]>
Commit | Line | Data |
---|---|---|
fa05b97b | 1 | /** @file\r |
2 | EFI IPsec Configuration Protocol Definition\r | |
3 | The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and \r | |
4 | policy related information for the EFI IPsec protocol driver.\r | |
5 | \r | |
6 | Copyright (c) 2009, Intel Corporation\r | |
7 | All rights reserved. This program and the accompanying materials\r | |
8 | are licensed and made available under the terms and conditions of the BSD License\r | |
9 | which accompanies this distribution. The full text of the license may be found at\r | |
10 | http://opensource.org/licenses/bsd-license.php\r | |
11 | \r | |
12 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
13 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
14 | \r | |
15 | @par Revision Reference: \r | |
16 | This Protocol is introduced in UEFI Specification 2.2\r | |
17 | \r | |
18 | **/\r | |
19 | \r | |
20 | #ifndef __EFI_IPSE_CCONFIG_PROTOCOL_H__\r | |
21 | #define __EFI_IPSE_CCONFIG_PROTOCOL_H__\r | |
22 | \r | |
23 | \r | |
24 | #define EFI_IPSEC_CONFIG_PROTOCOL_GUID \\r | |
25 | { \\r | |
26 | 0xce5e5929, 0xc7a3, 0x4602, 0xad, {0x9e, 0xc9, 0xda, 0xf9, 0x4e, 0xbf, 0xcf } \\r | |
27 | }\r | |
28 | \r | |
29 | typedef struct _EFI_IPSEC_CONFIG_PROTOCOL EFI_IPSEC_CONFIG_PROTOCOL;\r | |
30 | \r | |
31 | ///\r | |
32 | /// EFI_IPSEC_CONFIG_DATA_TYPE\r | |
33 | ///\r | |
34 | typedef enum {\r | |
35 | /// \r | |
36 | /// The IPsec Security Policy Database (aka SPD) setting. In IPsec, \r | |
37 | /// an essential element of Security Association (SA) processing is \r | |
38 | /// underlying SPD that specifies what services are to be offered to \r | |
39 | /// IP datagram and in what fashion. The SPD must be consulted \r | |
40 | /// during the processing of all traffic (inbound and outbound), \r | |
41 | /// including traffic not protected by IPsec, that traverses the IPsec \r | |
42 | /// boundary. With this DataType, SetData() function is to set \r | |
43 | /// the SPD entry information, which may add one new entry, delete \r | |
44 | /// one existed entry or flush the whole database according to the \r | |
45 | /// parameter values. The corresponding Data is of type \r | |
46 | /// EFI_IPSEC_SPD_DATA\r | |
47 | /// \r | |
48 | IPsecConfigDataTypeSpd,\r | |
49 | /// \r | |
50 | /// The IPsec Security Association Database (aka SAD) setting. A \r | |
51 | /// SA is a simplex connection that affords security services to the \r | |
52 | /// traffic carried by it. Security services are afforded to an SA by the \r | |
53 | /// use of AH, or ESP, but not both. The corresponding Data is of \r | |
54 | /// type EFI_IPSEC_SAD_DATA.\r | |
55 | /// \r | |
56 | IPsecConfigDataTypeSad,\r | |
57 | /// \r | |
58 | /// The IPsec Peer Authorization Database (aka PAD) setting, which \r | |
59 | /// provides the link between the SPD and a security association \r | |
60 | /// management protocol. The PAD entry specifies the \r | |
61 | /// authentication protocol (e.g. IKEv1, IKEv2) method used and the \r | |
62 | /// authentication data. The corresponding Data is of type \r | |
63 | /// EFI_IPSEC_PAD_DATA.\r | |
64 | ///\r | |
65 | IPsecConfigDataTypePad,\r | |
66 | IPsecConfigDataTypeMaximum\r | |
67 | } EFI_IPSEC_CONFIG_DATA_TYPE;\r | |
68 | \r | |
69 | ///\r | |
70 | /// EFI_IP_ADDRESS_INFO\r | |
71 | ///\r | |
72 | typedef struct _EFI_IP_ADDRESS_INFO {\r | |
73 | EFI_IP_ADDRESS Address; ///< The IPv4 or IPv6 address\r | |
74 | UINT8 PrefixLength; ///< The length of the prefix associated with the Address.\r | |
75 | } EFI_IP_ADDRESS_INFO;\r | |
76 | \r | |
77 | \r | |
78 | ///\r | |
79 | /// EFI_IPSEC_SPD_SELECTOR\r | |
80 | ///\r | |
81 | typedef struct _EFI_IPSEC_SPD_SELECTOR {\r | |
82 | /// \r | |
83 | /// Specifies the actual number of entries in LocalAddress.\r | |
84 | /// \r | |
85 | UINT32 LocalAddressCount;\r | |
86 | /// \r | |
87 | /// A list of ranges of IPv4 or IPv6 addresses, which refers to the \r | |
88 | /// addresses being protected by IPsec policy.\r | |
89 | /// \r | |
90 | EFI_IP_ADDRESS_INFO *LocalAddress;\r | |
91 | /// \r | |
92 | /// Specifies the actual number of entries in RemoteAddress.\r | |
93 | /// \r | |
94 | UINT32 RemoteAddressCount;\r | |
95 | /// \r | |
96 | /// A list of ranges of IPv4 or IPv6 addresses, which are peer entities \r | |
97 | /// to LocalAddress. \r | |
98 | /// \r | |
99 | EFI_IP_ADDRESS_INFO *RemoteAddress;\r | |
100 | /// \r | |
101 | /// Next layer protocol. Obtained from the IPv4 Protocol or the IPv6 \r | |
102 | /// Next Header fields. The next layer protocol is whatever comes \r | |
103 | /// after any IP extension headers that are present. A zero value is a \r | |
104 | /// wildcard that matches any value in NextLayerProtocol field.\r | |
105 | /// \r | |
106 | UINT16 NextLayerProtocol; \r | |
107 | /// \r | |
108 | /// Local Port if the Next Layer Protocol uses two ports (as do TCP, \r | |
109 | /// UDP, and others). A zero value is a wildcard that matches any \r | |
110 | /// value in LocalPort field.\r | |
111 | /// \r | |
112 | UINT16 LocalPort;\r | |
113 | /// \r | |
114 | /// A designed port range size. The start port is LocalPort, and \r | |
115 | /// the total number of ports is described by LocalPortRange. \r | |
116 | /// This field is ignored if NextLayerProtocol does not use \r | |
117 | /// ports. \r | |
118 | /// \r | |
119 | UINT16 LocalPortRange;\r | |
120 | /// \r | |
121 | /// Remote Port if the Next Layer Protocol uses two ports. A zero \r | |
122 | /// value is a wildcard that matches any value in RemotePort field.\r | |
123 | /// \r | |
124 | UINT16 RemotePort;\r | |
125 | /// \r | |
126 | /// A designed port range size. The start port is RemotePort, and \r | |
127 | /// the total number of ports is described by RemotePortRange. \r | |
128 | /// This field is ignored if NextLayerProtocol does not use ports.\r | |
129 | /// \r | |
130 | UINT16 RemotePortRange;\r | |
131 | } EFI_IPSEC_SPD_SELECTOR;\r | |
132 | \r | |
133 | ///\r | |
134 | /// EFI_IPSEC_TRAFFIC_DIR\r | |
135 | /// represents the directionality in an SPD entry.\r | |
136 | ///\r | |
137 | typedef enum {\r | |
138 | ///\r | |
139 | /// The EfiIPsecInBound refers to traffic entering an IPsec implementation via \r | |
140 | /// the unprotected interface or emitted by the implementation on the unprotected\r | |
141 | /// side of the boundary and directed towards the protected interface. \r | |
142 | ///\r | |
143 | EfiIPsecInBound,\r | |
144 | ///\r | |
145 | /// The EfiIPsecOutBound refers to traffic entering the implementation via \r | |
146 | /// the protected interface, or emitted by the implementation on the protected side\r | |
147 | /// of the boundary and directed toward the unprotected interface.\r | |
148 | ///\r | |
149 | EfiIPsecOutBound\r | |
150 | } EFI_IPSEC_TRAFFIC_DIR;\r | |
151 | \r | |
152 | ///\r | |
153 | /// EFI_IPSEC_ACTION\r | |
154 | /// represents three possible processing choices.\r | |
155 | ///\r | |
156 | typedef enum {\r | |
157 | /// \r | |
158 | /// Refers to traffic that is not allowed to traverse the IPsec boundary.\r | |
159 | /// \r | |
160 | EfiIPsecActionDiscard,\r | |
161 | /// \r | |
162 | /// Refers to traffic that is allowed to cross the IPsec boundary \r | |
163 | /// without protection.\r | |
164 | /// \r | |
165 | EfiIPsecActionBypass,\r | |
166 | /// \r | |
167 | /// Refers to traffic that is afforded IPsec protection, and for such \r | |
168 | /// traffic the SPD must specify the security protocols to be \r | |
169 | /// employed, their mode, security service options, and the \r | |
170 | /// cryptographic algorithms to be used. \r | |
171 | ///\r | |
172 | EfiIPsecActionProtect\r | |
173 | } EFI_IPSEC_ACTION;\r | |
174 | \r | |
175 | ///\r | |
176 | /// EFI_IPSEC_SA_LIFETIME\r | |
177 | /// defines the lifetime of an SA, which represents when a SA must be \r | |
178 | /// replaced or terminated. A value of all 0 for each field removes \r | |
179 | /// the limitation of a SA lifetime.\r | |
180 | ///\r | |
181 | typedef struct _EFI_IPSEC_SA_LIFETIME {\r | |
182 | /// \r | |
183 | /// The number of bytes to which the IPsec cryptographic algorithm\r | |
184 | /// can be applied. For ESP, this is the encryption algorithm and for\r | |
185 | /// AH, this is the authentication algorithm. The ByteCount \r | |
186 | /// includes pad bytes for cryptographic operations.\r | |
187 | /// \r | |
188 | UINT64 ByteCount;\r | |
189 | /// \r | |
190 | /// A time interval in second that warns the implementation to \r | |
191 | /// initiate action such as setting up a replacement SA.\r | |
192 | /// \r | |
193 | UINT64 SoftLifetime;\r | |
194 | /// \r | |
195 | /// A time interval in second when the current SA ends and is \r | |
196 | /// destroyed.\r | |
197 | /// \r | |
198 | UINT64 HardLifetime;\r | |
199 | } EFI_IPSEC_SA_LIFETIME;\r | |
200 | \r | |
201 | ///\r | |
202 | /// EFI_IPSEC_MODE\r | |
203 | /// There are two modes of IPsec operation: transport mode and tunnel mode. In \r | |
204 | /// EfiIPsecTransport mode, AH and ESP provide protection primarily for next layer protocols; \r | |
205 | /// In EfiIPsecTunnel mode, AH and ESP are applied to tunneled IP packets.\r | |
206 | ///\r | |
207 | typedef enum {\r | |
208 | EfiIPsecTransport,\r | |
209 | EfiIPsecTunnel\r | |
210 | } EFI_IPSEC_MODE;\r | |
211 | \r | |
212 | ///\r | |
213 | /// EFI_IPSEC_TUNNEL_DF_OPTION\r | |
214 | /// The option of copying the DF bit from an outbound package to\r | |
215 | /// the tunnel mode header that it emits, when traffic is carried\r | |
216 | /// via a tunnel mode SA. This applies to SAs where both inner and\r | |
217 | /// outer headers are IPv4.\r | |
218 | ///\r | |
219 | typedef enum {\r | |
220 | EfiIPsecTunnelClearDf, ///< Clear DF bit from inner header.\r | |
221 | EfiIPsecTunnelSetDf, ///< Set DF bit from inner header.\r | |
222 | EfiIPsecTunnelCopyDf ///< Copy DF bit from inner header.\r | |
223 | } EFI_IPSEC_TUNNEL_DF_OPTION;\r | |
224 | \r | |
225 | ///\r | |
226 | /// EFI_IPSEC_TUNNEL_OPTION\r | |
227 | ///\r | |
228 | typedef struct _EFI_IPSEC_TUNNEL_OPTION {\r | |
229 | /// \r | |
230 | /// Local tunnel address when IPsec mode is EfiIPsecTunnel.\r | |
231 | /// \r | |
232 | EFI_IP_ADDRESS LocalTunnelAddress;\r | |
233 | /// \r | |
234 | /// Remote tunnel address when IPsec mode is EfiIPsecTunnel.\r | |
235 | /// \r | |
236 | EFI_IP_ADDRESS RemoteTunnelAddress;\r | |
237 | /// \r | |
238 | /// The option of copying the DF bit from an outbound package\r | |
239 | /// to the tunnel mode header that it emits, when traffic is \r | |
240 | /// carried via a tunnel mode SA. \r | |
241 | /// \r | |
242 | EFI_IPSEC_TUNNEL_DF_OPTION DF;\r | |
243 | } EFI_IPSEC_TUNNEL_OPTION;\r | |
244 | \r | |
245 | ///\r | |
246 | /// EFI_IPSEC_PROTOCOL_TYPE\r | |
247 | ///\r | |
248 | typedef enum {\r | |
249 | EfiIPsecAH, ///< IP Authentication Header protocol which is specified in RFC 4302.\r | |
250 | EfiIPsecESP ///< IP Encapsulating Security Payload which is specified in RFC 4303. \r | |
251 | } EFI_IPSEC_PROTOCOL_TYPE;\r | |
252 | \r | |
253 | ///\r | |
254 | /// EFI_IPSEC_PROCESS_POLICY\r | |
255 | /// describes a policy list for traffic processing.\r | |
256 | ///\r | |
257 | typedef struct _EFI_IPSEC_PROCESS_POLICY {\r | |
258 | /// \r | |
259 | /// Extended Sequence Number. Is this SA using extended sequence \r | |
260 | /// numbers. 64 bit counter is used if TRUE.\r | |
261 | /// \r | |
262 | BOOLEAN ExtSeqNum;\r | |
263 | /// \r | |
264 | /// A flag indicating whether overflow of the sequence number \r | |
265 | /// counter should generate an auditable event and prevent \r | |
266 | /// transmission of additional packets on the SA, or whether rollover \r | |
267 | /// is permitted.\r | |
268 | /// \r | |
269 | BOOLEAN SeqOverflow;\r | |
270 | /// \r | |
271 | /// Is this SA using stateful fragment checking. TRUE represents \r | |
272 | /// stateful fragment checking.\r | |
273 | /// \r | |
274 | BOOLEAN FragCheck;\r | |
275 | /// \r | |
276 | /// A time interval after which a SA must be replaced with a new SA \r | |
277 | /// (and new SPI) or terminated. \r | |
278 | /// \r | |
279 | EFI_IPSEC_SA_LIFETIME SaLifetime;\r | |
280 | /// \r | |
281 | /// IPsec mode: tunnel or transport.\r | |
282 | /// \r | |
283 | EFI_IPSEC_MODE Mode;\r | |
284 | /// \r | |
285 | /// Tunnel Option. TunnelOption is ignored if Mode is EfiIPsecTransport.\r | |
286 | /// \r | |
287 | EFI_IPSEC_TUNNEL_OPTION *TunnelOption;\r | |
288 | /// \r | |
289 | /// IPsec protocol: AH or ESP\r | |
290 | /// \r | |
291 | EFI_IPSEC_PROTOCOL_TYPE Proto;\r | |
292 | /// \r | |
293 | /// Cryptographic algorithm type used for authentication.\r | |
294 | /// \r | |
295 | UINT8 AuthAlgoId;\r | |
296 | /// \r | |
297 | /// Cryptographic algorithm type used for encryption. EncAlgo is \r | |
298 | /// NULL when IPsec protocol is AH. For ESP protocol, EncAlgo \r | |
299 | /// can also be used to describe the algorithm if a combined mode \r | |
300 | /// algorithm is used.\r | |
301 | ///\r | |
302 | UINT8 EncAlgoId;\r | |
303 | } EFI_IPSEC_PROCESS_POLICY;\r | |
304 | \r | |
305 | ///\r | |
306 | /// IPsec Authentication Algorithm Definition\r | |
307 | /// The number value definition is aligned to IANA assignment\r | |
308 | ///\r | |
309 | #define EFI_IPSEC_AALG_NONE 0x00\r | |
310 | #define EFI_IPSEC_AALG_MD5HMAC 0x02\r | |
311 | #define EFI_IPSEC_AALG_SHA1HMAC 0x03\r | |
312 | #define EFI_IPSEC_AALG_SHA2_256HMAC 0x05\r | |
313 | #define EFI_IPSEC_AALG_SHA2_384HMAC 0x06\r | |
314 | #define EFI_IPSEC_AALG_SHA2_512HMAC 0x07\r | |
315 | #define EFI_IPSEC_AALG_AES_XCBC_MAC 0x09\r | |
316 | #define EFI_IPSEC_AALG_NULL 0xFB\r | |
317 | \r | |
318 | ///\r | |
319 | /// IPsec Encryption Algorithm Definition\r | |
320 | /// The number value definition is aligned to IANA assignment\r | |
321 | ///\r | |
322 | #define EFI_IPSEC_EALG_NONE 0x00\r | |
323 | #define EFI_IPSEC_EALG_DESCBC 0x02\r | |
324 | #define EFI_IPSEC_EALG_3DESCBC 0x03\r | |
325 | #define EFI_IPSEC_EALG_CASTCBC 0x06\r | |
326 | #define EFI_IPSEC_EALG_BLOWFISHCBC 0x07\r | |
327 | #define EFI_IPSEC_EALG_NULL 0x0B\r | |
328 | #define EFI_IPSEC_EALG_AESCBC 0x0C\r | |
329 | #define EFI_IPSEC_EALG_AESCTR 0x0D\r | |
330 | #define EFI_IPSEC_EALG_AES_CCM_ICV8 0x0E\r | |
331 | #define EFI_IPSEC_EALG_AES_CCM_ICV12 0x0F\r | |
332 | #define EFI_IPSEC_EALG_AES_CCM_ICV16 0x10\r | |
333 | #define EFI_IPSEC_EALG_AES_GCM_ICV8 0x12\r | |
334 | #define EFI_IPSEC_EALG_AES_GCM_ICV12 0x13\r | |
335 | #define EFI_IPSEC_EALG_AES_GCM_ICV16 0x14\r | |
336 | \r | |
337 | ///\r | |
338 | /// EFI_IPSEC_SA_ID\r | |
339 | /// A triplet to identify an SA, consisting of the following members.\r | |
340 | ///\r | |
341 | typedef struct _EFI_IPSEC_SA_ID {\r | |
342 | /// \r | |
343 | /// Security Parameter Index (aka SPI). An arbitrary 32-bit value \r | |
344 | /// that is used by a receiver to identity the SA to which an incoming \r | |
345 | /// package should be bound.\r | |
346 | /// \r | |
347 | UINT32 Spi;\r | |
348 | /// \r | |
349 | /// IPsec protocol: AH or ESP\r | |
350 | /// \r | |
351 | EFI_IPSEC_PROTOCOL_TYPE Proto;\r | |
352 | /// \r | |
353 | /// Destination IP address. \r | |
354 | /// \r | |
355 | EFI_IP_ADDRESS DestAddress;\r | |
356 | } EFI_IPSEC_SA_ID;\r | |
357 | \r | |
358 | \r | |
359 | #define MAX_PEERID_LEN 128\r | |
360 | \r | |
361 | ///\r | |
362 | /// EFI_IPSEC_SPD_DATA\r | |
363 | ///\r | |
364 | typedef struct _EFI_IPSEC_SPD_DATA {\r | |
365 | /// \r | |
366 | /// A null-terminated name string which is used as a symbolic \r | |
367 | /// identifier for an IPsec Local or Remote address.\r | |
368 | /// \r | |
369 | UINT8 Name[MAX_PEERID_LEN];\r | |
370 | /// \r | |
371 | /// Bit-mapped list describing Populate from Packet flags. When \r | |
372 | /// creating a SA, if PackageFlag bit is set to TRUE, instantiate \r | |
373 | /// the selector from the corresponding field in the package that \r | |
374 | /// triggered the creation of the SA, else from the value(s) in the \r | |
375 | /// corresponding SPD entry. The PackageFlag bit setting for \r | |
376 | /// corresponding selector field of EFI_IPSEC_SPD_SELECTOR:\r | |
377 | /// Bit 0: EFI_IPSEC_SPD_SELECTOR.LocalAddress \r | |
378 | /// Bit 1: EFI_IPSEC_SPD_SELECTOR.RemoteAddress \r | |
379 | /// Bit 2: \r | |
380 | /// EFI_IPSEC_SPD_SELECTOR.NextLayerProtocol \r | |
381 | /// Bit 3: EFI_IPSEC_SPD_SELECTOR.LocalPort \r | |
382 | /// Bit 4: EFI_IPSEC_SPD_SELECTOR.RemotePort \r | |
383 | /// Others: Reserved.\r | |
384 | ///\r | |
385 | UINT32 PackageFlag;\r | |
386 | /// \r | |
387 | /// The traffic direction of data gram.\r | |
388 | /// \r | |
389 | EFI_IPSEC_TRAFFIC_DIR TrafficDirection;\r | |
390 | /// \r | |
391 | /// Processing choices to indicate which action is required by this \r | |
392 | /// policy. \r | |
393 | /// \r | |
394 | EFI_IPSEC_ACTION Action;\r | |
395 | /// \r | |
396 | /// The policy and rule information for a SPD entry.\r | |
397 | /// \r | |
398 | EFI_IPSEC_PROCESS_POLICY *ProcessingPolicy;\r | |
399 | /// \r | |
400 | /// Specifies the actual number of entries in SaId list.\r | |
401 | /// \r | |
402 | UINTN SaIdCount;\r | |
403 | /// \r | |
404 | /// The SAD entry used for the traffic processing. The \r | |
405 | /// existed SAD entry links indicate this is the manual key case.\r | |
406 | /// \r | |
407 | EFI_IPSEC_SA_ID SaId[1];\r | |
408 | } EFI_IPSEC_SPD_DATA;\r | |
409 | \r | |
410 | ///\r | |
411 | /// EFI_IPSEC_AH_ALGO_INFO\r | |
412 | /// The security algorithm selection for IPsec AH authentication.\r | |
413 | /// The required authentication algorithm is specified in RFC 4305.\r | |
414 | ///\r | |
415 | typedef struct _EFI_IPSEC_AH_ALGO_INFO {\r | |
416 | UINT8 AuthAlgoId;\r | |
417 | UINTN AuthKeyLength;\r | |
418 | VOID *AuthKey;\r | |
419 | } EFI_IPSEC_AH_ALGO_INFO;\r | |
420 | \r | |
421 | ///\r | |
422 | /// EFI_IPSEC_ESP_ALGO_INFO\r | |
423 | /// The security algorithm selection for IPsec ESP encryption and authentication.\r | |
424 | /// The required authentication algorithm is specified in RFC 4305. \r | |
425 | /// EncAlgoId fields can also specify an ESP combined mode algorithm \r | |
426 | /// (e.g. AES with CCM mode, specified in RFC 4309), which provides both \r | |
427 | /// confidentiality and authentication services.\r | |
428 | ///\r | |
429 | typedef struct _EFI_IPSEC_ESP_ALGO_INFO {\r | |
430 | UINT8 EncAlgoId;\r | |
431 | UINTN EncKeyLength;\r | |
432 | VOID *EncKey;\r | |
433 | UINT8 AuthAlgoId;\r | |
434 | UINTN AuthKeyLength;\r | |
435 | VOID *AuthKey;\r | |
436 | } EFI_IPSEC_ESP_ALGO_INFO;\r | |
437 | \r | |
438 | ///\r | |
439 | /// EFI_IPSEC_ALGO_INFO\r | |
440 | ///\r | |
441 | typedef union {\r | |
442 | EFI_IPSEC_AH_ALGO_INFO AhAlgoInfo;\r | |
443 | EFI_IPSEC_ESP_ALGO_INFO EspAlgoInfo;\r | |
444 | } EFI_IPSEC_ALGO_INFO;\r | |
445 | \r | |
446 | ///\r | |
447 | /// EFI_IPSEC_SA_DATA\r | |
448 | ///\r | |
449 | typedef struct _EFI_IPSEC_SA_DATA {\r | |
450 | /// \r | |
451 | /// IPsec mode: tunnel or transport.\r | |
452 | /// \r | |
453 | EFI_IPSEC_MODE Mode;\r | |
454 | /// \r | |
455 | /// Sequence Number Counter. A 64-bit counter used to generate the \r | |
456 | /// sequence number field in AH or ESP headers.\r | |
457 | /// \r | |
458 | UINT64 SNCount;\r | |
459 | /// \r | |
460 | /// Anti-Replay Window. A 64-bit counter and a bit-map used to \r | |
461 | /// determine whether an inbound AH or ESP packet is a replay.\r | |
462 | /// \r | |
463 | UINT8 AntiReplayWindows;\r | |
464 | /// \r | |
465 | /// AH/ESP cryptographic algorithm, key and parameters. \r | |
466 | /// \r | |
467 | EFI_IPSEC_ALGO_INFO AlgoInfo;\r | |
468 | /// \r | |
469 | /// Lifetime of this SA. \r | |
470 | /// \r | |
471 | EFI_IPSEC_SA_LIFETIME SaLifetime;\r | |
472 | /// \r | |
473 | /// Any observed path MTU and aging variables. The Path MTU \r | |
474 | /// processing is defined in section 8 of RFC 4301.\r | |
475 | /// \r | |
476 | UINT32 PathMTU;\r | |
477 | /// \r | |
478 | /// Link to one SPD entry.\r | |
479 | /// \r | |
480 | EFI_IPSEC_SPD_SELECTOR *SpdSelector;\r | |
481 | /// \r | |
482 |