Functions | |
IKEV2_SA_SESSION * | Ikev2SaSessionAlloc (IN IPSEC_PRIVATE_DATA *Private, IN IKE_UDP_SERVICE *UdpService) |
VOID | Ikev2SaSessionReg (IN IKEV2_SA_SESSION *IkeSaSession, IN IPSEC_PRIVATE_DATA *Private) |
IKEV2_SA_SESSION * | Ikev2SaSessionLookup (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp) |
VOID | Ikev2SaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_SA_SESSION *IkeSaSession, IN EFI_IP_ADDRESS *RemotePeerIp) |
IKEV2_SA_SESSION * | Ikev2SaSessionRemove (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp) |
EFI_STATUS | Ikev2SaSessionOnDeleting (IN IKEV2_SA_SESSION *IkeSaSession) |
VOID | Ikev2SaSessionCommonFree (IN IKEV2_SESSION_COMMON *SessionCommon) |
VOID | Ikev2SessionCommonRefresh (IN IKEV2_SESSION_COMMON *SessionCommon) |
VOID | Ikev2SaSessionFree (IN IKEV2_SA_SESSION *IkeSaSession) |
VOID | Ikev2SaSessionIncreaseMessageId (IN IKEV2_SA_SESSION *IkeSaSession) |
IKEV2_CHILD_SA_SESSION * | Ikev2ChildSaSessionAlloc (IN IKE_UDP_SERVICE *UdpService, IN IKEV2_SA_SESSION *IkeSaSession) |
VOID | Ikev2ChildSaSessionReg (IN IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IPSEC_PRIVATE_DATA *Private) |
IKEV2_CHILD_SA_SESSION * | Ikev2ChildSaSessionLookupByMid (IN LIST_ENTRY *SaSessionList, IN UINT32 Mid) |
IKEV2_CHILD_SA_SESSION * | Ikev2ChildSaSessionLookupBySpi (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi) |
VOID | Ikev2ChildSaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_CHILD_SA_SESSION *ChildSaSession) |
IKEV2_CHILD_SA_SESSION * | Ikev2ChildSaSessionRemove (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi, IN UINT8 ListType) |
EFI_STATUS | Ikev2ChildSaSessionOnDeleting (IN IKEV2_CHILD_SA_SESSION *ChildSaSession) |
VOID | Ikev2ChildSaSessionFree (IN IKEV2_CHILD_SA_SESSION *ChildSaSession) |
EFI_STATUS | Ikev2ChildSaSilentDelete (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT32 Spi) |
VOID | Ikev2DhBufferFree (IKEV2_DH_BUFFER *DhBuffer) |
IKEV2_CREATE_CHILD_REQUEST_TYPE | Ikev2ChildExchangeRequestType (IN IKE_PACKET *IkePacket) |
EFI_STATUS | Ikev2ChildSaAssociateSpdEntry (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession) |
UINT32 | Ikev2ChildExchangeRekeySpi (IN IKE_PACKET *IkePacket) |
BOOLEAN | Ikev2ValidateHeader (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_HEADER *IkeHdr) |
IKEV2_SA_DATA * | Ikev2InitializeSaData (IN IKEV2_SESSION_COMMON *SessionCommon) |
VOID | Ikev2StoreSaData (IN IKEV2_CHILD_SA_SESSION *ChildSaSession) |
VOID EFIAPI | Ikev2LifetimeNotify (IN EFI_EVENT Event, IN VOID *Context) |
VOID EFIAPI | Ikev2ResendNotify (IN EFI_EVENT Event, IN VOID *Context) |
VOID | Ikev2ChildSaSessionSpdSelectorCreate (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession) |
IKEV2_CHILD_SA_SESSION * | Ikev2ChildSaSessionCreate (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_UDP_SERVICE *UdpService) |
EFI_STATUS | Ikev2MatchSpdEntry (IN EFI_IPSEC_CONFIG_DATA_TYPE Type, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN UINTN SelectorSize, IN UINTN DataSize, IN VOID *Context) |
BOOLEAN | Ikev2IsSupportAlg (IN UINT16 AlgorithmId, IN UINT8 Type) |
VOID | Ikev2ParseProposalData (IN IKEV2_PROPOSAL_DATA *ProposalData, OUT UINT16 *PreferEncryptAlgorithm, OUT UINT16 *PreferIntegrityAlgorithm, OUT UINT16 *PreferPrfAlgorithm, OUT UINT16 *PreferDhGroup, OUT UINTN *PreferEncryptKeylength, OUT BOOLEAN *IsSupportEsn, IN BOOLEAN IsChildSa) |
BOOLEAN | Ikev2SaParseSaPayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type) |
BOOLEAN | Ikev2ChildSaParseSaPayload (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type) |
EFI_STATUS | Ikev2SaGenerateKey (IN UINT8 HashAlgId, IN UINT8 *HashKey, IN UINTN HashKeyLength, IN OUT UINT8 *OutputKey, IN UINTN OutputKeyLength, IN PRF_DATA_FRAGMENT *Fragments, IN UINTN NumFragments) |
Variables | |
UINT16 | mIkev2EncryptAlgorithmList [IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM] |
UINT16 | mIkev2PrfAlgorithmList [IKEV2_SUPPORT_PRF_ALGORITHM_NUM] |
UINT16 | mIkev2DhGroupAlgorithmList [IKEV2_SUPPORT_DH_ALGORITHM_NUM] |
UINT16 | mIkev2AuthAlgorithmList [IKEV2_SUPPORT_AUTH_ALGORITHM_NUM] |
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
UINT32 Ikev2ChildExchangeRekeySpi | ( | IN IKE_PACKET * | IkePacket | ) |
This function finds the SPI from Create Child SA Exchange Packet.
[in] | IkePacket | Pointer to IKE_PACKET to be searched. |
SPI | number or 0 if it is not supported. |
IKEV2_CREATE_CHILD_REQUEST_TYPE Ikev2ChildExchangeRequestType | ( | IN IKE_PACKET * | IkePacket | ) |
This function is to parse a request IKE packet and return its request type. The request type is one of IKE CHILD SA creation, IKE SA rekeying and IKE CHILD SA rekeying.
[in] | IkePacket | IKE packet to be prased. |
References IKE_PAYLOAD_BY_PACKET, IkeRequestTypeCreateChildSa, IkeRequestTypeRekeyChildSa, IkeRequestTypeRekeyIkeSa, IKEV2_NOTIFICATION_REKEY_SA, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_TS_INIT, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2HandleChildSa().
EFI_STATUS Ikev2ChildSaAssociateSpdEntry | ( | IN OUT IKEV2_CHILD_SA_SESSION * | ChildSaSession | ) |
Associate a SPD selector to the Child SA Session.
This function is called when the Child SA is not the first child SA of its IKE SA. It associate a SPD to this Child SA.
[in,out] | ChildSaSession | Pointer to the Child SA Session to be associated to a SPD selector. |
EFI_SUCCESS | Associate one SPD selector to this Child SA Session successfully. | |
EFI_NOT_FOUND | Can't find the related SPD selector. |
References Ikev2MatchSpdEntry(), and IpSecVisitConfigData().
Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().
BOOLEAN Ikev2ChildSaParseSaPayload | ( | IN OUT IKEV2_CHILD_SA_SESSION * | ChildSaSession, | |
IN IKE_PAYLOAD * | SaPayload, | |||
IN UINT8 | Type | |||
) |
Parse the received Authentication Exchange Packet.
This function parse the SA Payload and Key Payload to find out the cryptographic suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.
[in,out] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION related to this Authentication Exchange. |
[in] | SaPayload | The received packet. |
[in] | Type | The IKE header's flag of received packet . |
TRUE | If the SA proposal in Packet is acceptable. | |
FALSE | If the SA proposal in Packet is not acceptable. |
References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_IPSEC_ESP, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_PROPOSAL_DATA::ProtocolId, and IKEV2_PROPOSAL_DATA::Spi.
Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().
IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionAlloc | ( | IN IKE_UDP_SERVICE * | UdpService, | |
IN IKEV2_SA_SESSION * | IkeSaSession | |||
) |
Allocate memory for IKEV2 Child SA Session.
[in] | UdpService | Pointer to IKE_UDP_SERVICE. |
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION related to this Child SA Session. |
Pointer | of a new created IKEV2 Child SA Session or NULL. |
References IKEV2_SESSION_COMMON::AfterEncodePayload, IKEV2_SESSION_COMMON::BeforeDecodePayload, IkeGenerateSpi(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeChildSa, IKEV2_CHILD_SA_SESSION_SIGNATURE, Ikev2ChildSaAfterEncodePayload(), Ikev2ChildSaBeforeDecodePayload(), Ikev2ResendNotify(), IKEV2_SESSION_COMMON::IkeVer, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKEV2_CHILD_SA_SESSION::MessageId, IKEV2_SESSION_COMMON::Private, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Signature, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::UdpService.
Referenced by Ikev2ChildSaSessionCreate(), and Ikev2NegotiateChildSa().
IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionCreate | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_UDP_SERVICE * | UdpService | |||
) |
Generate a ChildSa Session and insert it into related IkeSaSession.
[in] | IkeSaSession | Pointer to related IKEV2_SA_SESSION. |
[in] | UdpService | Pointer to related IKE_UDP_SERVICE. |
References IkeStateAuth, IkeStateCreateChild, IKEV2_DUMP_STATE, Ikev2ChildSaSessionAlloc(), Ikev2ChildSaSessionInsert(), Ikev2ChildSaSessionSpdSelectorCreate(), IKEV2_SESSION_COMMON::IsInitiator, IKEV2_CHILD_SA_SESSION::LocalPort, IKEV2_CHILD_SA_SESSION::NiBlkSize, IKEV2_CHILD_SA_SESSION::NiBlock, IKEV2_CHILD_SA_SESSION::NrBlkSize, IKEV2_CHILD_SA_SESSION::NrBlock, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, and IKEV2_SESSION_COMMON::State.
Referenced by Ikev2HandleSa().
VOID Ikev2ChildSaSessionFree | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSaSession | ) |
Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
[in] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION. |
References Ikev2DhBufferFree(), and Ikev2SaSessionCommonFree().
Referenced by Ikev2ChildSaSessionReg(), Ikev2ChildSaSilentDelete(), Ikev2HandleSa(), Ikev2NegotiateChildSa(), Ikev2ResendNotify(), and Ikev2SaSessionFree().
VOID Ikev2ChildSaSessionInsert | ( | IN LIST_ENTRY * | SaSessionList, | |
IN IKEV2_CHILD_SA_SESSION * | ChildSaSession | |||
) |
Insert a Child SA Session into the specified ChildSa list.
[in] | SaSessionList | Pointer to list to be inserted in. |
[in] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION to be inserted. |
Referenced by Ikev2ChildSaSessionCreate(), Ikev2ChildSaSessionReg(), and Ikev2NegotiateChildSa().
IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupByMid | ( | IN LIST_ENTRY * | SaSessionList, | |
IN UINT32 | Mid | |||
) |
Find the ChildSaSession by it's MessagId.
[in] | SaSessionList | Pointer to a ChildSaSession List. |
[in] | Mid | The messageId used to search ChildSaSession. |
References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, and IKEV2_CHILD_SA_SESSION::MessageId.
IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupBySpi | ( | IN LIST_ENTRY * | SaSessionList, | |
IN UINT32 | Spi | |||
) |
This function find the Child SA by the specified SPI.
This functin find a ChildSA session by searching the ChildSaSessionlist of the input IKEV2_SA_SESSION by specified MessageID.
[in] | SaSessionList | Pointer to List to be searched. |
[in] | Spi | Specified SPI. |
References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.
Referenced by Ikev2OnPacketSent().
EFI_STATUS Ikev2ChildSaSessionOnDeleting | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSaSession | ) |
Mark a specified Child SA Session as on deleting.
[in] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION. |
EFI_SUCCESS | Operation is successful. |
VOID Ikev2ChildSaSessionReg | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSaSession, | |
IN IPSEC_PRIVATE_DATA * | Private | |||
) |
Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList. If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one then register the new one.
[in] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION to be registered. |
[in] | Private | Pointer to IPSEC_PRAVATE_DATA. |
References CHILD_SA_DEFAULT_LIFETIME, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionInsert(), Ikev2ChildSaSessionRemove(), Ikev2LifetimeNotify(), Ikev2SessionCommonRefresh(), Ikev2StoreSaData(), and IKEV2_SESSION_COMMON::TimeoutEvent.
Referenced by Ikev2HandleSa().
IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionRemove | ( | IN LIST_ENTRY * | SaSessionList, | |
IN UINT32 | Spi, | |||
IN UINT8 | ListType | |||
) |
Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.
[in] | SaSessionList | The SA Session List to be iterated. |
[in] | Spi | Spi used to identified the IKEV2_CHILD_SA_SESSION. |
[in] | ListType | The type of the List to indicate whether it is a Established. |
References IKEV2_CHILD_SA_SESSION_BY_DEL_SA, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DELET_CHILDSA_LIST, IKEV2_ESTABLISHED_CHILDSA_LIST, IKEV2_ESTABLISHING_CHILDSA_LIST, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.
Referenced by Ikev2ChildSaSessionReg(), Ikev2ChildSaSilentDelete(), Ikev2HandleSa(), Ikev2OnPacketSent(), and Ikev2ResendNotify().
VOID Ikev2ChildSaSessionSpdSelectorCreate | ( | IN OUT IKEV2_CHILD_SA_SESSION * | ChildSaSession | ) |
Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime, the SpdSelector in ChildSaSession is more accurated or the scope is smaller than the one in ChildSaSession->Spd, especially for the tunnel mode.
[in,out] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION related to. |
Referenced by Ikev2AuthCertParser(), Ikev2AuthPskParser(), and Ikev2ChildSaSessionCreate().
EFI_STATUS Ikev2ChildSaSilentDelete | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN UINT32 | Spi | |||
) |
Delete the specified established Child SA.
This function delete the Child SA directly and don't send the Information Packet to remote peer.
[in] | IkeSaSession | Pointer to a IKE SA Session used to be searched for. |
[in] | Spi | SPI used to find the Child SA. |
EFI_NOT_FOUND | Pointer of IKE SA Session is NULL. | |
EFI_NOT_FOUND | There is no specified Child SA related with the input SPI under this IKE SA Session. | |
EFI_SUCCESS | Delete the Child SA successfully. |
References EfiIpSecConfigGetNextSelector(), EfiIpSecConfigSetData(), IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionRemove(), _IPSEC_PRIVATE_DATA::IpSecConfig, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.
Referenced by Ikev2InfoParser(), Ikev2OnPacketSent(), Ikev2ResendNotify(), and Ikev2SaSessionFree().
VOID Ikev2DhBufferFree | ( | IKEV2_DH_BUFFER * | DhBuffer | ) |
Free the specified DhBuffer.
[in] | DhBuffer | Pointer to IKEV2_DH_BUFFER to be freed. |
References IKEV2_DH_BUFFER::DhContext, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxyBuffer, IKEV2_DH_BUFFER::GyBuffer, and IpSecCryptoIoFreeDh().
IKEV2_SA_DATA* Ikev2InitializeSaData | ( | IN IKEV2_SESSION_COMMON * | SessionCommon | ) |
Create and intialize IKEV2_SA_DATA for speicifed IKEV2_SESSION_COMMON.
This function will be only called by the initiator. The responder's IKEV2_SA_DATA will be generated during parsed the initiator packet.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON related to. |
a | Pointer to a new IKEV2_SA_DATA or NULL. |
References IKE_SA_ATTRIBUTE::Attr, IKEV2_TRANSFORM_DATA::Attribute, IKE_SA_ATTR_UNION::AttrLength, IKE_SA_ATTRIBUTE::AttrType, IkeSessionTypeIkeSa, IKEV2_ATTRIBUTE_TYPE_KEYLEN, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_TRANSFORM_ID_AUTH_HMAC_SHA1_96, IKEV2_TRANSFORM_ID_DH_1024MODP, IKEV2_TRANSFORM_ID_ENCR_3DES, IKEV2_TRANSFORM_ID_ENCR_AES_CBC, IKEV2_TRANSFORM_ID_PRF_HMAC_SHA1, IKEV2_TRANSFORM_TYPE_DH, IKEV2_TRANSFORM_TYPE_ENCR, IKEV2_TRANSFORM_TYPE_ESN, IKEV2_TRANSFORM_TYPE_INTEG, IKEV2_TRANSFORM_TYPE_PRF, IPSEC_PROTO_IPSEC_ESP, IPSEC_PROTO_ISAKMP, IpSecGetEncryptKeyLength(), IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKEV2_SA_DATA::NumProposals, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_PROPOSAL_DATA::ProposalIndex, IKEV2_PROPOSAL_DATA::ProtocolId, IKEV2_PROPOSAL_DATA::Spi, IKEV2_TRANSFORM_DATA::TransformId, IKEV2_TRANSFORM_DATA::TransformIndex, and IKEV2_TRANSFORM_DATA::TransformType.
Referenced by Ikev2HandleSa(), Ikev2NegotiateChildSa(), and Ikev2NegotiateSa().
BOOLEAN Ikev2IsSupportAlg | ( | IN UINT16 | AlgorithmId, | |
IN UINT8 | Type | |||
) |
Check if the Algorithm ID is supported.
[in] | AlgorithmId | The specified Algorithm ID. |
[in] | Type | The type used to indicate the Algorithm is for Encrypt or Authentication. |
TRUE | If the Algorithm ID is supported. | |
FALSE | If the Algorithm ID is not supported. |
References IKE_AUTH_TYPE, IKE_DH_TYPE, IKE_ENCRYPT_TYPE, IKE_PRF_TYPE, IKEV2_SUPPORT_AUTH_ALGORITHM_NUM, IKEV2_SUPPORT_DH_ALGORITHM_NUM, IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM, IKEV2_SUPPORT_PRF_ALGORITHM_NUM, mIkev2AuthAlgorithmList, mIkev2DhGroupAlgorithmList, mIkev2EncryptAlgorithmList, and mIkev2PrfAlgorithmList.
Referenced by Ikev2ParseProposalData().
VOID EFIAPI Ikev2LifetimeNotify | ( | IN EFI_EVENT | Event, | |
IN VOID * | Context | |||
) |
Call back function of the IKE life time is over.
This function will mark the related IKE SA Session as deleting and trigger a Information negotiation.
[in] | Event | The signaled Event. |
[in] | Context | Pointer to data passed by caller. |
References IKEV2_CHILD_SA_SESSION::ByDelete, IKEV2_SA_SESSION::DeleteSaList, IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeIkeSa, IkeStateSaDeleting, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_DUMP_STATE, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_SESSION::InitiatorCookie, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, mIkev2Exchange, _IKE_EXCHANGE_INTERFACE::NegotiateInfo, IKEV2_SA_SESSION::ResponderCookie, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.
Referenced by Ikev2ChildSaSessionReg(), and Ikev2SaSessionReg().
EFI_STATUS Ikev2MatchSpdEntry | ( | IN EFI_IPSEC_CONFIG_DATA_TYPE | Type, | |
IN EFI_IPSEC_CONFIG_SELECTOR * | Selector, | |||
IN VOID * | Data, | |||
IN UINTN | SelectorSize, | |||
IN UINTN | DataSize, | |||
IN VOID * | Context | |||
) |
Check if the SPD is related to the input Child SA Session.
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call back function of IpSecVisitConfigData().
[in] | Type | Type of the input Config Selector. |
[in] | Selector | Pointer to the Configure Selector to be checked. |
[in] | Data | Pointer to the Configure Selector's Data passed from the caller. |
[in] | SelectorSize | The buffer size of Selector. |
[in] | DataSize | The buffer size of the Data. |
[in] | Context | The data passed from the caller. It is a Child SA Session in this context. |
EFI_SUCCESS | The SPD Selector is not related to the Child SA Session. | |
EFI_ABORTED | The SPD Selector is related to the Child SA session and set the ChildSaSession->Spd to point to this SPD Selector. |
References EFI_IPSEC_ANY_PORT, EFI_IPSEC_ANY_PROTOCOL, IKE_DEFAULT_PORT, IkeSearchSpdEntry(), IpSecMatchIpAddress(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPort, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, and IKEV2_SESSION_COMMON::UdpService.
Referenced by Ikev2ChildSaAssociateSpdEntry().
VOID Ikev2ParseProposalData | ( | IN IKEV2_PROPOSAL_DATA * | ProposalData, | |
OUT UINT16 * | PreferEncryptAlgorithm, | |||
OUT UINT16 * | PreferIntegrityAlgorithm, | |||
OUT UINT16 * | PreferPrfAlgorithm, | |||
OUT UINT16 * | PreferDhGroup, | |||
OUT UINTN * | PreferEncryptKeylength, | |||
OUT BOOLEAN * | IsSupportEsn, | |||
IN BOOLEAN | IsChildSa | |||
) |
Get the preferred algorithm types from ProposalData.
[in] | ProposalData | Pointer to related IKEV2_PROPOSAL_DATA. |
[out] | PreferEncryptAlgorithm | Output of preferred encrypt algorithm. |
[out] | PreferIntegrityAlgorithm | Output of preferred integrity algorithm. |
[out] | PreferPrfAlgorithm | Output of preferred PRF algorithm. Only for IKE SA. |
[out] | PreferDhGroup | Output of preferred DH group. Only for IKE SA. |
[out] | PreferEncryptKeylength | Output of preferred encrypt key length in bytes. |
[out] | IsSupportEsn | Output of value about the Extented Sequence Number is support or not. Only for Child SA. |
[in] | IsChildSa | If it is ture, the ProposalData is for IKE SA. Otherwise the proposalData is for Child SA. |
References IKE_SA_ATTRIBUTE::Attr, IKEV2_TRANSFORM_DATA::Attribute, IKE_SA_ATTRIBUTE::AttrType, IKE_SA_ATTR_UNION::AttrValue, IKE_AUTH_TYPE, IKE_DH_TYPE, IKE_ENCRYPT_TYPE, IKE_PRF_TYPE, IKEV2_ATTRIBUTE_TYPE_KEYLEN, IKEV2_TRANSFORM_TYPE_DH, IKEV2_TRANSFORM_TYPE_ENCR, IKEV2_TRANSFORM_TYPE_ESN, IKEV2_TRANSFORM_TYPE_INTEG, IKEV2_TRANSFORM_TYPE_PRF, Ikev2IsSupportAlg(), IpSecGetEncryptKeyLength(), IKEV2_TRANSFORM_DATA::TransformId, and IKEV2_TRANSFORM_DATA::TransformType.
Referenced by Ikev2ChildSaParseSaPayload(), and Ikev2SaParseSaPayload().
VOID EFIAPI Ikev2ResendNotify | ( | IN EFI_EVENT | Event, | |
IN VOID * | Context | |||
) |
This function will be called if the TimeOut Event is signaled.
[in] | Event | The signaled Event. |
[in] | Context | The data passed by caller. |
References IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_SA_SESSION::ChildSaSessionList, IKEV2_SA_SESSION::DeleteSaList, IKE_MAX_RETRY, IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeIkeSa, IkeStateSaDeleting, _IPSEC_PRIVATE_DATA::Ikev1EstablishedList, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_DELET_CHILDSA_LIST, IKEV2_ESTABLISHING_CHILDSA_LIST, IKEV2_SA_SESSION_FROM_COMMON, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionRemove(), Ikev2ChildSaSilentDelete(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionFree(), Ikev2SaSessionRemove(), Ikev2SendIkePacket(), _IPSEC_PRIVATE_DATA::Ikev2SessionList, _IPSEC_PRIVATE_DATA::IpSec, IPSEC_STATUS_DISABLED, IPSECCONFIG_STATUS_NAME, _IPSEC_PRIVATE_DATA::IsIPsecDisabling, IKEV2_SESSION_COMMON::LastSentPacket, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKEV2_SESSION_COMMON::Private, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SESSION_COMMON::RetryCount, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_COMMON::State, and IKEV2_SESSION_COMMON::UdpService.
Referenced by Ikev2ChildSaSessionAlloc(), and Ikev2SaSessionAlloc().
EFI_STATUS Ikev2SaGenerateKey | ( | IN UINT8 | HashAlgId, | |
IN UINT8 * | HashKey, | |||
IN UINTN | HashKeyLength, | |||
IN OUT UINT8 * | OutputKey, | |||
IN UINTN | OutputKeyLength, | |||
IN PRF_DATA_FRAGMENT * | Fragments, | |||
IN UINTN | NumFragments | |||
) |
Generate Key buffer from fragments.
If the digest length of specified HashAlgId is larger than or equal with the required output key length, derive the key directly. Otherwise, Key Material needs to be PRF-based concatenation according to 2.13 of RFC 4306: prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01), T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04) then derive the key from this key material.
[in] | HashAlgId | The Hash Algorithm ID used to generate key. |
[in] | HashKey | Pointer to a key buffer which contains hash key. |
[in] | HashKeyLength | The length of HashKey in bytes. |
[in,out] | OutputKey | Pointer to buffer which is used to receive the output key. |
[in] | OutputKeyLength | The length of OutPutKey buffer. |
[in] | Fragments | Pointer to the data to be used to generate key. |
[in] | NumFragments | The numbers of the Fragement. |
EFI_SUCCESS | The operation complete successfully. | |
EFI_INVALID_PARAMETER | If NumFragments is zero. | |
EFI_OUT_OF_RESOURCES | If the required resource can't be allocated. | |
Others | The operation is failed. |
References PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IpSecCryptoIoHmac(), and IpSecGetHmacDigestLength().
Referenced by Ikev2GenerateChildSaKeys(), and Ikev2GenerateSaKeys().
BOOLEAN Ikev2SaParseSaPayload | ( | IN OUT IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_PAYLOAD * | SaPayload, | |||
IN UINT8 | Type | |||
) |
Parse the received Initial Exchange Packet.
This function parse the SA Payload and Key Payload to find out the cryptographic suite for the further IKE negotiation and fill it into the IKE SA Session's CommonSession->SaParams.
[in,out] | IkeSaSession | Pointer to related IKEV2_SA_SESSION. |
[in] | SaPayload | The received packet. |
[in] | Type | The received packet IKE header flag. |
TRUE | If the SA proposal in Packet is acceptable. | |
FALSE | If the SA proposal in Packet is not acceptable. |
References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_ISAKMP, IKEV2_PROPOSAL_DATA::NumTransforms, and IKEV2_PROPOSAL_DATA::ProtocolId.
Referenced by Ikev2InitPskParser().
IKEV2_SA_SESSION* Ikev2SaSessionAlloc | ( | IN IPSEC_PRIVATE_DATA * | Private, | |
IN IKE_UDP_SERVICE * | UdpService | |||
) |
Allocate buffer for IKEV2_SA_SESSION and initialize it.
[in] | Private | Pointer to IPSEC_PRIVATE_DATA. |
[in] | UdpService | Pointer to IKE_UDP_SERVICE related to this IKE SA Session. |
References IKEV2_SESSION_COMMON::AfterEncodePayload, IKEV2_SESSION_COMMON::BeforeDecodePayload, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_SA_SESSION::ChildSaSessionList, IKEV2_SA_SESSION::DeleteSaList, IkeGenerateCookie(), IKEV2_SESSION_COMMON::IkeSessionType, IkeSessionTypeIkeSa, IKEV2_SA_SESSION_SIGNATURE, Ikev2ResendNotify(), IKEV2_SESSION_COMMON::IkeVer, IKEV2_SA_SESSION::InfoMIDList, IKEV2_SA_SESSION::InitiatorCookie, IKEV2_SA_SESSION::MessageId, IKEV2_SA_SESSION::NCookie, IKEV2_SESSION_COMMON::Private, IKEV2_SA_SESSION::ResponderCookie, IKEV2_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Signature, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::UdpService.
Referenced by Ikev2HandleSa(), and Ikev2NegotiateSa().
VOID Ikev2SaSessionCommonFree | ( | IN IKEV2_SESSION_COMMON * | SessionCommon | ) |
Free specified Seession Common. The session common would belong to a IKE SA or a Child SA.
[in] | SessionCommon | Pointer to a Session Common. |
References IkePacketFree().
Referenced by Ikev2ChildSaSessionFree(), and Ikev2SaSessionFree().
VOID Ikev2SaSessionFree | ( | IN IKEV2_SA_SESSION * | IkeSaSession | ) |
Free specified IKEV2 SA Session.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION to be freed. |
References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_CHILD_SA_SESSION::IkeSaSession, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, Ikev2ChildSaSessionFree(), Ikev2ChildSaSilentDelete(), Ikev2DhBufferFree(), Ikev2SaSessionCommonFree(), IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkdKey, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkErKey, IKEV2_SESSION_KEYS::SkPiKey, and IKEV2_SESSION_KEYS::SkPrKey.
Referenced by IkeDeleteAllSas(), Ikev2HandleSa(), Ikev2InfoParser(), Ikev2NegotiateSa(), Ikev2OnPacketSent(), Ikev2ResendNotify(), Ikev2SaSessionReg(), and IpSecStop().
VOID Ikev2SaSessionIncreaseMessageId | ( | IN IKEV2_SA_SESSION * | IkeSaSession | ) |
Increase the MessageID in IkeSaSession.
[in] | IkeSaSession | Pointer to a specified IKEV2_SA_SESSION. |
Referenced by Ikev2InfoGenerator().
VOID Ikev2SaSessionInsert | ( | IN LIST_ENTRY * | SaSessionList, | |
IN IKEV2_SA_SESSION * | IkeSaSession, | |||
IN EFI_IP_ADDRESS * | RemotePeerIp | |||
) |
Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.
[in] | SaSessionList | Pointer to list to be inserted into. |
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION to be inserted. |
[in] | RemotePeerIp | Pointer to EFI_IP_ADDRESSS to indicate the unique IKEV2_SA_SESSION. |
References Ikev2SaSessionRemove().
Referenced by Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2SaSessionReg().
IKEV2_SA_SESSION* Ikev2SaSessionLookup | ( | IN LIST_ENTRY * | SaSessionList, | |
IN EFI_IP_ADDRESS * | RemotePeerIp | |||
) |
Find a IKEV2_SA_SESSION by the remote peer IP.
[in] | SaSessionList | SaSession List to be searched. |
[in] | RemotePeerIp | Pointer to specified IP address. |
References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.
Referenced by IkeNegotiate(), Ikev2HandleChildSa(), Ikev2HandleInfo(), Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2OnPacketSent().
EFI_STATUS Ikev2SaSessionOnDeleting | ( | IN IKEV2_SA_SESSION * | IkeSaSession | ) |
Marking a SA session as on deleting.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION. |
EFI_SUCCESS | Find the related SA session and marked it. |
VOID Ikev2SaSessionReg | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IPSEC_PRIVATE_DATA * | Private | |||
) |
Register the established IKEv2 SA into Private->Ikev2EstablishedList. If there is IKEV2_SA_SESSION with same remote peer IP, remove the old one then register the new one.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION to be registered. |
[in] | Private | Pointer to IPSEC_PRAVATE_DATA. |
References IKE_SA_DEFAULT_LIFETIME, Ikev2LifetimeNotify(), Ikev2SaSessionFree(), Ikev2SaSessionInsert(), Ikev2SaSessionRemove(), Ikev2SessionCommonRefresh(), IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SESSION_COMMON::TimeoutEvent.
Referenced by Ikev2HandleSa().
IKEV2_SA_SESSION* Ikev2SaSessionRemove | ( | IN LIST_ENTRY * | SaSessionList, | |
IN EFI_IP_ADDRESS * | RemotePeerIp | |||
) |
Remove the SA Session by Remote Peer IP.
[in] | SaSessionList | Pointer to list to be searched. |
[in] | RemotePeerIp | Pointer to EFI_IP_ADDRESS to use for SA Session search. |
Pointer | to IKEV2_SA_SESSION with the specified remote IP address or NULL. |
References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.
Referenced by Ikev2HandleSa(), Ikev2ResendNotify(), Ikev2SaSessionInsert(), and Ikev2SaSessionReg().
VOID Ikev2SessionCommonRefresh | ( | IN IKEV2_SESSION_COMMON * | SessionCommon | ) |
After IKE/Child SA is estiblished, close the time event and free sent packet.
[in] | SessionCommon | Pointer to a Session Common. |
References IkePacketFree().
Referenced by Ikev2ChildSaSessionReg(), and Ikev2SaSessionReg().
VOID Ikev2StoreSaData | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSaSession | ) |
Store the SA into SAD.
[in] | ChildSaSession | Pointer to IKEV2_CHILD_SA_SESSION. |
References EfiIpSecConfigSetData(), _IPSEC_PRIVATE_DATA::IpSecConfig, and IKEV2_SESSION_COMMON::Private.
Referenced by Ikev2ChildSaSessionReg().
BOOLEAN Ikev2ValidateHeader | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_HEADER * | IkeHdr | |||
) |
Validate the IKE header of received IKE packet.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION related to this IKE packet. |
[in] | IkeHdr | Pointer to IKE header of received IKE packet. |
TRUE | If the IKE header is valid. | |
FALSE | If the IKE header is invalid. |
References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IkeStateAuth, IkeStateInit, IKEV2_EXCHANGE_TYPE_CREATE_CHILD, and IKEV2_EXCHANGE_TYPE_INFO.
Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().
UINT16 mIkev2AuthAlgorithmList[IKEV2_SUPPORT_AUTH_ALGORITHM_NUM] |
UINT16 mIkev2DhGroupAlgorithmList[IKEV2_SUPPORT_DH_ALGORITHM_NUM] |
Initial value:
Referenced by Ikev2IsSupportAlg().
UINT16 mIkev2EncryptAlgorithmList[IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM] |
Initial value:
Referenced by Ikev2IsSupportAlg().
UINT16 mIkev2PrfAlgorithmList[IKEV2_SUPPORT_PRF_ALGORITHM_NUM] |