Home | History | Annotate | Download | only in IpSecDxe
      1 /** @file
      2   Prototypes definitions of IKE service.
      3 
      4   Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
      5 
      6   This program and the accompanying materials
      7   are licensed and made available under the terms and conditions of the BSD License
      8   which accompanies this distribution.  The full text of the license may be found at
      9   http://opensource.org/licenses/bsd-license.php.
     10 
     11   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     12   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     13 
     14 **/
     15 
     16 #ifndef _IKE_SERVICE_H_
     17 #define _IKE_SERVICE_H_
     18 
     19 #include "Ike.h"
     20 #include "IpSecImpl.h"
     21 #include "IkeCommon.h"
     22 #include "Ikev2/Utility.h"
     23 
     24 #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024
     25 
     26 /**
     27   This is prototype definition of general interface to intialize a IKE negotiation.
     28 
     29   @param[in]  UdpService      Point to Udp Servcie used for the IKE packet sending.
     30   @param[in]  SpdEntry        Point to SPD entry related to this IKE negotiation.
     31   @param[in]  PadEntry        Point to PAD entry related to this IKE negotiation.
     32   @param[in]  RemoteIp        Point to IP Address which the remote peer to negnotiate.
     33 
     34   @retval EFI_SUCCESS     The operation is successful.
     35   @return Otherwise       The operation is failed.
     36 
     37 **/
     38 typedef
     39 EFI_STATUS
     40 (*IKE_NEGOTIATE_SA) (
     41   IN IKE_UDP_SERVICE                * UdpService,
     42   IN IPSEC_SPD_ENTRY                * SpdEntry,
     43   IN IPSEC_PAD_ENTRY                * PadEntry,
     44   IN EFI_IP_ADDRESS                 * RemoteIp
     45   );
     46 
     47 /**
     48   This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.
     49 
     50   This function will be called when the related IKE SA is existed and start to
     51   create a Child SA.
     52 
     53   @param[in]  IkeSaSession    Point to IKE SA Session related to this Negotiation.
     54   @param[in]  SpdEntry        Point to SPD entry related to this Negotiation.
     55   @param[in]  Context         Point to data passed from the caller.
     56 
     57   @retval EFI_SUCCESS     The operation is successful.
     58   @retval Otherwise       The operation is failed.
     59 
     60 **/
     61 typedef
     62 EFI_STATUS
     63 (*IKE_NEGOTIATE_CHILD_SA) (
     64   IN UINT8                          *IkeSaSession,
     65   IN IPSEC_SPD_ENTRY                *SpdEntry,
     66   IN UINT8                          *Context
     67   );
     68 
     69 /**
     70   This is prototype definition of the general interface when initialize a Inforamtion
     71   Exchange.
     72 
     73   @param[in]  IkeSaSession      Point to IKE SA Session related to.
     74   @param[in]  Context           Point to data passed from caller.
     75 
     76 **/
     77 typedef
     78 EFI_STATUS
     79 (*IKE_NEGOTIATE_INFO) (
     80   IN UINT8                          *IkeSaSession,
     81   IN UINT8                          *Context
     82   );
     83 
     84 /**
     85   This is prototype definition of the general interface when recived a IKE Pakcet
     86   for the IKE SA establishing.
     87 
     88   @param[in]  UdpService      Point to UDP service used to send IKE Packet.
     89   @param[in]  IkePacket       Point to received IKE packet.
     90 
     91 **/
     92 typedef
     93 VOID
     94 (*IKE_HANDLE_SA) (
     95   IN IKE_UDP_SERVICE                *UdpService,
     96   IN IKE_PACKET                     *IkePacket
     97   );
     98 
     99 /**
    100   This is prototyp definition of the general interface when recived a IKE Packet
    101   xfor the Child SA establishing.
    102 
    103   @param[in]  UdpService      Point to UDP service used to send IKE packet.
    104   @param[in]  IkePacket       Point to received IKE packet.
    105 
    106 **/
    107 typedef
    108 VOID
    109 (*IKE_HANDLE_CHILD_SA) (
    110   IN IKE_UDP_SERVICE                *UdpService,
    111   IN IKE_PACKET                     *IkePacket
    112   );
    113 
    114 /**
    115   This is prototype definition of the general interface when received a IKE
    116   information Packet.
    117 
    118   @param[in]  UdpService      Point to UDP service used to send IKE packet.
    119   @param[in]  IkePacket       Point to received IKE packet.
    120 
    121 **/
    122 typedef
    123 VOID
    124 (*IKE_HANDLE_INFO) (
    125   IN IKE_UDP_SERVICE                *UdpService,
    126   IN IKE_PACKET                     *IkePacket
    127   );
    128 
    129 typedef struct _IKE_EXCHANGE_INTERFACE {
    130   UINT8                   IkeVer;
    131   IKE_NEGOTIATE_SA        NegotiateSa;
    132   IKE_NEGOTIATE_CHILD_SA  NegotiateChildSa;
    133   IKE_NEGOTIATE_INFO      NegotiateInfo;
    134   IKE_HANDLE_SA           HandleSa;
    135   IKE_HANDLE_CHILD_SA     HandleChildSa;
    136   IKE_HANDLE_INFO         HandleInfo;
    137 } IKE_EXCHANGE_INTERFACE;
    138 
    139 /**
    140   Open and configure a UDPIO of Udp4 for IKE packet receiving.
    141 
    142   This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and
    143   a UDP4 IO for each NIC handle.
    144 
    145   @param[in] Private        Point to IPSEC_PRIVATE_DATA
    146   @param[in] Controller     Handler for NIC card.
    147   @param[in] ImageHandle    The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
    148 
    149   @retval EFI_SUCCESS             The Operation is successful.
    150   @retval EFI_OUT_OF_RESOURCE     The required system resource can't be allocated.
    151 
    152 **/
    153 EFI_STATUS
    154 IkeOpenInputUdp4 (
    155   IN IPSEC_PRIVATE_DATA             *Private,
    156   IN EFI_HANDLE                     Controller,
    157   IN EFI_HANDLE                     ImageHandle
    158   );
    159 
    160 /**
    161   Open and configure a UDPIO of Udp6 for IKE packet receiving.
    162 
    163   This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6
    164   IO for each NIC handle.
    165 
    166   @param[in] Private        Point to IPSEC_PRIVATE_DATA
    167   @param[in] Controller     Handler for NIC card.
    168   @param[in] ImageHandle    The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
    169 
    170   @retval EFI_SUCCESS             The Operation is successful.
    171   @retval EFI_OUT_OF_RESOURCE     The required system resource can't be allocated.
    172 
    173 **/
    174 EFI_STATUS
    175 IkeOpenInputUdp6 (
    176   IN IPSEC_PRIVATE_DATA             *Private,
    177   IN EFI_HANDLE                     Controller,
    178   IN EFI_HANDLE                     ImageHandle
    179   );
    180 
    181 /**
    182   The general interface of starting IPsec Key Exchange.
    183 
    184   This function is called when start a IKE negotiation to get a Key.
    185 
    186   @param[in] UdpService   Point to IKE_UDP_SERVICE which will be used for
    187                           IKE packet sending.
    188   @param[in] SpdEntry     Point to the SPD entry related to the IKE negotiation.
    189   @param[in] RemoteIp     Point to EFI_IP_ADDRESS related to the IKE negotiation.
    190 
    191   @retval EFI_SUCCESS          The Operation is successful.
    192   @retval EFI_ACCESS_DENIED    No related PAD entry was found.
    193 
    194 **/
    195 EFI_STATUS
    196 IkeNegotiate (
    197   IN IKE_UDP_SERVICE                *UdpService,
    198   IN IPSEC_SPD_ENTRY                *SpdEntry,
    199   IN EFI_IP_ADDRESS                 *RemoteIp
    200   );
    201 
    202 /**
    203   The general interface when receive a IKE packet.
    204 
    205   This function is called when UDP IO receives a IKE packet.
    206 
    207   @param[in] Packet       Point to received IKE packet.
    208   @param[in] EndPoint     Point to UDP_END_POINT which contains the information of
    209                           Remote IP and Port.
    210   @param[in] IoStatus     The Status of Recieve Token.
    211   @param[in] Context      Point to data passed from the caller.
    212 
    213 **/
    214 VOID
    215 EFIAPI
    216 IkeDispatch (
    217   IN NET_BUF                        *Packet,
    218   IN UDP_END_POINT                  *EndPoint,
    219   IN EFI_STATUS                     IoStatus,
    220   IN VOID                           *Context
    221   );
    222 
    223 /**
    224   Check if the NIC handle is binded to a Udp service.
    225 
    226   @param[in]  Private    Pointer of IPSEC_PRIVATE_DATA
    227   @param[in]  Handle     The Handle of the NIC card
    228   @param[in]  IpVersion  The version of the IP stack.
    229 
    230   @return a pointer of IKE_UDP_SERVICE.
    231 
    232 **/
    233 IKE_UDP_SERVICE *
    234 IkeLookupUdp (
    235   IN IPSEC_PRIVATE_DATA             *Private,
    236   IN EFI_HANDLE                     Handle,
    237   IN UINT8                          IpVersion
    238   );
    239 
    240 
    241 /**
    242   Delete all established IKE SAs and related Child SAs.
    243 
    244   This function is the subfunction of the IpSecCleanupAllSa(). It first calls
    245   IkeDeleteChildSa() to delete all Child SAs then send out the related
    246   Information packet.
    247 
    248   @param[in]  Private           Pointer of the IPSEC_PRIVATE_DATA.
    249   @param[in]  IsDisableIpsec    Indicate whether needs to disable IPsec.
    250 
    251 **/
    252 VOID
    253 IkeDeleteAllSas (
    254   IN IPSEC_PRIVATE_DATA             *Private,
    255   IN BOOLEAN                        IsDisableIpsec
    256   );
    257 
    258 
    259 extern IKE_EXCHANGE_INTERFACE       mIkev1Exchange;
    260 extern IKE_EXCHANGE_INTERFACE       mIkev2Exchange;
    261 
    262 #endif
    263