]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/Ikev2/Ikev2.h
projects / mirror_edk2.git / blob
? search:


268464b5ccc37fb51d86b2c80ae43a8076f4c04c
[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Ikev2.h
1 /** @file
2 IKEv2 related definitions.
3
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15 #ifndef _IKE_V2_H_
16 #define _IKE_V2_H_
17
18 #include "Ike.h"
19 #include "Payload.h"
20
21 #define IKEV2_TS_ANY_PORT 0xffff
22 #define IKEV2_TS_ANY_PROTOCOL 0
23
24 #define IKEV2_DELET_CHILDSA_LIST 0
25 #define IKEV2_ESTABLISHING_CHILDSA_LIST 1
26 #define IKEV2_ESTABLISHED_CHILDSA_LIST 2
27
28 #define IKEV2_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'I')
29 #define IKEV2_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_SA_SESSION, SessionCommon, IKEV2_SA_SESSION_SIGNATURE)
30 #define IKEV2_SA_SESSION_BY_SESSION(a) CR (a, IKEV2_SA_SESSION, BySessionTable, IKEV2_SA_SESSION_SIGNATURE)
31 #define IKEV2_SA_SESSION_BY_ESTABLISHED(a) CR (a, IKEV2_SA_SESSION, ByEstablishedTable, IKEV2_SA_SESSION_SIGNATURE)
32
33 #define IKEV2_CHILD_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'C')
34 #define IKEV2_CHILD_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_CHILD_SA_SESSION, SessionCommon, IKEV2_CHILD_SA_SESSION_SIGNATURE)
35 #define IKEV2_CHILD_SA_SESSION_BY_IKE_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByIkeSa, IKEV2_CHILD_SA_SESSION_SIGNATURE)
36 #define IKEV2_CHILD_SA_SESSION_BY_DEL_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByDelete, IKEV2_CHILD_SA_SESSION_SIGNATURE)
37
38 #define IS_IKEV2_SA_SESSION(s) ((s)->Common.IkeSessionType == IkeSessionTypeIkeSa)
39 #define IKEV2_SA_FIRST_PROPOSAL(Sa) (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1)
40 #define IKEV2_NEXT_TRANSFORM_WITH_SIZE(Transform,TransformSize) \
41 (IKEV2_TRANSFORM *) ((UINT8 *)(Transform) + (TransformSize))
42
43 #define IKEV2_NEXT_PROPOSAL_WITH_SIZE(Proposal, ProposalSize) \
44 (IKEV2_PROPOSAL *) ((UINT8 *)(Proposal) + (ProposalSize))
45
46 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \
47 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
48 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
49 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \
50 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
51 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
52
53 typedef enum {
54 IkeStateInit,
55 IkeStateAuth,
56 IkeStateIkeSaEstablished,
57 IkeStateCreateChild,
58 IkeStateSaRekeying,
59 IkeStateChildSaEstablished,
60 IkeStateSaDeleting,
61 IkeStateMaximum
62 } IKEV2_SESSION_STATE;
63
64 typedef enum {
65 IkeRequestTypeCreateChildSa,
66 IkeRequestTypeRekeyChildSa,
67 IkeRequestTypeRekeyIkeSa,
68 IkeRequestTypeMaximum
69 } IKEV2_CREATE_CHILD_REQUEST_TYPE;
70
71 typedef struct {
72 UINT8 *GxBuffer;
73 UINTN GxSize;
74 UINT8 *GyBuffer;
75 UINTN GySize;
76 UINT8 *GxyBuffer;
77 UINTN GxySize;
78 UINT8 *DhContext;
79 } IKEV2_DH_BUFFER;
80
81 typedef struct {
82 IKEV2_DH_BUFFER *DhBuffer;
83 UINT8 *SkdKey;
84 UINTN SkdKeySize;
85 UINT8 *SkAiKey;
86 UINTN SkAiKeySize;
87 UINT8 *SkArKey;
88 UINTN SkArKeySize;
89 UINT8 *SkEiKey;
90 UINTN SkEiKeySize;
91 UINT8 *SkErKey;
92 UINTN SkErKeySize;
93 UINT8 *SkPiKey;
94 UINTN SkPiKeySize;
95 UINT8 *SkPrKey;
96 UINTN SkPrKeySize;
97 } IKEV2_SESSION_KEYS;
98
99 typedef struct {
100 UINT16 LifeType;
101 UINT64 LifeDuration;
102 UINT16 EncAlgId;
103 UINTN EnckeyLen;
104 UINT16 Prf;
105 UINT16 IntegAlgId;
106 UINTN IntegKeyLen;
107 UINT16 DhGroup;
108 UINT8 ExtSeq;
109 } IKEV2_SA_PARAMS;
110
111 //
112 // Internal Payload
113 //
114 typedef struct {
115 IKEV2_SA SaHeader;
116 UINTN NumProposals;
117 //
118 // IKE_PROPOSAL_DATA Proposals[1];
119 //
120 } IKEV2_SA_DATA;
121
122 typedef struct {
123 UINT8 ProposalIndex;
124 UINT8 ProtocolId;
125 UINT8 *Spi;
126 UINT8 NumTransforms;
127 //
128 // IKE_TRANSFORM_DATA Transforms[1];
129 //
130 } IKEV2_PROPOSAL_DATA;
131
132 typedef struct {
133 UINT8 TransformIndex;
134 UINT8 TransformType;
135 UINT16 TransformId;
136 IKE_SA_ATTRIBUTE Attribute;
137 } IKEV2_TRANSFORM_DATA;
138
139 typedef struct {
140 UINT8 IkeVer;
141 IKE_SESSION_TYPE IkeSessionType;
142 BOOLEAN IsInitiator;
143 BOOLEAN IsOnDeleting; // Flag to indicate whether the SA is on deleting.
144 IKEV2_SESSION_STATE State;
145 EFI_EVENT TimeoutEvent;
146 UINT64 TimeoutInterval;
147 UINTN RetryCount;
148 IKE_PACKET *LastSentPacket;
149 IKEV2_SA_PARAMS *SaParams;
150 UINT16 PreferDhGroup;
151 EFI_IP_ADDRESS RemotePeerIp;
152 EFI_IP_ADDRESS LocalPeerIp;
153 IKE_ON_PAYLOAD_FROM_NET BeforeDecodePayload;
154 IKE_ON_PAYLOAD_FROM_NET AfterEncodePayload;
155 IKE_UDP_SERVICE *UdpService;
156 IPSEC_PRIVATE_DATA *Private;
157 } IKEV2_SESSION_COMMON;
158
159 typedef struct {
160 UINT32 Signature;
161 IKEV2_SESSION_COMMON SessionCommon;
162 UINT64 InitiatorCookie;
163 UINT64 ResponderCookie;
164 //
165 // Initiator: SA proposals to be sent
166 // Responder: SA proposals to be matched
167 //
168 IKEV2_SA_DATA *SaData; // SA Private struct used for SA payload generation
169 IKEV2_SESSION_KEYS *IkeKeys;
170 UINT8 *NiBlock;
171 UINTN NiBlkSize;
172 UINT8 *NrBlock;
173 UINTN NrBlkSize;
174 UINT8 *NCookie; // Buffer Contains the Notify Cookie
175 UINTN NCookieSize; // Size of NCookie
176 IPSEC_PAD_ENTRY *Pad;
177 IPSEC_SPD_ENTRY *Spd; // SPD that requested the negotiation, TODO: better use SPD selector
178 LIST_ENTRY ChildSaSessionList;
179 LIST_ENTRY ChildSaEstablishSessionList; // For Establish Child SA.
180 LIST_ENTRY InfoMIDList; // For Information MID
181 LIST_ENTRY DeleteSaList; // For deteling Child SA.
182 UINT8 *InitPacket;
183 UINTN InitPacketSize;
184 UINT8 *RespPacket;
185 UINTN RespPacketSize;
186 UINT32 MessageId;
187 LIST_ENTRY BySessionTable; // Use for all IkeSaSession Links
188 } IKEV2_SA_SESSION;
189
190 typedef struct {
191 UINT32 Signature;
192 IKEV2_SESSION_COMMON SessionCommon;
193 IKEV2_SA_SESSION *IkeSaSession;
194 UINT32 MessageId;
195 IKEV2_SA_DATA *SaData;
196 UINT8 IpsecProtocol;
197 UINT32 LocalPeerSpi;
198 UINT32 RemotePeerSpi;
199 UINT8 *NiBlock;
200 UINTN NiBlkSize;
201 UINT8 *NrBlock;
202 UINTN NrBlkSize;
203 SA_KEYMATS ChildKeymats;
204 IKEV2_DH_BUFFER *DhBuffer; //New DH exchnaged by CREATE_CHILD_SA
205 IPSEC_SPD_ENTRY *Spd;
206 EFI_IPSEC_SPD_SELECTOR *SpdSelector;
207 UINT16 ProtoId;
208 UINT16 RemotePort;
209 UINT16 LocalPort;
210 LIST_ENTRY ByIkeSa;
211 LIST_ENTRY ByDelete;
212 } IKEV2_CHILD_SA_SESSION;
213
214 typedef enum {
215 Ikev2InfoNotify,
216 Ikev2InfoDelete,
217 Ikev2InfoLiveCheck
218 } IKEV2_INFO_TYPE;
219
220 //
221 // This struct is used to pass the detail infromation to the InfoGenerator() for
222 // the response Information Exchange Message creatation.
223 //
224 typedef struct {
225 UINT32 MessageId;
226 IKEV2_INFO_TYPE InfoType;
227 } IKEV2_INFO_EXCHANGE_CONTEXT;
228
229 typedef struct {
230 UINTN DataSize;
231 UINT8 *Data;
232 } PRF_DATA_FRAGMENT;
233
234 typedef
235 IKE_PACKET *
236 (*IKEV2_PACKET_GENERATOR) (
237 IN UINT8 *SaSession,
238 IN VOID *Context
239 );
240
241 typedef
242 EFI_STATUS
243 (*IKEV2_PACKET_PARSER) (
244 IN UINT8 *SaSession,
245 IN IKE_PACKET *IkePacket
246 );
247
248 typedef struct {
249 IKEV2_PACKET_PARSER Parser;
250 IKEV2_PACKET_GENERATOR Generator;
251 } IKEV2_PACKET_HANDLER;
252
253 extern IKEV2_PACKET_HANDLER mIkev2Initial[][2];
254 extern IKEV2_PACKET_HANDLER mIkev2CreateChild;
255 extern IKEV2_PACKET_HANDLER mIkev2Info;
256
257 #endif
258
EFI Development Kit II mirror for PVE