$search
00001 /* 00002 * IKEv2 definitions 00003 * Copyright (c) 2007, Jouni Malinen <j@w1.fi> 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License version 2 as 00007 * published by the Free Software Foundation. 00008 * 00009 * Alternatively, this software may be distributed under the terms of BSD 00010 * license. 00011 * 00012 * See README and COPYING for more details. 00013 */ 00014 00015 #ifndef IKEV2_COMMON_H 00016 #define IKEV2_COMMON_H 00017 00018 /* 00019 * Nonce length must be at least 16 octets. It must also be at least half the 00020 * key size of the negotiated PRF. 00021 */ 00022 #define IKEV2_NONCE_MIN_LEN 16 00023 #define IKEV2_NONCE_MAX_LEN 256 00024 00025 /* IKE Header - RFC 4306, Sect. 3.1 */ 00026 #ifdef _MSC_VER 00027 #pragma pack(push, 1) 00028 #endif /* _MSC_VER */ 00029 00030 #define IKEV2_SPI_LEN 8 00031 00032 struct ikev2_hdr { 00033 u8 i_spi[IKEV2_SPI_LEN]; /* IKE_SA Initiator's SPI */ 00034 u8 r_spi[IKEV2_SPI_LEN]; /* IKE_SA Responder's SPI */ 00035 u8 next_payload; 00036 u8 version; /* MjVer | MnVer */ 00037 u8 exchange_type; 00038 u8 flags; 00039 u8 message_id[4]; 00040 u8 length[4]; /* total length of HDR + payloads */ 00041 } STRUCT_PACKED; 00042 00043 struct ikev2_payload_hdr { 00044 u8 next_payload; 00045 u8 flags; 00046 u8 payload_length[2]; /* this payload, including the payload header */ 00047 } STRUCT_PACKED; 00048 00049 struct ikev2_proposal { 00050 u8 type; /* 0 (last) or 2 (more) */ 00051 u8 reserved; 00052 u8 proposal_length[2]; /* including all transform and attributes */ 00053 u8 proposal_num; 00054 u8 protocol_id; /* IKEV2_PROTOCOL_* */ 00055 u8 spi_size; 00056 u8 num_transforms; 00057 /* SPI of spi_size octets */ 00058 /* Transforms */ 00059 } STRUCT_PACKED; 00060 00061 struct ikev2_transform { 00062 u8 type; /* 0 (last) or 3 (more) */ 00063 u8 reserved; 00064 u8 transform_length[2]; /* including Header and Attributes */ 00065 u8 transform_type; 00066 u8 reserved2; 00067 u8 transform_id[2]; 00068 /* Transform Attributes */ 00069 } STRUCT_PACKED; 00070 00071 #ifdef _MSC_VER 00072 #pragma pack(pop) 00073 #endif /* _MSC_VER */ 00074 00075 00076 /* Current IKEv2 version from RFC 4306 */ 00077 #define IKEV2_MjVer 2 00078 #define IKEV2_MnVer 0 00079 #ifdef CCNS_PL 00080 #define IKEV2_VERSION ((IKEV2_MjVer) | ((IKEV2_MnVer) << 4)) 00081 #else /* CCNS_PL */ 00082 #define IKEV2_VERSION (((IKEV2_MjVer) << 4) | (IKEV2_MnVer)) 00083 #endif /* CCNS_PL */ 00084 00085 /* IKEv2 Exchange Types */ 00086 enum { 00087 /* 0-33 RESERVED */ 00088 IKE_SA_INIT = 34, 00089 IKE_SA_AUTH = 35, 00090 CREATE_CHILD_SA = 36, 00091 INFORMATION = 37 00092 /* 38-239 RESERVED TO IANA */ 00093 /* 240-255 Reserved for private use */ 00094 }; 00095 00096 /* IKEv2 Flags */ 00097 #define IKEV2_HDR_INITIATOR 0x08 00098 #define IKEV2_HDR_VERSION 0x10 00099 #define IKEV2_HDR_RESPONSE 0x20 00100 00101 /* Payload Header Flags */ 00102 #define IKEV2_PAYLOAD_FLAGS_CRITICAL 0x01 00103 00104 00105 /* EAP-IKEv2 Payload Types (in Next Payload Type field) 00106 * http://www.iana.org/assignments/eap-ikev2-payloads */ 00107 enum { 00108 IKEV2_PAYLOAD_NO_NEXT_PAYLOAD = 0, 00109 IKEV2_PAYLOAD_SA = 33, 00110 IKEV2_PAYLOAD_KEY_EXCHANGE = 34, 00111 IKEV2_PAYLOAD_IDi = 35, 00112 IKEV2_PAYLOAD_IDr = 36, 00113 IKEV2_PAYLOAD_CERTIFICATE = 37, 00114 IKEV2_PAYLOAD_CERT_REQ = 38, 00115 IKEV2_PAYLOAD_AUTHENTICATION = 39, 00116 IKEV2_PAYLOAD_NONCE = 40, 00117 IKEV2_PAYLOAD_NOTIFICATION = 41, 00118 IKEV2_PAYLOAD_VENDOD_ID = 43, 00119 IKEV2_PAYLOAD_ENCRYPTED = 46, 00120 IKEV2_PAYLOAD_NEXT_FAST_ID = 121 00121 }; 00122 00123 00124 /* IKEv2 Proposal - Protocol ID */ 00125 enum { 00126 IKEV2_PROTOCOL_RESERVED = 0, 00127 IKEV2_PROTOCOL_IKE = 1, /* IKE is the only one allowed for EAP-IKEv2 */ 00128 IKEV2_PROTOCOL_AH = 2, 00129 IKEV2_PROTOCOL_ESP = 3 00130 }; 00131 00132 00133 /* IKEv2 Transform Types */ 00134 enum { 00135 IKEV2_TRANSFORM_ENCR = 1, 00136 IKEV2_TRANSFORM_PRF = 2, 00137 IKEV2_TRANSFORM_INTEG = 3, 00138 IKEV2_TRANSFORM_DH = 4, 00139 IKEV2_TRANSFORM_ESN = 5 00140 }; 00141 00142 /* IKEv2 Tranform Type 1 (Encryption Algorithm) */ 00143 enum { 00144 ENCR_DES_IV64 = 1, 00145 ENCR_DES = 2, 00146 ENCR_3DES = 3, 00147 ENCR_RC5 = 4, 00148 ENCR_IDEA = 5, 00149 ENCR_CAST = 6, 00150 ENCR_BLOWFISH = 7, 00151 ENCR_3IDEA = 8, 00152 ENCR_DES_IV32 = 9, 00153 ENCR_NULL = 11, 00154 ENCR_AES_CBC = 12, 00155 ENCR_AES_CTR = 13 00156 }; 00157 00158 /* IKEv2 Transform Type 2 (Pseudo-random Function) */ 00159 enum { 00160 PRF_HMAC_MD5 = 1, 00161 PRF_HMAC_SHA1 = 2, 00162 PRF_HMAC_TIGER = 3, 00163 PRF_AES128_XCBC = 4 00164 }; 00165 00166 /* IKEv2 Transform Type 3 (Integrity Algorithm) */ 00167 enum { 00168 AUTH_HMAC_MD5_96 = 1, 00169 AUTH_HMAC_SHA1_96 = 2, 00170 AUTH_DES_MAC = 3, 00171 AUTH_KPDK_MD5 = 4, 00172 AUTH_AES_XCBC_96 = 5 00173 }; 00174 00175 /* IKEv2 Transform Type 4 (Diffie-Hellman Group) */ 00176 enum { 00177 DH_GROUP1_768BIT_MODP = 1, /* RFC 4306 */ 00178 DH_GROUP2_1024BIT_MODP = 2, /* RFC 4306 */ 00179 DH_GROUP5_1536BIT_MODP = 5, /* RFC 3526 */ 00180 DH_GROUP5_2048BIT_MODP = 14, /* RFC 3526 */ 00181 DH_GROUP5_3072BIT_MODP = 15, /* RFC 3526 */ 00182 DH_GROUP5_4096BIT_MODP = 16, /* RFC 3526 */ 00183 DH_GROUP5_6144BIT_MODP = 17, /* RFC 3526 */ 00184 DH_GROUP5_8192BIT_MODP = 18 /* RFC 3526 */ 00185 }; 00186 00187 00188 /* Identification Data Types (RFC 4306, Sect. 3.5) */ 00189 enum { 00190 ID_IPV4_ADDR = 1, 00191 ID_FQDN = 2, 00192 ID_RFC822_ADDR = 3, 00193 ID_IPV6_ADDR = 5, 00194 ID_DER_ASN1_DN = 9, 00195 ID_DER_ASN1_GN= 10, 00196 ID_KEY_ID = 11 00197 }; 00198 00199 00200 /* Certificate Encoding (RFC 4306, Sect. 3.6) */ 00201 enum { 00202 CERT_ENCODING_PKCS7_X509 = 1, 00203 CERT_ENCODING_PGP_CERT = 2, 00204 CERT_ENCODING_DNS_SIGNED_KEY = 3, 00205 /* X.509 Certificate - Signature: DER encoded X.509 certificate whose 00206 * public key is used to validate the sender's AUTH payload */ 00207 CERT_ENCODING_X509_CERT_SIGN = 4, 00208 CERT_ENCODING_KERBEROS_TOKEN = 6, 00209 /* DER encoded X.509 certificate revocation list */ 00210 CERT_ENCODING_CRL = 7, 00211 CERT_ENCODING_ARL = 8, 00212 CERT_ENCODING_SPKI_CERT = 9, 00213 CERT_ENCODING_X509_CERT_ATTR = 10, 00214 /* PKCS #1 encoded RSA key */ 00215 CERT_ENCODING_RAW_RSA_KEY = 11, 00216 CERT_ENCODING_HASH_AND_URL_X509_CERT = 12, 00217 CERT_ENCODING_HASH_AND_URL_X509_BUNDLE = 13 00218 }; 00219 00220 00221 /* Authentication Method (RFC 4306, Sect. 3.8) */ 00222 enum { 00223 AUTH_RSA_SIGN = 1, 00224 AUTH_SHARED_KEY_MIC = 2, 00225 AUTH_DSS_SIGN = 3 00226 }; 00227 00228 00229 /* Notify Message Types (RFC 4306, Sect. 3.10.1) */ 00230 enum { 00231 UNSUPPORTED_CRITICAL_PAYLOAD = 1, 00232 INVALID_IKE_SPI = 4, 00233 INVALID_MAJOR_VERSION = 5, 00234 INVALID_SYNTAX = 7, 00235 INVALID_MESSAGE_ID = 9, 00236 INVALID_SPI = 11, 00237 NO_PROPOSAL_CHOSEN = 14, 00238 INVALID_KE_PAYLOAD = 17, 00239 AUTHENTICATION_FAILED = 24, 00240 SINGLE_PAIR_REQUIRED = 34, 00241 NO_ADDITIONAL_SAS = 35, 00242 INTERNAL_ADDRESS_FAILURE = 36, 00243 FAILED_CP_REQUIRED = 37, 00244 TS_UNACCEPTABLE = 38, 00245 INVALID_SELECTORS = 39 00246 }; 00247 00248 00249 struct ikev2_keys { 00250 u8 *SK_d, *SK_ai, *SK_ar, *SK_ei, *SK_er, *SK_pi, *SK_pr; 00251 size_t SK_d_len, SK_integ_len, SK_encr_len, SK_prf_len; 00252 }; 00253 00254 00255 int ikev2_keys_set(struct ikev2_keys *keys); 00256 void ikev2_free_keys(struct ikev2_keys *keys); 00257 00258 00259 /* Maximum hash length for supported hash algorithms */ 00260 #define IKEV2_MAX_HASH_LEN 20 00261 00262 struct ikev2_integ_alg { 00263 int id; 00264 size_t key_len; 00265 size_t hash_len; 00266 }; 00267 00268 struct ikev2_prf_alg { 00269 int id; 00270 size_t key_len; 00271 size_t hash_len; 00272 }; 00273 00274 struct ikev2_encr_alg { 00275 int id; 00276 size_t key_len; 00277 size_t block_size; 00278 }; 00279 00280 const struct ikev2_integ_alg * ikev2_get_integ(int id); 00281 int ikev2_integ_hash(int alg, const u8 *key, size_t key_len, const u8 *data, 00282 size_t data_len, u8 *hash); 00283 const struct ikev2_prf_alg * ikev2_get_prf(int id); 00284 int ikev2_prf_hash(int alg, const u8 *key, size_t key_len, 00285 size_t num_elem, const u8 *addr[], const size_t *len, 00286 u8 *hash); 00287 int ikev2_prf_plus(int alg, const u8 *key, size_t key_len, 00288 const u8 *data, size_t data_len, 00289 u8 *out, size_t out_len); 00290 const struct ikev2_encr_alg * ikev2_get_encr(int id); 00291 int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 00292 const u8 *plain, u8 *crypt, size_t len); 00293 int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, 00294 const u8 *crypt, u8 *plain, size_t len); 00295 00296 int ikev2_derive_auth_data(int prf_alg, const struct wpabuf *sign_msg, 00297 const u8 *ID, size_t ID_len, u8 ID_type, 00298 struct ikev2_keys *keys, int initiator, 00299 const u8 *shared_secret, size_t shared_secret_len, 00300 const u8 *nonce, size_t nonce_len, 00301 const u8 *key_pad, size_t key_pad_len, 00302 u8 *auth_data); 00303 00304 00305 struct ikev2_payloads { 00306 const u8 *sa; 00307 size_t sa_len; 00308 const u8 *ke; 00309 size_t ke_len; 00310 const u8 *idi; 00311 size_t idi_len; 00312 const u8 *idr; 00313 size_t idr_len; 00314 const u8 *cert; 00315 size_t cert_len; 00316 const u8 *auth; 00317 size_t auth_len; 00318 const u8 *nonce; 00319 size_t nonce_len; 00320 const u8 *encrypted; 00321 size_t encrypted_len; 00322 u8 encr_next_payload; 00323 const u8 *notification; 00324 size_t notification_len; 00325 }; 00326 00327 int ikev2_parse_payloads(struct ikev2_payloads *payloads, 00328 u8 next_payload, const u8 *pos, const u8 *end); 00329 00330 u8 * ikev2_decrypt_payload(int encr_id, int integ_id, struct ikev2_keys *keys, 00331 int initiator, const struct ikev2_hdr *hdr, 00332 const u8 *encrypted, size_t encrypted_len, 00333 size_t *res_len); 00334 void ikev2_update_hdr(struct wpabuf *msg); 00335 int ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys, 00336 int initiator, struct wpabuf *msg, 00337 struct wpabuf *plain, u8 next_payload); 00338 int ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf, 00339 const struct ikev2_integ_alg *integ, 00340 const struct ikev2_encr_alg *encr, 00341 const u8 *skeyseed, const u8 *data, size_t data_len, 00342 struct ikev2_keys *keys); 00343 00344 #endif /* IKEV2_COMMON_H */