+/* 3.7 Key Exchange Payload */
+struct ikev1_pl_ke {
+ struct isakmp_gen h;
+ /* Key Exchange Data */
+};
+
+/* 3.8 Identification Payload */
+ /* MUST NOT to be used, because of being defined in ipsec-doi. */
+struct ikev1_pl_id {
+ struct isakmp_gen h;
+ union {
+ uint8_t id_type; /* ID Type */
+ uint32_t doi_data; /* DOI Specific ID Data */
+ } d;
+ /* Identification Data */
+};
+
+/* 3.9 Certificate Payload */
+struct ikev1_pl_cert {
+ struct isakmp_gen h;
+ uint8_t encode; /* Cert Encoding */
+ char cert; /* Certificate Data */
+ /*
+ This field indicates the type of
+ certificate or certificate-related information contained in the
+ Certificate Data field.
+ */
+};
+
+/* 3.10 Certificate Request Payload */
+struct ikev1_pl_cr {
+ struct isakmp_gen h;
+ uint8_t num_cert; /* # Cert. Types */
+ /*
+ Certificate Types (variable length)
+ -- Contains a list of the types of certificates requested,
+ sorted in order of preference. Each individual certificate
+ type is 1 octet. This field is NOT requiredo
+ */
+ /* # Certificate Authorities (1 octet) */
+ /* Certificate Authorities (variable length) */
+};
+
+/* 3.11 Hash Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_hash {
+ struct isakmp_gen h;
+ /* Hash Data */
+};
+
+/* 3.12 Signature Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_sig {
+ struct isakmp_gen h;
+ /* Signature Data */
+};
+
+/* 3.13 Nonce Payload */
+ /* may not be used, because of having only data. */
+struct ikev1_pl_nonce {
+ struct isakmp_gen h;
+ /* Nonce Data */
+};
+
+/* 3.14 Notification Payload */
+struct ikev1_pl_n {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint8_t prot_id; /* Protocol-ID */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t type; /* Notify Message Type */
+ /* SPI */
+ /* Notification Data */
+};
+
+/* 3.14.1 Notify Message Types */
+/* NOTIFY MESSAGES - ERROR TYPES */
+#define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE 1
+#define ISAKMP_NTYPE_DOI_NOT_SUPPORTED 2
+#define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED 3
+#define ISAKMP_NTYPE_INVALID_COOKIE 4
+#define ISAKMP_NTYPE_INVALID_MAJOR_VERSION 5
+#define ISAKMP_NTYPE_INVALID_MINOR_VERSION 6
+#define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE 7
+#define ISAKMP_NTYPE_INVALID_FLAGS 8
+#define ISAKMP_NTYPE_INVALID_MESSAGE_ID 9
+#define ISAKMP_NTYPE_INVALID_PROTOCOL_ID 10
+#define ISAKMP_NTYPE_INVALID_SPI 11
+#define ISAKMP_NTYPE_INVALID_TRANSFORM_ID 12
+#define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13
+#define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN 14
+#define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX 15
+#define ISAKMP_NTYPE_PAYLOAD_MALFORMED 16
+#define ISAKMP_NTYPE_INVALID_KEY_INFORMATION 17
+#define ISAKMP_NTYPE_INVALID_ID_INFORMATION 18
+#define ISAKMP_NTYPE_INVALID_CERT_ENCODING 19
+#define ISAKMP_NTYPE_INVALID_CERTIFICATE 20
+#define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX 21
+#define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY 22
+#define ISAKMP_NTYPE_INVALID_HASH_INFORMATION 23
+#define ISAKMP_NTYPE_AUTHENTICATION_FAILED 24
+#define ISAKMP_NTYPE_INVALID_SIGNATURE 25
+#define ISAKMP_NTYPE_ADDRESS_NOTIFICATION 26
+
+/* 3.15 Delete Payload */
+struct ikev1_pl_d {
+ struct isakmp_gen h;
+ uint32_t doi; /* Domain of Interpretation */
+ uint8_t prot_id; /* Protocol-Id */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t num_spi; /* # of SPIs */
+ /* SPI(es) */
+};
+
+struct ikev1_ph1tab {
+ struct ikev1_ph1 *head;
+ struct ikev1_ph1 *tail;
+ int len;
+};
+
+struct isakmp_ph2tab {
+ struct ikev1_ph2 *head;
+ struct ikev1_ph2 *tail;
+ int len;
+};
+
+/* IKEv2 (RFC4306) */
+
+/* 3.3 Security Association Payload -- generic header */
+/* 3.3.1. Proposal Substructure */
+struct ikev2_p {
+ struct isakmp_gen h;
+ uint8_t p_no; /* Proposal # */
+ uint8_t prot_id; /* Protocol */
+ uint8_t spi_size; /* SPI Size */
+ uint8_t num_t; /* Number of Transforms */
+};
+
+/* 3.3.2. Transform Substructure */
+struct ikev2_t {
+ struct isakmp_gen h;
+ uint8_t t_type; /* Transform Type (ENCR,PRF,INTEG,etc.*/
+ uint8_t res2; /* reserved byte */
+ uint16_t t_id; /* Transform ID */
+};
+
+enum ikev2_t_type {
+ IV2_T_ENCR = 1,
+ IV2_T_PRF = 2,
+ IV2_T_INTEG= 3,
+ IV2_T_DH = 4,
+ IV2_T_ESN = 5
+};
+
+/* 3.4. Key Exchange Payload */
+struct ikev2_ke {
+ struct isakmp_gen h;
+ uint16_t ke_group;
+ uint16_t ke_res1;
+ /* KE data */
+};
+
+
+/* 3.5. Identification Payloads */
+enum ikev2_id_type {
+ ID_IPV4_ADDR=1,
+ ID_FQDN=2,
+ ID_RFC822_ADDR=3,
+ ID_IPV6_ADDR=5,
+ ID_DER_ASN1_DN=9,
+ ID_DER_ASN1_GN=10,
+ ID_KEY_ID=11
+};
+struct ikev2_id {
+ struct isakmp_gen h;
+ uint8_t type; /* ID type */
+ uint8_t res1;
+ uint16_t res2;
+ /* SPI */
+ /* Notification Data */
+};
+
+/* 3.10 Notification Payload */
+struct ikev2_n {
+ struct isakmp_gen h;
+ uint8_t prot_id; /* Protocol-ID */
+ uint8_t spi_size; /* SPI Size */
+ uint16_t type; /* Notify Message Type */
+};
+
+enum ikev2_n_type {
+ IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD = 1,
+ IV2_NOTIFY_INVALID_IKE_SPI = 4,
+ IV2_NOTIFY_INVALID_MAJOR_VERSION = 5,
+ IV2_NOTIFY_INVALID_SYNTAX = 7,
+ IV2_NOTIFY_INVALID_MESSAGE_ID = 9,
+ IV2_NOTIFY_INVALID_SPI =11,
+ IV2_NOTIFY_NO_PROPOSAL_CHOSEN =14,
+ IV2_NOTIFY_INVALID_KE_PAYLOAD =17,
+ IV2_NOTIFY_AUTHENTICATION_FAILED =24,
+ IV2_NOTIFY_SINGLE_PAIR_REQUIRED =34,
+ IV2_NOTIFY_NO_ADDITIONAL_SAS =35,
+ IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE =36,
+ IV2_NOTIFY_FAILED_CP_REQUIRED =37,
+ IV2_NOTIFY_INVALID_SELECTORS =39,
+ IV2_NOTIFY_INITIAL_CONTACT =16384,
+ IV2_NOTIFY_SET_WINDOW_SIZE =16385,
+ IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE =16386,
+ IV2_NOTIFY_IPCOMP_SUPPORTED =16387,
+ IV2_NOTIFY_NAT_DETECTION_SOURCE_IP =16388,
+ IV2_NOTIFY_NAT_DETECTION_DESTINATION_IP =16389,
+ IV2_NOTIFY_COOKIE =16390,
+ IV2_NOTIFY_USE_TRANSPORT_MODE =16391,
+ IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED =16392,
+ IV2_NOTIFY_REKEY_SA =16393,
+ IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED =16394,
+ IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO =16395
+};
+
+struct notify_messages {
+ uint16_t type;
+ char *msg;
+};
+
+/* 3.8 Authentication Payload */
+struct ikev2_auth {
+ struct isakmp_gen h;
+ uint8_t auth_method; /* Protocol-ID */
+ uint8_t reserved[3];
+ /* authentication data */
+};
+
+enum ikev2_auth_type {
+ IV2_RSA_SIG = 1,
+ IV2_SHARED = 2,
+ IV2_DSS_SIG = 3
+};
+
+/* refer to RFC 2409 */
+
+#if 0
+/* isakmp sa structure */
+struct oakley_sa {
+ uint8_t proto_id; /* OAKLEY */
+ vchar_t *spi; /* spi */
+ uint8_t dhgrp; /* DH; group */
+ uint8_t auth_t; /* method of authentication */
+ uint8_t prf_t; /* type of prf */
+ uint8_t hash_t; /* type of hash */
+ uint8_t enc_t; /* type of cipher */
+ uint8_t life_t; /* type of duration of lifetime */
+ uint32_t ldur; /* life duration */
+};
projects / tcpdump / blobdiff