+++ /dev/null
-/** @file\r
- The Definitions related to IKEv2 payload.\r
-\r
- Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-#ifndef _IKE_V2_PAYLOAD_H_\r
-#define _IKE_V2_PAYLOAD_H_\r
-\r
-//\r
-// Payload Type for IKEv2\r
-//\r
-#define IKEV2_PAYLOAD_TYPE_NONE 0\r
-#define IKEV2_PAYLOAD_TYPE_SA 33\r
-#define IKEV2_PAYLOAD_TYPE_KE 34\r
-#define IKEV2_PAYLOAD_TYPE_ID_INIT 35\r
-#define IKEV2_PAYLOAD_TYPE_ID_RSP 36\r
-#define IKEV2_PAYLOAD_TYPE_CERT 37\r
-#define IKEV2_PAYLOAD_TYPE_CERTREQ 38\r
-#define IKEV2_PAYLOAD_TYPE_AUTH 39\r
-#define IKEV2_PAYLOAD_TYPE_NONCE 40\r
-#define IKEV2_PAYLOAD_TYPE_NOTIFY 41\r
-#define IKEV2_PAYLOAD_TYPE_DELETE 42\r
-#define IKEV2_PAYLOAD_TYPE_VENDOR 43\r
-#define IKEV2_PAYLOAD_TYPE_TS_INIT 44\r
-#define IKEV2_PAYLOAD_TYPE_TS_RSP 45\r
-#define IKEV2_PAYLOAD_TYPE_ENCRYPT 46\r
-#define IKEV2_PAYLOAD_TYPE_CP 47\r
-#define IKEV2_PAYLOAD_TYPE_EAP 48\r
-\r
-//\r
-// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1\r
-//\r
-// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the\r
-// original initiator of the IKE_SA\r
-//\r
-// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to\r
-// a message containing the same message ID.\r
-//\r
-#define IKE_HEADER_FLAGS_INIT 0x08\r
-#define IKE_HEADER_FLAGS_RESPOND 0x20\r
-\r
-//\r
-// IKE Header Exchange Type for IKEv2\r
-//\r
-#define IKEV2_EXCHANGE_TYPE_INIT 34\r
-#define IKEV2_EXCHANGE_TYPE_AUTH 35\r
-#define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36\r
-#define IKEV2_EXCHANGE_TYPE_INFO 37\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT8 NextPayload;\r
- UINT8 Reserved;\r
- UINT16 PayloadLength;\r
-} IKEV2_COMMON_PAYLOAD_HEADER;\r
-#pragma pack()\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- //\r
- // Proposals\r
- //\r
-} IKEV2_SA;\r
-#pragma pack()\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 ProposalIndex;\r
- UINT8 ProtocolId;\r
- UINT8 SpiSize;\r
- UINT8 NumTransforms;\r
-} IKEV2_PROPOSAL;\r
-#pragma pack()\r
-\r
-//\r
-// IKEv2 Transform Type Values presented within Transform Payload\r
-//\r
-#define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm\r
-#define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func\r
-#define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm\r
-#define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group\r
-#define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number\r
-\r
-//\r
-// IKEv2 Transform ID for Encrypt Algorithm (ENCR)\r
-//\r
-#define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1\r
-#define IKEV2_TRANSFORM_ID_ENCR_DES 2\r
-#define IKEV2_TRANSFORM_ID_ENCR_3DES 3\r
-#define IKEV2_TRANSFORM_ID_ENCR_RC5 4\r
-#define IKEV2_TRANSFORM_ID_ENCR_IDEA 5\r
-#define IKEV2_TRANSFORM_ID_ENCR_CAST 6\r
-#define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7\r
-#define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8\r
-#define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9\r
-#define IKEV2_TRANSFORM_ID_ENCR_NULL 11\r
-#define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12\r
-#define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13\r
-\r
-//\r
-// IKEv2 Transform ID for Pseudo-Random Function (PRF)\r
-//\r
-#define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1\r
-#define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2\r
-#define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3\r
-#define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4\r
-\r
-//\r
-// IKEv2 Transform ID for Integrity Algorithm (INTEG)\r
-//\r
-#define IKEV2_TRANSFORM_ID_AUTH_NONE 0\r
-#define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1\r
-#define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2\r
-#define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3\r
-#define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4\r
-#define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5\r
-\r
-//\r
-// IKEv2 Transform ID for Diffie-Hellman Group (DH)\r
-//\r
-#define IKEV2_TRANSFORM_ID_DH_768MODP 1\r
-#define IKEV2_TRANSFORM_ID_DH_1024MODP 2\r
-#define IKEV2_TRANSFORM_ID_DH_2048MODP 14\r
-\r
-//\r
-// IKEv2 Attribute Type Values\r
-//\r
-#define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14\r
-\r
-//\r
-// Transform Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 TransformType;\r
- UINT8 Reserved;\r
- UINT16 TransformId;\r
- //\r
- // SA Attributes\r
- //\r
-} IKEV2_TRANSFORM;\r
-#pragma pack()\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT16 DhGroup;\r
- UINT16 Reserved;\r
- //\r
- // Remaining part contains the key exchanged\r
- //\r
-} IKEV2_KEY_EXCHANGE;\r
-#pragma pack()\r
-\r
-//\r
-// Identification Type Values presented within Ikev2 ID payload\r
-//\r
-#define IKEV2_ID_TYPE_IPV4_ADDR 1\r
-#define IKEV2_ID_TYPE_FQDN 2\r
-#define IKEV2_ID_TYPE_RFC822_ADDR 3\r
-#define IKEV2_ID_TYPE_IPV6_ADDR 5\r
-#define IKEV2_ID_TYPE_DER_ASN1_DN 9\r
-#define IKEV2_ID_TYPE_DER_ASN1_GN 10\r
-#define IKEV2_ID_TYPE_KEY_ID 11\r
-\r
-//\r
-// Identification Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 IdType;\r
- UINT8 Reserver1;\r
- UINT16 Reserver2;\r
- //\r
- // Identification Data\r
- //\r
-} IKEV2_ID;\r
-#pragma pack()\r
-\r
-//\r
-// Encoding Type presented in IKEV2 Cert Payload\r
-//\r
-#define IKEV2_CERT_ENCODEING_RESERVED 0\r
-#define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1\r
-#define IKEV2_CERT_ENCODEING_PGP_CERT 2\r
-#define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3\r
-#define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4\r
-#define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6\r
-#define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7\r
-#define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8\r
-#define IKEV2_CERT_ENCODEING_SPKI_CERT 9\r
-#define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10\r
-#define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11\r
-#define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12\r
-\r
-//\r
-// IKEV2 Certificate Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 CertEncoding;\r
- //\r
- // Cert Data\r
- //\r
-} IKEV2_CERT;\r
-#pragma pack()\r
-\r
-//\r
-// IKEV2 Certificate Request Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 CertEncoding;\r
- //\r
- // Cert Authority\r
- //\r
-} IKEV2_CERT_REQ;\r
-#pragma pack()\r
-\r
-//\r
-// Authentication Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 AuthMethod;\r
- UINT8 Reserved1;\r
- UINT16 Reserved2;\r
- //\r
- // Auth Data\r
- //\r
-} IKEV2_AUTH;\r
-#pragma pack()\r
-\r
-//\r
-// Authmethod in Authentication Payload\r
-//\r
-#define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature\r
-#define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity\r
-#define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature\r
-\r
-//\r
-// IKEv2 Nonce Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- //\r
- // Nonce Data\r
- //\r
-} IKEV2_NONCE;\r
-#pragma pack()\r
-\r
-//\r
-// Notification Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 ProtocolId;\r
- UINT8 SpiSize;\r
- UINT16 MessageType;\r
- //\r
- // SPI and Notification Data\r
- //\r
-} IKEV2_NOTIFY;\r
-#pragma pack()\r
-\r
-//\r
-// Notify Message Types presented within IKEv2 Notify Payload\r
-//\r
-#define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1\r
-#define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4\r
-#define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5\r
-#define IKEV2_NOTIFICATION_INVALID_SYNTAX 7\r
-#define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9\r
-#define IKEV2_NOTIFICATION_INVALID_SPI 11\r
-#define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14\r
-#define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17\r
-#define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24\r
-#define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34\r
-#define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35\r
-#define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36\r
-#define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37\r
-#define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38\r
-#define IKEV2_NOTIFICATION_INVALID_SELECTORS 39\r
-#define IKEV2_NOTIFICATION_COOKIE 16390\r
-#define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391\r
-#define IKEV2_NOTIFICATION_REKEY_SA 16393\r
-\r
-//\r
-// IKEv2 Protocol ID\r
-//\r
-//\r
-// IKEv2 Delete Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 ProtocolId;\r
- UINT8 SpiSize;\r
- UINT16 NumSpis;\r
- //\r
- // SPIs\r
- //\r
-} IKEV2_DELETE;\r
-#pragma pack()\r
-\r
-//\r
-// Traffic Selector Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 TSNumbers;\r
- UINT8 Reserved1;\r
- UINT16 Reserved2;\r
- //\r
- // Traffic Selector\r
- //\r
-} IKEV2_TS;\r
-#pragma pack()\r
-\r
-//\r
-// Traffic Selector\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT8 TSType;\r
- UINT8 IpProtocolId;\r
- UINT16 SelecorLen;\r
- UINT16 StartPort;\r
- UINT16 EndPort;\r
- //\r
- // Starting Address && Ending Address\r
- //\r
-} TRAFFIC_SELECTOR;\r
-#pragma pack()\r
-\r
-//\r
-// Ts Type in Traffic Selector\r
-//\r
-#define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7\r
-#define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8\r
-\r
-//\r
-// Vendor Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- //\r
- // Vendor ID\r
- //\r
-} IKEV2_VENDOR;\r
-#pragma pack()\r
-\r
-//\r
-// Encrypted Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- //\r
- // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum\r
- //\r
-} IKEV2_ENCRYPTED;\r
-#pragma pack()\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT8 PadLength;\r
-} IKEV2_PAD_LEN;\r
-#pragma pack()\r
-\r
-//\r
-// Configuration Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- IKEV2_COMMON_PAYLOAD_HEADER Header;\r
- UINT8 CfgType;\r
- UINT8 Reserve1;\r
- UINT16 Reserve2;\r
- //\r
- // Configuration Attributes\r
- //\r
-} IKEV2_CFG;\r
-#pragma pack()\r
-\r
-//\r
-// Configuration Payload CPG type\r
-//\r
-#define IKEV2_CFG_TYPE_REQUEST 1\r
-#define IKEV2_CFG_TYPE_REPLY 2\r
-#define IKEV2_CFG_TYPE_SET 3\r
-#define IKEV2_CFG_TYPE_ACK 4\r
-\r
-//\r
-// Configuration Attributes\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT16 AttritType;\r
- UINT16 ValueLength;\r
-} IKEV2_CFG_ATTRIBUTES;\r
-#pragma pack()\r
-\r
-//\r
-// Configuration Attributes\r
-//\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4\r
-#define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6\r
-#define IKEV2_CFG_ATTR_APPLICATION_VERSION 7\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12\r
-#define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13\r
-#define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14\r
-#define IKEV2_CFG_ATTR_IP6_SUBNET 15\r
-\r
-#endif\r
-\r