NetworkPkg/IpSecDxe/Ikev2/Utility.h File Reference


Defines

#define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM   2
#define IKEV2_SUPPORT_PRF_ALGORITHM_NUM   1
#define IKEV2_SUPPORT_DH_ALGORITHM_NUM   2
#define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM   1

Functions

IKEV2_SA_SESSIONIkev2SaSessionAlloc (IN IPSEC_PRIVATE_DATA *Private, IN IKE_UDP_SERVICE *UdpService)
VOID Ikev2SaSessionReg (IN IKEV2_SA_SESSION *IkeSaSession, IN IPSEC_PRIVATE_DATA *Private)
IKEV2_SA_SESSIONIkev2SaSessionLookup (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp)
VOID Ikev2SaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_SA_SESSION *IkeSaSession, IN EFI_IP_ADDRESS *RemotePeerIp)
IKEV2_SA_SESSIONIkev2SaSessionRemove (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp)
EFI_STATUS Ikev2SaSessionOnDeleting (IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2SessionCommonRefresh (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2SaSessionFree (IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2SaSessionCommonFree (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2SaSessionIncreaseMessageId (IN IKEV2_SA_SESSION *IkeSaSession)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionAlloc (IN IKE_UDP_SERVICE *UdpService, IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2ChildSaSessionReg (IN IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IPSEC_PRIVATE_DATA *Private)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionLookupBySpi (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionLookupByMid (IN LIST_ENTRY *SaSessionList, IN UINT32 Mid)
VOID Ikev2ChildSaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionRemove (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi, IN UINT8 ListType)
EFI_STATUS Ikev2ChildSaSessionOnDeleting (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
VOID Ikev2ChildSaSessionFree (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
VOID Ikev2DhBufferFree (IN IKEV2_DH_BUFFER *DhBuffer)
EFI_STATUS Ikev2ChildSaSilentDelete (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT32 Spi)
IKEV2_CREATE_CHILD_REQUEST_TYPE Ikev2ChildExchangeRequestType (IN IKE_PACKET *IkePacket)
UINT32 Ikev2ChildExchangeRekeySpi (IN IKE_PACKET *IkePacket)
EFI_STATUS Ikev2ChildSaAssociateSpdEntry (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession)
BOOLEAN Ikev2ValidateHeader (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_HEADER *IkeHdr)
IKEV2_SA_DATAIkev2InitializeSaData (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2StoreSaData (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
VOID Ikev2ChildSaBeforeDecodePayload (IN UINT8 *SessionCommon, IN UINT8 *PayloadBuf, IN UINTN PayloadSize, IN UINT8 PayloadType)
VOID Ikev2ChildSaAfterEncodePayload (IN UINT8 *SessionCommon, IN UINT8 *PayloadBuf, IN UINTN PayloadSize, IN UINT8 PayloadType)
IKE_PAYLOADIkev2GenerateSaPayload (IN IKEV2_SA_DATA *SessionSaData, IN UINT8 NextPayload, IN IKE_SESSION_TYPE Type)
IKE_PAYLOADIkev2GenerateIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload)
IKE_PAYLOADIkev2GenerateCertIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload, IN UINT8 *InCert, IN UINTN CertSize)
IKE_PAYLOADIkev2GenerateNoncePayload (IN UINT8 *NonceBuf, IN UINTN NonceSize, IN UINT8 NextPayload)
IKE_PAYLOADIkev2GenerateNotifyPayload (IN UINT8 ProtocolId, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 MessageType, IN UINT8 *SpiBuf, IN UINT8 *NotifyData, IN UINTN NotifyDataSize)
IKE_PAYLOADIkev2GenerateDeletePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 SpiNum, IN UINT8 *SpiBuf)
IKE_PAYLOADIkev2GenerateCpPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 CfgType)
IKE_PAYLOADIkev2PskGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify)
IKE_PAYLOADIkev2CertGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify, IN UINT8 *UefiPrivateKey, IN UINTN UefiPrivateKeyLen, IN UINT8 *UefiKeyPwd, IN UINTN UefiKeyPwdLen)
IKE_PAYLOADIkev2GenerateTsPayload (IN IKEV2_CHILD_SA_SESSION *ChildSa, IN UINT8 NextPayload, IN BOOLEAN IsTunnel)
EFI_STATUS Ikev2ParserNotifyCookiePayload (IN IKE_PAYLOAD *IkeNCookie, IN OUT IKEV2_SA_SESSION *IkeSaSession)
IKE_PAYLOADIkev2GenerateCertificatePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 *Certificate, IN UINTN CertificateLen, IN UINT8 EncodeType, IN BOOLEAN IsRequest)
EFI_STATUS Ikev2EncodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload)
EFI_STATUS Ikev2DecodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload)
EFI_STATUS Ikev2DecryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN OUT UINTN IkeType)
EFI_STATUS Ikev2EncryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket)
EFI_STATUS Ikev2EncodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType)
EFI_STATUS Ikev2DecodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType)
VOID Ikev2OnPacketAccepted (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKE_PACKET *IkePacket, IN UINT8 IkeType)
EFI_STATUS Ikev2SendIkePacket (IN IKE_UDP_SERVICE *IkeUdpService, IN UINT8 *SessionCommon, IN IKE_PACKET *IkePacket, IN UINTN IkeType)
VOID EFIAPI Ikev2LifetimeNotify (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI Ikev2ResendNotify (IN EFI_EVENT Event, IN VOID *Context)
IKE_PAYLOADIkev2GenerateKePayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload)
EFI_STATUS Ikev2MatchSpdEntry (IN EFI_IPSEC_CONFIG_DATA_TYPE Type, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN UINTN SelectorSize, IN UINTN DataSize, IN VOID *Context)
BOOLEAN Ikev2IsSupportAlg (IN UINT16 AlgorithmId, IN UINT8 Type)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionCreate (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_UDP_SERVICE *UdpService)
BOOLEAN Ikev2SaParseSaPayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type)
BOOLEAN Ikev2ChildSaParseSaPayload (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type)
EFI_STATUS Ikev2SaGenerateKey (IN UINT8 HashAlgId, IN UINT8 *HashKey, IN UINTN HashKeyLength, IN OUT UINT8 *OutputKey, IN UINTN OutputKeyLength, IN PRF_DATA_FRAGMENT *Fragments, IN UINTN NumFragments)
VOID Ikev2ChildSaSessionSpdSelectorCreate (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession)

Variables

IKE_ALG_GUID_INFO mIPsecEncrAlgInfo []

Detailed Description

The interfaces of IKE/Child session operations and payload related operations used by IKE Exchange Process.

Copyright (c) 2010, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM   1

Referenced by Ikev2IsSupportAlg().

#define IKEV2_SUPPORT_DH_ALGORITHM_NUM   2

Referenced by Ikev2IsSupportAlg().

#define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM   2

Referenced by Ikev2IsSupportAlg().

#define IKEV2_SUPPORT_PRF_ALGORITHM_NUM   1

Referenced by Ikev2IsSupportAlg().


Function Documentation

IKE_PAYLOAD* Ikev2CertGenerateAuthPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD IdPayload,
IN UINT8  NextPayload,
IN BOOLEAN  IsVerify,
IN UINT8 *  UefiPrivateKey,
IN UINTN  UefiPrivateKeyLen,
IN UINT8 *  UefiKeyPwd,
IN UINTN  UefiKeyPwdLen 
)

Generate a Authentication Payload for Certificate Auth method.

This function has two functions. One is creating a local Authentication Payload for sending and other is creating the remote Authentication data for verification when the IsVerify is TURE.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it when verify the authenticate payload.
[in] UefiKeyPwd Pointer to the password of UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when verify the authenticate payload.
Returns:
pointer to IKE Authentication payload for certification method.
Generate a Authentication Payload for Certificate Auth method.

This function has two functions. One is creating a local Authentication Payload for sending and other is creating the remote Authentication data for verification when the IsVerify is TURE.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it when verify the authenticate payload.
[in] UefiKeyPwd Pointer to the password of UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when verify the authenticate payload.
Returns:
pointer to IKE Authentication payload for Cerifitcation method.

References IKEV2_AUTH::AuthMethod, PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_RSA, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoAuthDataWithCertificate(), IpSecCryptoIoHash(), IpSecCryptoIoHmac(), IpSecDumpBuf(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthCertParser().

UINT32 Ikev2ChildExchangeRekeySpi ( IN IKE_PACKET IkePacket  ) 

This function finds the SPI from Create Child Sa Exchange Packet.

Parameters:
[in] IkePacket Pointer to IKE_PACKET to be searched.
Return values:
SPI number.
This function finds the SPI from Create Child SA Exchange Packet.

Parameters:
[in] IkePacket Pointer to IKE_PACKET to be searched.
Return values:
SPI number or 0 if it is not supported.

IKEV2_CREATE_CHILD_REQUEST_TYPE Ikev2ChildExchangeRequestType ( IN IKE_PACKET IkePacket  ) 

This function is to parse a request IKE packet and return its request type. The request type is one of IKE CHILD SA creation, IKE SA rekeying and IKE CHILD SA rekeying.

Parameters:
[in] IkePacket IKE packet to be prased.
return the type of the IKE packet.

References IKE_PAYLOAD_BY_PACKET, IkeRequestTypeCreateChildSa, IkeRequestTypeRekeyChildSa, IkeRequestTypeRekeyIkeSa, IKEV2_NOTIFICATION_REKEY_SA, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_TS_INIT, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2HandleChildSa().

VOID Ikev2ChildSaAfterEncodePayload ( IN UINT8 *  SessionCommon,
IN UINT8 *  PayloadBuf,
IN UINTN  PayloadSize,
IN UINT8  PayloadType 
)

Routine Process after the encode payload.

Parameters:
[in] SessionCommon Pointer to ChildSa SessionCommon.
[in] PayloadBuf Pointer to the payload.
[in] PayloadSize Size of PayloadBuf in byte.
[in] PayloadType Type of Payload.
Routine Process after the payload encoding.

Parameters:
[in] SessionCommon Pointer to ChildSa SessionCommon.
[in] PayloadBuf Pointer to the payload.
[in] PayloadSize Size of PayloadBuf in byte.
[in] PayloadType Type of Payload.

Referenced by Ikev2ChildSaSessionAlloc().

EFI_STATUS Ikev2ChildSaAssociateSpdEntry ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Associate a SPD selector to the Child SA Session.

This function is called when the Child SA is not the first child SA of its IKE SA. It associate a SPD to this Child SA.

Parameters:
[in,out] ChildSaSession Pointer to the Child SA Session to be associated to a SPD selector.
Return values:
EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.
EFI_NOT_FOUND Can't find the related SPD selector.

References Ikev2MatchSpdEntry(), and IpSecVisitConfigData().

Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().

VOID Ikev2ChildSaBeforeDecodePayload ( IN UINT8 *  SessionCommon,
IN UINT8 *  PayloadBuf,
IN UINTN  PayloadSize,
IN UINT8  PayloadType 
)

Routine process before the payload decoding.

Parameters:
[in] SessionCommon Pointer to ChildSa SessionCommon.
[in] PayloadBuf Pointer to the payload.
[in] PayloadSize Size of PayloadBuf in byte.
[in] PayloadType Type of Payload.

Referenced by Ikev2ChildSaSessionAlloc().

BOOLEAN Ikev2ChildSaParseSaPayload ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession,
IN IKE_PAYLOAD SaPayload,
IN UINT8  Type 
)

Parse the received Authentication Exchange Packet.

This function parse the SA Payload and Key Payload to find out the cryptographic suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.

Parameters:
[in,out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to this Authentication Exchange.
[in] SaPayload The received packet.
[in] Type The IKE header's flag of received packet .
Return values:
TRUE If the SA proposal in Packet is acceptable.
FALSE If the SA proposal in Packet is not acceptable.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_IPSEC_ESP, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_PROPOSAL_DATA::ProtocolId, and IKEV2_PROPOSAL_DATA::Spi.

Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionAlloc ( IN IKE_UDP_SERVICE UdpService,
IN IKEV2_SA_SESSION IkeSaSession 
)

Allocate Momery for IKEV2 Child SA Session.

Parameters:
[in] UdpService Pointer to IKE_UDP_SERVICE.
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA Session.
Return values:
Pointer of a new created IKEV2 Child SA Session.
Allocate memory for IKEV2 Child SA Session.

Parameters:
[in] UdpService Pointer to IKE_UDP_SERVICE.
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA Session.
Return values:
Pointer of a new created IKEV2 Child SA Session or NULL.

References IKEV2_SESSION_COMMON::AfterEncodePayload, IKEV2_SESSION_COMMON::BeforeDecodePayload, IkeGenerateSpi(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeChildSa, IKEV2_CHILD_SA_SESSION_SIGNATURE, Ikev2ChildSaAfterEncodePayload(), Ikev2ChildSaBeforeDecodePayload(), Ikev2ResendNotify(), IKEV2_SESSION_COMMON::IkeVer, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKEV2_CHILD_SA_SESSION::MessageId, IKEV2_SESSION_COMMON::Private, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Signature, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::UdpService.

Referenced by Ikev2ChildSaSessionCreate(), and Ikev2NegotiateChildSa().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionCreate ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_UDP_SERVICE UdpService 
)

VOID Ikev2ChildSaSessionFree ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

VOID Ikev2ChildSaSessionInsert ( IN LIST_ENTRY *  SaSessionList,
IN IKEV2_CHILD_SA_SESSION ChildSaSession 
)

Insert a Child SA Session into the specified ChildSa list..

Parameters:
[in] SaSessionList Pointer to list to be inserted in.
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.
Insert a Child SA Session into the specified ChildSa list.

Parameters:
[in] SaSessionList Pointer to list to be inserted in.
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.

Referenced by Ikev2ChildSaSessionCreate(), Ikev2ChildSaSessionReg(), and Ikev2NegotiateChildSa().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupByMid ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Mid 
)

Find the ChildSaSession by it's MessagId.

Parameters:
[in] SaSessionList Pointer to a ChildSaSession List.
[in] Mid The messageId used to search ChildSaSession.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION.
Find the ChildSaSession by it's MessagId.

Parameters:
[in] SaSessionList Pointer to a ChildSaSession List.
[in] Mid The messageId used to search ChildSaSession.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, and IKEV2_CHILD_SA_SESSION::MessageId.

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupBySpi ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Spi 
)

This function find the Child SA by the specified Spi.

This functin find a ChildSA session by searching the ChildSaSessionlist of the input IKEV2_SA_SESSION by specified MessageID.

Parameters:
[in] SaSessionList Pointer to List to be searched.
[in] Spi Specified SPI.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION.
This function find the Child SA by the specified SPI.

This functin find a ChildSA session by searching the ChildSaSessionlist of the input IKEV2_SA_SESSION by specified MessageID.

Parameters:
[in] SaSessionList Pointer to List to be searched.
[in] Spi Specified SPI.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2OnPacketSent().

EFI_STATUS Ikev2ChildSaSessionOnDeleting ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Mark a specified Child SA Session as on deleting.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.
Return values:
EFI_SUCCESS Operation is successful.

VOID Ikev2ChildSaSessionReg ( IN IKEV2_CHILD_SA_SESSION ChildSaSession,
IN IPSEC_PRIVATE_DATA Private 
)

Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList. If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one then register the new one.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.
[in] Private Pointer to IPSEC_PRAVATE_DATA.

References CHILD_SA_DEFAULT_LIFETIME, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionInsert(), Ikev2ChildSaSessionRemove(), Ikev2LifetimeNotify(), Ikev2SessionCommonRefresh(), Ikev2StoreSaData(), and IKEV2_SESSION_COMMON::TimeoutEvent.

Referenced by Ikev2HandleSa().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionRemove ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Spi,
IN UINT8  ListType 
)

Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.

Parameters:
[in] SaSessionList The SA Session List to be iterated.
[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.
[in] ListType The type of the List to indicate whether it is a Established.
Returns:
The point to IKEV2_CHILD_SA_SESSION.
Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.

Parameters:
[in] SaSessionList The SA Session List to be iterated.
[in] Spi Spi used to identified the IKEV2_CHILD_SA_SESSION.
[in] ListType The type of the List to indicate whether it is a Established.
Returns:
The point to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_DEL_SA, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DELET_CHILDSA_LIST, IKEV2_ESTABLISHED_CHILDSA_LIST, IKEV2_ESTABLISHING_CHILDSA_LIST, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2ChildSaSessionReg(), Ikev2ChildSaSilentDelete(), Ikev2HandleSa(), Ikev2OnPacketSent(), and Ikev2ResendNotify().

VOID Ikev2ChildSaSessionSpdSelectorCreate ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.

ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime, the SpdSelector in ChildSaSession is more accurated or the scope is smaller than the one in ChildSaSession->Spd, especially for the tunnel mode.

Parameters:
[in,out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.

Referenced by Ikev2AuthCertParser(), Ikev2AuthPskParser(), and Ikev2ChildSaSessionCreate().

EFI_STATUS Ikev2ChildSaSilentDelete ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT32  Spi 
)

Delete the specified established Child SA.

This function delete the Child SA directly and dont send the Information Packet to remote peer.

Parameters:
[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.
[in] Spi SPI used to find the Child SA.
Return values:
EFI_NOT_FOUND Pointer of IKE SA Session is NULL.
EFI_NOT_FOUND There is no specified Child SA related with the input SPI under this IKE SA Session.
EFI_SUCCESS Delete the Child SA successfully.
Delete the specified established Child SA.

This function delete the Child SA directly and don't send the Information Packet to remote peer.

Parameters:
[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.
[in] Spi SPI used to find the Child SA.
Return values:
EFI_NOT_FOUND Pointer of IKE SA Session is NULL.
EFI_NOT_FOUND There is no specified Child SA related with the input SPI under this IKE SA Session.
EFI_SUCCESS Delete the Child SA successfully.

References EfiIpSecConfigGetNextSelector(), EfiIpSecConfigSetData(), IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionRemove(), _IPSEC_PRIVATE_DATA::IpSecConfig, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2InfoParser(), Ikev2OnPacketSent(), Ikev2ResendNotify(), and Ikev2SaSessionFree().

EFI_STATUS Ikev2DecodePacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Decode the IKE packet.

This function first decrypts the IKE packet if needed , then separats the whole IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.

Parameters:
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing some parameter used by IKE packet decoding.
[in,out] IkePacket The IKE Packet to be decoded on input, and the decoded result on return.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS The IKE packet is decoded successfull.
Otherwise The IKE packet decoding is failed.
Decode the IKE packet.

This function first decrypts the IKE packet if needed , then separates the whole IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.

Parameters:
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing some parameter used by IKE packet decoding.
[in,out] IkePacket The IKE Packet to be decoded on input, and the decoded result on return.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supported.
Return values:
EFI_SUCCESS The IKE packet is decoded successfully.
Otherwise The IKE packet decoding is failed.

References ClearAllPayloads(), IKE_PACKET_APPEND_PAYLOAD, IkeHdrNetToHost(), IkePayloadAlloc(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INFO, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_SA_SESSION_FROM_COMMON, Ikev2DecodePayload(), Ikev2DecryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IPSEC_DUMP_BUF, IKE_PAYLOAD::IsPayloadBufExt, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.

Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().

EFI_STATUS Ikev2DecodePayload ( IN UINT8 *  SessionCommon,
IN OUT IKE_PAYLOAD IkePayload 
)

The general interface of decode Payload.

This function convert the received Payload into internal structure.

Parameters:
[in] SessionCommon Pointer to IKE Session Common to use for decoding.
[in,out] IkePayload Pointer to IKE payload to be decode as input, and store the decoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when decode the SA payload.
EFI_SUCCESS Decode successfully.
The general interface for decoding Payload.

This function converts the received Payload into internal structure.

Parameters:
[in] SessionCommon Pointer to IKE Session Common used for decoding.
[in,out] IkePayload Pointer to IKE payload to be decoded as input, and store the decoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when decoding the SA payload.
EFI_SUCCESS Decoded successfully.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2DecodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2DecodePacket().

EFI_STATUS Ikev2DecryptPacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN OUT UINTN  IkeType 
)

Decrypt IKE packet.

This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during decrypting.
[in,out] IkePacket Point to IKE_PACKET to be decrypted as input, and the decrypted reslult as output.
[in,out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_INVALID_PARAMETER If the IKE packet length is zero or the IKE packet length is not Algorithm Block Size alignment.
EFI_SUCCESS Decrypt IKE packet successfully.
Decrypt IKE packet.

This function decrypts the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during decrypting.
[in,out] IkePacket Pointer to IKE_PACKET to be decrypted as input, and the decrypted result as output.
[in,out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_INVALID_PARAMETER If the IKE packet length is zero or the IKE packet length is not aligned with Algorithm Block Size
EFI_SUCCESS Decrypt IKE packet successfully.

References HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, IkeHdrHostToNet(), IKEV2_SA_SESSION::IkeKeys, IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IkeSessionTypeIkeSa, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_PAYLOAD_TYPE_ENCRYPT, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoDecrypt(), IpSecCryptoIoHmac(), IpSecGetEncryptBlockSize(), IpSecGetIcvLength(), IKEV2_SESSION_COMMON::SaParams, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkAiKeySize, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkArKeySize, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkEiKeySize, IKEV2_SESSION_KEYS::SkErKey, and IKEV2_SESSION_KEYS::SkErKeySize.

Referenced by Ikev2DecodePacket().

VOID Ikev2DhBufferFree ( IN IKEV2_DH_BUFFER DhBuffer  ) 

Free the specified DhBuffer.

Parameters:
[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.

Referenced by Ikev2ChildSaSessionFree(), and Ikev2SaSessionFree().

EFI_STATUS Ikev2EncodePacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Encode the IKE packet.

This function put all Payloads into one payload then encrypt it if needed.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during IKE packet encoding.
[in,out] IkePacket Pointer to IKE_PACKET to be encoded as input, and the encoded reslult as output.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS Encode IKE packet successfully.
Otherwise Encode IKE packet failed.
Encode the IKE packet.

This function puts all Payloads into one payload then encrypt it if needed.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during IKE packet encoding.
[in,out] IkePacket Pointer to IKE_PACKET to be encoded as input, and the encoded result as output.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS Encode IKE packet successfully.
Otherwise Encode IKE packet failed.

References IKE_PAYLOAD_BY_PACKET, IkeHdrHostToNet(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_SA_SESSION_FROM_COMMON, Ikev2EncodePayload(), Ikev2EncryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.

Referenced by IkeNetbufFromPacket().

EFI_STATUS Ikev2EncodePayload ( IN UINT8 *  SessionCommon,
IN OUT IKE_PAYLOAD IkePayload 
)

General interface of payload encoding.

This function encode the internal data structure into payload which is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input payload and converted payload. Only the SA payload use the interal structure to store the attribute. Other payload use structure which is same with the RFC defined, for this kind payloads just do host order to network order change of some fields.

Parameters:
[in] SessionCommon Pointer to IKE Session Common used to encode the payload.
[in,out] IkePayload Pointer to IKE payload to be encode as input, and store the encoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when encode the SA payload.
EFI_SUCCESS Encode successfully.
General interface of payload encoding.

This function encodes the internal data structure into payload which is defined in RFC 4306. The IkePayload->PayloadBuf is used to store both the input payload and converted payload. Only the SA payload use the interal structure to store the attribute. Other payload use structure which is same with the RFC defined, for this kind payloads just do host order to network order change of some fields.

Parameters:
[in] SessionCommon Pointer to IKE Session Common used to encode the payload.
[in,out] IkePayload Pointer to IKE payload to be encoded as input, and store the encoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when encoding the SA payload.
EFI_SUCCESS Encoded successfully.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2EncodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2EncodePacket().

EFI_STATUS Ikev2EncryptPacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket 
)

Encrypt IKE packet.

This function encrypt IKE packet before sending it. The Encrypted IKE packet is put in to IKEV2 Encrypted Payload.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.
[in,out] IkePacket Pointer to IKE packet to be encrypted.
Return values:
EFI_SUCCESS Operation is successful.
Others OPeration is failed.
Encrypt IKE packet.

This function encrypt IKE packet before sending it. The Encrypted IKE packet is put in to IKEV2 Encrypted Payload.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.
[in,out] IkePacket Pointer to IKE packet to be encrypted.
Return values:
EFI_SUCCESS Operation is successful.
Others Operation is failed.

References ClearAllPayloads(), HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, IKE_PACKET_APPEND_PAYLOAD, IKE_PAYLOAD_BY_PACKET, IkeGenerateIv(), IkeHdrHostToNet(), IKEV2_SA_SESSION::IkeKeys, IkePayloadAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IkeSessionTypeIkeSa, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_PAYLOAD_TYPE_ENCRYPT, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoEncrypt(), IpSecCryptoIoHmac(), IpSecGetEncryptBlockSize(), IpSecGetIcvLength(), IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SESSION_COMMON::SaParams, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkAiKeySize, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkArKeySize, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkEiKeySize, IKEV2_SESSION_KEYS::SkErKey, and IKEV2_SESSION_KEYS::SkErKeySize.

Referenced by Ikev2EncodePacket().

IKE_PAYLOAD* Ikev2GenerateCertIdPayload ( IN IKEV2_SESSION_COMMON CommonSession,
IN UINT8  NextPayload,
IN UINT8 *  InCert,
IN UINTN  CertSize 
)

Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] InCert Pointer to the Certificate which distinguished name will be added into the Id payload.
[in] CertSize Size of the Certificate.
Return values:
Pointer to ID IKE payload.
Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] InCert Pointer to the Certificate which distinguished name will be added into the Id payload.
[in] CertSize Size of the Certificate.
Return values:
Pointer to ID IKE payload.

References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IpSecCryptoIoGetSubjectFromCert(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator().

IKE_PAYLOAD* Ikev2GenerateCertificatePayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8 *  Certificate,
IN UINTN  CertificateLen,
IN UINT8  EncodeType,
IN BOOLEAN  IsRequest 
)

Generate the Certificate payload or Certificate Request Payload.

Since the Certificate Payload structure is same with Certificate Request Payload, the only difference is that one contains the Certificate Data, other contains the acceptable certificateion CA. This function generate Certificate payload or Certificate Request Payload defined in RFC 4306, but all the fields in the payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] Certificate Pointer of buffer contains the certification data.
[in] CertificateLen The length of Certificate in byte.
[in] EncodeType Specified the Certificate Encodeing which is defined in RFC 4306.
[in] IsRequest To indicate create Certificate Payload or Certificate Request Payload. If it is TURE, create Certificate Request Payload. Otherwise, create Certificate Payload.
Return values:
a Pointer to IKE Payload whose payload buffer containing the Certificate payload or Certificated Request payload.
Generate the Certificate payload or Certificate Request Payload.

Since the Certificate Payload structure is same with Certificate Request Payload, the only difference is that one contains the Certificate Data, other contains the acceptable certificateion CA. This function generate Certificate payload or Certificate Request Payload defined in RFC 4306, but all the fields in the payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] Certificate Pointer of buffer contains the certification data.
[in] CertificateLen The length of Certificate in byte.
[in] EncodeType Specified the Certificate Encodeing which is defined in RFC 4306.
[in] IsRequest To indicate create Certificate Payload or Certificate Request Payload. If it is TURE, create Certificate Payload. Otherwise, create Certificate Request Payload.
Return values:
a Pointer to IKE Payload whose payload buffer containing the Certificate payload or Certificated Request payload.

References IKEV2_CERT::CertEncoding, HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_CERT::Header, IKE_AALG_SHA1HMAC, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IpSecCryptoIoGetPublicKeyFromCert(), IpSecCryptoIoHash(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2InitCertGenerator().

IKE_PAYLOAD* Ikev2GenerateCpPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8  CfgType 
)

Generate the Configuration payload.

This function generates a configuration payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] CfgType The attribute type in the Configuration attribute.
Return values:
Pointer to IKE CP Payload.
Generate the Configuration payload.

This function generate configuration payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] CfgType The attribute type in the Configuration attribute.
Return values:
Pointer to IKE CP Payload.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_CFG::CfgType, IKEV2_CFG::Header, IkePayloadAlloc(), IKEV2_CFG_TYPE_REQUEST, IKEV2_PAYLOAD_TYPE_CP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().

IKE_PAYLOAD* Ikev2GenerateDeletePayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8  SpiSize,
IN UINT16  SpiNum,
IN UINT8 *  SpiBuf 
)

Generate the Delete payload.

Since the structure of Delete payload which defined in RFC 4306 is simple, there is no internal data structure for Delete payload. This function generate Delete payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.
[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
Return values:
Pointer to IKE Delete Payload.
Generate the Delete payload.

Since the structure of Delete payload which defined in RFC 4306 is simple, there is no internal data structure for Delete payload. This function generate Delete payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.
[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
Return values:
a Pointer of IKE Delete Payload.

References IKEV2_DELETE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_DELETE, IPSEC_PROTO_IPSEC_ESP, IPSEC_PROTO_ISAKMP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKEV2_DELETE::NumSpis, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_DELETE::ProtocolId, and IKEV2_DELETE::SpiSize.

Referenced by Ikev2InfoGenerator().

IKE_PAYLOAD* Ikev2GenerateIdPayload ( IN IKEV2_SESSION_COMMON CommonSession,
IN UINT8  NextPayload 
)

Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
Return values:
Pointer to ID IKE payload.
Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
Return values:
Pointer to ID IKE payload.

References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_ID_TYPE_IPV4_ADDR, IKEV2_ID_TYPE_IPV6_ADDR, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthPskGenerator().

IKE_PAYLOAD* Ikev2GenerateKePayload ( IN OUT IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload 
)

Generate a Key Exchange payload according to the DH group type and save the public Key into IkeSaSession IkeKey field.

Parameters:
[in,out] IkeSaSession Pointer of the IKE_SA_SESSION.
[in] NextPayload The payload type presented in the NextPayload field of Key Exchange Payload header.
Return values:
Pointer to Key IKE payload.
Generate a Key Exchange payload according to the DH group type and save the public Key into IkeSaSession IkeKey field.

Parameters:
[in,out] IkeSaSession Pointer of the IKE_SA_SESSION.
[in] NextPayload The payload type presented in the NextPayload field of Key Exchange Payload header.
Return values:
Pointer to Key IKE payload.

References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_KEY_EXCHANGE::DhGroup, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxSize, IKEV2_KEY_EXCHANGE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_KE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateNoncePayload ( IN UINT8 *  NonceBuf,
IN UINTN  NonceSize,
IN UINT8  NextPayload 
)

Generate a Nonce payload contenting the input parameter NonceBuf.

Parameters:
[in] NonceBuf The nonce buffer content the whole Nonce payload block except the payload header.
[in] NonceSize The buffer size of the NonceBuf
[in] NextPayload The payload type presented in the NextPayload field of Nonce Payload header.
Return values:
Pointer to Nonce IKE paload.
Generate a Nonce payload containing the input parameter NonceBuf.

Parameters:
[in] NonceBuf The nonce buffer contains the whole Nonce payload block except the payload header.
[in] NonceSize The buffer size of the NonceBuf
[in] NextPayload The payload type presented in the NextPayload field of Nonce Payload header.
Return values:
Pointer to Nonce IKE paload.

References IKEV2_NONCE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NONCE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateNotifyPayload ( IN UINT8  ProtocolId,
IN UINT8  NextPayload,
IN UINT8  SpiSize,
IN UINT16  MessageType,
IN UINT8 *  SpiBuf,
IN UINT8 *  NotifyData,
IN UINTN  NotifyDataSize 
)

Generate the Notify payload.

Since the structure of Notify payload which defined in RFC 4306 is simple, so there is no internal data structure for Notify payload. This function generate Notify payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1). For IPsec SAs it MUST be neither (2) for AH or (3) for ESP.
[in] NextPayload The next paylaod type in NextPayload field of the Notify payload.
[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.
[in] MessageType The message type in NotifyMessageType field of the Notify Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
[in] NotifyData Pointer to buffer contains the notification data.
[in] NotifyDataSize The size of NotifyData in bytes.
Return values:
Pointer to IKE Notify Payload.
Generate the Notify payload.

Since the structure of Notify payload which defined in RFC 4306 is simple, so there is no internal data structure for Notify payload. This function generate Notify payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1). For IPsec SAs it MUST be neither (2) for AH or (3) for ESP.
[in] NextPayload The next paylaod type in NextPayload field of the Notify payload.
[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.
[in] MessageType The message type in NotifyMessageType field of the Notify Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
[in] NotifyData Pointer to buffer contains the notification data.
[in] NotifyDataSize The size of NotifyData in bytes.
Return values:
Pointer to IKE Notify Payload.

References IKEV2_NOTIFY::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.

Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), Ikev2CreateChildGenerator(), and Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateSaPayload ( IN IKEV2_SA_DATA SessionSaData,
IN UINT8  NextPayload,
IN IKE_SESSION_TYPE  Type 
)

Generate Ikev2 SA payload according to SessionSaData

Parameters:
[in] SessionSaData The data used in SA payload.
[in] NextPayload The payload type presented in NextPayload field of SA Payload header.
[in] Type The SA type. It MUST be neither (1) for IKE_SA or (2) for CHILD_SA or (3) for INFO.
Return values:
a Pointer to SA IKE payload.
Generate Ikev2 SA payload according to SessionSaData

Parameters:
[in] SessionSaData The data used in SA payload.
[in] NextPayload The payload type presented in NextPayload field of SA Payload header.
[in] Type The SA type. It MUST be neither (1) for IKE_SA or (2) for CHILD_SA or (3) for INFO.
Return values:
a Pointer to SA IKE payload.

References IKEV2_SA::Header, IkePayloadAlloc(), IkeSessionTypeIkeSa, IKEV2_PAYLOAD_TYPE_SA, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadType, and IKEV2_SA_DATA::SaHeader.

Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), and Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateTsPayload ( IN IKEV2_CHILD_SA_SESSION ChildSa,
IN UINT8  NextPayload,
IN BOOLEAN  IsTunnel 
)

Generate TS payload.

This function generates TSi or TSr payload according to type of next payload. If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate TSr payload

Parameters:
[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] IsTunnel It indicates that if the Ts Payload is after the CP payload. If yes, it means the Tsi and Tsr payload should be with Max port range and address range and protocol is marked as zero.
Return values:
Pointer to Ts IKE payload.
Generate TS payload.

This function generates TSi or TSr payload according to type of next payload. If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate TSr payload.

Parameters:
[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] IsTunnel It indicates that if the Ts Payload is after the CP payload. If yes, it means the Tsi and Tsr payload should be with Max port range and address range and protocol is marked as zero.
Return values:
Pointer to Ts IKE payload.

References TRAFFIC_SELECTOR::EndPort, IKEV2_TS::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, IKEV2_TS_ANY_PORT, IKEV2_TS_ANY_PROTOCOL, IKEV2_TS_TYPE_IPV4_ADDR_RANGE, IKEV2_TS_TYPS_IPV6_ADDR_RANGE, TRAFFIC_SELECTOR::IpProtocolId, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and TRAFFIC_SELECTOR::TSType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().

IKEV2_SA_DATA* Ikev2InitializeSaData ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

BOOLEAN Ikev2IsSupportAlg ( IN UINT16  AlgorithmId,
IN UINT8  Type 
)

Check if the Algorithm ID is supported.

Parameters:
[in] AlgorithmId The specified Algorithm ID.
[in] Type The type used to indicate the Algorithm is for Encrypt or Authentication.
Return values:
TRUE If the Algorithm ID is supported.
FALSE If the Algorithm ID is not supported.

References IKE_AUTH_TYPE, IKE_DH_TYPE, IKE_ENCRYPT_TYPE, IKE_PRF_TYPE, IKEV2_SUPPORT_AUTH_ALGORITHM_NUM, IKEV2_SUPPORT_DH_ALGORITHM_NUM, IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM, IKEV2_SUPPORT_PRF_ALGORITHM_NUM, mIkev2AuthAlgorithmList, mIkev2DhGroupAlgorithmList, mIkev2EncryptAlgorithmList, and mIkev2PrfAlgorithmList.

Referenced by Ikev2ParseProposalData().

VOID EFIAPI Ikev2LifetimeNotify ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Callback function for the IKE life time is over.

This function will mark the related IKE SA Session as deleting and trigger a Information negotiation.

Parameters:
[in] Event The time out event.
[in] Context Pointer to data passed by caller.
Call back function of the IKE life time is over.

This function will mark the related IKE SA Session as deleting and trigger a Information negotiation.

Parameters:
[in] Event The signaled Event.
[in] Context Pointer to data passed by caller.

References IKEV2_CHILD_SA_SESSION::ByDelete, IKEV2_SA_SESSION::DeleteSaList, IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeIkeSa, IkeStateSaDeleting, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_DUMP_STATE, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_SESSION::InitiatorCookie, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, mIkev2Exchange, _IKE_EXCHANGE_INTERFACE::NegotiateInfo, IKEV2_SA_SESSION::ResponderCookie, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.

Referenced by Ikev2ChildSaSessionReg(), and Ikev2SaSessionReg().

EFI_STATUS Ikev2MatchSpdEntry ( IN EFI_IPSEC_CONFIG_DATA_TYPE  Type,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN UINTN  SelectorSize,
IN UINTN  DataSize,
IN VOID *  Context 
)

Check if the SPD is related to the input Child SA Session.

This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call back function of IpSecVisitConfigData().

Parameters:
[in] Type Type of the input Config Selector.
[in] Selector Pointer to the Configure Selector to be checked.
[in] Data Pointer to the Configure Selector's Data passed from the caller.
[in] SelectorSize The buffer size of Selector.
[in] DataSize The buffer size of the Data.
[in] Context The data passed from the caller. It is a Child SA Session in this context.
Return values:
EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
EFI_ABORTED The SPD Selector is related to the Child SA session and set the ChildSaSession->Spd to point to this SPD Selector.

References EFI_IPSEC_ANY_PORT, EFI_IPSEC_ANY_PROTOCOL, IKE_DEFAULT_PORT, IkeSearchSpdEntry(), IpSecMatchIpAddress(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPort, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, and IKEV2_SESSION_COMMON::UdpService.

Referenced by Ikev2ChildSaAssociateSpdEntry().

VOID Ikev2OnPacketAccepted ( IN IKEV2_SESSION_COMMON SessionCommon,
IN IKE_PACKET IkePacket,
IN UINT8  IkeType 
)

Save some useful payloads after accepting the Packet.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.
[in] IkePacket Pointer to received IkePacet.
[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info exchange.

EFI_STATUS Ikev2ParserNotifyCookiePayload ( IN IKE_PAYLOAD IkeNCookie,
IN OUT IKEV2_SA_SESSION IkeSaSession 
)

Parser the Notify Cookie payload.

This function parses the Notify Cookie payload.If the Notify ProtocolId is not IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not the COOKIE, return EFI_INVALID_PARAMETER.

Parameters:
[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the Notify Cookie payload. the Notify payload.
[in,out] IkeSaSession Pointer to the relevant IKE SA Session.
Return values:
EFI_SUCCESS The Notify Cookie Payload is valid.
EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.
EFI_OUT_OF_RESOURCE The required resource can't be allocated.
Parser the Notify Cookie payload.

This function parses the Notify Cookie payload.If the Notify ProtocolId is not IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not the COOKIE, return EFI_INVALID_PARAMETER.

Parameters:
[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the Notify Cookie payload. the Notify payload.
[in,out] IkeSaSession Pointer to the relevant IKE SA Session.
Return values:
EFI_SUCCESS The Notify Cookie Payload is valid.
EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.
EFI_OUT_OF_RESOURCE The required resource can't be allocated.

References IKEV2_NOTIFY::Header, IKEV2_NOTIFICATION_COOKIE, IPSEC_PROTO_ISAKMP, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.

Referenced by Ikev2InitPskParser().

IKE_PAYLOAD* Ikev2PskGenerateAuthPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD IdPayload,
IN UINT8  NextPayload,
IN BOOLEAN  IsVerify 
)

Generate a Authentication Payload.

This function is used for both Authentication generation and verification. When the IsVerify is TRUE, it create a Auth Data for verification. This function choose the related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type and the value of IsVerify parameter.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
Returns:
pointer to IKE Authentication payload for pre-shard key method.
Generate a Authentication Payload.

This function is used for both Authentication generation and verification. When the IsVerify is TRUE, it create a Auth Data for verification. This function choose the related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type and the value of IsVerify parameter.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
Returns:
pointer to IKE Authentication payload for Pre-shared key method.

References IKEV2_AUTH::AuthMethod, CONSTANT_KEY_SIZE, HASH_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_SKMI, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoHmac(), IpSecGetHmacDigestLength(), mConstantKey, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthPskGenerator(), and Ikev2AuthPskParser().

VOID EFIAPI Ikev2ResendNotify ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

EFI_STATUS Ikev2SaGenerateKey ( IN UINT8  HashAlgId,
IN UINT8 *  HashKey,
IN UINTN  HashKeyLength,
IN OUT UINT8 *  OutputKey,
IN UINTN  OutputKeyLength,
IN PRF_DATA_FRAGMENT Fragments,
IN UINTN  NumFragments 
)

Generate Key buffer from fragments.

If the digest length of specified HashAlgId is larger than or equal with the required output key length, derive the key directly. Otherwise, Key Material needs to be PRF-based concatenation according to 2.13 of RFC 4306: prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01), T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04) then derive the key from this key material.

Parameters:
[in] HashAlgId The Hash Algorithm ID used to generate key.
[in] HashKey Pointer to a key buffer which contains hash key.
[in] HashKeyLength The length of HashKey in bytes.
[in,out] OutputKey Pointer to buffer which is used to receive the output key.
[in] OutputKeyLength The length of OutPutKey buffer.
[in] Fragments Pointer to the data to be used to generate key.
[in] NumFragments The numbers of the Fragement.
Return values:
EFI_SUCCESS The operation complete successfully.
EFI_INVALID_PARAMETER If NumFragments is zero.
EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
Others The operation is failed.

References PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IpSecCryptoIoHmac(), and IpSecGetHmacDigestLength().

Referenced by Ikev2GenerateChildSaKeys(), and Ikev2GenerateSaKeys().

BOOLEAN Ikev2SaParseSaPayload ( IN OUT IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD SaPayload,
IN UINT8  Type 
)

Parse the received Initial Exchange Packet.

This function parse the SA Payload and Key Payload to find out the cryptographic suite for the further IKE negotiation and fill it into the IKE SA Session's CommonSession->SaParams.

Parameters:
[in,out] IkeSaSession Pointer to related IKEV2_SA_SESSION.
[in] SaPayload The received packet.
[in] Type The received packet IKE header flag.
Return values:
TRUE If the SA proposal in Packet is acceptable.
FALSE If the SA proposal in Packet is not acceptable.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_ISAKMP, IKEV2_PROPOSAL_DATA::NumTransforms, and IKEV2_PROPOSAL_DATA::ProtocolId.

Referenced by Ikev2InitPskParser().

IKEV2_SA_SESSION* Ikev2SaSessionAlloc ( IN IPSEC_PRIVATE_DATA Private,
IN IKE_UDP_SERVICE UdpService 
)

VOID Ikev2SaSessionCommonFree ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

Free specified Seession Common. The session common would belong to a IKE SA or a Child SA.

Parameters:
[in] SessionCommon Pointer to a Session Common.

References IkePacketFree().

Referenced by Ikev2ChildSaSessionFree(), and Ikev2SaSessionFree().

VOID Ikev2SaSessionFree ( IN IKEV2_SA_SESSION IkeSaSession  ) 

VOID Ikev2SaSessionIncreaseMessageId ( IN IKEV2_SA_SESSION IkeSaSession  ) 

Increase the MessageID in IkeSaSession.

Parameters:
[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.

Referenced by Ikev2InfoGenerator().

VOID Ikev2SaSessionInsert ( IN LIST_ENTRY *  SaSessionList,
IN IKEV2_SA_SESSION IkeSaSession,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.

Parameters:
[in] SaSessionList Pointer to list to be inserted into.
[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the unique IKEV2_SA_SESSION.

References Ikev2SaSessionRemove().

Referenced by Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2SaSessionReg().

IKEV2_SA_SESSION* Ikev2SaSessionLookup ( IN LIST_ENTRY *  SaSessionList,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Find a IKEV2_SA_SESSION by the remote peer IP.

Parameters:
[in] SaSessionList SaSession List to be searched.
[in] RemotePeerIp Pointer to specified IP address.
Returns:
Pointer to IKEV2_SA_SESSION if find one or NULL.

References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.

Referenced by IkeNegotiate(), Ikev2HandleChildSa(), Ikev2HandleInfo(), Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2OnPacketSent().

EFI_STATUS Ikev2SaSessionOnDeleting ( IN IKEV2_SA_SESSION IkeSaSession  ) 

Marking a SA session as on deleting.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION.
Return values:
EFI_SUCCESS Find the related SA session and marked it.

VOID Ikev2SaSessionReg ( IN IKEV2_SA_SESSION IkeSaSession,
IN IPSEC_PRIVATE_DATA Private 
)

Register Establish IKEv2 SA into Private->Ikev2EstablishedList.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.
[in] Private Pointer to IPSEC_PRAVATE_DATA.
Register the established IKEv2 SA into Private->Ikev2EstablishedList. If there is IKEV2_SA_SESSION with same remote peer IP, remove the old one then register the new one.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.
[in] Private Pointer to IPSEC_PRAVATE_DATA.

References IKE_SA_DEFAULT_LIFETIME, Ikev2LifetimeNotify(), Ikev2SaSessionFree(), Ikev2SaSessionInsert(), Ikev2SaSessionRemove(), Ikev2SessionCommonRefresh(), IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SESSION_COMMON::TimeoutEvent.

Referenced by Ikev2HandleSa().

IKEV2_SA_SESSION* Ikev2SaSessionRemove ( IN LIST_ENTRY *  SaSessionList,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Remove the SA Session by Remote Peer IP.

Parameters:
[in] SaSessionList Pointer to list to be searched.
[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
Return values:
Pointer to IKEV2_SA_SESSION with the specified remote IP address.
Remove the SA Session by Remote Peer IP.

Parameters:
[in] SaSessionList Pointer to list to be searched.
[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
Return values:
Pointer to IKEV2_SA_SESSION with the specified remote IP address or NULL.

References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.

Referenced by Ikev2HandleSa(), Ikev2ResendNotify(), Ikev2SaSessionInsert(), and Ikev2SaSessionReg().

EFI_STATUS Ikev2SendIkePacket ( IN IKE_UDP_SERVICE IkeUdpService,
IN UINT8 *  SessionCommon,
IN IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Send out IKEV2 packet.

Parameters:
[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.
[in] IkePacket Pointer to IKE_PACKET to be sent out.
[in] IkeType The type of IKE to point what's kind of the IKE packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS The operation complete successfully.
Otherwise The operation is failed.
Send out IKEV2 packet.

Parameters:
[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.
[in] IkePacket Pointer to IKE_PACKET to be sent out.
[in] IkeType The type of IKE to point what's kind of the IKE packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS The operation complete successfully.
Otherwise The operation is failed.

References IKE_DEFAULT_PORT, IKE_DEFAULT_TIMEOUT_INTERVAL, IKE_HEADER_FLAGS_INIT, IKE_PACKET_REF, IkeNetbufFromPacket(), IkePacketFree(), Ikev2OnPacketSent(), IPSEC_DUMP_PACKET, IKEV2_SESSION_COMMON::LastSentPacket, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::TimeoutInterval.

Referenced by Ikev2HandleChildSa(), Ikev2HandleSa(), Ikev2InfoParser(), Ikev2NegotiateChildSa(), Ikev2NegotiateInfo(), Ikev2NegotiateSa(), and Ikev2ResendNotify().

VOID Ikev2SessionCommonRefresh ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

After IKE/Child SA is estiblished, close the time event and free sent packet.

Parameters:
[in] SessionCommon Pointer to a Session Common.

References IkePacketFree().

Referenced by Ikev2ChildSaSessionReg(), and Ikev2SaSessionReg().

VOID Ikev2StoreSaData ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Store the SA into SAD.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.

References EfiIpSecConfigSetData(), _IPSEC_PRIVATE_DATA::IpSecConfig, and IKEV2_SESSION_COMMON::Private.

Referenced by Ikev2ChildSaSessionReg().

BOOLEAN Ikev2ValidateHeader ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_HEADER IkeHdr 
)

Validate the IKE header of received IKE packet.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this IKE packet.
[in] IkeHdr Pointer to IKE header of received IKE packet.
Return values:
TRUE If the IKE header is valid.
FALSE If the IKE header is invalid.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IkeStateAuth, IkeStateInit, IKEV2_EXCHANGE_TYPE_CREATE_CHILD, and IKEV2_EXCHANGE_TYPE_INFO.

Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().


Variable Documentation


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1