NetworkPkg/IpSecDxe/IkeService.h File Reference


Data Structures

struct  _IKE_EXCHANGE_INTERFACE

Defines

#define IPSEC_CRYPTO_LIB_MEMORY   128 * 1024

Typedefs

typedef EFI_STATUS(* IKE_NEGOTIATE_SA )(IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN IPSEC_PAD_ENTRY *PadEntry, IN EFI_IP_ADDRESS *RemoteIp)
typedef EFI_STATUS(* IKE_NEGOTIATE_CHILD_SA )(IN UINT8 *IkeSaSession, IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 *Context)
typedef EFI_STATUS(* IKE_NEGOTIATE_INFO )(IN UINT8 *IkeSaSession, IN UINT8 *Context)
typedef VOID(* IKE_HANDLE_SA )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)
typedef VOID(* IKE_HANDLE_CHILD_SA )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)
typedef VOID(* IKE_HANDLE_INFO )(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)
typedef struct
_IKE_EXCHANGE_INTERFACE 
IKE_EXCHANGE_INTERFACE

Functions

EFI_STATUS IkeOpenInputUdp4 (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Controller, IN EFI_HANDLE ImageHandle)
EFI_STATUS IkeOpenInputUdp6 (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Controller, IN EFI_HANDLE ImageHandle)
EFI_STATUS IkeNegotiate (IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN EFI_IP_ADDRESS *RemoteIp)
VOID EFIAPI IkeDispatch (IN NET_BUF *Packet, IN UDP_END_POINT *EndPoint, IN EFI_STATUS IoStatus, IN VOID *Context)
IKE_UDP_SERVICEIkeLookupUdp (IN IPSEC_PRIVATE_DATA *Private, IN EFI_HANDLE Handle, IN UINT8 IpVersion)
VOID IkeDeleteAllSas (IN IPSEC_PRIVATE_DATA *Private, IN BOOLEAN IsDisableIpsec)

Variables

IKE_EXCHANGE_INTERFACE mIkev1Exchange
IKE_EXCHANGE_INTERFACE mIkev2Exchange

Detailed Description

Prototypes definitions of IKE service.

Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define IPSEC_CRYPTO_LIB_MEMORY   128 * 1024


Typedef Documentation

typedef VOID(* IKE_HANDLE_CHILD_SA)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)

This is prototyp definition of the general interface when recived a IKE Packet xfor the Child SA establishing.

Parameters:
[in] UdpService Point to UDP service used to send IKE packet.
[in] IkePacket Point to received IKE packet.

typedef VOID(* IKE_HANDLE_INFO)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)

This is prototype definition of the general interface when received a IKE information Packet.

Parameters:
[in] UdpService Point to UDP service used to send IKE packet.
[in] IkePacket Point to received IKE packet.

typedef VOID(* IKE_HANDLE_SA)(IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)

This is prototype definition of the general interface when recived a IKE Pakcet for the IKE SA establishing.

Parameters:
[in] UdpService Point to UDP service used to send IKE Packet.
[in] IkePacket Point to received IKE packet.

typedef EFI_STATUS(* IKE_NEGOTIATE_CHILD_SA)(IN UINT8 *IkeSaSession, IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 *Context)

This is prototype definition fo general interface to start a IKE negotiation at Quick Mode.

This function will be called when the related IKE SA is existed and start to create a Child SA.

Parameters:
[in] IkeSaSession Point to IKE SA Session related to this Negotiation.
[in] SpdEntry Point to SPD entry related to this Negotiation.
[in] Context Point to data passed from the caller.
Return values:
EFI_SUCCESS The operation is successful.
Otherwise The operation is failed.

typedef EFI_STATUS(* IKE_NEGOTIATE_INFO)(IN UINT8 *IkeSaSession, IN UINT8 *Context)

This is prototype definition of the general interface when initialize a Inforamtion Exchange.

Parameters:
[in] IkeSaSession Point to IKE SA Session related to.
[in] Context Point to data passed from caller.

typedef EFI_STATUS(* IKE_NEGOTIATE_SA)(IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN IPSEC_PAD_ENTRY *PadEntry, IN EFI_IP_ADDRESS *RemoteIp)

This is prototype definition of general interface to intialize a IKE negotiation.

Parameters:
[in] UdpService Point to Udp Servcie used for the IKE packet sending.
[in] SpdEntry Point to SPD entry related to this IKE negotiation.
[in] PadEntry Point to PAD entry related to this IKE negotiation.
[in] RemoteIp Point to IP Address which the remote peer to negnotiate.
Return values:
EFI_SUCCESS The operation is successful.
Returns:
Otherwise The operation is failed.


Function Documentation

VOID IkeDeleteAllSas ( IN IPSEC_PRIVATE_DATA Private,
IN BOOLEAN  IsDisableIpsec 
)

Delete all established IKE SAs and related Child SAs.

This function is the subfunction of the IpSecCleanupAllSa(). It first calls IkeDeleteChildSa() to delete all Child SAs then send out the related Information packet.

Parameters:
[in] Private Pointer of the IPSEC_PRIVATE_DATA.
[in] IsDisableIpsec Indicate whether needs to disable IPsec.
Delete all established IKE SAs and related Child SAs.

This function is the subfunction of the IpSecCleanupAllSa(). It first calls IkeDeleteChildSa() to delete all Child SAs then send out the related Information packet.

Parameters:
[in] Private Pointer of the IPSEC_PRIVATE_DATA
[in] IsDisableIpsec Indicate whether needs to disable IPsec.

References IkeGetVersionFromSession(), IkeStateSaDeleting, IKEV2_SA_SESSION_BY_SESSION, Ikev2SaSessionFree(), IPSEC_STATUS_DISABLED, IPSECCONFIG_STATUS_NAME, _IKE_EXCHANGE_INTERFACE::NegotiateInfo, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.

Referenced by IpSecCleanupAllSa().

VOID EFIAPI IkeDispatch ( IN NET_BUF *  Packet,
IN UDP_END_POINT *  EndPoint,
IN EFI_STATUS  IoStatus,
IN VOID *  Context 
)

The general interface when receive a IKE packet.

This function is called when UDP IO receives a IKE packet.

Parameters:
[in] Packet Point to received IKE packet.
[in] EndPoint Point to UDP_END_POINT which contains the information of Remote IP and Port.
[in] IoStatus The Status of Recieve Token.
[in] Context Point to data passed from the caller.
The generic interface when receive a IKE packet.

This function is called when UDP IO receives a IKE packet.

Parameters:
[in] Packet Point to received IKE packet.
[in] EndPoint Point to UDP_END_POINT which contains the information of Remote IP and Port.
[in] IoStatus The Status of Recieve Token.
[in] Context Point to data passed from the caller.

References IKE_HEADER::ExchangeType, _IKE_EXCHANGE_INTERFACE::HandleChildSa, _IKE_EXCHANGE_INTERFACE::HandleInfo, _IKE_EXCHANGE_INTERFACE::HandleSa, IKE_PACKET::Header, IKE_DEFAULT_PORT, IKE_MAJOR_VERSION, IKE_XCG_TYPE_AUTH, IKE_XCG_TYPE_CREATE_CHILD_SA, IKE_XCG_TYPE_IDENTITY_PROTECT, IKE_XCG_TYPE_INFO, IKE_XCG_TYPE_INFO2, IKE_XCG_TYPE_QM, IKE_XCG_TYPE_SA_INIT, IkeDispatch(), IkeOpenOutputUdp(), IkePacketFree(), IkePacketFromNetbuf(), IKE_UDP_SERVICE::Input, _IPSEC_PRIVATE_DATA::IpSec, IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::ListHead, IKE_PACKET::RemotePeerIp, and IKE_HEADER::Version.

Referenced by IkeDispatch(), IkeOpenInputUdp4(), and IkeOpenInputUdp6().

IKE_UDP_SERVICE* IkeLookupUdp ( IN IPSEC_PRIVATE_DATA Private,
IN EFI_HANDLE  Handle,
IN UINT8  IpVersion 
)

Check if the NIC handle is binded to a Udp service.

Parameters:
[in] Private Pointer of IPSEC_PRIVATE_DATA
[in] Handle The Handle of the NIC card
[in] IpVersion The version of the IP stack.
Returns:
a pointer of IKE_UDP_SERVICE.
Check if the NIC handle is binded to a Udp service.

Parameters:
[in] Private Pointer of IPSEC_PRIVATE_DATA.
[in] Handle The Handle of the NIC card.
[in] IpVersion The version of the IP stack.
Returns:
a pointer of IKE_UDP_SERVICE.

References IPSEC_UDP_SERVICE_FROM_LIST, and IKE_UDP_SERVICE::NicHandle.

Referenced by IkeOpenInputUdp4(), IkeOpenInputUdp6(), and IpSecLookupSadEntry().

EFI_STATUS IkeNegotiate ( IN IKE_UDP_SERVICE UdpService,
IN IPSEC_SPD_ENTRY SpdEntry,
IN EFI_IP_ADDRESS *  RemoteIp 
)

The general interface of starting IPsec Key Exchange.

This function is called when start a IKE negotiation to get a Key.

Parameters:
[in] UdpService Point to IKE_UDP_SERVICE which will be used for IKE packet sending.
[in] SpdEntry Point to the SPD entry related to the IKE negotiation.
[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.
Return values:
EFI_SUCCESS The Operation is successful.
EFI_ACCESS_DENIED No related PAD entry was found.
The general interface of starting IPsec Key Exchange.

This function is called when a IKE negotiation to start getting a Key.

Parameters:
[in] UdpService Point to IKE_UDP_SERVICE which will be used for IKE packet sending.
[in] SpdEntry Point to the SPD entry related to the IKE negotiation.
[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.
Return values:
EFI_SUCCESS The Operation is successful.
EFI_ACCESS_DENIED No related PAD entry was found.
EFI_INVALID_PARAMETER The IKE version is not supported.

References _IPSEC_PAD_ENTRY::Data, IkeGetVersionFromSession(), IkeOpenOutputUdp(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionLookup(), IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IpSecLookupPadEntry(), _IKE_EXCHANGE_INTERFACE::NegotiateChildSa, and _IKE_EXCHANGE_INTERFACE::NegotiateSa.

Referenced by IpSecLookupSadEntry().

EFI_STATUS IkeOpenInputUdp4 ( IN IPSEC_PRIVATE_DATA Private,
IN EFI_HANDLE  Controller,
IN EFI_HANDLE  ImageHandle 
)

Open and configure a UDPIO of Udp4 for IKE packet receiving.

This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and a UDP4 IO for each NIC handle.

Parameters:
[in] Private Point to IPSEC_PRIVATE_DATA
[in] Controller Handler for NIC card.
[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
Return values:
EFI_SUCCESS The Operation is successful.
EFI_OUT_OF_RESOURCE The required system resource can't be allocated.
Open and configure a UDPIO of Udp4 for IKE packet receiving.

This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and UDP4 IO for each NIC handle.

Parameters:
[in] Private Point to IPSEC_PRIVATE_DATA
[in] Controller Handler for NIC card.
[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
Return values:
EFI_SUCCESS The Operation is successful.
EFI_OUT_OF_RESOURCE The required system resource can't be allocated.

References IKE_UDP_SERVICE::DefaultAddress, IkeConfigUdp4(), IkeDispatch(), IkeLookupUdp(), IKE_UDP_SERVICE::ImageHandle, IKE_UDP_SERVICE::Input, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::IsConfigured, IKE_UDP_SERVICE::List, IKE_UDP_SERVICE::ListHead, and IKE_UDP_SERVICE::NicHandle.

Referenced by IpSecStart().

EFI_STATUS IkeOpenInputUdp6 ( IN IPSEC_PRIVATE_DATA Private,
IN EFI_HANDLE  Controller,
IN EFI_HANDLE  ImageHandle 
)

Open and configure a UDPIO of Udp6 for IKE packet receiving.

This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6 IO for each NIC handle.

Parameters:
[in] Private Point to IPSEC_PRIVATE_DATA
[in] Controller Handler for NIC card.
[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.
Return values:
EFI_SUCCESS The Operation is successful.
EFI_OUT_OF_RESOURCE The required system resource can't be allocated.

References IKE_UDP_SERVICE::DefaultAddress, IkeConfigUdp6(), IkeDispatch(), IkeLookupUdp(), IKE_UDP_SERVICE::ImageHandle, IKE_UDP_SERVICE::Input, IKE_UDP_SERVICE::IpVersion, IKE_UDP_SERVICE::IsConfigured, IKE_UDP_SERVICE::List, IKE_UDP_SERVICE::ListHead, and IKE_UDP_SERVICE::NicHandle.

Referenced by IpSecStart().


Variable Documentation

Referenced by Ikev2LifetimeNotify().


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1