1 /** @file 2 The Definitions related to IKEv2 payload. 3 4 Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR> 5 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php. 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 #ifndef _IKE_V2_PAYLOAD_H_ 16 #define _IKE_V2_PAYLOAD_H_ 17 18 // 19 // Payload Type for IKEv2 20 // 21 #define IKEV2_PAYLOAD_TYPE_NONE 0 22 #define IKEV2_PAYLOAD_TYPE_SA 33 23 #define IKEV2_PAYLOAD_TYPE_KE 34 24 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35 25 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36 26 #define IKEV2_PAYLOAD_TYPE_CERT 37 27 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38 28 #define IKEV2_PAYLOAD_TYPE_AUTH 39 29 #define IKEV2_PAYLOAD_TYPE_NONCE 40 30 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41 31 #define IKEV2_PAYLOAD_TYPE_DELETE 42 32 #define IKEV2_PAYLOAD_TYPE_VENDOR 43 33 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44 34 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45 35 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46 36 #define IKEV2_PAYLOAD_TYPE_CP 47 37 #define IKEV2_PAYLOAD_TYPE_EAP 48 38 39 // 40 // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1 41 // 42 // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the 43 // original initiator of the IKE_SA 44 // 45 // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to 46 // a message containing the same message ID. 47 // 48 #define IKE_HEADER_FLAGS_INIT 0x08 49 #define IKE_HEADER_FLAGS_RESPOND 0x20 50 51 // 52 // IKE Header Exchange Type for IKEv2 53 // 54 #define IKEV2_EXCHANGE_TYPE_INIT 34 55 #define IKEV2_EXCHANGE_TYPE_AUTH 35 56 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36 57 #define IKEV2_EXCHANGE_TYPE_INFO 37 58 59 #pragma pack(1) 60 typedef struct { 61 UINT8 NextPayload; 62 UINT8 Reserved; 63 UINT16 PayloadLength; 64 } IKEV2_COMMON_PAYLOAD_HEADER; 65 #pragma pack() 66 67 #pragma pack(1) 68 typedef struct { 69 IKEV2_COMMON_PAYLOAD_HEADER Header; 70 // 71 // Proposals 72 // 73 } IKEV2_SA; 74 #pragma pack() 75 76 #pragma pack(1) 77 typedef struct { 78 IKEV2_COMMON_PAYLOAD_HEADER Header; 79 UINT8 ProposalIndex; 80 UINT8 ProtocolId; 81 UINT8 SpiSize; 82 UINT8 NumTransforms; 83 } IKEV2_PROPOSAL; 84 #pragma pack() 85 86 // 87 // IKEv2 Transform Type Values presented within Transform Payload 88 // 89 #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm 90 #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func 91 #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm 92 #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group 93 #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number 94 95 // 96 // IKEv2 Transform ID for Encrypt Algorithm (ENCR) 97 // 98 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1 99 #define IKEV2_TRANSFORM_ID_ENCR_DES 2 100 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3 101 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4 102 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5 103 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6 104 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7 105 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8 106 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9 107 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11 108 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12 109 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13 110 111 // 112 // IKEv2 Transform ID for Pseudo-Random Function (PRF) 113 // 114 #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1 115 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2 116 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3 117 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4 118 119 // 120 // IKEv2 Transform ID for Integrity Algorithm (INTEG) 121 // 122 #define IKEV2_TRANSFORM_ID_AUTH_NONE 0 123 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1 124 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2 125 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3 126 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4 127 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5 128 129 // 130 // IKEv2 Transform ID for Diffie-Hellman Group (DH) 131 // 132 #define IKEV2_TRANSFORM_ID_DH_768MODP 1 133 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2 134 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14 135 136 // 137 // IKEv2 Attribute Type Values 138 // 139 #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14 140 141 // 142 // Transform Payload 143 // 144 #pragma pack(1) 145 typedef struct { 146 IKEV2_COMMON_PAYLOAD_HEADER Header; 147 UINT8 TransformType; 148 UINT8 Reserved; 149 UINT16 TransformId; 150 // 151 // SA Attributes 152 // 153 } IKEV2_TRANSFORM; 154 #pragma pack() 155 156 #pragma pack(1) 157 typedef struct { 158 IKEV2_COMMON_PAYLOAD_HEADER Header; 159 UINT16 DhGroup; 160 UINT16 Reserved; 161 // 162 // Remaining part contains the key exchanged 163 // 164 } IKEV2_KEY_EXCHANGE; 165 #pragma pack() 166 167 // 168 // Identification Type Values presented within Ikev2 ID payload 169 // 170 #define IKEV2_ID_TYPE_IPV4_ADDR 1 171 #define IKEV2_ID_TYPE_FQDN 2 172 #define IKEV2_ID_TYPE_RFC822_ADDR 3 173 #define IKEV2_ID_TYPE_IPV6_ADDR 5 174 #define IKEV2_ID_TYPE_DER_ASN1_DN 9 175 #define IKEV2_ID_TYPE_DER_ASN1_GN 10 176 #define IKEV2_ID_TYPE_KEY_ID 11 177 178 // 179 // Identification Payload 180 // 181 #pragma pack(1) 182 typedef struct { 183 IKEV2_COMMON_PAYLOAD_HEADER Header; 184 UINT8 IdType; 185 UINT8 Reserver1; 186 UINT16 Reserver2; 187 // 188 // Identification Data 189 // 190 } IKEV2_ID; 191 #pragma pack() 192 193 // 194 // Encoding Type presented in IKEV2 Cert Payload 195 // 196 #define IKEV2_CERT_ENCODEING_RESERVED 0 197 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1 198 #define IKEV2_CERT_ENCODEING_PGP_CERT 2 199 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3 200 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4 201 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6 202 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7 203 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8 204 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9 205 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10 206 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11 207 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12 208 209 // 210 // IKEV2 Certificate Payload 211 // 212 #pragma pack(1) 213 typedef struct { 214 IKEV2_COMMON_PAYLOAD_HEADER Header; 215 UINT8 CertEncoding; 216 // 217 // Cert Data 218 // 219 } IKEV2_CERT; 220 #pragma pack() 221 222 // 223 // IKEV2 Certificate Request Payload 224 // 225 #pragma pack(1) 226 typedef struct { 227 IKEV2_COMMON_PAYLOAD_HEADER Header; 228 UINT8 CertEncoding; 229 // 230 // Cert Authority 231 // 232 } IKEV2_CERT_REQ; 233 #pragma pack() 234 235 // 236 // Authentication Payload 237 // 238 #pragma pack(1) 239 typedef struct { 240 IKEV2_COMMON_PAYLOAD_HEADER Header; 241 UINT8 AuthMethod; 242 UINT8 Reserved1; 243 UINT16 Reserved2; 244 // 245 // Auth Data 246 // 247 } IKEV2_AUTH; 248 #pragma pack() 249 250 // 251 // Authmethod in Authentication Payload 252 // 253 #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature 254 #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity 255 #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature 256 257 // 258 // IKEv2 Nonce Payload 259 // 260 #pragma pack(1) 261 typedef struct { 262 IKEV2_COMMON_PAYLOAD_HEADER Header; 263 // 264 // Nonce Data 265 // 266 } IKEV2_NONCE; 267 #pragma pack() 268 269 // 270 // Notification Payload 271 // 272 #pragma pack(1) 273 typedef struct { 274 IKEV2_COMMON_PAYLOAD_HEADER Header; 275 UINT8 ProtocolId; 276 UINT8 SpiSize; 277 UINT16 MessageType; 278 // 279 // SPI and Notification Data 280 // 281 } IKEV2_NOTIFY; 282 #pragma pack() 283 284 // 285 // Notify Message Types presented within IKEv2 Notify Payload 286 // 287 #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1 288 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4 289 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5 290 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7 291 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9 292 #define IKEV2_NOTIFICATION_INVALID_SPI 11 293 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14 294 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17 295 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24 296 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34 297 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35 298 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36 299 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37 300 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38 301 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39 302 #define IKEV2_NOTIFICATION_COOKIE 16390 303 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391 304 #define IKEV2_NOTIFICATION_REKEY_SA 16393 305 306 // 307 // IKEv2 Protocol ID 308 // 309 // 310 // IKEv2 Delete Payload 311 // 312 #pragma pack(1) 313 typedef struct { 314 IKEV2_COMMON_PAYLOAD_HEADER Header; 315 UINT8 ProtocolId; 316 UINT8 SpiSize; 317 UINT16 NumSpis; 318 // 319 // SPIs 320 // 321 } IKEV2_DELETE; 322 #pragma pack() 323 324 // 325 // Traffic Selector Payload 326 // 327 #pragma pack(1) 328 typedef struct { 329 IKEV2_COMMON_PAYLOAD_HEADER Header; 330 UINT8 TSNumbers; 331 UINT8 Reserved1; 332 UINT16 Reserved2; 333 // 334 // Traffic Selector 335 // 336 } IKEV2_TS; 337 #pragma pack() 338 339 // 340 // Traffic Selector 341 // 342 #pragma pack(1) 343 typedef struct { 344 UINT8 TSType; 345 UINT8 IpProtocolId; 346 UINT16 SelecorLen; 347 UINT16 StartPort; 348 UINT16 EndPort; 349 // 350 // Starting Address && Ending Address 351 // 352 } TRAFFIC_SELECTOR; 353 #pragma pack() 354 355 // 356 // Ts Type in Traffic Selector 357 // 358 #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7 359 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8 360 361 // 362 // Vendor Payload 363 // 364 #pragma pack(1) 365 typedef struct { 366 IKEV2_COMMON_PAYLOAD_HEADER Header; 367 // 368 // Vendor ID 369 // 370 } IKEV2_VENDOR; 371 #pragma pack() 372 373 // 374 // Encrypted Payload 375 // 376 #pragma pack(1) 377 typedef struct { 378 IKEV2_COMMON_PAYLOAD_HEADER Header; 379 // 380 // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum 381 // 382 } IKEV2_ENCRYPTED; 383 #pragma pack() 384 385 #pragma pack(1) 386 typedef struct { 387 UINT8 PadLength; 388 } IKEV2_PAD_LEN; 389 #pragma pack() 390 391 // 392 // Configuration Payload 393 // 394 #pragma pack(1) 395 typedef struct { 396 IKEV2_COMMON_PAYLOAD_HEADER Header; 397 UINT8 CfgType; 398 UINT8 Reserve1; 399 UINT16 Reserve2; 400 // 401 // Configuration Attributes 402 // 403 } IKEV2_CFG; 404 #pragma pack() 405 406 // 407 // Configuration Payload CPG type 408 // 409 #define IKEV2_CFG_TYPE_REQUEST 1 410 #define IKEV2_CFG_TYPE_REPLY 2 411 #define IKEV2_CFG_TYPE_SET 3 412 #define IKEV2_CFG_TYPE_ACK 4 413 414 // 415 // Configuration Attributes 416 // 417 #pragma pack(1) 418 typedef struct { 419 UINT16 AttritType; 420 UINT16 ValueLength; 421 } IKEV2_CFG_ATTRIBUTES; 422 #pragma pack() 423 424 // 425 // Configuration Attributes 426 // 427 #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1 428 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2 429 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3 430 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4 431 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5 432 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6 433 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7 434 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8 435 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10 436 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11 437 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12 438 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13 439 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14 440 #define IKEV2_CFG_ATTR_IP6_SUBNET 15 441 442 #endif 443 444