#pragma warning disable IDE1006 // Naming Styles using System.Collections.Generic; using System.Linq; using System.Reflection; namespace Vanara.PInvoke; public static partial class FwpUClnt { ///

/// The IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE enumerated type specifies the type of impersonation to perform when Authenticated /// Internet Protocol (AuthIP) is used for authentication. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_authentication_impersonation_type typedef enum // IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_ { IKEEXT_IMPERSONATION_NONE = 0, IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL, // IKEEXT_IMPERSONATION_MAX } IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_")] public enum IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE { ///

/// Value: /// 0 /// Specifies no impersonation. ///

IKEEXT_IMPERSONATION_NONE, ///

Specifies socket principal impersonation.

IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL, ///

Maximum value for testing purposes.

IKEEXT_IMPERSONATION_MAX, } ///

/// The IKEEXT_AUTHENTICATION_METHOD_TYPE enumerated type specifies the type of authentication method used by Internet Key /// Exchange (IKE), Authenticated Internet Protocol (AuthIP), or IKEv2.. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_authentication_method_type typedef enum // IKEEXT_AUTHENTICATION_METHOD_TYPE_ { IKEEXT_PRESHARED_KEY = 0, IKEEXT_CERTIFICATE, IKEEXT_KERBEROS, IKEEXT_ANONYMOUS, IKEEXT_SSL, // IKEEXT_NTLM_V2, IKEEXT_IPV6_CGA, IKEEXT_CERTIFICATE_ECDSA_P256, IKEEXT_CERTIFICATE_ECDSA_P384, IKEEXT_SSL_ECDSA_P256, // IKEEXT_SSL_ECDSA_P384, IKEEXT_EAP, IKEEXT_RESERVED, IKEEXT_AUTHENTICATION_METHOD_TYPE_MAX } IKEEXT_AUTHENTICATION_METHOD_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_AUTHENTICATION_METHOD_TYPE_")] public enum IKEEXT_AUTHENTICATION_METHOD_TYPE { ///

/// Value: /// 0 /// Specifies pre-shared key authentication method. Available only for IKE. ///

IKEEXT_PRESHARED_KEY, ///

Specifies certificate authentication method. Available only for IKE and IKEv2.

IKEEXT_CERTIFICATE, ///

Specifies Kerberos authentication method.

IKEEXT_KERBEROS, ///

Specifies anonymous authentication method. Available only for AuthIP.

IKEEXT_ANONYMOUS, ///

Specifies Secure Sockets Layer (SSL) authentication method. Available only for AuthIP.

IKEEXT_SSL, ///

Specifies Microsoft Windows NT LAN Manager (NTLM) V2 authentication method. Available only for AuthIP.

IKEEXT_NTLM_V2, ///

Specifies IPv6 Cryptographically Generated Addresses (CGA) authentication method. Available only for IKE.

IKEEXT_IPV6_CGA, ///

/// /// Specifies Elliptic Curve Digital Signature Algorithm (ECDSA) 256 certificate authentication method. Available only for IKE and IKEv2. /// /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_CERTIFICATE_ECDSA_P256, ///

/// Specifies ECDSA-384 certificate authentication method. Available only for IKE and IKEv2. /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_CERTIFICATE_ECDSA_P384, ///

/// Specifies ECDSA-256 SSL authentication method. Available only for AuthIP. /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_SSL_ECDSA_P256, ///

/// Specifies ECDSA-384 SSL authentication method. Available only for AuthIP. /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_SSL_ECDSA_P384, ///

/// Specifies Extensible Authentication Protocol (EAP) authentication method. Available only for IKEv2. /// Note Available only on Windows Server 2008 R2, Windows 7, and later. ///

IKEEXT_EAP, ///

/// Reserved. Do not use. /// Note Available only on Windows Server 2012, Windows 8, and later. ///

IKEEXT_RESERVED, ///

Maximum value for testing purposes.

IKEEXT_AUTHENTICATION_METHOD_TYPE_MAX, } ///

specifies the certificate authentication characteristics.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION0_")] [Flags] public enum IKEEXT_CERT_AUTH : uint { ///

Enable SSL one way authentication. Applicable only to AuthIP.

IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY = 0x00000001, ///

/// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and /// only if CRL is successfully looked up and the certificate is found to be revoked. ///

IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK = 0x00000002, ///

/// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or /// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking. ///

IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG = 0x00000004, ///

/// SSL validation requires certain EKUs, like server auth EKU from a server. This flag disables the server authentication EKU check, /// but still performs the other IKE-style certificate verification. Applicable only to AuthIP. ///

IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION = 0x00000008, ///

/// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. Available only on Windows 7, Windows /// Server 2008 R2, and later. ///

IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP = 0x00000010, ///

/// Indicates that the URL specified in the certificate authentication policy points to an encoded certificate bundle. If this flag /// is not specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. Available only on /// Windows 7, Windows Server 2008 R2, and later. ///

IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE = 0x00000020, ///

IKEEXT_CERT_AUTH_FLAG_DISABLE_REQUEST_PAYLOAD = 0x00000040, } ///

The IKEEXT_CERT_CONFIG_TYPE enumerated type indicates a type of certificate configuration.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cert_config_type typedef enum IKEEXT_CERT_CONFIG_TYPE_ // { IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST = 0, IKEEXT_CERT_CONFIG_ENTERPRISE_STORE, IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE, // IKEEXT_CERT_CONFIG_UNSPECIFIED, IKEEXT_CERT_CONFIG_TYPE_MAX } IKEEXT_CERT_CONFIG_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CERT_CONFIG_TYPE_")] public enum IKEEXT_CERT_CONFIG_TYPE { ///

/// Value: /// 0 /// An explicit trust list will be used for authentication. ///

IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST, ///

The enterprise store will be used as the trust list for authentication.

IKEEXT_CERT_CONFIG_ENTERPRISE_STORE, ///

The trusted root CA store will be used as the trust list for authentication.

IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE, ///

/// No certificate authentication in the direction (inbound or outbound) specified by the configuration. /// Available only on Windows 7, Windows Server 2008 R2, and later. ///

IKEEXT_CERT_CONFIG_UNSPECIFIED, ///

Maximum value for testing purposes.

IKEEXT_CERT_CONFIG_TYPE_MAX, } ///

Flags for IKEEXT_CERTIFICATE_CREDENTIAL1

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL1_")] [Flags] public enum IKEEXT_CERT_CREDENTIAL_FLAG : uint { ///

IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT = 0x00000001 } ///

/// The IKEEXT_CERT_CRITERIA_NAME_TYPE enumerated type specifies the type of NAME fields possible for a certificate selection /// "subject" criteria. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cert_criteria_name_type typedef enum // IKEEXT_CERT_CRITERIA_NAME_TYPE_ { IKEEXT_CERT_CRITERIA_DNS = 0, IKEEXT_CERT_CRITERIA_UPN, IKEEXT_CERT_CRITERIA_RFC822, // IKEEXT_CERT_CRITERIA_CN, IKEEXT_CERT_CRITERIA_OU, IKEEXT_CERT_CRITERIA_O, IKEEXT_CERT_CRITERIA_DC, IKEEXT_CERT_CRITERIA_NAME_TYPE_MAX // } IKEEXT_CERT_CRITERIA_NAME_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CERT_CRITERIA_NAME_TYPE_")] public enum IKEEXT_CERT_CRITERIA_NAME_TYPE { ///

/// Value: /// 0 /// DNS name in the Subject Alternative Name of the certificate. ///

IKEEXT_CERT_CRITERIA_DNS, ///

UPN name in the Subject Alternative Name of the certificate.

IKEEXT_CERT_CRITERIA_UPN, ///

RFC 822 name in the Subject Alternative Name of the certificate.

IKEEXT_CERT_CRITERIA_RFC822, ///

CN in the Subject of the certificate.

IKEEXT_CERT_CRITERIA_CN, ///

OU in the Subject of the certificate.

IKEEXT_CERT_CRITERIA_OU, ///

O in the Subject of the certificate.

IKEEXT_CERT_CRITERIA_O, ///

DC in the Subject of the certificate.

IKEEXT_CERT_CRITERIA_DC, ///

Maximum value for testing purposes.

IKEEXT_CERT_CRITERIA_NAME_TYPE_MAX, } ///

Flags for IKEEXT_CERT_ROOT_CONFIG0.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_ROOT_CONFIG0_")] [Flags] public enum IKEEXT_CERT_FLAG : uint { ///

Enable certificate-to-account mapping for the end-host certificate that chains to this root.

IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING = 0x00000001, ///

Do not send a Cert request payload for this root.

IKEEXT_CERT_FLAG_DISABLE_REQUEST_PAYLOAD = 0x00000002, ///

Enable Network Access Protection (NAP) certificate handling.

IKEEXT_CERT_FLAG_USE_NAP_CERTIFICATE = 0x00000004, ///

/// The corresponding Certification Authority (CA) can be an intermediate CA and does not have to be a ROOT CA. If this flag is not /// specified, the name will have to refer to a ROOT CA. ///

IKEEXT_CERT_FLAG_INTERMEDIATE_CA = 0x00000008, ///

/// Ignore mapping failures on the initiator. Available only for IKE and IKEv2. Can be set only if /// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING is also specified. By default, IKE and IKEv2 will not ignore certificate to /// account mapping failures, even on the initiator. Available only on Windows 7, Windows Server 2008 R2, and later. ///

IKEEXT_CERT_FLAG_IGNORE_INIT_CERT_MAP_FAILURE = 0x00000010, ///

NAP certificates will be preferred for local certificate selection.

IKEEXT_CERT_FLAG_PREFER_NAP_CERTIFICATE_OUTBOUND = 0x00000020, ///

Select a NAP certificate for outbound. Available only on Windows 8 and Windows Server 2012.

IKEEXT_CERT_FLAG_SELECT_NAP_CERTIFICATE = 0x00000040, ///

Verify that the inbound certificate is NAP. Available only on Windows 8 and Windows Server 2012.

IKEEXT_CERT_FLAG_VERIFY_NAP_CERTIFICATE = 0x00000080, ///

/// Follow the renewal property on the certificate when selecting local certificate for outbound. Only applicable when the hash of /// the certificate is specified. Available only on Windows 8 and Windows Server 2012. ///

IKEEXT_CERT_FLAG_FOLLOW_RENEWAL_CERTIFICATE = 0x00000100, } ///

/// The IKEEXT_CIPHER_TYPE enumerated type specifies the type of encryption algorithm used for encrypting the Internet Key /// Exchange (IKE) and Authenticated Internet Protocol (AuthIP) messages. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_cipher_type typedef enum IKEEXT_CIPHER_TYPE_ { // IKEEXT_CIPHER_DES = 0, IKEEXT_CIPHER_3DES, IKEEXT_CIPHER_AES_128, IKEEXT_CIPHER_AES_192, IKEEXT_CIPHER_AES_256, // IKEEXT_CIPHER_AES_GCM_128_16ICV, IKEEXT_CIPHER_AES_GCM_256_16ICV, IKEEXT_CIPHER_TYPE_MAX } IKEEXT_CIPHER_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_CIPHER_TYPE_")] public enum IKEEXT_CIPHER_TYPE { ///

/// Value: /// 0 /// Specifies DES encryption. ///

IKEEXT_CIPHER_DES, ///

Specifies 3DES encryption.

IKEEXT_CIPHER_3DES, ///

Specifies AES-128 encryption.

IKEEXT_CIPHER_AES_128, ///

Specifies AES-192 encryption.

IKEEXT_CIPHER_AES_192, ///

Specifies AES-256 encryption.

IKEEXT_CIPHER_AES_256, ///

IKEEXT_CIPHER_AES_GCM_128_16ICV, ///

IKEEXT_CIPHER_AES_GCM_256_16ICV, ///

Maximum value for testing purposes.

IKEEXT_CIPHER_TYPE_MAX, } ///

/// The IKEEXT_DH_GROUP enumerated type specifies the type of Diffie Hellman group used for Internet Key Exchange (IKE) and /// Authenticated Internet Protocol (AuthIP) key generation. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_dh_group typedef enum IKEEXT_DH_GROUP_ { // IKEEXT_DH_GROUP_NONE = 0, IKEEXT_DH_GROUP_1, IKEEXT_DH_GROUP_2, IKEEXT_DH_GROUP_14, IKEEXT_DH_GROUP_2048, IKEEXT_DH_ECP_256, // IKEEXT_DH_ECP_384, IKEEXT_DH_GROUP_24, IKEEXT_DH_GROUP_MAX } IKEEXT_DH_GROUP; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_DH_GROUP_")] public enum IKEEXT_DH_GROUP { ///

/// Value: /// 0 /// Specifies no Diffie Hellman group. Available only for AuthIP. ///

IKEEXT_DH_GROUP_NONE, ///

Specifies Diffie Hellman group 1.

IKEEXT_DH_GROUP_1, ///

Specifies Diffie Hellman group 2.

IKEEXT_DH_GROUP_2, ///

/// Specifies Diffie Hellman group 14. /// Note Available only for Windows 8 and Windows Server 2012. ///

IKEEXT_DH_GROUP_14, ///

/// Specifies Diffie Hellman group 14. /// /// Note This group was called Diffie Hellman group 2048 when it was introduced. The name has since been changed to match /// standard terminology. /// ///

IKEEXT_DH_GROUP_2048, ///

Specifies Diffie Hellman ECP group 256.

IKEEXT_DH_ECP_256, ///

Specifies Diffie Hellman ECP group 384.

IKEEXT_DH_ECP_384, ///

/// Specifies Diffie Hellman group 24. /// Note Available only for Windows 8 and Windows Server 2012. ///

IKEEXT_DH_GROUP_24, ///

Maximum value for testing purposes.

IKEEXT_DH_GROUP_MAX, } ///

Flags for IKEEXT_EAP_AUTHENTICATION0.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_EAP_AUTHENTICATION0__")] [Flags] public enum IKEEXT_EAP_FLAG : uint { ///

Specifies that EAP authentication will be used only to authenticate a local computer to a remote computer.

IKEEXT_EAP_FLAG_LOCAL_AUTH_ONLY = 0x00000001, ///

Specifies that EAP authentication will be used only to authenticate a remote computer to a local computer.

IKEEXT_EAP_FLAG_REMOTE_AUTH_ONLY = 0x00000002, } ///

/// The IKEEXT_EM_SA_STATE enumerated type defines the states for the Extended Mode (EM) negotiation exchanges that are part of /// the Authenticated Internet Protocol (AuthIP) protocol. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_em_sa_state typedef enum IKEEXT_EM_SA_STATE_ { // IKEEXT_EM_SA_STATE_NONE = 0, IKEEXT_EM_SA_STATE_SENT_ATTS, IKEEXT_EM_SA_STATE_SSPI_SENT, IKEEXT_EM_SA_STATE_AUTH_COMPLETE, // IKEEXT_EM_SA_STATE_FINAL, IKEEXT_EM_SA_STATE_COMPLETE, IKEEXT_EM_SA_STATE_MAX } IKEEXT_EM_SA_STATE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_EM_SA_STATE_")] public enum IKEEXT_EM_SA_STATE { ///

/// Value: /// 0 /// Initial state. No Extended Mode packets have been sent to the peer. ///

IKEEXT_EM_SA_STATE_NONE, ///

First packet has been sent to the peer.

IKEEXT_EM_SA_STATE_SENT_ATTS, ///

Second packet has been sent to the peer.

IKEEXT_EM_SA_STATE_SSPI_SENT, ///

Third packet has been sent to the peer.

IKEEXT_EM_SA_STATE_AUTH_COMPLETE, ///

Final packet has been sent to the peer.

IKEEXT_EM_SA_STATE_FINAL, ///

Extended mode has been completed.

IKEEXT_EM_SA_STATE_COMPLETE, ///

Maximum value for testing purposes.

IKEEXT_EM_SA_STATE_MAX, } ///

/// The IKEEXT_INTEGRITY_TYPE enumerated type specifies the type of hash algorithm used for integrity protection of Internet Key /// Exchange (IKE) and Authenticated Internet Protocol (AuthIP) messages. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_integrity_type typedef enum IKEEXT_INTEGRITY_TYPE_ { // IKEEXT_INTEGRITY_MD5 = 0, IKEEXT_INTEGRITY_SHA1, IKEEXT_INTEGRITY_SHA_256, IKEEXT_INTEGRITY_SHA_384, IKEEXT_INTEGRITY_TYPE_MAX } IKEEXT_INTEGRITY_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_INTEGRITY_TYPE_")] public enum IKEEXT_INTEGRITY_TYPE { ///

/// Value: /// 0 /// Specifies MD5 hash algorithm. ///

IKEEXT_INTEGRITY_MD5, ///

Specifies SHA1 hash algorithm.

IKEEXT_INTEGRITY_SHA1, ///

/// Specifies a 256-bit SHA encryption. /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_INTEGRITY_SHA_256, ///

/// Specifies a 384-bit SHA encryption. /// Note Available only on Windows Server 2008, Windows Vista with SP1, and later. ///

IKEEXT_INTEGRITY_SHA_384, ///

Maximum value for testing purposes.

IKEEXT_INTEGRITY_TYPE_MAX, } ///

Flags in IKEEXT_KERBEROS_AUTHENTICATION0.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_KERBEROS_AUTHENTICATION0__")] [Flags] public enum IKEEXT_KERB_AUTH : uint { ///

Disable initiator generation of peer token from the peer's name string.

IKEEXT_KERB_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION = 0x00000001, ///

Refuse connections if the peer is using explicit credentials. Applicable only to AuthIP.

IKEEXT_KERB_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS = 0x00000002, ///

Force the use of a Kerberos proxy server when acting as initiator.

IKEEXT_KERB_AUTH_FORCE_PROXY_ON_INITIATOR = 0x00000004, } ///

The IKEEXT_KEY_MODULE_TYPE enumerated type specifies the type of keying module.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_key_module_type typedef enum IKEEXT_KEY_MODULE_TYPE_ { // IKEEXT_KEY_MODULE_IKE = 0, IKEEXT_KEY_MODULE_AUTHIP, IKEEXT_KEY_MODULE_IKEV2, IKEEXT_KEY_MODULE_MAX } IKEEXT_KEY_MODULE_TYPE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_KEY_MODULE_TYPE_")] public enum IKEEXT_KEY_MODULE_TYPE { ///

/// Value: /// 0 /// Specifies Internet Key Exchange (IKE) keying module. ///

IKEEXT_KEY_MODULE_IKE, ///

Specifies Authenticated Internet Protocol (AuthIP) keying module.

IKEEXT_KEY_MODULE_AUTHIP, ///

/// Specifies Internet Key Exchange version 2 (IKEv2) keying module. /// Available only on Windows 7, Windows Server 2008 R2, and later. ///

IKEEXT_KEY_MODULE_IKEV2, ///

Maximum value for testing purposes.

IKEEXT_KEY_MODULE_MAX, } ///

/// The IKEEXT_MM_SA_STATE enumerated type defines the states for the Main Mode (MM) negotiation exchanges that are part of the /// Authenticated Internet Protocol (AuthIP) and Internet Key Exchange (IKE) protocols. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_mm_sa_state typedef enum IKEEXT_MM_SA_STATE_ { // IKEEXT_MM_SA_STATE_NONE = 0, IKEEXT_MM_SA_STATE_SA_SENT, IKEEXT_MM_SA_STATE_SSPI_SENT, IKEEXT_MM_SA_STATE_FINAL, // IKEEXT_MM_SA_STATE_FINAL_SENT, IKEEXT_MM_SA_STATE_COMPLETE, IKEEXT_MM_SA_STATE_MAX } IKEEXT_MM_SA_STATE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_MM_SA_STATE_")] public enum IKEEXT_MM_SA_STATE { ///

/// Value: /// 0 /// Initial state. No packets have been sent to the peer. ///

IKEEXT_MM_SA_STATE_NONE, ///

First packet has been sent to the peer

IKEEXT_MM_SA_STATE_SA_SENT, ///

Second packet has been sent to the peer, for SSPI authentication.

IKEEXT_MM_SA_STATE_SSPI_SENT, ///

Third packet has been sent to the peer.

IKEEXT_MM_SA_STATE_FINAL, ///

Final packet has been sent to the peer.

IKEEXT_MM_SA_STATE_FINAL_SENT, ///

MM has been completed.

IKEEXT_MM_SA_STATE_COMPLETE, ///

Maximum value for testing purposes.

IKEEXT_MM_SA_STATE_MAX, } ///

Flags for .

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_NTLM_V2_AUTHENTICATION0__")] [Flags] public enum IKEEXT_NTLM_V2_AUTH : uint { ///

Refuse connections if the peer is using explicit credentials.

IKEEXT_NTLM_V2_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS = 0x00000001 } ///

Flags for IKEEXT_POLICY0.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_POLICY0_")] [Flags] public enum IKEEXT_POLICY_FLAG : uint { ///

/// Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from /// peer, or sending MS_STATUS notifications to peer. ///

IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS = 0x00000001, ///

Disable SA verification of machine LUID.

IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY = 0x00000002, ///

Disable SA verification of machine impersonation LUID. Applicable only to AuthIP.

IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY = 0x00000004, ///

/// Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy. Applicable only to AuthIP. ///

IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH = 0x00000008, ///

IKEEXT_POLICY_FLAG_MOBIKE_NOT_SUPPORTED = 0x00000010, ///

IKEEXT_POLICY_FLAG_SITE_TO_SITE = 0x00000020, ///

IKEEXT_POLICY_FLAG_IMS_VPN = 0x00000040, ///

IKEEXT_POLICY_ENABLE_IKEV2_FRAGMENTATION = 0x00000080, ///

IKEEXT_POLICY_SUPPORT_LOW_POWER_MODE = 0x00000100, } ///

Flags for IKEEXT_PRESHARED_KEY_AUTHENTICATION1

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_PRESHARED_KEY_AUTHENTICATION1__")] [Flags] public enum IKEEXT_PSK_FLAG : uint { ///

/// Specifies that the pre-shared key authentication will be used only to authenticate a local computer to a remote computer. /// Applicable only to IKEv2. ///

IKEEXT_PSK_FLAG_LOCAL_AUTH_ONLY = 0x00000001, ///

/// Specifies that the pre-shared key authentication will be used only to authenticate a remote computer to a local computer. /// Applicable only to IKEv2. ///

IKEEXT_PSK_FLAG_REMOTE_AUTH_ONLY = 0x00000002, } ///

/// The IKEEXT_QM_SA_STATE enumerated type defines the states for the Quick Mode (QM) negotiation exchanges that are part of the /// Authenticated Internet Protocol (AuthIP) and Internet Key Exchange (IKE) protocols. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_qm_sa_state typedef enum IKEEXT_QM_SA_STATE_ { // IKEEXT_QM_SA_STATE_NONE = 0, IKEEXT_QM_SA_STATE_INITIAL, IKEEXT_QM_SA_STATE_FINAL, IKEEXT_QM_SA_STATE_COMPLETE, IKEEXT_QM_SA_STATE_MAX // } IKEEXT_QM_SA_STATE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_QM_SA_STATE_")] public enum IKEEXT_QM_SA_STATE { ///

/// Value: /// 0 /// Initial state. No QM packets have been sent to the peer. ///

IKEEXT_QM_SA_STATE_NONE, ///

First packet has been sent to the peer.

IKEEXT_QM_SA_STATE_INITIAL, ///

Final packet has been sent to the peer.

IKEEXT_QM_SA_STATE_FINAL, ///

QM has been completed.

IKEEXT_QM_SA_STATE_COMPLETE, ///

Maximum value for testing purposes.

IKEEXT_QM_SA_STATE_MAX, } ///

Flags for IKEEXT_RESERVED_AUTHENTICATION0.

[PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_RESERVED_AUTHENTICATION0__")] [Flags] public enum IKEEXT_RESERVED_AUTH : uint { ///

Reserved for internal use.

IKEEXT_RESERVED_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION = 0x00000001 } ///

/// The IKEEXT_SA_ROLE enumerated type defines the security association (SA) role for Internet Key Exchange (IKE) and /// Authenticated Internet Protocol (AuthIP) Main Mode or Quick Mode negotiations. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ne-iketypes-ikeext_sa_role typedef enum IKEEXT_SA_ROLE_ { // IKEEXT_SA_ROLE_INITIATOR = 0, IKEEXT_SA_ROLE_RESPONDER, IKEEXT_SA_ROLE_MAX } IKEEXT_SA_ROLE; [PInvokeData("iketypes.h", MSDNShortId = "NE:iketypes.IKEEXT_SA_ROLE_")] public enum IKEEXT_SA_ROLE { ///

/// Value: /// 0 /// SA is the initiator. ///

IKEEXT_SA_ROLE_INITIATOR, ///

SA is the responder.

IKEEXT_SA_ROLE_RESPONDER, ///

Maximum value for testing purposes.

IKEEXT_SA_ROLE_MAX, } ///

/// Tag interface to represent structures that start with a 32-bit size value followed by a pointer to an aray of . ///

/// The type of the array element. public interface IBlob { } ///

Gets an array from an .

/// The type of the array element. /// The structure instance. /// An array of . public static TElem[] Get(this IBlob str) { using var p = new PinnedObject(str); var c = Marshal.ReadInt32(p); return ((IntPtr)p).ToArray(c, Marshal.OffsetOf(typeof(FWP_BYTE_BLOB), "data").ToInt32()); } ///

Creates an based structure from a sequence.

/// The type of the structure. /// The type of the array element. /// The items. /// The allocated native memory assigned to the pointer in the returned structure. /// public static TIn Make(IEnumerable items, out SafeAllocatedMemoryHandle mem) where TIn : unmanaged, IBlob { var c = items?.Count() ?? 0; mem = typeof(TElem) == typeof(string) ? SafeCoTaskMemHandle.CreateFromStringList(items.Cast(), StringListPackMethod.Packed, GetCharSet()) : SafeCoTaskMemHandle.CreateFromList(items, c); var blob = new FWP_BYTE_BLOB() { size = (uint)c, data = mem }; using var tmem = SafeCoTaskMemHandle.CreateFromStructure(); tmem.Write(blob); return tmem.ToStructure(); static CharSet GetCharSet() => typeof(TIn).GetCustomAttribute()?.CharSet ?? CharSet.Auto; } ///

The IKEEXT_AUTHENTICATION_METHOD1 is available.For Windows 8, IKEEXT_AUTHENTICATION_METHOD2 is available.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method0 typedef struct // IKEEXT_AUTHENTICATION_METHOD0_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union { // IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication; // IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; // IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication; IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_AUTHENTICATION_METHOD0 { ///

Type of authentication method specified by IKEEXT_AUTHENTICATION_METHOD_TYPE.

public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; private UNION union; ///

/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY. /// See IKEEXT_PRESHARED_KEY_AUTHENTICATION0 for more information. ///

public IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_CERTIFICATE, IKEEXT_CERTIFICATE_ECDSA_P256, or IKEEXT_CERTIFICATE_ECDSA_P384. /// See IKEEXT_CERTIFICATE_AUTHENTICATION0 for more information. ///

public IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_KERBEROS. /// See IKEEXT_KERBEROS_AUTHENTICATION0 for more information. ///

public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_NTLM_V2. /// See IKEEXT_NTLM_V2_AUTHENTICATION0 for more information. ///

public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384. /// See IKEEXT_CERTIFICATE_AUTHENTICATION0 for more information. ///

public IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_IPV6_CGA. Available only for IKE. /// See IKEEXT_IPV6_CGA_AUTHENTICATION0 for more information. ///

public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; } [StructLayout(LayoutKind.Explicit)] private struct UNION { [FieldOffset(0)] public IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication; [FieldOffset(0)] public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; [FieldOffset(0)] public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication; [FieldOffset(0)] public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; } } ///

The IKEEXT_AUTHENTICATION_METHOD0 is available.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method1 typedef struct // IKEEXT_AUTHENTICATION_METHOD1_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union { // IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication; // IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; // IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication; IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; IKEEXT_EAP_AUTHENTICATION0 // eapAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_AUTHENTICATION_METHOD1 { ///

Type of authentication method specified by IKEEXT_AUTHENTICATION_METHOD_TYPE.

public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; private UNION union; ///

/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY. /// See IKEEXT_PRESHARED_KEY_AUTHENTICATION1 for more information. ///

public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; } ///

public IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_KERBEROS. /// See IKEEXT_KERBEROS_AUTHENTICATION0 for more information. ///

public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_NTLM_V2. /// See IKEEXT_NTLM_V2_AUTHENTICATION0 for more information. ///

public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384. /// See IKEEXT_CERTIFICATE_AUTHENTICATION1 for more information. ///

public IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_IPV6_CGA. /// See IKEEXT_IPV6_CGA_AUTHENTICATION0 for more information. ///

public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; } ///

/// Available when authenticationMethodType is IKEEXT_EAP. /// See IKEEXT_EAP_AUTHENTICATION0 for more information. ///

public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication { get => union.eapAuthentication; set => union.eapAuthentication = value; } [StructLayout(LayoutKind.Explicit)] private struct UNION { [FieldOffset(0)] public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication; [FieldOffset(0)] public IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication; [FieldOffset(0)] public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication; [FieldOffset(0)] public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; [FieldOffset(0)] public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication; } } ///

/// The IKEEXT_AUTHENTICATION_METHOD2 structure specifies various parameters for IKE/Authip authentication. /// IKEEXT_AUTHENTICATION_METHOD0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_authentication_method2 typedef struct // IKEEXT_AUTHENTICATION_METHOD2_ { IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; union { // IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication; // IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication; IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication; // IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication; // IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; IKEEXT_EAP_AUTHENTICATION0 eapAuthentication; }; } IKEEXT_AUTHENTICATION_METHOD2; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_AUTHENTICATION_METHOD2_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_AUTHENTICATION_METHOD2 { ///

/// Type: IKEEXT_AUTHENTICATION_METHOD_TYPE /// Type of authentication method. ///

public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; private UNION union; ///

/// Type: IKEEXT_PRESHARED_KEY_AUTHENTICATION1 /// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY. ///

public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication { get => union.presharedKeyAuthentication; set => union.presharedKeyAuthentication = value; } ///

/// Type: IKEEXT_CERTIFICATE_AUTHENTICATION2 /// Available when authenticationMethodType is IKEEXT_CERTIFICATE, IKEEXT_CERTIFICATE_ECDSA_P256, or IKEEXT_CERTIFICATE_ECDSA_P384. ///

public IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication { get => union.certificateAuthentication; set => union.certificateAuthentication = value; } ///

/// Type: IKEEXT_KERBEROS_AUTHENTICATION1 /// Available when authenticationMethodType is IKEEXT_KERBEROS. ///

public IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication { get => union.kerberosAuthentication; set => union.kerberosAuthentication = value; } ///

/// Type: IKEEXT_RESERVED_AUTHENTICATION0 /// Available when authenticationMethodType is IKEEXT_RESERVED. ///

public IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication { get => union.reservedAuthentication; set => union.reservedAuthentication = value; } ///

/// Type: IKEEXT_NTLM_V2_AUTHENTICATION0 /// Available when authenticationMethodType is IKEEXT_NTLM_V2. ///

public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication { get => union.ntlmV2Authentication; set => union.ntlmV2Authentication = value; } ///

/// Type: IKEEXT_CERTIFICATE_AUTHENTICATION2 /// Available when authenticationMethodType is IKEEXT_SSL, IKEEXT_SSL_ECDSA_P256, or IKEEXT_SSL_ECDSA_P384. ///

public IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication { get => union.sslAuthentication; set => union.sslAuthentication = value; } ///

/// Type: IKEEXT_IPV6_CGA_AUTHENTICATION0 /// Available when authenticationMethodType is IKEEXT_IPV6_CGA. ///

public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication { get => union.cgaAuthentication; set => union.cgaAuthentication = value; } ///

/// Type: IKEEXT_EAP_AUTHENTICATION0 /// Available when authenticationMethodType is IKEEXT_EAP. ///

public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication { get => union.eapAuthentication; set => union.eapAuthentication = value; } [StructLayout(LayoutKind.Explicit)] private struct UNION { [FieldOffset(0)] public IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION2 certificateAuthentication; [FieldOffset(0)] public IKEEXT_KERBEROS_AUTHENTICATION1 kerberosAuthentication; [FieldOffset(0)] public IKEEXT_RESERVED_AUTHENTICATION0 reservedAuthentication; [FieldOffset(0)] public IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication; [FieldOffset(0)] public IKEEXT_CERTIFICATE_AUTHENTICATION2 sslAuthentication; [FieldOffset(0)] public IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication; [FieldOffset(0)] public IKEEXT_EAP_AUTHENTICATION0 eapAuthentication; } } ///

The IKEEXT_CERT_EKUS0 structure contains information about the extended key usage (EKU) properties of a certificate.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_ekus0 typedef struct IKEEXT_CERT_EKUS0_ { ULONG // numEku; LPSTR *eku; } IKEEXT_CERT_EKUS0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_EKUS0_")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)] public struct IKEEXT_CERT_EKUS0 : IBlob { ///

/// Type: ULONG /// The number of EKUs in the eku member. ///

public uint numEku; ///

/// Type: LPSTR* /// The list of EKU object identifiers (OIDs). ///

public IntPtr eku; } ///

The IKEEXT_CERT_NAME0 structure specifies certificate selection "subject" criteria for an authentication method.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_name0 typedef struct IKEEXT_CERT_NAME0_ { // IKEEXT_CERT_CRITERIA_NAME_TYPE nameType; LPWSTR certName; } IKEEXT_CERT_NAME0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_NAME0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERT_NAME0 { ///

/// Type: IKEEXT_CERT_CRITERIA_NAME_TYPE /// The type of NAME field. ///

public IKEEXT_CERT_CRITERIA_NAME_TYPE nameType; ///

/// Type: LPWSTR /// The string to be used for matching the "subject" criteria. ///

[MarshalAs(UnmanagedType.LPWStr)] public string certName; } ///

The IKEEXT_CERT_ROOT_CONFIG0 structure stores the IKE, AuthIP, or IKEv2 certificate root configuration.

/// /// IKEEXT_CERT_ROOT_CONFIG0 is a specific implementation of IKEEXT_CERT_ROOT_CONFIG. See WFP Version-Independent Names and /// Targeting Specific Versions of Windows for more information. /// // https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cert_root_config0 typedef struct // IKEEXT_CERT_ROOT_CONFIG0_ { FWP_BYTE_BLOB certData; UINT32 flags; } IKEEXT_CERT_ROOT_CONFIG0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERT_ROOT_CONFIG0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERT_ROOT_CONFIG0 { ///

/// X509/ASN.1 encoded name of the certificate root. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB certData; ///

/// A combination of the following values. /// /// /// IKE/AuthIP/IKEv2 certificate flag /// Meaning /// /// /// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING /// Enable certificate-to-account mapping for the end-host certificate that chains to this root. /// /// /// IKEEXT_CERT_FLAG_DISABLE_REQUEST_PAYLOAD /// Do not send a Cert request payload for this root. /// /// /// IKEEXT_CERT_FLAG_USE_NAP_CERTIFICATE /// Enable Network Access Protection (NAP) certificate handling. /// /// /// IKEEXT_CERT_FLAG_INTERMEDIATE_CA /// /// The corresponding Certification Authority (CA) can be an intermediate CA and does not have to be a ROOT CA. If this flag is not /// specified, the name will have to refer to a ROOT CA. /// /// /// /// IKEEXT_CERT_FLAG_IGNORE_INIT_CERT_MAP_FAILURE /// /// Ignore mapping failures on the initiator. Available only for IKE and IKEv2. Can be set only if /// IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING is also specified. By default, IKE and IKEv2 will not ignore certificate to /// account mapping failures, even on the initiator. Available only on Windows 7, Windows Server 2008 R2, and later. /// /// /// /// IKEEXT_CERT_FLAG_PREFER_NAP_CERTIFICATE_OUTBOUND /// NAP certificates will be preferred for local certificate selection. /// /// /// IKEEXT_CERT_FLAG_SELECT_NAP_CERTIFICATE /// Select a NAP certificate for outbound. Available only on Windows 8 and Windows Server 2012. /// /// /// IKEEXT_CERT_FLAG_VERIFY_NAP_CERTIFICATE /// Verify that the inbound certificate is NAP. Available only on Windows 8 and Windows Server 2012. /// /// /// IKEEXT_CERT_FLAG_FOLLOW_RENEWAL_CERTIFICATE /// /// Follow the renewal property on the certificate when selecting local certificate for outbound. Only applicable when the hash of /// the certificate is specified. Available only on Windows 8 and Windows Server 2012. /// /// /// ///

public IKEEXT_CERT_FLAG flags; } ///

The IKEEXT_CERTIFICATE_AUTHENTICATION1 is available. For Windows 8, IKEEXT_CERTIFICATE_AUTHENTICATION2 is available.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication0 typedef struct // IKEEXT_CERTIFICATE_AUTHENTICATION0_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize; // IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0 // *inboundTrustedRootStoreConfig; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize; // IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0 // *outboundTrustedRootStoreConfig; }; UINT32 flags; } IKEEXT_CERTIFICATE_AUTHENTICATION0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_AUTHENTICATION0 { ///

/// Certificate configuration type for inbound peer certificate verification. /// See IKEEXT_CERT_CONFIG_TYPE for more information. ///

public IKEEXT_CERT_CONFIG_TYPE inboundConfigType; private UNION inbound; ///

/// Number of elements in the inboundRootArray member. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint inboundRootArraySize { get => inbound.a.size; set => inbound.a.size = value; } ///

/// Explicit trust list for verifying the peer certificate chain. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public IntPtr inboundRootArray { get => inbound.a.data; set => inbound.a.data = value; } ///

/// Enterprise store configuration for verifying the peer certificate chain. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public ref IKEEXT_CERT_ROOT_CONFIG0 inboundEnterpriseStoreConfig => ref inbound.p.AsRef(); ///

/// Trusted root store configuration for verifying the peer certificate chain. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public ref IKEEXT_CERT_ROOT_CONFIG0 inboundTrustedRootStoreConfig => ref inbound.p.AsRef(); ///

/// Certificate configuration type for outbound local certificate verification. /// See IKEEXT_CERT_CONFIG_TYPE for more information. ///

public IKEEXT_CERT_CONFIG_TYPE outboundConfigType; private UNION outbound; ///

/// Number of elements in the outboundRootArray member. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint outboundRootArraySize { get => outbound.a.size; set => outbound.a.size = value; } ///

/// Explicit trust list for selecting a certificate chain to send to the peer. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public IntPtr outboundRootArray { get => outbound.a.data; set => outbound.a.data = value; } ///

/// Enterprise store configuration for selecting the certificate chain. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public ref IKEEXT_CERT_ROOT_CONFIG0 outboundEnterpriseStoreConfig => ref outbound.p.AsRef(); ///

/// Trusted root store configuration for selecting the certificate chain. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ROOT_STORE. /// See IKEEXT_CERT_ROOT_CONFIG0 for more information. ///

public ref IKEEXT_CERT_ROOT_CONFIG0 outboundTrustedRootStoreConfig => ref outbound.p.AsRef(); ///

/// A combination of the following values that specifies the certificate authentication characteristics. /// /// /// IKE/AuthIP certificate authentication flag /// Meaning /// /// /// IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY /// Enable SSL one way authentication. Applicable only to AuthIP. /// /// /// IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK /// /// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and /// only if CRL is successfully looked up and the certificate is found to be revoked. /// /// /// /// IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG /// /// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or /// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking. /// /// /// /// IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION /// /// SSL validation requires certain EKUs, like server auth EKU from a server. This flag disables the server authentication EKU check, /// but still performs the other IKE-style certificate verification. Applicable only to AuthIP. /// /// /// /// IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP /// /// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. Available only on Windows 7, Windows /// Server 2008 R2, and later. /// /// /// /// IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE /// /// Indicates that the URL specified in the certificate authentication policy points to an encoded certificate bundle. If this flag /// is not specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. Available only on /// Windows 7, Windows Server 2008 R2, and later. /// /// /// ///

public IKEEXT_CERT_AUTH flags; [StructLayout(LayoutKind.Explicit)] internal struct UNION { [FieldOffset(0)] public FWP_BYTE_BLOB a; [FieldOffset(0)] public IntPtr p; } } ///

The IKEEXT_CERTIFICATE_AUTHENTICATION2 is available. For Windows Vista, IKEEXT_CERTIFICATE_AUTHENTICATION0 is available.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication1 typedef struct // IKEEXT_CERTIFICATE_AUTHENTICATION1_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize; // IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0 // *inboundTrustedRootStoreConfig; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize; // IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray; }; IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig; IKEEXT_CERT_ROOT_CONFIG0 // *outboundTrustedRootStoreConfig; }; UINT32 flags; FWP_BYTE_BLOB localCertLocationUrl; } IKEEXT_CERTIFICATE_AUTHENTICATION1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_AUTHENTICATION1 { ///

/// Certificate configuration type for inbound peer certificate verification. /// See IKEEXT_CERT_CONFIG_TYPE for more information. ///

public IKEEXT_CERT_CONFIG_TYPE inboundConfigType; private IKEEXT_CERTIFICATE_AUTHENTICATION0.UNION inbound; ///

/// Number of elements in the inboundRootArray member. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint inboundRootArraySize { get => inbound.a.size; set => inbound.a.size = value; } ///

public IntPtr inboundRootArray { get => inbound.a.data; set => inbound.a.data = value; } ///

public SafeCoTaskMemStruct inboundEnterpriseStoreConfig { get => new(inbound.p); set => inbound.p = value; } ///

public SafeCoTaskMemStruct inboundTrustedRootStoreConfig { get => new(inbound.p); set => inbound.p = value; } ///

/// Certificate configuration type for outbound local certificate verification. /// See IKEEXT_CERT_CONFIG_TYPE for more information. ///

public IKEEXT_CERT_CONFIG_TYPE outboundConfigType; private IKEEXT_CERTIFICATE_AUTHENTICATION0.UNION outbound; ///

/// Number of elements in the outboundRootArray member. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint outboundRootArraySize { get => outbound.a.size; set => outbound.a.size = value; } ///

public IntPtr outboundRootArray { get => outbound.a.data; set => outbound.a.data = value; } ///

public SafeCoTaskMemStruct outboundEnterpriseStoreConfig { get => new(outbound.p); set => outbound.p = value; } ///

public SafeCoTaskMemStruct outboundTrustedRootStoreConfig { get => new(outbound.p); set => outbound.p = value; } ///

public IKEEXT_CERT_AUTH flags; ///

/// /// HTTP URL pointing to an encoded certificate or certificate-bundle, that will be used by IKEv2 for authenticating local machine to /// a peer. /// /// Applicable only to IKEv2. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB localCertLocationUrl; } ///

/// The IKEEXT_CERTIFICATE_AUTHENTICATION2 structure is used to specify various parameters for authentication with certificates. /// IKEEXT_CERTIFICATE_AUTHENTICATION0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_authentication2 typedef struct // IKEEXT_CERTIFICATE_AUTHENTICATION2_ { IKEEXT_CERT_CONFIG_TYPE inboundConfigType; union { struct { UINT32 inboundRootArraySize; // IKEEXT_CERTIFICATE_CRITERIA0 *inboundRootCriteria; }; struct { UINT32 inboundEnterpriseStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0 // *inboundEnterpriseStoreCriteria; }; struct { UINT32 inboundRootStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0 // *inboundTrustedRootStoreCriteria; }; }; IKEEXT_CERT_CONFIG_TYPE outboundConfigType; union { struct { UINT32 outboundRootArraySize; // IKEEXT_CERTIFICATE_CRITERIA0 *outboundRootCriteria; }; struct { UINT32 outboundEnterpriseStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0 // *outboundEnterpriseStoreCriteria; }; struct { UINT32 outboundRootStoreArraySize; IKEEXT_CERTIFICATE_CRITERIA0 // *outboundTrustedRootStoreCriteria; }; }; UINT32 flags; FWP_BYTE_BLOB localCertLocationUrl; } IKEEXT_CERTIFICATE_AUTHENTICATION2; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_AUTHENTICATION2_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_AUTHENTICATION2 { ///

/// Type: IKEEXT_CERT_CONFIG_TYPE /// Certificate configuration type for inbound peer certificate verification. ///

public IKEEXT_CERT_CONFIG_TYPE inboundConfigType; private FWP_BYTE_BLOB inbound; ///

/// Type: UINT32 /// Number of elements in the inboundRootCriteria member. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint inboundRootArraySize { get => inbound.size; set => inbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// /// List of certificate criteria containing explicit trusted authorities that should be used to verify the peer certificate chain. /// /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public IntPtr inboundRootCriteria { get => inbound.data; set => inbound.data = value; } ///

/// Type: UINT32 /// Number of elements in the inboundEnterpriseStoreCriteria member. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. ///

public uint inboundEnterpriseStoreArraySize { get => inbound.size; set => inbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// List of enterprise store criteria that should be used to verify the peer certificate chain. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. ///

public IntPtr inboundEnterpriseStoreCriteria { get => inbound.data; set => inbound.data = value; } ///

/// Type: UINT32 /// Number of elements in the inboundTrustedRootStoreCriteria member. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE. ///

public uint inboundRootStoreArraySize { get => inbound.size; set => inbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// List of trusted root store criteria that should be used to verify the peer certificate chain. /// Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE. ///

public IntPtr inboundTrustedRootStoreCriteria { get => inbound.data; set => inbound.data = value; } ///

/// Type: IKEEXT_CERT_CONFIG_TYPE /// Certificate configuration type for outbound local certificate verification. ///

public IKEEXT_CERT_CONFIG_TYPE outboundConfigType; private FWP_BYTE_BLOB outbound; ///

/// Type: UINT32 /// Number of elements in the outboundRootCriteria member. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public uint outboundRootArraySize { get => outbound.size; set => outbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// /// List of certificate criteria containing explicit trusted authorities that should be used to select the certificate chain that /// will be sent to the peer. /// /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST. ///

public IntPtr outboundRootCriteria { get => outbound.data; set => outbound.data = value; } ///

/// Type: UINT32 /// Number of elements in the outboundEnterpriseStoreCriteria member. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. ///

public uint outboundEnterpriseStoreArraySize { get => outbound.size; set => outbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// List of enterprise store criteria that should be used to select the certificate chain that will be sent to the peer. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE. ///

public IntPtr outboundEnterpriseStoreCriteria { get => outbound.data; set => outbound.data = value; } ///

/// Type: UINT32 /// Number of elements in the outboundRootStoreArraySize member. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE. ///

public uint outboundRootStoreArraySize { get => outbound.size; set => outbound.size = value; } ///

/// Type: IKEEXT_CERTIFICATE_CRITERIA0* /// List of trusted root store criteria that should be used to select the certificate chain that will be sent to the peer. /// Available when outboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE. ///

public IntPtr outboundTrustedRootStoreCriteria { get => outbound.data; set => outbound.data = value; } ///

/// Type: UINT32 /// A combination of the following values that specifies the certificate authentication characteristics. /// /// /// IKE/AuthIP certificate authentication flag /// Meaning /// /// /// IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY /// Enable SSL one-way authentication. Applicable only to AuthIP. /// /// /// IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK /// /// Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and /// only if CRL is successfully looked up and the certificate is found to be revoked. /// /// /// /// IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG /// /// Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or /// if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking. /// /// /// /// IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION /// /// Disables the SSL server authentication extended key usage (EKU) check. Other types of AuthIP validation are still performed. /// Applicable only to AuthIP. /// /// /// /// IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP /// Allow lookup of peer certificate information from an HTTP URL. Applicable only to IKEv2. /// /// /// IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE /// /// The URL specified in the certificate authentication policy points to an encoded certificate-bundle. If this flag is not /// specified, IKEv2 will assume that the URL points to an encoded certificate. Applicable only to IKEv2. /// /// /// ///

public IKEEXT_CERT_AUTH flags; ///

/// Type: FWP_BYTE_BLOB /// /// HTTP URL pointing to an encoded certificate or certificate-bundle, that will be used by IKEv2 for authenticating local machine to /// a peer. /// /// Applicable only to IKEv2. ///

public FWP_BYTE_BLOB localCertLocationUrl; } ///

/// The IKEEXT_CERTIFICATE_CREDENTIAL0 structure is used to store credential information specific to certificate authentication. /// IKEEXT_CERTIFICATE_CREDENTIAL1 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_credential0 typedef struct // IKEEXT_CERTIFICATE_CREDENTIAL0_ { FWP_BYTE_BLOB subjectName; FWP_BYTE_BLOB certHash; UINT32 flags; } IKEEXT_CERTIFICATE_CREDENTIAL0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_CREDENTIAL0 { ///

/// Encoded subject name of the certificate used for authentication. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB subjectName; ///

/// SHA thumbprint of the certificate. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB certHash; ///

/// Possible values: /// IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT ///

public IKEEXT_CERT_CREDENTIAL_FLAG flags; } ///

The IKEEXT_CERTIFICATE_CREDENTIAL0 is available.

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_credential1 typedef struct // IKEEXT_CERTIFICATE_CREDENTIAL1_ { FWP_BYTE_BLOB subjectName; FWP_BYTE_BLOB certHash; UINT32 flags; FWP_BYTE_BLOB certificate; } IKEEXT_CERTIFICATE_CREDENTIAL1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CREDENTIAL1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_CREDENTIAL1 { ///

/// Encoded subject name of the certificate used for authentication. Use CertNameToStr to convert the encoded name to string. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB subjectName; ///

/// SHA thumbprint of the certificate. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB certHash; ///

/// Possible values: /// IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT ///

public IKEEXT_CERT_CREDENTIAL_FLAG flags; ///

/// The encoded certificate. Use CertCreateCertificateContext to create a certificate context from the encoded certificate. /// See FWP_BYTE_BLOB for more information. ///

public FWP_BYTE_BLOB certificate; } ///

The IKEEXT_CERTIFICATE_CRITERIA0 structure contains a set of criteria to applied to an authentication method.

/// /// The certData member refers to the encoded name of the root certificate, while the certHash, eku, and name /// members refer to criteria on the end certificate. /// // https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_certificate_criteria0 typedef struct // IKEEXT_CERTIFICATE_CRITERIA0_ { FWP_BYTE_BLOB certData; FWP_BYTE_BLOB certHash; IKEEXT_CERT_EKUS0 *eku; IKEEXT_CERT_NAME0 *name; // UINT32 flags; } IKEEXT_CERTIFICATE_CRITERIA0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CERTIFICATE_CRITERIA0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CERTIFICATE_CRITERIA0 { ///

/// Type: FWP_BYTE_BLOB /// X509/ASN.1 encoded name of the root certificate. Should be empty when specifying Enterprise or trusted root store config. ///

public FWP_BYTE_BLOB certData; ///

/// Type: FWP_BYTE_BLOB /// 16-character hexadecimal string that represents the ID, thumbprint or HASH of the end certificate. ///

public FWP_BYTE_BLOB certHash; ///

/// Type: * /// The specific extended key usage (EKU) object identifiers (OIDs) selected for the criteria on the end certificate. ///

public IntPtr eku; ///

/// Type: IKEEXT_CERT_NAME0* /// The name/subject selected for the criteria on the end certificate. ///

public IntPtr name; ///

/// Type: UINT32 /// Reserved for system use. ///

public uint flags; } ///

The IKEEXT_CIPHER_ALGORITHM0 structure stores information about the IKE/AuthIP encryption algorithm.

/// /// IKEEXT_CIPHER_ALGORITHM0 is a specific implementation of IKEEXT_CIPHER_ALGORITHM. See WFP Version-Independent Names and /// Targeting Specific Versions of Windows for more information. /// // https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cipher_algorithm0 typedef struct // IKEEXT_CIPHER_ALGORITHM0_ { IKEEXT_CIPHER_TYPE algoIdentifier; UINT32 keyLen; UINT32 rounds; } IKEEXT_CIPHER_ALGORITHM0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CIPHER_ALGORITHM0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CIPHER_ALGORITHM0 { ///

/// The type of encryption algorithm. /// See IKEEXT_CIPHER_TYPE for more information. ///

public IKEEXT_CIPHER_TYPE algoIdentifier; ///

Unused parameter, always set it to 0.

public uint keyLen; ///

Unused parameter, always set it to 0.

public uint rounds; } ///

/// The IKEEXT_COMMON_STATISTICS0 structure contains various statistics common to IKE and Authip. IKEEXT_COMMON_STATISTICS1 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_common_statistics0 typedef struct // IKEEXT_COMMON_STATISTICS0_ { IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v4Statistics; IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 // v6Statistics; UINT32 totalPacketsReceived; UINT32 totalInvalidPacketsReceived; UINT32 currentQueuedWorkitems; } IKEEXT_COMMON_STATISTICS0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COMMON_STATISTICS0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_COMMON_STATISTICS0 { ///

/// IPv4 common statistics. /// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 for more information. ///

public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v4Statistics; ///

/// IPv6 common statistics. /// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 for more information. ///

public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v6Statistics; ///

Total number of packets received.

public uint totalPacketsReceived; ///

Total number of invalid packets received.

public uint totalInvalidPacketsReceived; ///

Current number of work items that are queued and waiting to be processed.

public uint currentQueuedWorkitems; } ///

/// The IKEEXT_COMMON_STATISTICS1 structure contains various statistics common to IKE, Authip, and IKEv2. /// IKEEXT_COMMON_STATISTICS0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_common_statistics1 typedef struct // IKEEXT_COMMON_STATISTICS1_ { IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v4Statistics; IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 // v6Statistics; UINT32 totalPacketsReceived; UINT32 totalInvalidPacketsReceived; UINT32 currentQueuedWorkitems; } IKEEXT_COMMON_STATISTICS1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COMMON_STATISTICS1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_COMMON_STATISTICS1 { ///

/// IPv4 common statistics. /// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 for more information. ///

public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v4Statistics; ///

/// IPv6 common statistics. /// See IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 for more information. ///

public IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v6Statistics; ///

Total number of packets received.

public uint totalPacketsReceived; ///

Total number of invalid packets received.

public uint totalInvalidPacketsReceived; ///

Current number of work items that are queued and waiting to be processed.

public uint currentQueuedWorkitems; } ///

The IKEEXT_COOKIE_PAIR0 structure used to store a pair of IKE/Authip cookies.

/// /// IKEEXT_COOKIE_PAIR0 is a specific implementation of IKEEXT_COOKIE_PAIR. See WFP Version-Independent Names and Targeting /// Specific Versions of Windows for more information. /// // https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_cookie_pair0 typedef struct IKEEXT_COOKIE_PAIR0_ { // IKEEXT_COOKIE initiator; IKEEXT_COOKIE responder; } IKEEXT_COOKIE_PAIR0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_COOKIE_PAIR0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_COOKIE_PAIR0 { ///

Initiator cookie. An IKEEXT_COOKIE is a UINT64.

public ulong initiator; ///

Responder cookie. An IKEEXT_COOKIE is a UINT64.

public ulong responder; } ///

/// The IKEEXT_CREDENTIAL_PAIR0 structure is used to store credential information used for the authentication. /// IKEEXT_CREDENTIAL_PAIR2 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair0 typedef struct // IKEEXT_CREDENTIAL_PAIR0_ { IKEEXT_CREDENTIAL0 localCredentials; IKEEXT_CREDENTIAL0 peerCredentials; } IKEEXT_CREDENTIAL_PAIR0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CREDENTIAL_PAIR0 { ///

/// Local credentials used for authentication. /// See IKEEXT_CREDENTIAL0 for more information. ///

public IKEEXT_CREDENTIAL0 localCredentials; ///

/// Peer credentials used for authentication. /// See IKEEXT_CREDENTIAL0 for more information. ///

public IKEEXT_CREDENTIAL0 peerCredentials; } ///

/// The IKEEXT_CREDENTIAL_PAIR1 structure is used to store credential information used for the authentication. /// IKEEXT_CREDENTIAL_PAIR2 is available. For Windows Vista, IKEEXT_CREDENTIAL_PAIR0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair1 typedef struct // IKEEXT_CREDENTIAL_PAIR1_ { IKEEXT_CREDENTIAL1 localCredentials; IKEEXT_CREDENTIAL1 peerCredentials; } IKEEXT_CREDENTIAL_PAIR1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CREDENTIAL_PAIR1 { ///

/// Local credentials used for authentication. /// See IKEEXT_CREDENTIAL1 for more information. ///

public IKEEXT_CREDENTIAL1 localCredentials; ///

/// Peer credentials used for authentication. /// See IKEEXT_CREDENTIAL1 for more information. ///

public IKEEXT_CREDENTIAL1 peerCredentials; } ///

/// The IKEEXT_CREDENTIAL_PAIR2 structure is used to store credential information used for the authentication. /// IKEEXT_CREDENTIAL_PAIR1 is available. For Windows Vista, IKEEXT_CREDENTIAL_PAIR0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential_pair2 typedef struct // IKEEXT_CREDENTIAL_PAIR2_ { IKEEXT_CREDENTIAL2 localCredentials; IKEEXT_CREDENTIAL2 peerCredentials; } IKEEXT_CREDENTIAL_PAIR2; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL_PAIR2_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CREDENTIAL_PAIR2 { ///

/// Type: IKEEXT_CREDENTIAL2 /// Local credentials used for authentication. ///

public IKEEXT_CREDENTIAL2 localCredentials; ///

/// Type: IKEEXT_CREDENTIAL2 /// Peer credentials used for authentication. ///

public IKEEXT_CREDENTIAL2 peerCredentials; } ///

/// The IKEEXT_CREDENTIAL0 structure is used to store credential information used for the authentication. IKEEXT_CREDENTIAL1 is /// available. For Windows 8, IKEEXT_CREDENTIAL2 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential0 typedef struct IKEEXT_CREDENTIAL0_ { // IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; union { // IKEEXT_PRESHARED_KEY_AUTHENTICATION0 *presharedKey; IKEEXT_CERTIFICATE_CREDENTIAL0 *certificate; IKEEXT_NAME_CREDENTIAL0 *name; }; } IKEEXT_CREDENTIAL0; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL0_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CREDENTIAL0 { ///

/// Type of authentication method. /// See IKEEXT_AUTHENTICATION_METHOD_TYPE for more information. ///

public IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; ///

/// Type of impersonation. /// See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information. ///

public IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; private IntPtr ptr; ///

/// Available when authenticationMethodType is IKEEXT_PRESHARED_KEY. /// See IKEEXT_PRESHARED_KEY_AUTHENTICATION0 for more information. ///

public SafeCoTaskMemStruct presharedKey { get => new(ptr, false); set => ptr = value; } ///

/// Available when authenticationMethodType is one of the following values. /// /// IKEEXT_CERTIFICATEIKEEXT_CERTIFICATE_ECDSA_P256IKEEXT_CERTIFICATE_ECDSA_P384IKEEXT_SSLIKEEXT_SSL_ECDSA_P256IKEEXT_SSL_ECDSA_P384IKEEXT_IPV6_CGA /// See IKEEXT_CERTIFICATE_CREDENTIAL0 for more information. /// ///

public SafeCoTaskMemStruct certificate { get => new(ptr, false); set => ptr = value; } ///

/// Available when authenticationMethodType is one of the following values. /// IKEEXT_KERBEROSIKEEXT_NTML_V2 See IKEEXT_NAME_CREDENTIAL0 for more information. ///

public SafeCoTaskMemStruct name { get => new(ptr, false); set => ptr = value; } } ///

/// The IKEEXT_CREDENTIAL1 structure is used to store credential information used for the authentication. IKEEXT_CREDENTIAL2 is /// available. For Windows Vista, IKEEXT_CREDENTIAL0 is available. ///

// https://docs.microsoft.com/en-us/windows/win32/api/iketypes/ns-iketypes-ikeext_credential1 typedef struct IKEEXT_CREDENTIAL1_ { // IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType; IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType; union { // IKEEXT_PRESHARED_KEY_AUTHENTICATION1 *presharedKey; IKEEXT_CERTIFICATE_CREDENTIAL1 *certificate; IKEEXT_NAME_CREDENTIAL0 *name; }; } IKEEXT_CREDENTIAL1; [PInvokeData("iketypes.h", MSDNShortId = "NS:iketypes.IKEEXT_CREDENTIAL1_")] [StructLayout(LayoutKind.Sequential)] public struct IKEEXT_CREDENTIAL1 { ///