18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * IKEv2 definitions 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2007, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef IKEV2_COMMON_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_COMMON_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Nonce length must be at least 16 octets. It must also be at least half the 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key size of the negotiated PRF. 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_NONCE_MIN_LEN 16 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_NONCE_MAX_LEN 256 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKE Header - RFC 4306, Sect. 3.1 */ 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef _MSC_VER 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#pragma pack(push, 1) 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* _MSC_VER */ 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_SPI_LEN 8 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_hdr { 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 i_spi[IKEV2_SPI_LEN]; /* IKE_SA Initiator's SPI */ 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 r_spi[IKEV2_SPI_LEN]; /* IKE_SA Responder's SPI */ 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload; 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 version; /* MjVer | MnVer */ 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 exchange_type; 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 flags; 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 message_id[4]; 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 length[4]; /* total length of HDR + payloads */ 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_payload_hdr { 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload; 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 flags; 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 payload_length[2]; /* this payload, including the payload header */ 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_proposal { 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 type; /* 0 (last) or 2 (more) */ 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved; 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 proposal_length[2]; /* including all transform and attributes */ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 proposal_num; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 protocol_id; /* IKEV2_PROTOCOL_* */ 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 spi_size; 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 num_transforms; 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* SPI of spi_size octets */ 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Transforms */ 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_transform { 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 type; /* 0 (last) or 3 (more) */ 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_length[2]; /* including Header and Attributes */ 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_type; 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved2; 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_id[2]; 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Transform Attributes */ 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef _MSC_VER 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#pragma pack(pop) 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* _MSC_VER */ 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Current IKEv2 version from RFC 4306 */ 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MjVer 2 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MnVer 0 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef CCNS_PL 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_VERSION ((IKEV2_MjVer) | ((IKEV2_MnVer) << 4)) 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#else /* CCNS_PL */ 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_VERSION (((IKEV2_MjVer) << 4) | (IKEV2_MnVer)) 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* CCNS_PL */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Exchange Types */ 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 0-33 RESERVED */ 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKE_SA_INIT = 34, 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKE_SA_AUTH = 35, 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CREATE_CHILD_SA = 36, 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INFORMATION = 37 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 38-239 RESERVED TO IANA */ 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 240-255 Reserved for private use */ 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Flags */ 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_INITIATOR 0x08 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_VERSION 0x10 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_RESPONSE 0x20 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Payload Header Flags */ 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_PAYLOAD_FLAGS_CRITICAL 0x01 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* EAP-IKEv2 Payload Types (in Next Payload Type field) 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * http://www.iana.org/assignments/eap-ikev2-payloads */ 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NO_NEXT_PAYLOAD = 0, 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_SA = 33, 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_KEY_EXCHANGE = 34, 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_IDi = 35, 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_IDr = 36, 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_CERTIFICATE = 37, 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_CERT_REQ = 38, 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_AUTHENTICATION = 39, 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NONCE = 40, 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NOTIFICATION = 41, 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_VENDOD_ID = 43, 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_ENCRYPTED = 46, 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NEXT_FAST_ID = 121 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Proposal - Protocol ID */ 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_RESERVED = 0, 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_IKE = 1, /* IKE is the only one allowed for EAP-IKEv2 */ 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_AH = 2, 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_ESP = 3 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Types */ 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_ENCR = 1, 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_PRF = 2, 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_INTEG = 3, 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_DH = 4, 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_ESN = 5 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1361f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt/* IKEv2 Transform Type 1 (Encryption Algorithm) */ 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES_IV64 = 1, 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES = 2, 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_3DES = 3, 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_RC5 = 4, 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_IDEA = 5, 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_CAST = 6, 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_BLOWFISH = 7, 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_3IDEA = 8, 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES_IV32 = 9, 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_NULL = 11, 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_AES_CBC = 12, 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_AES_CTR = 13 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 2 (Pseudo-random Function) */ 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_MD5 = 1, 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_SHA1 = 2, 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_TIGER = 3, 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_AES128_XCBC = 4 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 3 (Integrity Algorithm) */ 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_HMAC_MD5_96 = 1, 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_HMAC_SHA1_96 = 2, 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_DES_MAC = 3, 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_KPDK_MD5 = 4, 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_AES_XCBC_96 = 5 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 4 (Diffie-Hellman Group) */ 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP1_768BIT_MODP = 1, /* RFC 4306 */ 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP2_1024BIT_MODP = 2, /* RFC 4306 */ 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_1536BIT_MODP = 5, /* RFC 3526 */ 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_2048BIT_MODP = 14, /* RFC 3526 */ 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_3072BIT_MODP = 15, /* RFC 3526 */ 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_4096BIT_MODP = 16, /* RFC 3526 */ 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_6144BIT_MODP = 17, /* RFC 3526 */ 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_8192BIT_MODP = 18 /* RFC 3526 */ 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Identification Data Types (RFC 4306, Sect. 3.5) */ 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_IPV4_ADDR = 1, 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_FQDN = 2, 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_RFC822_ADDR = 3, 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_IPV6_ADDR = 5, 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_DER_ASN1_DN = 9, 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_DER_ASN1_GN= 10, 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_KEY_ID = 11 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Certificate Encoding (RFC 4306, Sect. 3.6) */ 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_PKCS7_X509 = 1, 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_PGP_CERT = 2, 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_DNS_SIGNED_KEY = 3, 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* X.509 Certificate - Signature: DER encoded X.509 certificate whose 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * public key is used to validate the sender's AUTH payload */ 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_X509_CERT_SIGN = 4, 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_KERBEROS_TOKEN = 6, 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* DER encoded X.509 certificate revocation list */ 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_CRL = 7, 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_ARL = 8, 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_SPKI_CERT = 9, 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_X509_CERT_ATTR = 10, 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* PKCS #1 encoded RSA key */ 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_RAW_RSA_KEY = 11, 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_HASH_AND_URL_X509_CERT = 12, 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_HASH_AND_URL_X509_BUNDLE = 13 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Authentication Method (RFC 4306, Sect. 3.8) */ 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_RSA_SIGN = 1, 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_SHARED_KEY_MIC = 2, 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_DSS_SIGN = 3 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Notify Message Types (RFC 4306, Sect. 3.10.1) */ 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt UNSUPPORTED_CRITICAL_PAYLOAD = 1, 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_IKE_SPI = 4, 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_MAJOR_VERSION = 5, 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SYNTAX = 7, 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_MESSAGE_ID = 9, 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SPI = 11, 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt NO_PROPOSAL_CHOSEN = 14, 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_KE_PAYLOAD = 17, 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTHENTICATION_FAILED = 24, 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt SINGLE_PAIR_REQUIRED = 34, 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt NO_ADDITIONAL_SAS = 35, 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INTERNAL_ADDRESS_FAILURE = 36, 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt FAILED_CP_REQUIRED = 37, 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TS_UNACCEPTABLE = 38, 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SELECTORS = 39 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_keys { 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *SK_d, *SK_ai, *SK_ar, *SK_ei, *SK_er, *SK_pi, *SK_pr; 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t SK_d_len, SK_integ_len, SK_encr_len, SK_prf_len; 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_keys_set(struct ikev2_keys *keys); 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid ikev2_free_keys(struct ikev2_keys *keys); 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Maximum hash length for supported hash algorithms */ 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MAX_HASH_LEN 20 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_integ_alg { 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t hash_len; 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_prf_alg { 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t hash_len; 2668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_encr_alg { 2698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t block_size; 2728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_integ_alg * ikev2_get_integ(int id); 2758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_integ_hash(int alg, const u8 *key, size_t key_len, const u8 *data, 2768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t data_len, u8 *hash); 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_prf_alg * ikev2_get_prf(int id); 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_prf_hash(int alg, const u8 *key, size_t key_len, 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t num_elem, const u8 *addr[], const size_t *len, 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *hash); 2818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_prf_plus(int alg, const u8 *key, size_t key_len, 2828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *data, size_t data_len, 2838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *out, size_t out_len); 2848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_encr_alg * ikev2_get_encr(int id); 2858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 2868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *plain, u8 *crypt, size_t len); 2878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 2888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *crypt, u8 *plain, size_t len); 2898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_derive_auth_data(int prf_alg, const struct wpabuf *sign_msg, 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *ID, size_t ID_len, u8 ID_type, 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct ikev2_keys *keys, int initiator, 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *shared_secret, size_t shared_secret_len, 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *nonce, size_t nonce_len, 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *key_pad, size_t key_pad_len, 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *auth_data); 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_payloads { 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *sa; 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t sa_len; 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *ke; 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t ke_len; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *idi; 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t idi_len; 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *idr; 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t idr_len; 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *cert; 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t cert_len; 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *auth; 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t auth_len; 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *nonce; 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t nonce_len; 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *encrypted; 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t encrypted_len; 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 encr_next_payload; 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *notification; 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t notification_len; 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_parse_payloads(struct ikev2_payloads *payloads, 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload, const u8 *pos, const u8 *end); 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtu8 * ikev2_decrypt_payload(int encr_id, int integ_id, struct ikev2_keys *keys, 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int initiator, const struct ikev2_hdr *hdr, 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *encrypted, size_t encrypted_len, 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t *res_len); 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid ikev2_update_hdr(struct wpabuf *msg); 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys, 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int initiator, struct wpabuf *msg, 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *plain, u8 next_payload); 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf, 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct ikev2_integ_alg *integ, 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct ikev2_encr_alg *encr, 3358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *skeyseed, const u8 *data, size_t data_len, 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct ikev2_keys *keys); 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* IKEV2_COMMON_H */ 339