NetworkPkg/IpSecDxe/IpSecImpl.h

4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/** @file
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  The definitions related to IPsec protocol implementation.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  This program and the accompanying materials
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  are licensed and made available under the terms and conditions of the BSD License
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  which accompanies this distribution.  The full text of the license may be found at
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  http://opensource.org/licenses/bsd-license.php.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#ifndef _IP_SEC_IMPL_H_
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define _IP_SEC_IMPL_H_
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Uefi.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Library/UefiLib.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Library/NetLib.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Library/BaseMemoryLib.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Library/UefiBootServicesTableLib.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Library/MemoryAllocationLib.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Protocol/IpSec.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Protocol/IpSecConfig.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Protocol/Dpc.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Protocol/ComponentName.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#include <Protocol/ComponentName2.h>
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_PRIVATE_DATA IPSEC_PRIVATE_DATA;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_SPD_ENTRY IPSEC_SPD_ENTRY;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_PAD_ENTRY IPSEC_PAD_ENTRY;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_SPD_DATA IPSEC_SPD_DATA;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_PRIVATE_DATA_SIGNATURE        SIGNATURE_32 ('I', 'P', 'S', 'E')
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_PRIVATE_DATA_FROM_IPSEC(a)    CR (a, IPSEC_PRIVATE_DATA, IpSec, IPSEC_PRIVATE_DATA_SIGNATURE)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_PRIVATE_DATA_FROM_UDP4LIST(a) CR (a, IPSEC_PRIVATE_DATA, Udp4List, IPSEC_PRIVATE_DATA_SIGNATURE)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_PRIVATE_DATA_FROM_UDP6LIST(a) CR (a, IPSEC_PRIVATE_DATA, Udp6List, IPSEC_PRIVATE_DATA_SIGNATURE)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_UDP_SERVICE_FROM_LIST(a)      BASE_CR (a, IKE_UDP_SERVICE, List)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_SPD_ENTRY_FROM_LIST(a)        BASE_CR (a, IPSEC_SPD_ENTRY, List)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_SAD_ENTRY_FROM_LIST(a)        BASE_CR (a, IPSEC_SAD_ENTRY, List)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_PAD_ENTRY_FROM_LIST(a)        BASE_CR (a, IPSEC_PAD_ENTRY, List)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_SAD_ENTRY_FROM_SPD(a)         BASE_CR (a, IPSEC_SAD_ENTRY, BySpd)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_STATUS_DISABLED       0
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_STATUS_ENABLED        1
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_ESP_PROTOCOL          50
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_AH_PROTOCOL           51
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#define IPSEC_DEFAULT_VARIABLE_SIZE 0x100
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync//
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync// Internal Structure Definition
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync//
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#pragma pack(1)
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _EFI_AH_HEADER {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8   NextHeader;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8   PayloadLen;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT16  Reserved;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32  Spi;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32  SequenceNumber;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} EFI_AH_HEADER;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _EFI_ESP_HEADER {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32  Spi;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32  SequenceNumber;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} EFI_ESP_HEADER;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _EFI_ESP_TAIL {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8 PaddingLength;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8 NextHeader;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} EFI_ESP_TAIL;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#pragma pack()
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncstruct _IPSEC_SPD_DATA {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  CHAR16                    Name[100];
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32                    PackageFlag;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_ACTION          Action;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_PROCESS_POLICY  *ProcessingPolicy;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Sas;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync};
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncstruct _IPSEC_SPD_ENTRY {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_SPD_SELECTOR  *Selector;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IPSEC_SPD_DATA          *Data;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY              List;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync};
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_SAD_DATA {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_MODE         Mode;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT64                 SequenceNumber;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8                  AntiReplayWindowSize;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT64                 AntiReplayBitmap[4];  // bitmap for received packet
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_ALGO_INFO    AlgoInfo;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_SA_LIFETIME  SaLifetime;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32                 PathMTU;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IPSEC_SPD_ENTRY        *SpdEntry;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_SPD_SELECTOR *SpdSelector;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  BOOLEAN                ESNEnabled;           // Extended (64-bit) SN enabled
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  BOOLEAN                ManualSet;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IP_ADDRESS         TunnelDestAddress;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IP_ADDRESS         TunnelSourceAddress;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} IPSEC_SAD_DATA;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_SAD_ENTRY {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_SA_ID  *Id;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IPSEC_SAD_DATA  *Data;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY      List;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY      BySpd;                      // Linked on IPSEC_SPD_DATA.Sas
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} IPSEC_SAD_ENTRY;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncstruct _IPSEC_PAD_ENTRY {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_PAD_ID    *Id;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_PAD_DATA  *Data;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY          List;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync};
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct _IPSEC_RECYCLE_CONTEXT {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_FRAGMENT_DATA *FragmentTable;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8                   *PayloadBuffer;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} IPSEC_RECYCLE_CONTEXT;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync//
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync// Struct used to store the Hash and its data.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync//
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsynctypedef struct {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINTN DataSize;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT8 *Data;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync} HASH_DATA_FRAGMENT;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncstruct _IPSEC_PRIVATE_DATA {
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINT32                    Signature;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_HANDLE                Handle;           // Virtual handle to install private prtocol
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_HANDLE                ImageHandle;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC2_PROTOCOL       IpSec;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  BOOLEAN                   SetBySelf;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Udp4List;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINTN                     Udp4Num;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Udp6List;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  UINTN                     Udp6Num;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Ikev1SessionList;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Ikev1EstablishedList;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Ikev2SessionList;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  LIST_ENTRY                Ikev2EstablishedList;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  BOOLEAN                   IsIPsecDisabling;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync};
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  This function processes the inbound traffic with IPsec.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  It checks the received packet security property, trims the ESP/AH header, and then
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  returns without an IPsec protected IP Header and FragmentTable.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      IpVersion          The version of IP.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] IpHead             Points to IP header containing the ESP/AH header
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     to be trimed on input, and without ESP/AH header
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] LastHead           The Last Header in IP header on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsBuffer      Pointer to the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsLength      Length of the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentTable      Pointer to a list of fragments in form of IPsec
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     protected on input, and without IPsec protected
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentCount      The number of fragments.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out]     SpdEntry           Pointer to contain the address of SPD entry on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out]     RecycleEvent       The event for recycling of resources.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS              The operation was successful.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_UNSUPPORTED          The IPSEC protocol is not supported.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFI_STATUS
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecProtectInboundPacket (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                       IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                        *IpHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT8                       *LastHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                        **OptionsBuffer,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                      *OptionsLength,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT EFI_IPSEC_FRAGMENT_DATA     **FragmentTable,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                      *FragmentCount,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync     OUT EFI_IPSEC_SPD_SELECTOR      **SpdEntry,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync     OUT EFI_EVENT                   *RecycleEvent
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  This fucntion processes the output traffic with IPsec.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  It protected the sending packet by encrypting it payload and inserting ESP/AH header
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      IpVersion          The version of IP.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] IpHead             Point to IP header containing the orginal IP header
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     to be processed on input, and inserted ESP/AH header
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] LastHead           The Last Header in IP header.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsBuffer      Pointer to the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsLength      Length of the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentTable      Pointer to a list of fragments to be protected by
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     IPsec on input, and with IPsec protected
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                     on return.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentCount      Number of fragments.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      SadEntry           Related SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out]     RecycleEvent       Event for recycling of resources.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS              The operation is successful.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_UNSUPPORTED          If the IPSEC protocol is not supported.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFI_STATUS
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecProtectOutboundPacket (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                       IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                        *IpHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT8                       *LastHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                        **OptionsBuffer,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                      *OptionsLength,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT EFI_IPSEC_FRAGMENT_DATA     **FragmentTable,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                      *FragmentCount,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     IPSEC_SAD_ENTRY             *SadEntry,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync     OUT EFI_EVENT                   *RecycleEvent
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Check if the IP Address in the address range of AddressInfos specified.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpVersion         The IP version.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpAddr            Points to EFI_IP_ADDRESS to be check.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  AddressInfo       A list of EFI_IP_ADDRESS_INFO that is used to check
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                                the IP Address is matched.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  AddressCount      The total numbers of the AddressInfo.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval   TRUE    If the Specified IP Address is in the range of the AddressInfos specified.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval   FALSE   If the Specified IP Address is not in the range of the AddressInfos specified.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncBOOLEAN
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecMatchIpAddress (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                                  IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN EFI_IP_ADDRESS                         *IpAddr,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN EFI_IP_ADDRESS_INFO                    *AddressInfo,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT32                                 AddressCount
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Find a PAD entry according to remote IP address.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpVersion         The version of IP.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpAddr            Point to remote IP address.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @return The pointer of related PAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIPSEC_PAD_ENTRY *
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecLookupPadEntry (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                                  IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN EFI_IP_ADDRESS                         *IpAddr
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Check if the specified IP packet can be serviced by this SPD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  SpdEntry          Point to SPD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpVersion         Version of IP.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpHead            Point to IP header.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpPayload         Point to IP payload.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  Protocol          The Last protocol of IP packet.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IsOutbound        Traffic direction.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out] Action            The support action of SPD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS       Find the related SPD.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_NOT_FOUND     Not find the related SPD entry;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFI_STATUS
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecLookupSpdEntry (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     IPSEC_SPD_ENTRY         *SpdEntry,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                   IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     VOID                    *IpHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                   *IpPayload,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                   Protocol,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     BOOLEAN                 IsOutbound,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync     OUT EFI_IPSEC_ACTION        *Action
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Look up if there is existing SAD entry for specified IP packet sending.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  This function is called by the IPsecProcess when there is some IP packet needed to
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  send out. This function checks if there is an existing SAD entry that can be serviced
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  to this IP packet sending. If no existing SAD entry could be used, this
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  function will invoke an IPsec Key Exchange Negotiation.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  Private           Points to private data.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  NicHandle         Points to a NIC handle.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpVersion         The version of IP.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpHead            The IP Header of packet to be sent out.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpPayload         The IP Payload to be sent out.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  OldLastHead       The Last protocol of the IP packet.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  SpdEntry          Points to a related SPD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out] SadEntry          Contains the Point of a related SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_DEVICE_ERROR  One of following conditions is TRUE:
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                            - If don't find related UDP service.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                            - Sequence Number is used up.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync                            - Extension Sequence Number is used up.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_NOT_READY     No existing SAD entry could be used.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS       Find the related SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFI_STATUS
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecLookupSadEntry (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN IPSEC_PRIVATE_DATA      *Private,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN EFI_HANDLE              NicHandle,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                   IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN VOID                    *IpHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                   *IpPayload,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                   OldLastHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN IPSEC_SPD_ENTRY         *SpdEntry,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  OUT IPSEC_SAD_ENTRY        **SadEntry
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Find the SAD through whole SAD list.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  Spi               The SPI used to search the SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  DestAddress       The destination used to search the SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]  IpVersion         The IP version. Ip4 or Ip6.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @return  The pointer to a certain SAD entry.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIPSEC_SAD_ENTRY *
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecLookupSadBySpi (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT32                                 Spi,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN EFI_IP_ADDRESS                         *DestAddress,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN UINT8                                  IpVersion
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  )
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync/**
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  Handles IPsec packet processing for inbound and outbound IP packets.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  The behavior is that it can perform one of the following actions:
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  bypass the packet, discard the packet, or protect the packet.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      This             Pointer to the EFI_IPSEC2_PROTOCOL instance.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      NicHandle        Instance of the network interface.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      IpVersion        IPV4 or IPV6.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] IpHead           Pointer to the IP Header.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] LastHead         The protocol of the next layer to be processed by IPsec.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsBuffer    Pointer to the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] OptionsLength    Length of the options buffer.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentTable    Pointer to a list of fragments.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in, out] FragmentCount    Number of fragments.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[in]      TrafficDirection Traffic direction.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @param[out]     RecycleSignal    Event for recycling of resources.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS              The packet was bypassed and all buffers remain the same.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_SUCCESS              The packet was protected.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  @retval EFI_ACCESS_DENIED        The packet was discarded.
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync**/
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFI_STATUS
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncEFIAPI
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncIpSecProcess (
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     EFI_IPSEC2_PROTOCOL              *This,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     EFI_HANDLE                      NicHandle,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     UINT8                           IpVersion,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                            *IpHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT8                           *LastHead,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT VOID                            **OptionsBuffer,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                          *OptionsLength,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT EFI_IPSEC_FRAGMENT_DATA         **FragmentTable,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN OUT UINT32                          *FragmentCount,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  IN     EFI_IPSEC_TRAFFIC_DIR           TrafficDirection,
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync     OUT EFI_EVENT                       *RecycleSignal
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync  );
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncextern EFI_DPC_PROTOCOL    *mDpc;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncextern EFI_IPSEC2_PROTOCOL  mIpSecInstance;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncextern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsyncextern EFI_COMPONENT_NAME_PROTOCOL  gIpSecComponentName;
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync
4fd606d1f5abe38e1f42c38de1d2e895166bd0f4vboxsync#endif