--- /dev/null
+/** @file\r
+ Prototypes definitions of IKE service.\r
+ \r
+ Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _IKE_SERVICE_H_\r
+#define _IKE_SERVICE_H_\r
+\r
+#include "Ike.h"\r
+#include "IpSecImpl.h"\r
+#include "IkeCommon.h"\r
+\r
+#define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r
+\r
+/**\r
+ This is prototype definition of general interface to intialize a IKE negotiation.\r
+\r
+ @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r
+ @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r
+ @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r
+ @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r
+\r
+ @retval EFI_SUCCESS The operation is successful.\r
+ @return Otherwise The operation is failed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(*IKE_NEGOTIATE_SA) (\r
+ IN IKE_UDP_SERVICE * UdpService,\r
+ IN IPSEC_SPD_ENTRY * SpdEntry,\r
+ IN IPSEC_PAD_ENTRY * PadEntry,\r
+ IN EFI_IP_ADDRESS * RemoteIp\r
+ );\r
+\r
+/**\r
+ This is prototype definition fo general interface to start a IKE negotiation at Quick Mode. \r
+\r
+ This function will be called when the related IKE SA is existed and start to\r
+ create a Child SA.\r
+\r
+ @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r
+ @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r
+ @param[in] Context Point to data passed from the caller.\r
+\r
+ @retval EFI_SUCCESS The operation is successful.\r
+ @retval Otherwise The operation is failed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(*IKE_NEGOTIATE_CHILD_SA) (\r
+ IN UINT8 *IkeSaSession,\r
+ IN IPSEC_SPD_ENTRY *SpdEntry,\r
+ IN UINT8 *Context\r
+ );\r
+\r
+/**\r
+ This is prototype definition of the general interface when initialize a Inforamtion\r
+ Exchange.\r
+\r
+ @param[in] IkeSaSession Point to IKE SA Session related to.\r
+ @param[in] Context Point to data passed from caller.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(*IKE_NEGOTIATE_INFO) (\r
+ IN UINT8 *IkeSaSession,\r
+ IN UINT8 *Context\r
+ );\r
+\r
+/**\r
+ This is prototype definition of the general interface when recived a IKE Pakcet \r
+ for the IKE SA establishing.\r
+\r
+ @param[in] UdpService Point to UDP service used to send IKE Packet.\r
+ @param[in] IkePacket Point to received IKE packet.\r
+\r
+**/\r
+typedef\r
+VOID\r
+(*IKE_HANDLE_SA) (\r
+ IN IKE_UDP_SERVICE *UdpService,\r
+ IN IKE_PACKET *IkePacket\r
+ );\r
+\r
+/**\r
+ This is prototyp definition of the general interface when recived a IKE Packet\r
+ xfor the Child SA establishing. \r
+ \r
+ @param[in] UdpService Point to UDP service used to send IKE packet.\r
+ @param[in] IkePacket Point to received IKE packet.\r
+\r
+**/\r
+typedef\r
+VOID\r
+(*IKE_HANDLE_CHILD_SA) (\r
+ IN IKE_UDP_SERVICE *UdpService,\r
+ IN IKE_PACKET *IkePacket\r
+ );\r
+\r
+/**\r
+ This is prototype definition of the general interface when received a IKE \r
+ information Packet.\r
+\r
+ @param[in] UdpService Point to UDP service used to send IKE packet.\r
+ @param[in] IkePacket Point to received IKE packet.\r
+\r
+**/\r
+typedef\r
+VOID\r
+(*IKE_HANDLE_INFO) (\r
+ IN IKE_UDP_SERVICE *UdpService,\r
+ IN IKE_PACKET *IkePacket\r
+ );\r
+\r
+typedef struct _IKE_EXCHANGE_INTERFACE {\r
+ UINT8 IkeVer;\r
+ IKE_NEGOTIATE_SA NegotiateSa;\r
+ IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r
+ IKE_NEGOTIATE_INFO NegotiateInfo;\r
+ IKE_HANDLE_SA HandleSa;\r
+ IKE_HANDLE_CHILD_SA HandleChildSa;\r
+ IKE_HANDLE_INFO HandleInfo;\r
+} IKE_EXCHANGE_INTERFACE;\r
+\r
+/**\r
+ Open and configure a UDPIO of Udp4 for IKE packet receiving.\r
+ \r
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and \r
+ a UDP4 IO for each NIC handle.\r
+ \r
+ @param[in] Private Point to IPSEC_PRIVATE_DATA\r
+ @param[in] Controller Handler for NIC card.\r
+ \r
+ @retval EFI_SUCCESS The Operation is successful.\r
+ @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
+ \r
+**/\r
+EFI_STATUS\r
+IkeOpenInputUdp4 (\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN EFI_HANDLE Controller\r
+ );\r
+\r
+/**\r
+ Open and configure a UDPIO of Udp6 for IKE packet receiving.\r
+ \r
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r
+ IO for each NIC handle.\r
+ \r
+ @param[in] Private Point to IPSEC_PRIVATE_DATA\r
+ @param[in] Controller Handler for NIC card.\r
+ \r
+ @retval EFI_SUCCESS The Operation is successful.\r
+ @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
+ \r
+**/\r
+EFI_STATUS\r
+IkeOpenInputUdp6 (\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN EFI_HANDLE Controller\r
+ );\r
+\r
+/**\r
+ The general interface of starting IPsec Key Exchange.\r
+ \r
+ This function is called when start a IKE negotiation to get a Key.\r
+ \r
+ @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for \r
+ IKE packet sending.\r
+ @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r
+ @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r
+ \r
+ @retval EFI_SUCCESS The Operation is successful.\r
+ @retval EFI_ACCESS_DENIED No related PAD entry was found.\r
+ \r
+**/\r
+EFI_STATUS\r
+IkeNegotiate (\r
+ IN IKE_UDP_SERVICE *UdpService,\r
+ IN IPSEC_SPD_ENTRY *SpdEntry,\r
+ IN EFI_IP_ADDRESS *RemoteIp\r
+ );\r
+\r
+/**\r
+ The general interface when receive a IKE packet.\r
+ \r
+ This function is called when UDP IO receives a IKE packet.\r
+ \r
+ @param[in] Packet Point to received IKE packet.\r
+ @param[in] EndPoint Point to UDP_END_POINT which contains the information of \r
+ Remote IP and Port.\r
+ @param[in] IoStatus The Status of Recieve Token.\r
+ @param[in] Context Point to data passed from the caller.\r
+ \r
+**/\r
+VOID\r
+IkeDispatch (\r
+ IN NET_BUF *Packet,\r
+ IN UDP_END_POINT *EndPoint,\r
+ IN EFI_STATUS IoStatus,\r
+ IN VOID *Context\r
+ );\r
+\r
+/**\r
+ Check if the NIC handle is binded to a Udp service.\r
+\r
+ @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r
+ @param[in] NicHandle The Handle of the NIC card\r
+ @param[in] IpVersion The version of the IP stack.\r
+\r
+ @return a pointer of IKE_UDP_SERVICE.\r
+\r
+**/\r
+IKE_UDP_SERVICE *\r
+IkeLookupUdp (\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN EFI_HANDLE Handle,\r
+ IN UINT8 IpVersion\r
+ );\r
+\r
+\r
+/**\r
+ Delete all established IKE SAs and related Child SAs.\r
+ \r
+ This function is the subfunction of the IpSecCleanupAllSa(). It first calls \r
+ IkeDeleteChildSa() to delete all Child SAs then send out the related \r
+ Information packet.\r
+\r
+ @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r
+\r
+**/\r
+VOID\r
+IkeDeleteAllSas (\r
+ IN IPSEC_PRIVATE_DATA *Private\r
+ );\r
+\r
+\r
+extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r
+extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r
+\r
+#endif\r