+++ /dev/null
-/** @file\r
- The common definition of IPsec Key Exchange (IKE).\r
-\r
- Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-\r
-**/\r
-\r
-#ifndef _IKE_H_\r
-#define _IKE_H_\r
-\r
-#include <Library/UdpIoLib.h>\r
-#include <Library/BaseCryptLib.h>\r
-#include "IpSecImpl.h"\r
-\r
-#define IKE_VERSION_MAJOR_MASK 0xf0\r
-#define IKE_VERSION_MINOR_MASK 0x0f\r
-\r
-#define IKE_MAJOR_VERSION(v) (((v) & IKE_VERSION_MAJOR_MASK) >> 4)\r
-#define IKE_MINOR_VERSION(v) ((v) & IKE_VERSION_MINOR_MASK)\r
-\r
-//\r
-// Protocol Value Use in IKEv1 and IKEv2\r
-//\r
-#define IPSEC_PROTO_ISAKMP 1\r
-#define IPSEC_PROTO_IPSEC_AH 2\r
-#define IPSEC_PROTO_IPSEC_ESP 3\r
-#define IPSEC_PROTO_IPCOMP 4 // For IKEv1 this value is reserved\r
-\r
-//\r
-// For Algorithm search in support list.Last two types are for IKEv2 only.\r
-//\r
-#define IKE_ENCRYPT_TYPE 0\r
-#define IKE_AUTH_TYPE 1\r
-#define IKE_PRF_TYPE 2\r
-#define IKE_DH_TYPE 3\r
-\r
-//\r
-// Encryption Algorithm present in IKEv1 phasrs2 and IKEv2 transform payload (Transform Type 1)\r
-//\r
-#define IPSEC_ESP_DES_IV64 1\r
-#define IPSEC_ESP_DES 2\r
-#define IPSEC_ESP_3DES 3\r
-#define IPSEC_ESP_RC5 4\r
-#define IPSEC_ESP_IDEA 5\r
-#define IPSEC_ESP_CAST 6\r
-#define IPSEC_ESP_BLOWFISH 7\r
-#define IPSEC_ESP_3IDEA 8\r
-#define IPSEC_ESP_DES_IV32 9\r
-#define IPSEC_ESP_RC4 10 // It's reserved in IKEv2\r
-#define IPSEC_ESP_NULL 11\r
-#define IPSEC_ESP_AES 12\r
-\r
-#define IKE_XCG_TYPE_NONE 0\r
-#define IKE_XCG_TYPE_BASE 1\r
-#define IKE_XCG_TYPE_IDENTITY_PROTECT 2\r
-#define IKE_XCG_TYPE_AUTH_ONLY 3\r
-#define IKE_XCG_TYPE_AGGR 4\r
-#define IKE_XCG_TYPE_INFO 5\r
-#define IKE_XCG_TYPE_QM 32\r
-#define IKE_XCG_TYPE_NGM 33\r
-#define IKE_XCG_TYPE_SA_INIT 34\r
-#define IKE_XCG_TYPE_AUTH 35\r
-#define IKE_XCG_TYPE_CREATE_CHILD_SA 36\r
-#define IKE_XCG_TYPE_INFO2 37\r
-\r
-#define IKE_LIFE_TYPE_SECONDS 1\r
-#define IKE_LIFE_TYPE_KILOBYTES 2\r
-\r
-//\r
-// Deafult IKE SA lifetime and CHILD SA lifetime\r
-//\r
-#define IKE_SA_DEFAULT_LIFETIME 1200\r
-#define CHILD_SA_DEFAULT_LIFETIME 3600\r
-\r
-//\r
-// Next payload type presented within Proposal payload\r
-//\r
-#define IKE_PROPOSAL_NEXT_PAYLOAD_MORE 2\r
-#define IKE_PROPOSAL_NEXT_PAYLOAD_NONE 0\r
-\r
-//\r
-// Next payload type presented within Transform payload\r
-//\r
-#define IKE_TRANSFORM_NEXT_PAYLOAD_MORE 3\r
-#define IKE_TRANSFORM_NEXT_PAYLOAD_NONE 0\r
-\r
-//\r
-// Max size of the SA attribute\r
-//\r
-#define MAX_SA_ATTRS_SIZE 48\r
-#define SA_ATTR_FORMAT_BIT 0x8000\r
-//\r
-// The definition for Information Message ID.\r
-//\r
-#define INFO_MID_SIGNATURE SIGNATURE_32 ('I', 'N', 'F', 'M')\r
-\r
-//\r
-// Type for the IKE SESSION COMMON\r
-//\r
-typedef enum {\r
- IkeSessionTypeIkeSa,\r
- IkeSessionTypeChildSa,\r
- IkeSessionTypeInfo,\r
- IkeSessionTypeMax\r
-} IKE_SESSION_TYPE;\r
-\r
-//\r
-// The DH Group ID defined RFC3526 and RFC 2409\r
-//\r
-typedef enum {\r
- OakleyGroupModp768 = 1,\r
- OakleyGroupModp1024 = 2,\r
- OakleyGroupGp155 = 3, // Unsupported Now.\r
- OakleyGroupGp185 = 4, // Unsupported Now.\r
- OakleyGroupModp1536 = 5,\r
-\r
- OakleyGroupModp2048 = 14,\r
- OakleyGroupModp3072 = 15,\r
- OakleyGroupModp4096 = 16,\r
- OakleyGroupModp6144 = 17,\r
- OakleyGroupModp8192 = 18,\r
- OakleyGroupMax\r
-} OAKLEY_GROUP_ID;\r
-\r
-//\r
-// IKE Header\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT64 InitiatorCookie;\r
- UINT64 ResponderCookie;\r
- UINT8 NextPayload;\r
- UINT8 Version;\r
- UINT8 ExchangeType;\r
- UINT8 Flags;\r
- UINT32 MessageId;\r
- UINT32 Length;\r
-} IKE_HEADER;\r
-#pragma pack()\r
-\r
-typedef union {\r
- UINT16 AttrLength;\r
- UINT16 AttrValue;\r
-} IKE_SA_ATTR_UNION;\r
-\r
-//\r
-// SA Attribute present in Transform Payload\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT16 AttrType;\r
- IKE_SA_ATTR_UNION Attr;\r
-} IKE_SA_ATTRIBUTE;\r
-#pragma pack()\r
-\r
-//\r
-// Contains the IKE packet information.\r
-//\r
-typedef struct {\r
- UINTN RefCount;\r
- BOOLEAN IsHdrExt;\r
- IKE_HEADER *Header;\r
- BOOLEAN IsPayloadsBufExt;\r
- UINT8 *PayloadsBuf; // The whole IkePakcet trimed the IKE header.\r
- UINTN PayloadTotalSize;\r
- LIST_ENTRY PayloadList;\r
- EFI_IP_ADDRESS RemotePeerIp;\r
- BOOLEAN IsEncoded; // whether HTON is done when sending the packet\r
- UINT32 Spi; // For the Delete Information Exchange\r
- BOOLEAN IsDeleteInfo; // For the Delete Information Exchange\r
- IPSEC_PRIVATE_DATA *Private; // For the Delete Information Exchange\r
-} IKE_PACKET;\r
-\r
-//\r
-// The generic structure to all kinds of IKE payloads.\r
-//\r
-typedef struct {\r
- UINT32 Signature;\r
- BOOLEAN IsPayloadBufExt;\r
- UINT8 PayloadType;\r
- UINT8 *PayloadBuf;\r
- UINTN PayloadSize;\r
- LIST_ENTRY ByPacket;\r
-} IKE_PAYLOAD;\r
-\r
-//\r
-// Udp Service\r
-//\r
-typedef struct {\r
- UINT32 Signature;\r
- UINT8 IpVersion;\r
- LIST_ENTRY List;\r
- LIST_ENTRY *ListHead;\r
- EFI_HANDLE NicHandle;\r
- EFI_HANDLE ImageHandle;\r
- UDP_IO *Input;\r
- UDP_IO *Output;\r
- EFI_IP_ADDRESS DefaultAddress;\r
- BOOLEAN IsConfigured;\r
-} IKE_UDP_SERVICE;\r
-\r
-//\r
-// Each IKE session has its own Key sets for local peer and remote peer.\r
-//\r
-typedef struct {\r
- EFI_IPSEC_ALGO_INFO LocalPeerInfo;\r
- EFI_IPSEC_ALGO_INFO RemotePeerInfo;\r
-} SA_KEYMATS;\r
-\r
-//\r
-// Each algorithm has its own Id, Guid, BlockSize and KeyLength.\r
-// This struct contains these information for each algorithm. It is generic structure\r
-// for both encryption and authentication algorithm.\r
-// For authentication algorithm, the AlgSize means IcvSize. For encryption algorithm,\r
-// it means IvSize.\r
-//\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT8 AlgorithmId; // Encryption or Authentication Id used by ESP/AH\r
- EFI_GUID *AlgGuid;\r
- UINT8 AlgSize; // IcvSize or IvSize\r
- UINT8 BlockSize;\r
- UINTN KeyMateLen;\r
-} IKE_ALG_GUID_INFO; // For IPsec Authentication and Encryption Algorithm.\r
-#pragma pack()\r
-\r
-//\r
-// Structure used to store the DH group\r
-//\r
-typedef struct {\r
- UINT8 GroupId;\r
- UINTN Size;\r
- UINT8 *Modulus;\r
- UINTN GroupGenerator;\r
-} MODP_GROUP;\r
-\r
-/**\r
- This is prototype definition of general interface to phase the payloads\r
- after/before the decode/encode.\r
-\r
- @param[in] SessionCommon Point to the SessionCommon\r
- @param[in] PayloadBuf Point to the buffer of Payload.\r
- @param[in] PayloadSize The size of the PayloadBuf in bytes.\r
- @param[in] PayloadType The type of Payload.\r
-\r
-**/\r
-typedef\r
-VOID\r
-(*IKE_ON_PAYLOAD_FROM_NET) (\r
- IN UINT8 *SessionCommon,\r
- IN UINT8 *PayloadBuf,\r
- IN UINTN PayloadSize,\r
- IN UINT8 PayloadType\r
- );\r
-\r
-#endif\r
-\r