]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | Prototypes definitions of IKE service.\r | |
3 | \r | |
4 | Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r | |
5 | \r | |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #ifndef _IKE_SERVICE_H_\r | |
17 | #define _IKE_SERVICE_H_\r | |
18 | \r | |
19 | #include "Ike.h"\r | |
20 | #include "IpSecImpl.h"\r | |
21 | #include "IkeCommon.h"\r | |
22 | #include "Ikev2/Utility.h"\r | |
23 | \r | |
24 | #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r | |
25 | \r | |
26 | /**\r | |
27 | This is prototype definition of general interface to intialize a IKE negotiation.\r | |
28 | \r | |
29 | @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r | |
30 | @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r | |
31 | @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r | |
32 | @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r | |
33 | \r | |
34 | @retval EFI_SUCCESS The operation is successful.\r | |
35 | @return Otherwise The operation is failed.\r | |
36 | \r | |
37 | **/\r | |
38 | typedef\r | |
39 | EFI_STATUS\r | |
40 | (*IKE_NEGOTIATE_SA) (\r | |
41 | IN IKE_UDP_SERVICE * UdpService,\r | |
42 | IN IPSEC_SPD_ENTRY * SpdEntry,\r | |
43 | IN IPSEC_PAD_ENTRY * PadEntry,\r | |
44 | IN EFI_IP_ADDRESS * RemoteIp\r | |
45 | );\r | |
46 | \r | |
47 | /**\r | |
48 | This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r | |
49 | \r | |
50 | This function will be called when the related IKE SA is existed and start to\r | |
51 | create a Child SA.\r | |
52 | \r | |
53 | @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r | |
54 | @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r | |
55 | @param[in] Context Point to data passed from the caller.\r | |
56 | \r | |
57 | @retval EFI_SUCCESS The operation is successful.\r | |
58 | @retval Otherwise The operation is failed.\r | |
59 | \r | |
60 | **/\r | |
61 | typedef\r | |
62 | EFI_STATUS\r | |
63 | (*IKE_NEGOTIATE_CHILD_SA) (\r | |
64 | IN UINT8 *IkeSaSession,\r | |
65 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
66 | IN UINT8 *Context\r | |
67 | );\r | |
68 | \r | |
69 | /**\r | |
70 | This is prototype definition of the general interface when initialize a Inforamtion\r | |
71 | Exchange.\r | |
72 | \r | |
73 | @param[in] IkeSaSession Point to IKE SA Session related to.\r | |
74 | @param[in] Context Point to data passed from caller.\r | |
75 | \r | |
76 | **/\r | |
77 | typedef\r | |
78 | EFI_STATUS\r | |
79 | (*IKE_NEGOTIATE_INFO) (\r | |
80 | IN UINT8 *IkeSaSession,\r | |
81 | IN UINT8 *Context\r | |
82 | );\r | |
83 | \r | |
84 | /**\r | |
85 | This is prototype definition of the general interface when recived a IKE Pakcet\r | |
86 | for the IKE SA establishing.\r | |
87 | \r | |
88 | @param[in] UdpService Point to UDP service used to send IKE Packet.\r | |
89 | @param[in] IkePacket Point to received IKE packet.\r | |
90 | \r | |
91 | **/\r | |
92 | typedef\r | |
93 | VOID\r | |
94 | (*IKE_HANDLE_SA) (\r | |
95 | IN IKE_UDP_SERVICE *UdpService,\r | |
96 | IN IKE_PACKET *IkePacket\r | |
97 | );\r | |
98 | \r | |
99 | /**\r | |
100 | This is prototyp definition of the general interface when recived a IKE Packet\r | |
101 | xfor the Child SA establishing.\r | |
102 | \r | |
103 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
104 | @param[in] IkePacket Point to received IKE packet.\r | |
105 | \r | |
106 | **/\r | |
107 | typedef\r | |
108 | VOID\r | |
109 | (*IKE_HANDLE_CHILD_SA) (\r | |
110 | IN IKE_UDP_SERVICE *UdpService,\r | |
111 | IN IKE_PACKET *IkePacket\r | |
112 | );\r | |
113 | \r | |
114 | /**\r | |
115 | This is prototype definition of the general interface when received a IKE\r | |
116 | information Packet.\r | |
117 | \r | |
118 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
119 | @param[in] IkePacket Point to received IKE packet.\r | |
120 | \r | |
121 | **/\r | |
122 | typedef\r | |
123 | VOID\r | |
124 | (*IKE_HANDLE_INFO) (\r | |
125 | IN IKE_UDP_SERVICE *UdpService,\r | |
126 | IN IKE_PACKET *IkePacket\r | |
127 | );\r | |
128 | \r | |
129 | typedef struct _IKE_EXCHANGE_INTERFACE {\r | |
130 | UINT8 IkeVer;\r | |
131 | IKE_NEGOTIATE_SA NegotiateSa;\r | |
132 | IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r | |
133 | IKE_NEGOTIATE_INFO NegotiateInfo;\r | |
134 | IKE_HANDLE_SA HandleSa;\r | |
135 | IKE_HANDLE_CHILD_SA HandleChildSa;\r | |
136 | IKE_HANDLE_INFO HandleInfo;\r | |
137 | } IKE_EXCHANGE_INTERFACE;\r | |
138 | \r | |
139 | /**\r | |
140 | Open and configure a UDPIO of Udp4 for IKE packet receiving.\r | |
141 | \r | |
142 | This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r | |
143 | a UDP4 IO for each NIC handle.\r | |
144 | \r | |
145 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r | |
146 | @param[in] Controller Handler for NIC card.\r | |
147 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r | |
148 | \r | |
149 | @retval EFI_SUCCESS The Operation is successful.\r | |
150 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
151 | \r | |
152 | **/\r | |
153 | EFI_STATUS\r | |
154 | IkeOpenInputUdp4 (\r | |
155 | IN IPSEC_PRIVATE_DATA *Private,\r | |
156 | IN EFI_HANDLE Controller,\r | |
157 | IN EFI_HANDLE ImageHandle\r | |
158 | );\r | |
159 | \r | |
160 | /**\r | |
161 | Open and configure a UDPIO of Udp6 for IKE packet receiving.\r | |
162 | \r | |
163 | This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r | |
164 | IO for each NIC handle.\r | |
165 | \r | |
166 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r | |
167 | @param[in] Controller Handler for NIC card.\r | |
168 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r | |
169 | \r | |
170 | @retval EFI_SUCCESS The Operation is successful.\r | |
171 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
172 | \r | |
173 | **/\r | |
174 | EFI_STATUS\r | |
175 | IkeOpenInputUdp6 (\r | |
176 | IN IPSEC_PRIVATE_DATA *Private,\r | |
177 | IN EFI_HANDLE Controller,\r | |
178 | IN EFI_HANDLE ImageHandle\r | |
179 | );\r | |
180 | \r | |
181 | /**\r | |
182 | The general interface of starting IPsec Key Exchange.\r | |
183 | \r | |
184 | This function is called when start a IKE negotiation to get a Key.\r | |
185 | \r | |
186 | @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r | |
187 | IKE packet sending.\r | |
188 | @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r | |
189 | @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r | |
190 | \r | |
191 | @retval EFI_SUCCESS The Operation is successful.\r | |
192 | @retval EFI_ACCESS_DENIED No related PAD entry was found.\r | |
193 | \r | |
194 | **/\r | |
195 | EFI_STATUS\r | |
196 | IkeNegotiate (\r | |
197 | IN IKE_UDP_SERVICE *UdpService,\r | |
198 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
199 | IN EFI_IP_ADDRESS *RemoteIp\r | |
200 | );\r | |
201 | \r | |
202 | /**\r | |
203 | The general interface when receive a IKE packet.\r | |
204 | \r | |
205 | This function is called when UDP IO receives a IKE packet.\r | |
206 | \r | |
207 | @param[in] Packet Point to received IKE packet.\r | |
208 | @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r | |
209 | Remote IP and Port.\r | |
210 | @param[in] IoStatus The Status of Recieve Token.\r | |
211 | @param[in] Context Point to data passed from the caller.\r | |
212 | \r | |
213 | **/\r | |
214 | VOID\r | |
215 | EFIAPI\r | |
216 | IkeDispatch (\r | |
217 | IN NET_BUF *Packet,\r | |
218 | IN UDP_END_POINT *EndPoint,\r | |
219 | IN EFI_STATUS IoStatus,\r | |
220 | IN VOID *Context\r | |
221 | );\r | |
222 | \r | |
223 | /**\r | |
224 | Check if the NIC handle is binded to a Udp service.\r | |
225 | \r | |
226 | @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r | |
227 | @param[in] Handle The Handle of the NIC card\r | |
228 | @param[in] IpVersion The version of the IP stack.\r | |
229 | \r | |
230 | @return a pointer of IKE_UDP_SERVICE.\r | |
231 | \r | |
232 | **/\r | |
233 | IKE_UDP_SERVICE *\r | |
234 | IkeLookupUdp (\r | |
235 | IN IPSEC_PRIVATE_DATA *Private,\r | |
236 | IN EFI_HANDLE Handle,\r | |
237 | IN UINT8 IpVersion\r | |
238 | );\r | |
239 | \r | |
240 | \r | |
241 | /**\r | |
242 | Delete all established IKE SAs and related Child SAs.\r | |
243 | \r | |
244 | This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r | |
245 | IkeDeleteChildSa() to delete all Child SAs then send out the related\r | |
246 | Information packet.\r | |
247 | \r | |
248 | @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r | |
249 | @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r | |
250 | \r | |
251 | **/\r | |
252 | VOID\r | |
253 | IkeDeleteAllSas (\r | |
254 | IN IPSEC_PRIVATE_DATA *Private,\r | |
255 | IN BOOLEAN IsDisableIpsec\r | |
256 | );\r | |
257 | \r | |
258 | \r | |
259 | extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r | |
260 | extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r | |
261 | \r | |
262 | #endif\r |