diff -r 000000000000 -r 33413c0669b9 vpnengine/ikev2lib/inc/ikev2const.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/ikev2lib/inc/ikev2const.h Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,266 @@ +/* +* Copyright (c) 2003 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: IKEv2 constants. +* +*/ + + +#ifndef _IKEV2CONST_H_ +#define _IKEV2CONST_H_ + +#include + +// +// All Headers with values in network byte order +// +#define MIN_IKEV2_PAYLOAD_SIZE 4 + + +//Version +#define MAJORV2 2 +#define MAJORV1 1 +#define MINOR 0 +#define MAJOR2MINOR0 (MAJORV2 << 4) + +// +// IKEv2 HEADER FLAGS (bits 0-2 reserved for IKEv1) +// +#define IKEV2_INITIATOR 0x8 // Original Initiator Bit +#define IKEV2_HIGHER_VERSION 0x10 // Higher version supported +#define IKEV2_RESPONSE_MSG 0x20 // Current message is a response + +// +// IKEv2 EXCHANGE TYPES +// +#define IKE_SA_INIT 34 +#define IKE_AUTH 35 +#define CREATE_CHILD_SA 36 +#define INFORMATIONAL 37 + +// +//Payload types +// +#define IKEV2_PAYLOAD_NONE 0 // (Terminator) +#define IKEV2_PAYLOAD_SA 33 // Security Association +#define IKEV2_PAYLOAD_PROP 2 // Proposal +#define IKEV2_PAYLOAD_TRANS 3 // Transform +#define IKEV2_PAYLOAD_KE 34 // Key Exchange +#define IKEV2_PAYLOAD_ID_I 35 // Identification (Initiator) +#define IKEV2_PAYLOAD_ID_R 36 // Identification (Responder) +#define IKEV2_PAYLOAD_CERT 37 // Certificate +#define IKEV2_PAYLOAD_CR 38 // Certificate Request +#define IKEV2_PAYLOAD_AUTH 39 // Authentication +#define IKEV2_PAYLOAD_NONCE 40 // Nonce +#define IKEV2_PAYLOAD_NOTIF 41 // Notification +#define IKEV2_PAYLOAD_DELETE 42 // Delete +#define IKEV2_PAYLOAD_VID 43 // Vendor ID +#define IKEV2_PAYLOAD_TS_I 44 // Traffic selector (initiator) +#define IKEV2_PAYLOAD_TS_R 45 // Traffic selector (Responder) +#define IKEV2_PAYLOAD_ENCR 46 // Encrypted +#define IKEV2_PAYLOAD_CONFIG 47 // Configuration +#define IKEV2_PAYLOAD_EAP 48 // Extensible Authentication + +#define IKEV2_PAYLOAD_PRIVATE 128 // Private use (up to 255) + +// +// Critical bit in general paylaod header +// Encrypted bit is an internal definition to indicate that received +// payload was encrypted (=received inside encrypted payload) +// +#define IKEV2_PL_CRITICAL 0x80 +#define IKEV2_PL_ENCRYPTED 0x01 +#define IKEV2_PL_SELECTED 0x02 + +// +// Protocol ID values +// +#define IKEV2_PROT_NONE 0 +#define IKEV2_PROTOCOL 1 +#define IKEV2_IPSEC_AH 2 +#define IKEV2_IPSEC_ESP 3 + +// +// Transform type values +// +#define IKEV2_ENCR 1 // IKE and ESP +#define IKEV2_PRF 2 // IKE +#define IKEV2_INTEG 3 // IKE, AH, optional in ESP +#define IKEV2_DH 4 // IKE, optional AH and ESP +#define IKEV2_ESN 5 // optional AH and ESP + +// +// Transform ID values for encryption algorithm type +// + +#define ENCR_DES_IV64 1 // RFC1827 +#define ENCR_DES 2 // RFC2405 +#define ENCR_3DES 3 // RFC2451 +#define ENCR_RC5 4 // RFC2451 +#define ENCR_IDEA 5 // RFC2451 +#define ENCR_CAST 6 // RFC2451 +#define ENCR_BLOWFISH 7 // RFC2451 +#define ENCR_3IDEA 8 // RFC2451 +#define ENCR_DES_IV32 9 // +#define ENCR_NULL 11 // RFC2410 +#define ENCR_AES_CBC 12 // RFC3602 +#define ENCR_AES_CTR 13 // RFC3664 + +// +// Attribute type values (used only with encryption algorithm transform) +// +#define IKEV2_ENCR_KEY_LTH 14 // + +// +// Transform ID values for Pseudo-random Function type +// +#define PRF_HMAC_MD5 1 // RFC2104 +#define PRF_HMAC_SHA1 2 // RFC2104 +#define PRF_HMAC_TIGER 3 // RFC2104 +#define PRF_AES128_CBC 4 // RFC3664 + +// +// Transform ID values for Integrity Algorithm type +// +#define AUTH_HMAC_MD5_96 1 // RFC2403 +#define AUTH_HMAC_SHA1_96 2 // RFC2403 +#define AUTH_DES_MAC 3 // +#define AUTH_KPDK_MD5 4 // RFC1826 +#define AUTH_AES_XCBC_96 5 // RFC3566 + +// +// Transform ID values for Diffie-Hellman group type +// +#define DH_GROUP_768 1 // Appendix B +#define DH_GROUP_1024 2 // Appendix B +#define DH_GROUP_1536 5 // RFC3526 +#define DH_GROUP_2048 14 // RFC3526 + + +// +//NOTIFY MESSAGES - ERROR TYPES +// +#define UNSUPPORTED_CRITICAL_PAYLOAD 1 +#define INVALID_IKE_SPI 4 +#define INVALID_MAJOR_VERSION 5 +#define INVALID_SYNTAX 7 +#define INVALID_MESSAGE_ID 9 +#define INVALID_SPI 11 +#define NO_PROPOSAL_CHOSEN 14 +#define INVALID_KE_PAYLOAD 17 +#define AUTHENTICATION_FAILED 24 +#define SINGLE_PAIR_REQUIRED 34 +#define NO_ADDITIONAL_SAS 35 +#define INTERNAL_ADDRESS_FAILURE 36 +#define FAILED_CP_REQUIRED 37 +#define TS_UNACCEPTABLE 38 +#define INVALID_SELECTORS 39 + +// +// NOTIFY MESSAGES - STATUS TYPES +// +#define INITIAL_CONTACT 16384 +#define SET_WINDOW_SIZE 16385 +#define ADDITIONAL_TS_POSSIBLE 16386 +#define IPCOMP_SUPPORTED 16387 +#define NAT_DETECTION_SOURCE_IP 16388 +#define NAT_DETECTION_DESTINATION_IP 16389 +#define COOKIE 16390 +#define USE_TRANSPORT_MODE 16391 +#define HTTP_CERT_LOOKUP_SUPPORTED 16392 +#define REKEY_SA 16393 +#define ESP_TFC_PADDING_NOT_SUPPORTED 16394 +#define NON_FIRST_FRAGMENTS_ALSO 16395 + +// +// NOTIFY MESSAGES CODES FOR MOBIKE +// +#define MOBIKE_SUPPORTED 16396 +#define ADDITIONAL_IPV4_ADDRESS 16397 +#define ADDITIONAL_IPV6_ADDRESS 16398 +#define UPDATE_SA_ADDRESS 16400 +#define COOKIE2 16401 +#define NAT_PREVENTION 16402 //Is this the same as NO_NATS_ALLOWED? +// NOTIFY MESSAGES ERROR CODES FOR MOBIKE +#define UNACCPETABLE_ADDRESSES 9500 +#define NAT_PREVENTED 9501 + +// +// IKEv2 Identity type codes +// +#define ID_NOT_DEFINED 0 +#define ID_IPV4_ADDR 1 +#define ID_FQDN 2 +#define ID_RFC822_ADDR 3 +#define ID_IPV4_ADDR_SUBNET 4 // For IPSEC ID:s +#define ID_IPV6_ADDR 5 +#define ID_IPV6_ADDR_SUBNET 6 // For IPSEC ID:s +#define ID_DER_ASN1_DN 9 +#define ID_KEY_ID 11 + +// +// IKEv2 Authentication methods +// +#define RSA_DIGITAL_SIGN 1 +#define PRESHARED_KEY 2 +#define DSS_DIGITAL_SIGN 3 + +// +// IKEv2 Traffic selector type values +// +#define TS_IPV4_ADDR_RANGE 7 +#define TS_IPV6_ADDR_RANGE 8 + +// +// IKEv2 CFG Types (For Config payload) +// +#define CFG_REQUEST 1 +#define CFG_REPLY 2 +#define CFG_SET 3 +#define CFG_ACK 4 + +// +// IKEv2 Configuration attributes +// +#define INTERNAL_IP4_ADDRESS 1 // 0 or 4 octets +#define INTERNAL_IP4_NETMASK 2 // 0 or 4 octets +#define INTERNAL_IP4_DNS 3 // 0 or 4 octets +#define INTERNAL_IP4_NBNS 4 // 0 or 4 octets +#define INTERNAL_ADDRESS_EXPIRY 5 // 0 or 4 octets +#define INTERNAL_IP4_DHCP 6 // 0 or 4 octets +#define APPLICATION_VERSION 7 // 0 or more +#define INTERNAL_IP6_ADDRESS 8 // 0 or 16 +#define INTERNAL_IP6_DNS 10 // 0 or 16 octets +#define INTERNAL_IP6_NBNS 11 // 0 or 16 octets +#define INTERNAL_IP6_DHCP 12 // 0 or 16 octets +#define INTERNAL_IP4_SUBNET 13 // 0 or 8 octets +#define SUPPORTED_ATTRIBUTES 14 // Multiple of 2 +#define INTERNAL_IP6_SUBNET 15 // 17 octets + +// +// IKEv2 Certificate Encoding codes +// +#define PKCS7_WRAPPED_X509_CERT 1 +#define PGP_CERTIFICATE 2 +#define DNS_SIGNED_KEY 3 +#define X509_CERTIFICATE_SIGN 4 +#define KERBEROS_TOKEN 6 +#define CERT_REVOCATION_LIST 7 +#define AUTHORITY_REVOCATION_LIST 8 +#define SPKI_CERTIFICATE 9 +#define X509_CERTIFICATE_ATTRIBUTE 10 +#define RAW_RSA_KEY 11 +#define HASH_AND_URL_X509_CERT 12 +#define HASH_AND_URL_X509_BUNDLE 13 + +#endif \ No newline at end of file