NetworkPkg/IpSecDxe/Ikev2/Utility.c File Reference


Functions

IKEV2_SA_SESSIONIkev2SaSessionAlloc (IN IPSEC_PRIVATE_DATA *Private, IN IKE_UDP_SERVICE *UdpService)
VOID Ikev2SaSessionReg (IN IKEV2_SA_SESSION *IkeSaSession, IN IPSEC_PRIVATE_DATA *Private)
IKEV2_SA_SESSIONIkev2SaSessionLookup (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp)
VOID Ikev2SaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_SA_SESSION *IkeSaSession, IN EFI_IP_ADDRESS *RemotePeerIp)
IKEV2_SA_SESSIONIkev2SaSessionRemove (IN LIST_ENTRY *SaSessionList, IN EFI_IP_ADDRESS *RemotePeerIp)
EFI_STATUS Ikev2SaSessionOnDeleting (IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2SaSessionCommonFree (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2SessionCommonRefresh (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2SaSessionFree (IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2SaSessionIncreaseMessageId (IN IKEV2_SA_SESSION *IkeSaSession)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionAlloc (IN IKE_UDP_SERVICE *UdpService, IN IKEV2_SA_SESSION *IkeSaSession)
VOID Ikev2ChildSaSessionReg (IN IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IPSEC_PRIVATE_DATA *Private)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionLookupByMid (IN LIST_ENTRY *SaSessionList, IN UINT32 Mid)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionLookupBySpi (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi)
VOID Ikev2ChildSaSessionInsert (IN LIST_ENTRY *SaSessionList, IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionRemove (IN LIST_ENTRY *SaSessionList, IN UINT32 Spi, IN UINT8 ListType)
EFI_STATUS Ikev2ChildSaSessionOnDeleting (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
VOID Ikev2ChildSaSessionFree (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
EFI_STATUS Ikev2ChildSaSilentDelete (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT32 Spi)
VOID Ikev2DhBufferFree (IKEV2_DH_BUFFER *DhBuffer)
IKEV2_CREATE_CHILD_REQUEST_TYPE Ikev2ChildExchangeRequestType (IN IKE_PACKET *IkePacket)
EFI_STATUS Ikev2ChildSaAssociateSpdEntry (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession)
UINT32 Ikev2ChildExchangeRekeySpi (IN IKE_PACKET *IkePacket)
BOOLEAN Ikev2ValidateHeader (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_HEADER *IkeHdr)
IKEV2_SA_DATAIkev2InitializeSaData (IN IKEV2_SESSION_COMMON *SessionCommon)
VOID Ikev2StoreSaData (IN IKEV2_CHILD_SA_SESSION *ChildSaSession)
VOID EFIAPI Ikev2LifetimeNotify (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI Ikev2ResendNotify (IN EFI_EVENT Event, IN VOID *Context)
VOID Ikev2ChildSaSessionSpdSelectorCreate (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession)
IKEV2_CHILD_SA_SESSIONIkev2ChildSaSessionCreate (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_UDP_SERVICE *UdpService)
EFI_STATUS Ikev2MatchSpdEntry (IN EFI_IPSEC_CONFIG_DATA_TYPE Type, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN UINTN SelectorSize, IN UINTN DataSize, IN VOID *Context)
BOOLEAN Ikev2IsSupportAlg (IN UINT16 AlgorithmId, IN UINT8 Type)
VOID Ikev2ParseProposalData (IN IKEV2_PROPOSAL_DATA *ProposalData, OUT UINT16 *PreferEncryptAlgorithm, OUT UINT16 *PreferIntegrityAlgorithm, OUT UINT16 *PreferPrfAlgorithm, OUT UINT16 *PreferDhGroup, OUT UINTN *PreferEncryptKeylength, OUT BOOLEAN *IsSupportEsn, IN BOOLEAN IsChildSa)
BOOLEAN Ikev2SaParseSaPayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type)
BOOLEAN Ikev2ChildSaParseSaPayload (IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IKE_PAYLOAD *SaPayload, IN UINT8 Type)
EFI_STATUS Ikev2SaGenerateKey (IN UINT8 HashAlgId, IN UINT8 *HashKey, IN UINTN HashKeyLength, IN OUT UINT8 *OutputKey, IN UINTN OutputKeyLength, IN PRF_DATA_FRAGMENT *Fragments, IN UINTN NumFragments)

Variables

UINT16 mIkev2EncryptAlgorithmList [IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM]
UINT16 mIkev2PrfAlgorithmList [IKEV2_SUPPORT_PRF_ALGORITHM_NUM]
UINT16 mIkev2DhGroupAlgorithmList [IKEV2_SUPPORT_DH_ALGORITHM_NUM]
UINT16 mIkev2AuthAlgorithmList [IKEV2_SUPPORT_AUTH_ALGORITHM_NUM]

Detailed Description

The Common operations used by IKE Exchange Process.

(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

UINT32 Ikev2ChildExchangeRekeySpi ( IN IKE_PACKET IkePacket  ) 

This function finds the SPI from Create Child SA Exchange Packet.

Parameters:
[in] IkePacket Pointer to IKE_PACKET to be searched.
Return values:
SPI number or 0 if it is not supported.

IKEV2_CREATE_CHILD_REQUEST_TYPE Ikev2ChildExchangeRequestType ( IN IKE_PACKET IkePacket  ) 

This function is to parse a request IKE packet and return its request type. The request type is one of IKE CHILD SA creation, IKE SA rekeying and IKE CHILD SA rekeying.

Parameters:
[in] IkePacket IKE packet to be prased.
return the type of the IKE packet.

References IKE_PAYLOAD_BY_PACKET, IkeRequestTypeCreateChildSa, IkeRequestTypeRekeyChildSa, IkeRequestTypeRekeyIkeSa, IKEV2_NOTIFICATION_REKEY_SA, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_TS_INIT, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2HandleChildSa().

EFI_STATUS Ikev2ChildSaAssociateSpdEntry ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Associate a SPD selector to the Child SA Session.

This function is called when the Child SA is not the first child SA of its IKE SA. It associate a SPD to this Child SA.

Parameters:
[in,out] ChildSaSession Pointer to the Child SA Session to be associated to a SPD selector.
Return values:
EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.
EFI_NOT_FOUND Can't find the related SPD selector.

References Ikev2MatchSpdEntry(), and IpSecVisitConfigData().

Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().

BOOLEAN Ikev2ChildSaParseSaPayload ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession,
IN IKE_PAYLOAD SaPayload,
IN UINT8  Type 
)

Parse the received Authentication Exchange Packet.

This function parse the SA Payload and Key Payload to find out the cryptographic suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.

Parameters:
[in,out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to this Authentication Exchange.
[in] SaPayload The received packet.
[in] Type The IKE header's flag of received packet .
Return values:
TRUE If the SA proposal in Packet is acceptable.
FALSE If the SA proposal in Packet is not acceptable.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_IPSEC_ESP, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_PROPOSAL_DATA::ProtocolId, and IKEV2_PROPOSAL_DATA::Spi.

Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionAlloc ( IN IKE_UDP_SERVICE UdpService,
IN IKEV2_SA_SESSION IkeSaSession 
)

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionCreate ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_UDP_SERVICE UdpService 
)

VOID Ikev2ChildSaSessionFree ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

VOID Ikev2ChildSaSessionInsert ( IN LIST_ENTRY *  SaSessionList,
IN IKEV2_CHILD_SA_SESSION ChildSaSession 
)

Insert a Child SA Session into the specified ChildSa list.

Parameters:
[in] SaSessionList Pointer to list to be inserted in.
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.

Referenced by Ikev2ChildSaSessionCreate(), Ikev2ChildSaSessionReg(), and Ikev2NegotiateChildSa().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupByMid ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Mid 
)

Find the ChildSaSession by it's MessagId.

Parameters:
[in] SaSessionList Pointer to a ChildSaSession List.
[in] Mid The messageId used to search ChildSaSession.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, and IKEV2_CHILD_SA_SESSION::MessageId.

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionLookupBySpi ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Spi 
)

This function find the Child SA by the specified SPI.

This functin find a ChildSA session by searching the ChildSaSessionlist of the input IKEV2_SA_SESSION by specified MessageID.

Parameters:
[in] SaSessionList Pointer to List to be searched.
[in] Spi Specified SPI.
Returns:
Pointer to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2OnPacketSent().

EFI_STATUS Ikev2ChildSaSessionOnDeleting ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Mark a specified Child SA Session as on deleting.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.
Return values:
EFI_SUCCESS Operation is successful.

VOID Ikev2ChildSaSessionReg ( IN IKEV2_CHILD_SA_SESSION ChildSaSession,
IN IPSEC_PRIVATE_DATA Private 
)

Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList. If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one then register the new one.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.
[in] Private Pointer to IPSEC_PRAVATE_DATA.

References CHILD_SA_DEFAULT_LIFETIME, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionInsert(), Ikev2ChildSaSessionRemove(), Ikev2LifetimeNotify(), Ikev2SessionCommonRefresh(), Ikev2StoreSaData(), and IKEV2_SESSION_COMMON::TimeoutEvent.

Referenced by Ikev2HandleSa().

IKEV2_CHILD_SA_SESSION* Ikev2ChildSaSessionRemove ( IN LIST_ENTRY *  SaSessionList,
IN UINT32  Spi,
IN UINT8  ListType 
)

Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.

Parameters:
[in] SaSessionList The SA Session List to be iterated.
[in] Spi Spi used to identified the IKEV2_CHILD_SA_SESSION.
[in] ListType The type of the List to indicate whether it is a Established.
Returns:
The point to IKEV2_CHILD_SA_SESSION or NULL.

References IKEV2_CHILD_SA_SESSION_BY_DEL_SA, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DELET_CHILDSA_LIST, IKEV2_ESTABLISHED_CHILDSA_LIST, IKEV2_ESTABLISHING_CHILDSA_LIST, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2ChildSaSessionReg(), Ikev2ChildSaSilentDelete(), Ikev2HandleSa(), Ikev2OnPacketSent(), and Ikev2ResendNotify().

VOID Ikev2ChildSaSessionSpdSelectorCreate ( IN OUT IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.

ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime, the SpdSelector in ChildSaSession is more accurated or the scope is smaller than the one in ChildSaSession->Spd, especially for the tunnel mode.

Parameters:
[in,out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.

Referenced by Ikev2AuthCertParser(), Ikev2AuthPskParser(), and Ikev2ChildSaSessionCreate().

EFI_STATUS Ikev2ChildSaSilentDelete ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT32  Spi 
)

Delete the specified established Child SA.

This function delete the Child SA directly and don't send the Information Packet to remote peer.

Parameters:
[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.
[in] Spi SPI used to find the Child SA.
Return values:
EFI_NOT_FOUND Pointer of IKE SA Session is NULL.
EFI_NOT_FOUND There is no specified Child SA related with the input SPI under this IKE SA Session.
EFI_SUCCESS Delete the Child SA successfully.

References EfiIpSecConfigGetNextSelector(), EfiIpSecConfigSetData(), IKEV2_ESTABLISHED_CHILDSA_LIST, Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionRemove(), _IPSEC_PRIVATE_DATA::IpSecConfig, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, and IKEV2_CHILD_SA_SESSION::RemotePeerSpi.

Referenced by Ikev2InfoParser(), Ikev2OnPacketSent(), Ikev2ResendNotify(), and Ikev2SaSessionFree().

VOID Ikev2DhBufferFree ( IKEV2_DH_BUFFER DhBuffer  ) 

Free the specified DhBuffer.

Parameters:
[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.

References IKEV2_DH_BUFFER::DhContext, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxyBuffer, IKEV2_DH_BUFFER::GyBuffer, and IpSecCryptoIoFreeDh().

IKEV2_SA_DATA* Ikev2InitializeSaData ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

BOOLEAN Ikev2IsSupportAlg ( IN UINT16  AlgorithmId,
IN UINT8  Type 
)

Check if the Algorithm ID is supported.

Parameters:
[in] AlgorithmId The specified Algorithm ID.
[in] Type The type used to indicate the Algorithm is for Encrypt or Authentication.
Return values:
TRUE If the Algorithm ID is supported.
FALSE If the Algorithm ID is not supported.

References IKE_AUTH_TYPE, IKE_DH_TYPE, IKE_ENCRYPT_TYPE, IKE_PRF_TYPE, IKEV2_SUPPORT_AUTH_ALGORITHM_NUM, IKEV2_SUPPORT_DH_ALGORITHM_NUM, IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM, IKEV2_SUPPORT_PRF_ALGORITHM_NUM, mIkev2AuthAlgorithmList, mIkev2DhGroupAlgorithmList, mIkev2EncryptAlgorithmList, and mIkev2PrfAlgorithmList.

Referenced by Ikev2ParseProposalData().

VOID EFIAPI Ikev2LifetimeNotify ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

EFI_STATUS Ikev2MatchSpdEntry ( IN EFI_IPSEC_CONFIG_DATA_TYPE  Type,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN UINTN  SelectorSize,
IN UINTN  DataSize,
IN VOID *  Context 
)

Check if the SPD is related to the input Child SA Session.

This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call back function of IpSecVisitConfigData().

Parameters:
[in] Type Type of the input Config Selector.
[in] Selector Pointer to the Configure Selector to be checked.
[in] Data Pointer to the Configure Selector's Data passed from the caller.
[in] SelectorSize The buffer size of Selector.
[in] DataSize The buffer size of the Data.
[in] Context The data passed from the caller. It is a Child SA Session in this context.
Return values:
EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
EFI_ABORTED The SPD Selector is related to the Child SA session and set the ChildSaSession->Spd to point to this SPD Selector.

References EFI_IPSEC_ANY_PORT, EFI_IPSEC_ANY_PROTOCOL, IKE_DEFAULT_PORT, IkeSearchSpdEntry(), IpSecMatchIpAddress(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPort, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, and IKEV2_SESSION_COMMON::UdpService.

Referenced by Ikev2ChildSaAssociateSpdEntry().

VOID Ikev2ParseProposalData ( IN IKEV2_PROPOSAL_DATA ProposalData,
OUT UINT16 *  PreferEncryptAlgorithm,
OUT UINT16 *  PreferIntegrityAlgorithm,
OUT UINT16 *  PreferPrfAlgorithm,
OUT UINT16 *  PreferDhGroup,
OUT UINTN *  PreferEncryptKeylength,
OUT BOOLEAN *  IsSupportEsn,
IN BOOLEAN  IsChildSa 
)

Get the preferred algorithm types from ProposalData.

Parameters:
[in] ProposalData Pointer to related IKEV2_PROPOSAL_DATA.
[out] PreferEncryptAlgorithm Output of preferred encrypt algorithm.
[out] PreferIntegrityAlgorithm Output of preferred integrity algorithm.
[out] PreferPrfAlgorithm Output of preferred PRF algorithm. Only for IKE SA.
[out] PreferDhGroup Output of preferred DH group. Only for IKE SA.
[out] PreferEncryptKeylength Output of preferred encrypt key length in bytes.
[out] IsSupportEsn Output of value about the Extented Sequence Number is support or not. Only for Child SA.
[in] IsChildSa If it is ture, the ProposalData is for IKE SA. Otherwise the proposalData is for Child SA.

References IKE_SA_ATTRIBUTE::Attr, IKEV2_TRANSFORM_DATA::Attribute, IKE_SA_ATTRIBUTE::AttrType, IKE_SA_ATTR_UNION::AttrValue, IKE_AUTH_TYPE, IKE_DH_TYPE, IKE_ENCRYPT_TYPE, IKE_PRF_TYPE, IKEV2_ATTRIBUTE_TYPE_KEYLEN, IKEV2_TRANSFORM_TYPE_DH, IKEV2_TRANSFORM_TYPE_ENCR, IKEV2_TRANSFORM_TYPE_ESN, IKEV2_TRANSFORM_TYPE_INTEG, IKEV2_TRANSFORM_TYPE_PRF, Ikev2IsSupportAlg(), IpSecGetEncryptKeyLength(), IKEV2_TRANSFORM_DATA::TransformId, and IKEV2_TRANSFORM_DATA::TransformType.

Referenced by Ikev2ChildSaParseSaPayload(), and Ikev2SaParseSaPayload().

VOID EFIAPI Ikev2ResendNotify ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

EFI_STATUS Ikev2SaGenerateKey ( IN UINT8  HashAlgId,
IN UINT8 *  HashKey,
IN UINTN  HashKeyLength,
IN OUT UINT8 *  OutputKey,
IN UINTN  OutputKeyLength,
IN PRF_DATA_FRAGMENT Fragments,
IN UINTN  NumFragments 
)

Generate Key buffer from fragments.

If the digest length of specified HashAlgId is larger than or equal with the required output key length, derive the key directly. Otherwise, Key Material needs to be PRF-based concatenation according to 2.13 of RFC 4306: prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01), T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04) then derive the key from this key material.

Parameters:
[in] HashAlgId The Hash Algorithm ID used to generate key.
[in] HashKey Pointer to a key buffer which contains hash key.
[in] HashKeyLength The length of HashKey in bytes.
[in,out] OutputKey Pointer to buffer which is used to receive the output key.
[in] OutputKeyLength The length of OutPutKey buffer.
[in] Fragments Pointer to the data to be used to generate key.
[in] NumFragments The numbers of the Fragement.
Return values:
EFI_SUCCESS The operation complete successfully.
EFI_INVALID_PARAMETER If NumFragments is zero.
EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
Others The operation is failed.

References PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IpSecCryptoIoHmac(), and IpSecGetHmacDigestLength().

Referenced by Ikev2GenerateChildSaKeys(), and Ikev2GenerateSaKeys().

BOOLEAN Ikev2SaParseSaPayload ( IN OUT IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD SaPayload,
IN UINT8  Type 
)

Parse the received Initial Exchange Packet.

This function parse the SA Payload and Key Payload to find out the cryptographic suite for the further IKE negotiation and fill it into the IKE SA Session's CommonSession->SaParams.

Parameters:
[in,out] IkeSaSession Pointer to related IKEV2_SA_SESSION.
[in] SaPayload The received packet.
[in] Type The received packet IKE header flag.
Return values:
TRUE If the SA proposal in Packet is acceptable.
FALSE If the SA proposal in Packet is not acceptable.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, Ikev2ParseProposalData(), IPSEC_PROTO_ISAKMP, IKEV2_PROPOSAL_DATA::NumTransforms, and IKEV2_PROPOSAL_DATA::ProtocolId.

Referenced by Ikev2InitPskParser().

IKEV2_SA_SESSION* Ikev2SaSessionAlloc ( IN IPSEC_PRIVATE_DATA Private,
IN IKE_UDP_SERVICE UdpService 
)

VOID Ikev2SaSessionCommonFree ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

Free specified Seession Common. The session common would belong to a IKE SA or a Child SA.

Parameters:
[in] SessionCommon Pointer to a Session Common.

References IkePacketFree().

Referenced by Ikev2ChildSaSessionFree(), and Ikev2SaSessionFree().

VOID Ikev2SaSessionFree ( IN IKEV2_SA_SESSION IkeSaSession  ) 

VOID Ikev2SaSessionIncreaseMessageId ( IN IKEV2_SA_SESSION IkeSaSession  ) 

Increase the MessageID in IkeSaSession.

Parameters:
[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.

Referenced by Ikev2InfoGenerator().

VOID Ikev2SaSessionInsert ( IN LIST_ENTRY *  SaSessionList,
IN IKEV2_SA_SESSION IkeSaSession,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.

Parameters:
[in] SaSessionList Pointer to list to be inserted into.
[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the unique IKEV2_SA_SESSION.

References Ikev2SaSessionRemove().

Referenced by Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2SaSessionReg().

IKEV2_SA_SESSION* Ikev2SaSessionLookup ( IN LIST_ENTRY *  SaSessionList,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Find a IKEV2_SA_SESSION by the remote peer IP.

Parameters:
[in] SaSessionList SaSession List to be searched.
[in] RemotePeerIp Pointer to specified IP address.
Returns:
Pointer to IKEV2_SA_SESSION if find one or NULL.

References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.

Referenced by IkeNegotiate(), Ikev2HandleChildSa(), Ikev2HandleInfo(), Ikev2HandleSa(), Ikev2NegotiateSa(), and Ikev2OnPacketSent().

EFI_STATUS Ikev2SaSessionOnDeleting ( IN IKEV2_SA_SESSION IkeSaSession  ) 

Marking a SA session as on deleting.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION.
Return values:
EFI_SUCCESS Find the related SA session and marked it.

VOID Ikev2SaSessionReg ( IN IKEV2_SA_SESSION IkeSaSession,
IN IPSEC_PRIVATE_DATA Private 
)

Register the established IKEv2 SA into Private->Ikev2EstablishedList. If there is IKEV2_SA_SESSION with same remote peer IP, remove the old one then register the new one.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.
[in] Private Pointer to IPSEC_PRAVATE_DATA.

References IKE_SA_DEFAULT_LIFETIME, Ikev2LifetimeNotify(), Ikev2SaSessionFree(), Ikev2SaSessionInsert(), Ikev2SaSessionRemove(), Ikev2SessionCommonRefresh(), IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SESSION_COMMON::TimeoutEvent.

Referenced by Ikev2HandleSa().

IKEV2_SA_SESSION* Ikev2SaSessionRemove ( IN LIST_ENTRY *  SaSessionList,
IN EFI_IP_ADDRESS *  RemotePeerIp 
)

Remove the SA Session by Remote Peer IP.

Parameters:
[in] SaSessionList Pointer to list to be searched.
[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
Return values:
Pointer to IKEV2_SA_SESSION with the specified remote IP address or NULL.

References IKEV2_SA_SESSION_BY_SESSION, IKEV2_SESSION_COMMON::RemotePeerIp, and IKEV2_SA_SESSION::SessionCommon.

Referenced by Ikev2HandleSa(), Ikev2ResendNotify(), Ikev2SaSessionInsert(), and Ikev2SaSessionReg().

VOID Ikev2SessionCommonRefresh ( IN IKEV2_SESSION_COMMON SessionCommon  ) 

After IKE/Child SA is estiblished, close the time event and free sent packet.

Parameters:
[in] SessionCommon Pointer to a Session Common.

References IkePacketFree().

Referenced by Ikev2ChildSaSessionReg(), and Ikev2SaSessionReg().

VOID Ikev2StoreSaData ( IN IKEV2_CHILD_SA_SESSION ChildSaSession  ) 

Store the SA into SAD.

Parameters:
[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.

References EfiIpSecConfigSetData(), _IPSEC_PRIVATE_DATA::IpSecConfig, and IKEV2_SESSION_COMMON::Private.

Referenced by Ikev2ChildSaSessionReg().

BOOLEAN Ikev2ValidateHeader ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_HEADER IkeHdr 
)

Validate the IKE header of received IKE packet.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this IKE packet.
[in] IkeHdr Pointer to IKE header of received IKE packet.
Return values:
TRUE If the IKE header is valid.
FALSE If the IKE header is invalid.

References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IkeStateAuth, IkeStateInit, IKEV2_EXCHANGE_TYPE_CREATE_CHILD, and IKEV2_EXCHANGE_TYPE_INFO.

Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().


Variable Documentation

UINT16 mIkev2AuthAlgorithmList[IKEV2_SUPPORT_AUTH_ALGORITHM_NUM]

Initial value:

Referenced by Ikev2IsSupportAlg().

UINT16 mIkev2DhGroupAlgorithmList[IKEV2_SUPPORT_DH_ALGORITHM_NUM]

UINT16 mIkev2EncryptAlgorithmList[IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM]

UINT16 mIkev2PrfAlgorithmList[IKEV2_SUPPORT_PRF_ALGORITHM_NUM]

Initial value:

Referenced by Ikev2IsSupportAlg().


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1