MdePkg/Include/Protocol/IpSecConfig.h File Reference


Data Structures

struct  _EFI_IP_ADDRESS_INFO
struct  _EFI_IPSEC_SPD_SELECTOR
struct  _EFI_IPSEC_SA_LIFETIME
struct  _EFI_IPSEC_TUNNEL_OPTION
struct  _EFI_IPSEC_PROCESS_POLICY
struct  _EFI_IPSEC_SA_ID
struct  _EFI_IPSEC_SPD_DATA
struct  _EFI_IPSEC_AH_ALGO_INFO
struct  _EFI_IPSEC_ESP_ALGO_INFO
union  EFI_IPSEC_ALGO_INFO
struct  _EFI_IPSEC_SA_DATA
struct  _EFI_IPSEC_SA_DATA2
struct  _EFI_IPSEC_PAD_ID
union  EFI_IPSEC_CONFIG_SELECTOR
struct  _EFI_IPSEC_PAD_DATA
struct  _EFI_IPSEC_CONFIG_PROTOCOL

Defines

#define EFI_IPSEC_CONFIG_PROTOCOL_GUID
#define MAX_PEERID_LEN   128

Typedefs

typedef struct
_EFI_IPSEC_CONFIG_PROTOCOL 
EFI_IPSEC_CONFIG_PROTOCOL
typedef struct _EFI_IP_ADDRESS_INFO EFI_IP_ADDRESS_INFO
typedef struct
_EFI_IPSEC_SPD_SELECTOR 
EFI_IPSEC_SPD_SELECTOR
typedef struct
_EFI_IPSEC_SA_LIFETIME 
EFI_IPSEC_SA_LIFETIME
typedef struct
_EFI_IPSEC_TUNNEL_OPTION 
EFI_IPSEC_TUNNEL_OPTION
typedef struct
_EFI_IPSEC_PROCESS_POLICY 
EFI_IPSEC_PROCESS_POLICY
typedef struct _EFI_IPSEC_SA_ID EFI_IPSEC_SA_ID
typedef struct _EFI_IPSEC_SPD_DATA EFI_IPSEC_SPD_DATA
typedef struct
_EFI_IPSEC_AH_ALGO_INFO 
EFI_IPSEC_AH_ALGO_INFO
typedef struct
_EFI_IPSEC_ESP_ALGO_INFO 
EFI_IPSEC_ESP_ALGO_INFO
typedef struct _EFI_IPSEC_SA_DATA EFI_IPSEC_SA_DATA
typedef struct _EFI_IPSEC_SA_DATA2 EFI_IPSEC_SA_DATA2
typedef struct _EFI_IPSEC_PAD_ID EFI_IPSEC_PAD_ID
typedef struct _EFI_IPSEC_PAD_DATA EFI_IPSEC_PAD_DATA
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_SET_DATA )(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore)
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_DATA )(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_NEXT_SELECTOR )(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN OUT UINTN *SelectorSize, IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector)
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_REGISTER_NOTIFY )(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event)
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_UNREGISTER_NOTIFY )(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event)

Enumerations

enum  EFI_IPSEC_CONFIG_DATA_TYPE { IPsecConfigDataTypeSpd, IPsecConfigDataTypeSad, IPsecConfigDataTypePad, IPsecConfigDataTypeMaximum }
enum  EFI_IPSEC_TRAFFIC_DIR { EfiIPsecInBound, EfiIPsecOutBound }
enum  EFI_IPSEC_ACTION { EfiIPsecActionDiscard, EfiIPsecActionBypass, EfiIPsecActionProtect }
enum  EFI_IPSEC_MODE { EfiIPsecTransport, EfiIPsecTunnel }
enum  EFI_IPSEC_TUNNEL_DF_OPTION { EfiIPsecTunnelClearDf, EfiIPsecTunnelSetDf, EfiIPsecTunnelCopyDf }
enum  EFI_IPSEC_PROTOCOL_TYPE { EfiIPsecAH, EfiIPsecESP }
enum  EFI_IPSEC_AUTH_PROTOCOL_TYPE { EfiIPsecAuthProtocolIKEv1, EfiIPsecAuthProtocolIKEv2, EfiIPsecAuthProtocolMaximum }
enum  EFI_IPSEC_AUTH_METHOD { EfiIPsecAuthMethodPreSharedSecret, EfiIPsecAuthMethodCertificates, EfiIPsecAuthMethodMaximum }

Variables

EFI_GUID gEfiIpSecConfigProtocolGuid

Detailed Description

EFI IPsec Configuration Protocol Definition The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and policy related information for the EFI IPsec protocol driver.

Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

Revision Reference:
This Protocol is introduced in UEFI Specification 2.2

Define Documentation

#define EFI_IPSEC_CONFIG_PROTOCOL_GUID

Value:

{ \
    0xce5e5929, 0xc7a3, 0x4602, {0xad, 0x9e, 0xc9, 0xda, 0xf9, 0x4e, 0xbf, 0xcf } \
  }

#define MAX_PEERID_LEN   128


Typedef Documentation

EFI_IP_ADDRESS_INFO

EFI_IPSEC_AH_ALGO_INFO The security algorithm selection for IPsec AH authentication. The required authentication algorithm is specified in RFC 4305.

typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_DATA)(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)

Return the configuration value for the EFI IPsec driver.

This function lookup the data entry from IPsec database or IKEv2 configuration information. The expected data type and unique identification are described in DataType and Selector parameters.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to retrieve.
[in] Selector Pointer to an entry selector which is an identifier of the IPsec configuration data entry.
[in,out] DataSize On output the size of data returned in Data.
[out] Data The buffer to return the contents of the IPsec configuration data. The type of the data buffer is associated with the DataType.
Return values:
EFI_SUCCESS The specified configuration data is got successfully.
EFI_INVALID_PARAMETER One or more of the followings are TRUE:
  • This is NULL.
  • Selector is NULL.
  • DataSize is NULL.
  • Data is NULL and *DataSize is not zero
EFI_NOT_FOUND The configuration data specified by Selector is not found.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.

typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_NEXT_SELECTOR)(IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN OUT UINTN *SelectorSize, IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector)

Enumerates the current selector for IPsec configuration data entry.

This function is called multiple times to retrieve the entry Selector in IPsec configuration database. On each call to GetNextSelector(), the next entry Selector are retrieved into the output interface.

If the entire IPsec configuration database has been iterated, the error EFI_NOT_FOUND is returned. If the Selector buffer is too small for the next Selector copy, an EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect the size of buffer needed.

On the initial call to GetNextSelector() to start the IPsec configuration database search, a pointer to the buffer with all zero value is passed in Selector. Calls to SetData() between calls to GetNextSelector may produce unpredictable results.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of IPsec configuration data to retrieve.
[in,out] SelectorSize The size of the Selector buffer.
[in,out] Selector On input, supplies the pointer to last Selector that was returned by GetNextSelector(). On output, returns one copy of the current entry Selector of a given DataType.
Return values:
EFI_SUCCESS The specified configuration data is got successfully.
EFI_INVALID_PARAMETER One or more of the followings are TRUE:
  • This is NULL.
  • SelectorSize is NULL.
  • Selector is NULL.
EFI_NOT_FOUND The next configuration data entry was not found.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter has been updated with the size needed to complete the search request.

Register an event that is to be signaled whenever a configuration process on the specified IPsec configuration information is done.

This function registers an event that is to be signaled whenever a configuration process on the specified IPsec configuration data is done (e.g. IPsec security policy database configuration is ready). An event can be registered for different DataType simultaneously and the caller is responsible for determining which type of configuration data causes the signaling of the event in such case.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to be registered the event for.
[in] Event The event to be registered.
Return values:
EFI_SUCCESS The event is registered successfully.
EFI_INVALID_PARAMETER This is NULL or Event is NULL.
EFI_ACCESS_DENIED The Event is already registered for the DataType.
EFI_UNSUPPORTED The notify registration unsupported or the specified DataType is not supported.

Set the security association, security policy and peer authorization configuration information for the EFI IPsec driver.

This function is used to set the IPsec configuration information of type DataType for the EFI IPsec driver. The IPsec configuration data has a unique selector/identifier separately to identify a data entry. The selector structure depends on DataType's definition. Using SetData() with a Data of NULL causes the IPsec configuration data entry identified by DataType and Selector to be deleted.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to be set.
[in] Selector Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed.
[in] Data The data buffer to be set. The structure of the data buffer is associated with the DataType.
[in] InsertBefore Pointer to one entry selector which describes the expected position the new data entry will be added. If InsertBefore is NULL, the new entry will be appended the end of database.
Return values:
EFI_SUCCESS The specified configuration entry data is set successfully.
EFI_INVALID_PARAMETER One or more of the following are TRUE:
  • This is NULL.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_OUT_OF_RESOURCED The required system resource could not be allocated.

Remove the specified event that is previously registered on the specified IPsec configuration data.

This function removes a previously registered event for the specified configuration data.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The configuration data type to remove the registered event for.
[in] Event The event to be unregistered.
Return values:
EFI_SUCCESS The event is removed successfully.
EFI_NOT_FOUND The Event specified by DataType could not be found in the database.
EFI_INVALID_PARAMETER This is NULL or Event is NULL.
EFI_UNSUPPORTED The notify registration unsupported or the specified DataType is not supported.

EFI_IPSEC_ESP_ALGO_INFO The security algorithm selection for IPsec ESP encryption and authentication. The required authentication algorithm is specified in RFC 4305. EncAlgoId fields can also specify an ESP combined mode algorithm (e.g. AES with CCM mode, specified in RFC 4309), which provides both confidentiality and authentication services.

EFI_IPSEC_PAD_DATA

EFI_IPSEC_PAD_ID specifies the identifier for PAD entry, which is also used for SPD lookup. IpAddress Pointer to the IPv4 or IPv6 address range.

EFI_IPSEC_PROCESS_POLICY describes a policy list for traffic processing.

EFI_IPSEC_SA_DATA

EFI_IPSEC_SA_DATA2

EFI_IPSEC_SA_ID A triplet to identify an SA, consisting of the following members.

EFI_IPSEC_SA_LIFETIME defines the lifetime of an SA, which represents when a SA must be replaced or terminated. A value of all 0 for each field removes the limitation of a SA lifetime.

EFI_IPSEC_SPD_DATA

EFI_IPSEC_SPD_SELECTOR

EFI_IPSEC_TUNNEL_OPTION


Enumeration Type Documentation

EFI_IPSEC_ACTION represents three possible processing choices.

Enumerator:
EfiIPsecActionDiscard  Refers to traffic that is not allowed to traverse the IPsec boundary.
EfiIPsecActionBypass  Refers to traffic that is allowed to cross the IPsec boundary without protection.
EfiIPsecActionProtect  Refers to traffic that is afforded IPsec protection, and for such traffic the SPD must specify the security protocols to be employed, their mode, security service options, and the cryptographic algorithms to be used.

EFI_IPSEC_AUTH_METHOD

Enumerator:
EfiIPsecAuthMethodPreSharedSecret  Using Pre-shared Keys for manual security associations.
EfiIPsecAuthMethodCertificates  IKE employs X.509 certificates for SA establishment.
EfiIPsecAuthMethodMaximum 

EFI_IPSEC_AUTH_PROTOCOL_TYPE defines the possible authentication protocol for IPsec security association management.

Enumerator:
EfiIPsecAuthProtocolIKEv1 
EfiIPsecAuthProtocolIKEv2 
EfiIPsecAuthProtocolMaximum 

EFI_IPSEC_CONFIG_DATA_TYPE

Enumerator:
IPsecConfigDataTypeSpd  The IPsec Security Policy Database (aka SPD) setting. In IPsec, an essential element of Security Association (SA) processing is underlying SPD that specifies what services are to be offered to IP datagram and in what fashion. The SPD must be consulted during the processing of all traffic (inbound and outbound), including traffic not protected by IPsec, that traverses the IPsec boundary. With this DataType, SetData() function is to set the SPD entry information, which may add one new entry, delete one existed entry or flush the whole database according to the parameter values. The corresponding Data is of type EFI_IPSEC_SPD_DATA
IPsecConfigDataTypeSad  The IPsec Security Association Database (aka SAD) setting. A SA is a simplex connection that affords security services to the traffic carried by it. Security services are afforded to an SA by the use of AH, or ESP, but not both. The corresponding Data is of type EFI_IPSEC_SAD_DATA.
IPsecConfigDataTypePad  The IPsec Peer Authorization Database (aka PAD) setting, which provides the link between the SPD and a security association management protocol. The PAD entry specifies the authentication protocol (e.g. IKEv1, IKEv2) method used and the authentication data. The corresponding Data is of type EFI_IPSEC_PAD_DATA.
IPsecConfigDataTypeMaximum 

EFI_IPSEC_MODE There are two modes of IPsec operation: transport mode and tunnel mode. In EfiIPsecTransport mode, AH and ESP provide protection primarily for next layer protocols; In EfiIPsecTunnel mode, AH and ESP are applied to tunneled IP packets.

Enumerator:
EfiIPsecTransport 
EfiIPsecTunnel 

EFI_IPSEC_PROTOCOL_TYPE

Enumerator:
EfiIPsecAH  IP Authentication Header protocol which is specified in RFC 4302.
EfiIPsecESP  IP Encapsulating Security Payload which is specified in RFC 4303.

EFI_IPSEC_TRAFFIC_DIR represents the directionality in an SPD entry.

Enumerator:
EfiIPsecInBound  The EfiIPsecInBound refers to traffic entering an IPsec implementation via the unprotected interface or emitted by the implementation on the unprotected side of the boundary and directed towards the protected interface.
EfiIPsecOutBound  The EfiIPsecOutBound refers to traffic entering the implementation via the protected interface, or emitted by the implementation on the protected side of the boundary and directed toward the unprotected interface.

EFI_IPSEC_TUNNEL_DF_OPTION The option of copying the DF bit from an outbound package to the tunnel mode header that it emits, when traffic is carried via a tunnel mode SA. This applies to SAs where both inner and outer headers are IPv4.

Enumerator:
EfiIPsecTunnelClearDf  Clear DF bit from inner header.
EfiIPsecTunnelSetDf  Set DF bit from inner header.
EfiIPsecTunnelCopyDf  Copy DF bit from inner header.


Variable Documentation


Generated on Wed Sep 23 16:24:23 2015 for MdePkg[ALL] by  doxygen 1.5.7.1