#pragma warning disable IDE1006 // Naming Styles
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
namespace Vanara.PInvoke;
public static partial class FwpUClnt
{
///
/// The IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE enumerated type specifies the type of impersonation to perform when Authenticated
/// Internet Protocol (AuthIP) is used for authentication.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_authentication_impersonation_type typedef enum
// IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_ { IKEEXT_IMPERSONATION_NONE = 0, IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL,
// IKEEXT_IMPERSONATION_MAX } IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_")]
public enum IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
{
///
/// Value:
/// 0
/// Specifies no impersonation.
///
IKEEXT_IMPERSONATION_NONE,
/// Specifies socket principal impersonation.
IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL,
/// Maximum value for testing purposes.
IKEEXT_IMPERSONATION_MAX,
}
///
/// The IKEEXT_AUTHENTICATION_METHOD_TYPE enumerated type specifies the type of authentication method used by Internet Key
/// Exchange (IKE), Authenticated Internet Protocol (AuthIP), or IKEv2..
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_authentication_method_type typedef enum
// IKEEXT_AUTHENTICATION_METHOD_TYPE_ { IKEEXT_PRESHARED_KEY = 0, IKEEXT_CERTIFICATE, IKEEXT_KERBEROS, IKEEXT_ANONYMOUS, IKEEXT_SSL,
// IKEEXT_NTLM_V2, IKEEXT_IPV6_CGA, IKEEXT_CERTIFICATE_ECDSA_P256, IKEEXT_CERTIFICATE_ECDSA_P384, IKEEXT_SSL_ECDSA_P256,
// IKEEXT_SSL_ECDSA_P384, IKEEXT_EAP, IKEEXT_RESERVED, IKEEXT_AUTHENTICATION_METHOD_TYPE_MAX } IKEEXT_AUTHENTICATION_METHOD_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_AUTHENTICATION_METHOD_TYPE_")]
public enum IKEEXT_AUTHENTICATION_METHOD_TYPE
{
///
/// Value:
/// 0
/// Specifies pre-shared key authentication method. Available only for IKE.
///
IKEEXT_PRESHARED_KEY,
/// Specifies certificate authentication method. Available only for IKE and IKEv2.
IKEEXT_CERTIFICATE,
/// Specifies Kerberos authentication method.
IKEEXT_KERBEROS,
/// Specifies anonymous authentication method. Available only for AuthIP.
IKEEXT_ANONYMOUS,
/// Specifies Secure Sockets Layer (SSL) authentication method. Available only for AuthIP.
IKEEXT_SSL,
/// Specifies Microsoft Windows NT LAN Manager (NTLM) V2 authentication method. Available only for AuthIP.
IKEEXT_NTLM_V2,
/// Specifies IPv6 Cryptographically Generated Addresses (CGA) authentication method. Available only for IKE.
IKEEXT_IPV6_CGA,
///
///
/// Specifies Elliptic Curve Digital Signature Algorithm (ECDSA) 256 certificate authentication method. Available only for IKE and IKEv2.
///
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_CERTIFICATE_ECDSA_P256,
///
/// Specifies ECDSA-384 certificate authentication method. Available only for IKE and IKEv2.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_CERTIFICATE_ECDSA_P384,
///
/// Specifies ECDSA-256 SSL authentication method. Available only for AuthIP.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_SSL_ECDSA_P256,
///
/// Specifies ECDSA-384 SSL authentication method. Available only for AuthIP.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_SSL_ECDSA_P384,
///
/// Specifies Extensible Authentication Protocol (EAP) authentication method. Available only for IKEv2.
/// Note Available only on Windows Server 2008 R2, Windows 7, and later.
///
IKEEXT_EAP,
///
/// Reserved. Do not use.
/// Note Available only on Windows Server 2012, Windows 8, and later.
///
IKEEXT_RESERVED,
/// Maximum value for testing purposes.
IKEEXT_AUTHENTICATION_METHOD_TYPE_MAX,
}
/// specifies the certificate authentication characteristics.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION0_")]
[Flags]
public enum IKEEXT_CERT_AUTH : uint
{
/// Enable SSL one way authentication. Applicable only to AuthIP.
IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY = 0x00000001,
///
/// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and
/// only if CRL is successfully looked up and the certificate is found to be revoked.
///
IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK = 0x00000002,
///
/// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or
/// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking.
///
IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG = 0x00000004,
///
/// SSL validation requires certain EKUs, like server auth EKU from a server. This flag disables the server authentication EKU check,
/// but still performs the other IKE-style certificate verification. Applicable only to AuthIP.
///
IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION = 0x00000008,
///
/// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. Available only on Windows 7, Windows
/// Server 2008 R2, and later.
///
IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP = 0x00000010,
///
/// Indicates that the URL specified in the certificate authentication policy points to an encoded certificate bundle. If this flag
/// is not specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. Available only on
/// Windows 7, Windows Server 2008 R2, and later.
///
IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE = 0x00000020,
///
IKEEXT_CERT_AUTH_FLAG_DISABLE_REQUEST_PAYLOAD = 0x00000040,
}
/// The IKEEXT_CERT_CONFIG_TYPE enumerated type indicates a type of certificate configuration.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cert_config_type typedef enum IKEEXT_CERT_CONFIG_TYPE_
// { IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST = 0, IKEEXT_CERT_CONFIG_ENTERPRISE_STORE, IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE,
// IKEEXT_CERT_CONFIG_UNSPECIFIED, IKEEXT_CERT_CONFIG_TYPE_MAX } IKEEXT_CERT_CONFIG_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CERT_CONFIG_TYPE_")]
public enum IKEEXT_CERT_CONFIG_TYPE
{
///
/// Value:
/// 0
/// An explicit trust list will be used for authentication.
///
IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST,
/// The enterprise store will be used as the trust list for authentication.
IKEEXT_CERT_CONFIG_ENTERPRISE_STORE,
/// The trusted root CA store will be used as the trust list for authentication.
IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE,
///
/// No certificate authentication in the direction (inbound or outbound) specified by the configuration.
/// Available only on Windows 7, Windows Server 2008 R2, and later.
///
IKEEXT_CERT_CONFIG_UNSPECIFIED,
/// Maximum value for testing purposes.
IKEEXT_CERT_CONFIG_TYPE_MAX,
}
/// Flags for IKEEXT_CERTIFICATE_CREDENTIAL1
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL1_")]
[Flags]
public enum IKEEXT_CERT_CREDENTIAL_FLAG : uint
{
///
IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT = 0x00000001
}
///
/// The IKEEXT_CERT_CRITERIA_NAME_TYPE enumerated type specifies the type of NAME fields possible for a certificate selection
/// "subject" criteria.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cert_criteria_name_type typedef enum
// IKEEXT_CERT_CRITERIA_NAME_TYPE_ { IKEEXT_CERT_CRITERIA_DNS = 0, IKEEXT_CERT_CRITERIA_UPN, IKEEXT_CERT_CRITERIA_RFC822,
// IKEEXT_CERT_CRITERIA_CN, IKEEXT_CERT_CRITERIA_OU, IKEEXT_CERT_CRITERIA_O, IKEEXT_CERT_CRITERIA_DC, IKEEXT_CERT_CRITERIA_NAME_TYPE_MAX
// } IKEEXT_CERT_CRITERIA_NAME_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CERT_CRITERIA_NAME_TYPE_")]
public enum IKEEXT_CERT_CRITERIA_NAME_TYPE
{
///
/// Value:
/// 0
/// DNS name in the Subject Alternative Name of the certificate.
///
IKEEXT_CERT_CRITERIA_DNS,
/// UPN name in the Subject Alternative Name of the certificate.
IKEEXT_CERT_CRITERIA_UPN,
/// RFC 822 name in the Subject Alternative Name of the certificate.
IKEEXT_CERT_CRITERIA_RFC822,
/// CN in the Subject of the certificate.
IKEEXT_CERT_CRITERIA_CN,
/// OU in the Subject of the certificate.
IKEEXT_CERT_CRITERIA_OU,
/// O in the Subject of the certificate.
IKEEXT_CERT_CRITERIA_O,
/// DC in the Subject of the certificate.
IKEEXT_CERT_CRITERIA_DC,
/// Maximum value for testing purposes.
IKEEXT_CERT_CRITERIA_NAME_TYPE_MAX,
}
/// Flags for IKEEXT_CERT_ROOT_CONFIG0.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_ROOT_CONFIG0_")]
[Flags]
public enum IKEEXT_CERT_FLAG : uint
{
/// Enable certificate-to-account mapping for the end-host certificate that chains to this root.
IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING = 0x00000001,
/// Do not send a Cert request payload for this root.
IKEEXT_CERT_FLAG_DISABLE_REQUEST_PAYLOAD = 0x00000002,
/// Enable Network Access Protection (NAP) certificate handling.
IKEEXT_CERT_FLAG_USE_NAP_CERTIFICATE = 0x00000004,
///
/// The corresponding Certification Authority (CA) can be an intermediate CA and does not have to be a ROOT CA. If this flag is not
/// specified, the name will have to refer to a ROOT CA.
///
IKEEXT_CERT_FLAG_INTERMEDIATE_CA = 0x00000008,
///
/// Ignore mapping failures on the initiator. Available only for IKE and IKEv2. Can be set only if
/// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING is also specified. By default, IKE and IKEv2 will not ignore certificate to
/// account mapping failures, even on the initiator. Available only on Windows 7, Windows Server 2008 R2, and later.
///
IKEEXT_CERT_FLAG_IGNORE_INIT_CERT_MAP_FAILURE = 0x00000010,
/// NAP certificates will be preferred for local certificate selection.
IKEEXT_CERT_FLAG_PREFER_NAP_CERTIFICATE_OUTBOUND = 0x00000020,
/// Select a NAP certificate for outbound. Available only on Windows 8 and Windows Server 2012.
IKEEXT_CERT_FLAG_SELECT_NAP_CERTIFICATE = 0x00000040,
/// Verify that the inbound certificate is NAP. Available only on Windows 8 and Windows Server 2012.
IKEEXT_CERT_FLAG_VERIFY_NAP_CERTIFICATE = 0x00000080,
///
/// Follow the renewal property on the certificate when selecting local certificate for outbound. Only applicable when the hash of
/// the certificate is specified. Available only on Windows 8 and Windows Server 2012.
///
IKEEXT_CERT_FLAG_FOLLOW_RENEWAL_CERTIFICATE = 0x00000100,
}
///
/// The IKEEXT_CIPHER_TYPE enumerated type specifies the type of encryption algorithm used for encrypting the Internet Key
/// Exchange (IKE) and Authenticated Internet Protocol (AuthIP) messages.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cipher_type typedef enum IKEEXT_CIPHER_TYPE_ {
// IKEEXT_CIPHER_DES = 0, IKEEXT_CIPHER_3DES, IKEEXT_CIPHER_AES_128, IKEEXT_CIPHER_AES_192, IKEEXT_CIPHER_AES_256,
// IKEEXT_CIPHER_AES_GCM_128_16ICV, IKEEXT_CIPHER_AES_GCM_256_16ICV, IKEEXT_CIPHER_TYPE_MAX } IKEEXT_CIPHER_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CIPHER_TYPE_")]
public enum IKEEXT_CIPHER_TYPE
{
///
/// Value:
/// 0
/// Specifies DES encryption.
///
IKEEXT_CIPHER_DES,
/// Specifies 3DES encryption.
IKEEXT_CIPHER_3DES,
/// Specifies AES-128 encryption.
IKEEXT_CIPHER_AES_128,
/// Specifies AES-192 encryption.
IKEEXT_CIPHER_AES_192,
/// Specifies AES-256 encryption.
IKEEXT_CIPHER_AES_256,
///
IKEEXT_CIPHER_AES_GCM_128_16ICV,
///
IKEEXT_CIPHER_AES_GCM_256_16ICV,
/// Maximum value for testing purposes.
IKEEXT_CIPHER_TYPE_MAX,
}
///
/// The IKEEXT_DH_GROUP enumerated type specifies the type of Diffie Hellman group used for Internet Key Exchange (IKE) and
/// Authenticated Internet Protocol (AuthIP) key generation.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_dh_group typedef enum IKEEXT_DH_GROUP_ {
// IKEEXT_DH_GROUP_NONE = 0, IKEEXT_DH_GROUP_1, IKEEXT_DH_GROUP_2, IKEEXT_DH_GROUP_14, IKEEXT_DH_GROUP_2048, IKEEXT_DH_ECP_256,
// IKEEXT_DH_ECP_384, IKEEXT_DH_GROUP_24, IKEEXT_DH_GROUP_MAX } IKEEXT_DH_GROUP;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_DH_GROUP_")]
public enum IKEEXT_DH_GROUP
{
///
/// Value:
/// 0
/// Specifies no Diffie Hellman group. Available only for AuthIP.
///
IKEEXT_DH_GROUP_NONE,
/// Specifies Diffie Hellman group 1.
IKEEXT_DH_GROUP_1,
/// Specifies Diffie Hellman group 2.
IKEEXT_DH_GROUP_2,
///
/// Specifies Diffie Hellman group 14.
/// Note Available only for Windows 8 and Windows Server 2012.
///
IKEEXT_DH_GROUP_14,
///
/// Specifies Diffie Hellman group 14.
///
/// Note This group was called Diffie Hellman group 2048 when it was introduced. The name has since been changed to match
/// standard terminology.
///
///
IKEEXT_DH_GROUP_2048,
/// Specifies Diffie Hellman ECP group 256.
IKEEXT_DH_ECP_256,
/// Specifies Diffie Hellman ECP group 384.
IKEEXT_DH_ECP_384,
///
/// Specifies Diffie Hellman group 24.
/// Note Available only for Windows 8 and Windows Server 2012.
///
IKEEXT_DH_GROUP_24,
/// Maximum value for testing purposes.
IKEEXT_DH_GROUP_MAX,
}
/// Flags for IKEEXT_EAP_AUTHENTICATION0.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EAP_AUTHENTICATION0__")]
[Flags]
public enum IKEEXT_EAP_FLAG : uint
{
/// Specifies that EAP authentication will be used only to authenticate a local computer to a remote computer.
IKEEXT_EAP_FLAG_LOCAL_AUTH_ONLY = 0x00000001,
/// Specifies that EAP authentication will be used only to authenticate a remote computer to a local computer.
IKEEXT_EAP_FLAG_REMOTE_AUTH_ONLY = 0x00000002,
}
///
/// The IKEEXT_EM_SA_STATE enumerated type defines the states for the Extended Mode (EM) negotiation exchanges that are part of
/// the Authenticated Internet Protocol (AuthIP) protocol.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_em_sa_state typedef enum IKEEXT_EM_SA_STATE_ {
// IKEEXT_EM_SA_STATE_NONE = 0, IKEEXT_EM_SA_STATE_SENT_ATTS, IKEEXT_EM_SA_STATE_SSPI_SENT, IKEEXT_EM_SA_STATE_AUTH_COMPLETE,
// IKEEXT_EM_SA_STATE_FINAL, IKEEXT_EM_SA_STATE_COMPLETE, IKEEXT_EM_SA_STATE_MAX } IKEEXT_EM_SA_STATE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_EM_SA_STATE_")]
public enum IKEEXT_EM_SA_STATE
{
///
/// Value:
/// 0
/// Initial state. No Extended Mode packets have been sent to the peer.
///
IKEEXT_EM_SA_STATE_NONE,
/// First packet has been sent to the peer.
IKEEXT_EM_SA_STATE_SENT_ATTS,
/// Second packet has been sent to the peer.
IKEEXT_EM_SA_STATE_SSPI_SENT,
/// Third packet has been sent to the peer.
IKEEXT_EM_SA_STATE_AUTH_COMPLETE,
/// Final packet has been sent to the peer.
IKEEXT_EM_SA_STATE_FINAL,
/// Extended mode has been completed.
IKEEXT_EM_SA_STATE_COMPLETE,
/// Maximum value for testing purposes.
IKEEXT_EM_SA_STATE_MAX,
}
///
/// The IKEEXT_INTEGRITY_TYPE enumerated type specifies the type of hash algorithm used for integrity protection of Internet Key
/// Exchange (IKE) and Authenticated Internet Protocol (AuthIP) messages.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_integrity_type typedef enum IKEEXT_INTEGRITY_TYPE_ {
// IKEEXT_INTEGRITY_MD5 = 0, IKEEXT_INTEGRITY_SHA1, IKEEXT_INTEGRITY_SHA_256, IKEEXT_INTEGRITY_SHA_384, IKEEXT_INTEGRITY_TYPE_MAX } IKEEXT_INTEGRITY_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_INTEGRITY_TYPE_")]
public enum IKEEXT_INTEGRITY_TYPE
{
///
/// Value:
/// 0
/// Specifies MD5 hash algorithm.
///
IKEEXT_INTEGRITY_MD5,
/// Specifies SHA1 hash algorithm.
IKEEXT_INTEGRITY_SHA1,
///
/// Specifies a 256-bit SHA encryption.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_INTEGRITY_SHA_256,
///
/// Specifies a 384-bit SHA encryption.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
IKEEXT_INTEGRITY_SHA_384,
/// Maximum value for testing purposes.
IKEEXT_INTEGRITY_TYPE_MAX,
}
/// Flags in IKEEXT_KERBEROS_AUTHENTICATION0.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KERBEROS_AUTHENTICATION0__")]
[Flags]
public enum IKEEXT_KERB_AUTH : uint
{
/// Disable initiator generation of peer token from the peer's name string.
IKEEXT_KERB_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION = 0x00000001,
/// Refuse connections if the peer is using explicit credentials. Applicable only to AuthIP.
IKEEXT_KERB_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS = 0x00000002,
/// Force the use of a Kerberos proxy server when acting as initiator.
IKEEXT_KERB_AUTH_FORCE_PROXY_ON_INITIATOR = 0x00000004,
}
/// The IKEEXT_KEY_MODULE_TYPE enumerated type specifies the type of keying module.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_key_module_type typedef enum IKEEXT_KEY_MODULE_TYPE_ {
// IKEEXT_KEY_MODULE_IKE = 0, IKEEXT_KEY_MODULE_AUTHIP, IKEEXT_KEY_MODULE_IKEV2, IKEEXT_KEY_MODULE_MAX } IKEEXT_KEY_MODULE_TYPE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_KEY_MODULE_TYPE_")]
public enum IKEEXT_KEY_MODULE_TYPE
{
///
/// Value:
/// 0
/// Specifies Internet Key Exchange (IKE) keying module.
///
IKEEXT_KEY_MODULE_IKE,
/// Specifies Authenticated Internet Protocol (AuthIP) keying module.
IKEEXT_KEY_MODULE_AUTHIP,
///
/// Specifies Internet Key Exchange version 2 (IKEv2) keying module.
/// Available only on Windows 7, Windows Server 2008 R2, and later.
///
IKEEXT_KEY_MODULE_IKEV2,
/// Maximum value for testing purposes.
IKEEXT_KEY_MODULE_MAX,
}
///
/// The IKEEXT_MM_SA_STATE enumerated type defines the states for the Main Mode (MM) negotiation exchanges that are part of the
/// Authenticated Internet Protocol (AuthIP) and Internet Key Exchange (IKE) protocols.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_mm_sa_state typedef enum IKEEXT_MM_SA_STATE_ {
// IKEEXT_MM_SA_STATE_NONE = 0, IKEEXT_MM_SA_STATE_SA_SENT, IKEEXT_MM_SA_STATE_SSPI_SENT, IKEEXT_MM_SA_STATE_FINAL,
// IKEEXT_MM_SA_STATE_FINAL_SENT, IKEEXT_MM_SA_STATE_COMPLETE, IKEEXT_MM_SA_STATE_MAX } IKEEXT_MM_SA_STATE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_MM_SA_STATE_")]
public enum IKEEXT_MM_SA_STATE
{
///
/// Value:
/// 0
/// Initial state. No packets have been sent to the peer.
///
IKEEXT_MM_SA_STATE_NONE,
/// First packet has been sent to the peer
IKEEXT_MM_SA_STATE_SA_SENT,
/// Second packet has been sent to the peer, for SSPI authentication.
IKEEXT_MM_SA_STATE_SSPI_SENT,
/// Third packet has been sent to the peer.
IKEEXT_MM_SA_STATE_FINAL,
/// Final packet has been sent to the peer.
IKEEXT_MM_SA_STATE_FINAL_SENT,
/// MM has been completed.
IKEEXT_MM_SA_STATE_COMPLETE,
/// Maximum value for testing purposes.
IKEEXT_MM_SA_STATE_MAX,
}
/// Flags for .
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_NTLM_V2_AUTHENTICATION0__")]
[Flags]
public enum IKEEXT_NTLM_V2_AUTH : uint
{
/// Refuse connections if the peer is using explicit credentials.
IKEEXT_NTLM_V2_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS = 0x00000001
}
/// Flags for IKEEXT_POLICY0.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_POLICY0_")]
[Flags]
public enum IKEEXT_POLICY_FLAG : uint
{
///
/// Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from
/// peer, or sending MS_STATUS notifications to peer.
///
IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS = 0x00000001,
/// Disable SA verification of machine LUID.
IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY = 0x00000002,
/// Disable SA verification of machine impersonation LUID. Applicable only to AuthIP.
IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY = 0x00000004,
///
/// Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy. Applicable only to AuthIP.
///
IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH = 0x00000008,
///
IKEEXT_POLICY_FLAG_MOBIKE_NOT_SUPPORTED = 0x00000010,
///
IKEEXT_POLICY_FLAG_SITE_TO_SITE = 0x00000020,
///
IKEEXT_POLICY_FLAG_IMS_VPN = 0x00000040,
///
IKEEXT_POLICY_ENABLE_IKEV2_FRAGMENTATION = 0x00000080,
///
IKEEXT_POLICY_SUPPORT_LOW_POWER_MODE = 0x00000100,
}
/// Flags for IKEEXT_PRESHARED_KEY_AUTHENTICATION1
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_PRESHARED_KEY_AUTHENTICATION1__")]
[Flags]
public enum IKEEXT_PSK_FLAG : uint
{
///
/// Specifies that the pre-shared key authentication will be used only to authenticate a local computer to a remote computer.
/// Applicable only to IKEv2.
///
IKEEXT_PSK_FLAG_LOCAL_AUTH_ONLY = 0x00000001,
///
/// Specifies that the pre-shared key authentication will be used only to authenticate a remote computer to a local computer.
/// Applicable only to IKEv2.
///
IKEEXT_PSK_FLAG_REMOTE_AUTH_ONLY = 0x00000002,
}
///
/// The IKEEXT_QM_SA_STATE enumerated type defines the states for the Quick Mode (QM) negotiation exchanges that are part of the
/// Authenticated Internet Protocol (AuthIP) and Internet Key Exchange (IKE) protocols.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_qm_sa_state typedef enum IKEEXT_QM_SA_STATE_ {
// IKEEXT_QM_SA_STATE_NONE = 0, IKEEXT_QM_SA_STATE_INITIAL, IKEEXT_QM_SA_STATE_FINAL, IKEEXT_QM_SA_STATE_COMPLETE, IKEEXT_QM_SA_STATE_MAX
// } IKEEXT_QM_SA_STATE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_QM_SA_STATE_")]
public enum IKEEXT_QM_SA_STATE
{
///
/// Value:
/// 0
/// Initial state. No QM packets have been sent to the peer.
///
IKEEXT_QM_SA_STATE_NONE,
/// First packet has been sent to the peer.
IKEEXT_QM_SA_STATE_INITIAL,
/// Final packet has been sent to the peer.
IKEEXT_QM_SA_STATE_FINAL,
/// QM has been completed.
IKEEXT_QM_SA_STATE_COMPLETE,
/// Maximum value for testing purposes.
IKEEXT_QM_SA_STATE_MAX,
}
/// Flags for IKEEXT_RESERVED_AUTHENTICATION0.
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_RESERVED_AUTHENTICATION0__")]
[Flags]
public enum IKEEXT_RESERVED_AUTH : uint
{
/// Reserved for internal use.
IKEEXT_RESERVED_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION = 0x00000001
}
///
/// The IKEEXT_SA_ROLE enumerated type defines the security association (SA) role for Internet Key Exchange (IKE) and
/// Authenticated Internet Protocol (AuthIP) Main Mode or Quick Mode negotiations.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_sa_role typedef enum IKEEXT_SA_ROLE_ {
// IKEEXT_SA_ROLE_INITIATOR = 0, IKEEXT_SA_ROLE_RESPONDER, IKEEXT_SA_ROLE_MAX } IKEEXT_SA_ROLE;
[PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_SA_ROLE_")]
public enum IKEEXT_SA_ROLE
{
///
/// Value:
/// 0
/// SA is the initiator.
///
IKEEXT_SA_ROLE_INITIATOR,
/// SA is the responder.
IKEEXT_SA_ROLE_RESPONDER,
/// Maximum value for testing purposes.
IKEEXT_SA_ROLE_MAX,
}
///
/// Tag interface to represent structures that start with a 32-bit size value followed by a pointer to an aray of .
///
/// The type of the array element.
public interface IBlob
{
}
/// Gets an array from an .
/// The type of the array element.
/// The structure instance.
/// An array of .
public static TElem[] Get(this IBlob str)
{
using var p = new PinnedObject(str);
var c = Marshal.ReadInt32(p);
return ((IntPtr)p).ToArray(c, Marshal.OffsetOf(typeof(FWP_BYTE_BLOB), "data").ToInt32());
}
/// Creates an based structure from a sequence.
/// The type of the structure.
/// The type of the array element.
/// The items.
/// The allocated native memory assigned to the pointer in the returned structure.
///
public static TIn Make(IEnumerable items, out SafeAllocatedMemoryHandle mem) where TIn : unmanaged, IBlob
{
var c = items?.Count() ?? 0;
mem = typeof(TElem) == typeof(string) ? SafeCoTaskMemHandle.CreateFromStringList(items.Cast(), StringListPackMethod.Packed, GetCharSet())
: SafeCoTaskMemHandle.CreateFromList(items, c);
var blob = new FWP_BYTE_BLOB() { size = (uint)c, data = mem };
using var tmem = SafeCoTaskMemHandle.CreateFromStructure();
tmem.Write(blob);
return tmem.ToStructure();
static CharSet GetCharSet() => typeof(TIn).GetCustomAttribute()?.CharSet ?? CharSet.Auto;
}
/// The IKEEXT_AUTHENTICATION_METHOD1 is available.For Windows 8, IKEEXT_AUTHENTICATION_METHOD2 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method0 typedef struct
// IKEEXT_AUTHENTICATION_METHOD0_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication;
// IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
// IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication; IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_AUTHENTICATION_METHOD0
{
/// Type of authentication method specified by IKEEXT_AUTHENTICATION_METHOD_TYPE.
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
private UNION union;
///
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
/// See IKEEXT_PRESHARED_KEY_AUTHENTICATION0 for more information.
///
public IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_CERTIFICATE, IKEEXT_CERTIFICATE_ECDSA_P256, or IKEEXT_CERTIFICATE_ECDSA_P384.
/// See IKEEXT_CERTIFICATE_AUTHENTICATION0 for more information.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_KERBEROS.
/// See IKEEXT_KERBEROS_AUTHENTICATION0 for more information.
///
public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_NTLM_V2.
/// See IKEEXT_NTLM_V2_AUTHENTICATION0 for more information.
///
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384.
/// See IKEEXT_CERTIFICATE_AUTHENTICATION0 for more information.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_IPV6_CGA. Available only for IKE.
/// See IKEEXT_IPV6_CGA_AUTHENTICATION0 for more information.
///
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; }
[StructLayout(LayoutKind.Explicit)]
private struct UNION
{
[FieldOffset(0)]
public IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication;
[FieldOffset(0)]
public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication;
[FieldOffset(0)]
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication;
[FieldOffset(0)]
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication;
}
}
/// The IKEEXT_AUTHENTICATION_METHOD0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method1 typedef struct
// IKEEXT_AUTHENTICATION_METHOD1_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication;
// IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
// IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication; IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; IKEEXT_EAP_AUTHENTICATION0
// eapAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_AUTHENTICATION_METHOD1
{
/// Type of authentication method specified by IKEEXT_AUTHENTICATION_METHOD_TYPE.
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
private UNION union;
///
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
/// See IKEEXT_PRESHARED_KEY_AUTHENTICATION1 for more information.
///
public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_CERTIFICATE, IKEEXT_CERTIFICATE_ECDSA_P256, or IKEEXT_CERTIFICATE_ECDSA_P384.
/// See IKEEXT_CERTIFICATE_AUTHENTICATION1 for more information.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_KERBEROS.
/// See IKEEXT_KERBEROS_AUTHENTICATION0 for more information.
///
public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_NTLM_V2.
/// See IKEEXT_NTLM_V2_AUTHENTICATION0 for more information.
///
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384.
/// See IKEEXT_CERTIFICATE_AUTHENTICATION1 for more information.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_IPV6_CGA.
/// See IKEEXT_IPV6_CGA_AUTHENTICATION0 for more information.
///
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; }
///
/// Available when authenticationMethodType is IKEEXT_EAP.
/// See IKEEXT_EAP_AUTHENTICATION0 for more information.
///
public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication { get => union.eapAuthentication; set => union.eapAuthentication = value; }
[StructLayout(LayoutKind.Explicit)]
private struct UNION
{
[FieldOffset(0)]
public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication;
[FieldOffset(0)]
public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication;
[FieldOffset(0)]
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication;
[FieldOffset(0)]
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication;
[FieldOffset(0)]
public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication;
}
}
///
/// The IKEEXT_AUTHENTICATION_METHOD2 structure specifies various parameters for IKE/Authip authentication.
/// IKEEXT_AUTHENTICATION_METHOD0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method2 typedef struct
// IKEEXT_AUTHENTICATION_METHOD2_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication;
// IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication; IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication;
// IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication;
// IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; IKEEXT_EAP_AUTHENTICATION0 eapAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_AUTHENTICATION_METHOD2
{
///
/// Type: IKEEXT_AUTHENTICATION_METHOD_TYPE
/// Type of authentication method.
///
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
private UNION union;
///
/// Type: IKEEXT_PRESHARED_KEY_AUTHENTICATION1
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
///
public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; }
///
/// Type: IKEEXT_CERTIFICATE_AUTHENTICATION2
/// Available when authenticationMethodType is IKEEXT_CERTIFICATE, IKEEXT_CERTIFICATE_ECDSA_P256, or IKEEXT_CERTIFICATE_ECDSA_P384.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; }
///
/// Type: IKEEXT_KERBEROS_AUTHENTICATION1
/// Available when authenticationMethodType is IKEEXT_KERBEROS.
///
public IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; }
///
/// Type: IKEEXT_RESERVED_AUTHENTICATION0
/// Available when authenticationMethodType is IKEEXT_RESERVED.
///
public IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication { get => union.reservedAuthentication; set => union.reservedAuthentication = value; }
///
/// Type: IKEEXT_NTLM_V2_AUTHENTICATION0
/// Available when authenticationMethodType is IKEEXT_NTLM_V2.
///
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; }
///
/// Type: IKEEXT_CERTIFICATE_AUTHENTICATION2
/// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384.
///
public IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; }
///
/// Type: IKEEXT_IPV6_CGA_AUTHENTICATION0
/// Available when authenticationMethodType is IKEEXT_IPV6_CGA.
///
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; }
///
/// Type: IKEEXT_EAP_AUTHENTICATION0
/// Available when authenticationMethodType is IKEEXT_EAP.
///
public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication { get => union.eapAuthentication; set => union.eapAuthentication = value; }
[StructLayout(LayoutKind.Explicit)]
private struct UNION
{
[FieldOffset(0)]
public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication;
[FieldOffset(0)]
public IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication;
[FieldOffset(0)]
public IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication;
[FieldOffset(0)]
public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
[FieldOffset(0)]
public IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication;
[FieldOffset(0)]
public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication;
[FieldOffset(0)]
public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication;
}
}
/// The IKEEXT_CERT_EKUS0 structure contains information about the extended key usage (EKU) properties of a certificate.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_ekus0 typedef struct IKEEXT_CERT_EKUS0_ { ULONG
// numEku; LPSTR *eku; } IKEEXT_CERT_EKUS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_EKUS0_")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public struct IKEEXT_CERT_EKUS0 : IBlob
{
///
/// Type: ULONG
/// The number of EKUs in the eku member.
///
public uint numEku;
///
/// Type: LPSTR*
/// The list of EKU object identifiers (OIDs).
///
public IntPtr eku;
}
/// The IKEEXT_CERT_NAME0 structure specifies certificate selection "subject" criteria for an authentication method.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_name0 typedef struct IKEEXT_CERT_NAME0_ {
// IKEEXT_CERT_CRITERIA_NAME_TYPE nameType; LPWSTR certName; } IKEEXT_CERT_NAME0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_NAME0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERT_NAME0
{
///
/// Type: IKEEXT_CERT_CRITERIA_NAME_TYPE
/// The type of NAME field.
///
public IKEEXT_CERT_CRITERIA_NAME_TYPE nameType;
///
/// Type: LPWSTR
/// The string to be used for matching the "subject" criteria.
///
[MarshalAs(UnmanagedType.LPWStr)]
public string certName;
}
/// The IKEEXT_CERT_ROOT_CONFIG0 structure stores the IKE, AuthIP, or IKEv2 certificate root configuration.
///
/// IKEEXT_CERT_ROOT_CONFIG0 is a specific implementation of IKEEXT_CERT_ROOT_CONFIG. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_root_config0 typedef struct
// IKEEXT_CERT_ROOT_CONFIG0_ { FWP_BYTE_BLOB certData; UINT32 flags; } IKEEXT_CERT_ROOT_CONFIG0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_ROOT_CONFIG0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERT_ROOT_CONFIG0
{
///
/// X509/ASN.1 encoded name of the certificate root.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB certData;
///
/// A combination of the following values.
///
///
/// IKE/AuthIP/IKEv2 certificate flag
/// Meaning
///
/// -
/// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING
/// Enable certificate-to-account mapping for the end-host certificate that chains to this root.
///
/// -
/// IKEEXT_CERT_FLAG_DISABLE_REQUEST_PAYLOAD
/// Do not send a Cert request payload for this root.
///
/// -
/// IKEEXT_CERT_FLAG_USE_NAP_CERTIFICATE
/// Enable Network Access Protection (NAP) certificate handling.
///
/// -
/// IKEEXT_CERT_FLAG_INTERMEDIATE_CA
///
/// The corresponding Certification Authority (CA) can be an intermediate CA and does not have to be a ROOT CA. If this flag is not
/// specified, the name will have to refer to a ROOT CA.
///
///
/// -
/// IKEEXT_CERT_FLAG_IGNORE_INIT_CERT_MAP_FAILURE
///
/// Ignore mapping failures on the initiator. Available only for IKE and IKEv2. Can be set only if
/// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING is also specified. By default, IKE and IKEv2 will not ignore certificate to
/// account mapping failures, even on the initiator. Available only on Windows 7, Windows Server 2008 R2, and later.
///
///
/// -
/// IKEEXT_CERT_FLAG_PREFER_NAP_CERTIFICATE_OUTBOUND
/// NAP certificates will be preferred for local certificate selection.
///
/// -
/// IKEEXT_CERT_FLAG_SELECT_NAP_CERTIFICATE
/// Select a NAP certificate for outbound. Available only on Windows 8 and Windows Server 2012.
///
/// -
/// IKEEXT_CERT_FLAG_VERIFY_NAP_CERTIFICATE
/// Verify that the inbound certificate is NAP. Available only on Windows 8 and Windows Server 2012.
///
/// -
/// IKEEXT_CERT_FLAG_FOLLOW_RENEWAL_CERTIFICATE
///
/// Follow the renewal property on the certificate when selecting local certificate for outbound. Only applicable when the hash of
/// the certificate is specified. Available only on Windows 8 and Windows Server 2012.
///
///
///
///
public IKEEXT_CERT_FLAG flags;
}
/// The IKEEXT_CERTIFICATE_AUTHENTICATION1 is available. For Windows 8, IKEEXT_CERTIFICATE_AUTHENTICATION2 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication0 typedef struct
// IKEEXT_CERTIFICATE_AUTHENTICATION0_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize;
// IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0
// *inboundTrustedRootStoreConfig; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize;
// IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0
// *outboundTrustedRootStoreConfig; }; UINT32 flags; } IKEEXT_CERTIFICATE_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_AUTHENTICATION0
{
///
/// Certificate configuration type for inbound peer certificate verification.
/// See IKEEXT_CERT_CONFIG_TYPE for more information.
///
public IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
private UNION inbound;
///
/// Number of elements in the inboundRootArray member.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint inboundRootArraySize { get => inbound.a.size; set => inbound.a.size = value; }
///
/// Explicit trust list for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public IntPtr inboundRootArray { get => inbound.a.data; set => inbound.a.data = value; }
///
/// Enterprise store configuration for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public ref IKEEXT_CERT_ROOT_CONFIG0 inboundEnterpriseStoreConfig => ref inbound.p.AsRef();
///
/// Trusted root store configuration for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public ref IKEEXT_CERT_ROOT_CONFIG0 inboundTrustedRootStoreConfig => ref inbound.p.AsRef();
///
/// Certificate configuration type for outbound local certificate verification.
/// See IKEEXT_CERT_CONFIG_TYPE for more information.
///
public IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
private UNION outbound;
///
/// Number of elements in the outboundRootArray member.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint outboundRootArraySize { get => outbound.a.size; set => outbound.a.size = value; }
///
/// Explicit trust list for selecting a certificate chain to send to the peer.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public IntPtr outboundRootArray { get => outbound.a.data; set => outbound.a.data = value; }
///
/// Enterprise store configuration for selecting the certificate chain.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public ref IKEEXT_CERT_ROOT_CONFIG0 outboundEnterpriseStoreConfig => ref outbound.p.AsRef();
///
/// Trusted root store configuration for selecting the certificate chain.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ROOT_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public ref IKEEXT_CERT_ROOT_CONFIG0 outboundTrustedRootStoreConfig => ref outbound.p.AsRef();
///
/// A combination of the following values that specifies the certificate authentication characteristics.
///
///
/// IKE/AuthIP certificate authentication flag
/// Meaning
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY
/// Enable SSL one way authentication. Applicable only to AuthIP.
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK
///
/// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and
/// only if CRL is successfully looked up and the certificate is found to be revoked.
///
///
/// -
/// IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG
///
/// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or
/// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking.
///
///
/// -
/// IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION
///
/// SSL validation requires certain EKUs, like server auth EKU from a server. This flag disables the server authentication EKU check,
/// but still performs the other IKE-style certificate verification. Applicable only to AuthIP.
///
///
/// -
/// IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP
///
/// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. Available only on Windows 7, Windows
/// Server 2008 R2, and later.
///
///
/// -
/// IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE
///
/// Indicates that the URL specified in the certificate authentication policy points to an encoded certificate bundle. If this flag
/// is not specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. Available only on
/// Windows 7, Windows Server 2008 R2, and later.
///
///
///
///
public IKEEXT_CERT_AUTH flags;
[StructLayout(LayoutKind.Explicit)]
internal struct UNION
{
[FieldOffset(0)]
public FWP_BYTE_BLOB a;
[FieldOffset(0)]
public IntPtr p;
}
}
/// The IKEEXT_CERTIFICATE_AUTHENTICATION2 is available. For Windows Vista, IKEEXT_CERTIFICATE_AUTHENTICATION0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication1 typedef struct
// IKEEXT_CERTIFICATE_AUTHENTICATION1_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize;
// IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0
// *inboundTrustedRootStoreConfig; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize;
// IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0
// *outboundTrustedRootStoreConfig; }; UINT32 flags; FWP_BYTE_BLOB localCertLocationUrl; } IKEEXT_CERTIFICATE_AUTHENTICATION1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_AUTHENTICATION1
{
///
/// Certificate configuration type for inbound peer certificate verification.
/// See IKEEXT_CERT_CONFIG_TYPE for more information.
///
public IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
private IKEEXT_CERTIFICATE_AUTHENTICATION0.UNION inbound;
///
/// Number of elements in the inboundRootArray member.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint inboundRootArraySize { get => inbound.a.size; set => inbound.a.size = value; }
///
/// Explicit trust list for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public IntPtr inboundRootArray { get => inbound.a.data; set => inbound.a.data = value; }
///
/// Enterprise store configuration for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public SafeCoTaskMemStruct inboundEnterpriseStoreConfig { get => new(inbound.p); set => inbound.p = value; }
///
/// Trusted root store configuration for verifying the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public SafeCoTaskMemStruct inboundTrustedRootStoreConfig { get => new(inbound.p); set => inbound.p = value; }
///
/// Certificate configuration type for outbound local certificate verification.
/// See IKEEXT_CERT_CONFIG_TYPE for more information.
///
public IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
private IKEEXT_CERTIFICATE_AUTHENTICATION0.UNION outbound;
///
/// Number of elements in the outboundRootArray member.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint outboundRootArraySize { get => outbound.a.size; set => outbound.a.size = value; }
///
/// Explicit trust list for selecting a certificate chain to send to the peer.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public IntPtr outboundRootArray { get => outbound.a.data; set => outbound.a.data = value; }
///
/// Enterprise store configuration for selecting the certificate chain.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public SafeCoTaskMemStruct outboundEnterpriseStoreConfig { get => new(outbound.p); set => outbound.p = value; }
///
/// Trusted root store configuration for selecting the certificate chain.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ROOT_STORE.
/// See IKEEXT_CERT_ROOT_CONFIG0 for more information.
///
public SafeCoTaskMemStruct outboundTrustedRootStoreConfig { get => new(outbound.p); set => outbound.p = value; }
///
/// A combination of the following values that specifies the certificate authentication characteristics.
///
///
/// IKE/AuthIP certificate authentication flag
/// Meaning
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY
/// Enable SSL one way authentication. Applicable only to AuthIP.
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK
///
/// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and
/// only if CRL is successfully looked up and the certificate is found to be revoked.
///
///
/// -
/// IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG
///
/// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or
/// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking.
///
///
/// -
/// IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION
///
/// SSL validation requires certain EKUs, like server auth EKU from a server. This flag disables the server authentication EKU check,
/// but still performs the other IKE-style certificate verification. Applicable only to AuthIP.
///
///
/// -
/// IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP
///
/// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. Available only on Windows 7, Windows
/// Server 2008 R2, and later.
///
///
/// -
/// IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE
///
/// Indicates that the URL specified in the certificate authentication policy points to an encoded certificate bundle. If this flag
/// is not specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. Available only on
/// Windows 7, Windows Server 2008 R2, and later.
///
///
///
///
public IKEEXT_CERT_AUTH flags;
///
///
/// HTTP URL pointing to an encoded certificate or certificate-bundle, that will be used by IKEv2 for authenticating local machine to
/// a peer.
///
/// Applicable only to IKEv2.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB localCertLocationUrl;
}
///
/// The IKEEXT_CERTIFICATE_AUTHENTICATION2 structure is used to specify various parameters for authentication with certificates.
/// IKEEXT_CERTIFICATE_AUTHENTICATION0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication2 typedef struct
// IKEEXT_CERTIFICATE_AUTHENTICATION2_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize;
// IKEEXT_CERTIFICATE_CRITERIA0 *inboundRootCriteria; }; struct { UINT32 inboundEnterpriseStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0
// *inboundEnterpriseStoreCriteria; }; struct { UINT32 inboundRootStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0
// *inboundTrustedRootStoreCriteria; }; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize;
// IKEEXT_CERTIFICATE_CRITERIA0 *outboundRootCriteria; }; struct { UINT32 outboundEnterpriseStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0
// *outboundEnterpriseStoreCriteria; }; struct { UINT32 outboundRootStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0
// *outboundTrustedRootStoreCriteria; }; }; UINT32 flags; FWP_BYTE_BLOB localCertLocationUrl; } IKEEXT_CERTIFICATE_AUTHENTICATION2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_AUTHENTICATION2
{
///
/// Type: IKEEXT_CERT_CONFIG_TYPE
/// Certificate configuration type for inbound peer certificate verification.
///
public IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
private FWP_BYTE_BLOB inbound;
///
/// Type: UINT32
/// Number of elements in the inboundRootCriteria member.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint inboundRootArraySize { get => inbound.size; set => inbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
///
/// List of certificate criteria containing explicit trusted authorities that should be used to verify the peer certificate chain.
///
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public IntPtr inboundRootCriteria { get => inbound.data; set => inbound.data = value; }
///
/// Type: UINT32
/// Number of elements in the inboundEnterpriseStoreCriteria member.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
///
public uint inboundEnterpriseStoreArraySize { get => inbound.size; set => inbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
/// List of enterprise store criteria that should be used to verify the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
///
public IntPtr inboundEnterpriseStoreCriteria { get => inbound.data; set => inbound.data = value; }
///
/// Type: UINT32
/// Number of elements in the inboundTrustedRootStoreCriteria member.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
///
public uint inboundRootStoreArraySize { get => inbound.size; set => inbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
/// List of trusted root store criteria that should be used to verify the peer certificate chain.
/// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
///
public IntPtr inboundTrustedRootStoreCriteria { get => inbound.data; set => inbound.data = value; }
///
/// Type: IKEEXT_CERT_CONFIG_TYPE
/// Certificate configuration type for outbound local certificate verification.
///
public IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
private FWP_BYTE_BLOB outbound;
///
/// Type: UINT32
/// Number of elements in the outboundRootCriteria member.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public uint outboundRootArraySize { get => outbound.size; set => outbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
///
/// List of certificate criteria containing explicit trusted authorities that should be used to select the certificate chain that
/// will be sent to the peer.
///
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
///
public IntPtr outboundRootCriteria { get => outbound.data; set => outbound.data = value; }
///
/// Type: UINT32
/// Number of elements in the outboundEnterpriseStoreCriteria member.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
///
public uint outboundEnterpriseStoreArraySize { get => outbound.size; set => outbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
/// List of enterprise store criteria that should be used to select the certificate chain that will be sent to the peer.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
///
public IntPtr outboundEnterpriseStoreCriteria { get => outbound.data; set => outbound.data = value; }
///
/// Type: UINT32
/// Number of elements in the outboundRootStoreArraySize member.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
///
public uint outboundRootStoreArraySize { get => outbound.size; set => outbound.size = value; }
///
/// Type: IKEEXT_CERTIFICATE_CRITERIA0*
/// List of trusted root store criteria that should be used to select the certificate chain that will be sent to the peer.
/// Available when outboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
///
public IntPtr outboundTrustedRootStoreCriteria { get => outbound.data; set => outbound.data = value; }
///
/// Type: UINT32
/// A combination of the following values that specifies the certificate authentication characteristics.
///
///
/// IKE/AuthIP certificate authentication flag
/// Meaning
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY
/// Enable SSL one-way authentication. Applicable only to AuthIP.
///
/// -
/// IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK
///
/// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and
/// only if CRL is successfully looked up and the certificate is found to be revoked.
///
///
/// -
/// IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG
///
/// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or
/// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking.
///
///
/// -
/// IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION
///
/// Disables the SSL server authentication extended key usage (EKU) check. Other types of AuthIP validation are still performed.
/// Applicable only to AuthIP.
///
///
/// -
/// IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP
/// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2.
///
/// -
/// IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE
///
/// The URL specified in the certificate authentication policy points to an encoded certificate-bundle. If this flag is not
/// specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2.
///
///
///
///
public IKEEXT_CERT_AUTH flags;
///
/// Type: FWP_BYTE_BLOB
///
/// HTTP URL pointing to an encoded certificate or certificate-bundle, that will be used by IKEv2 for authenticating local machine to
/// a peer.
///
/// Applicable only to IKEv2.
///
public FWP_BYTE_BLOB localCertLocationUrl;
}
///
/// The IKEEXT_CERTIFICATE_CREDENTIAL0 structure is used to store credential information specific to certificate authentication.
/// IKEEXT_CERTIFICATE_CREDENTIAL1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_credential0 typedef struct
// IKEEXT_CERTIFICATE_CREDENTIAL0_ { FWP_BYTE_BLOB subjectName; FWP_BYTE_BLOB certHash; UINT32 flags; } IKEEXT_CERTIFICATE_CREDENTIAL0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_CREDENTIAL0
{
///
/// Encoded subject name of the certificate used for authentication.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB subjectName;
///
/// SHA thumbprint of the certificate.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB certHash;
///
/// Possible values:
/// IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT
///
public IKEEXT_CERT_CREDENTIAL_FLAG flags;
}
/// The IKEEXT_CERTIFICATE_CREDENTIAL0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_credential1 typedef struct
// IKEEXT_CERTIFICATE_CREDENTIAL1_ { FWP_BYTE_BLOB subjectName; FWP_BYTE_BLOB certHash; UINT32 flags; FWP_BYTE_BLOB certificate; } IKEEXT_CERTIFICATE_CREDENTIAL1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_CREDENTIAL1
{
///
/// Encoded subject name of the certificate used for authentication. Use CertNameToStr to convert the encoded name to string.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB subjectName;
///
/// SHA thumbprint of the certificate.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB certHash;
///
/// Possible values:
/// IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT
///
public IKEEXT_CERT_CREDENTIAL_FLAG flags;
///
/// The encoded certificate. Use CertCreateCertificateContext to create a certificate context from the encoded certificate.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB certificate;
}
/// The IKEEXT_CERTIFICATE_CRITERIA0 structure contains a set of criteria to applied to an authentication method.
///
/// The certData member refers to the encoded name of the root certificate, while the certHash, eku, and name
/// members refer to criteria on the end certificate.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_criteria0 typedef struct
// IKEEXT_CERTIFICATE_CRITERIA0_ { FWP_BYTE_BLOB certData; FWP_BYTE_BLOB certHash; IKEEXT_CERT_EKUS0 *eku; IKEEXT_CERT_NAME0 *name;
// UINT32 flags; } IKEEXT_CERTIFICATE_CRITERIA0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CRITERIA0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CERTIFICATE_CRITERIA0
{
///
/// Type: FWP_BYTE_BLOB
/// X509/ASN.1 encoded name of the root certificate. Should be empty when specifying Enterprise or trusted root store config.
///
public FWP_BYTE_BLOB certData;
///
/// Type: FWP_BYTE_BLOB
/// 16-character hexadecimal string that represents the ID, thumbprint or HASH of the end certificate.
///
public FWP_BYTE_BLOB certHash;
///
/// Type: *
/// The specific extended key usage (EKU) object identifiers (OIDs) selected for the criteria on the end certificate.
///
public IntPtr eku;
///
/// Type: IKEEXT_CERT_NAME0*
/// The name/subject selected for the criteria on the end certificate.
///
public IntPtr name;
///
/// Type: UINT32
/// Reserved for system use.
///
public uint flags;
}
/// The IKEEXT_CIPHER_ALGORITHM0 structure stores information about the IKE/AuthIP encryption algorithm.
///
/// IKEEXT_CIPHER_ALGORITHM0 is a specific implementation of IKEEXT_CIPHER_ALGORITHM. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cipher_algorithm0 typedef struct
// IKEEXT_CIPHER_ALGORITHM0_ { IKEEXT_CIPHER_TYPE algoIdentifier; UINT32 keyLen; UINT32 rounds; } IKEEXT_CIPHER_ALGORITHM0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CIPHER_ALGORITHM0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CIPHER_ALGORITHM0
{
///
/// The type of encryption algorithm.
/// See IKEEXT_CIPHER_TYPE for more information.
///
public IKEEXT_CIPHER_TYPE algoIdentifier;
/// Unused parameter, always set it to 0.
public uint keyLen;
/// Unused parameter, always set it to 0.
public uint rounds;
}
///
/// The IKEEXT_COMMON_STATISTICS0 structure contains various statistics common to IKE and Authip. IKEEXT_COMMON_STATISTICS1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_common_statistics0 typedef struct
// IKEEXT_COMMON_STATISTICS0_ { IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v4Statistics; IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0
// v6Statistics; UINT32 totalPacketsReceived; UINT32 totalInvalidPacketsReceived; UINT32 currentQueuedWorkitems; } IKEEXT_COMMON_STATISTICS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COMMON_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_COMMON_STATISTICS0
{
///
/// IPv4 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v4Statistics;
///
/// IPv6 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v6Statistics;
/// Total number of packets received.
public uint totalPacketsReceived;
/// Total number of invalid packets received.
public uint totalInvalidPacketsReceived;
/// Current number of work items that are queued and waiting to be processed.
public uint currentQueuedWorkitems;
}
///
/// The IKEEXT_COMMON_STATISTICS1 structure contains various statistics common to IKE, Authip, and IKEv2.
/// IKEEXT_COMMON_STATISTICS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_common_statistics1 typedef struct
// IKEEXT_COMMON_STATISTICS1_ { IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v4Statistics; IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1
// v6Statistics; UINT32 totalPacketsReceived; UINT32 totalInvalidPacketsReceived; UINT32 currentQueuedWorkitems; } IKEEXT_COMMON_STATISTICS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COMMON_STATISTICS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_COMMON_STATISTICS1
{
///
/// IPv4 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v4Statistics;
///
/// IPv6 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v6Statistics;
/// Total number of packets received.
public uint totalPacketsReceived;
/// Total number of invalid packets received.
public uint totalInvalidPacketsReceived;
/// Current number of work items that are queued and waiting to be processed.
public uint currentQueuedWorkitems;
}
/// The IKEEXT_COOKIE_PAIR0 structure used to store a pair of IKE/Authip cookies.
///
/// IKEEXT_COOKIE_PAIR0 is a specific implementation of IKEEXT_COOKIE_PAIR. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cookie_pair0 typedef struct IKEEXT_COOKIE_PAIR0_ {
// IKEEXT_COOKIE initiator; IKEEXT_COOKIE responder; } IKEEXT_COOKIE_PAIR0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COOKIE_PAIR0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_COOKIE_PAIR0
{
/// Initiator cookie. An IKEEXT_COOKIE is a UINT64.
public ulong initiator;
/// Responder cookie. An IKEEXT_COOKIE is a UINT64.
public ulong responder;
}
///
/// The IKEEXT_CREDENTIAL_PAIR0 structure is used to store credential information used for the authentication.
/// IKEEXT_CREDENTIAL_PAIR2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair0 typedef struct
// IKEEXT_CREDENTIAL_PAIR0_ { IKEEXT_CREDENTIAL0 localCredentials; IKEEXT_CREDENTIAL0 peerCredentials; } IKEEXT_CREDENTIAL_PAIR0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL_PAIR0
{
///
/// Local credentials used for authentication.
/// See IKEEXT_CREDENTIAL0 for more information.
///
public IKEEXT_CREDENTIAL0 localCredentials;
///
/// Peer credentials used for authentication.
/// See IKEEXT_CREDENTIAL0 for more information.
///
public IKEEXT_CREDENTIAL0 peerCredentials;
}
///
/// The IKEEXT_CREDENTIAL_PAIR1 structure is used to store credential information used for the authentication.
/// IKEEXT_CREDENTIAL_PAIR2 is available. For Windows Vista, IKEEXT_CREDENTIAL_PAIR0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair1 typedef struct
// IKEEXT_CREDENTIAL_PAIR1_ { IKEEXT_CREDENTIAL1 localCredentials; IKEEXT_CREDENTIAL1 peerCredentials; } IKEEXT_CREDENTIAL_PAIR1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL_PAIR1
{
///
/// Local credentials used for authentication.
/// See IKEEXT_CREDENTIAL1 for more information.
///
public IKEEXT_CREDENTIAL1 localCredentials;
///
/// Peer credentials used for authentication.
/// See IKEEXT_CREDENTIAL1 for more information.
///
public IKEEXT_CREDENTIAL1 peerCredentials;
}
///
/// The IKEEXT_CREDENTIAL_PAIR2 structure is used to store credential information used for the authentication.
/// IKEEXT_CREDENTIAL_PAIR1 is available. For Windows Vista, IKEEXT_CREDENTIAL_PAIR0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair2 typedef struct
// IKEEXT_CREDENTIAL_PAIR2_ { IKEEXT_CREDENTIAL2 localCredentials; IKEEXT_CREDENTIAL2 peerCredentials; } IKEEXT_CREDENTIAL_PAIR2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL_PAIR2
{
///
/// Type: IKEEXT_CREDENTIAL2
/// Local credentials used for authentication.
///
public IKEEXT_CREDENTIAL2 localCredentials;
///
/// Type: IKEEXT_CREDENTIAL2
/// Peer credentials used for authentication.
///
public IKEEXT_CREDENTIAL2 peerCredentials;
}
///
/// The IKEEXT_CREDENTIAL0 structure is used to store credential information used for the authentication. IKEEXT_CREDENTIAL1 is
/// available. For Windows 8, IKEEXT_CREDENTIAL2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential0 typedef struct IKEEXT_CREDENTIAL0_ {
// IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION0 *presharedKey; IKEEXT_CERTIFICATE_CREDENTIAL0 *certificate; IKEEXT_NAME_CREDENTIAL0 *name; }; } IKEEXT_CREDENTIAL0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL0
{
///
/// Type of authentication method.
/// See IKEEXT_AUTHENTICATION_METHOD_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
///
/// Type of impersonation.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType;
private IntPtr ptr;
///
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
/// See IKEEXT_PRESHARED_KEY_AUTHENTICATION0 for more information.
///
public SafeCoTaskMemStruct presharedKey { get => new(ptr, false); set => ptr = value; }
///
/// Available when authenticationMethodType is one of the following values.
///
/// IKEEXT_CERTIFICATEIKEEXT_CERTIFICATE_ECDSA_P256IKEEXT_CERTIFICATE_ECDSA_P384IKEEXT_SSLIKEEXT_SSL_ECDSA_P256IKEEXT_SSL_ECDSA_P384IKEEXT_IPV6_CGA
/// See IKEEXT_CERTIFICATE_CREDENTIAL0 for more information.
///
///
public SafeCoTaskMemStruct certificate { get => new(ptr, false); set => ptr = value; }
///
/// Available when authenticationMethodType is one of the following values.
/// IKEEXT_KERBEROSIKEEXT_NTML_V2 See IKEEXT_NAME_CREDENTIAL0 for more information.
///
public SafeCoTaskMemStruct name { get => new(ptr, false); set => ptr = value; } }
///
/// The IKEEXT_CREDENTIAL1 structure is used to store credential information used for the authentication. IKEEXT_CREDENTIAL2 is
/// available. For Windows Vista, IKEEXT_CREDENTIAL0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential1 typedef struct IKEEXT_CREDENTIAL1_ {
// IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION1 *presharedKey; IKEEXT_CERTIFICATE_CREDENTIAL1 *certificate; IKEEXT_NAME_CREDENTIAL0 *name; }; } IKEEXT_CREDENTIAL1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL1
{
///
/// Type of authentication method.
/// See IKEEXT_AUTHENTICATION_METHOD_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
///
/// Type of impersonation.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType;
private IntPtr ptr;
///
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
/// See IKEEXT_PRESHARED_KEY_AUTHENTICATION1 for more information.
///
public SafeCoTaskMemStruct presharedKey { get => new(ptr, false); set => ptr = value; }
///
/// Available when authenticationMethodType is one of the following values.
///
/// IKEEXT_CERTIFICATEIKEEXT_CERTIFICATE_ECDSA_P256IKEEXT_CERTIFICATE_ECDSA_P384IKEEXT_SSLIKEEXT_SSL_ECDSA_P256IKEEXT_SSL_ECDSA_P384IKEEXT_IPV6_CGA
/// See IKEEXT_CERTIFICATE_CREDENTIAL1 for more information.
///
///
public SafeCoTaskMemStruct certificate { get => new(ptr, false); set => ptr = value; }
///
/// Available when authenticationMethodType is one of the following values.
/// IKEEXT_KERBEROSIKEEXT_NTML_V2 See IKEEXT_NAME_CREDENTIAL0 for more information.
///
public SafeCoTaskMemStruct name { get => new(ptr, false); set => ptr = value; } }
///
/// The IKEEXT_CREDENTIAL2 structure is used to store credential information used for the authentication. IKEEXT_CREDENTIAL1 is
/// available. For Windows Vista, IKEEXT_CREDENTIAL0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential2 typedef struct IKEEXT_CREDENTIAL2_ {
// IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; union {
// IKEEXT_PRESHARED_KEY_AUTHENTICATION1 *presharedKey; IKEEXT_CERTIFICATE_CREDENTIAL1 *certificate; IKEEXT_NAME_CREDENTIAL0 *name; }; } IKEEXT_CREDENTIAL2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIAL2
{
///
/// Type: IKEEXT_AUTHENTICATION_METHOD_TYPE
/// Type of authentication method.
///
public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
///
/// Type: IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
/// Type of impersonation.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType;
private IntPtr ptr;
///
/// Type: IKEEXT_PRESHARED_KEY_AUTHENTICATION1*
/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY.
///
public SafeCoTaskMemStruct presharedKey { get => new(ptr, false); set => ptr = value; }
///
/// Type: IKEEXT_CERTIFICATE_CREDENTIAL1*
/// Available when authenticationMethodType is one of the following values.
/// IKEEXT_CERTIFICATEIKEEXT_CERTIFICATE_ECDSA_P256IKEEXT_CERTIFICATE_ECDSA_P384IKEEXT_SSLIKEEXT_SSL_ECDSA_P256IKEEXT_SSL_ECDSA_P384IKEEXT_IPV6_CGA
///
public SafeCoTaskMemStruct certificate { get => new(ptr, false); set => ptr = value; }
///
/// Type: IKEEXT_NAME_CREDENTIAL0*
/// Available when authenticationMethodType is one of the following values.
/// IKEEXT_KERBEROSIKEEXT_NTML_V2IKEEXT_RESERVED
///
public SafeCoTaskMemStruct name { get => new(ptr, false); set => ptr = value; } }
///
/// The IKEEXT_CREDENTIALS0 structure is used to store multiple credential pairs.
/// IKEEXT_CREDENTIALS1 is available. For Windows 8, IKEEXT_CREDENTIALS2 is available.
///
///
/// IKE has only 1 pair.
/// AuthIP has 1 pair, or 2 pairs if EM was enabled.
/// MM authentication is always index 0.
/// EM authentication, if it occurs, is index 1.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credentials0 typedef struct IKEEXT_CREDENTIALS0_ {
// UINT32 numCredentials; IKEEXT_CREDENTIAL_PAIR0 *credentials; } IKEEXT_CREDENTIALS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIALS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIALS0 : IBlob
{
/// Number of IKEEXT_CREDENTIAL_PAIR0 structures in the array.
public uint numCredentials;
///
/// [size_is(numCredentials)]
/// Pointer to an array of IKEEXT_CREDENTIAL_PAIR0 structures.
///
public IntPtr credentials;
}
/// The IKEEXT_CREDENTIALS1 structure is used to store multiple credential pairs. IKEEXT_CREDENTIALS0 is available.
///
/// IKE and IKEv2 have only 1 pair.
/// AuthIP has 1 pair, or 2 pairs if EM was enabled.
/// MM authentication is always index 0.
/// EM authentication, if it occurs, is index 1.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credentials1 typedef struct IKEEXT_CREDENTIALS1_ {
// UINT32 numCredentials; IKEEXT_CREDENTIAL_PAIR1 *credentials; } IKEEXT_CREDENTIALS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIALS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIALS1 : IBlob
{
/// Number of IKEEXT_CREDENTIAL_PAIR1 structures in the array.
public uint numCredentials;
///
/// [size_is(numCredentials)]
/// Pointer to an array of IKEEXT_CREDENTIAL_PAIR1 structures.
///
public IntPtr credentials;
}
///
/// The IKEEXT_CREDENTIALS2 structure is used to store multiple credential pairs. IKEEXT_CREDENTIALS1 is available. For Windows
/// Vista, IKEEXT_CREDENTIALS0 is available.
///
///
/// IKE and IKEv2 have only 1 pair.
/// AuthIP has 1 pair, or 2 pairs if EM was enabled.
/// MM authentication is always index 0.
/// EM authentication, if it occurs, is index 1.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credentials2 typedef struct IKEEXT_CREDENTIALS2_ {
// UINT32 numCredentials; IKEEXT_CREDENTIAL_PAIR2 *credentials; } IKEEXT_CREDENTIALS2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIALS2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_CREDENTIALS2 : IBlob
{
///
/// Type: UINT32
/// Number of IKEEXT_CREDENTIAL_PAIR2 structures in the array.
///
public uint numCredentials;
///
/// Type: IKEEXT_CREDENTIAL_PAIR2*
/// [size_is(numCredentials)]
/// Pointer to an array of IKEEXT_CREDENTIAL_PAIR2 structures.
///
public IntPtr credentials;
}
///
/// The IKEEXT_EAP_AUTHENTICATION0 structure stores information needed for Extensible Authentication Protocol (EAP) authentication.
/// This structure is only applicable to IKEv2.
///
///
/// IKEEXT_EAP_AUTHENTICATION0 is a specific implementation of IKEEXT_EAP_AUTHENTICATION. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_eap_authentication0 typedef struct
// IKEEXT_EAP_AUTHENTICATION0__ { UINT32 flags; } IKEEXT_EAP_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EAP_AUTHENTICATION0__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_EAP_AUTHENTICATION0
{
///
/// A combination of the following values.
///
///
/// Pre-shared key authentication flag.
/// Meaning
///
/// -
/// IKEEXT_EAP_FLAG_LOCAL_AUTH_ONLY
/// Specifies that EAP authentication will be used only to authenticate a local computer to a remote computer.
///
/// -
/// IKEEXT_EAP_FLAG_REMOTE_AUTH_ONLY
/// Specifies that EAP authentication will be used only to authenticate a remote computer to a local computer.
///
///
///
public IKEEXT_EAP_FLAG flags;
}
///
/// The IKEEXT_EM_POLICY0 structure is used to store AuthIP's extended mode negotiation policy. IKEEXT_EM_POLICY2 is available.
///
/// Applies only to AuthIP.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_em_policy0 typedef struct IKEEXT_EM_POLICY0_ { UINT32
// numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD0 *authenticationMethods; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
// initiatorImpersonationType; } IKEEXT_EM_POLICY0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EM_POLICY0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_EM_POLICY0
{
/// Number of authentication methods in the array.
public uint numAuthenticationMethods;
///
/// size_is(numAuthenticationMethods)
/// Array of acceptable authentication methods as specified by IKEEXT_AUTHENTICATION_METHOD0.
///
public IntPtr authenticationMethods;
///
/// Type of impersonation.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
}
///
/// The IKEEXT_EM_POLICY1 structure is used to store AuthIP's extended mode negotiation policy. IKEEXT_EM_POLICY2 is available.
/// For Windows Vista, IKEEXT_EM_POLICY0 is available.
///
/// Applies only to AuthIP.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_em_policy1 typedef struct IKEEXT_EM_POLICY1_ { UINT32
// numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD1 *authenticationMethods; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
// initiatorImpersonationType; } IKEEXT_EM_POLICY1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EM_POLICY1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_EM_POLICY1
{
/// Number of authentication methods in the array.
public uint numAuthenticationMethods;
///
/// size_is(numAuthenticationMethods)
/// Array of acceptable authentication methods as specified by IKEEXT_AUTHENTICATION_METHOD1.
///
public IntPtr authenticationMethods;
///
/// Type of impersonation.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
}
///
/// The IKEEXT_EM_POLICY2 structure is used to store AuthIP's extended mode negotiation policy. IKEEXT_EM_POLICY0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_em_policy2 typedef struct IKEEXT_EM_POLICY2_ { UINT32
// numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD2 *authenticationMethods; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
// initiatorImpersonationType; } IKEEXT_EM_POLICY2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EM_POLICY2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_EM_POLICY2
{
///
/// Type: UINT32
/// Number of authentication methods in the array.
///
public uint numAuthenticationMethods;
///
/// Type: IKEEXT_AUTHENTICATION_METHOD2*
/// size_is(numAuthenticationMethods)
/// Array of acceptable authentication methods.
///
public IntPtr authenticationMethods;
///
/// Type: IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
/// Type of impersonation.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
}
/// The IKEEXT_INTEGRITY_ALGORITHM0 structure stores the IKE/AuthIP hash algorithm.
///
/// IKEEXT_INTEGRITY_ALGORITHM0 is a specific implementation of IKEEXT_INTEGRITY_ALGORITHM. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_integrity_algorithm0 typedef struct
// IKEEXT_INTEGRITY_ALGORITHM0_ { IKEEXT_INTEGRITY_TYPE algoIdentifier; } IKEEXT_INTEGRITY_ALGORITHM0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_INTEGRITY_ALGORITHM0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_INTEGRITY_ALGORITHM0
{
///
/// The type of hash algorithm.
/// See IKEEXT_INTEGRITY_TYPE for more information.
///
public IKEEXT_INTEGRITY_TYPE algoIdentifier;
}
///
/// The IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 structure contains various statistics common to IKE and Authip.
/// IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ip_version_specific_common_statistics0 typedef struct
// IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0_ { UINT32 totalSocketReceiveFailures; UINT32 totalSocketSendFailures; } IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0
{
/// Total number of UDP 500/4500 socket receive failures.
public uint totalSocketReceiveFailures;
/// Total number of UDP 500/4500 socket send failures.
public uint totalSocketSendFailures;
}
///
/// The IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 structure contains various statistics common to the keying module (IKE,
/// Authip, and IKEv2). IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ip_version_specific_common_statistics1 typedef struct
// IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1_ { UINT32 totalSocketReceiveFailures; UINT32 totalSocketSendFailures; } IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1
{
/// Total number of UDP 500/4500 socket receive failures.
public uint totalSocketReceiveFailures;
/// Total number of UDP 500/4500 socket send failures.
public uint totalSocketSendFailures;
}
///
/// The IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 structure contains various statistics specific to the keying module and
/// IP version. IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ip_version_specific_keymodule_statistics0 typedef
// struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0_ { UINT32 currentActiveMainModes; UINT32 totalMainModesStarted; UINT32
// totalSuccessfulMainModes; UINT32 totalFailedMainModes; UINT32 totalResponderMainModes; UINT32 currentNewResponderMainModes; UINT32
// currentActiveQuickModes; UINT32 totalQuickModesStarted; UINT32 totalSuccessfulQuickModes; UINT32 totalFailedQuickModes; UINT32
// totalAcquires; UINT32 totalReinitAcquires; UINT32 currentActiveExtendedModes; UINT32 totalExtendedModesStarted; UINT32
// totalSuccessfulExtendedModes; UINT32 totalFailedExtendedModes; UINT32 totalImpersonationExtendedModes; UINT32
// totalImpersonationMainModes; } IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0
{
/// Current number of active Main Mode SAs.
public uint currentActiveMainModes;
/// Total number of Main Mode negotiations.
public uint totalMainModesStarted;
/// Total number of successful Main Mode negotiations.
public uint totalSuccessfulMainModes;
/// Total number of failed Main Mode negotiations.
public uint totalFailedMainModes;
/// Total number of Main Mode negotiations that were externally initiated by a peer.
public uint totalResponderMainModes;
/// Current number of newly created responder Main Modes that are still in the initial state.
public uint currentNewResponderMainModes;
/// Current number of active Quick Mode SAs.
public uint currentActiveQuickModes;
/// Total number of Quick Mode negotiations.
public uint totalQuickModesStarted;
/// Total number of successful Quick Mode negotiations.
public uint totalSuccessfulQuickModes;
/// Total number of failed Quick Mode negotiations.
public uint totalFailedQuickModes;
/// Total number of acquires received from BFE.
public uint totalAcquires;
/// Total number of acquires that were internally reinitiated.
public uint totalReinitAcquires;
/// Current number of active extended mode SAs.
public uint currentActiveExtendedModes;
/// Total number of extended mode negotiations.
public uint totalExtendedModesStarted;
/// Total number of successful extended mode negotiations.
public uint totalSuccessfulExtendedModes;
/// Total number of failed extended mode negotiations.
public uint totalFailedExtendedModes;
/// Total number of successful extended mode negotiations that used impersonation.
public uint totalImpersonationExtendedModes;
/// Total number of successful Main Mode mode negotiations that used impersonation.
public uint totalImpersonationMainModes;
}
///
///
/// The IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 structure contains various statistics specific to the keying module (IKE,
/// Authip, and IKEv2) and IP version.
///
///
/// NoteIKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 is the specific implementation of
/// IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS used in Windows 7 and later. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information. For Windows Vista, IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 is available.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ip_version_specific_keymodule_statistics1 typedef
// struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1_ { UINT32 currentActiveMainModes; UINT32 totalMainModesStarted; UINT32
// totalSuccessfulMainModes; UINT32 totalFailedMainModes; UINT32 totalResponderMainModes; UINT32 currentNewResponderMainModes; UINT32
// currentActiveQuickModes; UINT32 totalQuickModesStarted; UINT32 totalSuccessfulQuickModes; UINT32 totalFailedQuickModes; UINT32
// totalAcquires; UINT32 totalReinitAcquires; UINT32 currentActiveExtendedModes; UINT32 totalExtendedModesStarted; UINT32
// totalSuccessfulExtendedModes; UINT32 totalFailedExtendedModes; UINT32 totalImpersonationExtendedModes; UINT32
// totalImpersonationMainModes; } IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1
{
/// Current number of active Main Mode SAs.
public uint currentActiveMainModes;
/// Total number of Main Mode negotiations.
public uint totalMainModesStarted;
/// Total number of successful Main Mode negotiations.
public uint totalSuccessfulMainModes;
/// Total number of failed Main Mode negotiations.
public uint totalFailedMainModes;
/// Total number of Main Mode negotiations that were externally initiated by a peer.
public uint totalResponderMainModes;
/// Current number of newly created responder Main Modes that are still in the initial state.
public uint currentNewResponderMainModes;
/// Current number of active Quick Mode SAs.
public uint currentActiveQuickModes;
/// Total number of Quick Mode negotiations.
public uint totalQuickModesStarted;
/// Total number of successful Quick Mode negotiations.
public uint totalSuccessfulQuickModes;
/// Total number of failed Quick Mode negotiations.
public uint totalFailedQuickModes;
/// Total number of acquires received from BFE.
public uint totalAcquires;
/// Total number of acquires that were internally reinitiated.
public uint totalReinitAcquires;
/// Current number of active extended mode SAs.
public uint currentActiveExtendedModes;
/// Total number of extended mode negotiations.
public uint totalExtendedModesStarted;
/// Total number of successful extended mode negotiations.
public uint totalSuccessfulExtendedModes;
/// Total number of failed extended mode negotiations.
public uint totalFailedExtendedModes;
/// Total number of successful extended mode negotiations that used impersonation.
public uint totalImpersonationExtendedModes;
/// Total number of successful Main Mode mode negotiations that used impersonation.
public uint totalImpersonationMainModes;
}
///
/// The IKEEXT_IPV6_CGA_AUTHENTICATION0 structure is used to specify various parameters for IPV6 cryptographically generated
/// address (CGA) authentication.
///
///
/// IKEEXT_IPV6_CGA_AUTHENTICATION0 is a specific implementation of IKEEXT_IPV6_CGA_AUTHENTICATION. See WFP Version-Independent
/// Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ipv6_cga_authentication0 typedef struct
// IKEEXT_IPV6_CGA_AUTHENTICATION0_ { wchar_t *keyContainerName; wchar_t *cspName; UINT32 cspType; FWP_BYTE_ARRAY16 cgaModifier; BYTE
// cgaCollisionCount; } IKEEXT_IPV6_CGA_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_IPV6_CGA_AUTHENTICATION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_IPV6_CGA_AUTHENTICATION0
{
///
/// Key container name of the public key/private key pair that was used to generate the CGA.
/// Same semantics as the pwszContainerName member of the CRYPT_KEY_PROV_INFO structure.
///
public StrPtrUni keyContainerName;
///
/// Name of the CSP that stores the key container. If NULL, default provider will be used.
/// Same semantics as the pwszProvName member of the CRYPT_KEY_PROV_INFO structure.
///
public StrPtrUni cspName;
///
/// Type of the CSP that stores the key container.
/// Same semantics as the dwProvType member of the structure.
///
public uint cspType;
///
/// A FWP_BYTE_ARRAY16 structure containing a modifier used during CGA generation.
/// See CGA RFC for more information.
///
public FWP_BYTE_ARRAY16 cgaModifier;
///
/// Collision count used during CGA generation.
/// See CGA RFC for more information.
///
public byte cgaCollisionCount;
}
///
/// The IKEEXT_KERBEROS_AUTHENTICATION0 structure contains information needed for preshared key authentication.
/// IKEEXT_KERBEROS_AUTHENTICATION1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_kerberos_authentication0 typedef struct
// IKEEXT_KERBEROS_AUTHENTICATION0__ { UINT32 flags; } IKEEXT_KERBEROS_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KERBEROS_AUTHENTICATION0__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_KERBEROS_AUTHENTICATION0
{
///
/// A combination of the following values.
///
///
/// Kerberos authentication flag
/// Meaning
///
/// -
/// IKEEXT_KERB_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION
/// Disable initiator generation of peer token from the peer's name string.
///
/// -
/// IKEEXT_KERB_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS
/// Refuse connections if the peer is using explicit credentials. Applicable only to AuthIP.
///
///
///
public IKEEXT_KERB_AUTH flags;
}
///
/// The IKEEXT_KERBEROS_AUTHENTICATION1 structure contains information needed for preshared key authentication.
/// IKEEXT_KERBEROS_AUTHENTICATION0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_kerberos_authentication1 typedef struct
// IKEEXT_KERBEROS_AUTHENTICATION1__ { UINT32 flags; wchar_t *proxyServer; } IKEEXT_KERBEROS_AUTHENTICATION1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KERBEROS_AUTHENTICATION1__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_KERBEROS_AUTHENTICATION1
{
///
/// Type: UINT32
/// A combination of the following values.
///
///
/// Kerberos authentication flag
/// Meaning
///
/// -
/// IKEEXT_KERB_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION
/// Disable initiator generation of peer token from the peer's name string.
///
/// -
/// IKEEXT_KERB_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS
/// Refuse connections if the peer is using explicit credentials. Applicable only to AuthIP.
///
/// -
/// IKEEXT_KERB_AUTH_FORCE_PROXY_ON_INITIATOR
/// Force the use of a Kerberos proxy server when acting as initiator.
///
///
///
public IKEEXT_KERB_AUTH flags;
///
/// Type: wchar_t*
/// The Kerberos proxy server.
///
public StrPtrUni proxyServer;
}
///
/// The IKEEXT_KEYMODULE_STATISTICS0 structure contains various statistics specific to the keying module.
/// IKEEXT_KEYMODULE_STATISTICS1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_keymodule_statistics0 typedef struct
// IKEEXT_KEYMODULE_STATISTICS0_ { IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v4Statistics;
// IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v6Statistics; UINT32 errorFrequencyTable[97]; UINT32 mainModeNegotiationTime; UINT32
// quickModeNegotiationTime; UINT32 extendedModeNegotiationTime; } IKEEXT_KEYMODULE_STATISTICS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KEYMODULE_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_KEYMODULE_STATISTICS0
{
///
/// IPv4 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v4Statistics;
///
/// IPv6 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v6Statistics;
///
///
/// Table containing the frequencies of various IKE Win32 error codes encountered during negotiations. The error codes range from
/// ERROR_IPSEC_IKE_NEG_STATUS_BEGIN to ERROR_IPSEC_IKE_NEG_STATUS_END.
///
/// The table size, IKEEXT_ERROR_CODE_COUNT, is 84 (ERROR_IPSEC_IKE_NEG_STATUS_END - ERROR_IPSEC_IKE_NEG_STATUS_BEGIN).
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 97)]
public uint[] errorFrequencyTable;
/// Current Main Mode negotiation time.
public uint mainModeNegotiationTime;
/// Current Quick Mode negotiation time.
public uint quickModeNegotiationTime;
/// Current Extended Mode negotiation time. This member is applicable for Authip only.
public uint extendedModeNegotiationTime;
}
///
/// The IKEEXT_KEYMODULE_STATISTICS1 structure contains various statistics specific to the keying module.
/// IKEEXT_KEYMODULE_STATISTICS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_keymodule_statistics1 typedef struct
// IKEEXT_KEYMODULE_STATISTICS1_ { IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v4Statistics;
// IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v6Statistics; UINT32 errorFrequencyTable[97]; UINT32 mainModeNegotiationTime; UINT32
// quickModeNegotiationTime; UINT32 extendedModeNegotiationTime; } IKEEXT_KEYMODULE_STATISTICS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KEYMODULE_STATISTICS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_KEYMODULE_STATISTICS1
{
///
/// IPv4 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v4Statistics;
///
/// IPv6 common statistics.
/// See IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 for more information.
///
public IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v6Statistics;
///
///
/// Table containing the frequencies of various IKE Win32 error codes encountered during negotiations. The error codes range from
/// ERROR_IPSEC_IKE_NEG_STATUS_BEGIN to ERROR_IPSEC_IKE_NEG_STATUS_END.
///
/// The table size, IKEEXT_ERROR_CODE_COUNT, is 84 (ERROR_IPSEC_IKE_NEG_STATUS_END - ERROR_IPSEC_IKE_NEG_STATUS_BEGIN).
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 97)]
public uint[] errorFrequencyTable;
/// Current Main Mode negotiation time.
public uint mainModeNegotiationTime;
/// Current Quick Mode negotiation time.
public uint quickModeNegotiationTime;
/// Current Extended Mode negotiation time. This member is applicable for AuthIp only.
public uint extendedModeNegotiationTime;
}
/// The IKEEXT_NAME_CREDENTIAL0 structure is used to store credential name information.
///
/// IKEEXT_NAME_CREDENTIAL0 is a specific implementation of IKEEXT_NAME_CREDENTIAL. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_name_credential0 typedef struct
// IKEEXT_NAME_CREDENTIAL0_ { wchar_t *principalName; } IKEEXT_NAME_CREDENTIAL0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_NAME_CREDENTIAL0_")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct IKEEXT_NAME_CREDENTIAL0
{
/// Name of the principal.
[MarshalAs(UnmanagedType.LPWStr)]
public string principalName;
}
///
/// The IKEEXT_NTLM_V2_AUTHENTICATION0 structure contains information needed for Microsoft Windows NT LAN Manager (NTLM) V2 authentication.
///
///
/// IKEEXT_NTLM_V2_AUTHENTICATION0 is a specific implementation of IKEEXT_NTLM_V2_AUTHENTICATION. See WFP Version-Independent
/// Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_ntlm_v2_authentication0 typedef struct
// IKEEXT_NTLM_V2_AUTHENTICATION0__ { UINT32 flags; } IKEEXT_NTLM_V2_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_NTLM_V2_AUTHENTICATION0__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_NTLM_V2_AUTHENTICATION0
{
///
/// Possible value:
///
///
/// NTLM authentication flag
/// Meaning
///
/// -
/// IKEEXT_NTLM_V2_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS
/// Refuse connections if the peer is using explicit credentials.
///
///
///
public IKEEXT_NTLM_V2_AUTH flags;
}
///
/// The IKEEXT_POLICY0 structure is used to store the IKE/AuthIP main mode negotiation policy. IKEEXT_POLICY1 is available. For
/// Windows 8, IKEEXT_POLICY2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_policy0 typedef struct IKEEXT_POLICY0_ { UINT32
// softExpirationTime; UINT32 numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD0 *authenticationMethods;
// IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType; UINT32 numIkeProposals; IKEEXT_PROPOSAL0 *ikeProposals; UINT32
// flags; UINT32 maxDynamicFilters; } IKEEXT_POLICY0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_POLICY0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_POLICY0
{
/// Unused parameter, always set this to 0.
public uint softExpirationTime;
/// Number of authentication methods.
public uint numAuthenticationMethods;
///
/// Array of acceptable authentication methods.
/// See IKEEXT_AUTHENTICATION_METHOD0 for more information.
///
public IntPtr authenticationMethods;
///
/// Type of impersonation. Applies only to AuthIP.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
/// Number of main mode proposals.
public uint numIkeProposals;
///
/// Array of main mode proposals.
/// See IKEEXT_PROPOSAL0 for more information.
///
public IntPtr ikeProposals;
///
/// A combination of the following values.
///
///
/// IKE/AuthIP policy flag
/// Meaning
///
/// -
/// IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS
///
/// Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from
/// peer, or sending MS_STATUS notifications to peer.
///
///
/// -
/// IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY
/// Disable SA verification of machine LUID.
///
/// -
/// IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY
/// Disable SA verification of machine impersonation LUID. Applicable only to AuthIP.
///
/// -
/// IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH
///
/// Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy. Applicable only to AuthIP.
///
///
///
///
public IKEEXT_POLICY_FLAG flags;
///
///
/// Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA
/// negotiated using this policy.
///
///
/// Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE/AuthIP on responder, when the QM traffic
/// proposed by initiator is a subset of responder's traffic configuration.
///
///
public uint maxDynamicFilters;
}
/// The IKEEXT_POLICY1 structure is used to store the IKE/AuthIP main mode negotiation policy. IKEEXT_POLICY0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_policy1 typedef struct IKEEXT_POLICY1_ { UINT32
// softExpirationTime; UINT32 numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD1 *authenticationMethods;
// IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType; UINT32 numIkeProposals; IKEEXT_PROPOSAL0 *ikeProposals; UINT32
// flags; UINT32 maxDynamicFilters; UINT32 retransmitDurationSecs; } IKEEXT_POLICY1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_POLICY1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_POLICY1
{
/// Lifetime of the IPsec soft SA, in seconds. The caller must set this to 0.
public uint softExpirationTime;
/// Number of authentication methods.
public uint numAuthenticationMethods;
///
/// Array of acceptable authentication methods.
/// See IKEEXT_AUTHENTICATION_METHOD1 for more information.
///
public IntPtr authenticationMethods;
///
/// Type of impersonation. Applies only to AuthIP.
/// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
/// Number of main mode proposals.
public uint numIkeProposals;
///
/// Array of main mode proposals.
/// See IKEEXT_PROPOSAL0 for more information.
///
public IntPtr ikeProposals;
///
/// A combination of the following values.
///
///
/// IKE/AuthIP policy flag
/// Meaning
///
/// -
/// IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS
///
/// Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from
/// peer, or sending MS_STATUS notifications to peer.
///
///
/// -
/// IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY
/// Disable SA verification of machine LUID.
///
/// -
/// IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY
/// Disable SA verification of machine impersonation LUID.
///
/// -
/// IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH
///
/// Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy. This flag is valid
/// only if AuthIP is used.
///
///
///
///
public IKEEXT_POLICY_FLAG flags;
///
///
/// Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA
/// negotiated using this policy.
///
///
/// Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE/AuthIP on responder, when the QM traffic
/// proposed by initiator is a subset of responder's traffic configuration.
///
///
public uint maxDynamicFilters;
///
/// The number of seconds for which IKEv2 SA negotiation packets will be retransmitted before the SA times out. The caller must set
/// this to at least 120 seconds.
///
public uint retransmitDurationSecs;
}
/// The IKEEXT_POLICY2 structure is used to store the IKE/AuthIP main mode negotiation policy. IKEEXT_POLICY0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_policy2 typedef struct IKEEXT_POLICY2_ { UINT32
// softExpirationTime; UINT32 numAuthenticationMethods; IKEEXT_AUTHENTICATION_METHOD2 *authenticationMethods;
// IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType; UINT32 numIkeProposals; IKEEXT_PROPOSAL0 *ikeProposals; UINT32
// flags; UINT32 maxDynamicFilters; UINT32 retransmitDurationSecs; } IKEEXT_POLICY2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_POLICY2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_POLICY2
{
///
/// Type: UINT32
/// Lifetime of the IPsec soft SA, in seconds. The caller must set this to 0.
///
public uint softExpirationTime;
///
/// Type: UINT32
/// Number of authentication methods.
///
public uint numAuthenticationMethods;
///
/// Type: IKEEXT_AUTHENTICATION_METHOD2*
/// Array of acceptable authentication methods.
///
public IntPtr authenticationMethods;
///
/// Type: IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE
/// Type of impersonation. Applies only to AuthIP.
///
public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
///
/// Type: UINT32
/// Number of main mode proposals.
///
public uint numIkeProposals;
///
/// Type: IKEEXT_PROPOSAL0*
/// Array of main mode proposals.
///
public IntPtr ikeProposals;
///
/// Type: UINT32
/// A combination of the following values.
///
///
/// IKE/AuthIP policy flag
/// Meaning
///
/// -
/// IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS
///
/// Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from
/// peer, or sending MS_STATUS notifications to peer.
///
///
/// -
/// IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY
/// Disable SA verification of machine LUID.
///
/// -
/// IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY
/// Disable SA verification of machine impersonation LUID.
///
/// -
/// IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH
///
/// Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy. This flag is valid
/// only if AuthIP is used.
///
///
///
///
public IKEEXT_POLICY_FLAG flags;
///
/// Type: UINT32
///
/// Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA
/// negotiated using this policy.
///
///
/// Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE/AuthIP on responder, when the QM traffic
/// proposed by initiator is a subset of responder's traffic configuration.
///
///
public uint maxDynamicFilters;
///
/// Type: UINT32
///
/// The number of seconds for which IKEv2 SA negotiation packets will be retransmitted before the SA times out. The caller must set
/// this to at least 120 seconds.
///
///
public uint retransmitDurationSecs;
}
///
/// The IKEEXT_PRESHARED_KEY_AUTHENTICATION0 structure stores information needed for pre-shared key authentication.
/// IKEEXT_PRESHARED_KEY_AUTHENTICATION1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_preshared_key_authentication0 typedef struct
// IKEEXT_PRESHARED_KEY_AUTHENTICATION0__ { FWP_BYTE_BLOB presharedKey; } IKEEXT_PRESHARED_KEY_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_PRESHARED_KEY_AUTHENTICATION0__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_PRESHARED_KEY_AUTHENTICATION0
{
/// The pre-shared key specified by FWP_BYTE_BLOB.
public FWP_BYTE_BLOB presharedKey;
}
///
/// The IKEEXT_PRESHARED_KEY_AUTHENTICATION1 structure stores information needed for pre-shared key authentication.
/// IKEEXT_PRESHARED_KEY_AUTHENTICATION0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_preshared_key_authentication1 typedef struct
// IKEEXT_PRESHARED_KEY_AUTHENTICATION1__ { FWP_BYTE_BLOB presharedKey; UINT32 flags; } IKEEXT_PRESHARED_KEY_AUTHENTICATION1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_PRESHARED_KEY_AUTHENTICATION1__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_PRESHARED_KEY_AUTHENTICATION1
{
/// The pre-shared key specified by FWP_BYTE_BLOB.
public FWP_BYTE_BLOB presharedKey;
///
/// A combination of the following values.
///
///
/// Pre-shared key authentication flag
/// Meaning
///
/// -
/// IKEEXT_PSK_FLAG_LOCAL_AUTH_ONLY
///
/// Specifies that the pre-shared key authentication will be used only to authenticate a local computer to a remote computer.
/// Applicable only to IKEv2.
///
///
/// -
/// IKEEXT_PSK_FLAG_REMOTE_AUTH_ONLY
///
/// Specifies that the pre-shared key authentication will be used only to authenticate a remote computer to a local computer.
/// Applicable only to IKEv2.
///
///
///
///
public IKEEXT_PSK_FLAG flags;
}
/// The IKEEXT_PROPOSAL0 structure is used to store an IKE/AuthIP main mode proposal.
///
/// The proposal describes the various parameters of the IKE/AuthIP main mode SA that is potentially generated from this proposal.
///
/// IKEEXT_PROPOSAL0 is a specific implementation of IKEEXT_PROPOSAL. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_proposal0 typedef struct IKEEXT_PROPOSAL0_ {
// IKEEXT_CIPHER_ALGORITHM0 cipherAlgorithm; IKEEXT_INTEGRITY_ALGORITHM0 integrityAlgorithm; UINT32 maxLifetimeSeconds; IKEEXT_DH_GROUP
// dhGroup; UINT32 quickModeLimit; } IKEEXT_PROPOSAL0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_PROPOSAL0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_PROPOSAL0
{
/// Parameters for the encryption algorithm specified by IKEEXT_CIPHER_ALGORITHM0.
public IKEEXT_CIPHER_ALGORITHM0 cipherAlgorithm;
/// Parameters for the hash algorithm specified by IKEEXT_INTEGRITY_ALGORITHM0.
public IKEEXT_INTEGRITY_ALGORITHM0 integrityAlgorithm;
/// Main mode security association (SA) lifetime in seconds.
public uint maxLifetimeSeconds;
/// The Diffie Hellman group specified by IKEEXT_DH_GROUP.
public IKEEXT_DH_GROUP dhGroup;
/// Maximum number of IPsec quick mode SAs that can be generated from this main mode SA. 0 (zero) means infinite.
public uint quickModeLimit;
}
/// The IKEEXT_RESERVED_AUTHENTICATION0 structure is reserved for internal use. Do not use.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_reserved_authentication0 typedef struct
// IKEEXT_RESERVED_AUTHENTICATION0__ { UINT32 flags; } IKEEXT_RESERVED_AUTHENTICATION0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_RESERVED_AUTHENTICATION0__")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_RESERVED_AUTHENTICATION0
{
///
/// Type: UINT32
/// A combination of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// IKEEXT_RESERVED_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION
/// Reserved for internal use.
///
///
///
public IKEEXT_RESERVED_AUTH flags;
}
///
/// The IKEEXT_SA_DETAILS0 structure is used to store information returned when enumerating IKE, AuthIP, or IKEv2 security
/// associations (SAs). IKEEXT_SA_DETAILS2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_sa_details0 typedef struct IKEEXT_SA_DETAILS0_ { UINT64
// saId; IKEEXT_KEY_MODULE_TYPE keyModuleType; FWP_IP_VERSION ipVersion; union { IPSEC_V4_UDP_ENCAPSULATION0 *v4UdpEncapsulation; };
// IKEEXT_TRAFFIC0 ikeTraffic; IKEEXT_PROPOSAL0 ikeProposal; IKEEXT_COOKIE_PAIR0 cookiePair; IKEEXT_CREDENTIALS0 ikeCredentials; GUID
// ikePolicyKey; UINT64 virtualIfTunnelId; } IKEEXT_SA_DETAILS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_SA_DETAILS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_SA_DETAILS0
{
/// LUID identifying the security association.
public ulong saId;
///
/// Key module type.
/// See IKEEXT_KEY_MODULE_TYPE for more information.
///
public IKEEXT_KEY_MODULE_TYPE keyModuleType;
/// IP version specified by FWP_IP_VERSION.
public FWP_IP_VERSION ipVersion;
///
///
/// Points to an IPSEC_V4_UDP_ENCAPSULATION0 structure, which, if a NAT is detected, stores the UDP ports corresponding to the Main Mode.
///
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IntPtr v4UdpEncapsulation;
/// The traffic corresponding to this IKE SA specified by IKEEXT_TRAFFIC0.
public IKEEXT_TRAFFIC0 ikeTraffic;
/// The main mode proposal corresponding to this IKE SA specified by IKEEXT_PROPOSAL0.
public IKEEXT_PROPOSAL0 ikeProposal;
/// SA cookies specified by IKEEXT_COOKIE_PAIR0.
public IKEEXT_COOKIE_PAIR0 cookiePair;
/// Credentials information for the SA specified by IKEEXT_CREDENTIALS0.
public IKEEXT_CREDENTIALS0 ikeCredentials;
/// GUID of the main mode policy provider context corresponding to this SA.
public Guid ikePolicyKey;
///
/// ID/Handle to virtual interface tunneling state.
/// Applicable only to IKEv2.
/// Available only on Windows 7, Windows Server 2008 R2, and later.
///
public ulong virtualIfTunnelId;
}
///
/// The IKEEXT_SA_DETAILS1 structure is used to store information returned when enumerating IKE, AuthIP, and IKEv2 security
/// associations (SAs). IKEEXT_SA_DETAILS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_sa_details1 typedef struct IKEEXT_SA_DETAILS1_ { UINT64
// saId; IKEEXT_KEY_MODULE_TYPE keyModuleType; FWP_IP_VERSION ipVersion; union { IPSEC_V4_UDP_ENCAPSULATION0 *v4UdpEncapsulation; };
// IKEEXT_TRAFFIC0 ikeTraffic; IKEEXT_PROPOSAL0 ikeProposal; IKEEXT_COOKIE_PAIR0 cookiePair; IKEEXT_CREDENTIALS1 ikeCredentials; GUID
// ikePolicyKey; UINT64 virtualIfTunnelId; FWP_BYTE_BLOB correlationKey; } IKEEXT_SA_DETAILS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_SA_DETAILS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_SA_DETAILS1
{
/// LUID identifying the security association.
public ulong saId;
///
/// Key module type.
/// See IKEEXT_KEY_MODULE_TYPE for more information.
///
public IKEEXT_KEY_MODULE_TYPE keyModuleType;
/// IP version specified by FWP_IP_VERSION.
public FWP_IP_VERSION ipVersion;
///
///
/// Points to an IPSEC_V4_UDP_ENCAPSULATION0 structure, which, if a NAT is detected, stores the UDP ports corresponding to the Main Mode.
///
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IntPtr v4UdpEncapsulation;
/// The traffic corresponding to this IKE SA specified by IKEEXT_TRAFFIC0.
public IKEEXT_TRAFFIC0 ikeTraffic;
/// The main mode proposal corresponding to this IKE SA specified by IKEEXT_PROPOSAL0.
public IKEEXT_PROPOSAL0 ikeProposal;
/// SA cookies specified by IKEEXT_COOKIE_PAIR0.
public IKEEXT_COOKIE_PAIR0 cookiePair;
/// Credentials information for the SA specified by IKEEXT_CREDENTIALS1.
public IKEEXT_CREDENTIALS1 ikeCredentials;
/// GUID of the main mode policy provider context corresponding to this SA.
public Guid ikePolicyKey;
/// ID/Handle to virtual interface tunneling state. Applicable only to IKEv2.
public ulong virtualIfTunnelId;
///
public FWP_BYTE_BLOB correlationKey;
}
///
/// The IKEEXT_SA_DETAILS2 structure is used to store information returned when enumerating IKE, AuthIP, and IKEv2 security
/// associations (SAs). IKEEXT_SA_DETAILS1 is available. For Windows Vista, IKEEXT_SA_DETAILS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_sa_details2 typedef struct IKEEXT_SA_DETAILS2_ { UINT64
// saId; IKEEXT_KEY_MODULE_TYPE keyModuleType; FWP_IP_VERSION ipVersion; union { IPSEC_V4_UDP_ENCAPSULATION0 *v4UdpEncapsulation; };
// IKEEXT_TRAFFIC0 ikeTraffic; IKEEXT_PROPOSAL0 ikeProposal; IKEEXT_COOKIE_PAIR0 cookiePair; IKEEXT_CREDENTIALS2 ikeCredentials; GUID
// ikePolicyKey; UINT64 virtualIfTunnelId; FWP_BYTE_BLOB correlationKey; } IKEEXT_SA_DETAILS2;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_SA_DETAILS2_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_SA_DETAILS2
{
///
/// Type: UINT64
/// LUID identifying the security association.
///
public ulong saId;
///
/// Type: IKEEXT_KEY_MODULE_TYPE
/// Key module type.
///
public IKEEXT_KEY_MODULE_TYPE keyModuleType;
///
/// Type: FWP_IP_VERSION
/// The IP version.
///
public FWP_IP_VERSION ipVersion;
///
/// Type: IPSEC_V4_UDP_ENCAPSULATION0*
/// Stores the UDP ports corresponding to the Main Mode, if a NAT is detected.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IntPtr v4UdpEncapsulation;
///
/// Type: IKEEXT_TRAFFIC0
/// The traffic corresponding to this IKE SA.
///
public IKEEXT_TRAFFIC0 ikeTraffic;
///
/// Type: IKEEXT_PROPOSAL0
/// The main mode proposal corresponding to this IKE SA.
///
public IKEEXT_PROPOSAL0 ikeProposal;
///
/// Type: IKEEXT_COOKIE_PAIR0
/// The SA cookies.
///
public IKEEXT_COOKIE_PAIR0 cookiePair;
///
/// Type: IKEEXT_CREDENTIALS2
/// Credentials information for the SA.
///
public IKEEXT_CREDENTIALS2 ikeCredentials;
///
/// Type: GUID
/// GUID of the main mode policy provider context corresponding to this SA.
///
public Guid ikePolicyKey;
///
/// Type: UINT64
/// ID/Handle to virtual interface tunneling state. Applicable only to IKEv2.
///
public ulong virtualIfTunnelId;
///
/// Type: FWP_BYTE_BLOB
/// Key derived from authentications to allow external applications to cryptographically bind their exchanges with this SA.
///
public FWP_BYTE_BLOB correlationKey;
}
///
/// The IKEEXT_SA_ENUM_TEMPLATE0 structure is an enumeration template used for enumerating IKE/AuthIP security associations (SAs).
///
///
/// IKEEXT_SA_ENUM_TEMPLATE0 is a specific implementation of IKEEXT_SA_ENUM_TEMPLATE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_sa_enum_template0 typedef struct
// IKEEXT_SA_ENUM_TEMPLATE0_ { FWP_CONDITION_VALUE0 localSubNet; FWP_CONDITION_VALUE0 remoteSubNet; FWP_BYTE_BLOB localMainModeCertHash;
// } IKEEXT_SA_ENUM_TEMPLATE0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_SA_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_SA_ENUM_TEMPLATE0
{
///
/// Matches SAs whose local address is on the specified subnet. Must be of one of the following types.
///
/// -
/// FWP_UINT32
///
/// -
/// FWP_BYTE_ARRAY16_TYPE
///
/// -
/// FWP_V4_ADDR_MASK
///
/// -
/// FWP_V6_ADDR_MASK
///
///
/// See [FWP_CONDITION_VALUE0](/windows/desktop/api/fwptypes/ns-fwptypes-fwp_condition_value0) for more information.
///
public FWP_CONDITION_VALUE0 localSubNet;
///
/// Matches SAs whose remote address is on the specified subnet. Must be of one of the following types.
///
/// -
/// FWP_UINT32
///
/// -
/// FWP_BYTE_ARRAY16_TYPE
///
/// -
/// FWP_V4_ADDR_MASK
///
/// -
/// FWP_V6_ADDR_MASK
///
///
/// See [FWP_CONDITION_VALUE0](/windows/desktop/api/fwptypes/ns-fwptypes-fwp_condition_value0) for more information.
///
public FWP_CONDITION_VALUE0 remoteSubNet;
///
/// Matches SAs with a matching local main mode SHA thumbprint. If none exist, this member will have a length of zero.
/// See FWP_BYTE_BLOB for more information.
///
public FWP_BYTE_BLOB localMainModeCertHash;
}
/// The IKEEXT_STATISTICS0 structure stores various IKE/AuthIP statistics. IKEEXT_STATISTICS1 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_statistics0 typedef struct IKEEXT_STATISTICS0_ {
// IKEEXT_KEYMODULE_STATISTICS0 ikeStatistics; IKEEXT_KEYMODULE_STATISTICS0 authipStatistics; IKEEXT_COMMON_STATISTICS0 commonStatistics;
// } IKEEXT_STATISTICS0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_STATISTICS0
{
///
/// Statistics specific to IKE.
/// See IKEEXT_KEYMODULE_STATISTICS0 for more information.
///
public IKEEXT_KEYMODULE_STATISTICS0 ikeStatistics;
///
/// Statistics specific to AuthIP.
/// See IKEEXT_KEYMODULE_STATISTICS0 for more information.
///
public IKEEXT_KEYMODULE_STATISTICS0 authipStatistics;
///
/// Statistics common to IKE and AuthIP.
/// See IKEEXT_COMMON_STATISTICS0 for more information.
///
public IKEEXT_COMMON_STATISTICS0 commonStatistics;
}
///
/// The IKEEXT_STATISTICS1 structure stores various IKE, AuthIP, and IKEv2 statistics. IKEEXT_STATISTICS1 is the specific implementation
/// of IKEEXT_STATISTICS used in Windows 7 and later. See WFP Version-Independent Names and Targeting Specific Versions of Windows for
/// more information. For Windows Vista, IKEEXT_STATISTICS0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_statistics1 typedef struct IKEEXT_STATISTICS1_ {
// IKEEXT_KEYMODULE_STATISTICS1 ikeStatistics; IKEEXT_KEYMODULE_STATISTICS1 authipStatistics; IKEEXT_KEYMODULE_STATISTICS1
// ikeV2Statistics; IKEEXT_COMMON_STATISTICS1 commonStatistics; } IKEEXT_STATISTICS1;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_STATISTICS1_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_STATISTICS1
{
///
/// Statistics specific to IKE.
/// See IKEEXT_KEYMODULE_STATISTICS1 for more information.
///
public IKEEXT_KEYMODULE_STATISTICS1 ikeStatistics;
///
/// Statistics specific to AuthIP.
/// See IKEEXT_KEYMODULE_STATISTICS1 for more information.
///
public IKEEXT_KEYMODULE_STATISTICS1 authipStatistics;
///
/// Statistics specific to IKEv2.
/// See IKEEXT_KEYMODULE_STATISTICS1 for more information.
///
public IKEEXT_KEYMODULE_STATISTICS1 ikeV2Statistics;
///
/// Statistics common to IKE, AuthIP, and IKEv2.
/// See IKEEXT_COMMON_STATISTICS1 for more information.
///
public IKEEXT_COMMON_STATISTICS1 commonStatistics;
}
/// The IKEEXT_TRAFFIC0 structure specifies the IKE/Authip traffic.
///
/// IKEEXT_TRAFFIC0 is a specific implementation of IKEEXT_TRAFFIC. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_traffic0 typedef struct IKEEXT_TRAFFIC0_ {
// FWP_IP_VERSION ipVersion; union { UINT32 localV4Address; UINT8 localV6Address[16]; }; union { UINT32 remoteV4Address; UINT8
// remoteV6Address[16]; }; UINT64 authIpFilterId; } IKEEXT_TRAFFIC0;
[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_TRAFFIC0_")]
[StructLayout(LayoutKind.Sequential)]
public struct IKEEXT_TRAFFIC0
{
/// IP version specified by FWP_IP_VERSION.
public FWP_IP_VERSION ipVersion;
private FWP_BYTE_ARRAY_ADDR local;
private FWP_BYTE_ARRAY_ADDR remote;
///
/// The local IPv4 address of the traffic.
/// Specified when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localV4Address { get => local.addr; set => local.addr = value; }
///
/// The local IPv6 address of the traffic.
/// Specified when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localV6Address { get => local.addr6; set => local.addr6 = value; }
///
/// The remote IPv4 address of the traffic.
/// Specified when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteV4Address { get => remote.addr; set => remote.addr = value; }
///
/// The remote IPv6 address of the traffic.
/// Specified when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteV6Address { get => remote.addr6; set => remote.addr6 = value; }
/// Filter ID from quick mode (QM) policy of matching extended mode (EM) filter.
public ulong authIpFilterId;
}
}