isakmp.h revision c91307af2622f6625525f3c1f9c954376df950ad 
12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/*	$NetBSD: isakmp.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/
22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Id: isakmp.h,v 1.11 2005/04/25 22:19:39 manubsd Exp */
42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
57d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)/*
62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * All rights reserved.
82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *
92a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * Redistribution and use in source and binary forms, with or without
102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * modification, are permitted provided that the following conditions
112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * are met:
122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * 1. Redistributions of source code must retain the above copyright
132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *    notice, this list of conditions and the following disclaimer.
14868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) * 2. Redistributions in binary form must reproduce the above copyright
15868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) *    notice, this list of conditions and the following disclaimer in the
16868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) *    documentation and/or other materials provided with the distribution.
172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * 3. Neither the name of the project nor the names of its contributors
182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *    may be used to endorse or promote products derived from this software
192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *    without specific prior written permission.
20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) *
212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * SUCH DAMAGE.
322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) */
332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef _ISAKMP_H
352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define _ISAKMP_H
362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* refer to RFC 2408 */
382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* must include <netinet/in.h> first. */
402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* must include "isakmp_var.h" first. */
412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define INITIATOR	0	/* synonym sender */
432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define RESPONDER	1	/* synonym receiver */
442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define GENERATE	1
462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define VALIDATE	0
472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.1 ISAKMP Header Format
492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                          Initiator                            !
522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                            Cookie                             !
532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                          Responder                            !
552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                            Cookie                             !
562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !  Next Payload ! MjVer ! MnVer ! Exchange Type !     Flags     !
582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                          Message ID                           !
602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !                            Length                             !
622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)*/
642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp {
652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	cookie_t i_ck;		/* Initiator Cookie */
662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	cookie_t r_ck;		/* Responder Cookie */
672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t np;		/* Next Payload Type */
682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t v;
69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int8_t etype;		/* Exchange Type */
70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int8_t flags;		/* Flags */
71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int32_t msgid;
72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int32_t len;		/* Length */
73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
75c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* Next Payload Type */
76c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_NONE	0	/* NONE*/
77c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_SA	1	/* Security Association */
78c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_P		2	/* Proposal */
79c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_T		3	/* Transform */
80c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_KE	4	/* Key Exchange */
81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_ID	5	/* Identification */
82c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_CERT	6	/* Certificate */
83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_CR	7	/* Certificate Request */
84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_HASH	8	/* Hash */
85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_SIG	9	/* Signature */
86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_NONCE	10	/* Nonce */
87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_N		11	/* Notification */
88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_D		12	/* Delete */
89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_VID	13	/* Vendor ID */
90c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NPTYPE_ATTR	14	/* Attribute */
9190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)
9290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)
9390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)/* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */
9490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)/* XXX conflicts with values assigned to RFC 3547 */
9590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_NPTYPE_NATD_BADDRAFT		15	/* NAT Discovery */
9690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_NPTYPE_NATOA_BADDRAFT	16	/* NAT Original Address */
9790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)
982a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
992a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* NAT-T RFC */
1002a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_NATD_RFC	20	/* NAT Discovery */
1012a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_NATOA_RFC	21	/* NAT Original Address */
1027d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)
1032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */
1042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_NATD_DRAFT	130	/* NAT Discovery */
1052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_NATOA_DRAFT	131	/* NAT Original Address */
106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* Frag does not seems to be documented */
1082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_FRAG	132	/* IKE fragmentation payload */
1092a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_MAX	17
1112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)			/*	128 - 255 Private Use */
1122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/*
1142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * The following are valid when the Vendor ID is one of the
1152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * following:
1162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *
1172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *	MD5("A GSS-API Authentication Method for IKE")
1182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *	MD5("GSSAPI") (recognized by Windows 2000)
1192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *	MD5("MS NT5 ISAKMPOAKLEY") (sent by Windows 2000)
1202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) *
1212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) * See draft-ietf-ipsec-isakmp-gss-auth-06.txt.
1222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) */
1232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NPTYPE_GSS	129	/* GSS token */
1242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_MAJOR_VERSION	1
1262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_MINOR_VERSION	0
1272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_VERSION_NUMBER	0x10
1282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_GETMAJORV(v)	(((v) & 0xf0) >> 4)
1292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_SETMAJORV(v, m)	((v) = ((v) & 0x0f) | (((m) << 4) & 0xf0))
1302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_GETMINORV(v)	((v) & 0x0f)
13190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_SETMINORV(v, m)	((v) = ((v) & 0xf0) | ((m) & 0x0f))
13290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)
13390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)/* Exchange Type */
13490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_NONE	0	/* NONE */
13590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_BASE	1	/* Base */
13690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_IDENT	2	/* Identity Proteciton */
13790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_AUTH	3	/* Authentication Only */
13890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_AGG	4	/* Aggressive */
13990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_INFO	5	/* Informational */
14090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_CFG	6	/* Mode config */
14190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)/* Additional Exchange Type */
14290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_QUICK	32	/* Quick Mode */
14390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_NEWGRP	33	/* New group Mode */
14490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#define ISAKMP_ETYPE_ACKINFO	34	/* Acknowledged Informational */
1452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Flags */
1472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_FLAG_E 0x01 /* Encryption Bit */
1482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_FLAG_C 0x02 /* Commit Bit */
1492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_FLAG_A 0x04 /* Authentication Only Bit */
1502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.2 Payload Generic Header
1522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        ! Next Payload  !   RESERVED    !         Payload Length        !
1552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)*/
1572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_gen {
1582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t np;		/* Next Payload */
1592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t reserved;	/* RESERVED, unused, must set to 0 */
1602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t len;		/* Payload Length */
1612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
1622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.3 Data Attributes
164868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !A!       Attribute Type        !    AF=0  Attribute Length     !
1672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        !F!                             !    AF=1  Attribute Value      !
1682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        .                   AF=0  Attribute Value                       .
1702a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        .                   AF=1  Not Transmitted                       .
1712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)*/
1732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_data {
1742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t type;		/* defined by DOI-spec, and Attribute Format */
1752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t lorv;		/* if f equal 1, Attribute Length */
1762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)				/* if f equal 0, Attribute Value */
1772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* if f equal 1, Attribute Value */
1782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
1792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_GEN_TLV 0x0000
1802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_GEN_TV  0x8000
1812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* mask for type of attribute format */
1822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_GEN_MASK 0x8000
1832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#if 0
1852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* MAY NOT be used, because of being defined in ipsec-doi. */
186868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)/* 3.4 Security Association Payload */
1872a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_sa {
1882a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
1892a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int32_t doi;		/* Domain of Interpretation */
1902a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int32_t sit;		/* Situation */
1912a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
1922a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif
1932a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1942a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.5 Proposal Payload */
1952a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/*
1962a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	The value of the next payload field MUST only contain the value "2"
1972a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	or "0".  If there are additional Proposal payloads in the message,
1982a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	then this field will be 2.  If the current Proposal payload is the
1992a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	last within the security association proposal, then this field will
2002a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	be 0.
201868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)	*/
2022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_p {
2032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
2042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t p_no;		/* Proposal # */
2052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t proto_id;	/* Protocol */
20690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	u_int8_t spi_size;	/* SPI Size */
20790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	u_int8_t num_t;		/* Number of Transforms */
20890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	/* SPI */
20990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} __attribute__((__packed__));
21090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)
2112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.6 Transform Payload */
2122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/*
2132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	The value of the next payload field MUST only contain the value "3"
2142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	or "0".  If there are additional Transform payloads in the proposal,
2152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	then this field will be 3.  If the current Transform payload is the
2162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	last within the proposal, then this field will be 0.
2172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	*/
2182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_t {
2192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
2202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t t_no;		/* Transform # */
2212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t t_id;		/* Transform-Id */
2222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t reserved;	/* RESERVED2 */
2232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* SA Attributes */
2242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
2252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
2262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.7 Key Exchange Payload */
2272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_ke {
2282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
2292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* Key Exchange Data */
2302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
2312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
2322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#if 0
2337d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)/* NOTE: MUST NOT use because of being defined in ipsec-doi instead them. */
234c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.8 Identification Payload */
235c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)struct isakmp_pl_id {
236c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
237c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	union {
238c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)		u_int8_t id_type;	/* ID Type */
239c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)		u_int32_t doi_data;	/* DOI Specific ID Data */
240c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	} d;
241c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* Identification Data */
242c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
243c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* A.4 ISAKMP Identification Type Values */
244c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_ID_IPV4_ADDR		0
2457d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_ID_IPV4_ADDR_SUBNET	1
246c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_ID_IPV6_ADDR		2
247c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_ID_IPV6_ADDR_SUBNET	3
2487d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#endif
2492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
2502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 3.9 Certificate Payload */
2512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_cert {
252c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
2532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/*
2542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	 * Encoding type of 1 octet follows immediately,
255c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	 * variable length CERT data follows encoding type.
256c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	 */
257c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
258c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
259c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* Certificate Type */
260c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_NONE	0
261c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_PKCS7	1
2627d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_CERT_PGP		2
263c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_DNS		3
264c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_X509SIGN	4
2657d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_CERT_X509KE	5
2667d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_CERT_KERBEROS	6
2677d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_CERT_CRL		7
268c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_ARL		8
269c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_SPKI	9
270c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_X509ATTR	10
271c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_CERT_PLAINRSA	11
272c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
273c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* the method to get peers certificate */
274c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_GETCERT_PAYLOAD		1
275c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_GETCERT_LOCALFILE	2
276c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_GETCERT_DNS		3
277c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
278c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.10 Certificate Request Payload */
2797d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)struct isakmp_pl_cr {
280c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
281c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int8_t num_cert; /* # Cert. Types */
2827d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)	/*
283c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	Certificate Types (variable length)
284c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	  -- Contains a list of the types of certificates requested,
285c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	  sorted in order of preference.  Each individual certificate
286c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	  type is 1 octet.  This field is NOT required.
287c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	*/
288c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* # Certificate Authorities (1 octet) */
289c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* Certificate Authorities (variable length) */
290c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
291c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
292c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.11 Hash Payload */
293c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)struct isakmp_pl_hash {
294c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
295c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* Hash Data */
296c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
297c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
298c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.12 Signature Payload */
2997d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)struct isakmp_pl_sig {
300c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
301c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* Signature Data */
3027d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)} __attribute__((__packed__));
3037d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)
3047d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)/* 3.13 Nonce Payload */
305c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)struct isakmp_pl_nonce {
306c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
3072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* Nonce Data */
308c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
309c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
310c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.14 Notification Payload */
311c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)struct isakmp_pl_n {
312c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	struct isakmp_gen h;
313c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int32_t doi;		/* Domain of Interpretation */
314c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int8_t proto_id;	/* Protocol-ID */
3157d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)	u_int8_t spi_size;	/* SPI Size */
316c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	u_int16_t type;		/* Notify Message Type */
317c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)	/* SPI */
3187d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)	/* Notification Data */
319c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} __attribute__((__packed__));
320c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
321c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* 3.14.1 Notify Message Types */
322c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* NOTIFY MESSAGES - ERROR TYPES */
323c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE	1
324c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_DOI_NOT_SUPPORTED		2
325c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED	3
326c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_COOKIE		4
327c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_MAJOR_VERSION	5
328c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_MINOR_VERSION	6
329c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE	7
330c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_FLAGS		8
331c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_MESSAGE_ID		9
332c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_PROTOCOL_ID	10
333c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_SPI		11
334c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_TRANSFORM_ID	12
335c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED	13
3362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN		14
3372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX	15
3382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_PAYLOAD_MALFORMED		16
3392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_KEY_INFORMATION	17
340c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_ID_INFORMATION	18
3412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_CERT_ENCODING	19
342c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_CERTIFICATE	20
343c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX	21
344c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY	22
345868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_INVALID_HASH_INFORMATION	23
346868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_AUTHENTICATION_FAILED	24
347868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_INVALID_SIGNATURE		25
348c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_ADDRESS_NOTIFICATION	26
349868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_NOTIFY_SA_LIFETIME		27
350868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE	28
351868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE	29
352c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS	30
3532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_MINERROR			1
354c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_MAXERROR			16383
3552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* NOTIFY MESSAGES - STATUS TYPES */
3562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_CONNECTED			16384
3572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* 4.6.3 IPSEC DOI Notify Message Types */
3582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_RESPONDER_LIFETIME		24576
3592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_REPLAY_STATUS		24577
360c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define ISAKMP_NTYPE_INITIAL_CONTACT		24578
361c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
362c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)/* DPD */
3637d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_NTYPE_R_U_THERE			36136
3642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_NTYPE_R_U_THERE_ACK		36137
3652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3667d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#define ISAKMP_NTYPE_HEARTBEAT			40503
3672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* using only to log */
3692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_LOG_RETRY_LIMIT_REACHED		65530
3702a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* XXX means internal error but it's not reserved by any drafts... */
3722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_INTERNAL_ERROR			-1
3732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
37490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)/* 3.15 Delete Payload */
3752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_d {
3762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
3772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int32_t doi;		/* Domain of Interpretation */
3782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t proto_id;	/* Protocol-Id */
3797d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)	u_int8_t spi_size;	/* SPI Size */
3802a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t num_spi;	/* # of SPIs */
3812a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	/* SPI(es) */
3822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
3832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct payload_list {
3852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct payload_list	*next, *prev;
38690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	vchar_t			*payload;
3872a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	int			payload_type;
3882a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)};
3897d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)
3902a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3912a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* See draft-ietf-ipsec-isakmp-mode-cfg-04.txt, 3.2 */
3922a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_attr {
39390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	struct isakmp_gen h;
3942a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t type;		/* Exchange type */
3952a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t res2;
3967d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)	u_int16_t id;		/* Per transaction id */
3972a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
3982a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
3997d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)/* Exchange type */
4002a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_CFG_REQUEST	1
4012a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_CFG_REPLY	2
4022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_CFG_SET		3
4032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_CFG_ACK		4
4042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
4052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* IKE fragmentation payload */
4062a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_frag {
4072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t unknown0;	/* always set to zero? */
4082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int16_t len;
40990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	u_int16_t unknown1;	/* always set to 1? */
4102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t index;
4112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t flags;
4122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} __attribute__((__packed__));
4137d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)
4142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* flags */
4152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define ISAKMP_FRAG_LAST	1
4162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
4172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* DPD R-U-THERE / R-U-THERE-ACK Payload */
4182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)struct isakmp_pl_ru {
4192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	struct isakmp_gen h;
4202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int32_t doi;		/* Domain of Interpretation */
4212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t proto_id;	/* Protocol-Id */
4222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int8_t spi_size;	/* SPI Size */
42390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)	u_int16_t type;		/* Notify type */
4242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	cookie_t  i_ck;	/* Initiator Cookie */
4252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	cookie_t r_ck;	/* Responder cookie*/
4262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)	u_int32_t data;		/* Notification data */
4277d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)} __attribute__((__packed__));
4282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
4292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif /* _ISAKMP_H */
4307d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)