack()
160
161 //
162 // Identification Type Values presented within Ikev2 ID payload
163 //
164 #define IKEV2_ID_TYPE_IPV4_ADDR 1
165 #define IKEV2_ID_TYPE_FQDN 2
166 #define IKEV2_ID_TYPE_RFC822_ADDR 3
167 #define IKEV2_ID_TYPE_IPV6_ADDR 5
168 #define IKEV2_ID_TYPE_DER_ASN1_DN 9
169 #define IKEV2_ID_TYPE_DER_ASN1_GN 10
170 #define IKEV2_ID_TYPE_KEY_ID 11
171
172 //
173 // Identification Payload
174 //
175 #pragma pack(1)
176 typedef struct {
177 IKEV2_COMMON_PAYLOAD_HEADER Header;
178 UINT8 IdType;
179 UINT8 Reserver1;
180 UINT16 Reserver2;
181 //
182 // Identification Data
183 //
184 } IKEV2_ID;
185 #pragma pack()
186
187 //
188 // Encoding Type presented in IKEV2 Cert Payload
189 //
190 #define IKEV2_CERT_ENCODEING_RESERVED 0
191 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1
192 #define IKEV2_CERT_ENCODEING_PGP_CERT 2
193 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3
194 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4
195 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6
196 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7
197 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8
198 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9
199 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10
200 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11
201 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
202
203 //
204 // IKEV2 Certificate Payload
205 //
206 #pragma pack(1)
207 typedef struct {
208 IKEV2_COMMON_PAYLOAD_HEADER Header;
209 UINT8 CertEncoding;
210 //
211 // Cert Data
212 //
213 } IKEV2_CERT;
214 #pragma pack()
215
216 //
217 // IKEV2 Certificate Request Payload
218 //
219 #pragma pack(1)
220 typedef struct {
221 IKEV2_COMMON_PAYLOAD_HEADER Header;
222 UINT8 CertEncoding;
223 //
224 // Cert Authority
225 //
226 } IKEV2_CERT_REQ;
227 #pragma pack()
228
229 //
230 // Authentication Payload
231 //
232 #pragma pack(1)
233 typedef struct {
234 IKEV2_COMMON_PAYLOAD_HEADER Header;
235 UINT8 AuthMethod;
236 UINT8 Reserved1;
237 UINT16 Reserved2;
238 //
239 // Auth Data
240 //
241 } IKEV2_AUTH;
242 #pragma pack()
243
244 //
245 // Authmethod in Authentication Payload
246 //
247 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature
248 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity
249 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature
250
251 //
252 // IKEv2 Nonce Payload
253 //
254 #pragma pack(1)
255 typedef struct {
256 IKEV2_COMMON_PAYLOAD_HEADER Header;
257 //
258 // Nonce Data
259 //
260 } IKEV2_NONCE;
261 #pragma pack()
262
263 //
264 // Notification Payload
265 //
266 #pragma pack(1)
267 typedef struct {
268 IKEV2_COMMON_PAYLOAD_HEADER Header;
269 UINT8 ProtocolId;
270 UINT8 SpiSize;
271 UINT16 MessageType;
272 //
273 // SPI and Notification Data
274 //
275 } IKEV2_NOTIFY;
276 #pragma pack()
277
278 //
279 // Notify Message Types presented within IKEv2 Notify Payload
280 //
281 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1
282 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4
283 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5
284 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7
285 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9
286 #define IKEV2_NOTIFICATION_INVALID_SPI 11
287 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14
288 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17
289 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24
290 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34
291 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35
292 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36
293 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37
294 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38
295 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39
296 #define IKEV2_NOTIFICATION_COOKIE 16390
297 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391
298 #define IKEV2_NOTIFICATION_REKEY_SA 16393
299
300 //
301 // IKEv2 Protocol ID
302 //
303 //
304 // IKEv2 Delete Payload
305 //
306 #pragma pack(1)
307 typedef struct {
308 IKEV2_COMMON_PAYLOAD_HEADER Header;
309 UINT8 ProtocolId;
310 UINT8 SpiSize;
311 UINT16 NumSpis;
312 //
313 // SPIs
314 //
315 } IKEV2_DELETE;
316 #pragma pack()
317
318 //
319 // Traffic Selector Payload
320 //
321 #pragma pack(1)
322 typedef struct {
323 IKEV2_COMMON_PAYLOAD_HEADER Header;
324 UINT8 TSNumbers;
325 UINT8 Reserved1;
326 UINT16 Reserved2;
327 //
328 // Traffic Selector
329 //
330 } IKEV2_TS;
331 #pragma pack()
332
333 //
334 // Traffic Selector
335 //
336 #pragma pack(1)
337 typedef struct {
338 UINT8 TSType;
339 UINT8 IpProtocolId;
340 UINT16 SelecorLen;
341 UINT16 StartPort;
342 UINT16 EndPort;
343 //
344 // Starting Address && Ending Address
345 //
346 } TRAFFIC_SELECTOR;
347 #pragma pack()
348
349 //
350 // Ts Type in Traffic Selector
351 //
352 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7
353 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8
354
355 //
356 // Vendor Payload
357 //
358 #pragma pack(1)
359 typedef struct {
360 IKEV2_COMMON_PAYLOAD_HEADER Header;
361 //
362 // Vendor ID
363 //
364 } IKEV2_VENDOR;
365 #pragma pack()
366
367 //
368 // Encrypted Payload
369 //
370 #pragma pack(1)
371 typedef struct {
372 IKEV2_COMMON_PAYLOAD_HEADER Header;
373 //
374 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
375 //
376 } IKEV2_ENCRYPTED;
377 #pragma pack()
378
379 #pragma pack(1)
380 typedef struct {
381 UINT8 PadLength;
382 } IKEV2_PAD_LEN;
383 #pragma pack()
384
385 //
386 // Configuration Payload
387 //
388 #pragma pack(1)
389 typedef struct {
390 IKEV2_COMMON_PAYLOAD_HEADER Header;
391 UINT8 CfgType;
392 UINT8 Reserve1;
393 UINT16 Reserve2;
394 //
395 // Configuration Attributes
396 //
397 } IKEV2_CFG;
398 #pragma pack()
399
400 //
401 // Configuration Payload CPG type
402 //
403 #define IKEV2_CFG_TYPE_REQUEST 1
404 #define IKEV2_CFG_TYPE_REPLY 2
405 #define IKEV2_CFG_TYPE_SET 3
406 #define IKEV2_CFG_TYPE_ACK 4
407
408 //
409 // Configuration Attributes
410 //
411 #pragma pack(1)
412 typedef struct {
413 UINT16 AttritType;
414 UINT16 ValueLength;
415 } IKEV2_CFG_ATTRIBUTES;
416 #pragma pack()
417
418 //
419 // Configuration Attributes
420 //
421 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1
422 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2
423 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3
424 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4
425 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5
426 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6
427 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7
428 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8
429 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10
430 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11
431 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12
432 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13
433 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14
434 #define IKEV2_CFG_ATTR_IP6_SUBNET 15
435
436 #endif
437
EFI Development Kit II mirror for PVE