|
1 /* |
|
2 * Copyright (c) 2003 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKEv2 constants. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #ifndef _IKEV2CONST_H_ |
|
20 #define _IKEV2CONST_H_ |
|
21 |
|
22 #include <e32def.h> |
|
23 |
|
24 // |
|
25 // All Headers with values in network byte order |
|
26 // |
|
27 #define MIN_IKEV2_PAYLOAD_SIZE 4 |
|
28 |
|
29 |
|
30 //Version |
|
31 #define MAJORV2 2 |
|
32 #define MAJORV1 1 |
|
33 #define MINOR 0 |
|
34 #define MAJOR2MINOR0 (MAJORV2 << 4) |
|
35 |
|
36 // |
|
37 // IKEv2 HEADER FLAGS (bits 0-2 reserved for IKEv1) |
|
38 // |
|
39 #define IKEV2_INITIATOR 0x8 // Original Initiator Bit |
|
40 #define IKEV2_HIGHER_VERSION 0x10 // Higher version supported |
|
41 #define IKEV2_RESPONSE_MSG 0x20 // Current message is a response |
|
42 |
|
43 // |
|
44 // IKEv2 EXCHANGE TYPES |
|
45 // |
|
46 #define IKE_SA_INIT 34 |
|
47 #define IKE_AUTH 35 |
|
48 #define CREATE_CHILD_SA 36 |
|
49 #define INFORMATIONAL 37 |
|
50 |
|
51 // |
|
52 //Payload types |
|
53 // |
|
54 #define IKEV2_PAYLOAD_NONE 0 // (Terminator) |
|
55 #define IKEV2_PAYLOAD_SA 33 // Security Association |
|
56 #define IKEV2_PAYLOAD_PROP 2 // Proposal |
|
57 #define IKEV2_PAYLOAD_TRANS 3 // Transform |
|
58 #define IKEV2_PAYLOAD_KE 34 // Key Exchange |
|
59 #define IKEV2_PAYLOAD_ID_I 35 // Identification (Initiator) |
|
60 #define IKEV2_PAYLOAD_ID_R 36 // Identification (Responder) |
|
61 #define IKEV2_PAYLOAD_CERT 37 // Certificate |
|
62 #define IKEV2_PAYLOAD_CR 38 // Certificate Request |
|
63 #define IKEV2_PAYLOAD_AUTH 39 // Authentication |
|
64 #define IKEV2_PAYLOAD_NONCE 40 // Nonce |
|
65 #define IKEV2_PAYLOAD_NOTIF 41 // Notification |
|
66 #define IKEV2_PAYLOAD_DELETE 42 // Delete |
|
67 #define IKEV2_PAYLOAD_VID 43 // Vendor ID |
|
68 #define IKEV2_PAYLOAD_TS_I 44 // Traffic selector (initiator) |
|
69 #define IKEV2_PAYLOAD_TS_R 45 // Traffic selector (Responder) |
|
70 #define IKEV2_PAYLOAD_ENCR 46 // Encrypted |
|
71 #define IKEV2_PAYLOAD_CONFIG 47 // Configuration |
|
72 #define IKEV2_PAYLOAD_EAP 48 // Extensible Authentication |
|
73 |
|
74 #define IKEV2_PAYLOAD_PRIVATE 128 // Private use (up to 255) |
|
75 |
|
76 // |
|
77 // Critical bit in general paylaod header |
|
78 // Encrypted bit is an internal definition to indicate that received |
|
79 // payload was encrypted (=received inside encrypted payload) |
|
80 // |
|
81 #define IKEV2_PL_CRITICAL 0x80 |
|
82 #define IKEV2_PL_ENCRYPTED 0x01 |
|
83 #define IKEV2_PL_SELECTED 0x02 |
|
84 |
|
85 // |
|
86 // Protocol ID values |
|
87 // |
|
88 #define IKEV2_PROT_NONE 0 |
|
89 #define IKEV2_PROTOCOL 1 |
|
90 #define IKEV2_IPSEC_AH 2 |
|
91 #define IKEV2_IPSEC_ESP 3 |
|
92 |
|
93 // |
|
94 // Transform type values |
|
95 // |
|
96 #define IKEV2_ENCR 1 // IKE and ESP |
|
97 #define IKEV2_PRF 2 // IKE |
|
98 #define IKEV2_INTEG 3 // IKE, AH, optional in ESP |
|
99 #define IKEV2_DH 4 // IKE, optional AH and ESP |
|
100 #define IKEV2_ESN 5 // optional AH and ESP |
|
101 |
|
102 // |
|
103 // Transform ID values for encryption algorithm type |
|
104 // |
|
105 |
|
106 #define ENCR_DES_IV64 1 // RFC1827 |
|
107 #define ENCR_DES 2 // RFC2405 |
|
108 #define ENCR_3DES 3 // RFC2451 |
|
109 #define ENCR_RC5 4 // RFC2451 |
|
110 #define ENCR_IDEA 5 // RFC2451 |
|
111 #define ENCR_CAST 6 // RFC2451 |
|
112 #define ENCR_BLOWFISH 7 // RFC2451 |
|
113 #define ENCR_3IDEA 8 // RFC2451 |
|
114 #define ENCR_DES_IV32 9 // |
|
115 #define ENCR_NULL 11 // RFC2410 |
|
116 #define ENCR_AES_CBC 12 // RFC3602 |
|
117 #define ENCR_AES_CTR 13 // RFC3664 |
|
118 |
|
119 // |
|
120 // Attribute type values (used only with encryption algorithm transform) |
|
121 // |
|
122 #define IKEV2_ENCR_KEY_LTH 14 // |
|
123 |
|
124 // |
|
125 // Transform ID values for Pseudo-random Function type |
|
126 // |
|
127 #define PRF_HMAC_MD5 1 // RFC2104 |
|
128 #define PRF_HMAC_SHA1 2 // RFC2104 |
|
129 #define PRF_HMAC_TIGER 3 // RFC2104 |
|
130 #define PRF_AES128_CBC 4 // RFC3664 |
|
131 |
|
132 // |
|
133 // Transform ID values for Integrity Algorithm type |
|
134 // |
|
135 #define AUTH_HMAC_MD5_96 1 // RFC2403 |
|
136 #define AUTH_HMAC_SHA1_96 2 // RFC2403 |
|
137 #define AUTH_DES_MAC 3 // |
|
138 #define AUTH_KPDK_MD5 4 // RFC1826 |
|
139 #define AUTH_AES_XCBC_96 5 // RFC3566 |
|
140 |
|
141 // |
|
142 // Transform ID values for Diffie-Hellman group type |
|
143 // |
|
144 #define DH_GROUP_768 1 // Appendix B |
|
145 #define DH_GROUP_1024 2 // Appendix B |
|
146 #define DH_GROUP_1536 5 // RFC3526 |
|
147 #define DH_GROUP_2048 14 // RFC3526 |
|
148 |
|
149 |
|
150 // |
|
151 //NOTIFY MESSAGES - ERROR TYPES |
|
152 // |
|
153 #define UNSUPPORTED_CRITICAL_PAYLOAD 1 |
|
154 #define INVALID_IKE_SPI 4 |
|
155 #define INVALID_MAJOR_VERSION 5 |
|
156 #define INVALID_SYNTAX 7 |
|
157 #define INVALID_MESSAGE_ID 9 |
|
158 #define INVALID_SPI 11 |
|
159 #define NO_PROPOSAL_CHOSEN 14 |
|
160 #define INVALID_KE_PAYLOAD 17 |
|
161 #define AUTHENTICATION_FAILED 24 |
|
162 #define SINGLE_PAIR_REQUIRED 34 |
|
163 #define NO_ADDITIONAL_SAS 35 |
|
164 #define INTERNAL_ADDRESS_FAILURE 36 |
|
165 #define FAILED_CP_REQUIRED 37 |
|
166 #define TS_UNACCEPTABLE 38 |
|
167 #define INVALID_SELECTORS 39 |
|
168 |
|
169 // |
|
170 // NOTIFY MESSAGES - STATUS TYPES |
|
171 // |
|
172 #define INITIAL_CONTACT 16384 |
|
173 #define SET_WINDOW_SIZE 16385 |
|
174 #define ADDITIONAL_TS_POSSIBLE 16386 |
|
175 #define IPCOMP_SUPPORTED 16387 |
|
176 #define NAT_DETECTION_SOURCE_IP 16388 |
|
177 #define NAT_DETECTION_DESTINATION_IP 16389 |
|
178 #define COOKIE 16390 |
|
179 #define USE_TRANSPORT_MODE 16391 |
|
180 #define HTTP_CERT_LOOKUP_SUPPORTED 16392 |
|
181 #define REKEY_SA 16393 |
|
182 #define ESP_TFC_PADDING_NOT_SUPPORTED 16394 |
|
183 #define NON_FIRST_FRAGMENTS_ALSO 16395 |
|
184 |
|
185 // |
|
186 // NOTIFY MESSAGES CODES FOR MOBIKE |
|
187 // |
|
188 #define MOBIKE_SUPPORTED 16396 |
|
189 #define ADDITIONAL_IPV4_ADDRESS 16397 |
|
190 #define ADDITIONAL_IPV6_ADDRESS 16398 |
|
191 #define UPDATE_SA_ADDRESS 16400 |
|
192 #define COOKIE2 16401 |
|
193 #define NAT_PREVENTION 16402 //Is this the same as NO_NATS_ALLOWED? |
|
194 // NOTIFY MESSAGES ERROR CODES FOR MOBIKE |
|
195 #define UNACCPETABLE_ADDRESSES 9500 |
|
196 #define NAT_PREVENTED 9501 |
|
197 |
|
198 // |
|
199 // IKEv2 Identity type codes |
|
200 // |
|
201 #define ID_NOT_DEFINED 0 |
|
202 #define ID_IPV4_ADDR 1 |
|
203 #define ID_FQDN 2 |
|
204 #define ID_RFC822_ADDR 3 |
|
205 #define ID_IPV4_ADDR_SUBNET 4 // For IPSEC ID:s |
|
206 #define ID_IPV6_ADDR 5 |
|
207 #define ID_IPV6_ADDR_SUBNET 6 // For IPSEC ID:s |
|
208 #define ID_DER_ASN1_DN 9 |
|
209 #define ID_KEY_ID 11 |
|
210 |
|
211 // |
|
212 // IKEv2 Authentication methods |
|
213 // |
|
214 #define RSA_DIGITAL_SIGN 1 |
|
215 #define PRESHARED_KEY 2 |
|
216 #define DSS_DIGITAL_SIGN 3 |
|
217 |
|
218 // |
|
219 // IKEv2 Traffic selector type values |
|
220 // |
|
221 #define TS_IPV4_ADDR_RANGE 7 |
|
222 #define TS_IPV6_ADDR_RANGE 8 |
|
223 |
|
224 // |
|
225 // IKEv2 CFG Types (For Config payload) |
|
226 // |
|
227 #define CFG_REQUEST 1 |
|
228 #define CFG_REPLY 2 |
|
229 #define CFG_SET 3 |
|
230 #define CFG_ACK 4 |
|
231 |
|
232 // |
|
233 // IKEv2 Configuration attributes |
|
234 // |
|
235 #define INTERNAL_IP4_ADDRESS 1 // 0 or 4 octets |
|
236 #define INTERNAL_IP4_NETMASK 2 // 0 or 4 octets |
|
237 #define INTERNAL_IP4_DNS 3 // 0 or 4 octets |
|
238 #define INTERNAL_IP4_NBNS 4 // 0 or 4 octets |
|
239 #define INTERNAL_ADDRESS_EXPIRY 5 // 0 or 4 octets |
|
240 #define INTERNAL_IP4_DHCP 6 // 0 or 4 octets |
|
241 #define APPLICATION_VERSION 7 // 0 or more |
|
242 #define INTERNAL_IP6_ADDRESS 8 // 0 or 16 |
|
243 #define INTERNAL_IP6_DNS 10 // 0 or 16 octets |
|
244 #define INTERNAL_IP6_NBNS 11 // 0 or 16 octets |
|
245 #define INTERNAL_IP6_DHCP 12 // 0 or 16 octets |
|
246 #define INTERNAL_IP4_SUBNET 13 // 0 or 8 octets |
|
247 #define SUPPORTED_ATTRIBUTES 14 // Multiple of 2 |
|
248 #define INTERNAL_IP6_SUBNET 15 // 17 octets |
|
249 |
|
250 // |
|
251 // IKEv2 Certificate Encoding codes |
|
252 // |
|
253 #define PKCS7_WRAPPED_X509_CERT 1 |
|
254 #define PGP_CERTIFICATE 2 |
|
255 #define DNS_SIGNED_KEY 3 |
|
256 #define X509_CERTIFICATE_SIGN 4 |
|
257 #define KERBEROS_TOKEN 6 |
|
258 #define CERT_REVOCATION_LIST 7 |
|
259 #define AUTHORITY_REVOCATION_LIST 8 |
|
260 #define SPKI_CERTIFICATE 9 |
|
261 #define X509_CERTIFICATE_ATTRIBUTE 10 |
|
262 #define RAW_RSA_KEY 11 |
|
263 #define HASH_AND_URL_X509_CERT 12 |
|
264 #define HASH_AND_URL_X509_BUNDLE 13 |
|
265 |
|
266 #endif |