9166f840 |
1 | /** @file\r |
2 | IKEv2 related definitions.\r |
3 | \r |
f75a7f56 |
4 | Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9166f840 |
5 | \r |
ecf98fbc |
6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9166f840 |
7 | \r |
8 | **/\r |
9 | #ifndef _IKE_V2_H_\r |
10 | #define _IKE_V2_H_\r |
11 | \r |
12 | #include "Ike.h"\r |
13 | #include "Payload.h"\r |
14 | \r |
15 | #define IKEV2_TS_ANY_PORT 0xffff\r |
16 | #define IKEV2_TS_ANY_PROTOCOL 0\r |
17 | \r |
18 | #define IKEV2_DELET_CHILDSA_LIST 0\r |
19 | #define IKEV2_ESTABLISHING_CHILDSA_LIST 1\r |
20 | #define IKEV2_ESTABLISHED_CHILDSA_LIST 2\r |
21 | \r |
22 | #define IKEV2_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'I')\r |
23 | #define IKEV2_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_SA_SESSION, SessionCommon, IKEV2_SA_SESSION_SIGNATURE)\r |
24 | #define IKEV2_SA_SESSION_BY_SESSION(a) CR (a, IKEV2_SA_SESSION, BySessionTable, IKEV2_SA_SESSION_SIGNATURE)\r |
25 | #define IKEV2_SA_SESSION_BY_ESTABLISHED(a) CR (a, IKEV2_SA_SESSION, ByEstablishedTable, IKEV2_SA_SESSION_SIGNATURE)\r |
26 | \r |
27 | #define IKEV2_CHILD_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'C')\r |
28 | #define IKEV2_CHILD_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_CHILD_SA_SESSION, SessionCommon, IKEV2_CHILD_SA_SESSION_SIGNATURE)\r |
29 | #define IKEV2_CHILD_SA_SESSION_BY_IKE_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByIkeSa, IKEV2_CHILD_SA_SESSION_SIGNATURE)\r |
30 | #define IKEV2_CHILD_SA_SESSION_BY_DEL_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByDelete, IKEV2_CHILD_SA_SESSION_SIGNATURE)\r |
31 | \r |
32 | #define IS_IKEV2_SA_SESSION(s) ((s)->Common.IkeSessionType == IkeSessionTypeIkeSa)\r |
33 | #define IKEV2_SA_FIRST_PROPOSAL(Sa) (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1)\r |
34 | #define IKEV2_NEXT_TRANSFORM_WITH_SIZE(Transform,TransformSize) \\r |
35 | (IKEV2_TRANSFORM *) ((UINT8 *)(Transform) + (TransformSize))\r |
36 | \r |
37 | #define IKEV2_NEXT_PROPOSAL_WITH_SIZE(Proposal, ProposalSize) \\r |
38 | (IKEV2_PROPOSAL *) ((UINT8 *)(Proposal) + (ProposalSize))\r |
39 | \r |
40 | #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \\r |
41 | (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \\r |
42 | (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))\r |
43 | #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \\r |
44 | (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \\r |
45 | (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))\r |
46 | \r |
47 | typedef enum {\r |
48 | IkeStateInit,\r |
49 | IkeStateAuth,\r |
50 | IkeStateIkeSaEstablished,\r |
51 | IkeStateCreateChild,\r |
52 | IkeStateSaRekeying,\r |
53 | IkeStateChildSaEstablished,\r |
54 | IkeStateSaDeleting,\r |
55 | IkeStateMaximum\r |
56 | } IKEV2_SESSION_STATE;\r |
57 | \r |
58 | typedef enum {\r |
59 | IkeRequestTypeCreateChildSa,\r |
60 | IkeRequestTypeRekeyChildSa,\r |
61 | IkeRequestTypeRekeyIkeSa,\r |
62 | IkeRequestTypeMaximum\r |
63 | } IKEV2_CREATE_CHILD_REQUEST_TYPE;\r |
64 | \r |
65 | typedef struct {\r |
66 | UINT8 *GxBuffer;\r |
67 | UINTN GxSize;\r |
68 | UINT8 *GyBuffer;\r |
69 | UINTN GySize;\r |
70 | UINT8 *GxyBuffer;\r |
71 | UINTN GxySize;\r |
72 | UINT8 *DhContext;\r |
73 | } IKEV2_DH_BUFFER;\r |
74 | \r |
75 | typedef struct {\r |
76 | IKEV2_DH_BUFFER *DhBuffer;\r |
77 | UINT8 *SkdKey;\r |
78 | UINTN SkdKeySize;\r |
79 | UINT8 *SkAiKey;\r |
80 | UINTN SkAiKeySize;\r |
81 | UINT8 *SkArKey;\r |
82 | UINTN SkArKeySize;\r |
83 | UINT8 *SkEiKey;\r |
84 | UINTN SkEiKeySize;\r |
85 | UINT8 *SkErKey;\r |
86 | UINTN SkErKeySize;\r |
87 | UINT8 *SkPiKey;\r |
88 | UINTN SkPiKeySize;\r |
89 | UINT8 *SkPrKey;\r |
90 | UINTN SkPrKeySize;\r |
91 | } IKEV2_SESSION_KEYS;\r |
92 | \r |
93 | typedef struct {\r |
94 | UINT16 LifeType;\r |
95 | UINT64 LifeDuration;\r |
96 | UINT16 EncAlgId;\r |
97 | UINTN EnckeyLen;\r |
98 | UINT16 Prf;\r |
99 | UINT16 IntegAlgId;\r |
100 | UINTN IntegKeyLen;\r |
101 | UINT16 DhGroup;\r |
102 | UINT8 ExtSeq;\r |
103 | } IKEV2_SA_PARAMS;\r |
104 | \r |
105 | //\r |
106 | // Internal Payload\r |
107 | //\r |
108 | typedef struct {\r |
109 | IKEV2_SA SaHeader;\r |
110 | UINTN NumProposals;\r |
111 | //\r |
112 | // IKE_PROPOSAL_DATA Proposals[1];\r |
113 | //\r |
114 | } IKEV2_SA_DATA;\r |
115 | \r |
116 | typedef struct {\r |
117 | UINT8 ProposalIndex;\r |
118 | UINT8 ProtocolId;\r |
119 | UINT8 *Spi;\r |
120 | UINT8 NumTransforms;\r |
121 | //\r |
122 | // IKE_TRANSFORM_DATA Transforms[1];\r |
123 | //\r |
124 | } IKEV2_PROPOSAL_DATA;\r |
125 | \r |
126 | typedef struct {\r |
127 | UINT8 TransformIndex;\r |
128 | UINT8 TransformType;\r |
129 | UINT16 TransformId;\r |
130 | IKE_SA_ATTRIBUTE Attribute;\r |
131 | } IKEV2_TRANSFORM_DATA;\r |
132 | \r |
133 | typedef struct {\r |
134 | UINT8 IkeVer;\r |
135 | IKE_SESSION_TYPE IkeSessionType;\r |
136 | BOOLEAN IsInitiator;\r |
137 | BOOLEAN IsOnDeleting; // Flag to indicate whether the SA is on deleting.\r |
138 | IKEV2_SESSION_STATE State;\r |
139 | EFI_EVENT TimeoutEvent;\r |
140 | UINT64 TimeoutInterval;\r |
141 | UINTN RetryCount;\r |
142 | IKE_PACKET *LastSentPacket;\r |
143 | IKEV2_SA_PARAMS *SaParams;\r |
144 | UINT16 PreferDhGroup;\r |
145 | EFI_IP_ADDRESS RemotePeerIp;\r |
146 | EFI_IP_ADDRESS LocalPeerIp;\r |
147 | IKE_ON_PAYLOAD_FROM_NET BeforeDecodePayload;\r |
148 | IKE_ON_PAYLOAD_FROM_NET AfterEncodePayload;\r |
149 | IKE_UDP_SERVICE *UdpService;\r |
150 | IPSEC_PRIVATE_DATA *Private;\r |
151 | } IKEV2_SESSION_COMMON;\r |
152 | \r |
153 | typedef struct {\r |
154 | UINT32 Signature;\r |
155 | IKEV2_SESSION_COMMON SessionCommon;\r |
156 | UINT64 InitiatorCookie;\r |
157 | UINT64 ResponderCookie;\r |
158 | //\r |
159 | // Initiator: SA proposals to be sent\r |
160 | // Responder: SA proposals to be matched\r |
161 | //\r |
162 | IKEV2_SA_DATA *SaData; // SA Private struct used for SA payload generation\r |
163 | IKEV2_SESSION_KEYS *IkeKeys;\r |
164 | UINT8 *NiBlock;\r |
165 | UINTN NiBlkSize;\r |
166 | UINT8 *NrBlock;\r |
167 | UINTN NrBlkSize;\r |
168 | UINT8 *NCookie; // Buffer Contains the Notify Cookie\r |
169 | UINTN NCookieSize; // Size of NCookie\r |
170 | IPSEC_PAD_ENTRY *Pad;\r |
171 | IPSEC_SPD_ENTRY *Spd; // SPD that requested the negotiation, TODO: better use SPD selector\r |
172 | LIST_ENTRY ChildSaSessionList;\r |
173 | LIST_ENTRY ChildSaEstablishSessionList; // For Establish Child SA.\r |
174 | LIST_ENTRY InfoMIDList; // For Information MID\r |
175 | LIST_ENTRY DeleteSaList; // For deteling Child SA.\r |
176 | UINT8 *InitPacket;\r |
177 | UINTN InitPacketSize;\r |
178 | UINT8 *RespPacket;\r |
179 | UINTN RespPacketSize;\r |
180 | UINT32 MessageId;\r |
181 | LIST_ENTRY BySessionTable; // Use for all IkeSaSession Links\r |
182 | } IKEV2_SA_SESSION;\r |
183 | \r |
184 | typedef struct {\r |
185 | UINT32 Signature;\r |
186 | IKEV2_SESSION_COMMON SessionCommon;\r |
187 | IKEV2_SA_SESSION *IkeSaSession;\r |
188 | UINT32 MessageId;\r |
189 | IKEV2_SA_DATA *SaData;\r |
190 | UINT8 IpsecProtocol;\r |
191 | UINT32 LocalPeerSpi;\r |
192 | UINT32 RemotePeerSpi;\r |
193 | UINT8 *NiBlock;\r |
194 | UINTN NiBlkSize;\r |
195 | UINT8 *NrBlock;\r |
196 | UINTN NrBlkSize;\r |
197 | SA_KEYMATS ChildKeymats;\r |
198 | IKEV2_DH_BUFFER *DhBuffer; //New DH exchnaged by CREATE_CHILD_SA\r |
199 | IPSEC_SPD_ENTRY *Spd;\r |
200 | EFI_IPSEC_SPD_SELECTOR *SpdSelector;\r |
201 | UINT16 ProtoId;\r |
202 | UINT16 RemotePort;\r |
203 | UINT16 LocalPort;\r |
204 | LIST_ENTRY ByIkeSa;\r |
205 | LIST_ENTRY ByDelete;\r |
206 | } IKEV2_CHILD_SA_SESSION;\r |
207 | \r |
208 | typedef enum {\r |
209 | Ikev2InfoNotify,\r |
210 | Ikev2InfoDelete,\r |
211 | Ikev2InfoLiveCheck\r |
212 | } IKEV2_INFO_TYPE;\r |
213 | \r |
214 | //\r |
215 | // This struct is used to pass the detail infromation to the InfoGenerator() for\r |
216 | // the response Information Exchange Message creatation.\r |
217 | //\r |
218 | typedef struct {\r |
219 | UINT32 MessageId;\r |
220 | IKEV2_INFO_TYPE InfoType;\r |
221 | } IKEV2_INFO_EXCHANGE_CONTEXT;\r |
222 | \r |
223 | typedef struct {\r |
224 | UINTN DataSize;\r |
225 | UINT8 *Data;\r |
226 | } PRF_DATA_FRAGMENT;\r |
227 | \r |
f75a7f56 |
228 | typedef\r |
9166f840 |
229 | IKE_PACKET *\r |
230 | (*IKEV2_PACKET_GENERATOR) (\r |
231 | IN UINT8 *SaSession,\r |
232 | IN VOID *Context\r |
233 | );\r |
234 | \r |
235 | typedef\r |
236 | EFI_STATUS\r |
237 | (*IKEV2_PACKET_PARSER) (\r |
238 | IN UINT8 *SaSession,\r |
239 | IN IKE_PACKET *IkePacket\r |
240 | );\r |
241 | \r |
242 | typedef struct {\r |
243 | IKEV2_PACKET_PARSER Parser;\r |
244 | IKEV2_PACKET_GENERATOR Generator;\r |
245 | } IKEV2_PACKET_HANDLER;\r |
246 | \r |
247 | extern IKEV2_PACKET_HANDLER mIkev2Initial[][2];\r |
248 | extern IKEV2_PACKET_HANDLER mIkev2CreateChild;\r |
249 | extern IKEV2_PACKET_HANDLER mIkev2Info;\r |
250 | \r |
251 | #endif\r |
252 | \r |