]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | Prototypes definitions of IKE service.\r | |
6cf9230f | 3 | \r |
5dd08a46 | 4 | Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 5 | \r |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #ifndef _IKE_SERVICE_H_\r | |
17 | #define _IKE_SERVICE_H_\r | |
18 | \r | |
19 | #include "Ike.h"\r | |
20 | #include "IpSecImpl.h"\r | |
21 | #include "IkeCommon.h"\r | |
5dd08a46 | 22 | #include "Ikev2/Utility.h"\r |
9166f840 | 23 | \r |
24 | #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r | |
25 | \r | |
26 | /**\r | |
27 | This is prototype definition of general interface to intialize a IKE negotiation.\r | |
28 | \r | |
29 | @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r | |
30 | @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r | |
31 | @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r | |
32 | @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r | |
33 | \r | |
34 | @retval EFI_SUCCESS The operation is successful.\r | |
35 | @return Otherwise The operation is failed.\r | |
36 | \r | |
37 | **/\r | |
38 | typedef\r | |
39 | EFI_STATUS\r | |
40 | (*IKE_NEGOTIATE_SA) (\r | |
41 | IN IKE_UDP_SERVICE * UdpService,\r | |
42 | IN IPSEC_SPD_ENTRY * SpdEntry,\r | |
43 | IN IPSEC_PAD_ENTRY * PadEntry,\r | |
44 | IN EFI_IP_ADDRESS * RemoteIp\r | |
45 | );\r | |
46 | \r | |
47 | /**\r | |
6cf9230f | 48 | This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r |
9166f840 | 49 | \r |
50 | This function will be called when the related IKE SA is existed and start to\r | |
51 | create a Child SA.\r | |
52 | \r | |
53 | @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r | |
54 | @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r | |
55 | @param[in] Context Point to data passed from the caller.\r | |
56 | \r | |
57 | @retval EFI_SUCCESS The operation is successful.\r | |
58 | @retval Otherwise The operation is failed.\r | |
59 | \r | |
60 | **/\r | |
61 | typedef\r | |
62 | EFI_STATUS\r | |
63 | (*IKE_NEGOTIATE_CHILD_SA) (\r | |
64 | IN UINT8 *IkeSaSession,\r | |
65 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
66 | IN UINT8 *Context\r | |
67 | );\r | |
68 | \r | |
69 | /**\r | |
70 | This is prototype definition of the general interface when initialize a Inforamtion\r | |
71 | Exchange.\r | |
72 | \r | |
73 | @param[in] IkeSaSession Point to IKE SA Session related to.\r | |
74 | @param[in] Context Point to data passed from caller.\r | |
75 | \r | |
76 | **/\r | |
77 | typedef\r | |
78 | EFI_STATUS\r | |
79 | (*IKE_NEGOTIATE_INFO) (\r | |
80 | IN UINT8 *IkeSaSession,\r | |
81 | IN UINT8 *Context\r | |
82 | );\r | |
83 | \r | |
84 | /**\r | |
6cf9230f | 85 | This is prototype definition of the general interface when recived a IKE Pakcet\r |
9166f840 | 86 | for the IKE SA establishing.\r |
87 | \r | |
88 | @param[in] UdpService Point to UDP service used to send IKE Packet.\r | |
89 | @param[in] IkePacket Point to received IKE packet.\r | |
90 | \r | |
91 | **/\r | |
92 | typedef\r | |
93 | VOID\r | |
94 | (*IKE_HANDLE_SA) (\r | |
95 | IN IKE_UDP_SERVICE *UdpService,\r | |
96 | IN IKE_PACKET *IkePacket\r | |
97 | );\r | |
98 | \r | |
99 | /**\r | |
100 | This is prototyp definition of the general interface when recived a IKE Packet\r | |
6cf9230f | 101 | xfor the Child SA establishing.\r |
102 | \r | |
9166f840 | 103 | @param[in] UdpService Point to UDP service used to send IKE packet.\r |
104 | @param[in] IkePacket Point to received IKE packet.\r | |
105 | \r | |
106 | **/\r | |
107 | typedef\r | |
108 | VOID\r | |
109 | (*IKE_HANDLE_CHILD_SA) (\r | |
110 | IN IKE_UDP_SERVICE *UdpService,\r | |
111 | IN IKE_PACKET *IkePacket\r | |
112 | );\r | |
113 | \r | |
114 | /**\r | |
6cf9230f | 115 | This is prototype definition of the general interface when received a IKE\r |
9166f840 | 116 | information Packet.\r |
117 | \r | |
118 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
119 | @param[in] IkePacket Point to received IKE packet.\r | |
120 | \r | |
121 | **/\r | |
122 | typedef\r | |
123 | VOID\r | |
124 | (*IKE_HANDLE_INFO) (\r | |
125 | IN IKE_UDP_SERVICE *UdpService,\r | |
126 | IN IKE_PACKET *IkePacket\r | |
127 | );\r | |
128 | \r | |
129 | typedef struct _IKE_EXCHANGE_INTERFACE {\r | |
130 | UINT8 IkeVer;\r | |
131 | IKE_NEGOTIATE_SA NegotiateSa;\r | |
132 | IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r | |
133 | IKE_NEGOTIATE_INFO NegotiateInfo;\r | |
134 | IKE_HANDLE_SA HandleSa;\r | |
135 | IKE_HANDLE_CHILD_SA HandleChildSa;\r | |
136 | IKE_HANDLE_INFO HandleInfo;\r | |
137 | } IKE_EXCHANGE_INTERFACE;\r | |
138 | \r | |
139 | /**\r | |
140 | Open and configure a UDPIO of Udp4 for IKE packet receiving.\r | |
6cf9230f | 141 | \r |
142 | This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r | |
9166f840 | 143 | a UDP4 IO for each NIC handle.\r |
6cf9230f | 144 | \r |
9166f840 | 145 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
146 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 147 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 148 | \r |
9166f840 | 149 | @retval EFI_SUCCESS The Operation is successful.\r |
150 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 151 | \r |
9166f840 | 152 | **/\r |
153 | EFI_STATUS\r | |
154 | IkeOpenInputUdp4 (\r | |
155 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 156 | IN EFI_HANDLE Controller,\r |
157 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 158 | );\r |
159 | \r | |
160 | /**\r | |
161 | Open and configure a UDPIO of Udp6 for IKE packet receiving.\r | |
6cf9230f | 162 | \r |
9166f840 | 163 | This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r |
164 | IO for each NIC handle.\r | |
6cf9230f | 165 | \r |
9166f840 | 166 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
167 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 168 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 169 | \r |
9166f840 | 170 | @retval EFI_SUCCESS The Operation is successful.\r |
171 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 172 | \r |
9166f840 | 173 | **/\r |
174 | EFI_STATUS\r | |
175 | IkeOpenInputUdp6 (\r | |
176 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 177 | IN EFI_HANDLE Controller,\r |
178 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 179 | );\r |
180 | \r | |
181 | /**\r | |
182 | The general interface of starting IPsec Key Exchange.\r | |
6cf9230f | 183 | \r |
9166f840 | 184 | This function is called when start a IKE negotiation to get a Key.\r |
6cf9230f | 185 | \r |
186 | @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r | |
9166f840 | 187 | IKE packet sending.\r |
188 | @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r | |
189 | @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r | |
6cf9230f | 190 | \r |
9166f840 | 191 | @retval EFI_SUCCESS The Operation is successful.\r |
192 | @retval EFI_ACCESS_DENIED No related PAD entry was found.\r | |
6cf9230f | 193 | \r |
9166f840 | 194 | **/\r |
195 | EFI_STATUS\r | |
196 | IkeNegotiate (\r | |
197 | IN IKE_UDP_SERVICE *UdpService,\r | |
198 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
199 | IN EFI_IP_ADDRESS *RemoteIp\r | |
200 | );\r | |
201 | \r | |
202 | /**\r | |
203 | The general interface when receive a IKE packet.\r | |
6cf9230f | 204 | \r |
9166f840 | 205 | This function is called when UDP IO receives a IKE packet.\r |
6cf9230f | 206 | \r |
9166f840 | 207 | @param[in] Packet Point to received IKE packet.\r |
6cf9230f | 208 | @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r |
9166f840 | 209 | Remote IP and Port.\r |
210 | @param[in] IoStatus The Status of Recieve Token.\r | |
211 | @param[in] Context Point to data passed from the caller.\r | |
6cf9230f | 212 | \r |
9166f840 | 213 | **/\r |
214 | VOID\r | |
1d8fa5e9 | 215 | EFIAPI\r |
9166f840 | 216 | IkeDispatch (\r |
217 | IN NET_BUF *Packet,\r | |
218 | IN UDP_END_POINT *EndPoint,\r | |
219 | IN EFI_STATUS IoStatus,\r | |
220 | IN VOID *Context\r | |
221 | );\r | |
222 | \r | |
223 | /**\r | |
224 | Check if the NIC handle is binded to a Udp service.\r | |
225 | \r | |
226 | @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r | |
76389e18 | 227 | @param[in] Handle The Handle of the NIC card\r |
9166f840 | 228 | @param[in] IpVersion The version of the IP stack.\r |
229 | \r | |
230 | @return a pointer of IKE_UDP_SERVICE.\r | |
231 | \r | |
232 | **/\r | |
233 | IKE_UDP_SERVICE *\r | |
234 | IkeLookupUdp (\r | |
235 | IN IPSEC_PRIVATE_DATA *Private,\r | |
236 | IN EFI_HANDLE Handle,\r | |
237 | IN UINT8 IpVersion\r | |
238 | );\r | |
239 | \r | |
240 | \r | |
241 | /**\r | |
242 | Delete all established IKE SAs and related Child SAs.\r | |
6cf9230f | 243 | \r |
244 | This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r | |
245 | IkeDeleteChildSa() to delete all Child SAs then send out the related\r | |
9166f840 | 246 | Information packet.\r |
247 | \r | |
6cf9230f | 248 | @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r |
4b0f5775 | 249 | @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r |
9166f840 | 250 | \r |
251 | **/\r | |
252 | VOID\r | |
253 | IkeDeleteAllSas (\r | |
6cf9230f | 254 | IN IPSEC_PRIVATE_DATA *Private,\r |
255 | IN BOOLEAN IsDisableIpsec\r | |
9166f840 | 256 | );\r |
257 | \r | |
258 | \r | |
259 | extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r | |
260 | extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r | |
261 | \r | |
262 | #endif\r |