[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Info.c

/** @file\r
  The Implementations for Information Exchange.\r
\r
  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
  \r
**/\r
\r
#include "Utility.h"\r
#include "IpSecDebug.h"\r
#include "IpSecConfigImpl.h"\r
\r
/**\r
  Generate Information Packet.\r
\r
  The information Packet may contain one Delete Payload, or Notify Payload, which \r
  dependes on the Context's parameters.\r
\r
  @param[in]  SaSession   Pointer to IKE SA Session or Child SA Session which is \r
                          related to the information Exchange.\r
  @param[in]  Context     The Data passed from the caller. If the Context is not NULL\r
                          it should contain the information for Notification Data.\r
                          \r
  @retval     Pointer of IKE_PACKET generated.\r
\r
**/\r
IKE_PACKET *\r
Ikev2InfoGenerator (\r
  IN UINT8                         *SaSession,\r
  IN VOID                          *Context\r
  )\r
{\r
  IKEV2_SA_SESSION            *IkeSaSession;\r
  IKEV2_CHILD_SA_SESSION      *ChildSaSession;\r
  IKE_PACKET                  *IkePacket;\r
  IKE_PAYLOAD                 *IkePayload;\r
  IKEV2_INFO_EXCHANGE_CONTEXT *InfoContext;\r
\r
  InfoContext  = NULL;\r
  IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
  IkePacket    = IkePacketAlloc ();\r
  ASSERT (IkePacket != NULL);\r
\r
  //\r
  // Fill IkePacket Header.\r
  //\r
  IkePacket->Header->ExchangeType    = IKEV2_EXCHANGE_TYPE_INFO;\r
  IkePacket->Header->Version         = (UINT8) (2 << 4); \r
\r
  if (Context != NULL) {\r
    InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;\r
  }\r
\r
  //\r
  // For Liveness Check\r
  //\r
  if (InfoContext != NULL && \r
      (InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify) \r
    ) {\r
    IkePacket->Header->MessageId       = InfoContext->MessageId;\r
    IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
    IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_NONE;\r
    IkePacket->Header->Flags           = IKE_HEADER_FLAGS_RESPOND;\r
    //\r
    // TODO: add Notify Payload for Notification Information.\r
    //\r
    return IkePacket;\r
  }\r
  \r
  //\r
  // For delete SAs\r
  //  \r
  if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {\r
\r
    IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
\r
    //\r
    // If the information message is response message,the MessageId should\r
    // be same as the request MessageId which passed through the Context.\r
    //\r
    if (InfoContext != NULL) {\r
      IkePacket->Header->MessageId     = InfoContext->MessageId;\r
    } else {\r
      IkePacket->Header->MessageId     = IkeSaSession->MessageId;\r
      Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
    }\r
    //\r
    // If the state is on deleting generate a Delete Payload for it.\r
    //\r
    if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {\r
      IkePayload = Ikev2GenerateDeletePayload (\r
                     IkeSaSession, \r
                     IKEV2_PAYLOAD_TYPE_NONE, \r
                     0, \r
                     0, \r
                     NULL\r
                     );  \r
      if (IkePayload == NULL) {\r
        goto ERROR_EXIT;\r
      }\r
      //\r
      // Fill the next payload in IkePacket's Header.\r
      //\r
      IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_DELETE;\r
      IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
      IkePacket->Private           = IkeSaSession->SessionCommon.Private;\r
      IkePacket->Spi               = 0;\r
      IkePacket->IsDeleteInfo      = TRUE;\r
            \r
    } else if (Context != NULL) {\r
      //\r
      // TODO: If contest is not NULL Generate a Notify Payload.\r
      //\r
    } else {\r
      //\r
      // The input parameter is not correct.\r
      //\r
      goto ERROR_EXIT;\r
    } \r
  } else {\r
    //\r
    // Delete the Child SA Information Exchagne\r
    //\r
    ChildSaSession                     = (IKEV2_CHILD_SA_SESSION *) SaSession;\r
    IkeSaSession                       = ChildSaSession->IkeSaSession;\r
    IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;\r
\r
    //\r
    // If the information message is response message,the MessageId should\r
    // be same as the request MessageId which passed through the Context.\r
    //\r
    if (InfoContext != NULL && InfoContext->MessageId != 0) {\r
      IkePacket->Header->MessageId     = InfoContext->MessageId;\r
    } else {\r
      IkePacket->Header->MessageId     = ChildSaSession->IkeSaSession->MessageId;\r
      Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
    }\r
    \r
    IkePayload     = Ikev2GenerateDeletePayload (\r
                       ChildSaSession->IkeSaSession,\r
                       IKEV2_PAYLOAD_TYPE_DELETE,\r
                       4,\r
                       1,\r
                       (UINT8 *)&ChildSaSession->LocalPeerSpi\r
                       );\r
    if (IkePayload == NULL) {\r
      goto ERROR_EXIT;\r
    }\r
    //\r
    // Fill the Next Payload in IkePacket's Header.\r
    //\r
    IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_DELETE;\r
    IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
\r
    IkePacket->Private      = IkeSaSession->SessionCommon.Private;\r
    IkePacket->Spi          = ChildSaSession->LocalPeerSpi;\r
    IkePacket->IsDeleteInfo = TRUE;\r
\r
    if (!ChildSaSession->SessionCommon.IsInitiator) {\r
      //\r
      // If responder, use the MessageId fromt the initiator.\r
      //\r
      IkePacket->Header->MessageId = ChildSaSession->MessageId;\r
    }\r
\r
    //\r
    // Change the IsOnDeleting Flag\r
    //\r
    ChildSaSession->SessionCommon.IsOnDeleting = TRUE;\r
  }\r
\r
  if (InfoContext == NULL) {\r
    IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;\r
  } else {\r
    IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
  }\r
  return IkePacket;\r
\r
ERROR_EXIT:\r
   if (IkePacket != NULL) {\r
     FreePool (IkePacket);\r
   }\r
   return NULL;\r
\r
}\r
\r
/**\r
  Parse the Info Exchange.\r
\r
  @param[in]  SaSession   Pointer to IKEV2_SA_SESSION.\r
  @param[in]  IkePacket   Pointer to IkePacket related to the Information Exchange.\r
\r
  @retval  EFI_SUCCESS    The operation finised successed.\r
\r
**/\r
EFI_STATUS\r
Ikev2InfoParser (\r
  IN UINT8                         *SaSession,\r
  IN IKE_PACKET                    *IkePacket\r
  )\r
{\r
  IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
  IKEV2_SA_SESSION       *IkeSaSession;\r
  IKE_PAYLOAD            *NotifyPayload;\r
  IKE_PAYLOAD            *DeletePayload;\r
  IKE_PAYLOAD            *IkePayload;\r
  IKEV2_DELETE           *Delete;\r
  LIST_ENTRY             *Entry;\r
  LIST_ENTRY             *ListEntry;\r
  UINT8                  Index;\r
  UINT32                 Spi;\r
  UINT8                  *SpiBuffer;\r
  IPSEC_PRIVATE_DATA     *Private;\r
  UINT8                  Value;\r
  EFI_STATUS             Status;\r
  IKE_PACKET             *RespondPacket;\r
  \r
  IKEV2_INFO_EXCHANGE_CONTEXT Context;\r
  \r
  IkeSaSession   = (IKEV2_SA_SESSION *) SaSession;\r
\r
  NotifyPayload  = NULL;\r
  DeletePayload  = NULL;\r
  Private        = NULL;\r
  RespondPacket  = NULL;\r
  Status         = EFI_SUCCESS;\r
  \r
  //\r
  // For Liveness Check\r
  //\r
  if (IkePacket->Header->NextPayload == IKEV2_PAYLOAD_TYPE_NONE &&\r
      (IkePacket->PayloadTotalSize == 0)\r
      ) {\r
    if (IkePacket->Header->Flags == IKE_HEADER_FLAGS_INIT) {\r
      //\r
      // If it is Liveness check request, reply it.\r
      //\r
      Context.InfoType  = Ikev2InfoLiveCheck;\r
      Context.MessageId = IkePacket->Header->MessageId;\r
      RespondPacket     = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
\r
      if (RespondPacket == NULL) {\r
        Status = EFI_INVALID_PARAMETER;\r
        return Status;\r
      }\r
      Status = Ikev2SendIkePacket (\r
                 IkeSaSession->SessionCommon.UdpService,\r
                 (UINT8 *)(&IkeSaSession->SessionCommon),\r
                 RespondPacket,\r
                 0\r
                 );\r
\r
    } else {\r
      //\r
      // Todo: verify the liveness check response packet.\r
      //\r
    }\r
    return Status;\r
  }\r
\r
  //\r
  // For SA Delete\r
  //\r
  NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {   \r
\r
  //\r
  // Iterate payloads to find the Delete/Notify Payload.\r
  //\r
    IkePayload  = IKE_PAYLOAD_BY_PACKET (Entry);\r
    \r
    if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {\r
      DeletePayload = IkePayload;\r
      Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;\r
\r
      if (Delete->SpiSize == 0) {\r
        //\r
        // Delete IKE SA.\r
        //\r
        if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting) {\r
          RemoveEntryList (&IkeSaSession->BySessionTable);\r
          Ikev2SaSessionFree (IkeSaSession);\r
          //\r
          // Checking the Private status.\r
          //\r
          //\r
          // when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec\r
          // status should be changed.\r
          //\r
          Private = IkeSaSession->SessionCommon.Private;\r
          if (Private != NULL && Private->IsIPsecDisabling) {\r
            //\r
            // After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in\r
            // IPsec status variable.\r
            //\r
            if (IsListEmpty (&Private->Ikev1EstablishedList) && \r
                (IsListEmpty (&Private->Ikev2EstablishedList))\r
               ) {\r
              Value  = IPSEC_STATUS_DISABLED;\r
              Status = gRT->SetVariable (\r
                         IPSECCONFIG_STATUS_NAME,\r
                         &gEfiIpSecConfigProtocolGuid,\r
                         EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
                         sizeof (Value),\r
                         &Value\r
                         );\r
              if (!EFI_ERROR (Status)) {\r
                //\r
                // Set the DisabledFlag in Private data.\r
                //\r
                Private->IpSec.DisabledFlag = TRUE;\r
                Private->IsIPsecDisabling   = FALSE;\r
              }\r
            }\r
          }\r
        } else {\r
          IkeSaSession->SessionCommon.State = IkeStateSaDeleting;\r
          Context.InfoType                  = Ikev2InfoDelete;\r
          Context.MessageId                 = IkePacket->Header->MessageId;\r
\r
          RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
          if (RespondPacket == NULL) {\r
            Status = EFI_INVALID_PARAMETER;\r
            return Status;\r
          }\r
          Status = Ikev2SendIkePacket (\r
                     IkeSaSession->SessionCommon.UdpService, \r
                     (UINT8 *)(&IkeSaSession->SessionCommon), \r
                     RespondPacket, \r
                     0\r
                     );\r
        }\r
      } else if (Delete->SpiSize == 4) {\r
        //\r
        // Move the Child SAs to DeleteList\r
        //\r
        SpiBuffer = (UINT8 *)(Delete + 1);\r
        for (Index = 0; Index < Delete->NumSpis; Index++) {\r
          Spi = ReadUnaligned32 ((UINT32 *)SpiBuffer);\r
          for (ListEntry = IkeSaSession->ChildSaEstablishSessionList.ForwardLink;\r
               ListEntry != &IkeSaSession->ChildSaEstablishSessionList;\r
          ) {\r
            ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (ListEntry);\r
            ListEntry = ListEntry->ForwardLink;\r
\r
            if (ChildSaSession->RemotePeerSpi == HTONL(Spi)) {\r
              if (ChildSaSession->SessionCommon.State != IkeStateSaDeleting) {\r
\r
                //\r
                // Insert the ChildSa Session into Delete List.\r
                //\r
                InsertTailList (&IkeSaSession->DeleteSaList, &ChildSaSession->ByDelete);\r
                ChildSaSession->SessionCommon.State       = IkeStateSaDeleting;\r
                ChildSaSession->SessionCommon.IsInitiator = FALSE;\r
                ChildSaSession->MessageId                 = IkePacket->Header->MessageId;\r
\r
                Context.InfoType = Ikev2InfoDelete;\r
                Context.MessageId = IkePacket->Header->MessageId;\r
          \r
                RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);\r
                if (RespondPacket == NULL) {\r
                  Status = EFI_INVALID_PARAMETER;\r
                  return Status;\r
                }\r
                Status = Ikev2SendIkePacket (\r
                           ChildSaSession->SessionCommon.UdpService,\r
                           (UINT8 *)(&ChildSaSession->SessionCommon),\r
                           RespondPacket, \r
                           0\r
                           );\r
              } else {\r
                //\r
                // Delete the Child SA.\r
                //\r
                Ikev2ChildSaSilentDelete (IkeSaSession, Spi);\r
                RemoveEntryList (&ChildSaSession->ByDelete);\r
              }\r
            }\r
          }\r
          SpiBuffer = SpiBuffer + sizeof (Spi);\r
        }\r
      }\r
    }\r
  }\r
  \r
  return Status;\r
}\r
\r
GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER  mIkev2Info = {\r
  Ikev2InfoParser,\r
  Ikev2InfoGenerator\r
};\r
Commit	Line	Data
9166f840	1	/** @file\r
	2	The Implementations for Information Exchange.\r
	3	\r
	4	Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
	9	http://opensource.org/licenses/bsd-license.php.\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#include "Utility.h"\r
	17	#include "IpSecDebug.h"\r
	18	#include "IpSecConfigImpl.h"\r
	19	\r
	20	/**\r
	21	Generate Information Packet.\r
	22	\r
	23	The information Packet may contain one Delete Payload, or Notify Payload, which \r
	24	dependes on the Context's parameters.\r
	25	\r
	26	@param[in] SaSession Pointer to IKE SA Session or Child SA Session which is \r
	27	related to the information Exchange.\r
	28	@param[in] Context The Data passed from the caller. If the Context is not NULL\r
	29	it should contain the information for Notification Data.\r
	30	\r
	31	@retval Pointer of IKE_PACKET generated.\r
	32	\r
	33	**/\r
	34	IKE_PACKET *\r
	35	Ikev2InfoGenerator (\r
	36	IN UINT8 *SaSession,\r
	37	IN VOID *Context\r
	38	)\r
	39	{\r
	40	IKEV2_SA_SESSION *IkeSaSession;\r
	41	IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
	42	IKE_PACKET *IkePacket;\r
	43	IKE_PAYLOAD *IkePayload;\r
	44	IKEV2_INFO_EXCHANGE_CONTEXT *InfoContext;\r
	45	\r
	46	InfoContext = NULL;\r
	47	IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
	48	IkePacket = IkePacketAlloc ();\r
	49	ASSERT (IkePacket != NULL);\r
	50	\r
	51	//\r
	52	// Fill IkePacket Header.\r
	53	//\r
	54	IkePacket->Header->ExchangeType = IKEV2_EXCHANGE_TYPE_INFO;\r
	55	IkePacket->Header->Version = (UINT8) (2 << 4); \r
	56	\r
	57	if (Context != NULL) {\r
	58	InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;\r
	59	}\r
	60	\r
	61	//\r
	62	// For Liveness Check\r
	63	//\r
	64	if (InfoContext != NULL && \r
65	(InfoContext->InfoType == Ikev2InfoLiveCheck \|\| InfoContext->InfoType == Ikev2InfoNotify) \r
66	) {\r
67	IkePacket->Header->MessageId = InfoContext->MessageId;\r
68	IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
69	IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
70	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_NONE;\r
71	IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
72	//\r
73	// TODO: add Notify Payload for Notification Information.\r
74	//\r
75	return IkePacket;\r
76	}\r
77	\r
78	//\r
79	// For delete SAs\r
80	// \r
81	if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {\r
82	\r
83	IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
84	IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
85	\r
86	//\r
87	// If the information message is response message,the MessageId should\r
88	// be same as the request MessageId which passed through the Context.\r
89	//\r
90	if (InfoContext != NULL) {\r
91	IkePacket->Header->MessageId = InfoContext->MessageId;\r
92	} else {\r
93	IkePacket->Header->MessageId = IkeSaSession->MessageId;\r
94	Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
95	}\r
96	//\r
97	// If the state is on deleting generate a Delete Payload for it.\r
98	//\r
99	if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {\r
100	IkePayload = Ikev2GenerateDeletePayload (\r
101	IkeSaSession, \r
102	IKEV2_PAYLOAD_TYPE_NONE, \r
103	0, \r
104	0, \r
105	NULL\r
106	); \r
107	if (IkePayload == NULL) {\r
108	goto ERROR_EXIT;\r
109	}\r
110	//\r
111	// Fill the next payload in IkePacket's Header.\r
112	//\r
113	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_DELETE;\r
114	IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
115	IkePacket->Private = IkeSaSession->SessionCommon.Private;\r
116	IkePacket->Spi = 0;\r
117	IkePacket->IsDeleteInfo = TRUE;\r
118	\r
119	} else if (Context != NULL) {\r
120	//\r
121	// TODO: If contest is not NULL Generate a Notify Payload.\r
122	//\r
123	} else {\r
124	//\r
125	// The input parameter is not correct.\r
126	//\r
127	goto ERROR_EXIT;\r
128	} \r
129	} else {\r
130	//\r
131	// Delete the Child SA Information Exchagne\r
132	//\r
133	ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession;\r
134	IkeSaSession = ChildSaSession->IkeSaSession;\r
135	IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;\r
136	IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;\r
137	\r
138	//\r
139	// If the information message is response message,the MessageId should\r
140	// be same as the request MessageId which passed through the Context.\r
141	//\r
142	if (InfoContext != NULL && InfoContext->MessageId != 0) {\r
143	IkePacket->Header->MessageId = InfoContext->MessageId;\r
144	} else {\r
145	IkePacket->Header->MessageId = ChildSaSession->IkeSaSession->MessageId;\r
146	Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
147	}\r
148	\r
149	IkePayload = Ikev2GenerateDeletePayload (\r
150	ChildSaSession->IkeSaSession,\r
151	IKEV2_PAYLOAD_TYPE_DELETE,\r
152	4,\r
153	1,\r
154	(UINT8 *)&ChildSaSession->LocalPeerSpi\r
155	);\r
156	if (IkePayload == NULL) {\r
157	goto ERROR_EXIT;\r
158	}\r
159	//\r
160	// Fill the Next Payload in IkePacket's Header.\r
161	//\r
162	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_DELETE;\r
163	IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
164	\r
165	IkePacket->Private = IkeSaSession->SessionCommon.Private;\r
166	IkePacket->Spi = ChildSaSession->LocalPeerSpi;\r
167	IkePacket->IsDeleteInfo = TRUE;\r
168	\r
169	if (!ChildSaSession->SessionCommon.IsInitiator) {\r
170	//\r
171	// If responder, use the MessageId fromt the initiator.\r
172	//\r
173	IkePacket->Header->MessageId = ChildSaSession->MessageId;\r
174	}\r
175	\r
176	//\r
177	// Change the IsOnDeleting Flag\r
178	//\r
179	ChildSaSession->SessionCommon.IsOnDeleting = TRUE;\r
180	}\r
181	\r
182	if (InfoContext == NULL) {\r
183	IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;\r
184	} else {\r
185	IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
186	}\r
187	return IkePacket;\r
188	\r
189	ERROR_EXIT:\r
190	if (IkePacket != NULL) {\r
191	FreePool (IkePacket);\r
192	}\r
193	return NULL;\r
194	\r
195	}\r
196	\r
197	/**\r
198	Parse the Info Exchange.\r
199	\r
200	@param[in] SaSession Pointer to IKEV2_SA_SESSION.\r
201	@param[in] IkePacket Pointer to IkePacket related to the Information Exchange.\r
202	\r
203	@retval EFI_SUCCESS The operation finised successed.\r
204	\r
205	**/\r
206	EFI_STATUS\r
207	Ikev2InfoParser (\r
208	IN UINT8 *SaSession,\r
209	IN IKE_PACKET *IkePacket\r
210	)\r
211	{\r
212	IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
213	IKEV2_SA_SESSION *IkeSaSession;\r
214	IKE_PAYLOAD *NotifyPayload;\r
215	IKE_PAYLOAD *DeletePayload;\r
216	IKE_PAYLOAD *IkePayload;\r
217	IKEV2_DELETE *Delete;\r
218	LIST_ENTRY *Entry;\r
219	LIST_ENTRY *ListEntry;\r
220	UINT8 Index;\r
221	UINT32 Spi;\r
222	UINT8 *SpiBuffer;\r
223	IPSEC_PRIVATE_DATA *Private;\r
224	UINT8 Value;\r
225	EFI_STATUS Status;\r
226	IKE_PACKET *RespondPacket;\r
227	\r
228	IKEV2_INFO_EXCHANGE_CONTEXT Context;\r
229	\r
230	IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
231	\r
232	NotifyPayload = NULL;\r
233	DeletePayload = NULL;\r
234	Private = NULL;\r
235	RespondPacket = NULL;\r
236	Status = EFI_SUCCESS;\r
237	\r
238	//\r
239	// For Liveness Check\r
240	//\r
241	if (IkePacket->Header->NextPayload == IKEV2_PAYLOAD_TYPE_NONE &&\r
242	(IkePacket->PayloadTotalSize == 0)\r
243	) {\r
244	if (IkePacket->Header->Flags == IKE_HEADER_FLAGS_INIT) {\r
245	//\r
246	// If it is Liveness check request, reply it.\r
247	//\r
248	Context.InfoType = Ikev2InfoLiveCheck;\r
249	Context.MessageId = IkePacket->Header->MessageId;\r
250	RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
251	\r
252	if (RespondPacket == NULL) {\r
253	Status = EFI_INVALID_PARAMETER;\r
254	return Status;\r
255	}\r
256	Status = Ikev2SendIkePacket (\r
257	IkeSaSession->SessionCommon.UdpService,\r
258	(UINT8 *)(&IkeSaSession->SessionCommon),\r
259	RespondPacket,\r
260	0\r
261	);\r
262	\r
263	} else {\r
264	//\r
265	// Todo: verify the liveness check response packet.\r
266	//\r
267	}\r
268	return Status;\r
269	}\r
270	\r
271	//\r
272	// For SA Delete\r
273	//\r
274	NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) { \r
275	\r
276	//\r
277	// Iterate payloads to find the Delete/Notify Payload.\r
278	//\r
279	IkePayload = IKE_PAYLOAD_BY_PACKET (Entry);\r
280	\r
281	if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {\r
282	DeletePayload = IkePayload;\r
283	Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;\r
284	\r
285	if (Delete->SpiSize == 0) {\r
286	//\r
287	// Delete IKE SA.\r
288	//\r
289	if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting) {\r
290	RemoveEntryList (&IkeSaSession->BySessionTable);\r
291	Ikev2SaSessionFree (IkeSaSession);\r
292	//\r
293	// Checking the Private status.\r
294	//\r
295	//\r
296	// when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec\r
297	// status should be changed.\r
298	//\r
299	Private = IkeSaSession->SessionCommon.Private;\r
300	if (Private != NULL && Private->IsIPsecDisabling) {\r
301	//\r
302	// After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in\r
303	// IPsec status variable.\r
304	//\r
305	if (IsListEmpty (&Private->Ikev1EstablishedList) && \r
306	(IsListEmpty (&Private->Ikev2EstablishedList))\r
307	) {\r
308	Value = IPSEC_STATUS_DISABLED;\r
309	Status = gRT->SetVariable (\r
310	IPSECCONFIG_STATUS_NAME,\r
311	&gEfiIpSecConfigProtocolGuid,\r
312	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_NON_VOLATILE,\r
313	sizeof (Value),\r
314	&Value\r
315	);\r
316	if (!EFI_ERROR (Status)) {\r
317	//\r
318	// Set the DisabledFlag in Private data.\r
319	//\r
320	Private->IpSec.DisabledFlag = TRUE;\r
321	Private->IsIPsecDisabling = FALSE;\r
322	}\r
323	}\r
324	}\r
325	} else {\r
326	IkeSaSession->SessionCommon.State = IkeStateSaDeleting;\r
327	Context.InfoType = Ikev2InfoDelete;\r
328	Context.MessageId = IkePacket->Header->MessageId;\r
329	\r
330	RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
331	if (RespondPacket == NULL) {\r
332	Status = EFI_INVALID_PARAMETER;\r
333	return Status;\r
334	}\r
335	Status = Ikev2SendIkePacket (\r
336	IkeSaSession->SessionCommon.UdpService, \r
337	(UINT8 *)(&IkeSaSession->SessionCommon), \r
338	RespondPacket, \r
339	0\r
340	);\r
341	}\r
342	} else if (Delete->SpiSize == 4) {\r
343	//\r
344	// Move the Child SAs to DeleteList\r
345	//\r
346	SpiBuffer = (UINT8 *)(Delete + 1);\r
347	for (Index = 0; Index < Delete->NumSpis; Index++) {\r
348	Spi = ReadUnaligned32 ((UINT32 *)SpiBuffer);\r
349	for (ListEntry = IkeSaSession->ChildSaEstablishSessionList.ForwardLink;\r
350	ListEntry != &IkeSaSession->ChildSaEstablishSessionList;\r
351	) {\r
352	ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (ListEntry);\r
353	ListEntry = ListEntry->ForwardLink;\r
354	\r
355	if (ChildSaSession->RemotePeerSpi == HTONL(Spi)) {\r
356	if (ChildSaSession->SessionCommon.State != IkeStateSaDeleting) {\r
357	\r
358	//\r
359	// Insert the ChildSa Session into Delete List.\r
360	//\r
361	InsertTailList (&IkeSaSession->DeleteSaList, &ChildSaSession->ByDelete);\r
362	ChildSaSession->SessionCommon.State = IkeStateSaDeleting;\r
363	ChildSaSession->SessionCommon.IsInitiator = FALSE;\r
364	ChildSaSession->MessageId = IkePacket->Header->MessageId;\r
365	\r
366	Context.InfoType = Ikev2InfoDelete;\r
367	Context.MessageId = IkePacket->Header->MessageId;\r
368	\r
369	RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);\r
370	if (RespondPacket == NULL) {\r
371	Status = EFI_INVALID_PARAMETER;\r
372	return Status;\r
373	}\r
374	Status = Ikev2SendIkePacket (\r
375	ChildSaSession->SessionCommon.UdpService,\r
376	(UINT8 *)(&ChildSaSession->SessionCommon),\r
377	RespondPacket, \r
378	0\r
379	);\r
380	} else {\r
381	//\r
382	// Delete the Child SA.\r
383	//\r
384	Ikev2ChildSaSilentDelete (IkeSaSession, Spi);\r
385	RemoveEntryList (&ChildSaSession->ByDelete);\r
386	}\r
387	}\r
388	}\r
389	SpiBuffer = SpiBuffer + sizeof (Spi);\r
390	}\r
391	}\r
392	}\r
393	}\r
394	\r
395	return Status;\r
396	}\r
397	\r
398	GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER mIkev2Info = {\r
399	Ikev2InfoParser,\r
400	Ikev2InfoGenerator\r
401	};\r