1 /** @file 2 IKEv2 related definitions. 3 4 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> 5 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php. 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 #ifndef _IKE_V2_H_ 16 #define _IKE_V2_H_ 17 18 #include "Ike.h" 19 #include "Payload.h" 20 21 #define IKEV2_TS_ANY_PORT 0xffff 22 #define IKEV2_TS_ANY_PROTOCOL 0 23 24 #define IKEV2_DELET_CHILDSA_LIST 0 25 #define IKEV2_ESTABLISHING_CHILDSA_LIST 1 26 #define IKEV2_ESTABLISHED_CHILDSA_LIST 2 27 28 #define IKEV2_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'I') 29 #define IKEV2_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_SA_SESSION, SessionCommon, IKEV2_SA_SESSION_SIGNATURE) 30 #define IKEV2_SA_SESSION_BY_SESSION(a) CR (a, IKEV2_SA_SESSION, BySessionTable, IKEV2_SA_SESSION_SIGNATURE) 31 #define IKEV2_SA_SESSION_BY_ESTABLISHED(a) CR (a, IKEV2_SA_SESSION, ByEstablishedTable, IKEV2_SA_SESSION_SIGNATURE) 32 33 #define IKEV2_CHILD_SA_SESSION_SIGNATURE SIGNATURE_32 ('I', 'K', 'E', 'C') 34 #define IKEV2_CHILD_SA_SESSION_FROM_COMMON(a) CR (a, IKEV2_CHILD_SA_SESSION, SessionCommon, IKEV2_CHILD_SA_SESSION_SIGNATURE) 35 #define IKEV2_CHILD_SA_SESSION_BY_IKE_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByIkeSa, IKEV2_CHILD_SA_SESSION_SIGNATURE) 36 #define IKEV2_CHILD_SA_SESSION_BY_DEL_SA(a) CR (a, IKEV2_CHILD_SA_SESSION, ByDelete, IKEV2_CHILD_SA_SESSION_SIGNATURE) 37 38 #define IS_IKEV2_SA_SESSION(s) ((s)->Common.IkeSessionType == IkeSessionTypeIkeSa) 39 #define IKEV2_SA_FIRST_PROPOSAL(Sa) (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1) 40 #define IKEV2_NEXT_TRANSFORM_WITH_SIZE(Transform,TransformSize) \ 41 (IKEV2_TRANSFORM *) ((UINT8 *)(Transform) + (TransformSize)) 42 43 #define IKEV2_NEXT_PROPOSAL_WITH_SIZE(Proposal, ProposalSize) \ 44 (IKEV2_PROPOSAL *) ((UINT8 *)(Proposal) + (ProposalSize)) 45 46 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \ 47 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \ 48 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize)) 49 #define IKEV2_PROPOSAL_FIRST_TRANSFORM(Proposal) \ 50 (IKEV2_TRANSFORM *)((UINT8 *)((IKEV2_PROPOSAL *)(Proposal)+1) + \ 51 (((IKEV2_PROPOSAL *)(Proposal))->SpiSize)) 52 53 typedef enum { 54 IkeStateInit, 55 IkeStateAuth, 56 IkeStateIkeSaEstablished, 57 IkeStateCreateChild, 58 IkeStateSaRekeying, 59 IkeStateChildSaEstablished, 60 IkeStateSaDeleting, 61 IkeStateMaximum 62 } IKEV2_SESSION_STATE; 63 64 typedef enum { 65 IkeRequestTypeCreateChildSa, 66 IkeRequestTypeRekeyChildSa, 67 IkeRequestTypeRekeyIkeSa, 68 IkeRequestTypeMaximum 69 } IKEV2_CREATE_CHILD_REQUEST_TYPE; 70 71 typedef struct { 72 UINT8 *GxBuffer; 73 UINTN GxSize; 74 UINT8 *GyBuffer; 75 UINTN GySize; 76 UINT8 *GxyBuffer; 77 UINTN GxySize; 78 UINT8 *DhContext; 79 } IKEV2_DH_BUFFER; 80 81 typedef struct { 82 IKEV2_DH_BUFFER *DhBuffer; 83 UINT8 *SkdKey; 84 UINTN SkdKeySize; 85 UINT8 *SkAiKey; 86 UINTN SkAiKeySize; 87 UINT8 *SkArKey; 88 UINTN SkArKeySize; 89 UINT8 *SkEiKey; 90 UINTN SkEiKeySize; 91 UINT8 *SkErKey; 92 UINTN SkErKeySize; 93 UINT8 *SkPiKey; 94 UINTN SkPiKeySize; 95 UINT8 *SkPrKey; 96 UINTN SkPrKeySize; 97 } IKEV2_SESSION_KEYS; 98 99 typedef struct { 100 UINT16 LifeType; 101 UINT64 LifeDuration; 102 UINT16 EncAlgId; 103 UINTN EnckeyLen; 104 UINT16 Prf; 105 UINT16 IntegAlgId; 106 UINTN IntegKeyLen; 107 UINT16 DhGroup; 108 UINT8 ExtSeq; 109 } IKEV2_SA_PARAMS; 110 111 // 112 // Internal Payload 113 // 114 typedef struct { 115 IKEV2_SA SaHeader; 116 UINTN NumProposals; 117 // 118 // IKE_PROPOSAL_DATA Proposals[1]; 119 // 120 } IKEV2_SA_DATA; 121 122 typedef struct { 123 UINT8 ProposalIndex; 124 UINT8 ProtocolId; 125 UINT8 *Spi; 126 UINT8 NumTransforms; 127 // 128 // IKE_TRANSFORM_DATA Transforms[1]; 129 // 130 } IKEV2_PROPOSAL_DATA; 131 132 typedef struct { 133 UINT8 TransformIndex; 134 UINT8 TransformType; 135 UINT16 TransformId; 136 IKE_SA_ATTRIBUTE Attribute; 137 } IKEV2_TRANSFORM_DATA; 138 139 typedef struct { 140 UINT8 IkeVer; 141 IKE_SESSION_TYPE IkeSessionType; 142 BOOLEAN IsInitiator; 143 BOOLEAN IsOnDeleting; // Flag to indicate whether the SA is on deleting. 144 IKEV2_SESSION_STATE State; 145 EFI_EVENT TimeoutEvent; 146 UINT64 TimeoutInterval; 147 UINTN RetryCount; 148 IKE_PACKET *LastSentPacket; 149 IKEV2_SA_PARAMS *SaParams; 150 UINT16 PreferDhGroup; 151 EFI_IP_ADDRESS RemotePeerIp; 152 EFI_IP_ADDRESS LocalPeerIp; 153 IKE_ON_PAYLOAD_FROM_NET BeforeDecodePayload; 154 IKE_ON_PAYLOAD_FROM_NET AfterEncodePayload; 155 IKE_UDP_SERVICE *UdpService; 156 IPSEC_PRIVATE_DATA *Private; 157 } IKEV2_SESSION_COMMON; 158 159 typedef struct { 160 UINT32 Signature; 161 IKEV2_SESSION_COMMON SessionCommon; 162 UINT64 InitiatorCookie; 163 UINT64 ResponderCookie; 164 // 165 // Initiator: SA proposals to be sent 166 // Responder: SA proposals to be matched 167 // 168 IKEV2_SA_DATA *SaData; // SA Private struct used for SA payload generation 169 IKEV2_SESSION_KEYS *IkeKeys; 170 UINT8 *NiBlock; 171 UINTN NiBlkSize; 172 UINT8 *NrBlock; 173 UINTN NrBlkSize; 174 UINT8 *NCookie; // Buffer Contains the Notify Cookie 175 UINTN NCookieSize; // Size of NCookie 176 IPSEC_PAD_ENTRY *Pad; 177 IPSEC_SPD_ENTRY *Spd; // SPD that requested the negotiation, TODO: better use SPD selector 178 LIST_ENTRY ChildSaSessionList; 179 LIST_ENTRY ChildSaEstablishSessionList; // For Establish Child SA. 180 LIST_ENTRY InfoMIDList; // For Information MID 181 LIST_ENTRY DeleteSaList; // For deteling Child SA. 182 UINT8 *InitPacket; 183 UINTN InitPacketSize; 184 UINT8 *RespPacket; 185 UINTN RespPacketSize; 186 UINT32 MessageId; 187 LIST_ENTRY BySessionTable; // Use for all IkeSaSession Links 188 } IKEV2_SA_SESSION; 189 190 typedef struct { 191 UINT32 Signature; 192 IKEV2_SESSION_COMMON SessionCommon; 193 IKEV2_SA_SESSION *IkeSaSession; 194 UINT32 MessageId; 195 IKEV2_SA_DATA *SaData; 196 UINT8 IpsecProtocol; 197 UINT32 LocalPeerSpi; 198 UINT32 RemotePeerSpi; 199 UINT8 *NiBlock; 200 UINTN NiBlkSize; 201 UINT8 *NrBlock; 202 UINTN NrBlkSize; 203 SA_KEYMATS ChildKeymats; 204 IKEV2_DH_BUFFER *DhBuffer; //New DH exchnaged by CREATE_CHILD_SA 205 IPSEC_SPD_ENTRY *Spd; 206 EFI_IPSEC_SPD_SELECTOR *SpdSelector; 207 UINT16 ProtoId; 208 UINT16 RemotePort; 209 UINT16 LocalPort; 210 LIST_ENTRY ByIkeSa; 211 LIST_ENTRY ByDelete; 212 } IKEV2_CHILD_SA_SESSION; 213 214 typedef enum { 215 Ikev2InfoNotify, 216 Ikev2InfoDelete, 217 Ikev2InfoLiveCheck 218 } IKEV2_INFO_TYPE; 219 220 // 221 // This struct is used to pass the detail infromation to the InfoGenerator() for 222 // the response Information Exchange Message creatation. 223 // 224 typedef struct { 225 UINT32 MessageId; 226 IKEV2_INFO_TYPE InfoType; 227 } IKEV2_INFO_EXCHANGE_CONTEXT; 228 229 typedef struct { 230 UINTN DataSize; 231 UINT8 *Data; 232 } PRF_DATA_FRAGMENT; 233 234 typedef 235 IKE_PACKET * 236 (*IKEV2_PACKET_GENERATOR) ( 237 IN UINT8 *SaSession, 238 IN VOID *Context 239 ); 240 241 typedef 242 EFI_STATUS 243 (*IKEV2_PACKET_PARSER) ( 244 IN UINT8 *SaSession, 245 IN IKE_PACKET *IkePacket 246 ); 247 248 typedef struct { 249 IKEV2_PACKET_PARSER Parser; 250 IKEV2_PACKET_GENERATOR Generator; 251 } IKEV2_PACKET_HANDLER; 252 253 extern IKEV2_PACKET_HANDLER mIkev2Initial[][2]; 254 extern IKEV2_PACKET_HANDLER mIkev2CreateChild; 255 extern IKEV2_PACKET_HANDLER mIkev2Info; 256 257 #endif 258 259