IpSecImpl.h revision 4fd606d1f5abe38e1f42c38de1d2e895166bd0f4
/** @file
The definitions related to IPsec protocol implementation.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _IP_SEC_IMPL_H_
#define _IP_SEC_IMPL_H_
#include <Uefi.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Protocol/IpSecConfig.h>
#include <Protocol/ComponentName.h>
#include <Protocol/ComponentName2.h>
typedef struct _IPSEC_PRIVATE_DATA IPSEC_PRIVATE_DATA;
typedef struct _IPSEC_SPD_ENTRY IPSEC_SPD_ENTRY;
typedef struct _IPSEC_PAD_ENTRY IPSEC_PAD_ENTRY;
typedef struct _IPSEC_SPD_DATA IPSEC_SPD_DATA;
#define IPSEC_PRIVATE_DATA_FROM_IPSEC(a) CR (a, IPSEC_PRIVATE_DATA, IpSec, IPSEC_PRIVATE_DATA_SIGNATURE)
#define IPSEC_PRIVATE_DATA_FROM_UDP4LIST(a) CR (a, IPSEC_PRIVATE_DATA, Udp4List, IPSEC_PRIVATE_DATA_SIGNATURE)
#define IPSEC_PRIVATE_DATA_FROM_UDP6LIST(a) CR (a, IPSEC_PRIVATE_DATA, Udp6List, IPSEC_PRIVATE_DATA_SIGNATURE)
#define IPSEC_STATUS_DISABLED 0
#define IPSEC_STATUS_ENABLED 1
#define IPSEC_ESP_PROTOCOL 50
#define IPSEC_AH_PROTOCOL 51
#define IPSEC_DEFAULT_VARIABLE_SIZE 0x100
//
// Internal Structure Definition
//
#pragma pack(1)
typedef struct _EFI_AH_HEADER {
typedef struct _EFI_ESP_HEADER {
typedef struct _EFI_ESP_TAIL {
} EFI_ESP_TAIL;
#pragma pack()
struct _IPSEC_SPD_DATA {
};
struct _IPSEC_SPD_ENTRY {
};
typedef struct _IPSEC_SAD_DATA {
typedef struct _IPSEC_SAD_ENTRY {
struct _IPSEC_PAD_ENTRY {
};
typedef struct _IPSEC_RECYCLE_CONTEXT {
//
// Struct used to store the Hash and its data.
//
typedef struct {
struct _IPSEC_PRIVATE_DATA {
};
/**
This function processes the inbound traffic with IPsec.
returns without an IPsec protected IP Header and FragmentTable.
@param[in] IpVersion The version of IP.
on return.
@param[in, out] LastHead The Last Header in IP header on return.
@param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
protected on input, and without IPsec protected
on return.
@param[in, out] FragmentCount The number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent The event for recycling of resources.
@retval EFI_SUCCESS The operation was successful.
@retval EFI_UNSUPPORTED The IPSEC protocol is not supported.
**/
);
/**
This fucntion processes the output traffic with IPsec.
in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
@param[in] IpVersion The version of IP.
@param[in, out] IpHead Point to IP header containing the orginal IP header
on return.
@param[in, out] LastHead The Last Header in IP header.
@param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
@param[in, out] FragmentCount Number of fragments.
@param[in] SadEntry Related SAD entry.
@param[out] RecycleEvent Event for recycling of resources.
@retval EFI_SUCCESS The operation is successful.
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
**/
);
/**
Check if the IP Address in the address range of AddressInfos specified.
@param[in] IpVersion The IP version.
@param[in] IpAddr Points to EFI_IP_ADDRESS to be check.
@param[in] AddressInfo A list of EFI_IP_ADDRESS_INFO that is used to check
the IP Address is matched.
@param[in] AddressCount The total numbers of the AddressInfo.
@retval TRUE If the Specified IP Address is in the range of the AddressInfos specified.
@retval FALSE If the Specified IP Address is not in the range of the AddressInfos specified.
**/
);
/**
Find a PAD entry according to remote IP address.
@param[in] IpVersion The version of IP.
@param[in] IpAddr Point to remote IP address.
@return The pointer of related PAD entry.
**/
);
/**
Check if the specified IP packet can be serviced by this SPD entry.
@param[in] SpdEntry Point to SPD entry.
@param[in] IpVersion Version of IP.
@param[in] IpHead Point to IP header.
@param[in] IpPayload Point to IP payload.
@param[in] Protocol The Last protocol of IP packet.
@param[in] IsOutbound Traffic direction.
@param[out] Action The support action of SPD entry.
@retval EFI_SUCCESS Find the related SPD.
@retval EFI_NOT_FOUND Not find the related SPD entry;
**/
);
/**
Look up if there is existing SAD entry for specified IP packet sending.
This function is called by the IPsecProcess when there is some IP packet needed to
send out. This function checks if there is an existing SAD entry that can be serviced
to this IP packet sending. If no existing SAD entry could be used, this
function will invoke an IPsec Key Exchange Negotiation.
@param[in] Private Points to private data.
@param[in] NicHandle Points to a NIC handle.
@param[in] IpVersion The version of IP.
@param[in] IpHead The IP Header of packet to be sent out.
@param[in] IpPayload The IP Payload to be sent out.
@param[in] OldLastHead The Last protocol of the IP packet.
@param[in] SpdEntry Points to a related SPD entry.
@param[out] SadEntry Contains the Point of a related SAD entry.
@retval EFI_DEVICE_ERROR One of following conditions is TRUE:
- If don't find related UDP service.
- Sequence Number is used up.
- Extension Sequence Number is used up.
@retval EFI_NOT_READY No existing SAD entry could be used.
@retval EFI_SUCCESS Find the related SAD entry.
**/
);
/**
Find the SAD through whole SAD list.
@param[in] Spi The SPI used to search the SAD entry.
@param[in] DestAddress The destination used to search the SAD entry.
@param[in] IpVersion The IP version. Ip4 or Ip6.
@return The pointer to a certain SAD entry.
**/
)
;
/**
Handles IPsec packet processing for inbound and outbound IP packets.
The EFI_IPSEC_PROCESS process routine handles each inbound or outbound packet.
The behavior is that it can perform one of the following actions:
bypass the packet, discard the packet, or protect the packet.
@param[in] This Pointer to the EFI_IPSEC2_PROTOCOL instance.
@param[in] NicHandle Instance of the network interface.
@param[in] IpVersion IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header.
@param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
@param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments.
@param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources.
@retval EFI_SUCCESS The packet was bypassed and all buffers remain the same.
@retval EFI_SUCCESS The packet was protected.
@retval EFI_ACCESS_DENIED The packet was discarded.
**/
);
extern EFI_DPC_PROTOCOL *mDpc;
extern EFI_IPSEC2_PROTOCOL mIpSecInstance;
#endif