Data Structures | |
struct | _IKE_EXCHANGE_INTERFACE |
Defines | |
#define | IPSEC_CRYPTO_LIB_MEMORY 128 * 1024 |
Typedefs | |
typedef EFI_STATUS(* | IKE_NEGOTIATE_SA )(IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN IPSEC_PAD_ENTRY *PadEntry, IN EFI_IP_ADDRESS *RemoteIp) |
typedef EFI_STATUS(* | IKE_NEGOTIATE_CHILD_SA )(IN UINT8 *IkeSaSession, IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 *Context) |
typedef EFI_STATUS(* | IKE_NEGOTIATE_INFO )(IN UINT8 *IkeSaSession, IN UINT8 *Context) |
typedef VOID(* | IKE_HANDLE_SA )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
typedef VOID(* | IKE_HANDLE_CHILD_SA )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
typedef VOID(* | IKE_HANDLE_INFO )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
typedef struct _IKE_EXCHANGE_INTERFACE | IKE_EXCHANGE_INTERFACE |
Functions | |
EFI_STATUS | IkeOpenInputUdp4 (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Controller, IN EFI_HANDLE ImageHandle) |
EFI_STATUS | IkeOpenInputUdp6 (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Controller, IN EFI_HANDLE ImageHandle) |
EFI_STATUS | IkeNegotiate (IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN EFI_IP_ADDRESS *RemoteIp) |
VOID EFIAPI | IkeDispatch (IN NET_BUF *Packet, IN UDP_END_POINT *EndPoint, IN EFI_STATUS IoStatus, IN VOID *Context) |
IKE_UDP_SERVICE * | IkeLookupUdp (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Handle, IN UINT8 IpVersion) |
VOID | IkeDeleteAllSas (IN IPSEC_PRIVATE_DATA *Private, IN BOOLEAN IsDisableIpsec) |
Variables | |
IKE_EXCHANGE_INTERFACE | mIkev1Exchange |
IKE_EXCHANGE_INTERFACE | mIkev2Exchange |
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024 |
typedef struct _IKE_EXCHANGE_INTERFACE IKE_EXCHANGE_INTERFACE |
typedef VOID(* IKE_HANDLE_CHILD_SA)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
This is prototyp definition of the general interface when recived a IKE Packet xfor the Child SA establishing.
[in] | UdpService | Point to UDP service used to send IKE packet. |
[in] | IkePacket | Point to received IKE packet. |
typedef VOID(* IKE_HANDLE_INFO)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
This is prototype definition of the general interface when received a IKE information Packet.
[in] | UdpService | Point to UDP service used to send IKE packet. |
[in] | IkePacket | Point to received IKE packet. |
typedef VOID(* IKE_HANDLE_SA)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket) |
This is prototype definition of the general interface when recived a IKE Pakcet for the IKE SA establishing.
[in] | UdpService | Point to UDP service used to send IKE Packet. |
[in] | IkePacket | Point to received IKE packet. |
typedef EFI_STATUS(* IKE_NEGOTIATE_CHILD_SA)(IN UINT8 *IkeSaSession, IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 *Context) |
This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.
This function will be called when the related IKE SA is existed and start to create a Child SA.
[in] | IkeSaSession | Point to IKE SA Session related to this Negotiation. |
[in] | SpdEntry | Point to SPD entry related to this Negotiation. |
[in] | Context | Point to data passed from the caller. |
EFI_SUCCESS | The operation is successful. | |
Otherwise | The operation is failed. |
typedef EFI_STATUS(* IKE_NEGOTIATE_INFO)(IN UINT8 *IkeSaSession, IN UINT8 *Context) |
This is prototype definition of the general interface when initialize a Inforamtion Exchange.
[in] | IkeSaSession | Point to IKE SA Session related to. |
[in] | Context | Point to data passed from caller. |
typedef EFI_STATUS(* IKE_NEGOTIATE_SA)(IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN IPSEC_PAD_ENTRY *PadEntry, IN EFI_IP_ADDRESS *RemoteIp) |
This is prototype definition of general interface to intialize a IKE negotiation.
[in] | UdpService | Point to Udp Servcie used for the IKE packet sending. |
[in] | SpdEntry | Point to SPD entry related to this IKE negotiation. |
[in] | PadEntry | Point to PAD entry related to this IKE negotiation. |
[in] | RemoteIp | Point to IP Address which the remote peer to negnotiate. |
EFI_SUCCESS | The operation is successful. |
VOID IkeDeleteAllSas | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN BOOLEAN | IsDisableIpsec | |||
) |
Delete all established IKE SAs and related Child SAs.
This function is the subfunction of the IpSecCleanupAllSa(). It first calls IkeDeleteChildSa() to delete all Child SAs then send out the related Information packet.
[in] | Private | Pointer of the IPSEC_PRIVATE_DATA. |
[in] | IsDisableIpsec | Indicate whether needs to disable IPsec. |
This function is the subfunction of the IpSecCleanupAllSa(). It first calls IkeDeleteChildSa() to delete all Child SAs then send out the related Information packet.
[in] | Private | Pointer of the IPSEC_PRIVATE_DATA |
[in] | IsDisableIpsec | Indicate whether needs to disable IPsec. |
References IkeGetVersionFromSession(), IkeStateSaDeleting, IKEV2_SA_SESSION_BY_SESSION, Ikev2SaSessionFree(), IPSEC_STATUS_DISABLED, IPSECCONFIG_STATUS_NAME, _IKE_EXCHANGE_INTERFACE::NegotiateInfo, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.
Referenced by IpSecCleanupAllSa().
VOID EFIAPI IkeDispatch | ( | IN NET_BUF * | Packet, | |
IN UDP_END_POINT * | EndPoint, | |||
IN EFI_STATUS | IoStatus, | |||
IN VOID * | Context | |||
) |
The general interface when receive a IKE packet.
This function is called when UDP IO receives a IKE packet.
[in] | Packet | Point to received IKE packet. |
[in] | EndPoint | Point to UDP_END_POINT which contains the information of Remote IP and Port. |
[in] | IoStatus | The Status of Recieve Token. |
[in] | Context | Point to data passed from the caller. |
This function is called when UDP IO receives a IKE packet.
[in] | Packet | Point to received IKE packet. |
[in] | EndPoint | Point to UDP_END_POINT which contains the information of Remote IP and Port. |
[in] | IoStatus | The Status of Recieve Token. |
[in] | Context | Point to data passed from the caller. |
References IKE_HEADER::ExchangeType, _IKE_EXCHANGE_INTERFACE::HandleChildSa, _IKE_EXCHANGE_INTERFACE::HandleInfo, _IKE_EXCHANGE_INTERFACE::HandleSa, IKE_PACKET::Header, IKE_DEFAULT_PORT, IKE_MAJOR_VERSION, IKE_XCG_TYPE_AUTH, IKE_XCG_TYPE_CREATE_CHILD_SA, IKE_XCG_TYPE_IDENTITY_PROTECT, IKE_XCG_TYPE_INFO, IKE_XCG_TYPE_INFO2, IKE_XCG_TYPE_QM, IKE_XCG_TYPE_SA_INIT, IkeDispatch(), IkeOpenOutputUdp(), IkePacketFree(), IkePacketFromNetbuf(), IKE_UDP_SERVICE::Input, _IPSEC_PRIVATE_DATA::IpSec, IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::ListHead, IKE_PACKET::RemotePeerIp, and IKE_HEADER::Version.
Referenced by IkeDispatch(), IkeOpenInputUdp4(), and IkeOpenInputUdp6().
IKE_UDP_SERVICE* IkeLookupUdp | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN EFI_HANDLE | Handle, | |||
IN UINT8 | IpVersion | |||
) |
Check if the NIC handle is binded to a Udp service.
[in] | Private | Pointer of IPSEC_PRIVATE_DATA |
[in] | Handle | The Handle of the NIC card |
[in] | IpVersion | The version of the IP stack. |
[in] | Private | Pointer of IPSEC_PRIVATE_DATA. |
[in] | Handle | The Handle of the NIC card. |
[in] | IpVersion | The version of the IP stack. |
References IPSEC_UDP_SERVICE_FROM_LIST, and IKE_UDP_SERVICE::NicHandle.
Referenced by IkeOpenInputUdp4(), IkeOpenInputUdp6(), and IpSecLookupSadEntry().
EFI_STATUS IkeNegotiate | ( | IN IKE_UDP_SERVICE * | UdpService, | |
IN IPSEC_SPD_ENTRY * | SpdEntry, | |||
IN EFI_IP_ADDRESS * | RemoteIp | |||
) |
The general interface of starting IPsec Key Exchange.
This function is called when start a IKE negotiation to get a Key.
[in] | UdpService | Point to IKE_UDP_SERVICE which will be used for IKE packet sending. |
[in] | SpdEntry | Point to the SPD entry related to the IKE negotiation. |
[in] | RemoteIp | Point to EFI_IP_ADDRESS related to the IKE negotiation. |
EFI_SUCCESS | The Operation is successful. | |
EFI_ACCESS_DENIED | No related PAD entry was found. |
This function is called when a IKE negotiation to start getting a Key.
[in] | UdpService | Point to IKE_UDP_SERVICE which will be used for IKE packet sending. |
[in] | SpdEntry | Point to the SPD entry related to the IKE negotiation. |
[in] | RemoteIp | Point to EFI_IP_ADDRESS related to the IKE negotiation. |
EFI_SUCCESS | The Operation is successful. | |
EFI_ACCESS_DENIED | No related PAD entry was found. | |
EFI_INVALID_PARAMETER | The IKE version is not supported. |
References _IPSEC_PAD_ENTRY::Data, IkeGetVersionFromSession(), IkeOpenOutputUdp(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionLookup(), IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IpSecLookupPadEntry(), _IKE_EXCHANGE_INTERFACE::NegotiateChildSa, and _IKE_EXCHANGE_INTERFACE::NegotiateSa.
Referenced by IpSecLookupSadEntry().
EFI_STATUS IkeOpenInputUdp4 | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN EFI_HANDLE | Controller, | |||
IN EFI_HANDLE | ImageHandle | |||
) |
Open and configure a UDPIO of Udp4 for IKE packet receiving.
This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and a UDP4 IO for each NIC handle.
[in] | Private | Point to IPSEC_PRIVATE_DATA |
[in] | Controller | Handler for NIC card. |
[in] | ImageHandle | The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance. |
EFI_SUCCESS | The Operation is successful. | |
EFI_OUT_OF_RESOURCE | The required system resource can't be allocated. |
This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and UDP4 IO for each NIC handle.
[in] | Private | Point to IPSEC_PRIVATE_DATA |
[in] | Controller | Handler for NIC card. |
[in] | ImageHandle | The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance. |
EFI_SUCCESS | The Operation is successful. | |
EFI_OUT_OF_RESOURCE | The required system resource can't be allocated. |
References IKE_UDP_SERVICE::DefaultAddress, IkeConfigUdp4(), IkeDispatch(), IkeLookupUdp(), IKE_UDP_SERVICE::ImageHandle, IKE_UDP_SERVICE::Input, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::IsConfigured, IKE_UDP_SERVICE::List, IKE_UDP_SERVICE::ListHead, and IKE_UDP_SERVICE::NicHandle.
Referenced by IpSecStart().
EFI_STATUS IkeOpenInputUdp6 | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN EFI_HANDLE | Controller, | |||
IN EFI_HANDLE | ImageHandle | |||
) |
Open and configure a UDPIO of Udp6 for IKE packet receiving.
This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6 IO for each NIC handle.
[in] | Private | Point to IPSEC_PRIVATE_DATA |
[in] | Controller | Handler for NIC card. |
[in] | ImageHandle | The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance. |
EFI_SUCCESS | The Operation is successful. | |
EFI_OUT_OF_RESOURCE | The required system resource can't be allocated. |
References IKE_UDP_SERVICE::DefaultAddress, IkeConfigUdp6(), IkeDispatch(), IkeLookupUdp(), IKE_UDP_SERVICE::ImageHandle, IKE_UDP_SERVICE::Input, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::IsConfigured, IKE_UDP_SERVICE::List, IKE_UDP_SERVICE::ListHead, and IKE_UDP_SERVICE::NicHandle.
Referenced by IpSecStart().
Referenced by Ikev2LifetimeNotify().