/** @file\r
EFI IPsec Configuration Protocol Definition\r
- The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and \r
+ The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and\r
policy related information for the EFI IPsec protocol driver.\r
\r
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
- @par Revision Reference: \r
+ @par Revision Reference:\r
This Protocol is introduced in UEFI Specification 2.2\r
\r
**/\r
/// EFI_IPSEC_CONFIG_DATA_TYPE\r
///\r
typedef enum {\r
- /// \r
- /// The IPsec Security Policy Database (aka SPD) setting. In IPsec, \r
- /// an essential element of Security Association (SA) processing is \r
- /// underlying SPD that specifies what services are to be offered to \r
- /// IP datagram and in what fashion. The SPD must be consulted \r
- /// during the processing of all traffic (inbound and outbound), \r
- /// including traffic not protected by IPsec, that traverses the IPsec \r
- /// boundary. With this DataType, SetData() function is to set \r
- /// the SPD entry information, which may add one new entry, delete \r
- /// one existed entry or flush the whole database according to the \r
- /// parameter values. The corresponding Data is of type \r
+ ///\r
+ /// The IPsec Security Policy Database (aka SPD) setting. In IPsec,\r
+ /// an essential element of Security Association (SA) processing is\r
+ /// underlying SPD that specifies what services are to be offered to\r
+ /// IP datagram and in what fashion. The SPD must be consulted\r
+ /// during the processing of all traffic (inbound and outbound),\r
+ /// including traffic not protected by IPsec, that traverses the IPsec\r
+ /// boundary. With this DataType, SetData() function is to set\r
+ /// the SPD entry information, which may add one new entry, delete\r
+ /// one existed entry or flush the whole database according to the\r
+ /// parameter values. The corresponding Data is of type\r
/// EFI_IPSEC_SPD_DATA\r
- /// \r
+ ///\r
IPsecConfigDataTypeSpd,\r
- /// \r
- /// The IPsec Security Association Database (aka SAD) setting. A \r
- /// SA is a simplex connection that affords security services to the \r
- /// traffic carried by it. Security services are afforded to an SA by the \r
- /// use of AH, or ESP, but not both. The corresponding Data is of \r
+ ///\r
+ /// The IPsec Security Association Database (aka SAD) setting. A\r
+ /// SA is a simplex connection that affords security services to the\r
+ /// traffic carried by it. Security services are afforded to an SA by the\r
+ /// use of AH, or ESP, but not both. The corresponding Data is of\r
/// type EFI_IPSEC_SAD_DATA.\r
- /// \r
+ ///\r
IPsecConfigDataTypeSad,\r
- /// \r
- /// The IPsec Peer Authorization Database (aka PAD) setting, which \r
- /// provides the link between the SPD and a security association \r
- /// management protocol. The PAD entry specifies the \r
- /// authentication protocol (e.g. IKEv1, IKEv2) method used and the \r
- /// authentication data. The corresponding Data is of type \r
+ ///\r
+ /// The IPsec Peer Authorization Database (aka PAD) setting, which\r
+ /// provides the link between the SPD and a security association\r
+ /// management protocol. The PAD entry specifies the\r
+ /// authentication protocol (e.g. IKEv1, IKEv2) method used and the\r
+ /// authentication data. The corresponding Data is of type\r
/// EFI_IPSEC_PAD_DATA.\r
///\r
IPsecConfigDataTypePad,\r
/// EFI_IPSEC_SPD_SELECTOR\r
///\r
typedef struct _EFI_IPSEC_SPD_SELECTOR {\r
- /// \r
+ ///\r
/// Specifies the actual number of entries in LocalAddress.\r
- /// \r
+ ///\r
UINT32 LocalAddressCount;\r
- /// \r
- /// A list of ranges of IPv4 or IPv6 addresses, which refers to the \r
+ ///\r
+ /// A list of ranges of IPv4 or IPv6 addresses, which refers to the\r
/// addresses being protected by IPsec policy.\r
- /// \r
+ ///\r
EFI_IP_ADDRESS_INFO *LocalAddress;\r
- /// \r
+ ///\r
/// Specifies the actual number of entries in RemoteAddress.\r
- /// \r
+ ///\r
UINT32 RemoteAddressCount;\r
- /// \r
- /// A list of ranges of IPv4 or IPv6 addresses, which are peer entities \r
- /// to LocalAddress. \r
- /// \r
+ ///\r
+ /// A list of ranges of IPv4 or IPv6 addresses, which are peer entities\r
+ /// to LocalAddress.\r
+ ///\r
EFI_IP_ADDRESS_INFO *RemoteAddress;\r
- /// \r
- /// Next layer protocol. Obtained from the IPv4 Protocol or the IPv6 \r
- /// Next Header fields. The next layer protocol is whatever comes \r
- /// after any IP extension headers that are present. A zero value is a \r
+ ///\r
+ /// Next layer protocol. Obtained from the IPv4 Protocol or the IPv6\r
+ /// Next Header fields. The next layer protocol is whatever comes\r
+ /// after any IP extension headers that are present. A zero value is a\r
/// wildcard that matches any value in NextLayerProtocol field.\r
- /// \r
- UINT16 NextLayerProtocol; \r
- /// \r
- /// Local Port if the Next Layer Protocol uses two ports (as do TCP, \r
- /// UDP, and others). A zero value is a wildcard that matches any \r
+ ///\r
+ UINT16 NextLayerProtocol;\r
+ ///\r
+ /// Local Port if the Next Layer Protocol uses two ports (as do TCP,\r
+ /// UDP, and others). A zero value is a wildcard that matches any\r
/// value in LocalPort field.\r
- /// \r
+ ///\r
UINT16 LocalPort;\r
- /// \r
- /// A designed port range size. The start port is LocalPort, and \r
- /// the total number of ports is described by LocalPortRange. \r
- /// This field is ignored if NextLayerProtocol does not use \r
- /// ports. \r
- /// \r
+ ///\r
+ /// A designed port range size. The start port is LocalPort, and\r
+ /// the total number of ports is described by LocalPortRange.\r
+ /// This field is ignored if NextLayerProtocol does not use\r
+ /// ports.\r
+ ///\r
UINT16 LocalPortRange;\r
- /// \r
- /// Remote Port if the Next Layer Protocol uses two ports. A zero \r
+ ///\r
+ /// Remote Port if the Next Layer Protocol uses two ports. A zero\r
/// value is a wildcard that matches any value in RemotePort field.\r
- /// \r
+ ///\r
UINT16 RemotePort;\r
- /// \r
- /// A designed port range size. The start port is RemotePort, and \r
- /// the total number of ports is described by RemotePortRange. \r
+ ///\r
+ /// A designed port range size. The start port is RemotePort, and\r
+ /// the total number of ports is described by RemotePortRange.\r
/// This field is ignored if NextLayerProtocol does not use ports.\r
- /// \r
+ ///\r
UINT16 RemotePortRange;\r
} EFI_IPSEC_SPD_SELECTOR;\r
- \r
+\r
///\r
/// EFI_IPSEC_TRAFFIC_DIR\r
/// represents the directionality in an SPD entry.\r
///\r
typedef enum {\r
///\r
- /// The EfiIPsecInBound refers to traffic entering an IPsec implementation via \r
+ /// The EfiIPsecInBound refers to traffic entering an IPsec implementation via\r
/// the unprotected interface or emitted by the implementation on the unprotected\r
- /// side of the boundary and directed towards the protected interface. \r
+ /// side of the boundary and directed towards the protected interface.\r
///\r
EfiIPsecInBound,\r
///\r
- /// The EfiIPsecOutBound refers to traffic entering the implementation via \r
+ /// The EfiIPsecOutBound refers to traffic entering the implementation via\r
/// the protected interface, or emitted by the implementation on the protected side\r
/// of the boundary and directed toward the unprotected interface.\r
///\r
/// represents three possible processing choices.\r
///\r
typedef enum {\r
- /// \r
+ ///\r
/// Refers to traffic that is not allowed to traverse the IPsec boundary.\r
- /// \r
+ ///\r
EfiIPsecActionDiscard,\r
- /// \r
- /// Refers to traffic that is allowed to cross the IPsec boundary \r
+ ///\r
+ /// Refers to traffic that is allowed to cross the IPsec boundary\r
/// without protection.\r
- /// \r
+ ///\r
EfiIPsecActionBypass,\r
- /// \r
- /// Refers to traffic that is afforded IPsec protection, and for such \r
- /// traffic the SPD must specify the security protocols to be \r
- /// employed, their mode, security service options, and the \r
- /// cryptographic algorithms to be used. \r
+ ///\r
+ /// Refers to traffic that is afforded IPsec protection, and for such\r
+ /// traffic the SPD must specify the security protocols to be\r
+ /// employed, their mode, security service options, and the\r
+ /// cryptographic algorithms to be used.\r
///\r
EfiIPsecActionProtect\r
} EFI_IPSEC_ACTION;\r
\r
///\r
/// EFI_IPSEC_SA_LIFETIME\r
-/// defines the lifetime of an SA, which represents when a SA must be \r
-/// replaced or terminated. A value of all 0 for each field removes \r
+/// defines the lifetime of an SA, which represents when a SA must be\r
+/// replaced or terminated. A value of all 0 for each field removes\r
/// the limitation of a SA lifetime.\r
///\r
typedef struct _EFI_IPSEC_SA_LIFETIME {\r
- /// \r
+ ///\r
/// The number of bytes to which the IPsec cryptographic algorithm\r
/// can be applied. For ESP, this is the encryption algorithm and for\r
- /// AH, this is the authentication algorithm. The ByteCount \r
+ /// AH, this is the authentication algorithm. The ByteCount\r
/// includes pad bytes for cryptographic operations.\r
- /// \r
+ ///\r
UINT64 ByteCount;\r
- /// \r
- /// A time interval in second that warns the implementation to \r
+ ///\r
+ /// A time interval in second that warns the implementation to\r
/// initiate action such as setting up a replacement SA.\r
- /// \r
+ ///\r
UINT64 SoftLifetime;\r
- /// \r
- /// A time interval in second when the current SA ends and is \r
+ ///\r
+ /// A time interval in second when the current SA ends and is\r
/// destroyed.\r
- /// \r
+ ///\r
UINT64 HardLifetime;\r
} EFI_IPSEC_SA_LIFETIME;\r
\r
///\r
/// EFI_IPSEC_MODE\r
-/// There are two modes of IPsec operation: transport mode and tunnel mode. In \r
-/// EfiIPsecTransport mode, AH and ESP provide protection primarily for next layer protocols; \r
+/// There are two modes of IPsec operation: transport mode and tunnel mode. In\r
+/// EfiIPsecTransport mode, AH and ESP provide protection primarily for next layer protocols;\r
/// In EfiIPsecTunnel mode, AH and ESP are applied to tunneled IP packets.\r
///\r
typedef enum {\r
/// EFI_IPSEC_TUNNEL_OPTION\r
///\r
typedef struct _EFI_IPSEC_TUNNEL_OPTION {\r
- /// \r
+ ///\r
/// Local tunnel address when IPsec mode is EfiIPsecTunnel.\r
- /// \r
+ ///\r
EFI_IP_ADDRESS LocalTunnelAddress;\r
- /// \r
+ ///\r
/// Remote tunnel address when IPsec mode is EfiIPsecTunnel.\r
- /// \r
+ ///\r
EFI_IP_ADDRESS RemoteTunnelAddress;\r
- /// \r
+ ///\r
/// The option of copying the DF bit from an outbound package\r
- /// to the tunnel mode header that it emits, when traffic is \r
- /// carried via a tunnel mode SA. \r
- /// \r
+ /// to the tunnel mode header that it emits, when traffic is\r
+ /// carried via a tunnel mode SA.\r
+ ///\r
EFI_IPSEC_TUNNEL_DF_OPTION DF;\r
} EFI_IPSEC_TUNNEL_OPTION;\r
\r
///\r
typedef enum {\r
EfiIPsecAH, ///< IP Authentication Header protocol which is specified in RFC 4302.\r
- EfiIPsecESP ///< IP Encapsulating Security Payload which is specified in RFC 4303. \r
+ EfiIPsecESP ///< IP Encapsulating Security Payload which is specified in RFC 4303.\r
} EFI_IPSEC_PROTOCOL_TYPE;\r
\r
///\r
/// describes a policy list for traffic processing.\r
///\r
typedef struct _EFI_IPSEC_PROCESS_POLICY {\r
- /// \r
- /// Extended Sequence Number. Is this SA using extended sequence \r
+ ///\r
+ /// Extended Sequence Number. Is this SA using extended sequence\r
/// numbers. 64 bit counter is used if TRUE.\r
- /// \r
+ ///\r
BOOLEAN ExtSeqNum;\r
- /// \r
- /// A flag indicating whether overflow of the sequence number \r
- /// counter should generate an auditable event and prevent \r
- /// transmission of additional packets on the SA, or whether rollover \r
+ ///\r
+ /// A flag indicating whether overflow of the sequence number\r
+ /// counter should generate an auditable event and prevent\r
+ /// transmission of additional packets on the SA, or whether rollover\r
/// is permitted.\r
- /// \r
+ ///\r
BOOLEAN SeqOverflow;\r
- /// \r
- /// Is this SA using stateful fragment checking. TRUE represents \r
+ ///\r
+ /// Is this SA using stateful fragment checking. TRUE represents\r
/// stateful fragment checking.\r
- /// \r
+ ///\r
BOOLEAN FragCheck;\r
- /// \r
- /// A time interval after which a SA must be replaced with a new SA \r
- /// (and new SPI) or terminated. \r
- /// \r
+ ///\r
+ /// A time interval after which a SA must be replaced with a new SA\r
+ /// (and new SPI) or terminated.\r
+ ///\r
EFI_IPSEC_SA_LIFETIME SaLifetime;\r
- /// \r
+ ///\r
/// IPsec mode: tunnel or transport.\r
- /// \r
+ ///\r
EFI_IPSEC_MODE Mode;\r
- /// \r
+ ///\r
/// Tunnel Option. TunnelOption is ignored if Mode is EfiIPsecTransport.\r
- /// \r
+ ///\r
EFI_IPSEC_TUNNEL_OPTION *TunnelOption;\r
- /// \r
+ ///\r
/// IPsec protocol: AH or ESP\r
- /// \r
+ ///\r
EFI_IPSEC_PROTOCOL_TYPE Proto;\r
- /// \r
+ ///\r
/// Cryptographic algorithm type used for authentication.\r
- /// \r
+ ///\r
UINT8 AuthAlgoId;\r
- /// \r
- /// Cryptographic algorithm type used for encryption. EncAlgo is \r
- /// NULL when IPsec protocol is AH. For ESP protocol, EncAlgo \r
- /// can also be used to describe the algorithm if a combined mode \r
+ ///\r
+ /// Cryptographic algorithm type used for encryption. EncAlgo is\r
+ /// NULL when IPsec protocol is AH. For ESP protocol, EncAlgo\r
+ /// can also be used to describe the algorithm if a combined mode\r
/// algorithm is used.\r
///\r
UINT8 EncAlgoId;\r
/// A triplet to identify an SA, consisting of the following members.\r
///\r
typedef struct _EFI_IPSEC_SA_ID {\r
- /// \r
- /// Security Parameter Index (aka SPI). An arbitrary 32-bit value \r
- /// that is used by a receiver to identity the SA to which an incoming \r
+ ///\r
+ /// Security Parameter Index (aka SPI). An arbitrary 32-bit value\r
+ /// that is used by a receiver to identity the SA to which an incoming\r
/// package should be bound.\r
- /// \r
+ ///\r
UINT32 Spi;\r
- /// \r
+ ///\r
/// IPsec protocol: AH or ESP\r
- /// \r
+ ///\r
EFI_IPSEC_PROTOCOL_TYPE Proto;\r
- /// \r
- /// Destination IP address. \r
- /// \r
+ ///\r
+ /// Destination IP address.\r
+ ///\r
EFI_IP_ADDRESS DestAddress;\r
} EFI_IPSEC_SA_ID;\r
\r
/// EFI_IPSEC_SPD_DATA\r
///\r
typedef struct _EFI_IPSEC_SPD_DATA {\r
- /// \r
- /// A null-terminated ASCII name string which is used as a symbolic \r
+ ///\r
+ /// A null-terminated ASCII name string which is used as a symbolic\r
/// identifier for an IPsec Local or Remote address.\r
- /// \r
+ ///\r
UINT8 Name[MAX_PEERID_LEN];\r
- /// \r
- /// Bit-mapped list describing Populate from Packet flags. When \r
- /// creating a SA, if PackageFlag bit is set to TRUE, instantiate \r
- /// the selector from the corresponding field in the package that \r
- /// triggered the creation of the SA, else from the value(s) in the \r
- /// corresponding SPD entry. The PackageFlag bit setting for \r
+ ///\r
+ /// Bit-mapped list describing Populate from Packet flags. When\r
+ /// creating a SA, if PackageFlag bit is set to TRUE, instantiate\r
+ /// the selector from the corresponding field in the package that\r
+ /// triggered the creation of the SA, else from the value(s) in the\r
+ /// corresponding SPD entry. The PackageFlag bit setting for\r
/// corresponding selector field of EFI_IPSEC_SPD_SELECTOR:\r
- /// Bit 0: EFI_IPSEC_SPD_SELECTOR.LocalAddress \r
- /// Bit 1: EFI_IPSEC_SPD_SELECTOR.RemoteAddress \r
- /// Bit 2: \r
- /// EFI_IPSEC_SPD_SELECTOR.NextLayerProtocol \r
- /// Bit 3: EFI_IPSEC_SPD_SELECTOR.LocalPort \r
- /// Bit 4: EFI_IPSEC_SPD_SELECTOR.RemotePort \r
+ /// Bit 0: EFI_IPSEC_SPD_SELECTOR.LocalAddress\r
+ /// Bit 1: EFI_IPSEC_SPD_SELECTOR.RemoteAddress\r
+ /// Bit 2:\r
+ /// EFI_IPSEC_SPD_SELECTOR.NextLayerProtocol\r
+ /// Bit 3: EFI_IPSEC_SPD_SELECTOR.LocalPort\r
+ /// Bit 4: EFI_IPSEC_SPD_SELECTOR.RemotePort\r
/// Others: Reserved.\r
///\r
UINT32 PackageFlag;\r
- /// \r
+ ///\r
/// The traffic direction of data gram.\r
- /// \r
+ ///\r
EFI_IPSEC_TRAFFIC_DIR TrafficDirection;\r
- /// \r
- /// Processing choices to indicate which action is required by this \r
- /// policy. \r
- /// \r
+ ///\r
+ /// Processing choices to indicate which action is required by this\r
+ /// policy.\r
+ ///\r
EFI_IPSEC_ACTION Action;\r
- /// \r
+ ///\r
/// The policy and rule information for a SPD entry.\r
- /// \r
+ ///\r
EFI_IPSEC_PROCESS_POLICY *ProcessingPolicy;\r
- /// \r
+ ///\r
/// Specifies the actual number of entries in SaId list.\r
- /// \r
+ ///\r
UINTN SaIdCount;\r
- /// \r
- /// The SAD entry used for the traffic processing. The \r
+ ///\r
+ /// The SAD entry used for the traffic processing. The\r
/// existed SAD entry links indicate this is the manual key case.\r
- /// \r
+ ///\r
EFI_IPSEC_SA_ID SaId[1];\r
} EFI_IPSEC_SPD_DATA;\r
\r
///\r
/// EFI_IPSEC_ESP_ALGO_INFO\r
/// The security algorithm selection for IPsec ESP encryption and authentication.\r
-/// The required authentication algorithm is specified in RFC 4305. \r
-/// EncAlgoId fields can also specify an ESP combined mode algorithm \r
-/// (e.g. AES with CCM mode, specified in RFC 4309), which provides both \r
+/// The required authentication algorithm is specified in RFC 4305.\r
+/// EncAlgoId fields can also specify an ESP combined mode algorithm\r
+/// (e.g. AES with CCM mode, specified in RFC 4309), which provides both\r
/// confidentiality and authentication services.\r
///\r
typedef struct _EFI_IPSEC_ESP_ALGO_INFO {\r
/// EFI_IPSEC_SA_DATA\r
///\r
typedef struct _EFI_IPSEC_SA_DATA {\r
- /// \r
+ ///\r
/// IPsec mode: tunnel or transport.\r
- /// \r
+ ///\r
EFI_IPSEC_MODE Mode;\r
- /// \r
- /// Sequence Number Counter. A 64-bit counter used to generate the \r
+ ///\r
+ /// Sequence Number Counter. A 64-bit counter used to generate the\r
/// sequence number field in AH or ESP headers.\r
- /// \r
+ ///\r
UINT64 SNCount;\r
- /// \r
- /// Anti-Replay Window. A 64-bit counter and a bit-map used to \r
+ ///\r
+ /// Anti-Replay Window. A 64-bit counter and a bit-map used to\r
/// determine whether an inbound AH or ESP packet is a replay.\r
- /// \r
+ ///\r
UINT8 AntiReplayWindows;\r
- /// \r
- /// AH/ESP cryptographic algorithm, key and parameters. \r
- /// \r
+ ///\r
+ /// AH/ESP cryptographic algorithm, key and parameters.\r
+ ///\r
EFI_IPSEC_ALGO_INFO AlgoInfo;\r
- /// \r
- /// Lifetime of this SA. \r
- /// \r
+ ///\r
+ /// Lifetime of this SA.\r
+ ///\r
EFI_IPSEC_SA_LIFETIME SaLifetime;\r
- /// \r
- /// Any observed path MTU and aging variables. The Path MTU \r
+ ///\r
+ /// Any observed path MTU and aging variables. The Path MTU\r
/// processing is defined in section 8 of RFC 4301.\r
- /// \r
+ ///\r
UINT32 PathMTU;\r
- /// \r
+ ///\r
/// Link to one SPD entry.\r
- /// \r
+ ///\r
EFI_IPSEC_SPD_SELECTOR *SpdSelector;\r
- /// \r
- /// Indication of whether it's manually set or negotiated automatically. \r
- /// If ManualSet is FALSE, the corresponding SA entry is inserted through \r
+ ///\r
+ /// Indication of whether it's manually set or negotiated automatically.\r
+ /// If ManualSet is FALSE, the corresponding SA entry is inserted through\r
/// IKE protocol negotiation.\r
///\r
BOOLEAN ManualSet;\r
///\r
/// EFI_IPSEC_SA_DATA2\r
///\r
-typedef struct _EFI_IPSEC_SA_DATA2 { \r
+typedef struct _EFI_IPSEC_SA_DATA2 {\r
///\r
/// IPsec mode: tunnel or transport\r
///\r
- EFI_IPSEC_MODE Mode; \r
+ EFI_IPSEC_MODE Mode;\r
///\r
- /// Sequence Number Counter. A 64-bit counter used to generate the sequence \r
- /// number field in AH or ESP headers. \r
+ /// Sequence Number Counter. A 64-bit counter used to generate the sequence\r
+ /// number field in AH or ESP headers.\r
///\r
- UINT64 SNCount; \r
+ UINT64 SNCount;\r
///\r
- /// Anti-Replay Window. A 64-bit counter and a bit-map used to determine \r
+ /// Anti-Replay Window. A 64-bit counter and a bit-map used to determine\r
/// whether an inbound AH or ESP packet is a replay.\r
///\r
- UINT8 AntiReplayWindows; \r
+ UINT8 AntiReplayWindows;\r
///\r
/// AH/ESP cryptographic algorithm, key and parameters.\r
///\r
- EFI_IPSEC_ALGO_INFO AlgoInfo; \r
+ EFI_IPSEC_ALGO_INFO AlgoInfo;\r
///\r
/// Lifetime of this SA.\r
///\r
- EFI_IPSEC_SA_LIFETIME SaLifetime; \r
+ EFI_IPSEC_SA_LIFETIME SaLifetime;\r
///\r
- /// Any observed path MTU and aging variables. The Path MTU processing is \r
+ /// Any observed path MTU and aging variables. The Path MTU processing is\r
/// defined in section 8 of RFC 4301.\r
///\r
- UINT32 PathMTU; \r
+ UINT32 PathMTU;\r
///\r
/// Link to one SPD entry\r
///\r
- EFI_IPSEC_SPD_SELECTOR *SpdSelector; \r
+ EFI_IPSEC_SPD_SELECTOR *SpdSelector;\r
///\r
- /// Indication of whether it's manually set or negotiated automatically. \r
- /// If ManualSet is FALSE, the corresponding SA entry is inserted through IKE \r
+ /// Indication of whether it's manually set or negotiated automatically.\r
+ /// If ManualSet is FALSE, the corresponding SA entry is inserted through IKE\r
/// protocol negotiation\r
///\r
BOOLEAN ManualSet;\r
/// The tunnel header IP destination address.\r
///\r
EFI_IP_ADDRESS TunnelDestinationAddress;\r
-} EFI_IPSEC_SA_DATA2; \r
+} EFI_IPSEC_SA_DATA2;\r
\r
\r
///\r
typedef struct _EFI_IPSEC_PAD_ID {\r
///\r
/// Flag to identify which type of PAD Id is used.\r
- /// \r
- BOOLEAN PeerIdValid; \r
+ ///\r
+ BOOLEAN PeerIdValid;\r
union {\r
///\r
/// Pointer to the IPv4 or IPv6 address range.\r
EFI_IP_ADDRESS_INFO IpAddress;\r
///\r
/// Pointer to a null terminated ASCII string\r
- /// representing the symbolic names. A PeerId can be a DNS \r
- /// name, Distinguished Name, RFC 822 email address or Key ID \r
+ /// representing the symbolic names. A PeerId can be a DNS\r
+ /// name, Distinguished Name, RFC 822 email address or Key ID\r
/// (specified in section 4.4.3.1 of RFC 4301)\r
///\r
UINT8 PeerId[MAX_PEERID_LEN];\r
\r
///\r
/// EFI_IPSEC_CONFIG_SELECTOR\r
-/// describes the expected IPsec configuration data selector \r
+/// describes the expected IPsec configuration data selector\r
/// of type EFI_IPSEC_CONFIG_DATA_TYPE.\r
///\r
typedef union {\r
\r
///\r
/// EFI_IPSEC_AUTH_PROTOCOL_TYPE\r
-/// defines the possible authentication protocol for IPsec \r
+/// defines the possible authentication protocol for IPsec\r
/// security association management.\r
///\r
typedef enum {\r
/// EFI_IPSEC_PAD_DATA\r
///\r
typedef struct _EFI_IPSEC_PAD_DATA {\r
- /// \r
+ ///\r
/// Authentication Protocol for IPsec security association management.\r
- /// \r
+ ///\r
EFI_IPSEC_AUTH_PROTOCOL_TYPE AuthProtocol;\r
- /// \r
+ ///\r
/// Authentication method used.\r
- /// \r
+ ///\r
EFI_IPSEC_AUTH_METHOD AuthMethod;\r
- /// \r
- /// The IKE ID payload will be used as a symbolic name for SPD \r
- /// lookup if IkeIdFlag is TRUE. Otherwise, the remote IP \r
+ ///\r
+ /// The IKE ID payload will be used as a symbolic name for SPD\r
+ /// lookup if IkeIdFlag is TRUE. Otherwise, the remote IP\r
/// address provided in traffic selector playloads will be used.\r
- /// \r
+ ///\r
BOOLEAN IkeIdFlag;\r
- /// \r
+ ///\r
/// The size of Authentication data buffer, in bytes.\r
- /// \r
+ ///\r
UINTN AuthDataSize;\r
- /// \r
- /// Buffer for Authentication data, (e.g., the pre-shared secret or the \r
- /// trust anchor relative to which the peer's certificate will be \r
+ ///\r
+ /// Buffer for Authentication data, (e.g., the pre-shared secret or the\r
+ /// trust anchor relative to which the peer's certificate will be\r
/// validated).\r
- /// \r
+ ///\r
VOID *AuthData;\r
- /// \r
+ ///\r
/// The size of RevocationData, in bytes\r
- /// \r
+ ///\r
UINTN RevocationDataSize;\r
- /// \r
- /// Pointer to CRL or OCSP data, if certificates are used for \r
+ ///\r
+ /// Pointer to CRL or OCSP data, if certificates are used for\r
/// authentication method.\r
- /// \r
+ ///\r
VOID *RevocationData;\r
} EFI_IPSEC_PAD_DATA;\r
\r
\r
/**\r
Set the security association, security policy and peer authorization configuration\r
- information for the EFI IPsec driver. \r
+ information for the EFI IPsec driver.\r
\r
This function is used to set the IPsec configuration information of type DataType for\r
the EFI IPsec driver.\r
The IPsec configuration data has a unique selector/identifier separately to identify\r
a data entry. The selector structure depends on DataType's definition.\r
Using SetData() with a Data of NULL causes the IPsec configuration data entry identified\r
- by DataType and Selector to be deleted. \r
+ by DataType and Selector to be deleted.\r
\r
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
@param[in] DataType The type of data to be set.\r
- @param[in] Selector Pointer to an entry selector on operated configuration data \r
- specified by DataType. A NULL Selector causes the entire \r
+ @param[in] Selector Pointer to an entry selector on operated configuration data\r
+ specified by DataType. A NULL Selector causes the entire\r
specified-type configuration information to be flushed.\r
- @param[in] Data The data buffer to be set. The structure of the data buffer is \r
+ @param[in] Data The data buffer to be set. The structure of the data buffer is\r
associated with the DataType.\r
@param[in] InsertBefore Pointer to one entry selector which describes the expected\r
position the new data entry will be added. If InsertBefore is NULL,\r
the new entry will be appended the end of database.\r
- \r
+\r
@retval EFI_SUCCESS The specified configuration entry data is set successfully.\r
@retval EFI_INVALID_PARAMETER One or more of the following are TRUE:\r
- This is NULL.\r
);\r
\r
/**\r
- Return the configuration value for the EFI IPsec driver. \r
+ Return the configuration value for the EFI IPsec driver.\r
\r
This function lookup the data entry from IPsec database or IKEv2 configuration\r
information. The expected data type and unique identification are described in\r
- DataType and Selector parameters. \r
+ DataType and Selector parameters.\r
\r
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
@param[in] DataType The type of data to retrieve.\r
- @param[in] Selector Pointer to an entry selector which is an identifier of the IPsec \r
+ @param[in] Selector Pointer to an entry selector which is an identifier of the IPsec\r
configuration data entry.\r
@param[in, out] DataSize On output the size of data returned in Data.\r
- @param[out] Data The buffer to return the contents of the IPsec configuration data. \r
- The type of the data buffer is associated with the DataType. \r
- \r
+ @param[out] Data The buffer to return the contents of the IPsec configuration data.\r
+ The type of the data buffer is associated with the DataType.\r
+\r
@retval EFI_SUCCESS The specified configuration data is got successfully.\r
@retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r
- This is NULL.\r
);\r
\r
/**\r
- Enumerates the current selector for IPsec configuration data entry. \r
+ Enumerates the current selector for IPsec configuration data entry.\r
\r
This function is called multiple times to retrieve the entry Selector in IPsec\r
- configuration database. On each call to GetNextSelector(), the next entry \r
+ configuration database. On each call to GetNextSelector(), the next entry\r
Selector are retrieved into the output interface.\r
- \r
- If the entire IPsec configuration database has been iterated, the error \r
+\r
+ If the entire IPsec configuration database has been iterated, the error\r
EFI_NOT_FOUND is returned.\r
- If the Selector buffer is too small for the next Selector copy, an \r
- EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect \r
+ If the Selector buffer is too small for the next Selector copy, an\r
+ EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect\r
the size of buffer needed.\r
\r
On the initial call to GetNextSelector() to start the IPsec configuration database\r
- search, a pointer to the buffer with all zero value is passed in Selector. Calls \r
- to SetData() between calls to GetNextSelector may produce unpredictable results. \r
+ search, a pointer to the buffer with all zero value is passed in Selector. Calls\r
+ to SetData() between calls to GetNextSelector may produce unpredictable results.\r
\r
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
@param[in] DataType The type of IPsec configuration data to retrieve.\r
@param[in, out] SelectorSize The size of the Selector buffer.\r
- @param[in, out] Selector On input, supplies the pointer to last Selector that was \r
+ @param[in, out] Selector On input, supplies the pointer to last Selector that was\r
returned by GetNextSelector().\r
On output, returns one copy of the current entry Selector\r
- of a given DataType. \r
- \r
+ of a given DataType.\r
+\r
@retval EFI_SUCCESS The specified configuration data is got successfully.\r
@retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r
- This is NULL.\r
@retval EFI_NOT_FOUND The next configuration data entry was not found.\r
@retval EFI_UNSUPPORTED The specified DataType is not supported.\r
@retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter\r
- has been updated with the size needed to complete the search \r
+ has been updated with the size needed to complete the search\r
request.\r
\r
**/\r
\r
/**\r
Register an event that is to be signaled whenever a configuration process on the\r
- specified IPsec configuration information is done. \r
+ specified IPsec configuration information is done.\r
\r
This function registers an event that is to be signaled whenever a configuration\r
- process on the specified IPsec configuration data is done (e.g. IPsec security \r
+ process on the specified IPsec configuration data is done (e.g. IPsec security\r
policy database configuration is ready). An event can be registered for different\r
- DataType simultaneously and the caller is responsible for determining which type \r
- of configuration data causes the signaling of the event in such case. \r
+ DataType simultaneously and the caller is responsible for determining which type\r
+ of configuration data causes the signaling of the event in such case.\r
\r
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
@param[in] DataType The type of data to be registered the event for.\r
@param[in] Event The event to be registered.\r
- \r
+\r
@retval EFI_SUCCESS The event is registered successfully.\r
@retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.\r
@retval EFI_ACCESS_DENIED The Event is already registered for the DataType.\r
\r
/**\r
Remove the specified event that is previously registered on the specified IPsec\r
- configuration data. \r
+ configuration data.\r
\r
- This function removes a previously registered event for the specified configuration data. \r
+ This function removes a previously registered event for the specified configuration data.\r
\r
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
@param[in] DataType The configuration data type to remove the registered event for.\r
@param[in] Event The event to be unregistered.\r
- \r
+\r
@retval EFI_SUCCESS The event is removed successfully.\r
- @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the \r
+ @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the\r
database.\r
@retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.\r
@retval EFI_UNSUPPORTED The notify registration unsupported or the specified\r
///\r
/// EFI_IPSEC_CONFIG_PROTOCOL\r
/// provides the ability to set and lookup the IPsec SAD (Security Association Database),\r
-/// SPD (Security Policy Database) data entry and configure the security association \r
-/// management protocol such as IKEv2. This protocol is used as the central \r
+/// SPD (Security Policy Database) data entry and configure the security association\r
+/// management protocol such as IKEv2. This protocol is used as the central\r
/// repository of any policy-specific configuration for EFI IPsec driver.\r
-/// EFI_IPSEC_CONFIG_PROTOCOL can be bound to both IPv4 and IPv6 stack. User can use this \r
+/// EFI_IPSEC_CONFIG_PROTOCOL can be bound to both IPv4 and IPv6 stack. User can use this\r
/// protocol for IPsec configuration in both IPv4 and IPv6 environment.\r
-/// \r
+///\r
struct _EFI_IPSEC_CONFIG_PROTOCOL {\r
EFI_IPSEC_CONFIG_SET_DATA SetData;\r
EFI_IPSEC_CONFIG_GET_DATA GetData;\r
projects / mirror_edk2.git / blobdiff