NetworkPkg/IpSecDxe/Ikev2/Sa.c File Reference


Functions

EFI_STATUS Ikev2GenerateSaDhPublicKey (IN IKEV2_SA_SESSION *IkeSaSession)
EFI_STATUS Ikev2GenerateSaKeys (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *KePayload)
EFI_STATUS Ikev2GenerateChildSaKeys (IN IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IKE_PAYLOAD *KePayload)
IKE_PACKETIkev2InitPskGenerator (IN UINT8 *SaSession, IN VOID *Context)
EFI_STATUS Ikev2InitPskParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket)
IKE_PACKETIkev2AuthPskGenerator (IN UINT8 *SaSession, IN VOID *Context)
EFI_STATUS Ikev2AuthPskParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket)
IKE_PACKETIkev2InitCertGenerator (IN UINT8 *SaSession, IN VOID *Context)
EFI_STATUS Ikev2InitCertParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket)
IKE_PACKETIkev2AuthCertGenerator (IN UINT8 *SaSession, IN VOID *Context)
EFI_STATUS Ikev2AuthCertParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket)
EFI_STATUS Ikev2GenerateSaDhComputeKey (IN IKEV2_DH_BUFFER *DhBuffer, IN IKE_PAYLOAD *KePayload)

Variables

GLOBAL_REMOVE_IF_UNREFERENCED
IKEV2_PACKET_HANDLER 
mIkev2Initial [][2]

Detailed Description

The operations for IKEv2 SA.

(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

IKE_PACKET* Ikev2AuthCertGenerator ( IN UINT8 *  SaSession,
IN VOID *  Context 
)

Generates the IKEv2 packet for IKE_AUTH exchange.

Parameters:
[in] SaSession Pointer to IKEV2_SA_SESSION.
[in] Context Context data passed by caller.
Return values:
Pointer to IKEv2 Packet to be sent out.

References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_PAD_ENTRY::Data, _IPSEC_SPD_ENTRY::Data, IKE_HEADER::ExchangeType, IKE_HEADER::Flags, IKE_PACKET::Header, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PACKET_APPEND_PAYLOAD, IkePacketAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT, IKEV2_CERT_ENCODEING_X509_CERT_SIGN, IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS, IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_NOTIFICATION_USE_TRANSPORT_MODE, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2CertGenerateAuthPayload(), Ikev2GenerateCertIdPayload(), Ikev2GenerateCertificatePayload(), Ikev2GenerateCpPayload(), Ikev2GenerateNotifyPayload(), Ikev2GenerateSaPayload(), Ikev2GenerateTsPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKE_HEADER::InitiatorCookie, IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKE_HEADER::MessageId, IKE_HEADER::NextPayload, IKEV2_SA_SESSION::Pad, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_SA_SESSION::ResponderCookie, IKE_HEADER::ResponderCookie, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Spd, IKEV2_SESSION_COMMON::UdpService, and IKE_HEADER::Version.

EFI_STATUS Ikev2AuthCertParser ( IN UINT8 *  SaSession,
IN IKE_PACKET IkePacket 
)

Parses IKE_AUTH packet.

Parameters:
[in] SaSession Pointer to the IKE_SA_SESSION related to this packet.
[in] IkePacket Pointer to the IKE_AUTH packet to be parsered.
Return values:
EFI_INVALID_PARAMETER The IKEv2 packet is malformed or the SA proposal is unacceptable.
EFI_SUCCESS The IKE packet is acceptable and the relative data is saved for furthure communication.
EFI_UNSUPPORTED The certificate authentication is not supported.

References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_SPD_ENTRY::Data, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PAYLOAD_BY_PACKET, IkePayloadFree(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeStateIkeSaEstablished, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DUMP_STATE, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2CertGenerateAuthPayload(), Ikev2ChildSaAssociateSpdEntry(), Ikev2ChildSaParseSaPayload(), Ikev2ChildSaSessionSpdSelectorCreate(), Ikev2GenerateChildSaKeys(), IpSecCryptoIoVerifySignDataByCertificate(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKEV2_CHILD_SA_SESSION::LocalPort, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, IKEV2_SA_SESSION::Spd, IKEV2_CHILD_SA_SESSION::SpdSelector, IKEV2_SESSION_COMMON::State, and IKEV2_SESSION_COMMON::UdpService.

IKE_PACKET* Ikev2AuthPskGenerator ( IN UINT8 *  SaSession,
IN VOID *  Context 
)

Generates the IKEv2 packet for IKE_AUTH exchange.

Parameters:
[in] SaSession Pointer to IKEV2_SA_SESSION.
[in] Context Context data passed by caller.
Return values:
Pointer to IKE Packet to be sent out.

References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_SPD_ENTRY::Data, IKE_HEADER::ExchangeType, IKE_HEADER::Flags, IKE_PACKET::Header, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PACKET_APPEND_PAYLOAD, IkePacketAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS, IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_NOTIFICATION_USE_TRANSPORT_MODE, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2GenerateCpPayload(), Ikev2GenerateIdPayload(), Ikev2GenerateNotifyPayload(), Ikev2GenerateSaPayload(), Ikev2GenerateTsPayload(), Ikev2PskGenerateAuthPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKE_HEADER::InitiatorCookie, IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKE_HEADER::MessageId, IKE_HEADER::NextPayload, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_SA_SESSION::ResponderCookie, IKE_HEADER::ResponderCookie, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Spd, IKEV2_SESSION_COMMON::UdpService, and IKE_HEADER::Version.

EFI_STATUS Ikev2AuthPskParser ( IN UINT8 *  SaSession,
IN IKE_PACKET IkePacket 
)

EFI_STATUS Ikev2GenerateChildSaKeys ( IN IKEV2_CHILD_SA_SESSION ChildSaSession,
IN IKE_PAYLOAD KePayload 
)

Generates the Keys for the furthure IPsec Protocol.

Parameters:
[in] ChildSaSession Pointer to IKE Child SA Session.
[in] KePayload Pointer to Key payload used to generate the Key.
Return values:
EFI_UNSUPPORTED If one or more Algorithm Id is unsupported.
EFI_SUCCESS The operation succeeded.
Generates the Keys for the furthure IPsec Protocol.

Parameters:
[in] ChildSaSession Pointer to IKE Child SA Session.
[in] KePayload Pointer to Key payload used to generate the Key.
Return values:
EFI_UNSUPPORTED If one or more Algorithm Id is not supported.
EFI_SUCCESS The operation succeeded.

References PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, Ikev2GenerateSaDhComputeKey(), Ikev2SaGenerateKey(), IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecGetEncryptKeyLength(), and IpSecGetHmacDigestLength().

Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().

EFI_STATUS Ikev2GenerateSaDhComputeKey ( IN IKEV2_DH_BUFFER DhBuffer,
IN IKE_PAYLOAD KePayload 
)

Computes the DH Shared/Exchange Key.

Given peer's public key, this function computes the exchanged common key and stores it in the IKEv2 SA Session's GxyBuffer.

Parameters:
[in] DhBuffer Pointer to buffer of peer's puliic key.
[in] KePayload Pointer to received key payload.
Return values:
EFI_SUCCESS The operation succeeded.
Otherwise The operation failed.

References IPSEC_DUMP_BUF, and IpSecCryptoIoDhComputeKey().

Referenced by Ikev2GenerateChildSaKeys(), and Ikev2GenerateSaKeys().

EFI_STATUS Ikev2GenerateSaDhPublicKey ( IN IKEV2_SA_SESSION IkeSaSession  ) 

Generates the DH Key.

This generates the DH local public key and store it in the IKEv2 SA Session's GxBuffer.

Parameters:
[in] IkeSaSession Pointer to related IKE SA Session.
Return values:
EFI_SUCCESS The operation succeeded.
Others The operation failed.
Generates the DH Public Key.

This generates the DH local public key and store it in the IKE SA Session's GxBuffer.

Parameters:
[in] IkeSaSession Pointer to related IKE SA Session.
Return values:
EFI_SUCCESS The operation succeeded.
Others The operation failed.

References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_DH_BUFFER::DhContext, MODP_GROUP::GroupGenerator, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxSize, IPSEC_DUMP_BUF, IpSecCryptoIoDhGetPublicKey(), MODP_GROUP::Modulus, OakleyModpGroup, and MODP_GROUP::Size.

Referenced by Ikev2InitPskGenerator(), and Ikev2InitPskParser().

EFI_STATUS Ikev2GenerateSaKeys ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD KePayload 
)

Generates the IKEv2 SA key for the furthure IKEv2 exchange.

Parameters:
[in] IkeSaSession Pointer to IKEv2 SA Session.
[in] KePayload Pointer to Key payload used to generate the Key.
Return values:
EFI_UNSUPPORTED If the Algorithm Id is not supported.
EFI_SUCCESS The operation succeeded.
Generates the IKE SKEYSEED and seven other secrets. SK_d, SK_ai, SK_ar, SK_ei, SK_er, SK_pi, SK_pr are keys for the furthure IKE exchange.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session.
[in] KePayload Pointer to Key payload used to generate the Key.
Return values:
EFI_UNSUPPORTED If one or more Algorithm Id is not supported.
EFI_OUT_OF_RESOURCES If there is no enough resource to be allocated to meet the requirement.
EFI_SUCCESS The operation succeeded.

References HASH_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, PRF_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, Ikev2GenerateSaDhComputeKey(), Ikev2SaGenerateKey(), IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoHmac(), IpSecGetEncryptKeyLength(), IpSecGetHmacDigestLength(), and IKEV2_SA_PARAMS::Prf.

Referenced by Ikev2InitPskParser().

IKE_PACKET* Ikev2InitCertGenerator ( IN UINT8 *  SaSession,
IN VOID *  Context 
)

Gernerates IKEv2 packet for IKE_SA_INIT exchange.

Parameters:
[in] SaSession Pointer to IKEV2_SA_SESSION related to the exchange.
[in] Context Context Data passed by caller.
Return values:
EFI_SUCCESS The IKE packet generation succeeded.
Others The IKE packet generation failed.

References IKE_PACKET_APPEND_PAYLOAD, IKE_PACKET_END_PAYLOAD, IKE_PAYLOAD_BY_PACKET, IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IKEV2_PAYLOAD_TYPE_NONE, Ikev2GenerateCertificatePayload(), Ikev2InitPskGenerator(), and IKE_PAYLOAD::PayloadBuf.

EFI_STATUS Ikev2InitCertParser ( IN UINT8 *  SaSession,
IN IKE_PACKET IkePacket 
)

Parses the IKEv2 packet for IKE_SA_INIT exchange.

Parameters:
[in] SaSession Pointer to IKEV2_SA_SESSION related to the exchange.
[in] IkePacket The received IKEv2 packet to be parsed.
Return values:
EFI_SUCCESS The IKEv2 packet is acceptable and the relative data is saved for furthure communication.
EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.
EFI_UNSUPPORTED The certificate authentication is not supported.

References Ikev2InitPskParser().

IKE_PACKET* Ikev2InitPskGenerator ( IN UINT8 *  SaSession,
IN VOID *  Context 
)

EFI_STATUS Ikev2InitPskParser ( IN UINT8 *  SaSession,
IN IKE_PACKET IkePacket 
)


Variable Documentation

GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER mIkev2Initial[][2]


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1