TianoCore EDK2 master
|
Go to the source code of this file.
Data Structures | |
struct | _EFI_IP_ADDRESS_INFO |
struct | _EFI_IPSEC_SPD_SELECTOR |
struct | _EFI_IPSEC_SA_LIFETIME |
struct | _EFI_IPSEC_TUNNEL_OPTION |
struct | _EFI_IPSEC_PROCESS_POLICY |
struct | _EFI_IPSEC_SA_ID |
struct | _EFI_IPSEC_SPD_DATA |
struct | _EFI_IPSEC_AH_ALGO_INFO |
struct | _EFI_IPSEC_ESP_ALGO_INFO |
union | EFI_IPSEC_ALGO_INFO |
struct | _EFI_IPSEC_SA_DATA |
struct | _EFI_IPSEC_SA_DATA2 |
struct | _EFI_IPSEC_PAD_ID |
union | EFI_IPSEC_CONFIG_SELECTOR |
struct | _EFI_IPSEC_PAD_DATA |
struct | _EFI_IPSEC_CONFIG_PROTOCOL |
Macros | |
#define | EFI_IPSEC_CONFIG_PROTOCOL_GUID |
#define | MAX_PEERID_LEN 128 |
Enumerations | |
enum | EFI_IPSEC_CONFIG_DATA_TYPE { IPsecConfigDataTypeSpd , IPsecConfigDataTypeSad , IPsecConfigDataTypePad , IPsecConfigDataTypeMaximum } |
enum | EFI_IPSEC_TRAFFIC_DIR { EfiIPsecInBound , EfiIPsecOutBound } |
enum | EFI_IPSEC_ACTION { EfiIPsecActionDiscard , EfiIPsecActionBypass , EfiIPsecActionProtect } |
enum | EFI_IPSEC_MODE { EfiIPsecTransport , EfiIPsecTunnel } |
enum | EFI_IPSEC_TUNNEL_DF_OPTION { EfiIPsecTunnelClearDf , EfiIPsecTunnelSetDf , EfiIPsecTunnelCopyDf } |
enum | EFI_IPSEC_PROTOCOL_TYPE { EfiIPsecAH , EfiIPsecESP } |
enum | EFI_IPSEC_AUTH_PROTOCOL_TYPE { EfiIPsecAuthProtocolIKEv1 , EfiIPsecAuthProtocolIKEv2 , EfiIPsecAuthProtocolMaximum } |
enum | EFI_IPSEC_AUTH_METHOD { EfiIPsecAuthMethodPreSharedSecret , EfiIPsecAuthMethodCertificates , EfiIPsecAuthMethodMaximum } |
Variables | |
EFI_GUID | gEfiIpSecConfigProtocolGuid |
EFI IPsec Configuration Protocol Definition The EFI_IPSEC_CONFIG_PROTOCOL provides the mechanism to set and retrieve security and policy related information for the EFI IPsec protocol driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file IpSecConfig.h.
#define EFI_IPSEC_CONFIG_PROTOCOL_GUID |
Definition at line 17 of file IpSecConfig.h.
#define MAX_PEERID_LEN 128 |
Definition at line 318 of file IpSecConfig.h.
typedef struct _EFI_IP_ADDRESS_INFO EFI_IP_ADDRESS_INFO |
EFI_IP_ADDRESS_INFO
typedef struct _EFI_IPSEC_AH_ALGO_INFO EFI_IPSEC_AH_ALGO_INFO |
EFI_IPSEC_AH_ALGO_INFO The security algorithm selection for IPsec AH authentication. The required authentication algorithm is specified in RFC 4305.
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_DATA) (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data) |
Return the configuration value for the EFI IPsec driver.
This function lookup the data entry from IPsec database or IKEv2 configuration information. The expected data type and unique identification are described in DataType and Selector parameters.
[in] | This | Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance. |
[in] | DataType | The type of data to retrieve. |
[in] | Selector | Pointer to an entry selector which is an identifier of the IPsec configuration data entry. |
[in,out] | DataSize | On output the size of data returned in Data. |
[out] | Data | The buffer to return the contents of the IPsec configuration data. The type of the data buffer is associated with the DataType. |
EFI_SUCCESS | The specified configuration data is got successfully. |
EFI_INVALID_PARAMETER | One or more of the followings are TRUE:
|
EFI_NOT_FOUND | The configuration data specified by Selector is not found. |
EFI_UNSUPPORTED | The specified DataType is not supported. |
EFI_BUFFER_TOO_SMALL | The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request. |
Definition at line 667 of file IpSecConfig.h.
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_GET_NEXT_SELECTOR) (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN OUT UINTN *SelectorSize, IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector) |
Enumerates the current selector for IPsec configuration data entry.
This function is called multiple times to retrieve the entry Selector in IPsec configuration database. On each call to GetNextSelector(), the next entry Selector are retrieved into the output interface.
If the entire IPsec configuration database has been iterated, the error EFI_NOT_FOUND is returned. If the Selector buffer is too small for the next Selector copy, an EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect the size of buffer needed.
On the initial call to GetNextSelector() to start the IPsec configuration database search, a pointer to the buffer with all zero value is passed in Selector. Calls to SetData() between calls to GetNextSelector may produce unpredictable results.
[in] | This | Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance. |
[in] | DataType | The type of IPsec configuration data to retrieve. |
[in,out] | SelectorSize | The size of the Selector buffer. |
[in,out] | Selector | On input, supplies the pointer to last Selector that was returned by GetNextSelector(). On output, returns one copy of the current entry Selector of a given DataType. |
EFI_SUCCESS | The specified configuration data is got successfully. |
EFI_INVALID_PARAMETER | One or more of the followings are TRUE:
|
EFI_NOT_FOUND | The next configuration data entry was not found. |
EFI_UNSUPPORTED | The specified DataType is not supported. |
EFI_BUFFER_TOO_SMALL | The SelectorSize is too small for the result. This parameter has been updated with the size needed to complete the search request. |
Definition at line 714 of file IpSecConfig.h.
typedef struct _EFI_IPSEC_CONFIG_PROTOCOL EFI_IPSEC_CONFIG_PROTOCOL |
Definition at line 22 of file IpSecConfig.h.
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_REGISTER_NOTIFY) (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event) |
Register an event that is to be signaled whenever a configuration process on the specified IPsec configuration information is done.
This function registers an event that is to be signaled whenever a configuration process on the specified IPsec configuration data is done (e.g. IPsec security policy database configuration is ready). An event can be registered for different DataType simultaneously and the caller is responsible for determining which type of configuration data causes the signaling of the event in such case.
[in] | This | Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance. |
[in] | DataType | The type of data to be registered the event for. |
[in] | Event | The event to be registered. |
EFI_SUCCESS | The event is registered successfully. |
EFI_INVALID_PARAMETER | This is NULL or Event is NULL. |
EFI_ACCESS_DENIED | The Event is already registered for the DataType. |
EFI_UNSUPPORTED | The notify registration unsupported or the specified DataType is not supported. |
Definition at line 744 of file IpSecConfig.h.
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_SET_DATA) (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore OPTIONAL) |
Set the security association, security policy and peer authorization configuration information for the EFI IPsec driver.
This function is used to set the IPsec configuration information of type DataType for the EFI IPsec driver. The IPsec configuration data has a unique selector/identifier separately to identify a data entry. The selector structure depends on DataType's definition. Using SetData() with a Data of NULL causes the IPsec configuration data entry identified by DataType and Selector to be deleted.
[in] | This | Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance. |
[in] | DataType | The type of data to be set. |
[in] | Selector | Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed. |
[in] | Data | The data buffer to be set. The structure of the data buffer is associated with the DataType. |
[in] | InsertBefore | Pointer to one entry selector which describes the expected position the new data entry will be added. If InsertBefore is NULL, the new entry will be appended the end of database. |
EFI_SUCCESS | The specified configuration entry data is set successfully. |
EFI_INVALID_PARAMETER | One or more of the following are TRUE:
|
EFI_UNSUPPORTED | The specified DataType is not supported. |
EFI_OUT_OF_RESOURCED | The required system resource could not be allocated. |
Definition at line 630 of file IpSecConfig.h.
typedef EFI_STATUS(EFIAPI * EFI_IPSEC_CONFIG_UNREGISTER_NOTIFY) (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event) |
Remove the specified event that is previously registered on the specified IPsec configuration data.
This function removes a previously registered event for the specified configuration data.
[in] | This | Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance. |
[in] | DataType | The configuration data type to remove the registered event for. |
[in] | Event | The event to be unregistered. |
EFI_SUCCESS | The event is removed successfully. |
EFI_NOT_FOUND | The Event specified by DataType could not be found in the database. |
EFI_INVALID_PARAMETER | This is NULL or Event is NULL. |
EFI_UNSUPPORTED | The notify registration unsupported or the specified DataType is not supported. |
Definition at line 770 of file IpSecConfig.h.
typedef struct _EFI_IPSEC_ESP_ALGO_INFO EFI_IPSEC_ESP_ALGO_INFO |
EFI_IPSEC_ESP_ALGO_INFO The security algorithm selection for IPsec ESP encryption and authentication. The required authentication algorithm is specified in RFC 4305. EncAlgoId fields can also specify an ESP combined mode algorithm (e.g. AES with CCM mode, specified in RFC 4309), which provides both confidentiality and authentication services.
typedef struct _EFI_IPSEC_PAD_DATA EFI_IPSEC_PAD_DATA |
EFI_IPSEC_PAD_DATA
typedef struct _EFI_IPSEC_PAD_ID EFI_IPSEC_PAD_ID |
EFI_IPSEC_PAD_ID specifies the identifier for PAD entry, which is also used for SPD lookup. IpAddress Pointer to the IPv4 or IPv6 address range.
typedef struct _EFI_IPSEC_PROCESS_POLICY EFI_IPSEC_PROCESS_POLICY |
EFI_IPSEC_PROCESS_POLICY describes a policy list for traffic processing.
typedef struct _EFI_IPSEC_SA_DATA EFI_IPSEC_SA_DATA |
EFI_IPSEC_SA_DATA
typedef struct _EFI_IPSEC_SA_DATA2 EFI_IPSEC_SA_DATA2 |
EFI_IPSEC_SA_DATA2
typedef struct _EFI_IPSEC_SA_ID EFI_IPSEC_SA_ID |
EFI_IPSEC_SA_ID A triplet to identify an SA, consisting of the following members.
typedef struct _EFI_IPSEC_SA_LIFETIME EFI_IPSEC_SA_LIFETIME |
EFI_IPSEC_SA_LIFETIME defines the lifetime of an SA, which represents when a SA must be replaced or terminated. A value of all 0 for each field removes the limitation of a SA lifetime.
typedef struct _EFI_IPSEC_SPD_DATA EFI_IPSEC_SPD_DATA |
EFI_IPSEC_SPD_DATA
typedef struct _EFI_IPSEC_SPD_SELECTOR EFI_IPSEC_SPD_SELECTOR |
EFI_IPSEC_SPD_SELECTOR
typedef struct _EFI_IPSEC_TUNNEL_OPTION EFI_IPSEC_TUNNEL_OPTION |
EFI_IPSEC_TUNNEL_OPTION
enum EFI_IPSEC_ACTION |
EFI_IPSEC_ACTION represents three possible processing choices.
Definition at line 148 of file IpSecConfig.h.
EFI_IPSEC_AUTH_METHOD
Enumerator | |
---|---|
EfiIPsecAuthMethodPreSharedSecret | Using Pre-shared Keys for manual security associations. |
EfiIPsecAuthMethodCertificates | IKE employs X.509 certificates for SA establishment. |
Definition at line 549 of file IpSecConfig.h.
EFI_IPSEC_AUTH_PROTOCOL_TYPE defines the possible authentication protocol for IPsec security association management.
Definition at line 540 of file IpSecConfig.h.
EFI_IPSEC_CONFIG_DATA_TYPE
Definition at line 27 of file IpSecConfig.h.
enum EFI_IPSEC_MODE |
EFI_IPSEC_MODE There are two modes of IPsec operation: transport mode and tunnel mode. In EfiIPsecTransport mode, AH and ESP provide protection primarily for next layer protocols; In EfiIPsecTunnel mode, AH and ESP are applied to tunneled IP packets.
Definition at line 199 of file IpSecConfig.h.
EFI_IPSEC_PROTOCOL_TYPE
Enumerator | |
---|---|
EfiIPsecAH | IP Authentication Header protocol which is specified in RFC 4302. |
EfiIPsecESP | IP Encapsulating Security Payload which is specified in RFC 4303. |
Definition at line 240 of file IpSecConfig.h.
EFI_IPSEC_TRAFFIC_DIR represents the directionality in an SPD entry.
Definition at line 129 of file IpSecConfig.h.
EFI_IPSEC_TUNNEL_DF_OPTION The option of copying the DF bit from an outbound package to the tunnel mode header that it emits, when traffic is carried via a tunnel mode SA. This applies to SAs where both inner and outer headers are IPv4.
Enumerator | |
---|---|
EfiIPsecTunnelClearDf | Clear DF bit from inner header. |
EfiIPsecTunnelSetDf | Set DF bit from inner header. |
EfiIPsecTunnelCopyDf | Copy DF bit from inner header. |
Definition at line 211 of file IpSecConfig.h.