NetworkPkg: Clean up source files

[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Utility.h

/** @file\r
  The interfaces of IKE/Child session operations and payload related operations\r
  used by IKE Exchange Process.\r
\r
  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef _IKE_V2_UTILITY_H_\r
#define _IKE_V2_UTILITY_H_\r
\r
#include "Ikev2.h"\r
#include "IkeCommon.h"\r
#include "IpSecCryptIo.h"\r
\r
#include <Library/PcdLib.h>\r
\r
#define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM    2\r
#define IKEV2_SUPPORT_PRF_ALGORITHM_NUM        1\r
#define IKEV2_SUPPORT_DH_ALGORITHM_NUM         2\r
#define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM       1\r
\r
/**\r
  Allocate buffer for IKEV2_SA_SESSION and initialize it.\r
\r
  @param[in] Private        Pointer to IPSEC_PRIVATE_DATA.\r
  @param[in] UdpService     Pointer to IKE_UDP_SERVICE related to this IKE SA Session.\r
\r
  @return Pointer to IKEV2_SA_SESSION.\r
\r
**/\r
IKEV2_SA_SESSION *\r
Ikev2SaSessionAlloc (\r
  IN IPSEC_PRIVATE_DATA       *Private,\r
  IN IKE_UDP_SERVICE          *UdpService\r
  );\r
\r
/**\r
  Register Establish IKEv2 SA into Private->Ikev2EstablishedList.\r
\r
  @param[in]  IkeSaSession  Pointer to IKEV2_SA_SESSION to be registered.\r
  @param[in]  Private       Pointer to IPSEC_PRAVATE_DATA.\r
\r
**/\r
VOID\r
Ikev2SaSessionReg (\r
  IN IKEV2_SA_SESSION          *IkeSaSession,\r
  IN IPSEC_PRIVATE_DATA        *Private\r
  );\r
\r
/**\r
  Find a IKEV2_SA_SESSION by the remote peer IP.\r
\r
  @param[in]  SaSessionList     SaSession List to be searched.\r
  @param[in]  RemotePeerIp      Pointer to specified IP address.\r
\r
  @return Pointer to IKEV2_SA_SESSION if find one or NULL.\r
\r
**/\r
IKEV2_SA_SESSION *\r
Ikev2SaSessionLookup (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN EFI_IP_ADDRESS       *RemotePeerIp\r
  );\r
\r
/**\r
  Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either\r
  Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r
\r
  @param[in]  SaSessionList   Pointer to list to be inserted into.\r
  @param[in]  IkeSaSession    Pointer to IKEV2_SA_SESSION to be inserted.\r
  @param[in]  RemotePeerIp    Pointer to EFI_IP_ADDRESSS to indicate the\r
                              unique IKEV2_SA_SESSION.\r
\r
**/\r
VOID\r
Ikev2SaSessionInsert (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN IKEV2_SA_SESSION     *IkeSaSession,\r
  IN EFI_IP_ADDRESS       *RemotePeerIp\r
  );\r
\r
/**\r
  Remove the SA Session by Remote Peer IP.\r
\r
  @param[in]  SaSessionList   Pointer to list to be searched.\r
  @param[in]  RemotePeerIp    Pointer to EFI_IP_ADDRESS to use for SA Session search.\r
\r
  @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.\r
\r
**/\r
IKEV2_SA_SESSION *\r
Ikev2SaSessionRemove (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN EFI_IP_ADDRESS       *RemotePeerIp\r
  );\r
\r
\r
/**\r
  Marking a SA session as on deleting.\r
\r
  @param[in]  IkeSaSession  Pointer to IKEV2_SA_SESSION.\r
\r
  @retval     EFI_SUCCESS   Find the related SA session and marked it.\r
\r
**/\r
EFI_STATUS\r
Ikev2SaSessionOnDeleting (\r
  IN IKEV2_SA_SESSION          *IkeSaSession\r
  );\r
\r
/**\r
  After IKE/Child SA is estiblished, close the time event and free sent packet.\r
\r
  @param[in]   SessionCommon   Pointer to a Session Common.\r
\r
**/\r
VOID\r
Ikev2SessionCommonRefresh (\r
  IN IKEV2_SESSION_COMMON      *SessionCommon\r
  );\r
\r
/**\r
  Free specified IKEV2 SA Session.\r
\r
  @param[in]    IkeSaSession   Pointer to IKEV2_SA_SESSION to be freed.\r
\r
**/\r
VOID\r
Ikev2SaSessionFree (\r
  IN IKEV2_SA_SESSION         *IkeSaSession\r
  );\r
\r
/**\r
  Free specified Seession Common. The session common would belong to a IKE SA or\r
  a Child SA.\r
\r
  @param[in]   SessionCommon   Pointer to a Session Common.\r
\r
**/\r
VOID\r
Ikev2SaSessionCommonFree (\r
  IN IKEV2_SESSION_COMMON      *SessionCommon\r
  );\r
\r
/**\r
  Increase the MessageID in IkeSaSession.\r
\r
  @param[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.\r
\r
**/\r
VOID\r
Ikev2SaSessionIncreaseMessageId (\r
  IN IKEV2_SA_SESSION         *IkeSaSession\r
  );\r
\r
/**\r
  Allocate Momery for IKEV2 Child SA Session.\r
\r
  @param[in]   UdpService     Pointer to IKE_UDP_SERVICE.\r
  @param[in]   IkeSaSession   Pointer to IKEV2_SA_SESSION related to this Child SA\r
                              Session.\r
\r
  @retval  Pointer of a new created IKEV2 Child SA Session.\r
\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionAlloc (\r
  IN IKE_UDP_SERVICE          *UdpService,\r
  IN IKEV2_SA_SESSION         *IkeSaSession\r
  );\r
\r
/**\r
  Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.\r
  If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one\r
  then register the new one.\r
\r
  @param[in]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r
  @param[in]  Private         Pointer to IPSEC_PRAVATE_DATA.\r
\r
**/\r
VOID\r
Ikev2ChildSaSessionReg (\r
  IN IKEV2_CHILD_SA_SESSION    *ChildSaSession,\r
  IN IPSEC_PRIVATE_DATA        *Private\r
  );\r
\r
/**\r
  This function find the Child SA by the specified Spi.\r
\r
  This functin find a ChildSA session by searching the ChildSaSessionlist of\r
  the input IKEV2_SA_SESSION by specified MessageID.\r
\r
  @param[in]  SaSessionList      Pointer to List to be searched.\r
  @param[in]  Spi                Specified SPI.\r
\r
  @return Pointer to IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionLookupBySpi (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN UINT32               Spi\r
  );\r
\r
/**\r
  Find the ChildSaSession by it's MessagId.\r
\r
  @param[in] SaSessionList  Pointer to a ChildSaSession List.\r
  @param[in] Mid            The messageId used to search ChildSaSession.\r
\r
  @return Pointer to IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionLookupByMid (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN UINT32               Mid\r
  );\r
\r
/**\r
  Insert a Child SA Session into the specified ChildSa list..\r
\r
  @param[in]  SaSessionList   Pointer to list to be inserted in.\r
  @param[in]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION to be inserted.\r
\r
**/\r
VOID\r
Ikev2ChildSaSessionInsert (\r
  IN LIST_ENTRY               *SaSessionList,\r
  IN IKEV2_CHILD_SA_SESSION   *ChildSaSession\r
  );\r
\r
/**\r
  Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.\r
\r
  @param[in]  SaSessionList      The SA Session List to be iterated.\r
  @param[in]  Spi                Spi used to identify the IKEV2_CHILD_SA_SESSION.\r
  @param[in]  ListType           The type of the List to indicate whether it is a\r
                                 Established.\r
\r
  @return The point to IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionRemove (\r
  IN LIST_ENTRY           *SaSessionList,\r
  IN UINT32               Spi,\r
  IN UINT8                ListType\r
  );\r
\r
/**\r
  Mark a specified Child SA Session as on deleting.\r
\r
  @param[in]  ChildSaSession   Pointer to IKEV2_CHILD_SA_SESSION.\r
\r
  @retval     EFI_SUCCESS      Operation is successful.\r
\r
**/\r
EFI_STATUS\r
Ikev2ChildSaSessionOnDeleting (\r
  IN IKEV2_CHILD_SA_SESSION   *ChildSaSession\r
  );\r
\r
/**\r
  Free the memory located for the specified IKEV2_CHILD_SA_SESSION.\r
\r
  @param[in]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
VOID\r
Ikev2ChildSaSessionFree (\r
  IN IKEV2_CHILD_SA_SESSION   *ChildSaSession\r
  );\r
\r
/**\r
  Free the specified DhBuffer.\r
\r
  @param[in] DhBuffer   Pointer to IKEV2_DH_BUFFER to be freed.\r
\r
**/\r
VOID\r
Ikev2DhBufferFree (\r
  IN IKEV2_DH_BUFFER *DhBuffer\r
  );\r
\r
/**\r
  Delete the specified established Child SA.\r
\r
  This function delete the Child SA directly and dont send the Information Packet to\r
  remote peer.\r
\r
  @param[in]  IkeSaSession   Pointer to a IKE SA Session used to be searched for.\r
  @param[in]  Spi            SPI used to find the Child SA.\r
\r
  @retval     EFI_NOT_FOUND  Pointer of IKE SA Session is NULL.\r
  @retval     EFI_NOT_FOUND  There is no specified Child SA related with the input\r
                             SPI under this IKE SA Session.\r
  @retval     EFI_SUCCESS    Delete the Child SA successfully.\r
\r
**/\r
EFI_STATUS\r
Ikev2ChildSaSilentDelete (\r
  IN IKEV2_SA_SESSION       *IkeSaSession,\r
  IN UINT32                 Spi\r
  );\r
\r
/**\r
  This function is to parse a request IKE packet and return its request type.\r
  The request type is one of IKE CHILD SA creation, IKE SA rekeying and\r
  IKE CHILD SA rekeying.\r
\r
  @param[in] IkePacket  IKE packet to be prased.\r
\r
  return the type of the IKE packet.\r
\r
**/\r
IKEV2_CREATE_CHILD_REQUEST_TYPE\r
Ikev2ChildExchangeRequestType(\r
  IN IKE_PACKET               *IkePacket\r
  );\r
\r
/**\r
  This function finds the SPI from Create Child Sa Exchange Packet.\r
\r
  @param[in] IkePacket       Pointer to IKE_PACKET to be searched.\r
\r
  @retval SPI number.\r
\r
**/\r
UINT32\r
Ikev2ChildExchangeRekeySpi(\r
  IN IKE_PACKET               *IkePacket\r
  );\r
\r
\r
/**\r
  Associate a SPD selector to the Child SA Session.\r
\r
  This function is called when the Child SA is not the first child SA of its\r
  IKE SA. It associate a SPD to this Child SA.\r
\r
  @param[in, out]  ChildSaSession     Pointer to the Child SA Session to be associated to\r
                                      a SPD selector.\r
\r
  @retval EFI_SUCCESS        Associate one SPD selector to this Child SA Session successfully.\r
  @retval EFI_NOT_FOUND      Can't find the related SPD selector.\r
\r
**/\r
EFI_STATUS\r
Ikev2ChildSaAssociateSpdEntry (\r
  IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r
  );\r
\r
/**\r
  Validate the IKE header of received IKE packet.\r
\r
  @param[in]   IkeSaSession  Pointer to IKEV2_SA_SESSION related to this IKE packet.\r
  @param[in]   IkeHdr        Pointer to IKE header of received IKE packet.\r
\r
  @retval TRUE   If the IKE header is valid.\r
  @retval FALSE  If the IKE header is invalid.\r
\r
**/\r
BOOLEAN\r
Ikev2ValidateHeader (\r
  IN IKEV2_SA_SESSION         *IkeSaSession,\r
  IN IKE_HEADER               *IkeHdr\r
  );\r
\r
/**\r
  Create and intialize IKEV2_SA_DATA for speicifed IKEV2_SESSION_COMMON.\r
\r
  This function will be only called by the initiator. The responder's IKEV2_SA_DATA\r
  will be generated during parsed the initiator packet.\r
\r
  @param[in]  SessionCommon  Pointer to IKEV2_SESSION_COMMON related to.\r
\r
  @retval a Pointer to a new IKEV2_SA_DATA or NULL.\r
\r
**/\r
IKEV2_SA_DATA *\r
Ikev2InitializeSaData (\r
  IN IKEV2_SESSION_COMMON     *SessionCommon\r
  );\r
\r
/**\r
  Store the SA into SAD.\r
\r
  @param[in]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
VOID\r
Ikev2StoreSaData (\r
  IN IKEV2_CHILD_SA_SESSION   *ChildSaSession\r
  );\r
\r
/**\r
  Routine process before the payload decoding.\r
\r
  @param[in] SessionCommon  Pointer to ChildSa SessionCommon.\r
  @param[in] PayloadBuf     Pointer to the payload.\r
  @param[in] PayloadSize    Size of PayloadBuf in byte.\r
  @param[in] PayloadType    Type of Payload.\r
\r
**/\r
VOID\r
Ikev2ChildSaBeforeDecodePayload (\r
  IN UINT8 *SessionCommon,\r
  IN UINT8 *PayloadBuf,\r
  IN UINTN PayloadSize,\r
  IN UINT8 PayloadType\r
  );\r
\r
/**\r
  Routine Process after the encode payload.\r
\r
  @param[in] SessionCommon  Pointer to ChildSa SessionCommon.\r
  @param[in] PayloadBuf     Pointer to the payload.\r
  @param[in] PayloadSize    Size of PayloadBuf in byte.\r
  @param[in] PayloadType    Type of Payload.\r
\r
**/\r
VOID\r
Ikev2ChildSaAfterEncodePayload (\r
  IN UINT8 *SessionCommon,\r
  IN UINT8 *PayloadBuf,\r
  IN UINTN PayloadSize,\r
  IN UINT8 PayloadType\r
  );\r
\r
/**\r
  Generate Ikev2 SA payload according to SessionSaData\r
\r
  @param[in] SessionSaData   The data used in SA payload.\r
  @param[in] NextPayload     The payload type presented in NextPayload field of\r
                             SA Payload header.\r
  @param[in] Type            The SA type. It MUST be neither (1) for IKE_SA or\r
                             (2) for CHILD_SA or (3) for INFO.\r
\r
  @retval a Pointer to SA IKE payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateSaPayload (\r
  IN IKEV2_SA_DATA    *SessionSaData,\r
  IN UINT8            NextPayload,\r
  IN IKE_SESSION_TYPE Type\r
  );\r
\r
/**\r
  Generate a ID payload.\r
\r
  @param[in] CommonSession   Pointer to IKEV2_SESSION_COMMON related to ID payload.\r
  @param[in] NextPayload     The payload type presented in the NextPayload field\r
                             of ID Payload header.\r
\r
  @retval Pointer to ID IKE payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateIdPayload (\r
  IN IKEV2_SESSION_COMMON *CommonSession,\r
  IN UINT8                NextPayload\r
  );\r
\r
/**\r
  Generate a ID payload.\r
\r
  @param[in] CommonSession   Pointer to IKEV2_SESSION_COMMON related to ID payload.\r
  @param[in] NextPayload     The payload type presented in the NextPayload field\r
                             of ID Payload header.\r
  @param[in] InCert          Pointer to the Certificate which distinguished name\r
                             will be added into the Id payload.\r
  @param[in] CertSize        Size of the Certificate.\r
\r
  @retval Pointer to ID IKE payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateCertIdPayload (\r
  IN IKEV2_SESSION_COMMON *CommonSession,\r
  IN UINT8                NextPayload,\r
  IN UINT8                *InCert,\r
  IN UINTN                CertSize\r
  );\r
\r
/**\r
  Generate a Nonce payload contenting the input parameter NonceBuf.\r
\r
  @param[in]  NonceBuf       The nonce buffer content the whole Nonce payload block\r
                            except the payload header.\r
  @param[in]  NonceSize      The buffer size of the NonceBuf\r
  @param[in]  NextPayload   The payload type presented in the NextPayload field\r
                            of Nonce Payload header.\r
\r
  @retval Pointer to Nonce IKE paload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateNoncePayload (\r
  IN UINT8            *NonceBuf,\r
  IN UINTN            NonceSize,\r
  IN UINT8            NextPayload\r
  );\r
\r
/**\r
  Generate the Notify payload.\r
\r
  Since the structure of Notify payload which defined in RFC 4306 is simple, so\r
  there is no internal data structure for Notify payload. This function generate\r
  Notify payload defined in RFC 4306, but all the fields in this payload are still\r
  in host order and need call Ikev2EncodePayload() to convert those fields from\r
  the host order to network order beforing sending it.\r
\r
  @param[in]  ProtocolId        The protocol type ID. For IKE_SA it MUST be one (1).\r
                                For IPsec SAs it MUST be neither (2) for AH or (3)\r
                                for ESP.\r
  @param[in]  NextPayload       The next paylaod type in NextPayload field of\r
                                the Notify payload.\r
  @param[in]  SpiSize           Size of the SPI in SPI size field of the Notify Payload.\r
  @param[in]  MessageType       The message type in NotifyMessageType field of the\r
                                Notify Payload.\r
  @param[in]  SpiBuf            Pointer to buffer contains the SPI value.\r
  @param[in]  NotifyData        Pointer to buffer contains the notification data.\r
  @param[in]  NotifyDataSize    The size of NotifyData in bytes.\r
\r
\r
  @retval Pointer to IKE Notify Payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateNotifyPayload (\r
  IN UINT8            ProtocolId,\r
  IN UINT8            NextPayload,\r
  IN UINT8            SpiSize,\r
  IN UINT16           MessageType,\r
  IN UINT8            *SpiBuf,\r
  IN UINT8            *NotifyData,\r
  IN UINTN            NotifyDataSize\r
  );\r
\r
/**\r
  Generate the Delete payload.\r
\r
  Since the structure of Delete payload which defined in RFC 4306 is simple,\r
  there is no internal data structure for Delete payload. This function generate\r
  Delete payload defined in RFC 4306, but all the fields in this payload are still\r
  in host order and need call Ikev2EncodePayload() to convert those fields from\r
  the host order to network order beforing sending it.\r
\r
  @param[in]  IkeSaSession      Pointer to IKE SA Session to be used of Delete payload generation.\r
  @param[in]  NextPayload       The next paylaod type in NextPayload field of\r
                                the Delete payload.\r
  @param[in]  SpiSize           Size of the SPI in SPI size field of the Delete Payload.\r
  @param[in]  SpiNum            Number of SPI in NumofSPIs field of the Delete Payload.\r
  @param[in]  SpiBuf            Pointer to buffer contains the SPI value.\r
\r
  @retval Pointer to IKE Delete Payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateDeletePayload (\r
  IN IKEV2_SA_SESSION  *IkeSaSession,\r
  IN UINT8             NextPayload,\r
  IN UINT8             SpiSize,\r
  IN UINT16            SpiNum,\r
  IN UINT8             *SpiBuf\r
  );\r
\r
/**\r
  Generate the Configuration payload.\r
\r
  This function generates a configuration payload defined in RFC 4306, but all the\r
  fields in this payload are still in host order and need call Ikev2EncodePayload()\r
  to convert those fields from the host order to network order beforing sending it.\r
\r
  @param[in]  IkeSaSession      Pointer to IKE SA Session to be used for Delete payload\r
                                generation.\r
  @param[in]  NextPayload       The next paylaod type in NextPayload field of\r
                                the Delete payload.\r
  @param[in]  CfgType           The attribute type in the Configuration attribute.\r
\r
  @retval Pointer to IKE CP Payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateCpPayload (\r
  IN IKEV2_SA_SESSION  *IkeSaSession,\r
  IN UINT8             NextPayload,\r
  IN UINT8             CfgType\r
  );\r
\r
/**\r
  Generate a Authentication Payload.\r
\r
  This function is used for both Authentication generation and verification. When the\r
  IsVerify is TRUE, it create a Auth Data for verification. This function choose the\r
  related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r
  and the value of IsVerify parameter.\r
\r
  @param[in]  IkeSaSession  Pointer to IKEV2_SA_SESSION related to.\r
  @param[in]  IdPayload     Pointer to the ID payload to be used for Authentication\r
                            payload generation.\r
  @param[in]  NextPayload   The type filled into the Authentication Payload next\r
                            payload field.\r
  @param[in]  IsVerify      If it is TURE, the Authentication payload is used for\r
                            verification.\r
\r
  @return pointer to IKE Authentication payload for pre-shard key method.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2PskGenerateAuthPayload (\r
  IN IKEV2_SA_SESSION *IkeSaSession,\r
  IN IKE_PAYLOAD      *IdPayload,\r
  IN UINT8            NextPayload,\r
  IN BOOLEAN          IsVerify\r
  );\r
\r
/**\r
  Generate a Authentication Payload for Certificate Auth method.\r
\r
  This function has two functions. One is creating a local Authentication\r
  Payload for sending and other is creating the remote Authentication data\r
  for verification when the IsVerify is TURE.\r
\r
  @param[in]  IkeSaSession      Pointer to IKEV2_SA_SESSION related to.\r
  @param[in]  IdPayload         Pointer to the ID payload to be used for Authentication\r
                                payload generation.\r
  @param[in]  NextPayload       The type filled into the Authentication Payload\r
                                next payload field.\r
  @param[in]  IsVerify          If it is TURE, the Authentication payload is used\r
                                for verification.\r
  @param[in]  UefiPrivateKey    Pointer to the UEFI private key. Ignore it when\r
                                verify the authenticate payload.\r
  @param[in]  UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it\r
                                when verify the authenticate payload.\r
  @param[in]  UefiKeyPwd        Pointer to the password of UEFI private key.\r
                                Ignore it when verify the authenticate payload.\r
  @param[in]  UefiKeyPwdLen     The size of UefiKeyPwd in bytes.Ignore it when\r
                                verify the authenticate payload.\r
\r
  @return pointer to IKE Authentication payload for certification method.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2CertGenerateAuthPayload (\r
  IN IKEV2_SA_SESSION *IkeSaSession,\r
  IN IKE_PAYLOAD      *IdPayload,\r
  IN UINT8            NextPayload,\r
  IN BOOLEAN          IsVerify,\r
  IN UINT8            *UefiPrivateKey,\r
  IN UINTN            UefiPrivateKeyLen,\r
  IN UINT8            *UefiKeyPwd,\r
  IN UINTN            UefiKeyPwdLen\r
  );\r
\r
/**\r
  Generate TS payload.\r
\r
  This function generates TSi or TSr payload according to type of next payload.\r
  If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r
  TSr payload\r
\r
  @param[in] ChildSa        Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.\r
  @param[in] NextPayload    The payload type presented in the NextPayload field\r
                            of ID Payload header.\r
  @param[in] IsTunnel       It indicates that if the Ts Payload is after the CP payload.\r
                            If yes, it means the Tsi and Tsr payload should be with\r
                            Max port range and address range and protocol is marked\r
                            as zero.\r
\r
  @retval Pointer to Ts IKE payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateTsPayload (\r
  IN IKEV2_CHILD_SA_SESSION *ChildSa,\r
  IN UINT8                  NextPayload,\r
  IN BOOLEAN                IsTunnel\r
  );\r
\r
/**\r
  Parser the Notify Cookie payload.\r
\r
  This function parses the Notify Cookie payload.If the Notify ProtocolId is not\r
  IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r
  the COOKIE, return EFI_INVALID_PARAMETER.\r
\r
  @param[in]      IkeNCookie    Pointer to the IKE_PAYLOAD which contians the\r
                                Notify Cookie payload.\r
                                the Notify payload.\r
  @param[in, out] IkeSaSession  Pointer to the relevant IKE SA Session.\r
\r
  @retval EFI_SUCCESS           The Notify Cookie Payload is valid.\r
  @retval EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.\r
  @retval EFI_OUT_OF_RESOURCE   The required resource can't be allocated.\r
\r
**/\r
EFI_STATUS\r
Ikev2ParserNotifyCookiePayload (\r
  IN     IKE_PAYLOAD      *IkeNCookie,\r
  IN OUT IKEV2_SA_SESSION *IkeSaSession\r
  );\r
\r
/**\r
  Generate the Certificate payload or Certificate Request Payload.\r
\r
  Since the Certificate Payload structure is same with Certificate Request Payload,\r
  the only difference is that one contains the Certificate Data, other contains\r
  the acceptable certificateion CA. This function generate Certificate payload\r
  or Certificate Request Payload defined in RFC 4306, but all the fields\r
  in the payload are still in host order and need call Ikev2EncodePayload()\r
  to convert those fields from the host order to network order beforing sending it.\r
\r
  @param[in]  IkeSaSession      Pointer to IKE SA Session to be used of Delete payload\r
                                generation.\r
  @param[in]  NextPayload       The next paylaod type in NextPayload field of\r
                                the Delete payload.\r
  @param[in]  Certificate       Pointer of buffer contains the certification data.\r
  @param[in]  CertificateLen    The length of Certificate in byte.\r
  @param[in]  EncodeType        Specified the Certificate Encodeing which is defined\r
                                in RFC 4306.\r
  @param[in]  IsRequest         To indicate create Certificate Payload or Certificate\r
                                Request Payload. If it is TURE, create Certificate\r
                                Request Payload. Otherwise, create Certificate Payload.\r
\r
  @retval  a Pointer to IKE Payload whose payload buffer containing the Certificate\r
           payload or Certificated Request payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateCertificatePayload (\r
  IN IKEV2_SA_SESSION  *IkeSaSession,\r
  IN UINT8             NextPayload,\r
  IN UINT8             *Certificate,\r
  IN UINTN             CertificateLen,\r
  IN UINT8             EncodeType,\r
  IN BOOLEAN           IsRequest\r
  );\r
\r
/**\r
  General interface of payload encoding.\r
\r
  This function encode the internal data structure into payload which\r
  is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input\r
  payload and converted payload. Only the SA payload use the interal structure\r
  to store the attribute. Other payload use structure which is same with the RFC\r
  defined, for this kind payloads just do host order to network order change of\r
  some fields.\r
\r
  @param[in]      SessionCommon       Pointer to IKE Session Common used to encode the payload.\r
  @param[in, out] IkePayload          Pointer to IKE payload to be encode as input, and\r
                                      store the encoded result as output.\r
\r
  @retval EFI_INVALID_PARAMETER  Meet error when encode the SA payload.\r
  @retval EFI_SUCCESS            Encode successfully.\r
\r
**/\r
EFI_STATUS\r
Ikev2EncodePayload (\r
  IN     UINT8          *SessionCommon,\r
  IN OUT IKE_PAYLOAD    *IkePayload\r
  );\r
\r
/**\r
  The general interface of decode Payload.\r
\r
  This function convert the received Payload into internal structure.\r
\r
  @param[in]      SessionCommon     Pointer to IKE Session Common to use for decoding.\r
  @param[in, out] IkePayload        Pointer to IKE payload to be decode as input, and\r
                                    store the decoded result as output.\r
\r
  @retval EFI_INVALID_PARAMETER  Meet error when decode the SA payload.\r
  @retval EFI_SUCCESS            Decode successfully.\r
\r
**/\r
EFI_STATUS\r
Ikev2DecodePayload (\r
  IN     UINT8       *SessionCommon,\r
  IN OUT IKE_PAYLOAD *IkePayload\r
  );\r
\r
/**\r
  Decrypt IKE packet.\r
\r
  This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.\r
\r
  @param[in]      SessionCommon       Pointer to IKEV2_SESSION_COMMON containing\r
                                      some parameter used during decrypting.\r
  @param[in, out] IkePacket           Point to IKE_PACKET to be decrypted as input,\r
                                      and the decrypted reslult as output.\r
  @param[in, out] IkeType             The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
                                      IKE_CHILD_TYPE are supportted.\r
\r
  @retval EFI_INVALID_PARAMETER      If the IKE packet length is zero or the\r
                                     IKE packet length is not Algorithm Block Size\r
                                     alignment.\r
  @retval EFI_SUCCESS                Decrypt IKE packet successfully.\r
\r
**/\r
EFI_STATUS\r
Ikev2DecryptPacket (\r
  IN     IKEV2_SESSION_COMMON *SessionCommon,\r
  IN OUT IKE_PACKET           *IkePacket,\r
  IN OUT UINTN                IkeType\r
  );\r
\r
/**\r
  Encrypt IKE packet.\r
\r
  This function encrypt IKE packet before sending it. The Encrypted IKE packet\r
  is put in to IKEV2 Encrypted Payload.\r
\r
  @param[in]        SessionCommon     Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r
  @param[in, out]   IkePacket         Pointer to IKE packet to be encrypted.\r
\r
  @retval      EFI_SUCCESS       Operation is successful.\r
  @retval      Others            OPeration is failed.\r
\r
**/\r
EFI_STATUS\r
Ikev2EncryptPacket (\r
  IN     IKEV2_SESSION_COMMON *SessionCommon,\r
  IN OUT IKE_PACKET           *IkePacket\r
  );\r
\r
/**\r
  Encode the IKE packet.\r
\r
  This function put all Payloads into one payload then encrypt it if needed.\r
\r
  @param[in]      SessionCommon      Pointer to IKEV2_SESSION_COMMON containing\r
                                     some parameter used during IKE packet encoding.\r
  @param[in, out] IkePacket          Pointer to IKE_PACKET to be encoded as input,\r
                                     and the encoded reslult as output.\r
  @param[in]      IkeType            The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
                                     IKE_CHILD_TYPE are supportted.\r
\r
  @retval         EFI_SUCCESS        Encode IKE packet successfully.\r
  @retval         Otherwise          Encode IKE packet failed.\r
\r
**/\r
EFI_STATUS\r
Ikev2EncodePacket (\r
  IN     IKEV2_SESSION_COMMON *SessionCommon,\r
  IN OUT IKE_PACKET           *IkePacket,\r
  IN     UINTN                IkeType\r
  );\r
\r
/**\r
  Decode the IKE packet.\r
\r
  This function first decrypts the IKE packet if needed , then separats the whole\r
  IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.\r
\r
  @param[in]      SessionCommon          Pointer to IKEV1_SESSION_COMMON containing\r
                                         some parameter used by IKE packet decoding.\r
  @param[in, out] IkePacket              The IKE Packet to be decoded on input, and\r
                                         the decoded result on return.\r
  @param[in]      IkeType                The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
                                         IKE_CHILD_TYPE are supportted.\r
\r
  @retval         EFI_SUCCESS            The IKE packet is decoded successfull.\r
  @retval         Otherwise              The IKE packet decoding is failed.\r
\r
**/\r
EFI_STATUS\r
Ikev2DecodePacket (\r
  IN     IKEV2_SESSION_COMMON  *SessionCommon,\r
  IN OUT IKE_PACKET            *IkePacket,\r
  IN     UINTN                 IkeType\r
  );\r
\r
/**\r
  Save some useful payloads after accepting the Packet.\r
\r
  @param[in] SessionCommon   Pointer to IKEV2_SESSION_COMMON related to the operation.\r
  @param[in] IkePacket       Pointer to received IkePacet.\r
  @param[in] IkeType         The type used to indicate it is in IkeSa or ChildSa or Info\r
                             exchange.\r
\r
**/\r
VOID\r
Ikev2OnPacketAccepted (\r
  IN IKEV2_SESSION_COMMON *SessionCommon,\r
  IN IKE_PACKET           *IkePacket,\r
  IN UINT8                IkeType\r
  );\r
\r
/**\r
  Send out IKEV2 packet.\r
\r
  @param[in]  IkeUdpService     Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r
  @param[in]  SessionCommon     Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r
  @param[in]  IkePacket         Pointer to IKE_PACKET to be sent out.\r
  @param[in]  IkeType           The type of IKE to point what's kind of the IKE\r
                                packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE\r
                                and IKE_CHILD_TYPE are supportted.\r
\r
  @retval     EFI_SUCCESS       The operation complete successfully.\r
  @retval     Otherwise         The operation is failed.\r
\r
**/\r
EFI_STATUS\r
Ikev2SendIkePacket (\r
  IN IKE_UDP_SERVICE    *IkeUdpService,\r
  IN UINT8              *SessionCommon,\r
  IN IKE_PACKET         *IkePacket,\r
  IN UINTN              IkeType\r
  );\r
\r
/**\r
  Callback function for the IKE life time is over.\r
\r
  This function will mark the related IKE SA Session as deleting and trigger a\r
  Information negotiation.\r
\r
  @param[in]    Event     The time out event.\r
  @param[in]    Context   Pointer to data passed by caller.\r
\r
**/\r
VOID\r
EFIAPI\r
Ikev2LifetimeNotify (\r
  IN EFI_EVENT                Event,\r
  IN VOID                     *Context\r
  );\r
\r
/**\r
  This function will be called if the TimeOut Event is signaled.\r
\r
  @param[in]  Event      The signaled Event.\r
  @param[in]  Context    The data passed by caller.\r
\r
**/\r
VOID\r
EFIAPI\r
Ikev2ResendNotify (\r
  IN EFI_EVENT                 Event,\r
  IN VOID                      *Context\r
  );\r
\r
/**\r
  Generate a Key Exchange payload according to the DH group type and save the\r
  public Key into IkeSaSession IkeKey field.\r
\r
  @param[in, out] IkeSaSession    Pointer of the IKE_SA_SESSION.\r
  @param[in]      NextPayload     The payload type presented in the NextPayload field of Key\r
                                  Exchange Payload header.\r
\r
  @retval Pointer to Key IKE payload.\r
\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateKePayload (\r
  IN OUT IKEV2_SA_SESSION *IkeSaSession,\r
  IN     UINT8            NextPayload\r
  );\r
\r
/**\r
  Check if the SPD is related to the input Child SA Session.\r
\r
  This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r
  back function of IpSecVisitConfigData().\r
\r
\r
  @param[in]  Type               Type of the input Config Selector.\r
  @param[in]  Selector           Pointer to the Configure Selector to be checked.\r
  @param[in]  Data               Pointer to the Configure Selector's Data passed\r
                                 from the caller.\r
  @param[in]  SelectorSize       The buffer size of Selector.\r
  @param[in]  DataSize           The buffer size of the Data.\r
  @param[in]  Context            The data passed from the caller. It is a Child\r
                                 SA Session in this context.\r
\r
  @retval EFI_SUCCESS        The SPD Selector is not related to the Child SA Session.\r
  @retval EFI_ABORTED        The SPD Selector is related to the Child SA session and\r
                             set the ChildSaSession->Spd to point to this SPD Selector.\r
\r
**/\r
EFI_STATUS\r
Ikev2MatchSpdEntry (\r
  IN EFI_IPSEC_CONFIG_DATA_TYPE     Type,\r
  IN EFI_IPSEC_CONFIG_SELECTOR      *Selector,\r
  IN VOID                           *Data,\r
  IN UINTN                          SelectorSize,\r
  IN UINTN                          DataSize,\r
  IN VOID                           *Context\r
  );\r
\r
/**\r
  Check if the Algorithm ID is supported.\r
\r
  @param[in]  AlgorithmId The specified Algorithm ID.\r
  @param[in]  Type        The type used to indicate the Algorithm is for Encrypt or\r
                          Authentication.\r
\r
  @retval     TRUE        If the Algorithm ID is supported.\r
  @retval     FALSE       If the Algorithm ID is not supported.\r
\r
**/\r
BOOLEAN\r
Ikev2IsSupportAlg (\r
  IN UINT16 AlgorithmId,\r
  IN UINT8  Type\r
  );\r
\r
/**\r
  Generate a ChildSa Session and insert it into related IkeSaSession.\r
\r
  @param[in]  IkeSaSession    Pointer to related IKEV2_SA_SESSION.\r
  @param[in]  UdpService      Pointer to related IKE_UDP_SERVICE.\r
\r
  @return pointer of IKEV2_CHILD_SA_SESSION.\r
\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionCreate (\r
  IN IKEV2_SA_SESSION   *IkeSaSession,\r
  IN IKE_UDP_SERVICE     *UdpService\r
  ) ;\r
\r
/**\r
  Parse the received Initial Exchange Packet.\r
\r
  This function parse the SA Payload and Key Payload to find out the cryptographic\r
  suite for the further IKE negotiation and fill it into the IKE SA Session's\r
  CommonSession->SaParams.\r
\r
  @param[in, out]  IkeSaSession  Pointer to related IKEV2_SA_SESSION.\r
  @param[in]       SaPayload     The received packet.\r
  @param[in]       Type          The received packet IKE header flag.\r
\r
  @retval          TRUE          If the SA proposal in Packet is acceptable.\r
  @retval          FALSE         If the SA proposal in Packet is not acceptable.\r
\r
**/\r
BOOLEAN\r
Ikev2SaParseSaPayload (\r
  IN OUT IKEV2_SA_SESSION *IkeSaSession,\r
  IN     IKE_PAYLOAD      *SaPayload,\r
  IN     UINT8            Type\r
  );\r
\r
/**\r
  Parse the received Authentication Exchange Packet.\r
\r
  This function parse the SA Payload and Key Payload to find out the cryptographic\r
  suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r
\r
  @param[in, out]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION related to\r
                                   this Authentication Exchange.\r
  @param[in]       SaPayload       The received packet.\r
  @param[in]       Type            The IKE header's flag of received packet .\r
\r
  @retval          TRUE            If the SA proposal in Packet is acceptable.\r
  @retval          FALSE           If the SA proposal in Packet is not acceptable.\r
\r
**/\r
BOOLEAN\r
Ikev2ChildSaParseSaPayload (\r
  IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession,\r
  IN     IKE_PAYLOAD            *SaPayload,\r
  IN     UINT8                  Type\r
  );\r
\r
/**\r
  Generate Key buffer from fragments.\r
\r
  If the digest length of specified HashAlgId is larger than or equal with the\r
  required output key length, derive the key directly. Otherwise, Key Material\r
  needs to be PRF-based concatenation according to 2.13 of RFC 4306:\r
  prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r
  T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r
  then derive the key from this key material.\r
\r
  @param[in]       HashAlgId        The Hash Algorithm ID used to generate key.\r
  @param[in]       HashKey          Pointer to a key buffer which contains hash key.\r
  @param[in]       HashKeyLength    The length of HashKey in bytes.\r
  @param[in, out]  OutputKey        Pointer to buffer which is used to receive the\r
                                    output key.\r
  @param[in]       OutputKeyLength  The length of OutPutKey buffer.\r
  @param[in]       Fragments        Pointer to the data to be used to generate key.\r
  @param[in]       NumFragments     The numbers of the Fragement.\r
\r
  @retval EFI_SUCCESS            The operation complete successfully.\r
  @retval EFI_INVALID_PARAMETER  If NumFragments is zero.\r
  @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.\r
  @retval Others                 The operation is failed.\r
\r
**/\r
EFI_STATUS\r
Ikev2SaGenerateKey (\r
  IN     UINT8                 HashAlgId,\r
  IN     UINT8                 *HashKey,\r
  IN     UINTN                 HashKeyLength,\r
  IN OUT UINT8                 *OutputKey,\r
  IN     UINTN                 OutputKeyLength,\r
  IN     PRF_DATA_FRAGMENT    *Fragments,\r
  IN     UINTN                 NumFragments\r
  );\r
\r
/**\r
  Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r
\r
  ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r
  the SpdSelector in ChildSaSession is more accurated or the scope is smaller\r
  than the one in ChildSaSession->Spd, especially for the tunnel mode.\r
\r
  @param[in, out]  ChildSaSession  Pointer to IKEV2_CHILD_SA_SESSION related to.\r
\r
  @retval EFI_SUCCESS            The operation complete successfully.\r
  @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.\r
\r
**/\r
EFI_STATUS\r
Ikev2ChildSaSessionSpdSelectorCreate (\r
  IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r
  );\r
\r
extern IKE_ALG_GUID_INFO mIPsecEncrAlgInfo[];\r
#endif\r
\r