NetworkPkg/IpSecDxe/Ikev2/Payload.c File Reference


Defines

#define CONSTANT_KEY_SIZE   17

Functions

IKE_PAYLOADIkev2GenerateSaPayload (IN IKEV2_SA_DATA *SessionSaData, IN UINT8 NextPayload, IN IKE_SESSION_TYPE Type)
IKE_PAYLOADIkev2GenerateNoncePayload (IN UINT8 *NonceBuf, IN UINTN NonceSize, IN UINT8 NextPayload)
IKE_PAYLOADIkev2GenerateKePayload (IN OUT IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload)
IKE_PAYLOADIkev2GenerateIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload)
IKE_PAYLOADIkev2GenerateCertIdPayload (IN IKEV2_SESSION_COMMON *CommonSession, IN UINT8 NextPayload, IN UINT8 *InCert, IN UINTN CertSize)
IKE_PAYLOADIkev2PskGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify)
IKE_PAYLOADIkev2CertGenerateAuthPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *IdPayload, IN UINT8 NextPayload, IN BOOLEAN IsVerify, IN UINT8 *UefiPrivateKey, IN UINTN UefiPrivateKeyLen, IN UINT8 *UefiKeyPwd, IN UINTN UefiKeyPwdLen)
IKE_PAYLOADIkev2GenerateTsPayload (IN IKEV2_CHILD_SA_SESSION *ChildSa, IN UINT8 NextPayload, IN BOOLEAN IsTunnel)
IKE_PAYLOADIkev2GenerateNotifyPayload (IN UINT8 ProtocolId, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 MessageType, IN UINT8 *SpiBuf, IN UINT8 *NotifyData, IN UINTN NotifyDataSize)
IKE_PAYLOADIkev2GenerateDeletePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 SpiSize, IN UINT16 SpiNum, IN UINT8 *SpiBuf)
IKE_PAYLOADIkev2GenerateCpPayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 CfgType)
EFI_STATUS Ikev2ParserNotifyCookiePayload (IN IKE_PAYLOAD *IkeNCookie, IN OUT IKEV2_SA_SESSION *IkeSaSession)
IKE_PAYLOADIkev2GenerateCertificatePayload (IN IKEV2_SA_SESSION *IkeSaSession, IN UINT8 NextPayload, IN UINT8 *Certificate, IN UINTN CertificateLen, IN UINT8 EncodeType, IN BOOLEAN IsRequest)
VOID ClearAllPayloads (IN IKE_PACKET *IkePacket)
IKEV2_SAIkev2EncodeSa (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKEV2_SA_DATA *SaData)
IKEV2_SA_DATAIkev2DecodeSa (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKEV2_SA *Sa)
EFI_STATUS Ikev2EncodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload)
EFI_STATUS Ikev2DecodePayload (IN UINT8 *SessionCommon, IN OUT IKE_PAYLOAD *IkePayload)
EFI_STATUS Ikev2DecodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType)
EFI_STATUS Ikev2EncodePacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN UINTN IkeType)
EFI_STATUS Ikev2DecryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket, IN OUT UINTN IkeType)
EFI_STATUS Ikev2EncryptPacket (IN IKEV2_SESSION_COMMON *SessionCommon, IN OUT IKE_PACKET *IkePacket)
VOID Ikev2OnPacketAccepted (IN IKEV2_SESSION_COMMON *SessionCommon, IN IKE_PACKET *IkePacket, IN UINT8 IkeType)
VOID EFIAPI Ikev2OnPacketSent (IN NET_BUF *Packet, IN UDP_END_POINT *EndPoint, IN EFI_STATUS IoStatus, IN VOID *Context)
EFI_STATUS Ikev2SendIkePacket (IN IKE_UDP_SERVICE *IkeUdpService, IN UINT8 *SessionCommon, IN IKE_PACKET *IkePacket, IN UINTN IkeType)

Variables

GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 mConstantKey [CONSTANT_KEY_SIZE]

Detailed Description

The implementation of Payloads Creation.

(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define CONSTANT_KEY_SIZE   17


Function Documentation

VOID ClearAllPayloads ( IN IKE_PACKET IkePacket  ) 

Remove and free all IkePayloads in the specified IkePacket.

Parameters:
[in] IkePacket The pointer of IKE_PACKET.

References IKE_PACKET_REMOVE_PAYLOAD, IKE_PAYLOAD_BY_PACKET, and IkePayloadFree().

Referenced by Ikev2DecodePacket(), and Ikev2EncryptPacket().

IKE_PAYLOAD* Ikev2CertGenerateAuthPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD IdPayload,
IN UINT8  NextPayload,
IN BOOLEAN  IsVerify,
IN UINT8 *  UefiPrivateKey,
IN UINTN  UefiPrivateKeyLen,
IN UINT8 *  UefiKeyPwd,
IN UINTN  UefiKeyPwdLen 
)

Generate a Authentication Payload for Certificate Auth method.

This function has two functions. One is creating a local Authentication Payload for sending and other is creating the remote Authentication data for verification when the IsVerify is TURE.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it when verify the authenticate payload.
[in] UefiKeyPwd Pointer to the password of UEFI private key. Ignore it when verify the authenticate payload.
[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when verify the authenticate payload.
Returns:
pointer to IKE Authentication payload for Cerifitcation method.

References IKEV2_AUTH::AuthMethod, PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_RSA, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoAuthDataWithCertificate(), IpSecCryptoIoHash(), IpSecCryptoIoHmac(), IpSecDumpBuf(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthCertParser().

EFI_STATUS Ikev2DecodePacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Decode the IKE packet.

This function first decrypts the IKE packet if needed , then separates the whole IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.

Parameters:
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing some parameter used by IKE packet decoding.
[in,out] IkePacket The IKE Packet to be decoded on input, and the decoded result on return.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supported.
Return values:
EFI_SUCCESS The IKE packet is decoded successfully.
Otherwise The IKE packet decoding is failed.

References ClearAllPayloads(), IKE_PACKET_APPEND_PAYLOAD, IkeHdrNetToHost(), IkePayloadAlloc(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INFO, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_SA_SESSION_FROM_COMMON, Ikev2DecodePayload(), Ikev2DecryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IPSEC_DUMP_BUF, IKE_PAYLOAD::IsPayloadBufExt, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.

Referenced by Ikev2HandleChildSa(), Ikev2HandleInfo(), and Ikev2HandleSa().

EFI_STATUS Ikev2DecodePayload ( IN UINT8 *  SessionCommon,
IN OUT IKE_PAYLOAD IkePayload 
)

The general interface for decoding Payload.

This function converts the received Payload into internal structure.

Parameters:
[in] SessionCommon Pointer to IKE Session Common used for decoding.
[in,out] IkePayload Pointer to IKE payload to be decoded as input, and store the decoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when decoding the SA payload.
EFI_SUCCESS Decoded successfully.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2DecodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2DecodePacket().

IKEV2_SA_DATA* Ikev2DecodeSa ( IN IKEV2_SESSION_COMMON SessionCommon,
IN IKEV2_SA Sa 
)

EFI_STATUS Ikev2DecryptPacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN OUT UINTN  IkeType 
)

Decrypt IKE packet.

This function decrypts the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during decrypting.
[in,out] IkePacket Pointer to IKE_PACKET to be decrypted as input, and the decrypted result as output.
[in,out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_INVALID_PARAMETER If the IKE packet length is zero or the IKE packet length is not aligned with Algorithm Block Size
EFI_SUCCESS Decrypt IKE packet successfully.

References HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, IkeHdrHostToNet(), IKEV2_SA_SESSION::IkeKeys, IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IkeSessionTypeIkeSa, IKEV2_CHILD_SA_SESSION_FROM_COMMON, IKEV2_PAYLOAD_TYPE_ENCRYPT, IKEV2_SA_SESSION_FROM_COMMON, IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoDecrypt(), IpSecCryptoIoHmac(), IpSecGetEncryptBlockSize(), IpSecGetIcvLength(), IKEV2_SESSION_COMMON::SaParams, IKEV2_SA_SESSION::SessionCommon, IKEV2_SESSION_KEYS::SkAiKey, IKEV2_SESSION_KEYS::SkAiKeySize, IKEV2_SESSION_KEYS::SkArKey, IKEV2_SESSION_KEYS::SkArKeySize, IKEV2_SESSION_KEYS::SkEiKey, IKEV2_SESSION_KEYS::SkEiKeySize, IKEV2_SESSION_KEYS::SkErKey, and IKEV2_SESSION_KEYS::SkErKeySize.

Referenced by Ikev2DecodePacket().

EFI_STATUS Ikev2EncodePacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Encode the IKE packet.

This function puts all Payloads into one payload then encrypt it if needed.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing some parameter used during IKE packet encoding.
[in,out] IkePacket Pointer to IKE_PACKET to be encoded as input, and the encoded result as output.
[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS Encode IKE packet successfully.
Otherwise Encode IKE packet failed.

References IKE_PAYLOAD_BY_PACKET, IkeHdrHostToNet(), IkeStateAuth, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_SA_SESSION_FROM_COMMON, Ikev2EncodePayload(), Ikev2EncryptPacket(), IKEV2_SA_SESSION::InitPacket, IKEV2_SA_SESSION::InitPacketSize, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SA_SESSION::RespPacket, and IKEV2_SA_SESSION::RespPacketSize.

Referenced by IkeNetbufFromPacket().

EFI_STATUS Ikev2EncodePayload ( IN UINT8 *  SessionCommon,
IN OUT IKE_PAYLOAD IkePayload 
)

General interface of payload encoding.

This function encodes the internal data structure into payload which is defined in RFC 4306. The IkePayload->PayloadBuf is used to store both the input payload and converted payload. Only the SA payload use the interal structure to store the attribute. Other payload use structure which is same with the RFC defined, for this kind payloads just do host order to network order change of some fields.

Parameters:
[in] SessionCommon Pointer to IKE Session Common used to encode the payload.
[in,out] IkePayload Pointer to IKE payload to be encoded as input, and store the encoded result as output.
Return values:
EFI_INVALID_PARAMETER Meet error when encoding the SA payload.
EFI_SUCCESS Encoded successfully.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_KEY_EXCHANGE::DhGroup, TRAFFIC_SELECTOR::EndPort, IKEV2_DUMP_PAYLOAD, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_DELETE, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2EncodeSa(), IKEV2_NOTIFY::MessageType, IKEV2_DELETE::NumSpis, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2EncodePacket().

IKEV2_SA* Ikev2EncodeSa ( IN IKEV2_SESSION_COMMON SessionCommon,
IN IKEV2_SA_DATA SaData 
)

EFI_STATUS Ikev2EncryptPacket ( IN IKEV2_SESSION_COMMON SessionCommon,
IN OUT IKE_PACKET IkePacket 
)

IKE_PAYLOAD* Ikev2GenerateCertIdPayload ( IN IKEV2_SESSION_COMMON CommonSession,
IN UINT8  NextPayload,
IN UINT8 *  InCert,
IN UINTN  CertSize 
)

Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] InCert Pointer to the Certificate which distinguished name will be added into the Id payload.
[in] CertSize Size of the Certificate.
Return values:
Pointer to ID IKE payload.

References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IpSecCryptoIoGetSubjectFromCert(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator().

IKE_PAYLOAD* Ikev2GenerateCertificatePayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8 *  Certificate,
IN UINTN  CertificateLen,
IN UINT8  EncodeType,
IN BOOLEAN  IsRequest 
)

Generate the Certificate payload or Certificate Request Payload.

Since the Certificate Payload structure is same with Certificate Request Payload, the only difference is that one contains the Certificate Data, other contains the acceptable certificateion CA. This function generate Certificate payload or Certificate Request Payload defined in RFC 4306, but all the fields in the payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] Certificate Pointer of buffer contains the certification data.
[in] CertificateLen The length of Certificate in byte.
[in] EncodeType Specified the Certificate Encodeing which is defined in RFC 4306.
[in] IsRequest To indicate create Certificate Payload or Certificate Request Payload. If it is TURE, create Certificate Payload. Otherwise, create Certificate Request Payload.
Return values:
a Pointer to IKE Payload whose payload buffer containing the Certificate payload or Certificated Request payload.

References IKEV2_CERT::CertEncoding, HASH_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, IKEV2_CERT::Header, IKE_AALG_SHA1HMAC, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IpSecCryptoIoGetPublicKeyFromCert(), IpSecCryptoIoHash(), IpSecGetHmacDigestLength(), IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2InitCertGenerator().

IKE_PAYLOAD* Ikev2GenerateCpPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8  CfgType 
)

Generate the Configuration payload.

This function generate configuration payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] CfgType The attribute type in the Configuration attribute.
Return values:
Pointer to IKE CP Payload.

References IKEV2_CFG_ATTRIBUTES::AttritType, IKEV2_CFG::CfgType, IKEV2_CFG::Header, IkePayloadAlloc(), IKEV2_CFG_TYPE_REQUEST, IKEV2_PAYLOAD_TYPE_CP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, and IKEV2_CFG_ATTRIBUTES::ValueLength.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().

IKE_PAYLOAD* Ikev2GenerateDeletePayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload,
IN UINT8  SpiSize,
IN UINT16  SpiNum,
IN UINT8 *  SpiBuf 
)

Generate the Delete payload.

Since the structure of Delete payload which defined in RFC 4306 is simple, there is no internal data structure for Delete payload. This function generate Delete payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
[in] NextPayload The next paylaod type in NextPayload field of the Delete payload.
[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.
[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
Return values:
a Pointer of IKE Delete Payload.

References IKEV2_DELETE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_DELETE, IPSEC_PROTO_IPSEC_ESP, IPSEC_PROTO_ISAKMP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKEV2_DELETE::NumSpis, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_DELETE::ProtocolId, and IKEV2_DELETE::SpiSize.

Referenced by Ikev2InfoGenerator().

IKE_PAYLOAD* Ikev2GenerateIdPayload ( IN IKEV2_SESSION_COMMON CommonSession,
IN UINT8  NextPayload 
)

Generate a ID payload.

Parameters:
[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
Return values:
Pointer to ID IKE payload.

References IKEV2_ID::Header, IKEV2_ID::IdType, IkePayloadAlloc(), IKEV2_ID_TYPE_IPV4_ADDR, IKEV2_ID_TYPE_IPV6_ADDR, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthPskGenerator().

IKE_PAYLOAD* Ikev2GenerateKePayload ( IN OUT IKEV2_SA_SESSION IkeSaSession,
IN UINT8  NextPayload 
)

Generate a Key Exchange payload according to the DH group type and save the public Key into IkeSaSession IkeKey field.

Parameters:
[in,out] IkeSaSession Pointer of the IKE_SA_SESSION.
[in] NextPayload The payload type presented in the NextPayload field of Key Exchange Payload header.
Return values:
Pointer to Key IKE payload.

References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_KEY_EXCHANGE::DhGroup, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxSize, IKEV2_KEY_EXCHANGE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_KE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateNoncePayload ( IN UINT8 *  NonceBuf,
IN UINTN  NonceSize,
IN UINT8  NextPayload 
)

Generate a Nonce payload containing the input parameter NonceBuf.

Parameters:
[in] NonceBuf The nonce buffer contains the whole Nonce payload block except the payload header.
[in] NonceSize The buffer size of the NonceBuf
[in] NextPayload The payload type presented in the NextPayload field of Nonce Payload header.
Return values:
Pointer to Nonce IKE paload.

References IKEV2_NONCE::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NONCE, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateNotifyPayload ( IN UINT8  ProtocolId,
IN UINT8  NextPayload,
IN UINT8  SpiSize,
IN UINT16  MessageType,
IN UINT8 *  SpiBuf,
IN UINT8 *  NotifyData,
IN UINTN  NotifyDataSize 
)

Generate the Notify payload.

Since the structure of Notify payload which defined in RFC 4306 is simple, so there is no internal data structure for Notify payload. This function generate Notify payload defined in RFC 4306, but all the fields in this payload are still in host order and need call Ikev2EncodePayload() to convert those fields from the host order to network order beforing sending it.

Parameters:
[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1). For IPsec SAs it MUST be neither (2) for AH or (3) for ESP.
[in] NextPayload The next paylaod type in NextPayload field of the Notify payload.
[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.
[in] MessageType The message type in NotifyMessageType field of the Notify Payload.
[in] SpiBuf Pointer to buffer contains the SPI value.
[in] NotifyData Pointer to buffer contains the notification data.
[in] NotifyDataSize The size of NotifyData in bytes.
Return values:
Pointer to IKE Notify Payload.

References IKEV2_NOTIFY::Header, IkePayloadAlloc(), IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.

Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), Ikev2CreateChildGenerator(), and Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateSaPayload ( IN IKEV2_SA_DATA SessionSaData,
IN UINT8  NextPayload,
IN IKE_SESSION_TYPE  Type 
)

Generate Ikev2 SA payload according to SessionSaData

Parameters:
[in] SessionSaData The data used in SA payload.
[in] NextPayload The payload type presented in NextPayload field of SA Payload header.
[in] Type The SA type. It MUST be neither (1) for IKE_SA or (2) for CHILD_SA or (3) for INFO.
Return values:
a Pointer to SA IKE payload.

References IKEV2_SA::Header, IkePayloadAlloc(), IkeSessionTypeIkeSa, IKEV2_PAYLOAD_TYPE_SA, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadType, and IKEV2_SA_DATA::SaHeader.

Referenced by Ikev2AuthCertGenerator(), Ikev2AuthPskGenerator(), and Ikev2InitPskGenerator().

IKE_PAYLOAD* Ikev2GenerateTsPayload ( IN IKEV2_CHILD_SA_SESSION ChildSa,
IN UINT8  NextPayload,
IN BOOLEAN  IsTunnel 
)

Generate TS payload.

This function generates TSi or TSr payload according to type of next payload. If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate TSr payload.

Parameters:
[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.
[in] NextPayload The payload type presented in the NextPayload field of ID Payload header.
[in] IsTunnel It indicates that if the Ts Payload is after the CP payload. If yes, it means the Tsi and Tsr payload should be with Max port range and address range and protocol is marked as zero.
Return values:
Pointer to Ts IKE payload.

References TRAFFIC_SELECTOR::EndPort, IKEV2_TS::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, IKEV2_TS_ANY_PORT, IKEV2_TS_ANY_PROTOCOL, IKEV2_TS_TYPE_IPV4_ADDR_RANGE, IKEV2_TS_TYPS_IPV6_ADDR_RANGE, TRAFFIC_SELECTOR::IpProtocolId, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, TRAFFIC_SELECTOR::SelecorLen, TRAFFIC_SELECTOR::StartPort, IKEV2_TS::TSNumbers, and TRAFFIC_SELECTOR::TSType.

Referenced by Ikev2AuthCertGenerator(), and Ikev2AuthPskGenerator().

VOID Ikev2OnPacketAccepted ( IN IKEV2_SESSION_COMMON SessionCommon,
IN IKE_PACKET IkePacket,
IN UINT8  IkeType 
)

Save some useful payloads after accepting the Packet.

Parameters:
[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.
[in] IkePacket Pointer to received IkePacet.
[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info exchange.

VOID EFIAPI Ikev2OnPacketSent ( IN NET_BUF *  Packet,
IN UDP_END_POINT *  EndPoint,
IN EFI_STATUS  IoStatus,
IN VOID *  Context 
)

The notification function. It will be called when the related UDP_TX_TOKEN's event is signaled.

This function frees the Net Buffer pointed to the input Packet.

Parameters:
[in] Packet Pointer to Net buffer containing the sending IKE packet.
[in] EndPoint Pointer to UDP_END_POINT containing the remote and local address information.
[in] IoStatus The Status of the related UDP_TX_TOKEN.
[in] Context Pointer to data passed from the caller.

References IKEV2_SA_SESSION::BySessionTable, IKEV2_SA_SESSION::ChildSaEstablishSessionList, IKEV2_SA_SESSION::DeleteSaList, IkePacketFree(), _IPSEC_PRIVATE_DATA::Ikev1EstablishedList, IKEV2_DELET_CHILDSA_LIST, Ikev2ChildSaSessionLookupBySpi(), Ikev2ChildSaSessionRemove(), Ikev2ChildSaSilentDelete(), _IPSEC_PRIVATE_DATA::Ikev2EstablishedList, Ikev2SaSessionFree(), Ikev2SaSessionLookup(), IKEV2_SA_SESSION::InitiatorCookie, _IPSEC_PRIVATE_DATA::IpSec, IPSEC_STATUS_DISABLED, IPSECCONFIG_STATUS_NAME, IKE_PACKET::IsDeleteInfo, _IPSEC_PRIVATE_DATA::IsIPsecDisabling, IKEV2_CHILD_SA_SESSION::LocalPeerSpi, IKE_PACKET::Private, IKE_PACKET::RemotePeerIp, IKEV2_SA_SESSION::ResponderCookie, and IKE_PACKET::Spi.

Referenced by Ikev2SendIkePacket().

EFI_STATUS Ikev2ParserNotifyCookiePayload ( IN IKE_PAYLOAD IkeNCookie,
IN OUT IKEV2_SA_SESSION IkeSaSession 
)

Parser the Notify Cookie payload.

This function parses the Notify Cookie payload.If the Notify ProtocolId is not IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not the COOKIE, return EFI_INVALID_PARAMETER.

Parameters:
[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the Notify Cookie payload. the Notify payload.
[in,out] IkeSaSession Pointer to the relevant IKE SA Session.
Return values:
EFI_SUCCESS The Notify Cookie Payload is valid.
EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.
EFI_OUT_OF_RESOURCE The required resource can't be allocated.

References IKEV2_NOTIFY::Header, IKEV2_NOTIFICATION_COOKIE, IPSEC_PROTO_ISAKMP, IKEV2_NOTIFY::MessageType, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKEV2_NOTIFY::ProtocolId, and IKEV2_NOTIFY::SpiSize.

Referenced by Ikev2InitPskParser().

IKE_PAYLOAD* Ikev2PskGenerateAuthPayload ( IN IKEV2_SA_SESSION IkeSaSession,
IN IKE_PAYLOAD IdPayload,
IN UINT8  NextPayload,
IN BOOLEAN  IsVerify 
)

Generate a Authentication Payload.

This function is used for both Authentication generation and verification. When the IsVerify is TRUE, it create a Auth Data for verification. This function choose the related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type and the value of IsVerify parameter.

Parameters:
[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
[in] IdPayload Pointer to the ID payload to be used for Authentication payload generation.
[in] NextPayload The type filled into the Authentication Payload next payload field.
[in] IsVerify If it is TURE, the Authentication payload is used for verification.
Returns:
pointer to IKE Authentication payload for Pre-shared key method.

References IKEV2_AUTH::AuthMethod, CONSTANT_KEY_SIZE, HASH_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, PRF_DATA_FRAGMENT::DataSize, IKEV2_AUTH::Header, IkePayloadAlloc(), IkePayloadFree(), IKEV2_AUTH_METHOD_SKMI, IKEV2_PAYLOAD_TYPE_AUTH, IpSecCryptoIoHmac(), IpSecGetHmacDigestLength(), mConstantKey, IKEV2_COMMON_PAYLOAD_HEADER::NextPayload, IKE_PAYLOAD::PayloadBuf, IKEV2_COMMON_PAYLOAD_HEADER::PayloadLength, IKE_PAYLOAD::PayloadSize, and IKE_PAYLOAD::PayloadType.

Referenced by Ikev2AuthPskGenerator(), and Ikev2AuthPskParser().

EFI_STATUS Ikev2SendIkePacket ( IN IKE_UDP_SERVICE IkeUdpService,
IN UINT8 *  SessionCommon,
IN IKE_PACKET IkePacket,
IN UINTN  IkeType 
)

Send out IKEV2 packet.

Parameters:
[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.
[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.
[in] IkePacket Pointer to IKE_PACKET to be sent out.
[in] IkeType The type of IKE to point what's kind of the IKE packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE and IKE_CHILD_TYPE are supportted.
Return values:
EFI_SUCCESS The operation complete successfully.
Otherwise The operation is failed.

References IKE_DEFAULT_PORT, IKE_DEFAULT_TIMEOUT_INTERVAL, IKE_HEADER_FLAGS_INIT, IKE_PACKET_REF, IkeNetbufFromPacket(), IkePacketFree(), Ikev2OnPacketSent(), IPSEC_DUMP_PACKET, IKEV2_SESSION_COMMON::LastSentPacket, IKEV2_SESSION_COMMON::LocalPeerIp, IKEV2_SESSION_COMMON::RemotePeerIp, IKEV2_SESSION_COMMON::TimeoutEvent, and IKEV2_SESSION_COMMON::TimeoutInterval.

Referenced by Ikev2HandleChildSa(), Ikev2HandleSa(), Ikev2InfoParser(), Ikev2NegotiateChildSa(), Ikev2NegotiateInfo(), Ikev2NegotiateSa(), and Ikev2ResendNotify().


Variable Documentation

GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 mConstantKey[CONSTANT_KEY_SIZE]

Initial value:

{
  'K', 'e', 'y', ' ', 'P', 'a', 'd', ' ', 'f', 'o', 'r', ' ', 'I', 'K', 'E', 'v', '2'
}

Referenced by Ikev2PskGenerateAuthPayload().


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1