NetworkPkg/IpSecDxe/Ikev2/Exchange.c File Reference


Functions

EFI_STATUS Ikev2NegotiateSa (IN IKE_UDP_SERVICE *UdpService, IN IPSEC_SPD_ENTRY *SpdEntry, IN IPSEC_PAD_ENTRY *PadEntry, IN EFI_IP_ADDRESS *RemoteIp)
EFI_STATUS Ikev2NegotiateChildSa (IN UINT8 *IkeSaSession, IN IPSEC_SPD_ENTRY *SpdEntry, IN UINT8 *Context)
EFI_STATUS Ikev2NegotiateInfo (IN UINT8 *IkeSaSession, IN UINT8 *Context)
VOID Ikev2HandleSa (IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)
VOID Ikev2HandleChildSa (IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)
VOID Ikev2HandleInfo (IN IKE_UDP_SERVICE *UdpService, IN IKE_PACKET *IkePacket)

Variables

IKE_EXCHANGE_INTERFACE mIkev1Exchange
IKE_EXCHANGE_INTERFACE mIkev2Exchange

Detailed Description

The general interfaces of the IKEv2.

Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

VOID Ikev2HandleChildSa ( IN IKE_UDP_SERVICE UdpService,
IN IKE_PACKET IkePacket 
)

The general interface when received a IKEv2 packet for the IKE Child SA establishing or IKE SA/CHILD SA rekeying.

This function first find the related IKE SA Session according to the IKE packet's remote IP. Then call the corresponding function to handle this IKE packet according to the related IKE Child Session's State.

Parameters:
[in] UdpService Pointer of related UDP Service.
[in] IkePacket Data passed by caller.

References IKEV2_PACKET_HANDLER::Generator, IKE_HEADER_FLAGS_RESPOND, IkePacketFree(), IkeRequestTypeCreateChildSa, IkeRequestTypeRekeyChildSa, IkeRequestTypeRekeyIkeSa, IkeSessionTypeIkeSa, Ikev2ChildExchangeRequestType(), Ikev2DecodePacket(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionLookup(), Ikev2SendIkePacket(), Ikev2ValidateHeader(), IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IKEV2_SA_SESSION::MessageId, mIkev2CreateChild, IKEV2_PACKET_HANDLER::Parser, and IKEV2_SA_SESSION::SessionCommon.

VOID Ikev2HandleInfo ( IN IKE_UDP_SERVICE UdpService,
IN IKE_PACKET IkePacket 
)

It is general interface to handle IKEv2 information Exchange.

Parameters:
[in] UdpService Point to IKE UPD Service related to this information exchange.
[in] IkePacket The IKE packet to be parsed.

References IkeSessionTypeIkeSa, Ikev2DecodePacket(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionLookup(), Ikev2ValidateHeader(), IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, mIkev2Info, IKEV2_PACKET_HANDLER::Parser, and IKEV2_SA_SESSION::SessionCommon.

VOID Ikev2HandleSa ( IN IKE_UDP_SERVICE UdpService,
IN IKE_PACKET IkePacket 
)

The general interface when received a IKEv2 packet for the IKE SA establishing.

This function first find the related IKE SA Session according to the IKE packet's remote IP. Then call the corresponding function to handle this IKE packet according to the related IKE SA Session's State.

Parameters:
[in] UdpService Pointer of related UDP Service.
[in] IkePacket Data passed by caller.

References IKEV2_CHILD_SA_SESSION::ByIkeSa, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_PAD_ENTRY::Data, IKEV2_PACKET_HANDLER::Generator, IkeSessionTypeIkeSa, IkeStateAuth, IkeStateIkeSaEstablished, IkeStateInit, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DUMP_STATE, IKEV2_ESTABLISHING_CHILDSA_LIST, Ikev2ChildSaSessionCreate(), Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionReg(), Ikev2ChildSaSessionRemove(), Ikev2DecodePacket(), Ikev2InitializeSaData(), Ikev2SaSessionAlloc(), Ikev2SaSessionFree(), Ikev2SaSessionInsert(), Ikev2SaSessionLookup(), Ikev2SaSessionReg(), Ikev2SaSessionRemove(), Ikev2SendIkePacket(), _IPSEC_PRIVATE_DATA::Ikev2SessionList, Ikev2ValidateHeader(), IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IpSecLookupPadEntry(), IKEV2_SESSION_COMMON::IsInitiator, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, mIkev2Initial, IKEV2_SA_SESSION::Pad, IKEV2_PACKET_HANDLER::Parser, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.

EFI_STATUS Ikev2NegotiateChildSa ( IN UINT8 *  IkeSaSession,
IN IPSEC_SPD_ENTRY SpdEntry,
IN UINT8 *  Context 
)

It is general interface to negotiate the Child SA.

There are three situations which will invoke this function. First, create a CHILD SA if the input Context is NULL. Second, rekeying the existing IKE SA if the Context is a IKEv2_SA_SESSION. Third, rekeying the existing CHILD SA if the context is a IKEv2_CHILD_SA_SESSION.

Parameters:
[in] IkeSaSession Pointer to IKEv2_SA_SESSION related to this operation.
[in] SpdEntry Pointer to IPSEC_SPD_ENTRY related to this operation.
[in] Context The data pass from the caller.
Return values:
EFI_SUCCESS The operation is successful.
EFI_OUT_OF_RESOURCES The required system resource can't be allocated.
EFI_UNSUPPORTED The condition is not support yet.
Returns:
Others The operation is failed.

References IKEV2_SA_SESSION::ChildSaSessionList, EFI_IPSEC_ANY_PORT, EFI_IPSEC_ANY_PROTOCOL, IKEV2_PACKET_HANDLER::Generator, IkePacketFree(), IkeStateCreateChild, IKEV2_DUMP_STATE, Ikev2ChildSaSessionAlloc(), Ikev2ChildSaSessionFree(), Ikev2ChildSaSessionInsert(), Ikev2InitializeSaData(), Ikev2SendIkePacket(), IKEV2_SESSION_COMMON::IsInitiator, IKEV2_CHILD_SA_SESSION::LocalPort, mIkev2CreateChild, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, IKEV2_SESSION_COMMON::State, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::UdpService.

EFI_STATUS Ikev2NegotiateInfo ( IN UINT8 *  IkeSaSession,
IN UINT8 *  Context 
)

It is general interface to start the Information Exchange.

There are three situations which will invoke this function. First, deliver a Delete Information to delete the IKE SA if the input Context is NULL and the state of related IkeSaSeesion's is on deleting.Second, deliver a Notify Information without the contents if the input Context is NULL. Third, deliver a Notify Information if the input Context is not NULL.

Parameters:
[in] IkeSaSession Pointer to IKEv2_SA_SESSION related to this operation.
[in] Context Data passed by caller.
Return values:
EFI_SUCCESS The operation is successful.
EFI_OUT_OF_RESOURCES The required system resource can't be allocated.
EFI_UNSUPPORTED The condition is not support yet.
Returns:
Otherwise The operation is failed.

References IKEV2_SA_SESSION::DeleteSaList, IKEV2_PACKET_HANDLER::Generator, IkePacketFree(), IkeStateSaDeleting, IKEV2_CHILD_SA_SESSION_BY_DEL_SA, Ikev2SendIkePacket(), mIkev2Info, IKE_UDP_SERVICE::Output, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_COMMON::State, and IKEV2_SESSION_COMMON::UdpService.

EFI_STATUS Ikev2NegotiateSa ( IN IKE_UDP_SERVICE UdpService,
IN IPSEC_SPD_ENTRY SpdEntry,
IN IPSEC_PAD_ENTRY PadEntry,
IN EFI_IP_ADDRESS *  RemoteIp 
)

General interface to intialize a IKEv2 negotiation.

Parameters:
[in] UdpService Point to Udp Servcie used for the IKE packet sending.
[in] SpdEntry Point to SPD entry related to this IKE negotiation.
[in] PadEntry Point to PAD entry related to this IKE negotiation.
[in] RemoteIp Point to IP Address which the remote peer to negnotiate.
Return values:
EFI_SUCCESS The operation is successful.
EFI_OUT_OF_RESOURCES The required system resource can't be allocated.
EFI_INVALID_PARAMETER If UdpService or RemoteIp is NULL.
Returns:
Others The operation is failed.

References _IPSEC_PAD_ENTRY::Data, IKEV2_PACKET_HANDLER::Generator, IkePacketFree(), IkeStateInit, IKEV2_DUMP_STATE, IKEV2_TRANSFORM_ID_DH_1024MODP, Ikev2InitializeSaData(), Ikev2SaSessionAlloc(), Ikev2SaSessionFree(), Ikev2SaSessionInsert(), Ikev2SaSessionLookup(), Ikev2SendIkePacket(), _IPSEC_PRIVATE_DATA::Ikev2SessionList, IPSEC_PRIVATE_DATA_FROM_UDP4LIST, IPSEC_PRIVATE_DATA_FROM_UDP6LIST, IKEV2_SESSION_COMMON::IsInitiator, IKEV2_SESSION_COMMON::LocalPeerIp, mIkev2Initial, IKEV2_SA_SESSION::Pad, IKEV2_SESSION_COMMON::PreferDhGroup, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Spd, and IKEV2_SESSION_COMMON::State.


Variable Documentation

Initial value:

 {
  1,
  NULL, 
  NULL, 
  NULL,
  NULL, 
  NULL, 
  NULL, 
}


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1