The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and \r
policy related information for the EFI IPsec protocol driver.\r
\r
- Copyright (c) 2009, Intel Corporation\r
- All rights reserved. This program and the accompanying materials\r
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
UINT8 EncAlgoId;\r
} EFI_IPSEC_PROCESS_POLICY;\r
\r
-///\r
-/// IPsec Authentication Algorithm Definition\r
-/// The number value definition is aligned to IANA assignment\r
-///\r
-#define EFI_IPSEC_AALG_NONE 0x00\r
-#define EFI_IPSEC_AALG_MD5HMAC 0x02\r
-#define EFI_IPSEC_AALG_SHA1HMAC 0x03\r
-#define EFI_IPSEC_AALG_SHA2_256HMAC 0x05\r
-#define EFI_IPSEC_AALG_SHA2_384HMAC 0x06\r
-#define EFI_IPSEC_AALG_SHA2_512HMAC 0x07\r
-#define EFI_IPSEC_AALG_AES_XCBC_MAC 0x09\r
-#define EFI_IPSEC_AALG_NULL 0xFB\r
-\r
-///\r
-/// IPsec Encryption Algorithm Definition\r
-/// The number value definition is aligned to IANA assignment\r
-///\r
-#define EFI_IPSEC_EALG_NONE 0x00\r
-#define EFI_IPSEC_EALG_DESCBC 0x02\r
-#define EFI_IPSEC_EALG_3DESCBC 0x03\r
-#define EFI_IPSEC_EALG_CASTCBC 0x06\r
-#define EFI_IPSEC_EALG_BLOWFISHCBC 0x07\r
-#define EFI_IPSEC_EALG_NULL 0x0B\r
-#define EFI_IPSEC_EALG_AESCBC 0x0C\r
-#define EFI_IPSEC_EALG_AESCTR 0x0D\r
-#define EFI_IPSEC_EALG_AES_CCM_ICV8 0x0E\r
-#define EFI_IPSEC_EALG_AES_CCM_ICV12 0x0F\r
-#define EFI_IPSEC_EALG_AES_CCM_ICV16 0x10\r
-#define EFI_IPSEC_EALG_AES_GCM_ICV8 0x12\r
-#define EFI_IPSEC_EALG_AES_GCM_ICV12 0x13\r
-#define EFI_IPSEC_EALG_AES_GCM_ICV16 0x14\r
-\r
///\r
/// EFI_IPSEC_SA_ID\r
/// A triplet to identify an SA, consisting of the following members.\r
///\r
typedef struct _EFI_IPSEC_SPD_DATA {\r
/// \r
- /// A null-terminated name string which is used as a symbolic \r
+ /// A null-terminated ASCII name string which is used as a symbolic \r
/// identifier for an IPsec Local or Remote address.\r
/// \r
UINT8 Name[MAX_PEERID_LEN];\r
BOOLEAN ManualSet;\r
} EFI_IPSEC_SA_DATA;\r
\r
+///\r
+/// EFI_IPSEC_SA_DATA2\r
+///\r
+typedef struct _EFI_IPSEC_SA_DATA2 { \r
+ ///\r
+ /// IPsec mode: tunnel or transport\r
+ ///\r
+ EFI_IPSEC_MODE Mode; \r
+ ///\r
+ /// Sequence Number Counter. A 64-bit counter used to generate the sequence \r
+ /// number field in AH or ESP headers. \r
+ ///\r
+ UINT64 SNCount; \r
+ ///\r
+ /// Anti-Replay Window. A 64-bit counter and a bit-map used to determine \r
+ /// whether an inbound AH or ESP packet is a replay.\r
+ ///\r
+ UINT8 AntiReplayWindows; \r
+ ///\r
+ /// AH/ESP cryptographic algorithm, key and parameters.\r
+ ///\r
+ EFI_IPSEC_ALGO_INFO AlgoInfo; \r
+ ///\r
+ /// Lifetime of this SA.\r
+ ///\r
+ EFI_IPSEC_SA_LIFETIME SaLifetime; \r
+ ///\r
+ /// Any observed path MTU and aging variables. The Path MTU processing is \r
+ /// defined in section 8 of RFC 4301.\r
+ ///\r
+ UINT32 PathMTU; \r
+ ///\r
+ /// Link to one SPD entry\r
+ ///\r
+ EFI_IPSEC_SPD_SELECTOR *SpdSelector; \r
+ ///\r
+ /// Indication of whether it's manually set or negotiated automatically. \r
+ /// If ManualSet is FALSE, the corresponding SA entry is inserted through IKE \r
+ /// protocol negotiation\r
+ ///\r
+ BOOLEAN ManualSet;\r
+ ///\r
+ /// The tunnel header IP source address.\r
+ ///\r
+ EFI_IP_ADDRESS TunnelSourceAddress;\r
+ ///\r
+ /// The tunnel header IP destination address.\r
+ ///\r
+ EFI_IP_ADDRESS TunnelDestinationAddress;\r
+} EFI_IPSEC_SA_DATA2; \r
+\r
+\r
///\r
/// EFI_IPSEC_PAD_ID\r
/// specifies the identifier for PAD entry, which is also used for SPD lookup.\r
///\r
EFI_IP_ADDRESS_INFO IpAddress;\r
///\r
- /// Pointer to a null terminated string (8-bit ASCII character) \r
+ /// Pointer to a null terminated ASCII string\r
/// representing the symbolic names. A PeerId can be a DNS \r
/// name, Distinguished Name, RFC 822 email address or Key ID \r
/// (specified in section 4.4.3.1 of RFC 4301)\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_IPSEC_CONFIG_SET_DATA) (\r
+(EFIAPI *EFI_IPSEC_CONFIG_SET_DATA)(\r
IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_IPSEC_CONFIG_GET_DATA) (\r
+(EFIAPI *EFI_IPSEC_CONFIG_GET_DATA)(\r
IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_IPSEC_CONFIG_GET_NEXT_SELECTOR) (\r
+(EFIAPI *EFI_IPSEC_CONFIG_GET_NEXT_SELECTOR)(\r
IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
IN OUT UINTN *SelectorSize,\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_IPSEC_CONFIG_REGISTER_NOTIFY) (\r
+(EFIAPI *EFI_IPSEC_CONFIG_REGISTER_NOTIFY)(\r
IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
IN EFI_EVENT Event\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_IPSEC_CONFIG_UNREGISTER_NOTIFY) (\r
+(EFIAPI *EFI_IPSEC_CONFIG_UNREGISTER_NOTIFY)(\r
IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
IN EFI_EVENT Event\r