18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * IKEv2 definitions 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2007, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef IKEV2_COMMON_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_COMMON_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Nonce length must be at least 16 octets. It must also be at least half the 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key size of the negotiated PRF. 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_NONCE_MIN_LEN 16 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_NONCE_MAX_LEN 256 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKE Header - RFC 4306, Sect. 3.1 */ 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef _MSC_VER 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#pragma pack(push, 1) 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* _MSC_VER */ 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_SPI_LEN 8 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_hdr { 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 i_spi[IKEV2_SPI_LEN]; /* IKE_SA Initiator's SPI */ 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 r_spi[IKEV2_SPI_LEN]; /* IKE_SA Responder's SPI */ 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload; 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 version; /* MjVer | MnVer */ 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 exchange_type; 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 flags; 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 message_id[4]; 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 length[4]; /* total length of HDR + payloads */ 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_payload_hdr { 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload; 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 flags; 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 payload_length[2]; /* this payload, including the payload header */ 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_proposal { 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 type; /* 0 (last) or 2 (more) */ 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved; 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 proposal_length[2]; /* including all transform and attributes */ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 proposal_num; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 protocol_id; /* IKEV2_PROTOCOL_* */ 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 spi_size; 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 num_transforms; 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* SPI of spi_size octets */ 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Transforms */ 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_transform { 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 type; /* 0 (last) or 3 (more) */ 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved; 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_length[2]; /* including Header and Attributes */ 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_type; 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 reserved2; 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 transform_id[2]; 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* Transform Attributes */ 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} STRUCT_PACKED; 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifdef _MSC_VER 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#pragma pack(pop) 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* _MSC_VER */ 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Current IKEv2 version from RFC 4306 */ 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MjVer 2 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MnVer 0 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_VERSION (((IKEV2_MjVer) << 4) | (IKEV2_MnVer)) 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Exchange Types */ 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 0-33 RESERVED */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKE_SA_INIT = 34, 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKE_SA_AUTH = 35, 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CREATE_CHILD_SA = 36, 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INFORMATION = 37 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 38-239 RESERVED TO IANA */ 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* 240-255 Reserved for private use */ 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Flags */ 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_INITIATOR 0x08 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_VERSION 0x10 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_HDR_RESPONSE 0x20 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Payload Header Flags */ 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_PAYLOAD_FLAGS_CRITICAL 0x01 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* EAP-IKEv2 Payload Types (in Next Payload Type field) 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * http://www.iana.org/assignments/eap-ikev2-payloads */ 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NO_NEXT_PAYLOAD = 0, 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_SA = 33, 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_KEY_EXCHANGE = 34, 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_IDi = 35, 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_IDr = 36, 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_CERTIFICATE = 37, 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_CERT_REQ = 38, 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_AUTHENTICATION = 39, 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NONCE = 40, 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NOTIFICATION = 41, 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_VENDOD_ID = 43, 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_ENCRYPTED = 46, 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PAYLOAD_NEXT_FAST_ID = 121 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Proposal - Protocol ID */ 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_RESERVED = 0, 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_IKE = 1, /* IKE is the only one allowed for EAP-IKEv2 */ 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_AH = 2, 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_PROTOCOL_ESP = 3 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Types */ 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_ENCR = 1, 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_PRF = 2, 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_INTEG = 3, 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_DH = 4, 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt IKEV2_TRANSFORM_ESN = 5 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1321f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt/* IKEv2 Transform Type 1 (Encryption Algorithm) */ 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES_IV64 = 1, 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES = 2, 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_3DES = 3, 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_RC5 = 4, 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_IDEA = 5, 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_CAST = 6, 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_BLOWFISH = 7, 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_3IDEA = 8, 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_DES_IV32 = 9, 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_NULL = 11, 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_AES_CBC = 12, 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ENCR_AES_CTR = 13 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 2 (Pseudo-random Function) */ 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_MD5 = 1, 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_SHA1 = 2, 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_HMAC_TIGER = 3, 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt PRF_AES128_XCBC = 4 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 3 (Integrity Algorithm) */ 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_HMAC_MD5_96 = 1, 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_HMAC_SHA1_96 = 2, 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_DES_MAC = 3, 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_KPDK_MD5 = 4, 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_AES_XCBC_96 = 5 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* IKEv2 Transform Type 4 (Diffie-Hellman Group) */ 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP1_768BIT_MODP = 1, /* RFC 4306 */ 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP2_1024BIT_MODP = 2, /* RFC 4306 */ 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_1536BIT_MODP = 5, /* RFC 3526 */ 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_2048BIT_MODP = 14, /* RFC 3526 */ 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_3072BIT_MODP = 15, /* RFC 3526 */ 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_4096BIT_MODP = 16, /* RFC 3526 */ 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_6144BIT_MODP = 17, /* RFC 3526 */ 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt DH_GROUP5_8192BIT_MODP = 18 /* RFC 3526 */ 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Identification Data Types (RFC 4306, Sect. 3.5) */ 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_IPV4_ADDR = 1, 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_FQDN = 2, 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_RFC822_ADDR = 3, 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_IPV6_ADDR = 5, 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_DER_ASN1_DN = 9, 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_DER_ASN1_GN= 10, 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ID_KEY_ID = 11 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Certificate Encoding (RFC 4306, Sect. 3.6) */ 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_PKCS7_X509 = 1, 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_PGP_CERT = 2, 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_DNS_SIGNED_KEY = 3, 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* X.509 Certificate - Signature: DER encoded X.509 certificate whose 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * public key is used to validate the sender's AUTH payload */ 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_X509_CERT_SIGN = 4, 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_KERBEROS_TOKEN = 6, 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* DER encoded X.509 certificate revocation list */ 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_CRL = 7, 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_ARL = 8, 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_SPKI_CERT = 9, 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_X509_CERT_ATTR = 10, 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /* PKCS #1 encoded RSA key */ 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_RAW_RSA_KEY = 11, 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_HASH_AND_URL_X509_CERT = 12, 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt CERT_ENCODING_HASH_AND_URL_X509_BUNDLE = 13 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Authentication Method (RFC 4306, Sect. 3.8) */ 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_RSA_SIGN = 1, 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_SHARED_KEY_MIC = 2, 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTH_DSS_SIGN = 3 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Notify Message Types (RFC 4306, Sect. 3.10.1) */ 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt UNSUPPORTED_CRITICAL_PAYLOAD = 1, 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_IKE_SPI = 4, 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_MAJOR_VERSION = 5, 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SYNTAX = 7, 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_MESSAGE_ID = 9, 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SPI = 11, 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt NO_PROPOSAL_CHOSEN = 14, 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_KE_PAYLOAD = 17, 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt AUTHENTICATION_FAILED = 24, 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt SINGLE_PAIR_REQUIRED = 34, 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt NO_ADDITIONAL_SAS = 35, 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INTERNAL_ADDRESS_FAILURE = 36, 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt FAILED_CP_REQUIRED = 37, 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TS_UNACCEPTABLE = 38, 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt INVALID_SELECTORS = 39 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_keys { 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *SK_d, *SK_ai, *SK_ar, *SK_ei, *SK_er, *SK_pi, *SK_pr; 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t SK_d_len, SK_integ_len, SK_encr_len, SK_prf_len; 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_keys_set(struct ikev2_keys *keys); 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid ikev2_free_keys(struct ikev2_keys *keys); 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* Maximum hash length for supported hash algorithms */ 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define IKEV2_MAX_HASH_LEN 20 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_integ_alg { 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t hash_len; 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_prf_alg { 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t hash_len; 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_encr_alg { 2658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int id; 2668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_len; 2678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t block_size; 2688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_integ_alg * ikev2_get_integ(int id); 2718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_integ_hash(int alg, const u8 *key, size_t key_len, const u8 *data, 2728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t data_len, u8 *hash); 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_prf_alg * ikev2_get_prf(int id); 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_prf_hash(int alg, const u8 *key, size_t key_len, 2758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t num_elem, const u8 *addr[], const size_t *len, 2768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *hash); 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_prf_plus(int alg, const u8 *key, size_t key_len, 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *data, size_t data_len, 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *out, size_t out_len); 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct ikev2_encr_alg * ikev2_get_encr(int id); 2818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 2828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *plain, u8 *crypt, size_t len); 2838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 2848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *crypt, u8 *plain, size_t len); 2858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_derive_auth_data(int prf_alg, const struct wpabuf *sign_msg, 2878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *ID, size_t ID_len, u8 ID_type, 2888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct ikev2_keys *keys, int initiator, 2898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *shared_secret, size_t shared_secret_len, 2908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *nonce, size_t nonce_len, 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *key_pad, size_t key_pad_len, 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *auth_data); 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct ikev2_payloads { 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *sa; 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t sa_len; 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *ke; 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t ke_len; 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *idi; 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t idi_len; 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *idr; 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t idr_len; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *cert; 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t cert_len; 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *auth; 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t auth_len; 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *nonce; 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t nonce_len; 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *encrypted; 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t encrypted_len; 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 encr_next_payload; 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *notification; 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t notification_len; 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_parse_payloads(struct ikev2_payloads *payloads, 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 next_payload, const u8 *pos, const u8 *end); 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtu8 * ikev2_decrypt_payload(int encr_id, int integ_id, struct ikev2_keys *keys, 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int initiator, const struct ikev2_hdr *hdr, 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *encrypted, size_t encrypted_len, 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t *res_len); 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid ikev2_update_hdr(struct wpabuf *msg); 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys, 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int initiator, struct wpabuf *msg, 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpabuf *plain, u8 next_payload); 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf, 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct ikev2_integ_alg *integ, 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const struct ikev2_encr_alg *encr, 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt const u8 *skeyseed, const u8 *data, size_t data_len, 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct ikev2_keys *keys); 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* IKEV2_COMMON_H */ 335