]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | Prototypes definitions of IKE service.\r | |
6cf9230f | 3 | \r |
6879581d | 4 | Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 5 | \r |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #ifndef _IKE_SERVICE_H_\r | |
17 | #define _IKE_SERVICE_H_\r | |
18 | \r | |
19 | #include "Ike.h"\r | |
20 | #include "IpSecImpl.h"\r | |
21 | #include "IkeCommon.h"\r | |
22 | \r | |
23 | #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r | |
24 | \r | |
25 | /**\r | |
26 | This is prototype definition of general interface to intialize a IKE negotiation.\r | |
27 | \r | |
28 | @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r | |
29 | @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r | |
30 | @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r | |
31 | @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r | |
32 | \r | |
33 | @retval EFI_SUCCESS The operation is successful.\r | |
34 | @return Otherwise The operation is failed.\r | |
35 | \r | |
36 | **/\r | |
37 | typedef\r | |
38 | EFI_STATUS\r | |
39 | (*IKE_NEGOTIATE_SA) (\r | |
40 | IN IKE_UDP_SERVICE * UdpService,\r | |
41 | IN IPSEC_SPD_ENTRY * SpdEntry,\r | |
42 | IN IPSEC_PAD_ENTRY * PadEntry,\r | |
43 | IN EFI_IP_ADDRESS * RemoteIp\r | |
44 | );\r | |
45 | \r | |
46 | /**\r | |
6cf9230f | 47 | This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r |
9166f840 | 48 | \r |
49 | This function will be called when the related IKE SA is existed and start to\r | |
50 | create a Child SA.\r | |
51 | \r | |
52 | @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r | |
53 | @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r | |
54 | @param[in] Context Point to data passed from the caller.\r | |
55 | \r | |
56 | @retval EFI_SUCCESS The operation is successful.\r | |
57 | @retval Otherwise The operation is failed.\r | |
58 | \r | |
59 | **/\r | |
60 | typedef\r | |
61 | EFI_STATUS\r | |
62 | (*IKE_NEGOTIATE_CHILD_SA) (\r | |
63 | IN UINT8 *IkeSaSession,\r | |
64 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
65 | IN UINT8 *Context\r | |
66 | );\r | |
67 | \r | |
68 | /**\r | |
69 | This is prototype definition of the general interface when initialize a Inforamtion\r | |
70 | Exchange.\r | |
71 | \r | |
72 | @param[in] IkeSaSession Point to IKE SA Session related to.\r | |
73 | @param[in] Context Point to data passed from caller.\r | |
74 | \r | |
75 | **/\r | |
76 | typedef\r | |
77 | EFI_STATUS\r | |
78 | (*IKE_NEGOTIATE_INFO) (\r | |
79 | IN UINT8 *IkeSaSession,\r | |
80 | IN UINT8 *Context\r | |
81 | );\r | |
82 | \r | |
83 | /**\r | |
6cf9230f | 84 | This is prototype definition of the general interface when recived a IKE Pakcet\r |
9166f840 | 85 | for the IKE SA establishing.\r |
86 | \r | |
87 | @param[in] UdpService Point to UDP service used to send IKE Packet.\r | |
88 | @param[in] IkePacket Point to received IKE packet.\r | |
89 | \r | |
90 | **/\r | |
91 | typedef\r | |
92 | VOID\r | |
93 | (*IKE_HANDLE_SA) (\r | |
94 | IN IKE_UDP_SERVICE *UdpService,\r | |
95 | IN IKE_PACKET *IkePacket\r | |
96 | );\r | |
97 | \r | |
98 | /**\r | |
99 | This is prototyp definition of the general interface when recived a IKE Packet\r | |
6cf9230f | 100 | xfor the Child SA establishing.\r |
101 | \r | |
9166f840 | 102 | @param[in] UdpService Point to UDP service used to send IKE packet.\r |
103 | @param[in] IkePacket Point to received IKE packet.\r | |
104 | \r | |
105 | **/\r | |
106 | typedef\r | |
107 | VOID\r | |
108 | (*IKE_HANDLE_CHILD_SA) (\r | |
109 | IN IKE_UDP_SERVICE *UdpService,\r | |
110 | IN IKE_PACKET *IkePacket\r | |
111 | );\r | |
112 | \r | |
113 | /**\r | |
6cf9230f | 114 | This is prototype definition of the general interface when received a IKE\r |
9166f840 | 115 | information Packet.\r |
116 | \r | |
117 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
118 | @param[in] IkePacket Point to received IKE packet.\r | |
119 | \r | |
120 | **/\r | |
121 | typedef\r | |
122 | VOID\r | |
123 | (*IKE_HANDLE_INFO) (\r | |
124 | IN IKE_UDP_SERVICE *UdpService,\r | |
125 | IN IKE_PACKET *IkePacket\r | |
126 | );\r | |
127 | \r | |
128 | typedef struct _IKE_EXCHANGE_INTERFACE {\r | |
129 | UINT8 IkeVer;\r | |
130 | IKE_NEGOTIATE_SA NegotiateSa;\r | |
131 | IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r | |
132 | IKE_NEGOTIATE_INFO NegotiateInfo;\r | |
133 | IKE_HANDLE_SA HandleSa;\r | |
134 | IKE_HANDLE_CHILD_SA HandleChildSa;\r | |
135 | IKE_HANDLE_INFO HandleInfo;\r | |
136 | } IKE_EXCHANGE_INTERFACE;\r | |
137 | \r | |
138 | /**\r | |
139 | Open and configure a UDPIO of Udp4 for IKE packet receiving.\r | |
6cf9230f | 140 | \r |
141 | This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r | |
9166f840 | 142 | a UDP4 IO for each NIC handle.\r |
6cf9230f | 143 | \r |
9166f840 | 144 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
145 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 146 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 147 | \r |
9166f840 | 148 | @retval EFI_SUCCESS The Operation is successful.\r |
149 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 150 | \r |
9166f840 | 151 | **/\r |
152 | EFI_STATUS\r | |
153 | IkeOpenInputUdp4 (\r | |
154 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 155 | IN EFI_HANDLE Controller,\r |
156 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 157 | );\r |
158 | \r | |
159 | /**\r | |
160 | Open and configure a UDPIO of Udp6 for IKE packet receiving.\r | |
6cf9230f | 161 | \r |
9166f840 | 162 | This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r |
163 | IO for each NIC handle.\r | |
6cf9230f | 164 | \r |
9166f840 | 165 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
166 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 167 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 168 | \r |
9166f840 | 169 | @retval EFI_SUCCESS The Operation is successful.\r |
170 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 171 | \r |
9166f840 | 172 | **/\r |
173 | EFI_STATUS\r | |
174 | IkeOpenInputUdp6 (\r | |
175 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 176 | IN EFI_HANDLE Controller,\r |
177 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 178 | );\r |
179 | \r | |
180 | /**\r | |
181 | The general interface of starting IPsec Key Exchange.\r | |
6cf9230f | 182 | \r |
9166f840 | 183 | This function is called when start a IKE negotiation to get a Key.\r |
6cf9230f | 184 | \r |
185 | @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r | |
9166f840 | 186 | IKE packet sending.\r |
187 | @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r | |
188 | @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r | |
6cf9230f | 189 | \r |
9166f840 | 190 | @retval EFI_SUCCESS The Operation is successful.\r |
191 | @retval EFI_ACCESS_DENIED No related PAD entry was found.\r | |
6cf9230f | 192 | \r |
9166f840 | 193 | **/\r |
194 | EFI_STATUS\r | |
195 | IkeNegotiate (\r | |
196 | IN IKE_UDP_SERVICE *UdpService,\r | |
197 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
198 | IN EFI_IP_ADDRESS *RemoteIp\r | |
199 | );\r | |
200 | \r | |
201 | /**\r | |
202 | The general interface when receive a IKE packet.\r | |
6cf9230f | 203 | \r |
9166f840 | 204 | This function is called when UDP IO receives a IKE packet.\r |
6cf9230f | 205 | \r |
9166f840 | 206 | @param[in] Packet Point to received IKE packet.\r |
6cf9230f | 207 | @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r |
9166f840 | 208 | Remote IP and Port.\r |
209 | @param[in] IoStatus The Status of Recieve Token.\r | |
210 | @param[in] Context Point to data passed from the caller.\r | |
6cf9230f | 211 | \r |
9166f840 | 212 | **/\r |
213 | VOID\r | |
1d8fa5e9 | 214 | EFIAPI\r |
9166f840 | 215 | IkeDispatch (\r |
216 | IN NET_BUF *Packet,\r | |
217 | IN UDP_END_POINT *EndPoint,\r | |
218 | IN EFI_STATUS IoStatus,\r | |
219 | IN VOID *Context\r | |
220 | );\r | |
221 | \r | |
222 | /**\r | |
223 | Check if the NIC handle is binded to a Udp service.\r | |
224 | \r | |
225 | @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r | |
76389e18 | 226 | @param[in] Handle The Handle of the NIC card\r |
9166f840 | 227 | @param[in] IpVersion The version of the IP stack.\r |
228 | \r | |
229 | @return a pointer of IKE_UDP_SERVICE.\r | |
230 | \r | |
231 | **/\r | |
232 | IKE_UDP_SERVICE *\r | |
233 | IkeLookupUdp (\r | |
234 | IN IPSEC_PRIVATE_DATA *Private,\r | |
235 | IN EFI_HANDLE Handle,\r | |
236 | IN UINT8 IpVersion\r | |
237 | );\r | |
238 | \r | |
239 | \r | |
240 | /**\r | |
241 | Delete all established IKE SAs and related Child SAs.\r | |
6cf9230f | 242 | \r |
243 | This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r | |
244 | IkeDeleteChildSa() to delete all Child SAs then send out the related\r | |
9166f840 | 245 | Information packet.\r |
246 | \r | |
6cf9230f | 247 | @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r |
4b0f5775 | 248 | @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r |
9166f840 | 249 | \r |
250 | **/\r | |
251 | VOID\r | |
252 | IkeDeleteAllSas (\r | |
6cf9230f | 253 | IN IPSEC_PRIVATE_DATA *Private,\r |
254 | IN BOOLEAN IsDisableIpsec\r | |
9166f840 | 255 | );\r |
256 | \r | |
257 | \r | |
258 | extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r | |
259 | extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r | |
260 | \r | |
261 | #endif\r |