]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/Ikev2/Ikev2.h
projects / mirror_edk2.git / blob
? search:


83d1efdd3ea1c3b6304c26977f2492364205883f
[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Ikev2.h
1 /** @file
2 IKEv2 related definitions.
3
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9 #ifndef _IKE_V2_H_
10 #define _IKE_V2_H_
11
12 #include "Ike.h"
13 #include "Payload.h"
14
15 #define IKEV2_TS_ANY_PORT 0xffff
16 #define IKEV2_TS_ANY_PROTOCOL 0
17
18 #define IKEV2_DELET_CHILDSA_LIST 0
19 #define IKEV2_ESTABLISHING_CHILDSA_LIST 1
20 #define IKEV2_ESTABLISHED_CHILDSA_LIST 2
21
22 #define IKEV2_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'I')
23 #define IKEV2_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_SA_SESSION, SessionCommon, IKEV2_SA_SESSION_SIGNATURE)
24 #define IKEV2_SA_SESSION_BY_SESSION(a) CR (a, IKEV2_SA_SESSION, BySessionTable, IKEV2_SA_SESSION_SIGNATURE)
25 #define IKEV2_SA_SESSION_BY_ESTABLISHED(a) CR (a, IKEV2_SA_SESSION, ByEstablishedTable, IKEV2_SA_SESSION_SIGNATURE)
26
27 #define IKEV2_CHILD_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'C')
28 #define IKEV2_CHILD_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_CHILD_SA_SESSION, SessionCommon, IKEV2_CHILD_SA_SESSION_SIGNATURE)
29 #define IKEV2_CHILD_SA_SESSION_BY_IKE_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByIkeSa, IKEV2_CHILD_SA_SESSION_SIGNATURE)
30 #define IKEV2_CHILD_SA_SESSION_BY_DEL_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByDelete, IKEV2_CHILD_SA_SESSION_SIGNATURE)
31
32 #define IS_IKEV2_SA_SESSION(s) ((s)->Common.IkeSessionType == IkeSessionTypeIkeSa)
33 #define IKEV2_SA_FIRST_PROPOSAL(Sa) (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1)
34 #define IKEV2_NEXT_TRANSFORM_WITH_SIZE(Transform,TransformSize) \
35 (IKEV2_TRANSFORM *) ((UINT8 *)(Transform) + (TransformSize))
36
37 #define IKEV2_NEXT_PROPOSAL_WITH_SIZE(Proposal, ProposalSize) \
38 (IKEV2_PROPOSAL *) ((UINT8 *)(Proposal) + (ProposalSize))
39
40 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \
41 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
42 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
43 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \
44 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
45 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
46
47 typedef enum {
48 IkeStateInit,
49 IkeStateAuth,
50 IkeStateIkeSaEstablished,
51 IkeStateCreateChild,
52 IkeStateSaRekeying,
53 IkeStateChildSaEstablished,
54 IkeStateSaDeleting,
55 IkeStateMaximum
56 } IKEV2_SESSION_STATE;
57
58 typedef enum {
59 IkeRequestTypeCreateChildSa,
60 IkeRequestTypeRekeyChildSa,
61 IkeRequestTypeRekeyIkeSa,
62 IkeRequestTypeMaximum
63 } IKEV2_CREATE_CHILD_REQUEST_TYPE;
64
65 typedef struct {
66 UINT8 *GxBuffer;
67 UINTN GxSize;
68 UINT8 *GyBuffer;
69 UINTN GySize;
70 UINT8 *GxyBuffer;
71 UINTN GxySize;
72 UINT8 *DhContext;
73 } IKEV2_DH_BUFFER;
74
75 typedef struct {
76 IKEV2_DH_BUFFER *DhBuffer;
77 UINT8 *SkdKey;
78 UINTN SkdKeySize;
79 UINT8 *SkAiKey;
80 UINTN SkAiKeySize;
81 UINT8 *SkArKey;
82 UINTN SkArKeySize;
83 UINT8 *SkEiKey;
84 UINTN SkEiKeySize;
85 UINT8 *SkErKey;
86 UINTN SkErKeySize;
87 UINT8 *SkPiKey;
88 UINTN SkPiKeySize;
89 UINT8 *SkPrKey;
90 UINTN SkPrKeySize;
91 } IKEV2_SESSION_KEYS;
92
93 typedef struct {
94 UINT16 LifeType;
95 UINT64 LifeDuration;
96 UINT16 EncAlgId;
97 UINTN EnckeyLen;
98 UINT16 Prf;
99 UINT16 IntegAlgId;
100 UINTN IntegKeyLen;
101 UINT16 DhGroup;
102 UINT8 ExtSeq;
103 } IKEV2_SA_PARAMS;
104
105 //
106 // Internal Payload
107 //
108 typedef struct {
109 IKEV2_SA SaHeader;
110 UINTN NumProposals;
111 //
112 // IKE_PROPOSAL_DATA Proposals[1];
113 //
114 } IKEV2_SA_DATA;
115
116 typedef struct {
117 UINT8 ProposalIndex;
118 UINT8 ProtocolId;
119 UINT8 *Spi;
120 UINT8 NumTransforms;
121 //
122 // IKE_TRANSFORM_DATA Transforms[1];
123 //
124 } IKEV2_PROPOSAL_DATA;
125
126 typedef struct {
127 UINT8 TransformIndex;
128 UINT8 TransformType;
129 UINT16 TransformId;
130 IKE_SA_ATTRIBUTE Attribute;
131 } IKEV2_TRANSFORM_DATA;
132
133 typedef struct {
134 UINT8 IkeVer;
135 IKE_SESSION_TYPE IkeSessionType;
136 BOOLEAN IsInitiator;
137 BOOLEAN IsOnDeleting; // Flag to indicate whether the SA is on deleting.
138 IKEV2_SESSION_STATE State;
139 EFI_EVENT TimeoutEvent;
140 UINT64 TimeoutInterval;
141 UINTN RetryCount;
142 IKE_PACKET *LastSentPacket;
143 IKEV2_SA_PARAMS *SaParams;
144 UINT16 PreferDhGroup;
145 EFI_IP_ADDRESS RemotePeerIp;
146 EFI_IP_ADDRESS LocalPeerIp;
147 IKE_ON_PAYLOAD_FROM_NET BeforeDecodePayload;
148 IKE_ON_PAYLOAD_FROM_NET AfterEncodePayload;
149 IKE_UDP_SERVICE *UdpService;
150 IPSEC_PRIVATE_DATA *Private;
151 } IKEV2_SESSION_COMMON;
152
153 typedef struct {
154 UINT32 Signature;
155 IKEV2_SESSION_COMMON SessionCommon;
156 UINT64 InitiatorCookie;
157 UINT64 ResponderCookie;
158 //
159 // Initiator: SA proposals to be sent
160 // Responder: SA proposals to be matched
161 //
162 IKEV2_SA_DATA *SaData; // SA Private struct used for SA payload generation
163 IKEV2_SESSION_KEYS *IkeKeys;
164 UINT8 *NiBlock;
165 UINTN NiBlkSize;
166 UINT8 *NrBlock;
167 UINTN NrBlkSize;
168 UINT8 *NCookie; // Buffer Contains the Notify Cookie
169 UINTN NCookieSize; // Size of NCookie
170 IPSEC_PAD_ENTRY *Pad;
171 IPSEC_SPD_ENTRY *Spd; // SPD that requested the negotiation, TODO: better use SPD selector
172 LIST_ENTRY ChildSaSessionList;
173 LIST_ENTRY ChildSaEstablishSessionList; // For Establish Child SA.
174 LIST_ENTRY InfoMIDList; // For Information MID
175 LIST_ENTRY DeleteSaList; // For deteling Child SA.
176 UINT8 *InitPacket;
177 UINTN InitPacketSize;
178 UINT8 *RespPacket;
179 UINTN RespPacketSize;
180 UINT32 MessageId;
181 LIST_ENTRY BySessionTable; // Use for all IkeSaSession Links
182 } IKEV2_SA_SESSION;
183
184 typedef struct {
185 UINT32 Signature;
186 IKEV2_SESSION_COMMON SessionCommon;
187 IKEV2_SA_SESSION *IkeSaSession;
188 UINT32 MessageId;
189 IKEV2_SA_DATA *SaData;
190 UINT8 IpsecProtocol;
191 UINT32 LocalPeerSpi;
192 UINT32 RemotePeerSpi;
193 UINT8 *NiBlock;
194 UINTN NiBlkSize;
195 UINT8 *NrBlock;
196 UINTN NrBlkSize;
197 SA_KEYMATS ChildKeymats;
198 IKEV2_DH_BUFFER *DhBuffer; //New DH exchnaged by CREATE_CHILD_SA
199 IPSEC_SPD_ENTRY *Spd;
200 EFI_IPSEC_SPD_SELECTOR *SpdSelector;
201 UINT16 ProtoId;
202 UINT16 RemotePort;
203 UINT16 LocalPort;
204 LIST_ENTRY ByIkeSa;
205 LIST_ENTRY ByDelete;
206 } IKEV2_CHILD_SA_SESSION;
207
208 typedef enum {
209 Ikev2InfoNotify,
210 Ikev2InfoDelete,
211 Ikev2InfoLiveCheck
212 } IKEV2_INFO_TYPE;
213
214 //
215 // This struct is used to pass the detail infromation to the InfoGenerator() for
216 // the response Information Exchange Message creatation.
217 //
218 typedef struct {
219 UINT32 MessageId;
220 IKEV2_INFO_TYPE InfoType;
221 } IKEV2_INFO_EXCHANGE_CONTEXT;
222
223 typedef struct {
224 UINTN DataSize;
225 UINT8 *Data;
226 } PRF_DATA_FRAGMENT;
227
228 typedef
229 IKE_PACKET *
230 (*IKEV2_PACKET_GENERATOR) (
231 IN UINT8 *SaSession,
232 IN VOID *Context
233 );
234
235 typedef
236 EFI_STATUS
237 (*IKEV2_PACKET_PARSER) (
238 IN UINT8 *SaSession,
239 IN IKE_PACKET *IkePacket
240 );
241
242 typedef struct {
243 IKEV2_PACKET_PARSER Parser;
244 IKEV2_PACKET_GENERATOR Generator;
245 } IKEV2_PACKET_HANDLER;
246
247 extern IKEV2_PACKET_HANDLER mIkev2Initial[][2];
248 extern IKEV2_PACKET_HANDLER mIkev2CreateChild;
249 extern IKEV2_PACKET_HANDLER mIkev2Info;
250
251 #endif
252
EFI Development Kit II mirror for PVE