[mirror_edk2.git] / NetworkPkg / IpSecDxe / IkeCommon.h

/** @file\r
  Common operation of the IKE.\r
\r
  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef _IKE_COMMON_H_\r
#define _IKE_COMMON_H_\r
\r
#include <Protocol/Udp4.h>\r
#include <Protocol/Udp6.h>\r
#include <Protocol/Ip4Config2.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiRuntimeServicesTableLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/UdpIoLib.h>\r
#include <Library/BaseCryptLib.h>\r
\r
#include "Ikev2/Ikev2.h"\r
#include "IpSecImpl.h"\r
#include "IkePacket.h"\r
#include "IpSecCryptIo.h"\r
\r
\r
#define IKE_DEFAULT_PORT              500\r
#define IKE_DEFAULT_TIMEOUT_INTERVAL  10000 // 10s\r
#define IKE_NONCE_SIZE                16\r
#define IKE_MAX_RETRY                 4\r
#define IKE_SPI_BASE                  0x100\r
#define IKE_PAYLOAD_SIGNATURE         SIGNATURE_32('I','K','E','P')\r
#define IKE_PAYLOAD_BY_PACKET(a)      CR(a,IKE_PAYLOAD,ByPacket,IKE_PAYLOAD_SIGNATURE)\r
\r
\r
#define IKE_PACKET_APPEND_PAYLOAD(IkePacket,IkePayload)                 \\r
  do {                                                                  \\r
    InsertTailList(&(IkePacket)->PayloadList, &(IkePayload)->ByPacket); \\r
  } while (0)\r
\r
#define IKE_PACKET_REMOVE_PAYLOAD(IkePacket,IkePayload)                 \\r
  do {                                                                  \\r
    RemoveEntryList(&(IkePayload)->ByPacket);                           \\r
  } while (0)\r
\r
#define IKE_PACKET_END_PAYLOAD(IkePacket, Node)                        \\r
  Node = GetFirstNode (&(IkePacket)->PayloadList);                      \\r
  while (!IsNodeAtEnd (&(IkePacket)->PayloadList, Node)) {             \\r
    Node = GetNextNode (&(IkePacket)->PayloadList, Node);              \\r
  }                                                                     \\r
\r
/**\r
  Call Crypto Lib to generate a random value with eight-octet length.\r
\r
  @return the 64 byte vaule.\r
\r
**/\r
UINT64\r
IkeGenerateCookie (\r
  VOID\r
  );\r
\r
/**\r
  Generate the random data for Nonce payload.\r
\r
  @param[in]  NonceSize      Size of the data in bytes.\r
\r
  @return Buffer which contains the random data of the spcified size.\r
\r
**/\r
UINT8 *\r
IkeGenerateNonce (\r
  IN UINTN              NonceSize\r
  );\r
\r
/**\r
  Convert the IKE Header from Network order to Host order.\r
\r
  @param[in, out]  Header    The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrNetToHost (\r
  IN OUT IKE_HEADER *Header\r
  );\r
\r
\r
/**\r
  Convert the IKE Header from Host order to Network order.\r
\r
  @param[in, out] Header     The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrHostToNet (\r
  IN OUT IKE_HEADER *Header\r
  );\r
\r
/**\r
  Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
\r
  @return A buffer of IKE_PAYLOAD.\r
\r
**/\r
IKE_PAYLOAD *\r
IkePayloadAlloc (\r
  VOID\r
  );\r
\r
/**\r
  Free a specified IKE_PAYLOAD buffer.\r
\r
  @param[in]  IkePayload   Pointer of IKE_PAYLOAD to be freed.\r
\r
**/\r
VOID\r
IkePayloadFree (\r
  IN IKE_PAYLOAD *IkePayload\r
  );\r
\r
/**\r
  Generate an new SPI.\r
\r
  @param[in]       IkeSaSession   Pointer to IKEV2_SA_SESSION related to this Child SA\r
                                  Session.\r
  @param[in, out]  SpiValue       Pointer to the new generated SPI value.\r
\r
  @retval EFI_SUCCESS         The operation performs successfully.\r
  @retval Otherwise           The operation is failed.\r
\r
**/\r
EFI_STATUS\r
IkeGenerateSpi (\r
  IN     IKEV2_SA_SESSION         *IkeSaSession,\r
  IN OUT UINT32                   *SpiValue\r
  );\r
\r
/**\r
  Generate a random data for IV\r
\r
  @param[in]  IvBuffer  The pointer of the IV buffer.\r
  @param[in]  IvSize    The IV size.\r
\r
  @retval     EFI_SUCCESS  Create a random data for IV.\r
  @retval     otherwise    Failed.\r
\r
**/\r
EFI_STATUS\r
IkeGenerateIv (\r
  IN UINT8                           *IvBuffer,\r
  IN UINTN                           IvSize\r
  );\r
\r
/**\r
  Get the IKE Version from the IKE_SA_SESSION.\r
\r
  @param[in]  Session  Pointer of the IKE_SA_SESSION.\r
\r
**/\r
UINT8\r
IkeGetVersionFromSession (\r
  IN UINT8                    *Session\r
  );\r
\r
/**\r
  Find SPD entry by a specified SPD selector.\r
\r
  @param[in] SpdSel       Point to SPD Selector to be searched for.\r
\r
  @retval Point to Spd Entry if the SPD entry found.\r
  @retval NULL if not found.\r
\r
**/\r
IPSEC_SPD_ENTRY *\r
IkeSearchSpdEntry (\r
  IN EFI_IPSEC_SPD_SELECTOR             *SpdSel\r
  );\r
\r
extern MODP_GROUP             OakleyModpGroup[];\r
extern IKE_ALG_GUID_INFO      mIPsecEncrAlgInfo[];\r
extern IKE_ALG_GUID_INFO      mIPsecAuthAlgInfo[];\r
\r
#endif\r
\r
Commit	Line	Data
9166f840	1	/** @file\r
	2	Common operation of the IKE.\r
	3	\r
f75a7f56	4	Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
9166f840	5	\r
ecf98fbc	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
9166f840	7	\r
	8	**/\r
	9	\r
	10	#ifndef _IKE_COMMON_H_\r
	11	#define _IKE_COMMON_H_\r
	12	\r
	13	#include <Protocol/Udp4.h>\r
	14	#include <Protocol/Udp6.h>\r
39561686	15	#include <Protocol/Ip4Config2.h>\r
f75a7f56	16	\r
9166f840	17	#include <Library/BaseLib.h>\r
	18	#include <Library/BaseMemoryLib.h>\r
	19	#include <Library/MemoryAllocationLib.h>\r
	20	#include <Library/UefiRuntimeServicesTableLib.h>\r
	21	#include <Library/UefiBootServicesTableLib.h>\r
	22	#include <Library/DebugLib.h>\r
	23	#include <Library/UdpIoLib.h>\r
	24	#include <Library/BaseCryptLib.h>\r
	25	\r
	26	#include "Ikev2/Ikev2.h"\r
	27	#include "IpSecImpl.h"\r
	28	#include "IkePacket.h"\r
	29	#include "IpSecCryptIo.h"\r
	30	\r
	31	\r
	32	#define IKE_DEFAULT_PORT 500\r
	33	#define IKE_DEFAULT_TIMEOUT_INTERVAL 10000 // 10s\r
	34	#define IKE_NONCE_SIZE 16\r
	35	#define IKE_MAX_RETRY 4\r
96c13c01	36	#define IKE_SPI_BASE 0x100\r
9166f840	37	#define IKE_PAYLOAD_SIGNATURE SIGNATURE_32('I','K','E','P')\r
	38	#define IKE_PAYLOAD_BY_PACKET(a) CR(a,IKE_PAYLOAD,ByPacket,IKE_PAYLOAD_SIGNATURE)\r
	39	\r
	40	\r
	41	#define IKE_PACKET_APPEND_PAYLOAD(IkePacket,IkePayload) \\r
	42	do { \\r
	43	InsertTailList(&(IkePacket)->PayloadList, &(IkePayload)->ByPacket); \\r
	44	} while (0)\r
	45	\r
	46	#define IKE_PACKET_REMOVE_PAYLOAD(IkePacket,IkePayload) \\r
	47	do { \\r
	48	RemoveEntryList(&(IkePayload)->ByPacket); \\r
	49	} while (0)\r
	50	\r
	51	#define IKE_PACKET_END_PAYLOAD(IkePacket, Node) \\r
	52	Node = GetFirstNode (&(IkePacket)->PayloadList); \\r
	53	while (!IsNodeAtEnd (&(IkePacket)->PayloadList, Node)) { \\r
	54	Node = GetNextNode (&(IkePacket)->PayloadList, Node); \\r
	55	} \\r
	56	\r
	57	/**\r
	58	Call Crypto Lib to generate a random value with eight-octet length.\r
f75a7f56	59	\r
9166f840	60	@return the 64 byte vaule.\r
	61	\r
	62	**/\r
	63	UINT64\r
	64	IkeGenerateCookie (\r
	65	VOID\r
	66	);\r
	67	\r
	68	/**\r
	69	Generate the random data for Nonce payload.\r
	70	\r
	71	@param[in] NonceSize Size of the data in bytes.\r
f75a7f56 LG	72	\r
f75a7f56 LG	73	@return Buffer which contains the random data of the spcified size.\r
9166f840	74	\r
	75	**/\r
	76	UINT8 *\r
	77	IkeGenerateNonce (\r
	78	IN UINTN NonceSize\r
	79	);\r
	80	\r
	81	/**\r
	82	Convert the IKE Header from Network order to Host order.\r
	83	\r
	84	@param[in, out] Header The pointer of the IKE_HEADER.\r
	85	\r
	86	**/\r
	87	VOID\r
	88	IkeHdrNetToHost (\r
	89	IN OUT IKE_HEADER *Header\r
	90	);\r
	91	\r
	92	\r
	93	/**\r
	94	Convert the IKE Header from Host order to Network order.\r
	95	\r
	96	@param[in, out] Header The pointer of the IKE_HEADER.\r
	97	\r
	98	**/\r
	99	VOID\r
	100	IkeHdrHostToNet (\r
	101	IN OUT IKE_HEADER *Header\r
	102	);\r
	103	\r
	104	/**\r
	105	Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
	106	\r
	107	@return A buffer of IKE_PAYLOAD.\r
	108	\r
	109	**/\r
	110	IKE_PAYLOAD *\r
	111	IkePayloadAlloc (\r
	112	VOID\r
	113	);\r
	114	\r
	115	/**\r
	116	Free a specified IKE_PAYLOAD buffer.\r
	117	\r
	118	@param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.\r
	119	\r
	120	**/\r
	121	VOID\r
	122	IkePayloadFree (\r
	123	IN IKE_PAYLOAD *IkePayload\r
	124	);\r
	125	\r
	126	/**\r
96c13c01	127	Generate an new SPI.\r
f75a7f56 LG	128	\r
f75a7f56 LG	129	@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA\r
55d05ae1	130	Session.\r
f75a7f56 LG	131	@param[in, out] SpiValue Pointer to the new generated SPI value.\r
f75a7f56 LG	132	\r
96c13c01 JW	133	@retval EFI_SUCCESS The operation performs successfully.\r
96c13c01 JW	134	@retval Otherwise The operation is failed.\r
9166f840	135	\r
9166f840	136	**/\r
96c13c01	137	EFI_STATUS\r
9166f840	138	IkeGenerateSpi (\r
55d05ae1 JW	139	IN IKEV2_SA_SESSION *IkeSaSession,\r
55d05ae1 JW	140	IN OUT UINT32 *SpiValue\r
9166f840	141	);\r
	142	\r
	143	/**\r
	144	Generate a random data for IV\r
	145	\r
	146	@param[in] IvBuffer The pointer of the IV buffer.\r
	147	@param[in] IvSize The IV size.\r
	148	\r
	149	@retval EFI_SUCCESS Create a random data for IV.\r
	150	@retval otherwise Failed.\r
	151	\r
	152	**/\r
	153	EFI_STATUS\r
	154	IkeGenerateIv (\r
	155	IN UINT8 *IvBuffer,\r
	156	IN UINTN IvSize\r
	157	);\r
	158	\r
	159	/**\r
	160	Get the IKE Version from the IKE_SA_SESSION.\r
	161	\r
	162	@param[in] Session Pointer of the IKE_SA_SESSION.\r
	163	\r
	164	**/\r
	165	UINT8\r
	166	IkeGetVersionFromSession (\r
	167	IN UINT8 *Session\r
	168	);\r
	169	\r
44de1013 HT	170	/**\r
	171	Find SPD entry by a specified SPD selector.\r
	172	\r
9166f840	173	@param[in] SpdSel Point to SPD Selector to be searched for.\r
44de1013 HT	174	\r
	175	@retval Point to Spd Entry if the SPD entry found.\r
	176	@retval NULL if not found.\r
	177	\r
	178	**/\r
	179	IPSEC_SPD_ENTRY *\r
9166f840	180	IkeSearchSpdEntry (\r
44de1013	181	IN EFI_IPSEC_SPD_SELECTOR *SpdSel\r
9166f840	182	);\r
9166f840	183	\r
9166f840	184	extern MODP_GROUP OakleyModpGroup[];\r
	185	extern IKE_ALG_GUID_INFO mIPsecEncrAlgInfo[];\r
	186	extern IKE_ALG_GUID_INFO mIPsecAuthAlgInfo[];\r
	187	\r
	188	#endif\r
	189	\r