Functions | |
EFI_STATUS | Ikev2GenerateSaDhPublicKey (IN IKEV2_SA_SESSION *IkeSaSession) |
EFI_STATUS | Ikev2GenerateSaKeys (IN IKEV2_SA_SESSION *IkeSaSession, IN IKE_PAYLOAD *KePayload) |
EFI_STATUS | Ikev2GenerateChildSaKeys (IN IKEV2_CHILD_SA_SESSION *ChildSaSession, IN IKE_PAYLOAD *KePayload) |
IKE_PACKET * | Ikev2InitPskGenerator (IN UINT8 *SaSession, IN VOID *Context) |
EFI_STATUS | Ikev2InitPskParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket) |
IKE_PACKET * | Ikev2AuthPskGenerator (IN UINT8 *SaSession, IN VOID *Context) |
EFI_STATUS | Ikev2AuthPskParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket) |
IKE_PACKET * | Ikev2InitCertGenerator (IN UINT8 *SaSession, IN VOID *Context) |
EFI_STATUS | Ikev2InitCertParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket) |
IKE_PACKET * | Ikev2AuthCertGenerator (IN UINT8 *SaSession, IN VOID *Context) |
EFI_STATUS | Ikev2AuthCertParser (IN UINT8 *SaSession, IN IKE_PACKET *IkePacket) |
EFI_STATUS | Ikev2GenerateSaDhComputeKey (IN IKEV2_DH_BUFFER *DhBuffer, IN IKE_PAYLOAD *KePayload) |
Variables | |
GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER | mIkev2Initial [][2] |
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
IKE_PACKET* Ikev2AuthCertGenerator | ( | IN UINT8 * | SaSession, | |
IN VOID * | Context | |||
) |
Generates the IKEv2 packet for IKE_AUTH exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION. |
[in] | Context | Context data passed by caller. |
Pointer | to IKEv2 Packet to be sent out. |
References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_PAD_ENTRY::Data, _IPSEC_SPD_ENTRY::Data, IKE_HEADER::ExchangeType, IKE_HEADER::Flags, IKE_PACKET::Header, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PACKET_APPEND_PAYLOAD, IkePacketAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT, IKEV2_CERT_ENCODEING_X509_CERT_SIGN, IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS, IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_NOTIFICATION_USE_TRANSPORT_MODE, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2CertGenerateAuthPayload(), Ikev2GenerateCertIdPayload(), Ikev2GenerateCertificatePayload(), Ikev2GenerateCpPayload(), Ikev2GenerateNotifyPayload(), Ikev2GenerateSaPayload(), Ikev2GenerateTsPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKE_HEADER::InitiatorCookie, IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKE_HEADER::MessageId, IKE_HEADER::NextPayload, IKEV2_SA_SESSION::Pad, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_SA_SESSION::ResponderCookie, IKE_HEADER::ResponderCookie, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Spd, IKEV2_SESSION_COMMON::UdpService, and IKE_HEADER::Version.
EFI_STATUS Ikev2AuthCertParser | ( | IN UINT8 * | SaSession, | |
IN IKE_PACKET * | IkePacket | |||
) |
Parses IKE_AUTH packet.
[in] | SaSession | Pointer to the IKE_SA_SESSION related to this packet. |
[in] | IkePacket | Pointer to the IKE_AUTH packet to be parsered. |
EFI_INVALID_PARAMETER | The IKEv2 packet is malformed or the SA proposal is unacceptable. | |
EFI_SUCCESS | The IKE packet is acceptable and the relative data is saved for furthure communication. | |
EFI_UNSUPPORTED | The certificate authentication is not supported. |
References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_SPD_ENTRY::Data, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PAYLOAD_BY_PACKET, IkePayloadFree(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeStateIkeSaEstablished, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DUMP_STATE, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CERT, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2CertGenerateAuthPayload(), Ikev2ChildSaAssociateSpdEntry(), Ikev2ChildSaParseSaPayload(), Ikev2ChildSaSessionSpdSelectorCreate(), Ikev2GenerateChildSaKeys(), IpSecCryptoIoVerifySignDataByCertificate(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKEV2_CHILD_SA_SESSION::LocalPort, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, IKEV2_SA_SESSION::Spd, IKEV2_CHILD_SA_SESSION::SpdSelector, IKEV2_SESSION_COMMON::State, and IKEV2_SESSION_COMMON::UdpService.
IKE_PACKET* Ikev2AuthPskGenerator | ( | IN UINT8 * | SaSession, | |
IN VOID * | Context | |||
) |
Generates the IKEv2 packet for IKE_AUTH exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION. |
[in] | Context | Context data passed by caller. |
Pointer | to IKE Packet to be sent out. |
References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_SPD_ENTRY::Data, IKE_HEADER::ExchangeType, IKE_HEADER::Flags, IKE_PACKET::Header, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PACKET_APPEND_PAYLOAD, IkePacketAlloc(), IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeSessionTypeChildSa, IKEV2_CFG_ATTR_INTERNAL_IP4_ADDRESS, IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_NOTIFICATION_USE_TRANSPORT_MODE, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_CP, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2GenerateCpPayload(), Ikev2GenerateIdPayload(), Ikev2GenerateNotifyPayload(), Ikev2GenerateSaPayload(), Ikev2GenerateTsPayload(), Ikev2PskGenerateAuthPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKE_HEADER::InitiatorCookie, IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKE_HEADER::MessageId, IKE_HEADER::NextPayload, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_SA_SESSION::ResponderCookie, IKE_HEADER::ResponderCookie, IKEV2_CHILD_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::Spd, IKEV2_SESSION_COMMON::UdpService, and IKE_HEADER::Version.
EFI_STATUS Ikev2AuthPskParser | ( | IN UINT8 * | SaSession, | |
IN IKE_PACKET * | IkePacket | |||
) |
Parses IKE_AUTH packet.
[in] | SaSession | Pointer to the IKE_SA_SESSION related to this packet. |
[in] | IkePacket | Pointer to the IKE_AUTH packet to be parsered. |
EFI_INVALID_PARAMETER | The IKE packet is malformed or the SA proposal is unacceptable. | |
EFI_SUCCESS | The IKE packet is acceptable and the relative data is saved for furthure communication. |
References IKEV2_SA_SESSION::ChildSaSessionList, _IPSEC_SPD_ENTRY::Data, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_PAYLOAD_BY_PACKET, IKEV2_CHILD_SA_SESSION::IkeSaSession, IkeStateIkeSaEstablished, IKEV2_CHILD_SA_SESSION_BY_IKE_SA, IKEV2_DUMP_STATE, IKEV2_EXCHANGE_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_AUTH, IKEV2_PAYLOAD_TYPE_ID_INIT, IKEV2_PAYLOAD_TYPE_ID_RSP, IKEV2_PAYLOAD_TYPE_SA, IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_RSP, Ikev2ChildSaAssociateSpdEntry(), Ikev2ChildSaParseSaPayload(), Ikev2ChildSaSessionSpdSelectorCreate(), Ikev2GenerateChildSaKeys(), Ikev2PskGenerateAuthPayload(), IKE_UDP_SERVICE::IpVersion, IKEV2_SESSION_COMMON::IsInitiator, IKEV2_CHILD_SA_SESSION::LocalPort, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, _IPSEC_SPD_DATA::ProcessingPolicy, IKEV2_CHILD_SA_SESSION::ProtoId, IKEV2_CHILD_SA_SESSION::RemotePort, IKEV2_CHILD_SA_SESSION::SessionCommon, IKEV2_SA_SESSION::SessionCommon, IKEV2_CHILD_SA_SESSION::Spd, IKEV2_SA_SESSION::Spd, IKEV2_CHILD_SA_SESSION::SpdSelector, IKEV2_SESSION_COMMON::State, and IKEV2_SESSION_COMMON::UdpService.
EFI_STATUS Ikev2GenerateChildSaKeys | ( | IN IKEV2_CHILD_SA_SESSION * | ChildSaSession, | |
IN IKE_PAYLOAD * | KePayload | |||
) |
Generates the Keys for the furthure IPsec Protocol.
[in] | ChildSaSession | Pointer to IKE Child SA Session. |
[in] | KePayload | Pointer to Key payload used to generate the Key. |
EFI_UNSUPPORTED | If one or more Algorithm Id is unsupported. | |
EFI_SUCCESS | The operation succeeded. |
[in] | ChildSaSession | Pointer to IKE Child SA Session. |
[in] | KePayload | Pointer to Key payload used to generate the Key. |
EFI_UNSUPPORTED | If one or more Algorithm Id is not supported. | |
EFI_SUCCESS | The operation succeeded. |
References PRF_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, Ikev2GenerateSaDhComputeKey(), Ikev2SaGenerateKey(), IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecGetEncryptKeyLength(), and IpSecGetHmacDigestLength().
Referenced by Ikev2AuthCertParser(), and Ikev2AuthPskParser().
EFI_STATUS Ikev2GenerateSaDhComputeKey | ( | IN IKEV2_DH_BUFFER * | DhBuffer, | |
IN IKE_PAYLOAD * | KePayload | |||
) |
Computes the DH Shared/Exchange Key.
Given peer's public key, this function computes the exchanged common key and stores it in the IKEv2 SA Session's GxyBuffer.
[in] | DhBuffer | Pointer to buffer of peer's puliic key. |
[in] | KePayload | Pointer to received key payload. |
EFI_SUCCESS | The operation succeeded. | |
Otherwise | The operation failed. |
References IPSEC_DUMP_BUF, and IpSecCryptoIoDhComputeKey().
Referenced by Ikev2GenerateChildSaKeys(), and Ikev2GenerateSaKeys().
EFI_STATUS Ikev2GenerateSaDhPublicKey | ( | IN IKEV2_SA_SESSION * | IkeSaSession | ) |
Generates the DH Key.
This generates the DH local public key and store it in the IKEv2 SA Session's GxBuffer.
[in] | IkeSaSession | Pointer to related IKE SA Session. |
EFI_SUCCESS | The operation succeeded. | |
Others | The operation failed. |
This generates the DH local public key and store it in the IKE SA Session's GxBuffer.
[in] | IkeSaSession | Pointer to related IKE SA Session. |
EFI_SUCCESS | The operation succeeded. | |
Others | The operation failed. |
References IKEV2_SESSION_KEYS::DhBuffer, IKEV2_DH_BUFFER::DhContext, MODP_GROUP::GroupGenerator, IKEV2_DH_BUFFER::GxBuffer, IKEV2_DH_BUFFER::GxSize, IPSEC_DUMP_BUF, IpSecCryptoIoDhGetPublicKey(), MODP_GROUP::Modulus, OakleyModpGroup, and MODP_GROUP::Size.
Referenced by Ikev2InitPskGenerator(), and Ikev2InitPskParser().
EFI_STATUS Ikev2GenerateSaKeys | ( | IN IKEV2_SA_SESSION * | IkeSaSession, | |
IN IKE_PAYLOAD * | KePayload | |||
) |
Generates the IKEv2 SA key for the furthure IKEv2 exchange.
[in] | IkeSaSession | Pointer to IKEv2 SA Session. |
[in] | KePayload | Pointer to Key payload used to generate the Key. |
EFI_UNSUPPORTED | If the Algorithm Id is not supported. | |
EFI_SUCCESS | The operation succeeded. |
[in] | IkeSaSession | Pointer to IKE SA Session. |
[in] | KePayload | Pointer to Key payload used to generate the Key. |
EFI_UNSUPPORTED | If one or more Algorithm Id is not supported. | |
EFI_OUT_OF_RESOURCES | If there is no enough resource to be allocated to meet the requirement. | |
EFI_SUCCESS | The operation succeeded. |
References HASH_DATA_FRAGMENT::Data, PRF_DATA_FRAGMENT::Data, HASH_DATA_FRAGMENT::DataSize, PRF_DATA_FRAGMENT::DataSize, IKEV2_SA_PARAMS::EncAlgId, Ikev2GenerateSaDhComputeKey(), Ikev2SaGenerateKey(), IKEV2_SA_PARAMS::IntegAlgId, IPSEC_DUMP_BUF, IpSecCryptoIoHmac(), IpSecGetEncryptKeyLength(), IpSecGetHmacDigestLength(), and IKEV2_SA_PARAMS::Prf.
Referenced by Ikev2InitPskParser().
IKE_PACKET* Ikev2InitCertGenerator | ( | IN UINT8 * | SaSession, | |
IN VOID * | Context | |||
) |
Gernerates IKEv2 packet for IKE_SA_INIT exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION related to the exchange. |
[in] | Context | Context Data passed by caller. |
EFI_SUCCESS | The IKE packet generation succeeded. | |
Others | The IKE packet generation failed. |
References IKE_PACKET_APPEND_PAYLOAD, IKE_PACKET_END_PAYLOAD, IKE_PAYLOAD_BY_PACKET, IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT, IKEV2_PAYLOAD_TYPE_CERTREQ, IKEV2_PAYLOAD_TYPE_NONE, Ikev2GenerateCertificatePayload(), Ikev2InitPskGenerator(), and IKE_PAYLOAD::PayloadBuf.
EFI_STATUS Ikev2InitCertParser | ( | IN UINT8 * | SaSession, | |
IN IKE_PACKET * | IkePacket | |||
) |
Parses the IKEv2 packet for IKE_SA_INIT exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION related to the exchange. |
[in] | IkePacket | The received IKEv2 packet to be parsed. |
EFI_SUCCESS | The IKEv2 packet is acceptable and the relative data is saved for furthure communication. | |
EFI_INVALID_PARAMETER | The IKE packet is malformed or the SA proposal is unacceptable. | |
EFI_UNSUPPORTED | The certificate authentication is not supported. |
References Ikev2InitPskParser().
IKE_PACKET* Ikev2InitPskGenerator | ( | IN UINT8 * | SaSession, | |
IN VOID * | Context | |||
) |
Gernerates IKEv2 packet for IKE_SA_INIT exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION related to the exchange. |
[in] | Context | Context Data passed by caller. |
EFI_SUCCESS | The IKEv2 packet generation succeeded. | |
Others | The IKEv2 packet generation failed. |
References IKE_HEADER::ExchangeType, IKE_HEADER::Flags, IKE_PACKET::Header, IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_NONCE_SIZE, IKE_PACKET_APPEND_PAYLOAD, IkeGenerateNonce(), IkePacketAlloc(), IkePacketFree(), IkePayloadFree(), IkeSessionTypeIkeSa, IKEV2_EXCHANGE_TYPE_INIT, IKEV2_NOTIFICATION_COOKIE, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NONCE, IKEV2_PAYLOAD_TYPE_NONE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, Ikev2GenerateKePayload(), Ikev2GenerateNoncePayload(), Ikev2GenerateNotifyPayload(), Ikev2GenerateSaDhPublicKey(), Ikev2GenerateSaPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKE_HEADER::InitiatorCookie, IPSEC_PROTO_ISAKMP, IKEV2_SESSION_COMMON::IsInitiator, IKE_HEADER::MessageId, IKEV2_SA_SESSION::NCookie, IKEV2_SA_SESSION::NCookieSize, IKE_HEADER::NextPayload, IKEV2_SA_SESSION::NiBlkSize, IKEV2_SA_SESSION::NiBlock, IKEV2_SA_SESSION::NrBlkSize, IKEV2_SA_SESSION::NrBlock, IKEV2_SA_SESSION::ResponderCookie, IKE_HEADER::ResponderCookie, IKEV2_SA_SESSION::SaData, IKEV2_SA_SESSION::SessionCommon, and IKE_HEADER::Version.
Referenced by Ikev2InitCertGenerator().
EFI_STATUS Ikev2InitPskParser | ( | IN UINT8 * | SaSession, | |
IN IKE_PACKET * | IkePacket | |||
) |
Parses the IKEv2 packet for IKE_SA_INIT exchange.
[in] | SaSession | Pointer to IKEV2_SA_SESSION related to the exchange. |
[in] | IkePacket | The received IKE packet to be parsed. |
EFI_SUCCESS | The IKEv2 packet is acceptable and the relative data is saved for furthure communication. | |
EFI_INVALID_PARAMETER | The IKEv2 packet is malformed or the SA proposal is unacceptable. |
References IKE_HEADER_FLAGS_INIT, IKE_HEADER_FLAGS_RESPOND, IKE_NONCE_SIZE, IKE_PAYLOAD_BY_PACKET, IkeGenerateCookie(), IkeGenerateNonce(), IkeStateAuth, IKEV2_DUMP_STATE, IKEV2_PAYLOAD_TYPE_KE, IKEV2_PAYLOAD_TYPE_NONCE, IKEV2_PAYLOAD_TYPE_NOTIFY, IKEV2_PAYLOAD_TYPE_SA, Ikev2GenerateSaDhPublicKey(), Ikev2GenerateSaKeys(), Ikev2ParserNotifyCookiePayload(), Ikev2SaParseSaPayload(), IKEV2_SA_SESSION::InitiatorCookie, IKEV2_SESSION_COMMON::IsInitiator, IKEV2_SA_SESSION::NiBlkSize, IKEV2_SA_SESSION::NiBlock, IKEV2_SA_SESSION::NrBlkSize, IKEV2_SA_SESSION::NrBlock, IKE_PAYLOAD::PayloadBuf, IKE_PAYLOAD::PayloadSize, IKE_PAYLOAD::PayloadType, IKEV2_SESSION_COMMON::PreferDhGroup, IKEV2_SA_SESSION::ResponderCookie, IKEV2_SA_SESSION::SessionCommon, and IKEV2_SESSION_COMMON::State.
Referenced by Ikev2InitCertParser().
GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER mIkev2Initial[][2] |
Initial value:
{ { { Ikev2InitPskParser, Ikev2InitPskGenerator }, { Ikev2AuthPskParser, Ikev2AuthPskGenerator } }, { { Ikev2InitCertParser, Ikev2InitCertGenerator }, { Ikev2AuthCertParser, Ikev2AuthCertGenerator }, }, }
Referenced by Ikev2HandleSa(), and Ikev2NegotiateSa().