]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | Prototypes definitions of IKE service.\r | |
6cf9230f | 3 | \r |
76389e18 | 4 | Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 5 | \r |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #ifndef _IKE_SERVICE_H_\r | |
17 | #define _IKE_SERVICE_H_\r | |
18 | \r | |
19 | #include "Ike.h"\r | |
20 | #include "IpSecImpl.h"\r | |
21 | #include "IkeCommon.h"\r | |
22 | \r | |
23 | #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r | |
24 | \r | |
25 | /**\r | |
26 | This is prototype definition of general interface to intialize a IKE negotiation.\r | |
27 | \r | |
28 | @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r | |
29 | @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r | |
30 | @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r | |
31 | @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r | |
32 | \r | |
33 | @retval EFI_SUCCESS The operation is successful.\r | |
34 | @return Otherwise The operation is failed.\r | |
35 | \r | |
36 | **/\r | |
37 | typedef\r | |
38 | EFI_STATUS\r | |
39 | (*IKE_NEGOTIATE_SA) (\r | |
40 | IN IKE_UDP_SERVICE * UdpService,\r | |
41 | IN IPSEC_SPD_ENTRY * SpdEntry,\r | |
42 | IN IPSEC_PAD_ENTRY * PadEntry,\r | |
43 | IN EFI_IP_ADDRESS * RemoteIp\r | |
44 | );\r | |
45 | \r | |
46 | /**\r | |
6cf9230f | 47 | This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r |
9166f840 | 48 | \r |
49 | This function will be called when the related IKE SA is existed and start to\r | |
50 | create a Child SA.\r | |
51 | \r | |
52 | @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r | |
53 | @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r | |
54 | @param[in] Context Point to data passed from the caller.\r | |
55 | \r | |
56 | @retval EFI_SUCCESS The operation is successful.\r | |
57 | @retval Otherwise The operation is failed.\r | |
58 | \r | |
59 | **/\r | |
60 | typedef\r | |
61 | EFI_STATUS\r | |
62 | (*IKE_NEGOTIATE_CHILD_SA) (\r | |
63 | IN UINT8 *IkeSaSession,\r | |
64 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
65 | IN UINT8 *Context\r | |
66 | );\r | |
67 | \r | |
68 | /**\r | |
69 | This is prototype definition of the general interface when initialize a Inforamtion\r | |
70 | Exchange.\r | |
71 | \r | |
72 | @param[in] IkeSaSession Point to IKE SA Session related to.\r | |
73 | @param[in] Context Point to data passed from caller.\r | |
74 | \r | |
75 | **/\r | |
76 | typedef\r | |
77 | EFI_STATUS\r | |
78 | (*IKE_NEGOTIATE_INFO) (\r | |
79 | IN UINT8 *IkeSaSession,\r | |
80 | IN UINT8 *Context\r | |
81 | );\r | |
82 | \r | |
83 | /**\r | |
6cf9230f | 84 | This is prototype definition of the general interface when recived a IKE Pakcet\r |
9166f840 | 85 | for the IKE SA establishing.\r |
86 | \r | |
87 | @param[in] UdpService Point to UDP service used to send IKE Packet.\r | |
88 | @param[in] IkePacket Point to received IKE packet.\r | |
89 | \r | |
90 | **/\r | |
91 | typedef\r | |
92 | VOID\r | |
93 | (*IKE_HANDLE_SA) (\r | |
94 | IN IKE_UDP_SERVICE *UdpService,\r | |
95 | IN IKE_PACKET *IkePacket\r | |
96 | );\r | |
97 | \r | |
98 | /**\r | |
99 | This is prototyp definition of the general interface when recived a IKE Packet\r | |
6cf9230f | 100 | xfor the Child SA establishing.\r |
101 | \r | |
9166f840 | 102 | @param[in] UdpService Point to UDP service used to send IKE packet.\r |
103 | @param[in] IkePacket Point to received IKE packet.\r | |
104 | \r | |
105 | **/\r | |
106 | typedef\r | |
107 | VOID\r | |
108 | (*IKE_HANDLE_CHILD_SA) (\r | |
109 | IN IKE_UDP_SERVICE *UdpService,\r | |
110 | IN IKE_PACKET *IkePacket\r | |
111 | );\r | |
112 | \r | |
113 | /**\r | |
6cf9230f | 114 | This is prototype definition of the general interface when received a IKE\r |
9166f840 | 115 | information Packet.\r |
116 | \r | |
117 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
118 | @param[in] IkePacket Point to received IKE packet.\r | |
119 | \r | |
120 | **/\r | |
121 | typedef\r | |
122 | VOID\r | |
123 | (*IKE_HANDLE_INFO) (\r | |
124 | IN IKE_UDP_SERVICE *UdpService,\r | |
125 | IN IKE_PACKET *IkePacket\r | |
126 | );\r | |
127 | \r | |
128 | typedef struct _IKE_EXCHANGE_INTERFACE {\r | |
129 | UINT8 IkeVer;\r | |
130 | IKE_NEGOTIATE_SA NegotiateSa;\r | |
131 | IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r | |
132 | IKE_NEGOTIATE_INFO NegotiateInfo;\r | |
133 | IKE_HANDLE_SA HandleSa;\r | |
134 | IKE_HANDLE_CHILD_SA HandleChildSa;\r | |
135 | IKE_HANDLE_INFO HandleInfo;\r | |
136 | } IKE_EXCHANGE_INTERFACE;\r | |
137 | \r | |
138 | /**\r | |
139 | Open and configure a UDPIO of Udp4 for IKE packet receiving.\r | |
6cf9230f | 140 | \r |
141 | This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r | |
9166f840 | 142 | a UDP4 IO for each NIC handle.\r |
6cf9230f | 143 | \r |
9166f840 | 144 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
145 | @param[in] Controller Handler for NIC card.\r | |
6cf9230f | 146 | \r |
9166f840 | 147 | @retval EFI_SUCCESS The Operation is successful.\r |
148 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 149 | \r |
9166f840 | 150 | **/\r |
151 | EFI_STATUS\r | |
152 | IkeOpenInputUdp4 (\r | |
153 | IN IPSEC_PRIVATE_DATA *Private,\r | |
154 | IN EFI_HANDLE Controller\r | |
155 | );\r | |
156 | \r | |
157 | /**\r | |
158 | Open and configure a UDPIO of Udp6 for IKE packet receiving.\r | |
6cf9230f | 159 | \r |
9166f840 | 160 | This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r |
161 | IO for each NIC handle.\r | |
6cf9230f | 162 | \r |
9166f840 | 163 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
164 | @param[in] Controller Handler for NIC card.\r | |
6cf9230f | 165 | \r |
9166f840 | 166 | @retval EFI_SUCCESS The Operation is successful.\r |
167 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 168 | \r |
9166f840 | 169 | **/\r |
170 | EFI_STATUS\r | |
171 | IkeOpenInputUdp6 (\r | |
172 | IN IPSEC_PRIVATE_DATA *Private,\r | |
173 | IN EFI_HANDLE Controller\r | |
174 | );\r | |
175 | \r | |
176 | /**\r | |
177 | The general interface of starting IPsec Key Exchange.\r | |
6cf9230f | 178 | \r |
9166f840 | 179 | This function is called when start a IKE negotiation to get a Key.\r |
6cf9230f | 180 | \r |
181 | @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r | |
9166f840 | 182 | IKE packet sending.\r |
183 | @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r | |
184 | @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r | |
6cf9230f | 185 | \r |
9166f840 | 186 | @retval EFI_SUCCESS The Operation is successful.\r |
187 | @retval EFI_ACCESS_DENIED No related PAD entry was found.\r | |
6cf9230f | 188 | \r |
9166f840 | 189 | **/\r |
190 | EFI_STATUS\r | |
191 | IkeNegotiate (\r | |
192 | IN IKE_UDP_SERVICE *UdpService,\r | |
193 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
194 | IN EFI_IP_ADDRESS *RemoteIp\r | |
195 | );\r | |
196 | \r | |
197 | /**\r | |
198 | The general interface when receive a IKE packet.\r | |
6cf9230f | 199 | \r |
9166f840 | 200 | This function is called when UDP IO receives a IKE packet.\r |
6cf9230f | 201 | \r |
9166f840 | 202 | @param[in] Packet Point to received IKE packet.\r |
6cf9230f | 203 | @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r |
9166f840 | 204 | Remote IP and Port.\r |
205 | @param[in] IoStatus The Status of Recieve Token.\r | |
206 | @param[in] Context Point to data passed from the caller.\r | |
6cf9230f | 207 | \r |
9166f840 | 208 | **/\r |
209 | VOID\r | |
1d8fa5e9 | 210 | EFIAPI\r |
9166f840 | 211 | IkeDispatch (\r |
212 | IN NET_BUF *Packet,\r | |
213 | IN UDP_END_POINT *EndPoint,\r | |
214 | IN EFI_STATUS IoStatus,\r | |
215 | IN VOID *Context\r | |
216 | );\r | |
217 | \r | |
218 | /**\r | |
219 | Check if the NIC handle is binded to a Udp service.\r | |
220 | \r | |
221 | @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r | |
76389e18 | 222 | @param[in] Handle The Handle of the NIC card\r |
9166f840 | 223 | @param[in] IpVersion The version of the IP stack.\r |
224 | \r | |
225 | @return a pointer of IKE_UDP_SERVICE.\r | |
226 | \r | |
227 | **/\r | |
228 | IKE_UDP_SERVICE *\r | |
229 | IkeLookupUdp (\r | |
230 | IN IPSEC_PRIVATE_DATA *Private,\r | |
231 | IN EFI_HANDLE Handle,\r | |
232 | IN UINT8 IpVersion\r | |
233 | );\r | |
234 | \r | |
235 | \r | |
236 | /**\r | |
237 | Delete all established IKE SAs and related Child SAs.\r | |
6cf9230f | 238 | \r |
239 | This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r | |
240 | IkeDeleteChildSa() to delete all Child SAs then send out the related\r | |
9166f840 | 241 | Information packet.\r |
242 | \r | |
6cf9230f | 243 | @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r |
4b0f5775 | 244 | @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r |
9166f840 | 245 | \r |
246 | **/\r | |
247 | VOID\r | |
248 | IkeDeleteAllSas (\r | |
6cf9230f | 249 | IN IPSEC_PRIVATE_DATA *Private,\r |
250 | IN BOOLEAN IsDisableIpsec\r | |
9166f840 | 251 | );\r |
252 | \r | |
253 | \r | |
254 | extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r | |
255 | extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r | |
256 | \r | |
257 | #endif\r |