diff options
| author | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-12-31 10:43:54 +0000 |
|---|---|---|
| committer | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-12-31 10:43:54 +0000 |
| commit | 9166f840d2a70b924b0ff66528f056515443e4e8 (patch) | |
| tree | ba1f372f4e1165be3c06dd19758d151714ad77ca /NetworkPkg/IpSecDxe/IkeService.h | |
| parent | 4a8266f570ef411c21d7991f129e29aac817aa96 (diff) | |
Add IPsec/Ikev2 support.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11219 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg/IpSecDxe/IkeService.h')
| -rw-r--r-- | NetworkPkg/IpSecDxe/IkeService.h | 254 |
1 files changed, 254 insertions, 0 deletions
diff --git a/NetworkPkg/IpSecDxe/IkeService.h b/NetworkPkg/IpSecDxe/IkeService.h new file mode 100644 index 000000000..cbd58cc08 --- /dev/null +++ b/NetworkPkg/IpSecDxe/IkeService.h @@ -0,0 +1,254 @@ +/** @file
+ Prototypes definitions of IKE service.
+
+ Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _IKE_SERVICE_H_
+#define _IKE_SERVICE_H_
+
+#include "Ike.h"
+#include "IpSecImpl.h"
+#include "IkeCommon.h"
+
+#define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024
+
+/**
+ This is prototype definition of general interface to intialize a IKE negotiation.
+
+ @param[in] UdpService Point to Udp Servcie used for the IKE packet sending.
+ @param[in] SpdEntry Point to SPD entry related to this IKE negotiation.
+ @param[in] PadEntry Point to PAD entry related to this IKE negotiation.
+ @param[in] RemoteIp Point to IP Address which the remote peer to negnotiate.
+
+ @retval EFI_SUCCESS The operation is successful.
+ @return Otherwise The operation is failed.
+
+**/
+typedef
+EFI_STATUS
+(*IKE_NEGOTIATE_SA) (
+ IN IKE_UDP_SERVICE * UdpService,
+ IN IPSEC_SPD_ENTRY * SpdEntry,
+ IN IPSEC_PAD_ENTRY * PadEntry,
+ IN EFI_IP_ADDRESS * RemoteIp
+ );
+
+/**
+ This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.
+
+ This function will be called when the related IKE SA is existed and start to
+ create a Child SA.
+
+ @param[in] IkeSaSession Point to IKE SA Session related to this Negotiation.
+ @param[in] SpdEntry Point to SPD entry related to this Negotiation.
+ @param[in] Context Point to data passed from the caller.
+
+ @retval EFI_SUCCESS The operation is successful.
+ @retval Otherwise The operation is failed.
+
+**/
+typedef
+EFI_STATUS
+(*IKE_NEGOTIATE_CHILD_SA) (
+ IN UINT8 *IkeSaSession,
+ IN IPSEC_SPD_ENTRY *SpdEntry,
+ IN UINT8 *Context
+ );
+
+/**
+ This is prototype definition of the general interface when initialize a Inforamtion
+ Exchange.
+
+ @param[in] IkeSaSession Point to IKE SA Session related to.
+ @param[in] Context Point to data passed from caller.
+
+**/
+typedef
+EFI_STATUS
+(*IKE_NEGOTIATE_INFO) (
+ IN UINT8 *IkeSaSession,
+ IN UINT8 *Context
+ );
+
+/**
+ This is prototype definition of the general interface when recived a IKE Pakcet
+ for the IKE SA establishing.
+
+ @param[in] UdpService Point to UDP service used to send IKE Packet.
+ @param[in] IkePacket Point to received IKE packet.
+
+**/
+typedef
+VOID
+(*IKE_HANDLE_SA) (
+ IN IKE_UDP_SERVICE *UdpService,
+ IN IKE_PACKET *IkePacket
+ );
+
+/**
+ This is prototyp definition of the general interface when recived a IKE Packet
+ xfor the Child SA establishing.
+
+ @param[in] UdpService Point to UDP service used to send IKE packet.
+ @param[in] IkePacket Point to received IKE packet.
+
+**/
+typedef
+VOID
+(*IKE_HANDLE_CHILD_SA) (
+ IN IKE_UDP_SERVICE *UdpService,
+ IN IKE_PACKET *IkePacket
+ );
+
+/**
+ This is prototype definition of the general interface when received a IKE
+ information Packet.
+
+ @param[in] UdpService Point to UDP service used to send IKE packet.
+ @param[in] IkePacket Point to received IKE packet.
+
+**/
+typedef
+VOID
+(*IKE_HANDLE_INFO) (
+ IN IKE_UDP_SERVICE *UdpService,
+ IN IKE_PACKET *IkePacket
+ );
+
+typedef struct _IKE_EXCHANGE_INTERFACE {
+ UINT8 IkeVer;
+ IKE_NEGOTIATE_SA NegotiateSa;
+ IKE_NEGOTIATE_CHILD_SA NegotiateChildSa;
+ IKE_NEGOTIATE_INFO NegotiateInfo;
+ IKE_HANDLE_SA HandleSa;
+ IKE_HANDLE_CHILD_SA HandleChildSa;
+ IKE_HANDLE_INFO HandleInfo;
+} IKE_EXCHANGE_INTERFACE;
+
+/**
+ Open and configure a UDPIO of Udp4 for IKE packet receiving.
+
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and
+ a UDP4 IO for each NIC handle.
+
+ @param[in] Private Point to IPSEC_PRIVATE_DATA
+ @param[in] Controller Handler for NIC card.
+
+ @retval EFI_SUCCESS The Operation is successful.
+ @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.
+
+**/
+EFI_STATUS
+IkeOpenInputUdp4 (
+ IN IPSEC_PRIVATE_DATA *Private,
+ IN EFI_HANDLE Controller
+ );
+
+/**
+ Open and configure a UDPIO of Udp6 for IKE packet receiving.
+
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6
+ IO for each NIC handle.
+
+ @param[in] Private Point to IPSEC_PRIVATE_DATA
+ @param[in] Controller Handler for NIC card.
+
+ @retval EFI_SUCCESS The Operation is successful.
+ @retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.
+
+**/
+EFI_STATUS
+IkeOpenInputUdp6 (
+ IN IPSEC_PRIVATE_DATA *Private,
+ IN EFI_HANDLE Controller
+ );
+
+/**
+ The general interface of starting IPsec Key Exchange.
+
+ This function is called when start a IKE negotiation to get a Key.
+
+ @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for
+ IKE packet sending.
+ @param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.
+ @param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.
+
+ @retval EFI_SUCCESS The Operation is successful.
+ @retval EFI_ACCESS_DENIED No related PAD entry was found.
+
+**/
+EFI_STATUS
+IkeNegotiate (
+ IN IKE_UDP_SERVICE *UdpService,
+ IN IPSEC_SPD_ENTRY *SpdEntry,
+ IN EFI_IP_ADDRESS *RemoteIp
+ );
+
+/**
+ The general interface when receive a IKE packet.
+
+ This function is called when UDP IO receives a IKE packet.
+
+ @param[in] Packet Point to received IKE packet.
+ @param[in] EndPoint Point to UDP_END_POINT which contains the information of
+ Remote IP and Port.
+ @param[in] IoStatus The Status of Recieve Token.
+ @param[in] Context Point to data passed from the caller.
+
+**/
+VOID
+IkeDispatch (
+ IN NET_BUF *Packet,
+ IN UDP_END_POINT *EndPoint,
+ IN EFI_STATUS IoStatus,
+ IN VOID *Context
+ );
+
+/**
+ Check if the NIC handle is binded to a Udp service.
+
+ @param[in] Private Pointer of IPSEC_PRIVATE_DATA
+ @param[in] NicHandle The Handle of the NIC card
+ @param[in] IpVersion The version of the IP stack.
+
+ @return a pointer of IKE_UDP_SERVICE.
+
+**/
+IKE_UDP_SERVICE *
+IkeLookupUdp (
+ IN IPSEC_PRIVATE_DATA *Private,
+ IN EFI_HANDLE Handle,
+ IN UINT8 IpVersion
+ );
+
+
+/**
+ Delete all established IKE SAs and related Child SAs.
+
+ This function is the subfunction of the IpSecCleanupAllSa(). It first calls
+ IkeDeleteChildSa() to delete all Child SAs then send out the related
+ Information packet.
+
+ @param[in] Private Pointer of the IPSEC_PRIVATE_DATA.
+
+**/
+VOID
+IkeDeleteAllSas (
+ IN IPSEC_PRIVATE_DATA *Private
+ );
+
+
+extern IKE_EXCHANGE_INTERFACE mIkev1Exchange;
+extern IKE_EXCHANGE_INTERFACE mIkev2Exchange;
+
+#endif
|