+++ /dev/null
-/** @file\r
- Prototypes definitions of IKE service.\r
-\r
- Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#ifndef _IKE_SERVICE_H_\r
-#define _IKE_SERVICE_H_\r
-\r
-#include "Ike.h"\r
-#include "IpSecImpl.h"\r
-#include "IkeCommon.h"\r
-#include "Ikev2/Utility.h"\r
-\r
-#define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024\r
-\r
-/**\r
- This is prototype definition of general interface to intialize a IKE negotiation.\r
-\r
- @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.\r
- @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.\r
- @param[in] PadEntry Point to PAD entry related to this IKE negotiation.\r
- @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.\r
-\r
- @retval EFI_SUCCESS The operation is successful.\r
- @return Otherwise The operation is failed.\r
-\r
-**/\r
-typedef\r
-EFI_STATUS\r
-(*IKE_NEGOTIATE_SA) (\r
- IN IKE_UDP_SERVICE * UdpService,\r
- IN IPSEC_SPD_ENTRY * SpdEntry,\r
- IN IPSEC_PAD_ENTRY * PadEntry,\r
- IN EFI_IP_ADDRESS * RemoteIp\r
- );\r
-\r
-/**\r
- This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.\r
-\r
- This function will be called when the related IKE SA is existed and start to\r
- create a Child SA.\r
-\r
- @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.\r
- @param[in] SpdEntry Point to SPD entry related to this Negotiation.\r
- @param[in] Context Point to data passed from the caller.\r
-\r
- @retval EFI_SUCCESS The operation is successful.\r
- @retval Otherwise The operation is failed.\r
-\r
-**/\r
-typedef\r
-EFI_STATUS\r
-(*IKE_NEGOTIATE_CHILD_SA) (\r
- IN UINT8 *IkeSaSession,\r
- IN IPSEC_SPD_ENTRY *SpdEntry,\r
- IN UINT8 *Context\r
- );\r
-\r
-/**\r
- This is prototype definition of the general interface when initialize a Inforamtion\r
- Exchange.\r
-\r
- @param[in] IkeSaSession Point to IKE SA Session related to.\r
- @param[in] Context Point to data passed from caller.\r
-\r
-**/\r
-typedef\r
-EFI_STATUS\r
-(*IKE_NEGOTIATE_INFO) (\r
- IN UINT8 *IkeSaSession,\r
- IN UINT8 *Context\r
- );\r
-\r
-/**\r
- This is prototype definition of the general interface when recived a IKE Pakcet\r
- for the IKE SA establishing.\r
-\r
- @param[in] UdpService Point to UDP service used to send IKE Packet.\r
- @param[in] IkePacket Point to received IKE packet.\r
-\r
-**/\r
-typedef\r
-VOID\r
-(*IKE_HANDLE_SA) (\r
- IN IKE_UDP_SERVICE *UdpService,\r
- IN IKE_PACKET *IkePacket\r
- );\r
-\r
-/**\r
- This is prototyp definition of the general interface when recived a IKE Packet\r
- xfor the Child SA establishing.\r
-\r
- @param[in] UdpService Point to UDP service used to send IKE packet.\r
- @param[in] IkePacket Point to received IKE packet.\r
-\r
-**/\r
-typedef\r
-VOID\r
-(*IKE_HANDLE_CHILD_SA) (\r
- IN IKE_UDP_SERVICE *UdpService,\r
- IN IKE_PACKET *IkePacket\r
- );\r
-\r
-/**\r
- This is prototype definition of the general interface when received a IKE\r
- information Packet.\r
-\r
- @param[in] UdpService Point to UDP service used to send IKE packet.\r
- @param[in] IkePacket Point to received IKE packet.\r
-\r
-**/\r
-typedef\r
-VOID\r
-(*IKE_HANDLE_INFO) (\r
- IN IKE_UDP_SERVICE *UdpService,\r
- IN IKE_PACKET *IkePacket\r
- );\r
-\r
-typedef struct _IKE_EXCHANGE_INTERFACE {\r
- UINT8 IkeVer;\r
- IKE_NEGOTIATE_SA NegotiateSa;\r
- IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;\r
- IKE_NEGOTIATE_INFO NegotiateInfo;\r
- IKE_HANDLE_SA HandleSa;\r
- IKE_HANDLE_CHILD_SA HandleChildSa;\r
- IKE_HANDLE_INFO HandleInfo;\r
-} IKE_EXCHANGE_INTERFACE;\r
-\r
-/**\r
- Open and configure a UDPIO of Udp4 for IKE packet receiving.\r
-\r
- This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r
- a UDP4 IO for each NIC handle.\r
-\r
- @param[in] Private Point to IPSEC_PRIVATE_DATA\r
- @param[in] Controller Handler for NIC card.\r
- @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
-\r
- @retval EFI_SUCCESS The Operation is successful.\r
- @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
-\r
-**/\r
-EFI_STATUS\r
-IkeOpenInputUdp4 (\r
- IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller,\r
- IN EFI_HANDLE ImageHandle\r
- );\r
-\r
-/**\r
- Open and configure a UDPIO of Udp6 for IKE packet receiving.\r
-\r
- This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r
- IO for each NIC handle.\r
-\r
- @param[in] Private Point to IPSEC_PRIVATE_DATA\r
- @param[in] Controller Handler for NIC card.\r
- @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
-\r
- @retval EFI_SUCCESS The Operation is successful.\r
- @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
-\r
-**/\r
-EFI_STATUS\r
-IkeOpenInputUdp6 (\r
- IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller,\r
- IN EFI_HANDLE ImageHandle\r
- );\r
-\r
-/**\r
- The general interface of starting IPsec Key Exchange.\r
-\r
- This function is called when start a IKE negotiation to get a Key.\r
-\r
- @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r
- IKE packet sending.\r
- @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r
- @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r
-\r
- @retval EFI_SUCCESS The Operation is successful.\r
- @retval EFI_ACCESS_DENIED No related PAD entry was found.\r
-\r
-**/\r
-EFI_STATUS\r
-IkeNegotiate (\r
- IN IKE_UDP_SERVICE *UdpService,\r
- IN IPSEC_SPD_ENTRY *SpdEntry,\r
- IN EFI_IP_ADDRESS *RemoteIp\r
- );\r
-\r
-/**\r
- The general interface when receive a IKE packet.\r
-\r
- This function is called when UDP IO receives a IKE packet.\r
-\r
- @param[in] Packet Point to received IKE packet.\r
- @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r
- Remote IP and Port.\r
- @param[in] IoStatus The Status of Recieve Token.\r
- @param[in] Context Point to data passed from the caller.\r
-\r
-**/\r
-VOID\r
-EFIAPI\r
-IkeDispatch (\r
- IN NET_BUF *Packet,\r
- IN UDP_END_POINT *EndPoint,\r
- IN EFI_STATUS IoStatus,\r
- IN VOID *Context\r
- );\r
-\r
-/**\r
- Check if the NIC handle is binded to a Udp service.\r
-\r
- @param[in] Private Pointer of IPSEC_PRIVATE_DATA\r
- @param[in] Handle The Handle of the NIC card\r
- @param[in] IpVersion The version of the IP stack.\r
-\r
- @return a pointer of IKE_UDP_SERVICE.\r
-\r
-**/\r
-IKE_UDP_SERVICE *\r
-IkeLookupUdp (\r
- IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Handle,\r
- IN UINT8 IpVersion\r
- );\r
-\r
-\r
-/**\r
- Delete all established IKE SAs and related Child SAs.\r
-\r
- This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r
- IkeDeleteChildSa() to delete all Child SAs then send out the related\r
- Information packet.\r
-\r
- @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.\r
- @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r
-\r
-**/\r
-VOID\r
-IkeDeleteAllSas (\r
- IN IPSEC_PRIVATE_DATA *Private,\r
- IN BOOLEAN IsDisableIpsec\r
- );\r
-\r
-\r
-extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;\r
-extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;\r
-\r
-#endif\r