/** @file The Definitions related to IKEv2 payload. Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #ifndef _IKE_V2_PAYLOAD_H_ #define _IKE_V2_PAYLOAD_H_ // // Payload Type for IKEv2 // #define IKEV2_PAYLOAD_TYPE_NONE 0 #define IKEV2_PAYLOAD_TYPE_SA 33 #define IKEV2_PAYLOAD_TYPE_KE 34 #define IKEV2_PAYLOAD_TYPE_ID_INIT 35 #define IKEV2_PAYLOAD_TYPE_ID_RSP 36 #define IKEV2_PAYLOAD_TYPE_CERT 37 #define IKEV2_PAYLOAD_TYPE_CERTREQ 38 #define IKEV2_PAYLOAD_TYPE_AUTH 39 #define IKEV2_PAYLOAD_TYPE_NONCE 40 #define IKEV2_PAYLOAD_TYPE_NOTIFY 41 #define IKEV2_PAYLOAD_TYPE_DELETE 42 #define IKEV2_PAYLOAD_TYPE_VENDOR 43 #define IKEV2_PAYLOAD_TYPE_TS_INIT 44 #define IKEV2_PAYLOAD_TYPE_TS_RSP 45 #define IKEV2_PAYLOAD_TYPE_ENCRYPT 46 #define IKEV2_PAYLOAD_TYPE_CP 47 #define IKEV2_PAYLOAD_TYPE_EAP 48 // // IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1 // // I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the // original initiator of the IKE_SA // // R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to // a message containing the same message ID. // #define IKE_HEADER_FLAGS_INIT 0x08 #define IKE_HEADER_FLAGS_RESPOND 0x20 // // IKE Header Exchange Type for IKEv2 // #define IKEV2_EXCHANGE_TYPE_INIT 34 #define IKEV2_EXCHANGE_TYPE_AUTH 35 #define IKEV2_EXCHANGE_TYPE_CREATE_CHILD 36 #define IKEV2_EXCHANGE_TYPE_INFO 37 #pragma pack(1) typedef struct { UINT8 NextPayload; UINT8 Reserved; UINT16 PayloadLength; } IKEV2_COMMON_PAYLOAD_HEADER; #pragma pack() #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; // // Proposals // } IKEV2_SA; #pragma pack() #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 ProposalIndex; UINT8 ProtocolId; UINT8 SpiSize; UINT8 NumTransforms; } IKEV2_PROPOSAL; #pragma pack() // // IKEv2 Transform Type Values presented within Transform Payload // #define IKEV2_TRANSFORM_TYPE_ENCR 1 // Encryption Algorithm #define IKEV2_TRANSFORM_TYPE_PRF 2 // Pseduo-Random Func #define IKEV2_TRANSFORM_TYPE_INTEG 3 // Integrity Algorithm #define IKEV2_TRANSFORM_TYPE_DH 4 // DH Group #define IKEV2_TRANSFORM_TYPE_ESN 5 // Extended Sequence Number // // IKEv2 Transform ID for Encrypt Algorithm (ENCR) // #define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1 #define IKEV2_TRANSFORM_ID_ENCR_DES 2 #define IKEV2_TRANSFORM_ID_ENCR_3DES 3 #define IKEV2_TRANSFORM_ID_ENCR_RC5 4 #define IKEV2_TRANSFORM_ID_ENCR_IDEA 5 #define IKEV2_TRANSFORM_ID_ENCR_CAST 6 #define IKEV2_TRANSFORM_ID_ENCR_BLOWFISH 7 #define IKEV2_TRANSFORM_ID_ENCR_3IDEA 8 #define IKEV2_TRANSFORM_ID_ENCR_DES_IV32 9 #define IKEV2_TRANSFORM_ID_ENCR_NULL 11 #define IKEV2_TRANSFORM_ID_ENCR_AES_CBC 12 #define IKEV2_TRANSFORM_ID_ENCR_AES_CTR 13 // // IKEv2 Transform ID for Pseudo-Random Function (PRF) // #define IKEV2_TRANSFORM_ID_PRF_HMAC_MD5 1 #define IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1 2 #define IKEV2_TRANSFORM_ID_PRF_HMAC_TIGER 3 #define IKEV2_TRANSFORM_ID_PRF_AES128_XCBC 4 // // IKEv2 Transform ID for Integrity Algorithm (INTEG) // #define IKEV2_TRANSFORM_ID_AUTH_NONE 0 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_MD5_96 1 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96 2 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_DES_MAC 3 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_KPDK_MD5 4 #define IKEV2_TRANSFORM_ID_AUTH_HMAC_AES_XCBC_96 5 // // IKEv2 Transform ID for Diffie-Hellman Group (DH) // #define IKEV2_TRANSFORM_ID_DH_768MODP 1 #define IKEV2_TRANSFORM_ID_DH_1024MODP 2 #define IKEV2_TRANSFORM_ID_DH_2048MODP 14 // // IKEv2 Attribute Type Values // #define IKEV2_ATTRIBUTE_TYPE_KEYLEN 14 // // Transform Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 TransformType; UINT8 Reserved; UINT16 TransformId; // // SA Attributes // } IKEV2_TRANSFORM; #pragma pack() #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT16 DhGroup; UINT16 Reserved; // // Remaining part contains the key exchanged // } IKEV2_KEY_EXCHANGE; #pragma pack() // // Identification Type Values presented within Ikev2 ID payload // #define IKEV2_ID_TYPE_IPV4_ADDR 1 #define IKEV2_ID_TYPE_FQDN 2 #define IKEV2_ID_TYPE_RFC822_ADDR 3 #define IKEV2_ID_TYPE_IPV6_ADDR 5 #define IKEV2_ID_TYPE_DER_ASN1_DN 9 #define IKEV2_ID_TYPE_DER_ASN1_GN 10 #define IKEV2_ID_TYPE_KEY_ID 11 // // Identification Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 IdType; UINT8 Reserver1; UINT16 Reserver2; // // Identification Data // } IKEV2_ID; #pragma pack() // // Encoding Type presented in IKEV2 Cert Payload // #define IKEV2_CERT_ENCODEING_RESERVED 0 #define IKEV2_CERT_ENCODEING_X509_CERT_WRAP 1 #define IKEV2_CERT_ENCODEING_PGP_CERT 2 #define IKEV2_CERT_ENCODEING_DNS_SIGN_KEY 3 #define IKEV2_CERT_ENCODEING_X509_CERT_SIGN 4 #define IKEV2_CERT_ENCODEING_KERBEROS_TOKEN 6 #define IKEV2_CERT_ENCODEING_REVOCATION_LIST_CERT 7 #define IKEV2_CERT_ENCODEING_AUTH_REVOCATION_LIST 8 #define IKEV2_CERT_ENCODEING_SPKI_CERT 9 #define IKEV2_CERT_ENCODEING_X509_CERT_ATTRIBUTE 10 #define IKEV2_CERT_ENCODEING_RAW_RSA_KEY 11 #define IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT 12 // // IKEV2 Certificate Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 CertEncoding; // // Cert Data // } IKEV2_CERT; #pragma pack() // // IKEV2 Certificate Request Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 CertEncoding; // // Cert Authority // } IKEV2_CERT_REQ; #pragma pack() // // Authentication Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 AuthMethod; UINT8 Reserved1; UINT16 Reserved2; // // Auth Data // } IKEV2_AUTH; #pragma pack() // // Authmethod in Authentication Payload // #define IKEV2_AUTH_METHOD_RSA 1; // RSA Digital Signature #define IKEV2_AUTH_METHOD_SKMI 2; // Shared Key Message Integrity #define IKEV2_AUTH_METHOD_DSS 3; // DSS Digital Signature // // IKEv2 Nonce Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; // // Nonce Data // } IKEV2_NONCE; #pragma pack() // // Notification Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 ProtocolId; UINT8 SpiSize; UINT16 MessageType; // // SPI and Notification Data // } IKEV2_NOTIFY; #pragma pack() // // Notify Message Types presented within IKEv2 Notify Payload // #define IKEV2_NOTIFICATION_UNSUPPORT_CRITICAL_PAYLOAD 1 #define IKEV2_NOTIFICATION_INVALID_IKE_SPI 4 #define IKEV2_NOTIFICATION_INVALID_MAJOR_VERSION 5 #define IKEV2_NOTIFICATION_INVALID_SYNTAX 7 #define IKEV2_NOTIFICATION_INVALID_MESSAGE_ID 9 #define IKEV2_NOTIFICATION_INVALID_SPI 11 #define IKEV2_NOTIFICATION_NO_PROPOSAL_CHOSEN 14 #define IKEV2_NOTIFICATION_INVALID_KEY_PAYLOAD 17 #define IKEV2_NOTIFICATION_AUTHENTICATION_FAILED 24 #define IKEV2_NOTIFICATION_SINGLE_PAIR_REQUIRED 34 #define IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS 35 #define IKEV2_NOTIFICATION_INTERNAL_ADDRESS_FAILURE 36 #define IKEV2_NOTIFICATION_FAILED_CP_REQUIRED 37 #define IKEV2_NOTIFICATION_TS_UNCCEPTABLE 38 #define IKEV2_NOTIFICATION_INVALID_SELECTORS 39 #define IKEV2_NOTIFICATION_COOKIE 16390 #define IKEV2_NOTIFICATION_USE_TRANSPORT_MODE 16391 #define IKEV2_NOTIFICATION_REKEY_SA 16393 // // IKEv2 Protocol ID // // // IKEv2 Delete Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 ProtocolId; UINT8 SpiSize; UINT16 NumSpis; // // SPIs // } IKEV2_DELETE; #pragma pack() // // Traffic Selector Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 TSNumbers; UINT8 Reserved1; UINT16 Reserved2; // // Traffic Selector // } IKEV2_TS; #pragma pack() // // Traffic Selector // #pragma pack(1) typedef struct { UINT8 TSType; UINT8 IpProtocolId; UINT16 SelecorLen; UINT16 StartPort; UINT16 EndPort; // // Starting Address && Ending Address // } TRAFFIC_SELECTOR; #pragma pack() // // Ts Type in Traffic Selector // #define IKEV2_TS_TYPE_IPV4_ADDR_RANGE 7 #define IKEV2_TS_TYPS_IPV6_ADDR_RANGE 8 // // Vendor Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; // // Vendor ID // } IKEV2_VENDOR; #pragma pack() // // Encrypted Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; // // IV, Encrypted IKE Payloads, Padding, PAD length, Integrity CheckSum // } IKEV2_ENCRYPTED; #pragma pack() #pragma pack(1) typedef struct { UINT8 PadLength; } IKEV2_PAD_LEN; #pragma pack() // // Configuration Payload // #pragma pack(1) typedef struct { IKEV2_COMMON_PAYLOAD_HEADER Header; UINT8 CfgType; UINT8 Reserve1; UINT16 Reserve2; // // Configuration Attributes // } IKEV2_CFG; #pragma pack() // // Configuration Payload CPG type // #define IKEV2_CFG_TYPE_REQUEST 1 #define IKEV2_CFG_TYPE_REPLY 2 #define IKEV2_CFG_TYPE_SET 3 #define IKEV2_CFG_TYPE_ACK 4 // // Configuration Attributes // #pragma pack(1) typedef struct { UINT16 AttritType; UINT16 ValueLength; } IKEV2_CFG_ATTRIBUTES; #pragma pack() // // Configuration Attributes // #define IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS 1 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBTMASK 2 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DNS 3 #define IKEV2_CFG_ATTR_INTERNAL_IP4_NBNS 4 #define IKEV2_CFG_ATTR_INTERNA_ADDRESS_BXPIRY 5 #define IKEV2_CFG_ATTR_INTERNAL_IP4_DHCP 6 #define IKEV2_CFG_ATTR_APPLICATION_VERSION 7 #define IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS 8 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DNS 10 #define IKEV2_CFG_ATTR_INTERNAL_IP6_NBNS 11 #define IKEV2_CFG_ATTR_INTERNAL_IP6_DHCP 12 #define IKEV2_CFG_ATTR_INTERNAL_IP4_SUBNET 13 #define IKEV2_CFG_ATTR_SUPPORTED_ATTRIBUTES 14 #define IKEV2_CFG_ATTR_IP6_SUBNET 15 #endif