]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | Prototypes definitions of IKE service.\r | |
6cf9230f | 3 | \r |
5dd08a46 | 4 | Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 5 | \r |
ecf98fbc | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9166f840 | 7 | \r |
8 | **/\r | |
9 | \r | |
10 | #ifndef _IKE_SERVICE_H_\r | |
11 | #define _IKE_SERVICE_H_\r | |
12 | \r | |
13 | #include "Ike.h"\r | |
14 | #include "IpSecImpl.h"\r | |
15 | #include "IkeCommon.h"\r | |
5dd08a46 | 16 | #include "Ikev2/Utility.h"\r |
9166f840 | 17 | \r |
18 | #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r | |
19 | \r | |
20 | /**\r | |
21 | This is prototype definition of general interface to intialize a IKE negotiation.\r | |
22 | \r | |
23 | @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r | |
24 | @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r | |
25 | @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r | |
26 | @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r | |
27 | \r | |
28 | @retval EFI_SUCCESS The operation is successful.\r | |
29 | @return Otherwise The operation is failed.\r | |
30 | \r | |
31 | **/\r | |
32 | typedef\r | |
33 | EFI_STATUS\r | |
34 | (*IKE_NEGOTIATE_SA) (\r | |
35 | IN IKE_UDP_SERVICE * UdpService,\r | |
36 | IN IPSEC_SPD_ENTRY * SpdEntry,\r | |
37 | IN IPSEC_PAD_ENTRY * PadEntry,\r | |
38 | IN EFI_IP_ADDRESS * RemoteIp\r | |
39 | );\r | |
40 | \r | |
41 | /**\r | |
6cf9230f | 42 | This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r |
9166f840 | 43 | \r |
44 | This function will be called when the related IKE SA is existed and start to\r | |
45 | create a Child SA.\r | |
46 | \r | |
47 | @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r | |
48 | @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r | |
49 | @param[in] Context Point to data passed from the caller.\r | |
50 | \r | |
51 | @retval EFI_SUCCESS The operation is successful.\r | |
52 | @retval Otherwise The operation is failed.\r | |
53 | \r | |
54 | **/\r | |
55 | typedef\r | |
56 | EFI_STATUS\r | |
57 | (*IKE_NEGOTIATE_CHILD_SA) (\r | |
58 | IN UINT8 *IkeSaSession,\r | |
59 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
60 | IN UINT8 *Context\r | |
61 | );\r | |
62 | \r | |
63 | /**\r | |
64 | This is prototype definition of the general interface when initialize a Inforamtion\r | |
65 | Exchange.\r | |
66 | \r | |
67 | @param[in] IkeSaSession Point to IKE SA Session related to.\r | |
68 | @param[in] Context Point to data passed from caller.\r | |
69 | \r | |
70 | **/\r | |
71 | typedef\r | |
72 | EFI_STATUS\r | |
73 | (*IKE_NEGOTIATE_INFO) (\r | |
74 | IN UINT8 *IkeSaSession,\r | |
75 | IN UINT8 *Context\r | |
76 | );\r | |
77 | \r | |
78 | /**\r | |
6cf9230f | 79 | This is prototype definition of the general interface when recived a IKE Pakcet\r |
9166f840 | 80 | for the IKE SA establishing.\r |
81 | \r | |
82 | @param[in] UdpService Point to UDP service used to send IKE Packet.\r | |
83 | @param[in] IkePacket Point to received IKE packet.\r | |
84 | \r | |
85 | **/\r | |
86 | typedef\r | |
87 | VOID\r | |
88 | (*IKE_HANDLE_SA) (\r | |
89 | IN IKE_UDP_SERVICE *UdpService,\r | |
90 | IN IKE_PACKET *IkePacket\r | |
91 | );\r | |
92 | \r | |
93 | /**\r | |
94 | This is prototyp definition of the general interface when recived a IKE Packet\r | |
6cf9230f | 95 | xfor the Child SA establishing.\r |
96 | \r | |
9166f840 | 97 | @param[in] UdpService Point to UDP service used to send IKE packet.\r |
98 | @param[in] IkePacket Point to received IKE packet.\r | |
99 | \r | |
100 | **/\r | |
101 | typedef\r | |
102 | VOID\r | |
103 | (*IKE_HANDLE_CHILD_SA) (\r | |
104 | IN IKE_UDP_SERVICE *UdpService,\r | |
105 | IN IKE_PACKET *IkePacket\r | |
106 | );\r | |
107 | \r | |
108 | /**\r | |
6cf9230f | 109 | This is prototype definition of the general interface when received a IKE\r |
9166f840 | 110 | information Packet.\r |
111 | \r | |
112 | @param[in] UdpService Point to UDP service used to send IKE packet.\r | |
113 | @param[in] IkePacket Point to received IKE packet.\r | |
114 | \r | |
115 | **/\r | |
116 | typedef\r | |
117 | VOID\r | |
118 | (*IKE_HANDLE_INFO) (\r | |
119 | IN IKE_UDP_SERVICE *UdpService,\r | |
120 | IN IKE_PACKET *IkePacket\r | |
121 | );\r | |
122 | \r | |
123 | typedef struct _IKE_EXCHANGE_INTERFACE {\r | |
124 | UINT8 IkeVer;\r | |
125 | IKE_NEGOTIATE_SA NegotiateSa;\r | |
126 | IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r | |
127 | IKE_NEGOTIATE_INFO NegotiateInfo;\r | |
128 | IKE_HANDLE_SA HandleSa;\r | |
129 | IKE_HANDLE_CHILD_SA HandleChildSa;\r | |
130 | IKE_HANDLE_INFO HandleInfo;\r | |
131 | } IKE_EXCHANGE_INTERFACE;\r | |
132 | \r | |
133 | /**\r | |
134 | Open and configure a UDPIO of Udp4 for IKE packet receiving.\r | |
6cf9230f | 135 | \r |
136 | This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r | |
9166f840 | 137 | a UDP4 IO for each NIC handle.\r |
6cf9230f | 138 | \r |
9166f840 | 139 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
140 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 141 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 142 | \r |
9166f840 | 143 | @retval EFI_SUCCESS The Operation is successful.\r |
144 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 145 | \r |
9166f840 | 146 | **/\r |
147 | EFI_STATUS\r | |
148 | IkeOpenInputUdp4 (\r | |
149 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 150 | IN EFI_HANDLE Controller,\r |
151 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 152 | );\r |
153 | \r | |
154 | /**\r | |
155 | Open and configure a UDPIO of Udp6 for IKE packet receiving.\r | |
6cf9230f | 156 | \r |
9166f840 | 157 | This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r |
158 | IO for each NIC handle.\r | |
6cf9230f | 159 | \r |
9166f840 | 160 | @param[in] Private Point to IPSEC_PRIVATE_DATA\r |
161 | @param[in] Controller Handler for NIC card.\r | |
6879581d | 162 | @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r |
6cf9230f | 163 | \r |
9166f840 | 164 | @retval EFI_SUCCESS The Operation is successful.\r |
165 | @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r | |
6cf9230f | 166 | \r |
9166f840 | 167 | **/\r |
168 | EFI_STATUS\r | |
169 | IkeOpenInputUdp6 (\r | |
170 | IN IPSEC_PRIVATE_DATA *Private,\r | |
6879581d | 171 | IN EFI_HANDLE Controller,\r |
172 | IN EFI_HANDLE ImageHandle\r | |
9166f840 | 173 | );\r |
174 | \r | |
175 | /**\r | |
176 | The general interface of starting IPsec Key Exchange.\r | |
6cf9230f | 177 | \r |
9166f840 | 178 | This function is called when start a IKE negotiation to get a Key.\r |
6cf9230f | 179 | \r |
180 | @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r | |
9166f840 | 181 | IKE packet sending.\r |
182 | @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r | |
183 | @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r | |
6cf9230f | 184 | \r |
9166f840 | 185 | @retval EFI_SUCCESS The Operation is successful.\r |
186 | @retval EFI_ACCESS_DENIED No related PAD entry was found.\r | |
6cf9230f | 187 | \r |
9166f840 | 188 | **/\r |
189 | EFI_STATUS\r | |
190 | IkeNegotiate (\r | |
191 | IN IKE_UDP_SERVICE *UdpService,\r | |
192 | IN IPSEC_SPD_ENTRY *SpdEntry,\r | |
193 | IN EFI_IP_ADDRESS *RemoteIp\r | |
194 | );\r | |
195 | \r | |
196 | /**\r | |
197 | The general interface when receive a IKE packet.\r | |
6cf9230f | 198 | \r |
9166f840 | 199 | This function is called when UDP IO receives a IKE packet.\r |
6cf9230f | 200 | \r |
9166f840 | 201 | @param[in] Packet Point to received IKE packet.\r |
6cf9230f | 202 | @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r |
9166f840 | 203 | Remote IP and Port.\r |
204 | @param[in] IoStatus The Status of Recieve Token.\r | |
205 | @param[in] Context Point to data passed from the caller.\r | |
6cf9230f | 206 | \r |
9166f840 | 207 | **/\r |
208 | VOID\r | |
1d8fa5e9 | 209 | EFIAPI\r |
9166f840 | 210 | IkeDispatch (\r |
211 | IN NET_BUF *Packet,\r | |
212 | IN UDP_END_POINT *EndPoint,\r | |
213 | IN EFI_STATUS IoStatus,\r | |
214 | IN VOID *Context\r | |
215 | );\r | |
216 | \r | |
217 | /**\r | |
218 | Check if the NIC handle is binded to a Udp service.\r | |
219 | \r | |
220 | @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r | |
76389e18 | 221 | @param[in] Handle The Handle of the NIC card\r |
9166f840 | 222 | @param[in] IpVersion The version of the IP stack.\r |
223 | \r | |
224 | @return a pointer of IKE_UDP_SERVICE.\r | |
225 | \r | |
226 | **/\r | |
227 | IKE_UDP_SERVICE *\r | |
228 | IkeLookupUdp (\r | |
229 | IN IPSEC_PRIVATE_DATA *Private,\r | |
230 | IN EFI_HANDLE Handle,\r | |
231 | IN UINT8 IpVersion\r | |
232 | );\r | |
233 | \r | |
234 | \r | |
235 | /**\r | |
236 | Delete all established IKE SAs and related Child SAs.\r | |
6cf9230f | 237 | \r |
238 | This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r | |
239 | IkeDeleteChildSa() to delete all Child SAs then send out the related\r | |
9166f840 | 240 | Information packet.\r |
241 | \r | |
6cf9230f | 242 | @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r |
4b0f5775 | 243 | @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r |
9166f840 | 244 | \r |
245 | **/\r | |
246 | VOID\r | |
247 | IkeDeleteAllSas (\r | |
6cf9230f | 248 | IN IPSEC_PRIVATE_DATA *Private,\r |
249 | IN BOOLEAN IsDisableIpsec\r | |
9166f840 | 250 | );\r |
251 | \r | |
252 | \r | |
253 | extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r | |
254 | extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r | |
255 | \r | |
256 | #endif\r |