UINT8 *PayloadBuffer;\r
} IPSEC_RECYCLE_CONTEXT;\r
\r
+//\r
+// Struct used to store the Hash and its data.\r
+//\r
+typedef struct {
+ UINTN DataSize;
+ UINT8 *Data;
+} HASH_DATA_FRAGMENT;\r
+\r
struct _IPSEC_PRIVATE_DATA {\r
UINT32 Signature;\r
EFI_HANDLE Handle; // Virtual handle to install private prtocol\r
/**\r
This function processes the inbound traffic with IPsec.\r
\r
- It checks the received packet security property, trims the ESP/AH header, and then\r
+ It checks the received packet security property, trims the ESP/AH header, and then \r
returns without an IPsec protected IP Header and FragmentTable.\r
-\r
+ \r
@param[in] IpVersion The version of IP.\r
- @param[in, out] IpHead Points to IP header containing the ESP/AH header\r
+ @param[in, out] IpHead Points to IP header containing the ESP/AH header \r
to be trimed on input, and without ESP/AH header\r
on return.\r
- @param[out] LastHead The Last Header in IP header on return.\r
+ @param[in, out] LastHead The Last Header in IP header on return.\r
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.\r
@param[in, out] OptionsLength Length of the options buffer. It is optional.\r
- @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec\r
+ @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec\r
protected on input, and without IPsec protected\r
on return.\r
- @param[in, out] FragmentCount Number of fragments.\r
+ @param[in, out] FragmentCount The number of fragments.\r
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.\r
- @param[out] RecycleEvent Event for recycling of resources.\r
+ @param[out] RecycleEvent The event for recycling of resources.\r
\r
- @retval EFI_SUCCESS The operation is successful.\r
- @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.\r
+ @retval EFI_SUCCESS The operation was successful.\r
+ @retval EFI_UNSUPPORTED The IPSEC protocol is not supported.\r
\r
**/\r
EFI_STATUS\r
IpSecProtectInboundPacket (\r
IN UINT8 IpVersion,\r
IN OUT VOID *IpHead,\r
- OUT UINT8 *LastHead,\r
+ IN OUT UINT8 *LastHead,\r
IN OUT VOID **OptionsBuffer, OPTIONAL\r
IN OUT UINT32 *OptionsLength, OPTIONAL\r
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,\r
IN OUT UINT32 *FragmentCount,\r
- OUT IPSEC_SPD_ENTRY **SpdEntry,\r
+ OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry,\r
OUT EFI_EVENT *RecycleEvent\r
);\r
\r
IN EFI_IP_ADDRESS *IpAddr\r
);\r
\r
+/**\r
+ Check if the specified IP packet can be serviced by this SPD entry.\r
+\r
+ @param[in] SpdEntry Point to SPD entry.\r
+ @param[in] IpVersion Version of IP.\r
+ @param[in] IpHead Point to IP header.\r
+ @param[in] IpPayload Point to IP payload.\r
+ @param[in] Protocol The Last protocol of IP packet.\r
+ @param[in] IsOutbound Traffic direction.\r
+ @param[out] Action The support action of SPD entry.\r
+\r
+ @retval EFI_SUCCESS Find the related SPD.\r
+ @retval EFI_NOT_FOUND Not find the related SPD entry;\r
+\r
+**/\r
+EFI_STATUS\r
+IpSecLookupSpdEntry (\r
+ IN IPSEC_SPD_ENTRY *SpdEntry,\r
+ IN UINT8 IpVersion,\r
+ IN VOID *IpHead,\r
+ IN UINT8 *IpPayload,\r
+ IN UINT8 Protocol,\r
+ IN BOOLEAN IsOutbound, \r
+ OUT EFI_IPSEC_ACTION *Action\r
+ );\r
+\r
+/**\r
+ Look up if there is existing SAD entry for specified IP packet sending.\r
+\r
+ This function is called by the IPsecProcess when there is some IP packet needed to\r
+ send out. This function checks if there is an existing SAD entry that can be serviced\r
+ to this IP packet sending. If no existing SAD entry could be used, this\r
+ function will invoke an IPsec Key Exchange Negotiation.\r
+\r
+ @param[in] Private Points to private data.\r
+ @param[in] NicHandle Points to a NIC handle.\r
+ @param[in] IpVersion The version of IP.\r
+ @param[in] IpHead The IP Header of packet to be sent out.\r
+ @param[in] IpPayload The IP Payload to be sent out.\r
+ @param[in] OldLastHead The Last protocol of the IP packet.\r
+ @param[in] SpdEntry Points to a related SPD entry.\r
+ @param[out] SadEntry Contains the Point of a related SAD entry.\r
+\r
+ @retval EFI_DEVICE_ERROR One of following conditions is TRUE:\r
+ - If don't find related UDP service.\r
+ - Sequence Number is used up.\r
+ - Extension Sequence Number is used up.\r
+ @retval EFI_NOT_READY No existing SAD entry could be used.\r
+ @retval EFI_SUCCESS Find the related SAD entry.\r
+\r
+**/\r
+EFI_STATUS\r
+IpSecLookupSadEntry (\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN EFI_HANDLE NicHandle,\r
+ IN UINT8 IpVersion,\r
+ IN VOID *IpHead,\r
+ IN UINT8 *IpPayload,\r
+ IN UINT8 OldLastHead,\r
+ IN IPSEC_SPD_ENTRY *SpdEntry,\r
+ OUT IPSEC_SAD_ENTRY **SadEntry\r
+ );\r
+\r
/**\r
Find the SAD through whole SAD list.\r
\r
@param[in] Spi The SPI used to search the SAD entry.\r
@param[in] DestAddress The destination used to search the SAD entry.\r
+ @param[in] IpVersion The IP version. Ip4 or Ip6.\r
\r
@return The pointer to a certain SAD entry.\r
\r
IPSEC_SAD_ENTRY *\r
IpSecLookupSadBySpi (\r
IN UINT32 Spi,\r
- IN EFI_IP_ADDRESS *DestAddress\r
+ IN EFI_IP_ADDRESS *DestAddress,\r
+ IN UINT8 IpVersion\r
)\r
;\r
\r