1 /** @file
2   The Definitions related to IKEv2 payload.
3 
4   Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
5 
6   This program and the accompanying materials
7   are licensed and made available under the terms and conditions of the BSD License
8   which accompanies this distribution.  The full text of the license may be found at
9   http://opensource.org/licenses/bsd-license.php.
10 
11   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13 
14 **/
15 #ifndef _IKE_V2_PAYLOAD_H_
16 #define _IKE_V2_PAYLOAD_H_
17 
18 //
19 // Payload Type for IKEv2
20 //
21 #define IKEV2_PAYLOAD_TYPE_NONE     0
22 #define IKEV2_PAYLOAD_TYPE_SA       33
23 #define IKEV2_PAYLOAD_TYPE_KE       34
24 #define IKEV2_PAYLOAD_TYPE_ID_INIT  35
25 #define IKEV2_PAYLOAD_TYPE_ID_RSP   36
26 #define IKEV2_PAYLOAD_TYPE_CERT     37
27 #define IKEV2_PAYLOAD_TYPE_CERTREQ  38
28 #define IKEV2_PAYLOAD_TYPE_AUTH     39
29 #define IKEV2_PAYLOAD_TYPE_NONCE    40
30 #define IKEV2_PAYLOAD_TYPE_NOTIFY   41
31 #define IKEV2_PAYLOAD_TYPE_DELETE   42
32 #define IKEV2_PAYLOAD_TYPE_VENDOR   43
33 #define IKEV2_PAYLOAD_TYPE_TS_INIT  44
34 #define IKEV2_PAYLOAD_TYPE_TS_RSP   45
35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT  46
36 #define IKEV2_PAYLOAD_TYPE_CP       47
37 #define IKEV2_PAYLOAD_TYPE_EAP      48
38 
39 //
40 // IKE header Flag for IKEv2
41 //
42 #define IKE_HEADER_FLAGS_INIT       0x08
43 #define IKE_HEADER_FLAGS_RESPOND    0x20
44 #define IKE_HEADER_FLAGS_CHILD_INIT 0
45 
46 //
47 // IKE Header Exchange Type for IKEv2
48 //
49 #define IKEV2_EXCHANGE_TYPE_INIT         34
50 #define IKEV2_EXCHANGE_TYPE_AUTH         35
51 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36
52 #define IKEV2_EXCHANGE_TYPE_INFO         37
53 
54 #pragma pack(1)
55 typedef struct {
56   UINT8   NextPayload;
57   UINT8   Reserved;
58   UINT16  PayloadLength;
59 } IKEV2_COMMON_PAYLOAD_HEADER;
60 #pragma pack()
61 
62 #pragma pack(1)
63 typedef struct {
64   IKEV2_COMMON_PAYLOAD_HEADER Header;
65   //
66   // Proposals
67   //
68 } IKEV2_SA;
69 #pragma pack()
70 
71 #pragma pack(1)
72 typedef struct {
73   IKEV2_COMMON_PAYLOAD_HEADER Header;
74   UINT8                       ProposalIndex;
75   UINT8                       ProtocolId;
76   UINT8                       SpiSize;
77   UINT8                       NumTransforms;
78 } IKEV2_PROPOSAL;
79 #pragma pack()
80 
81 //
82 // IKEv2 Transform Type Values presented within Transform Payload
83 //
84 #define IKEV2_TRANSFORM_TYPE_ENCR      1  // Encryption Algorithm
85 #define IKEV2_TRANSFORM_TYPE_PRF       2  // Pseduo-Random Func
86 #define IKEV2_TRANSFORM_TYPE_INTEG     3  // Integrity Algorithm
87 #define IKEV2_TRANSFORM_TYPE_DH        4  // DH Group
88 #define IKEV2_TRANSFORM_TYPE_ESN       5  // Extended Sequence Number
89 
90 //
91 // IKEv2 Transform ID for Encrypt Algorithm (ENCR)
92 //
93 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
94 #define IKEV2_TRANSFORM_ID_ENCR_DES      2
95 #define IKEV2_TRANSFORM_ID_ENCR_3DES     3
96 #define IKEV2_TRANSFORM_ID_ENCR_RC5      4
97 #define IKEV2_TRANSFORM_ID_ENCR_IDEA     5
98 #define IKEV2_TRANSFORM_ID_ENCR_CAST     6
99 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7
100 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA    8
101 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9
102 #define IKEV2_TRANSFORM_ID_ENCR_NULL     11
103 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC  12
104 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR  13
105 
106 //
107 // IKEv2 Transform ID for Pseudo-Random Function (PRF)
108 //
109 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5     1
110 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1    2
111 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER   3
112 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC  4
113 
114 //
115 // IKEv2 Transform ID for Integrity Algorithm (INTEG)
116 //
117 #define IKEV2_TRANSFORM_ID_AUTH_NONE              0
118 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96       1
119 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96      2
120 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC      3
121 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5     4
122 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96  5
123 
124 //
125 // IKEv2 Transform ID for Diffie-Hellman Group (DH)
126 //
127 #define IKEV2_TRANSFORM_ID_DH_768MODP             1
128 #define IKEV2_TRANSFORM_ID_DH_1024MODP            2
129 #define IKEV2_TRANSFORM_ID_DH_2048MODP            14
130 
131 //
132 // IKEv2 Attribute Type Values
133 //
134 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN               14
135 
136 //
137 // Transform Payload
138 //
139 #pragma pack(1)
140 typedef struct {
141   IKEV2_COMMON_PAYLOAD_HEADER Header;
142   UINT8                       TransformType;
143   UINT8                       Reserved;
144   UINT16                      TransformId;
145   //
146   // SA Attributes
147   //
148 } IKEV2_TRANSFORM;
149 #pragma pack()
150 
151 #pragma pack(1)
152 typedef struct {
153   IKEV2_COMMON_PAYLOAD_HEADER Header;
154   UINT16                      DhGroup;
155   UINT16                      Reserved;
156   //
157   // Remaining part contains the key exchanged
158   //
159 } IKEV2_KEY_EXCHANGE;
160 #pragma pack()
161 
162 //
163 // Identification Type Values presented within Ikev2 ID payload
164 //
165 #define IKEV2_ID_TYPE_IPV4_ADDR        1
166 #define IKEV2_ID_TYPE_FQDN             2
167 #define IKEV2_ID_TYPE_RFC822_ADDR      3
168 #define IKEV2_ID_TYPE_IPV6_ADDR        5
169 #define IKEV2_ID_TYPE_DER_ASN1_DN      9
170 #define IKEV2_ID_TYPE_DER_ASN1_GN      10
171 #define IKEV2_ID_TYPE_KEY_ID           11
172 
173 //
174 // Identification Payload
175 //
176 #pragma pack(1)
177 typedef struct {
178   IKEV2_COMMON_PAYLOAD_HEADER Header;
179   UINT8                       IdType;
180   UINT8                       Reserver1;
181   UINT16                      Reserver2;
182   //
183   // Identification Data
184   //
185 } IKEV2_ID;
186 #pragma pack()
187 
188 //
189 // Encoding Type presented in IKEV2 Cert Payload
190 //
191 #define IKEV2_CERT_ENCODEING_RESERVED                  0
192 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP            1
193 #define IKEV2_CERT_ENCODEING_PGP_CERT                  2
194 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY              3
195 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN            4
196 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN            6
197 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT      7
198 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST      8
199 #define IKEV2_CERT_ENCODEING_SPKI_CERT                 9
200 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE       10
201 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY               11
202 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12
203 
204 //
205 // IKEV2 Certificate Payload
206 //
207 #pragma pack(1)
208 typedef struct {
209   IKEV2_COMMON_PAYLOAD_HEADER Header;
210   UINT8                       CertEncoding;
211   //
212   // Cert Data
213   //
214 } IKEV2_CERT;
215 #pragma pack()
216 
217 //
218 // IKEV2 Certificate Request Payload
219 //
220 #pragma pack(1)
221 typedef struct {
222   IKEV2_COMMON_PAYLOAD_HEADER Header;
223   UINT8                       CertEncoding;
224   //
225   // Cert Authority
226   //
227 } IKEV2_CERT_REQ;
228 #pragma pack()
229 
230 //
231 // Authentication Payload
232 //
233 #pragma pack(1)
234 typedef struct {
235   IKEV2_COMMON_PAYLOAD_HEADER Header;
236   UINT8                       AuthMethod;
237   UINT8                       Reserved1;
238   UINT16                      Reserved2;
239   //
240   // Auth Data
241   //
242 } IKEV2_AUTH;
243 #pragma pack()
244 
245 //
246 // Authmethod in Authentication Payload
247 //
248 #define IKEV2_AUTH_METHOD_RSA        1; // RSA Digital Signature
249 #define IKEV2_AUTH_METHOD_SKMI       2; // Shared Key Message Integrity
250 #define IKEV2_AUTH_METHOD_DSS        3; // DSS Digital Signature
251 
252 //
253 // IKEv2 Nonce Payload
254 //
255 #pragma pack(1)
256 typedef struct {
257   IKEV2_COMMON_PAYLOAD_HEADER Header;
258   //
259   // Nonce Data
260   //
261 } IKEV2_NONCE;
262 #pragma pack()
263 
264 //
265 // Notification Payload
266 //
267 #pragma pack(1)
268 typedef struct {
269   IKEV2_COMMON_PAYLOAD_HEADER Header;
270   UINT8                       ProtocolId;
271   UINT8                       SpiSize;
272   UINT16                      MessageType;
273   //
274   // SPI and Notification Data
275   //
276 } IKEV2_NOTIFY;
277 #pragma pack()
278 
279 //
280 //  Notify Message Types presented within IKEv2 Notify Payload
281 //
282 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD       1
283 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI                  4
284 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION            5
285 #define IKEV2_NOTIFICATION_INVALID_SYNTAX                   7
286 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID               9
287 #define IKEV2_NOTIFICATION_INVALID_SPI                     11
288 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN              14
289 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD             17
290 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED           24
291 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED            34
292 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS               35
293 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE        36
294 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED              37
295 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE                  38
296 #define IKEV2_NOTIFICATION_INVALID_SELECTORS               39
297 #define IKEV2_NOTIFICATION_COOKIE                          16390
298 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE              16391
299 #define IKEV2_NOTIFICATION_REKEY_SA                        16393
300 
301 //
302 // IKEv2 Protocol ID
303 //
304 //
305 // IKEv2 Delete Payload
306 //
307 #pragma pack(1)
308 typedef struct {
309   IKEV2_COMMON_PAYLOAD_HEADER Header;
310   UINT8                       ProtocolId;
311   UINT8                       SpiSize;
312   UINT16                      NumSpis;
313   //
314   // SPIs
315   //
316 } IKEV2_DELETE;
317 #pragma pack()
318 
319 //
320 // Traffic Selector Payload
321 //
322 #pragma pack(1)
323 typedef struct {
324   IKEV2_COMMON_PAYLOAD_HEADER Header;
325   UINT8                       TSNumbers;
326   UINT8                       Reserved1;
327   UINT16                      Reserved2;
328   //
329   // Traffic Selector
330   //
331 } IKEV2_TS;
332 #pragma pack()
333 
334 //
335 // Traffic Selector
336 //
337 #pragma pack(1)
338 typedef struct {
339   UINT8                       TSType;
340   UINT8                       IpProtocolId;
341   UINT16                      SelecorLen;
342   UINT16                      StartPort;
343   UINT16                      EndPort;
344   //
345   // Starting Address && Ending Address
346   //
347 } TRAFFIC_SELECTOR;
348 #pragma pack()
349 
350 //
351 // Ts Type in Traffic Selector
352 //
353 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE     7
354 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE     8
355 
356 //
357 // Vendor Payload
358 //
359 #pragma pack(1)
360 typedef struct {
361   IKEV2_COMMON_PAYLOAD_HEADER Header;
362   //
363   // Vendor ID
364   //
365 } IKEV2_VENDOR;
366 #pragma pack()
367 
368 //
369 // Encrypted Payload
370 //
371 #pragma pack(1)
372 typedef struct {
373   IKEV2_COMMON_PAYLOAD_HEADER Header;
374   //
375   // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum
376   //
377 } IKEV2_ENCRYPTED;
378 #pragma pack()
379 
380 #pragma pack(1)
381 typedef struct {
382   UINT8 PadLength;
383 } IKEV2_PAD_LEN;
384 #pragma pack()
385 
386 //
387 // Configuration Payload
388 //
389 #pragma pack(1)
390 typedef struct {
391   IKEV2_COMMON_PAYLOAD_HEADER Header;
392   UINT8                       CfgType;
393   UINT8                       Reserve1;
394   UINT16                      Reserve2;
395   //
396   // Configuration Attributes
397   //
398 } IKEV2_CFG;
399 #pragma pack()
400 
401 //
402 // Configuration Payload CPG type
403 //
404 #define IKEV2_CFG_TYPE_REQUEST    1
405 #define IKEV2_CFG_TYPE_REPLY      2
406 #define IKEV2_CFG_TYPE_SET        3
407 #define IKEV2_CFG_TYPE_ACK        4
408 
409 //
410 // Configuration Attributes
411 //
412 #pragma pack(1)
413 typedef struct {
414   UINT16    AttritType;
415   UINT16    ValueLength;
416 } IKEV2_CFG_ATTRIBUTES;
417 #pragma pack()
418 
419 //
420 // Configuration Attributes
421 //
422 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS      1
423 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK      2
424 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS          3
425 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS         4
426 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY    5
427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP         6
428 #define IKEV2_CFG_ATTR_APPLICATION_VERSION       7
429 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS      8
430 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS          10
431 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS         11
432 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP         12
433 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET       13
434 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES      14
435 #define IKEV2_CFG_ATTR_IP6_SUBNET                15
436 
437 #endif
438 
439