3
* Copyright (c) 2007, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
15
#ifndef IKEV2_COMMON_H
16
#define IKEV2_COMMON_H
19
* Nonce length must be at least 16 octets. It must also be at least half the
20
* key size of the negotiated PRF.
22
#define IKEV2_NONCE_MIN_LEN 16
23
#define IKEV2_NONCE_MAX_LEN 256
25
/* IKE Header - RFC 4306, Sect. 3.1 */
30
#define IKEV2_SPI_LEN 8
33
u8 i_spi[IKEV2_SPI_LEN]; /* IKE_SA Initiator's SPI */
34
u8 r_spi[IKEV2_SPI_LEN]; /* IKE_SA Responder's SPI */
36
u8 version; /* MjVer | MnVer */
40
u8 length[4]; /* total length of HDR + payloads */
43
struct ikev2_payload_hdr {
46
u8 payload_length[2]; /* this payload, including the payload header */
49
struct ikev2_proposal {
50
u8 type; /* 0 (last) or 2 (more) */
52
u8 proposal_length[2]; /* including all transform and attributes */
54
u8 protocol_id; /* IKEV2_PROTOCOL_* */
57
/* SPI of spi_size octets */
61
struct ikev2_transform {
62
u8 type; /* 0 (last) or 3 (more) */
64
u8 transform_length[2]; /* including Header and Attributes */
68
/* Transform Attributes */
76
/* Current IKEv2 version from RFC 4306 */
80
#define IKEV2_VERSION ((IKEV2_MjVer) | ((IKEV2_MnVer) << 4))
82
#define IKEV2_VERSION (((IKEV2_MjVer) << 4) | (IKEV2_MnVer))
85
/* IKEv2 Exchange Types */
92
/* 38-239 RESERVED TO IANA */
93
/* 240-255 Reserved for private use */
97
#define IKEV2_HDR_INITIATOR 0x08
98
#define IKEV2_HDR_VERSION 0x10
99
#define IKEV2_HDR_RESPONSE 0x20
101
/* Payload Header Flags */
102
#define IKEV2_PAYLOAD_FLAGS_CRITICAL 0x01
105
/* EAP-IKEv2 Payload Types (in Next Payload Type field)
106
* http://www.iana.org/assignments/eap-ikev2-payloads */
108
IKEV2_PAYLOAD_NO_NEXT_PAYLOAD = 0,
109
IKEV2_PAYLOAD_SA = 33,
110
IKEV2_PAYLOAD_KEY_EXCHANGE = 34,
111
IKEV2_PAYLOAD_IDi = 35,
112
IKEV2_PAYLOAD_IDr = 36,
113
IKEV2_PAYLOAD_CERTIFICATE = 37,
114
IKEV2_PAYLOAD_CERT_REQ = 38,
115
IKEV2_PAYLOAD_AUTHENTICATION = 39,
116
IKEV2_PAYLOAD_NONCE = 40,
117
IKEV2_PAYLOAD_NOTIFICATION = 41,
118
IKEV2_PAYLOAD_VENDOD_ID = 43,
119
IKEV2_PAYLOAD_ENCRYPTED = 46,
120
IKEV2_PAYLOAD_NEXT_FAST_ID = 121
124
/* IKEv2 Proposal - Protocol ID */
126
IKEV2_PROTOCOL_RESERVED = 0,
127
IKEV2_PROTOCOL_IKE = 1, /* IKE is the only one allowed for EAP-IKEv2 */
128
IKEV2_PROTOCOL_AH = 2,
129
IKEV2_PROTOCOL_ESP = 3
133
/* IKEv2 Transform Types */
135
IKEV2_TRANSFORM_ENCR = 1,
136
IKEV2_TRANSFORM_PRF = 2,
137
IKEV2_TRANSFORM_INTEG = 3,
138
IKEV2_TRANSFORM_DH = 4,
139
IKEV2_TRANSFORM_ESN = 5
142
/* IKEv2 Tranform Type 1 (Encryption Algorithm) */
158
/* IKEv2 Transform Type 2 (Pseudo-random Function) */
166
/* IKEv2 Transform Type 3 (Integrity Algorithm) */
168
AUTH_HMAC_MD5_96 = 1,
169
AUTH_HMAC_SHA1_96 = 2,
175
/* IKEv2 Transform Type 4 (Diffie-Hellman Group) */
177
DH_GROUP1_768BIT_MODP = 1, /* RFC 4306 */
178
DH_GROUP2_1024BIT_MODP = 2, /* RFC 4306 */
179
DH_GROUP5_1536BIT_MODP = 5, /* RFC 3526 */
180
DH_GROUP5_2048BIT_MODP = 14, /* RFC 3526 */
181
DH_GROUP5_3072BIT_MODP = 15, /* RFC 3526 */
182
DH_GROUP5_4096BIT_MODP = 16, /* RFC 3526 */
183
DH_GROUP5_6144BIT_MODP = 17, /* RFC 3526 */
184
DH_GROUP5_8192BIT_MODP = 18 /* RFC 3526 */
188
/* Identification Data Types (RFC 4306, Sect. 3.5) */
200
/* Certificate Encoding (RFC 4306, Sect. 3.6) */
202
CERT_ENCODING_PKCS7_X509 = 1,
203
CERT_ENCODING_PGP_CERT = 2,
204
CERT_ENCODING_DNS_SIGNED_KEY = 3,
205
/* X.509 Certificate - Signature: DER encoded X.509 certificate whose
206
* public key is used to validate the sender's AUTH payload */
207
CERT_ENCODING_X509_CERT_SIGN = 4,
208
CERT_ENCODING_KERBEROS_TOKEN = 6,
209
/* DER encoded X.509 certificate revocation list */
210
CERT_ENCODING_CRL = 7,
211
CERT_ENCODING_ARL = 8,
212
CERT_ENCODING_SPKI_CERT = 9,
213
CERT_ENCODING_X509_CERT_ATTR = 10,
214
/* PKCS #1 encoded RSA key */
215
CERT_ENCODING_RAW_RSA_KEY = 11,
216
CERT_ENCODING_HASH_AND_URL_X509_CERT = 12,
217
CERT_ENCODING_HASH_AND_URL_X509_BUNDLE = 13
221
/* Authentication Method (RFC 4306, Sect. 3.8) */
224
AUTH_SHARED_KEY_MIC = 2,
229
/* Notify Message Types (RFC 4306, Sect. 3.10.1) */
231
UNSUPPORTED_CRITICAL_PAYLOAD = 1,
233
INVALID_MAJOR_VERSION = 5,
235
INVALID_MESSAGE_ID = 9,
237
NO_PROPOSAL_CHOSEN = 14,
238
INVALID_KE_PAYLOAD = 17,
239
AUTHENTICATION_FAILED = 24,
240
SINGLE_PAIR_REQUIRED = 34,
241
NO_ADDITIONAL_SAS = 35,
242
INTERNAL_ADDRESS_FAILURE = 36,
243
FAILED_CP_REQUIRED = 37,
244
TS_UNACCEPTABLE = 38,
245
INVALID_SELECTORS = 39
250
u8 *SK_d, *SK_ai, *SK_ar, *SK_ei, *SK_er, *SK_pi, *SK_pr;
251
size_t SK_d_len, SK_integ_len, SK_encr_len, SK_prf_len;
255
int ikev2_keys_set(struct ikev2_keys *keys);
256
void ikev2_free_keys(struct ikev2_keys *keys);
259
/* Maximum hash length for supported hash algorithms */
260
#define IKEV2_MAX_HASH_LEN 20
262
struct ikev2_integ_alg {
268
struct ikev2_prf_alg {
274
struct ikev2_encr_alg {
280
const struct ikev2_integ_alg * ikev2_get_integ(int id);
281
int ikev2_integ_hash(int alg, const u8 *key, size_t key_len, const u8 *data,
282
size_t data_len, u8 *hash);
283
const struct ikev2_prf_alg * ikev2_get_prf(int id);
284
int ikev2_prf_hash(int alg, const u8 *key, size_t key_len,
285
size_t num_elem, const u8 *addr[], const size_t *len,
287
int ikev2_prf_plus(int alg, const u8 *key, size_t key_len,
288
const u8 *data, size_t data_len,
289
u8 *out, size_t out_len);
290
const struct ikev2_encr_alg * ikev2_get_encr(int id);
291
int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
292
const u8 *plain, u8 *crypt, size_t len);
293
int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
294
const u8 *crypt, u8 *plain, size_t len);
296
int ikev2_derive_auth_data(int prf_alg, const struct wpabuf *sign_msg,
297
const u8 *ID, size_t ID_len, u8 ID_type,
298
struct ikev2_keys *keys, int initiator,
299
const u8 *shared_secret, size_t shared_secret_len,
300
const u8 *nonce, size_t nonce_len,
301
const u8 *key_pad, size_t key_pad_len,
305
struct ikev2_payloads {
321
size_t encrypted_len;
322
u8 encr_next_payload;
323
const u8 *notification;
324
size_t notification_len;
327
int ikev2_parse_payloads(struct ikev2_payloads *payloads,
328
u8 next_payload, const u8 *pos, const u8 *end);
330
u8 * ikev2_decrypt_payload(int encr_id, int integ_id, struct ikev2_keys *keys,
331
int initiator, const struct ikev2_hdr *hdr,
332
const u8 *encrypted, size_t encrypted_len,
334
void ikev2_update_hdr(struct wpabuf *msg);
335
int ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys,
336
int initiator, struct wpabuf *msg,
337
struct wpabuf *plain, u8 next_payload);
338
int ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf,
339
const struct ikev2_integ_alg *integ,
340
const struct ikev2_encr_alg *encr,
341
const u8 *skeyseed, const u8 *data, size_t data_len,
342
struct ikev2_keys *keys);
344
#endif /* IKEV2_COMMON_H */