1 /** @file 2 The Definitions related to IKEv2 payload. 3 4 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> 5 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php. 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 #ifndef _IKE_V2_PAYLOAD_H_ 16 #define _IKE_V2_PAYLOAD_H_ 17 18 // 19 // Payload Type for IKEv2 20 // 21 #define IKEV2_PAYLOAD_TYPE_NONE 0 22 #define IKEV2_PAYLOAD_TYPE_SA 33 23 #define IKEV2_PAYLOAD_TYPE_KE 34 24 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35 25 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36 26 #define IKEV2_PAYLOAD_TYPE_CERT 37 27 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38 28 #define IKEV2_PAYLOAD_TYPE_AUTH 39 29 #define IKEV2_PAYLOAD_TYPE_NONCE 40 30 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41 31 #define IKEV2_PAYLOAD_TYPE_DELETE 42 32 #define IKEV2_PAYLOAD_TYPE_VENDOR 43 33 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44 34 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45 35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46 36 #define IKEV2_PAYLOAD_TYPE_CP 47 37 #define IKEV2_PAYLOAD_TYPE_EAP 48 38 39 // 40 // IKE header Flag for IKEv2 41 // 42 #define IKE_HEADER_FLAGS_INIT 0x08 43 #define IKE_HEADER_FLAGS_RESPOND 0x20 44 #define IKE_HEADER_FLAGS_CHILD_INIT 0 45 46 // 47 // IKE Header Exchange Type for IKEv2 48 // 49 #define IKEV2_EXCHANGE_TYPE_INIT 34 50 #define IKEV2_EXCHANGE_TYPE_AUTH 35 51 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36 52 #define IKEV2_EXCHANGE_TYPE_INFO 37 53 54 #pragma pack(1) 55 typedef struct { 56 UINT8 NextPayload; 57 UINT8 Reserved; 58 UINT16 PayloadLength; 59 } IKEV2_COMMON_PAYLOAD_HEADER; 60 #pragma pack() 61 62 #pragma pack(1) 63 typedef struct { 64 IKEV2_COMMON_PAYLOAD_HEADER Header; 65 // 66 // Proposals 67 // 68 } IKEV2_SA; 69 #pragma pack() 70 71 #pragma pack(1) 72 typedef struct { 73 IKEV2_COMMON_PAYLOAD_HEADER Header; 74 UINT8 ProposalIndex; 75 UINT8 ProtocolId; 76 UINT8 SpiSize; 77 UINT8 NumTransforms; 78 } IKEV2_PROPOSAL; 79 #pragma pack() 80 81 // 82 // IKEv2 Transform Type Values presented within Transform Payload 83 // 84 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm 85 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func 86 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm 87 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group 88 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number 89 90 // 91 // IKEv2 Transform ID for Encrypt Algorithm (ENCR) 92 // 93 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1 94 #define IKEV2_TRANSFORM_ID_ENCR_DES 2 95 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3 96 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4 97 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5 98 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6 99 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7 100 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8 101 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9 102 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11 103 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12 104 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13 105 106 // 107 // IKEv2 Transform ID for Pseudo-Random Function (PRF) 108 // 109 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1 110 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2 111 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3 112 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4 113 114 // 115 // IKEv2 Transform ID for Integrity Algorithm (INTEG) 116 // 117 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0 118 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1 119 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2 120 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3 121 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4 122 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5 123 124 // 125 // IKEv2 Transform ID for Diffie-Hellman Group (DH) 126 // 127 #define IKEV2_TRANSFORM_ID_DH_768MODP 1 128 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2 129 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14 130 131 // 132 // IKEv2 Attribute Type Values 133 // 134 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14 135 136 // 137 // Transform Payload 138 // 139 #pragma pack(1) 140 typedef struct { 141 IKEV2_COMMON_PAYLOAD_HEADER Header; 142 UINT8 TransformType; 143 UINT8 Reserved; 144 UINT16 TransformId; 145 // 146 // SA Attributes 147 // 148 } IKEV2_TRANSFORM; 149 #pragma pack() 150 151 #pragma pack(1) 152 typedef struct { 153 IKEV2_COMMON_PAYLOAD_HEADER Header; 154 UINT16 DhGroup; 155 UINT16 Reserved; 156 // 157 // Remaining part contains the key exchanged 158 // 159 } IKEV2_KEY_EXCHANGE; 160 #pragma pack() 161 162 // 163 // Identification Type Values presented within Ikev2 ID payload 164 // 165 #define IKEV2_ID_TYPE_IPV4_ADDR 1 166 #define IKEV2_ID_TYPE_FQDN 2 167 #define IKEV2_ID_TYPE_RFC822_ADDR 3 168 #define IKEV2_ID_TYPE_IPV6_ADDR 5 169 #define IKEV2_ID_TYPE_DER_ASN1_DN 9 170 #define IKEV2_ID_TYPE_DER_ASN1_GN 10 171 #define IKEV2_ID_TYPE_KEY_ID 11 172 173 // 174 // Identification Payload 175 // 176 #pragma pack(1) 177 typedef struct { 178 IKEV2_COMMON_PAYLOAD_HEADER Header; 179 UINT8 IdType; 180 UINT8 Reserver1; 181 UINT16 Reserver2; 182 // 183 // Identification Data 184 // 185 } IKEV2_ID; 186 #pragma pack() 187 188 // 189 // Encoding Type presented in IKEV2 Cert Payload 190 // 191 #define IKEV2_CERT_ENCODEING_RESERVED 0 192 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1 193 #define IKEV2_CERT_ENCODEING_PGP_CERT 2 194 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3 195 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4 196 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6 197 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7 198 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8 199 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9 200 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10 201 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11 202 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12 203 204 // 205 // IKEV2 Certificate Payload 206 // 207 #pragma pack(1) 208 typedef struct { 209 IKEV2_COMMON_PAYLOAD_HEADER Header; 210 UINT8 CertEncoding; 211 // 212 // Cert Data 213 // 214 } IKEV2_CERT; 215 #pragma pack() 216 217 // 218 // IKEV2 Certificate Request Payload 219 // 220 #pragma pack(1) 221 typedef struct { 222 IKEV2_COMMON_PAYLOAD_HEADER Header; 223 UINT8 CertEncoding; 224 // 225 // Cert Authority 226 // 227 } IKEV2_CERT_REQ; 228 #pragma pack() 229 230 // 231 // Authentication Payload 232 // 233 #pragma pack(1) 234 typedef struct { 235 IKEV2_COMMON_PAYLOAD_HEADER Header; 236 UINT8 AuthMethod; 237 UINT8 Reserved1; 238 UINT16 Reserved2; 239 // 240 // Auth Data 241 // 242 } IKEV2_AUTH; 243 #pragma pack() 244 245 // 246 // Authmethod in Authentication Payload 247 // 248 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature 249 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity 250 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature 251 252 // 253 // IKEv2 Nonce Payload 254 // 255 #pragma pack(1) 256 typedef struct { 257 IKEV2_COMMON_PAYLOAD_HEADER Header; 258 // 259 // Nonce Data 260 // 261 } IKEV2_NONCE; 262 #pragma pack() 263 264 // 265 // Notification Payload 266 // 267 #pragma pack(1) 268 typedef struct { 269 IKEV2_COMMON_PAYLOAD_HEADER Header; 270 UINT8 ProtocolId; 271 UINT8 SpiSize; 272 UINT16 MessageType; 273 // 274 // SPI and Notification Data 275 // 276 } IKEV2_NOTIFY; 277 #pragma pack() 278 279 // 280 // Notify Message Types presented within IKEv2 Notify Payload 281 // 282 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1 283 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4 284 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5 285 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7 286 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9 287 #define IKEV2_NOTIFICATION_INVALID_SPI 11 288 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14 289 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17 290 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24 291 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34 292 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35 293 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36 294 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37 295 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38 296 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39 297 #define IKEV2_NOTIFICATION_COOKIE 16390 298 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391 299 #define IKEV2_NOTIFICATION_REKEY_SA 16393 300 301 // 302 // IKEv2 Protocol ID 303 // 304 // 305 // IKEv2 Delete Payload 306 // 307 #pragma pack(1) 308 typedef struct { 309 IKEV2_COMMON_PAYLOAD_HEADER Header; 310 UINT8 ProtocolId; 311 UINT8 SpiSize; 312 UINT16 NumSpis; 313 // 314 // SPIs 315 // 316 } IKEV2_DELETE; 317 #pragma pack() 318 319 // 320 // Traffic Selector Payload 321 // 322 #pragma pack(1) 323 typedef struct { 324 IKEV2_COMMON_PAYLOAD_HEADER Header; 325 UINT8 TSNumbers; 326 UINT8 Reserved1; 327 UINT16 Reserved2; 328 // 329 // Traffic Selector 330 // 331 } IKEV2_TS; 332 #pragma pack() 333 334 // 335 // Traffic Selector 336 // 337 #pragma pack(1) 338 typedef struct { 339 UINT8 TSType; 340 UINT8 IpProtocolId; 341 UINT16 SelecorLen; 342 UINT16 StartPort; 343 UINT16 EndPort; 344 // 345 // Starting Address && Ending Address 346 // 347 } TRAFFIC_SELECTOR; 348 #pragma pack() 349 350 // 351 // Ts Type in Traffic Selector 352 // 353 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7 354 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8 355 356 // 357 // Vendor Payload 358 // 359 #pragma pack(1) 360 typedef struct { 361 IKEV2_COMMON_PAYLOAD_HEADER Header; 362 // 363 // Vendor ID 364 // 365 } IKEV2_VENDOR; 366 #pragma pack() 367 368 // 369 // Encrypted Payload 370 // 371 #pragma pack(1) 372 typedef struct { 373 IKEV2_COMMON_PAYLOAD_HEADER Header; 374 // 375 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum 376 // 377 } IKEV2_ENCRYPTED; 378 #pragma pack() 379 380 #pragma pack(1) 381 typedef struct { 382 UINT8 PadLength; 383 } IKEV2_PAD_LEN; 384 #pragma pack() 385 386 // 387 // Configuration Payload 388 // 389 #pragma pack(1) 390 typedef struct { 391 IKEV2_COMMON_PAYLOAD_HEADER Header; 392 UINT8 CfgType; 393 UINT8 Reserve1; 394 UINT16 Reserve2; 395 // 396 // Configuration Attributes 397 // 398 } IKEV2_CFG; 399 #pragma pack() 400 401 // 402 // Configuration Payload CPG type 403 // 404 #define IKEV2_CFG_TYPE_REQUEST 1 405 #define IKEV2_CFG_TYPE_REPLY 2 406 #define IKEV2_CFG_TYPE_SET 3 407 #define IKEV2_CFG_TYPE_ACK 4 408 409 // 410 // Configuration Attributes 411 // 412 #pragma pack(1) 413 typedef struct { 414 UINT16 AttritType; 415 UINT16 ValueLength; 416 } IKEV2_CFG_ATTRIBUTES; 417 #pragma pack() 418 419 // 420 // Configuration Attributes 421 // 422 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1 423 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2 424 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3 425 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4 426 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5 427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6 428 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7 429 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8 430 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10 431 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11 432 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12 433 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13 434 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14 435 #define IKEV2_CFG_ATTR_IP6_SUBNET 15 436 437 #endif 438 439