Home | History | Annotate | Download | only in Ikev2
      1 /** @file
      2   IKEv2 related definitions.
      3 
      4   Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
      5 
      6   This program and the accompanying materials
      7   are licensed and made available under the terms and conditions of the BSD License
      8   which accompanies this distribution.  The full text of the license may be found at
      9   http://opensource.org/licenses/bsd-license.php.
     10 
     11   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     12   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     13 
     14 **/
     15 #ifndef _IKE_V2_H_
     16 #define _IKE_V2_H_
     17 
     18 #include "Ike.h"
     19 #include "Payload.h"
     20 
     21 #define IKEV2_TS_ANY_PORT                     0xffff
     22 #define IKEV2_TS_ANY_PROTOCOL                 0
     23 
     24 #define IKEV2_DELET_CHILDSA_LIST              0
     25 #define IKEV2_ESTABLISHING_CHILDSA_LIST       1
     26 #define IKEV2_ESTABLISHED_CHILDSA_LIST        2
     27 
     28 #define IKEV2_SA_SESSION_SIGNATURE            SIGNATURE_32 ('I', 'K', 'E', 'I')
     29 #define IKEV2_SA_SESSION_FROM_COMMON(a)       CR (a, IKEV2_SA_SESSION, SessionCommon, IKEV2_SA_SESSION_SIGNATURE)
     30 #define IKEV2_SA_SESSION_BY_SESSION(a)        CR (a, IKEV2_SA_SESSION, BySessionTable, IKEV2_SA_SESSION_SIGNATURE)
     31 #define IKEV2_SA_SESSION_BY_ESTABLISHED(a)    CR (a, IKEV2_SA_SESSION, ByEstablishedTable, IKEV2_SA_SESSION_SIGNATURE)
     32 
     33 #define IKEV2_CHILD_SA_SESSION_SIGNATURE      SIGNATURE_32 ('I', 'K', 'E', 'C')
     34 #define IKEV2_CHILD_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_CHILD_SA_SESSION, SessionCommon, IKEV2_CHILD_SA_SESSION_SIGNATURE)
     35 #define IKEV2_CHILD_SA_SESSION_BY_IKE_SA(a)   CR (a, IKEV2_CHILD_SA_SESSION, ByIkeSa, IKEV2_CHILD_SA_SESSION_SIGNATURE)
     36 #define IKEV2_CHILD_SA_SESSION_BY_DEL_SA(a)   CR (a, IKEV2_CHILD_SA_SESSION, ByDelete, IKEV2_CHILD_SA_SESSION_SIGNATURE)
     37 
     38 #define IS_IKEV2_SA_SESSION(s)                ((s)->Common.IkeSessionType == IkeSessionTypeIkeSa)
     39 #define IKEV2_SA_FIRST_PROPOSAL(Sa)           (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1)
     40 #define IKEV2_NEXT_TRANSFORM_WITH_SIZE(Transform,TransformSize)         \
     41         (IKEV2_TRANSFORM *) ((UINT8 *)(Transform) + (TransformSize))
     42 
     43 #define IKEV2_NEXT_PROPOSAL_WITH_SIZE(Proposal, ProposalSize)           \
     44         (IKEV2_PROPOSAL *) ((UINT8 *)(Proposal) + (ProposalSize))
     45 
     46 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal)                        \
     47         (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
     48                       (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
     49 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal)                        \
     50         (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \
     51                       (((IKEV2_PROPOSAL *)(Proposal))->SpiSize))
     52 
     53 typedef enum {
     54   IkeStateInit,
     55   IkeStateAuth,
     56   IkeStateIkeSaEstablished,
     57   IkeStateCreateChild,
     58   IkeStateSaRekeying,
     59   IkeStateChildSaEstablished,
     60   IkeStateSaDeleting,
     61   IkeStateMaximum
     62 } IKEV2_SESSION_STATE;
     63 
     64 typedef enum {
     65   IkeRequestTypeCreateChildSa,
     66   IkeRequestTypeRekeyChildSa,
     67   IkeRequestTypeRekeyIkeSa,
     68   IkeRequestTypeMaximum
     69 } IKEV2_CREATE_CHILD_REQUEST_TYPE;
     70 
     71 typedef struct {
     72   UINT8            *GxBuffer;
     73   UINTN            GxSize;
     74   UINT8            *GyBuffer;
     75   UINTN            GySize;
     76   UINT8            *GxyBuffer;
     77   UINTN            GxySize;
     78   UINT8            *DhContext;
     79 } IKEV2_DH_BUFFER;
     80 
     81 typedef struct {
     82   IKEV2_DH_BUFFER   *DhBuffer;
     83   UINT8             *SkdKey;
     84   UINTN             SkdKeySize;
     85   UINT8             *SkAiKey;
     86   UINTN             SkAiKeySize;
     87   UINT8             *SkArKey;
     88   UINTN             SkArKeySize;
     89   UINT8             *SkEiKey;
     90   UINTN             SkEiKeySize;
     91   UINT8             *SkErKey;
     92   UINTN             SkErKeySize;
     93   UINT8             *SkPiKey;
     94   UINTN             SkPiKeySize;
     95   UINT8             *SkPrKey;
     96   UINTN             SkPrKeySize;
     97 } IKEV2_SESSION_KEYS;
     98 
     99 typedef struct {
    100   UINT16  LifeType;
    101   UINT64  LifeDuration;
    102   UINT16  EncAlgId;
    103   UINTN   EnckeyLen;
    104   UINT16  Prf;
    105   UINT16  IntegAlgId;
    106   UINTN   IntegKeyLen;
    107   UINT16  DhGroup;
    108   UINT8   ExtSeq;
    109 } IKEV2_SA_PARAMS;
    110 
    111 //
    112 // Internal Payload
    113 //
    114 typedef struct {
    115   IKEV2_SA  SaHeader;
    116   UINTN     NumProposals;
    117   //
    118   // IKE_PROPOSAL_DATA  Proposals[1];
    119   //
    120 } IKEV2_SA_DATA;
    121 
    122 typedef struct {
    123   UINT8 ProposalIndex;
    124   UINT8 ProtocolId;
    125   UINT8 *Spi;
    126   UINT8 NumTransforms;
    127   //
    128   // IKE_TRANSFORM_DATA Transforms[1];
    129   //
    130 } IKEV2_PROPOSAL_DATA;
    131 
    132 typedef struct {
    133   UINT8             TransformIndex;
    134   UINT8             TransformType;
    135   UINT16            TransformId;
    136   IKE_SA_ATTRIBUTE  Attribute;
    137 } IKEV2_TRANSFORM_DATA;
    138 
    139 typedef struct {
    140   UINT8                   IkeVer;
    141   IKE_SESSION_TYPE        IkeSessionType;
    142   BOOLEAN                 IsInitiator;
    143   BOOLEAN                 IsOnDeleting;  // Flag to indicate whether the SA is on deleting.
    144   IKEV2_SESSION_STATE     State;
    145   EFI_EVENT               TimeoutEvent;
    146   UINT64                  TimeoutInterval;
    147   UINTN                   RetryCount;
    148   IKE_PACKET              *LastSentPacket;
    149   IKEV2_SA_PARAMS         *SaParams;
    150   UINT16                  PreferDhGroup;
    151   EFI_IP_ADDRESS          RemotePeerIp;
    152   EFI_IP_ADDRESS          LocalPeerIp;
    153   IKE_ON_PAYLOAD_FROM_NET BeforeDecodePayload;
    154   IKE_ON_PAYLOAD_FROM_NET AfterEncodePayload;
    155   IKE_UDP_SERVICE         *UdpService;
    156   IPSEC_PRIVATE_DATA      *Private;
    157 } IKEV2_SESSION_COMMON;
    158 
    159 typedef struct {
    160   UINT32                Signature;
    161   IKEV2_SESSION_COMMON  SessionCommon;
    162   UINT64                InitiatorCookie;
    163   UINT64                ResponderCookie;
    164   //
    165   // Initiator: SA proposals to be sent
    166   // Responder: SA proposals to be matched
    167   //
    168   IKEV2_SA_DATA         *SaData; // SA Private struct used for SA payload generation
    169   IKEV2_SESSION_KEYS    *IkeKeys;
    170   UINT8                 *NiBlock;
    171   UINTN                 NiBlkSize;
    172   UINT8                 *NrBlock;
    173   UINTN                 NrBlkSize;
    174   UINT8                 *NCookie;                     // Buffer Contains the Notify Cookie
    175   UINTN                 NCookieSize;                  // Size of NCookie
    176   IPSEC_PAD_ENTRY       *Pad;
    177   IPSEC_SPD_ENTRY       *Spd;                         // SPD that requested the negotiation, TODO: better use SPD selector
    178   LIST_ENTRY            ChildSaSessionList;
    179   LIST_ENTRY            ChildSaEstablishSessionList;  // For Establish Child SA.
    180   LIST_ENTRY            InfoMIDList;                  // For Information MID
    181   LIST_ENTRY            DeleteSaList;                 // For deteling Child SA.
    182   UINT8                 *InitPacket;
    183   UINTN                 InitPacketSize;
    184   UINT8                 *RespPacket;
    185   UINTN                 RespPacketSize;
    186   UINT32                MessageId;
    187   LIST_ENTRY            BySessionTable;               // Use for all IkeSaSession Links
    188 } IKEV2_SA_SESSION;
    189 
    190 typedef struct {
    191   UINT32                 Signature;
    192   IKEV2_SESSION_COMMON   SessionCommon;
    193   IKEV2_SA_SESSION       *IkeSaSession;
    194   UINT32                 MessageId;
    195   IKEV2_SA_DATA          *SaData;
    196   UINT8                  IpsecProtocol;
    197   UINT32                 LocalPeerSpi;
    198   UINT32                 RemotePeerSpi;
    199   UINT8                  *NiBlock;
    200   UINTN                  NiBlkSize;
    201   UINT8                  *NrBlock;
    202   UINTN                  NrBlkSize;
    203   SA_KEYMATS             ChildKeymats;
    204   IKEV2_DH_BUFFER        *DhBuffer;    //New DH exchnaged by CREATE_CHILD_SA
    205   IPSEC_SPD_ENTRY        *Spd;
    206   EFI_IPSEC_SPD_SELECTOR *SpdSelector;
    207   UINT16                 ProtoId;
    208   UINT16                 RemotePort;
    209   UINT16                 LocalPort;
    210   LIST_ENTRY             ByIkeSa;
    211   LIST_ENTRY             ByDelete;
    212 } IKEV2_CHILD_SA_SESSION;
    213 
    214 typedef enum {
    215   Ikev2InfoNotify,
    216   Ikev2InfoDelete,
    217   Ikev2InfoLiveCheck
    218 } IKEV2_INFO_TYPE;
    219 
    220 //
    221 // This struct is used to pass the detail infromation to the InfoGenerator() for
    222 // the response Information Exchange Message creatation.
    223 //
    224 typedef struct {
    225   UINT32               MessageId;
    226   IKEV2_INFO_TYPE      InfoType;
    227 } IKEV2_INFO_EXCHANGE_CONTEXT;
    228 
    229 typedef struct {
    230   UINTN DataSize;
    231   UINT8 *Data;
    232 } PRF_DATA_FRAGMENT;
    233 
    234 typedef
    235 IKE_PACKET *
    236 (*IKEV2_PACKET_GENERATOR) (
    237   IN UINT8                             *SaSession,
    238   IN VOID                              *Context
    239 );
    240 
    241 typedef
    242 EFI_STATUS
    243 (*IKEV2_PACKET_PARSER) (
    244   IN UINT8                             *SaSession,
    245   IN IKE_PACKET                        *IkePacket
    246 );
    247 
    248 typedef struct {
    249   IKEV2_PACKET_PARSER                  Parser;
    250   IKEV2_PACKET_GENERATOR               Generator;
    251 } IKEV2_PACKET_HANDLER;
    252 
    253 extern IKEV2_PACKET_HANDLER            mIkev2Initial[][2];
    254 extern IKEV2_PACKET_HANDLER            mIkev2CreateChild;
    255 extern IKEV2_PACKET_HANDLER            mIkev2Info;
    256 
    257 #endif
    258 
    259