Defines | |
#define | CONSTANT_KEY_SIZE 17 |
Functions | |
IKE_PAYLOAD * | Ikev2GenerateSaPayload (IN IKEV2_SA_DATA *SessionSaData, IN UINT8 NextPayload, IN IKE_SESSION_TYPE Type) |
IKE_PAYLOAD * | Ikev2GenerateNoncePayload (IN UINT8 *NonceBuf, IN UINTN NonceSize, IN UINT8 NextPayload) |
IKE_PAYLOAD * | Ikev2GenerateKePayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload) |
IKE_PAYLOAD * | Ikev2GenerateIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload) |
IKE_PAYLOAD * | Ikev2GenerateCertIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload, IN UINT8 *InCert, IN UINTN CertSize) |
IKE_PAYLOAD * | Ikev2PskGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify) |
IKE_PAYLOAD * | Ikev2CertGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify, IN UINT8 *UefiPrivateKey, IN UINTN UefiPrivateKeyLen, IN UINT8 *UefiKeyPwd, IN UINTN UefiKeyPwdLen) |
IKE_PAYLOAD * | Ikev2GenerateTsPayload (IN IKEV2_CHILD_SA_SESSION *ChildSa, IN UINT8 NextPayload, IN BOOLEAN IsTunnel) |
IKE_PAYLOAD * | Ikev2GenerateNotifyPayload (IN UINT8 ProtocolId, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 MessageType, IN UINT8 *SpiBuf, IN UINT8 *NotifyData, IN UINTN NotifyDataSize) |
IKE_PAYLOAD * | Ikev2GenerateDeletePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 SpiNum, IN UINT8 *SpiBuf) |
IKE_PAYLOAD * | Ikev2GenerateCpPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 CfgType) |
EFI_STATUS | Ikev2ParserNotifyCookiePayload (IN IKE_PAYLOAD *IkeNCookie, IN OUT IKEV2_SA_SESSION *IkeSaSession) |
IKE_PAYLOAD * | Ikev2GenerateCertificatePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 *Certificate, IN UINTN CertificateLen, IN UINT8 EncodeType, IN BOOLEAN IsRequest) |
VOID | ClearAllPayloads (IN IKE_PACKET *IkePacket) |
IKEV2_SA * | Ikev2EncodeSa (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKEV2_SA_DATA *SaData) |
IKEV2_SA_DATA * | Ikev2DecodeSa (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKEV2_SA *Sa) |
EFI_STATUS | Ikev2EncodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload) |
EFI_STATUS | Ikev2DecodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload) |
EFI_STATUS | Ikev2DecodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType) |
EFI_STATUS | Ikev2EncodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType) |
EFI_STATUS | Ikev2DecryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN OUT UINTN IkeType) |
EFI_STATUS | Ikev2EncryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket) |
VOID | Ikev2OnPacketAccepted (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKE_PACKET *IkePacket, IN UINT8 IkeType) |
VOID EFIAPI | Ikev2OnPacketSent (IN NET_BUF *Packet, IN UDP_END_POINT *EndPoint, IN EFI_STATUS IoStatus, IN VOID *Context) |
EFI_STATUS | Ikev2SendIkePacket (IN IKE_UDP_SERVICE *IkeUdpService, IN UINT8 *SessionCommon, IN IKE_PACKET *IkePacket, IN UINTN IkeType) |
Variables | |
GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 | mConstantKey [CONSTANT_KEY_SIZE] |
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define CONSTANT_KEY_SIZE 17 |
Referenced by Ikev2PskGenerateAuthPayload().
VOID ClearAllPayloads | ( | IN IKE_PACKET * | IkePacket | ) |
Remove and free all IkePayloads in the specified IkePacket.
[in] | IkePacket | The pointer of IKE_PACKET. |
References IKE_PACKET_REMOVE_PAYLOAD, IKE_PAYLOAD_BY_PACKET, and IkePayloadFree().
Referenced by Ikev2DecodePacket(), and Ikev2EncryptPacket().
IKE_PAYLOAD* Ikev2CertGenerateAuthPayload | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_PAYLOAD * | IdPayload, | |||
IN UINT8 | NextPayload, | |||
IN BOOLEAN | IsVerify, | |||
IN UINT8 * | UefiPrivateKey, | |||
IN UINTN | UefiPrivateKeyLen, | |||
IN UINT8 * | UefiKeyPwd, | |||
IN UINTN | UefiKeyPwdLen | |||
) |
Generate a Authentication Payload for Certificate Auth method.
This function has two functions. One is creating a local Authentication Payload for sending and other is creating the remote Authentication data for verification when the IsVerify is TURE.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION related to. |
[in] | IdPayload | Pointer to the ID payload to be used for Authentication payload generation. |
[in] | NextPayload | The type filled into the Authentication Payload next payload field. |
[in] | IsVerify | If it is TURE, the Authentication payload is used for verification. |
[in] | UefiPrivateKey | Pointer to the UEFI private key. Ignore it when verify the authenticate payload. |
[in] | UefiPrivateKeyLen | The size of UefiPrivateKey in bytes. Ignore it when verify the authenticate payload. |
[in] | UefiKeyPwd | Pointer to the password of UEFI private key. Ignore it when verify the authenticate payload. |
[in] | UefiKeyPwdLen | The size of UefiKeyPwd in bytes.Ignore it when verify the authenticate payload. |
References IKEV2_AUTH::AuthMethod, PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_RSA, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoAuthDataWithCertificate(), IpSecCryptoIoHash(), IpSecCryptoIoHmac(), IpSecDumpBuf(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthCertParser().
EFI_STATUS Ikev2DecodePacket | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN OUT IKE_PACKET * | IkePacket, | |||
IN UINTN | IkeType | |||
) |
Decode the IKE packet.
This function first decrypts the IKE packet if needed , then separates the whole IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.
[in] | SessionCommon | Pointer to IKEV1_SESSION_COMMON containing some parameter used by IKE packet decoding. |
[in,out] | IkePacket | The IKE Packet to be decoded on input, and the decoded result on return. |
[in] | IkeType | The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supported. |
EFI_SUCCESS | The IKE packet is decoded successfully. | |
Otherwise | The IKE packet decoding is failed. |
References ClearAllPayloads(), IKE_PACKET_APPEND_PAYLOAD, IkeHdrNetToHost(), IkePayloadAlloc(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INFO, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_SA_SESSION_FROM_COMMON, Ikev2DecodePayload(), Ikev2DecryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IPSEC_DUMP_BUF, IKE_PAYLOAD::IsPayloadBufExt, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.
Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().
EFI_STATUS Ikev2DecodePayload | ( | IN UINT8 * | SessionCommon, | |
IN OUT IKE_PAYLOAD * | IkePayload | |||
) |
The general interface for decoding Payload.
This function converts the received Payload into internal structure.
[in] | SessionCommon | Pointer to IKE Session Common used for decoding. |
[in,out] | IkePayload | Pointer to IKE payload to be decoded as input, and store the decoded result as output. |
EFI_INVALID_PARAMETER | Meet error when decoding the SA payload. | |
EFI_SUCCESS | Decoded successfully. |
References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2DecodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.
Referenced by Ikev2DecodePacket().
IKEV2_SA_DATA* Ikev2DecodeSa | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN IKEV2_SA * | Sa | |||
) |
Decode SA payload.
This function converts the received SA payload to internal data structure.
[in] | SessionCommon | Pointer to IKE Common Session used to decode the SA Payload. |
[in] | Sa | Pointer to SA Payload |
References IKE_SA_ATTRIBUTE::Attr, IKEV2_TRANSFORM_DATA::Attribute, IKE_SA_ATTRIBUTE::AttrType, IKE_SA_ATTR_UNION::AttrValue, IKEV2_TRANSFORM::Header, IKEV2_PROPOSAL::Header, IKE_PROPOSAL_NEXT_PAYLOAD_MORE, IKEV2_ATTRIBUTE_TYPE_KEYLEN, IKEV2_NEXT_PROPOSAL_WITH_SIZE, IKEV2_NEXT_TRANSFORM_WITH_SIZE, IKEV2_PROPOSAL_FIRST_TRANSFORM, IKEV2_SA_FIRST_PROPOSAL, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKEV2_SA_DATA::NumProposals, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_PROPOSAL::NumTransforms, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKEV2_PROPOSAL::ProposalIndex, IKEV2_PROPOSAL_DATA::ProposalIndex, IKEV2_PROPOSAL::ProtocolId, IKEV2_PROPOSAL_DATA::ProtocolId, SA_ATTR_FORMAT_BIT, IKEV2_PROPOSAL_DATA::Spi, IKEV2_PROPOSAL::SpiSize, IKEV2_TRANSFORM::TransformId, IKEV2_TRANSFORM_DATA::TransformId, IKEV2_TRANSFORM::TransformType, and IKEV2_TRANSFORM_DATA::TransformType.
Referenced by Ikev2DecodePayload().
EFI_STATUS Ikev2DecryptPacket | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN OUT IKE_PACKET * | IkePacket, | |||
IN OUT UINTN | IkeType | |||
) |
Decrypt IKE packet.
This function decrypts the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON containing some parameter used during decrypting. |
[in,out] | IkePacket | Pointer to IKE_PACKET to be decrypted as input, and the decrypted result as output. |
[in,out] | IkeType | The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted. |
EFI_INVALID_PARAMETER | If the IKE packet length is zero or the IKE packet length is not aligned with Algorithm Block Size | |
EFI_SUCCESS | Decrypt IKE packet successfully. |
References HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, IkeHdrHostToNet(), IKEV2_SA_SESSION::IkeKeys, IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IkeSessionTypeIkeSa, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_PAYLOAD_TYPE_ENCRYPT, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoDecrypt(), IpSecCryptoIoHmac(), IpSecGetEncryptBlockSize(), IpSecGetIcvLength(), IKEV2_SESSION_COMMON::SaParams, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkAiKeySize, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkArKeySize, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkEiKeySize, IKEV2_SESSION_KEYS::SkErKey, and IKEV2_SESSION_KEYS::SkErKeySize.
Referenced by Ikev2DecodePacket().
EFI_STATUS Ikev2EncodePacket | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN OUT IKE_PACKET * | IkePacket, | |||
IN UINTN | IkeType | |||
) |
Encode the IKE packet.
This function puts all Payloads into one payload then encrypt it if needed.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON containing some parameter used during IKE packet encoding. |
[in,out] | IkePacket | Pointer to IKE_PACKET to be encoded as input, and the encoded result as output. |
[in] | IkeType | The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted. |
EFI_SUCCESS | Encode IKE packet successfully. | |
Otherwise | Encode IKE packet failed. |
References IKE_PAYLOAD_BY_PACKET, IkeHdrHostToNet(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_SA_SESSION_FROM_COMMON, Ikev2EncodePayload(), Ikev2EncryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.
Referenced by IkeNetbufFromPacket().
EFI_STATUS Ikev2EncodePayload | ( | IN UINT8 * | SessionCommon, | |
IN OUT IKE_PAYLOAD * | IkePayload | |||
) |
General interface of payload encoding.
This function encodes the internal data structure into payload which is defined in RFC 4306. The IkePayload->PayloadBuf is used to store both the input payload and converted payload. Only the SA payload use the interal structure to store the attribute. Other payload use structure which is same with the RFC defined, for this kind payloads just do host order to network order change of some fields.
[in] | SessionCommon | Pointer to IKE Session Common used to encode the payload. |
[in,out] | IkePayload | Pointer to IKE payload to be encoded as input, and store the encoded result as output. |
EFI_INVALID_PARAMETER | Meet error when encoding the SA payload. | |
EFI_SUCCESS | Encoded successfully. |
References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2EncodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.
Referenced by Ikev2EncodePacket().
IKEV2_SA* Ikev2EncodeSa | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN IKEV2_SA_DATA * | SaData | |||
) |
Transfer the intrnal data structure IKEV2_SA_DATA to IKEV2_SA structure defined in RFC.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON related to the SA Session. |
[in] | SaData | Pointer to IKEV2_SA_DATA to be transfered. |
return | the pointer of IKEV2_SA. |
References IKE_SA_ATTRIBUTE::Attr, IKEV2_TRANSFORM_DATA::Attribute, IKE_SA_ATTRIBUTE::AttrType, IKE_SA_ATTR_UNION::AttrValue, IKEV2_PROPOSAL::Header, IKEV2_TRANSFORM::Header, IKEV2_SA::Header, IKE_PROPOSAL_NEXT_PAYLOAD_MORE, IKE_PROPOSAL_NEXT_PAYLOAD_NONE, IKE_TRANSFORM_NEXT_PAYLOAD_MORE, IKE_TRANSFORM_NEXT_PAYLOAD_NONE, IKEV2_ATTRIBUTE_TYPE_KEYLEN, IKEV2_TRANSFORM_TYPE_ENCR, IKEV2_TRANSFORM_TYPE_INTEG, MAX_SA_ATTRS_SIZE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKEV2_PROPOSAL::NumTransforms, IKEV2_PROPOSAL_DATA::NumTransforms, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKEV2_PROPOSAL_DATA::ProposalIndex, IKEV2_PROPOSAL::ProposalIndex, IKEV2_PROPOSAL_DATA::ProtocolId, IKEV2_PROPOSAL::ProtocolId, SA_ATTR_FORMAT_BIT, IKEV2_PROPOSAL_DATA::Spi, IKEV2_PROPOSAL::SpiSize, IKEV2_TRANSFORM_DATA::TransformId, IKEV2_TRANSFORM::TransformId, IKEV2_TRANSFORM_DATA::TransformType, and IKEV2_TRANSFORM::TransformType.
Referenced by Ikev2EncodePayload().
EFI_STATUS Ikev2EncryptPacket | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN OUT IKE_PACKET * | IkePacket | |||
) |
Encrypt IKE packet.
This function encrypt IKE packet before sending it. The Encrypted IKE packet is put in to IKEV2 Encrypted Payload.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON related to the IKE packet. |
[in,out] | IkePacket | Pointer to IKE packet to be encrypted. |
EFI_SUCCESS | Operation is successful. | |
Others | Operation is failed. |
References ClearAllPayloads(), HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, IKE_PACKET_APPEND_PAYLOAD, IKE_PAYLOAD_BY_PACKET, IkeGenerateIv(), IkeHdrHostToNet(), IKEV2_SA_SESSION::IkeKeys, IkePayloadAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IkeSessionTypeIkeSa, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_PAYLOAD_TYPE_ENCRYPT, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoEncrypt(), IpSecCryptoIoHmac(), IpSecGetEncryptBlockSize(), IpSecGetIcvLength(), IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SESSION_COMMON::SaParams, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkAiKeySize, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkArKeySize, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkEiKeySize, IKEV2_SESSION_KEYS::SkErKey, and IKEV2_SESSION_KEYS::SkErKeySize.
Referenced by Ikev2EncodePacket().
IKE_PAYLOAD* Ikev2GenerateCertIdPayload | ( | IN IKEV2_SESSION_COMMON * | CommonSession, | |
IN UINT8 | NextPayload, | |||
IN UINT8 * | InCert, | |||
IN UINTN | CertSize | |||
) |
Generate a ID payload.
[in] | CommonSession | Pointer to IKEV2_SESSION_COMMON related to ID payload. |
[in] | NextPayload | The payload type presented in the NextPayload field of ID Payload header. |
[in] | InCert | Pointer to the Certificate which distinguished name will be added into the Id payload. |
[in] | CertSize | Size of the Certificate. |
Pointer | to ID IKE payload. |
References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IpSecCryptoIoGetSubjectFromCert(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2AuthCertGenerator().
IKE_PAYLOAD* Ikev2GenerateCertificatePayload | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN UINT8 | NextPayload, | |||
IN UINT8 * | Certificate, | |||
IN UINTN | CertificateLen, | |||
IN UINT8 | EncodeType, | |||
IN BOOLEAN | IsRequest | |||
) |
Generate the Certificate payload or Certificate Request Payload.
Since the Certificate Payload structure is same with Certificate Request Payload, the only difference is that one contains the Certificate Data, other contains the acceptable certificateion CA. This function generate Certificate payload or Certificate Request Payload defined in RFC 4306, but all the fields in the payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.
[in] | IkeSaSession | Pointer to IKE SA Session to be used of Delete payload generation. |
[in] | NextPayload | The next paylaod type in NextPayload field of the Delete payload. |
[in] | Certificate | Pointer of buffer contains the certification data. |
[in] | CertificateLen | The length of Certificate in byte. |
[in] | EncodeType | Specified the Certificate Encodeing which is defined in RFC 4306. |
[in] | IsRequest | To indicate create Certificate Payload or Certificate Request Payload. If it is TURE, create Certificate Payload. Otherwise, create Certificate Request Payload. |
a | Pointer to IKE Payload whose payload buffer containing the Certificate payload or Certificated Request payload. |
References IKEV2_CERT::CertEncoding, HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_CERT::Header, IKE_AALG_SHA1HMAC, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IpSecCryptoIoGetPublicKeyFromCert(), IpSecCryptoIoHash(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2AuthCertGenerator(), and Ikev2InitCertGenerator().
IKE_PAYLOAD* Ikev2GenerateCpPayload | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN UINT8 | NextPayload, | |||
IN UINT8 | CfgType | |||
) |
Generate the Configuration payload.
This function generate configuration payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.
[in] | IkeSaSession | Pointer to IKE SA Session to be used for Delete payload generation. |
[in] | NextPayload | The next paylaod type in NextPayload field of the Delete payload. |
[in] | CfgType | The attribute type in the Configuration attribute. |
Pointer | to IKE CP Payload. |
References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_CFG::CfgType, IKEV2_CFG::Header, IkePayloadAlloc(), IKEV2_CFG_TYPE_REQUEST, IKEV2_PAYLOAD_TYPE_CP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, and IKEV2_CFG_ATTRIBUTES::ValueLength.
Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().
IKE_PAYLOAD* Ikev2GenerateDeletePayload | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN UINT8 | NextPayload, | |||
IN UINT8 | SpiSize, | |||
IN UINT16 | SpiNum, | |||
IN UINT8 * | SpiBuf | |||
) |
Generate the Delete payload.
Since the structure of Delete payload which defined in RFC 4306 is simple, there is no internal data structure for Delete payload. This function generate Delete payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.
[in] | IkeSaSession | Pointer to IKE SA Session to be used of Delete payload generation. |
[in] | NextPayload | The next paylaod type in NextPayload field of the Delete payload. |
[in] | SpiSize | Size of the SPI in SPI size field of the Delete Payload. |
[in] | SpiNum | Number of SPI in NumofSPIs field of the Delete Payload. |
[in] | SpiBuf | Pointer to buffer contains the SPI value. |
a | Pointer of IKE Delete Payload. |
References IKEV2_DELETE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_DELETE, IPSEC_PROTO_IPSEC_ESP, IPSEC_PROTO_ISAKMP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKEV2_DELETE::NumSpis, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_DELETE::ProtocolId, and IKEV2_DELETE::SpiSize.
Referenced by Ikev2InfoGenerator().
IKE_PAYLOAD* Ikev2GenerateIdPayload | ( | IN IKEV2_SESSION_COMMON * | CommonSession, | |
IN UINT8 | NextPayload | |||
) |
Generate a ID payload.
[in] | CommonSession | Pointer to IKEV2_SESSION_COMMON related to ID payload. |
[in] | NextPayload | The payload type presented in the NextPayload field of ID Payload header. |
Pointer | to ID IKE payload. |
References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_ID_TYPE_IPV4_ADDR, IKEV2_ID_TYPE_IPV6_ADDR, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2AuthPskGenerator().
IKE_PAYLOAD* Ikev2GenerateKePayload | ( | IN OUT IKEV2_SA_SESSION * | IkeSaSession, | |
IN UINT8 | NextPayload | |||
) |
Generate a Key Exchange payload according to the DH group type and save the public Key into IkeSaSession IkeKey field.
[in,out] | IkeSaSession | Pointer of the IKE_SA_SESSION. |
[in] | NextPayload | The payload type presented in the NextPayload field of Key Exchange Payload header. |
Pointer | to Key IKE payload. |
References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_KEY_EXCHANGE::DhGroup, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxSize, IKEV2_KEY_EXCHANGE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_KE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2InitPskGenerator().
IKE_PAYLOAD* Ikev2GenerateNoncePayload | ( | IN UINT8 * | NonceBuf, | |
IN UINTN | NonceSize, | |||
IN UINT8 | NextPayload | |||
) |
Generate a Nonce payload containing the input parameter NonceBuf.
[in] | NonceBuf | The nonce buffer contains the whole Nonce payload block except the payload header. |
[in] | NonceSize | The buffer size of the NonceBuf |
[in] | NextPayload | The payload type presented in the NextPayload field of Nonce Payload header. |
Pointer | to Nonce IKE paload. |
References IKEV2_NONCE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NONCE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2InitPskGenerator().
IKE_PAYLOAD* Ikev2GenerateNotifyPayload | ( | IN UINT8 | ProtocolId, | |
IN UINT8 | NextPayload, | |||
IN UINT8 | SpiSize, | |||
IN UINT16 | MessageType, | |||
IN UINT8 * | SpiBuf, | |||
IN UINT8 * | NotifyData, | |||
IN UINTN | NotifyDataSize | |||
) |
Generate the Notify payload.
Since the structure of Notify payload which defined in RFC 4306 is simple, so there is no internal data structure for Notify payload. This function generate Notify payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.
[in] | ProtocolId | The protocol type ID. For IKE_SA it MUST be one (1). For IPsec SAs it MUST be neither (2) for AH or (3) for ESP. |
[in] | NextPayload | The next paylaod type in NextPayload field of the Notify payload. |
[in] | SpiSize | Size of the SPI in SPI size field of the Notify Payload. |
[in] | MessageType | The message type in NotifyMessageType field of the Notify Payload. |
[in] | SpiBuf | Pointer to buffer contains the SPI value. |
[in] | NotifyData | Pointer to buffer contains the notification data. |
[in] | NotifyDataSize | The size of NotifyData in bytes. |
Pointer | to IKE Notify Payload. |
References IKEV2_NOTIFY::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.
Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), Ikev2CreateChildGenerator(), and Ikev2InitPskGenerator().
IKE_PAYLOAD* Ikev2GenerateSaPayload | ( | IN IKEV2_SA_DATA * | SessionSaData, | |
IN UINT8 | NextPayload, | |||
IN IKE_SESSION_TYPE | Type | |||
) |
Generate Ikev2 SA payload according to SessionSaData
[in] | SessionSaData | The data used in SA payload. |
[in] | NextPayload | The payload type presented in NextPayload field of SA Payload header. |
[in] | Type | The SA type. It MUST be neither (1) for IKE_SA or (2) for CHILD_SA or (3) for INFO. |
a | Pointer to SA IKE payload. |
References IKEV2_SA::Header, IkePayloadAlloc(), IkeSessionTypeIkeSa, IKEV2_PAYLOAD_TYPE_SA, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadType, and IKEV2_SA_DATA::SaHeader.
Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), and Ikev2InitPskGenerator().
IKE_PAYLOAD* Ikev2GenerateTsPayload | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSa, | |
IN UINT8 | NextPayload, | |||
IN BOOLEAN | IsTunnel | |||
) |
Generate TS payload.
This function generates TSi or TSr payload according to type of next payload. If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate TSr payload.
[in] | ChildSa | Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload. |
[in] | NextPayload | The payload type presented in the NextPayload field of ID Payload header. |
[in] | IsTunnel | It indicates that if the Ts Payload is after the CP payload. If yes, it means the Tsi and Tsr payload should be with Max port range and address range and protocol is marked as zero. |
Pointer | to Ts IKE payload. |
References TRAFFIC_SELECTOR::EndPort, IKEV2_TS::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, IKEV2_TS_ANY_PORT, IKEV2_TS_ANY_PROTOCOL, IKEV2_TS_TYPE_IPV4_ADDR_RANGE, IKEV2_TS_TYPS_IPV6_ADDR_RANGE, TRAFFIC_SELECTOR::IpProtocolId, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and TRAFFIC_SELECTOR::TSType.
Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().
VOID Ikev2OnPacketAccepted | ( | IN IKEV2_SESSION_COMMON * | SessionCommon, | |
IN IKE_PACKET * | IkePacket, | |||
IN UINT8 | IkeType | |||
) |
Save some useful payloads after accepting the Packet.
[in] | SessionCommon | Pointer to IKEV2_SESSION_COMMON related to the operation. |
[in] | IkePacket | Pointer to received IkePacet. |
[in] | IkeType | The type used to indicate it is in IkeSa or ChildSa or Info exchange. |
VOID EFIAPI Ikev2OnPacketSent | ( | IN NET_BUF * | Packet, | |
IN UDP_END_POINT * | EndPoint, | |||
IN EFI_STATUS | IoStatus, | |||
IN VOID * | Context | |||
) |
The notification function. It will be called when the related UDP_TX_TOKEN's event is signaled.
This function frees the Net Buffer pointed to the input Packet.
[in] | Packet | Pointer to Net buffer containing the sending IKE packet. |
[in] | EndPoint | Pointer to UDP_END_POINT containing the remote and local address information. |
[in] | IoStatus | The Status of the related UDP_TX_TOKEN. |
[in] | Context | Pointer to data passed from the caller. |
References IKEV2_SA_SESSION::BySessionTable, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_SA_SESSION::DeleteSaList, IkePacketFree(), _IPSEC_PRIVATE_DATA::Ikev1EstablishedList, IKEV2_DELET_CHILDSA_LIST, Ikev2ChildSaSessionLookupBySpi(), Ikev2ChildSaSessionRemove(), Ikev2ChildSaSilentDelete(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionFree(), Ikev2SaSessionLookup(), IKEV2_SA_SESSION::InitiatorCookie, _IPSEC_PRIVATE_DATA::IpSec, IPSEC_STATUS_DISABLED, IPSECCONFIG_STATUS_NAME, IKE_PACKET::IsDeleteInfo, _IPSEC_PRIVATE_DATA::IsIPsecDisabling, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKE_PACKET::Private, IKE_PACKET::RemotePeerIp, IKEV2_SA_SESSION::ResponderCookie, and IKE_PACKET::Spi.
Referenced by Ikev2SendIkePacket().
EFI_STATUS Ikev2ParserNotifyCookiePayload | ( | IN IKE_PAYLOAD * | IkeNCookie, | |
IN OUT IKEV2_SA_SESSION * | IkeSaSession | |||
) |
Parser the Notify Cookie payload.
This function parses the Notify Cookie payload.If the Notify ProtocolId is not IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not the COOKIE, return EFI_INVALID_PARAMETER.
[in] | IkeNCookie | Pointer to the IKE_PAYLOAD which contians the Notify Cookie payload. the Notify payload. |
[in,out] | IkeSaSession | Pointer to the relevant IKE SA Session. |
EFI_SUCCESS | The Notify Cookie Payload is valid. | |
EFI_INVALID_PARAMETER | The Notify Cookie Payload is invalid. | |
EFI_OUT_OF_RESOURCE | The required resource can't be allocated. |
References IKEV2_NOTIFY::Header, IKEV2_NOTIFICATION_COOKIE, IPSEC_PROTO_ISAKMP, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.
Referenced by Ikev2InitPskParser().
IKE_PAYLOAD* Ikev2PskGenerateAuthPayload | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_PAYLOAD * | IdPayload, | |||
IN UINT8 | NextPayload, | |||
IN BOOLEAN | IsVerify | |||
) |
Generate a Authentication Payload.
This function is used for both Authentication generation and verification. When the IsVerify is TRUE, it create a Auth Data for verification. This function choose the related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type and the value of IsVerify parameter.
[in] | IkeSaSession | Pointer to IKEV2_SA_SESSION related to. |
[in] | IdPayload | Pointer to the ID payload to be used for Authentication payload generation. |
[in] | NextPayload | The type filled into the Authentication Payload next payload field. |
[in] | IsVerify | If it is TURE, the Authentication payload is used for verification. |
References IKEV2_AUTH::AuthMethod, CONSTANT_KEY_SIZE, HASH_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_SKMI, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoHmac(), IpSecGetHmacDigestLength(), mConstantKey, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.
Referenced by Ikev2AuthPskGenerator(), and Ikev2AuthPskParser().
EFI_STATUS Ikev2SendIkePacket | ( | IN IKE_UDP_SERVICE * | IkeUdpService, | |
IN UINT8 * | SessionCommon, | |||
IN IKE_PACKET * | IkePacket, | |||
IN UINTN | IkeType | |||
) |
Send out IKEV2 packet.
[in] | IkeUdpService | Pointer to IKE_UDP_SERVICE used to send the IKE packet. |
[in] | SessionCommon | Pointer to IKEV1_SESSION_COMMON related to the IKE packet. |
[in] | IkePacket | Pointer to IKE_PACKET to be sent out. |
[in] | IkeType | The type of IKE to point what's kind of the IKE packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted. |
EFI_SUCCESS | The operation complete successfully. | |
Otherwise | The operation is failed. |
References IKE_DEFAULT_PORT, IKE_DEFAULT_TIMEOUT_INTERVAL, IKE_HEADER_FLAGS_INIT, IKE_PACKET_REF, IkeNetbufFromPacket(), IkePacketFree(), Ikev2OnPacketSent(), IPSEC_DUMP_PACKET, IKEV2_SESSION_COMMON::LastSentPacket, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::TimeoutInterval.
Referenced by Ikev2HandleChildSa(), Ikev2HandleSa(), Ikev2InfoParser(), Ikev2NegotiateChildSa(), Ikev2NegotiateInfo(), Ikev2NegotiateSa(), and Ikev2ResendNotify().
GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 mConstantKey[CONSTANT_KEY_SIZE] |
Initial value:
{ 'K', 'e', 'y', ' ', 'P', 'a', 'd', ' ', 'f', 'o', 'r', ' ', 'I', 'K', 'E', 'v', '2' }
Referenced by Ikev2PskGenerateAuthPayload().