]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
2 | The interfaces of IKE/Child session operations and payload related operations \r | |
3 | used by IKE Exchange Process.\r | |
4 | \r | |
5 | Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r | |
6 | \r | |
7 | This program and the accompanying materials\r | |
8 | are licensed and made available under the terms and conditions of the BSD License\r | |
9 | which accompanies this distribution. The full text of the license may be found at\r | |
10 | http://opensource.org/licenses/bsd-license.php.\r | |
11 | \r | |
12 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
13 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
14 | \r | |
15 | **/\r | |
16 | \r | |
17 | #ifndef _IKE_V2_UTILITY_H_\r | |
18 | #define _IKE_V2_UTILITY_H_\r | |
19 | \r | |
20 | #include "Ikev2.h"\r | |
21 | #include "IkeCommon.h"\r | |
22 | #include "IpSecCryptIo.h"\r | |
23 | \r | |
24 | #include <Library/PcdLib.h>\r | |
25 | \r | |
26 | #define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM 2\r | |
27 | #define IKEV2_SUPPORT_PRF_ALGORITHM_NUM 1\r | |
28 | #define IKEV2_SUPPORT_DH_ALGORITHM_NUM 2\r | |
29 | #define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM 1\r | |
30 | \r | |
31 | /**\r | |
32 | Allocate buffer for IKEV2_SA_SESSION and initialize it.\r | |
33 | \r | |
34 | @param[in] Private Pointer to IPSEC_PRIVATE_DATA.\r | |
35 | @param[in] UdpService Pointer to IKE_UDP_SERVICE related to this IKE SA Session.\r | |
36 | \r | |
37 | @return Pointer to IKEV2_SA_SESSION.\r | |
38 | \r | |
39 | **/\r | |
40 | IKEV2_SA_SESSION *\r | |
41 | Ikev2SaSessionAlloc (\r | |
42 | IN IPSEC_PRIVATE_DATA *Private,\r | |
43 | IN IKE_UDP_SERVICE *UdpService\r | |
44 | );\r | |
45 | \r | |
46 | /**\r | |
47 | Register Establish IKEv2 SA into Private->Ikev2EstablishedList.\r | |
48 | \r | |
49 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.\r | |
50 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
51 | \r | |
52 | **/\r | |
53 | VOID\r | |
54 | Ikev2SaSessionReg (\r | |
55 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
56 | IN IPSEC_PRIVATE_DATA *Private\r | |
57 | );\r | |
58 | \r | |
59 | /**\r | |
60 | Find a IKEV2_SA_SESSION by the remote peer IP.\r | |
61 | \r | |
62 | @param[in] SaSessionList SaSession List to be searched.\r | |
63 | @param[in] RemotePeerIp Pointer to specified IP address.\r | |
64 | \r | |
65 | @return Pointer to IKEV2_SA_SESSION if find one or NULL.\r | |
66 | \r | |
67 | **/\r | |
68 | IKEV2_SA_SESSION *\r | |
69 | Ikev2SaSessionLookup (\r | |
70 | IN LIST_ENTRY *SaSessionList,\r | |
71 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
72 | );\r | |
73 | \r | |
74 | /**\r | |
75 | Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either\r | |
76 | Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r | |
77 | \r | |
78 | @param[in] SaSessionList Pointer to list to be inserted into.\r | |
79 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted. \r | |
80 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the \r | |
81 | unique IKEV2_SA_SESSION.\r | |
82 | \r | |
83 | **/\r | |
84 | VOID\r | |
85 | Ikev2SaSessionInsert (\r | |
86 | IN LIST_ENTRY *SaSessionList,\r | |
87 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
88 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
89 | );\r | |
90 | \r | |
91 | /**\r | |
92 | Remove the SA Session by Remote Peer IP.\r | |
93 | \r | |
94 | @param[in] SaSessionList Pointer to list to be searched.\r | |
95 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.\r | |
96 | \r | |
97 | @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address. \r | |
98 | \r | |
99 | **/\r | |
100 | IKEV2_SA_SESSION *\r | |
101 | Ikev2SaSessionRemove (\r | |
102 | IN LIST_ENTRY *SaSessionList,\r | |
103 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
104 | );\r | |
105 | \r | |
106 | \r | |
107 | /**\r | |
108 | Marking a SA session as on deleting.\r | |
109 | \r | |
110 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION.\r | |
111 | \r | |
112 | @retval EFI_SUCCESS Find the related SA session and marked it.\r | |
113 | \r | |
114 | **/\r | |
115 | EFI_STATUS\r | |
116 | Ikev2SaSessionOnDeleting (\r | |
117 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
118 | );\r | |
119 | \r | |
120 | /**\r | |
121 | After IKE/Child SA is estiblished, close the time event and free sent packet.\r | |
122 | \r | |
123 | @param[in] SessionCommon Pointer to a Session Common.\r | |
124 | \r | |
125 | **/\r | |
126 | VOID\r | |
127 | Ikev2SessionCommonRefresh (\r | |
128 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
129 | );\r | |
130 | \r | |
131 | /**\r | |
132 | Free specified IKEV2 SA Session. \r | |
133 | \r | |
134 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.\r | |
135 | \r | |
136 | **/\r | |
137 | VOID\r | |
138 | Ikev2SaSessionFree (\r | |
139 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
140 | );\r | |
141 | \r | |
142 | /**\r | |
143 | Free specified Seession Common. The session common would belong to a IKE SA or \r | |
144 | a Child SA.\r | |
145 | \r | |
146 | @param[in] SessionCommon Pointer to a Session Common.\r | |
147 | \r | |
148 | **/\r | |
149 | VOID\r | |
150 | Ikev2SaSessionCommonFree (\r | |
151 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
152 | );\r | |
153 | \r | |
154 | /**\r | |
155 | Increase the MessageID in IkeSaSession.\r | |
156 | \r | |
157 | @param[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.\r | |
158 | \r | |
159 | **/\r | |
160 | VOID\r | |
161 | Ikev2SaSessionIncreaseMessageId (\r | |
162 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
163 | );\r | |
164 | \r | |
165 | /**\r | |
166 | Allocate Momery for IKEV2 Child SA Session.\r | |
167 | \r | |
168 | @param[in] UdpService Pointer to IKE_UDP_SERVICE.\r | |
169 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA \r | |
170 | Session.\r | |
171 | \r | |
172 | @retval Pointer of a new created IKEV2 Child SA Session.\r | |
173 | \r | |
174 | **/\r | |
175 | IKEV2_CHILD_SA_SESSION *\r | |
176 | Ikev2ChildSaSessionAlloc (\r | |
177 | IN IKE_UDP_SERVICE *UdpService,\r | |
178 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
179 | );\r | |
180 | \r | |
181 | /**\r | |
182 | Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList. \r | |
183 | If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one \r | |
184 | then register the new one.\r | |
185 | \r | |
186 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r | |
187 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
188 | \r | |
189 | **/\r | |
190 | VOID\r | |
191 | Ikev2ChildSaSessionReg (\r | |
192 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
193 | IN IPSEC_PRIVATE_DATA *Private\r | |
194 | );\r | |
195 | \r | |
196 | /**\r | |
197 | This function find the Child SA by the specified Spi.\r | |
198 | ||
199 | This functin find a ChildSA session by searching the ChildSaSessionlist of | |
200 | the input IKEV2_SA_SESSION by specified MessageID.\r | |
201 | ||
202 | @param[in] SaSessionList Pointer to List to be searched.\r | |
203 | @param[in] Spi Specified SPI.\r | |
204 | ||
205 | @return Pointer to IKEV2_CHILD_SA_SESSION.\r | |
206 | \r | |
207 | **/\r | |
208 | IKEV2_CHILD_SA_SESSION *\r | |
209 | Ikev2ChildSaSessionLookupBySpi (\r | |
210 | IN LIST_ENTRY *SaSessionList,\r | |
211 | IN UINT32 Spi\r | |
212 | );\r | |
213 | \r | |
214 | /**\r | |
215 | Find the ChildSaSession by it's MessagId.\r | |
216 | \r | |
217 | @param[in] SaSessionList Pointer to a ChildSaSession List.\r | |
218 | @param[in] Mid The messageId used to search ChildSaSession.\r | |
219 | \r | |
220 | @return Pointer to IKEV2_CHILD_SA_SESSION.\r | |
221 | \r | |
222 | **/\r | |
223 | IKEV2_CHILD_SA_SESSION *\r | |
224 | Ikev2ChildSaSessionLookupByMid (\r | |
225 | IN LIST_ENTRY *SaSessionList,\r | |
226 | IN UINT32 Mid\r | |
227 | );\r | |
228 | \r | |
229 | /**\r | |
230 | Insert a Child SA Session into the specified ChildSa list..\r | |
231 | \r | |
232 | @param[in] SaSessionList Pointer to list to be inserted in.\r | |
233 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.\r | |
234 | \r | |
235 | **/\r | |
236 | VOID\r | |
237 | Ikev2ChildSaSessionInsert (\r | |
238 | IN LIST_ENTRY *SaSessionList,\r | |
239 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
240 | );\r | |
241 | \r | |
242 | /**\r | |
243 | Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.\r | |
244 | \r | |
245 | @param[in] SaSessionList The SA Session List to be iterated.\r | |
246 | @param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.\r | |
247 | @param[in] ListType The type of the List to indicate whether it is a \r | |
248 | Established. \r | |
249 | \r | |
250 | @return The point to IKEV2_CHILD_SA_SESSION.\r | |
251 | \r | |
252 | **/\r | |
253 | IKEV2_CHILD_SA_SESSION *\r | |
254 | Ikev2ChildSaSessionRemove (\r | |
255 | IN LIST_ENTRY *SaSessionList,\r | |
256 | IN UINT32 Spi, \r | |
257 | IN UINT8 ListType \r | |
258 | );\r | |
259 | \r | |
260 | /**\r | |
261 | Mark a specified Child SA Session as on deleting.\r | |
262 | \r | |
263 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
264 | \r | |
265 | @retval EFI_SUCCESS Operation is successful.\r | |
266 | \r | |
267 | **/\r | |
268 | EFI_STATUS\r | |
269 | Ikev2ChildSaSessionOnDeleting (\r | |
270 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
271 | );\r | |
272 | \r | |
273 | /**\r | |
274 | Free the memory located for the specified IKEV2_CHILD_SA_SESSION. \r | |
275 | \r | |
276 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
277 | \r | |
278 | **/\r | |
279 | VOID\r | |
280 | Ikev2ChildSaSessionFree (\r | |
281 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
282 | );\r | |
283 | \r | |
284 | /**\r | |
285 | Free the specified DhBuffer.\r | |
286 | \r | |
287 | @param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.\r | |
288 | \r | |
289 | **/\r | |
290 | VOID\r | |
291 | Ikev2DhBufferFree (\r | |
292 | IN IKEV2_DH_BUFFER *DhBuffer\r | |
293 | );\r | |
294 | \r | |
295 | /**\r | |
296 | Delete the specified established Child SA.\r | |
297 | \r | |
298 | This function delete the Child SA directly and dont send the Information Packet to\r | |
299 | remote peer.\r | |
300 | \r | |
301 | @param[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.\r | |
302 | @param[in] Spi SPI used to find the Child SA.\r | |
303 | \r | |
304 | @retval EFI_NOT_FOUND Pointer of IKE SA Session is NULL.\r | |
305 | @retval EFI_NOT_FOUND There is no specified Child SA related with the input\r | |
306 | SPI under this IKE SA Session.\r | |
307 | @retval EFI_SUCCESS Delete the Child SA successfully.\r | |
308 | \r | |
309 | **/\r | |
310 | EFI_STATUS\r | |
311 | Ikev2ChildSaSilentDelete (\r | |
312 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
313 | IN UINT32 Spi\r | |
314 | );\r | |
315 | \r | |
316 | /**\r | |
317 | This function is to parse a request IKE packet and return its request type.\r | |
318 | The request type is one of IKE CHILD SA creation, IKE SA rekeying and \r | |
319 | IKE CHILD SA rekeying.\r | |
320 | \r | |
321 | @param[in] IkePacket IKE packet to be prased.\r | |
322 | \r | |
323 | return the type of the IKE packet.\r | |
324 | \r | |
325 | **/\r | |
326 | IKEV2_CREATE_CHILD_REQUEST_TYPE\r | |
327 | Ikev2ChildExchangeRequestType(\r | |
328 | IN IKE_PACKET *IkePacket\r | |
329 | );\r | |
330 | \r | |
331 | /**\r | |
332 | This function finds the SPI from Create Child Sa Exchange Packet.\r | |
333 | \r | |
334 | @param[in] IkePacket Pointer to IKE_PACKET to be searched.\r | |
335 | \r | |
336 | @retval SPI number.\r | |
337 | \r | |
338 | **/\r | |
339 | UINT32\r | |
340 | Ikev2ChildExchangeRekeySpi(\r | |
341 | IN IKE_PACKET *IkePacket\r | |
342 | );\r | |
343 | \r | |
344 | \r | |
345 | /**\r | |
346 | Associate a SPD selector to the Child SA Session.\r | |
347 | \r | |
348 | This function is called when the Child SA is not the first child SA of its \r | |
349 | IKE SA. It associate a SPD to this Child SA.\r | |
350 | \r | |
351 | @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to \r | |
352 | a SPD selector.\r | |
353 | \r | |
354 | @retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.\r | |
355 | @retval EFI_NOT_FOUND Can't find the related SPD selector.\r | |
356 | \r | |
357 | **/\r | |
358 | EFI_STATUS\r | |
359 | Ikev2ChildSaAssociateSpdEntry (\r | |
360 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
361 | );\r | |
362 | \r | |
363 | /**\r | |
364 | Validate the IKE header of received IKE packet.\r | |
365 | \r | |
366 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this IKE packet.\r | |
367 | @param[in] IkeHdr Pointer to IKE header of received IKE packet.\r | |
368 | \r | |
369 | @retval TRUE If the IKE header is valid.\r | |
370 | @retval FALSE If the IKE header is invalid.\r | |
371 | \r | |
372 | **/\r | |
373 | BOOLEAN\r | |
374 | Ikev2ValidateHeader (\r | |
375 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
376 | IN IKE_HEADER *IkeHdr\r | |
377 | );\r | |
378 | \r | |
379 | /**\r | |
380 | Create and intialize IKEV2_SA_DATA for speicifed IKEV2_SESSION_COMMON.\r | |
381 | \r | |
382 | This function will be only called by the initiator. The responder's IKEV2_SA_DATA\r | |
383 | will be generated during parsed the initiator packet.\r | |
384 | \r | |
385 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to.\r | |
386 | \r | |
387 | @retval a Pointer to a new IKEV2_SA_DATA or NULL.\r | |
388 | \r | |
389 | **/\r | |
390 | IKEV2_SA_DATA *\r | |
391 | Ikev2InitializeSaData (\r | |
392 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
393 | );\r | |
394 | \r | |
395 | /**\r | |
396 | Store the SA into SAD.\r | |
397 | \r | |
398 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
399 | \r | |
400 | **/\r | |
401 | VOID\r | |
402 | Ikev2StoreSaData (\r | |
403 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
404 | );\r | |
405 | \r | |
406 | /**\r | |
407 | Routine process before the payload decoding.\r | |
408 | \r | |
409 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
410 | @param[in] PayloadBuf Pointer to the payload.\r | |
411 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
412 | @param[in] PayloadType Type of Payload.\r | |
413 | \r | |
414 | **/\r | |
415 | VOID\r | |
416 | Ikev2ChildSaBeforeDecodePayload (\r | |
417 | IN UINT8 *SessionCommon,\r | |
418 | IN UINT8 *PayloadBuf,\r | |
419 | IN UINTN PayloadSize,\r | |
420 | IN UINT8 PayloadType\r | |
421 | );\r | |
422 | \r | |
423 | /**\r | |
424 | Routine Process after the encode payload.\r | |
425 | \r | |
426 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
427 | @param[in] PayloadBuf Pointer to the payload.\r | |
428 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
429 | @param[in] PayloadType Type of Payload.\r | |
430 | \r | |
431 | **/\r | |
432 | VOID\r | |
433 | Ikev2ChildSaAfterEncodePayload (\r | |
434 | IN UINT8 *SessionCommon,\r | |
435 | IN UINT8 *PayloadBuf,\r | |
436 | IN UINTN PayloadSize,\r | |
437 | IN UINT8 PayloadType\r | |
438 | );\r | |
439 | \r | |
440 | /**\r | |
441 | Generate Ikev2 SA payload according to SessionSaData\r | |
442 | \r | |
443 | @param[in] SessionSaData The data used in SA payload.\r | |
444 | @param[in] NextPayload The payload type presented in NextPayload field of \r | |
445 | SA Payload header.\r | |
446 | @param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r | |
447 | (2) for CHILD_SA or (3) for INFO.\r | |
448 | \r | |
449 | @retval a Pointer to SA IKE payload.\r | |
450 | \r | |
451 | **/\r | |
452 | IKE_PAYLOAD *\r | |
453 | Ikev2GenerateSaPayload (\r | |
454 | IN IKEV2_SA_DATA *SessionSaData,\r | |
455 | IN UINT8 NextPayload,\r | |
456 | IN IKE_SESSION_TYPE Type\r | |
457 | );\r | |
458 | \r | |
459 | /**\r | |
460 | Generate a ID payload.\r | |
461 | \r | |
462 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
463 | @param[in] NextPayload The payload type presented in the NextPayload field \r | |
464 | of ID Payload header.\r | |
465 | \r | |
466 | @retval Pointer to ID IKE payload.\r | |
467 | \r | |
468 | **/\r | |
469 | IKE_PAYLOAD *\r | |
470 | Ikev2GenerateIdPayload (\r | |
471 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
472 | IN UINT8 NextPayload\r | |
473 | );\r | |
474 | \r | |
475 | /**\r | |
476 | Generate a ID payload.\r | |
477 | \r | |
478 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
479 | @param[in] NextPayload The payload type presented in the NextPayload field \r | |
480 | of ID Payload header.\r | |
481 | @param[in] InCert Pointer to the Certificate which distinguished name\r | |
482 | will be added into the Id payload.\r | |
483 | @param[in] CertSize Size of the Certificate.\r | |
484 | \r | |
485 | @retval Pointer to ID IKE payload.\r | |
486 | \r | |
487 | **/\r | |
488 | IKE_PAYLOAD *\r | |
489 | Ikev2GenerateCertIdPayload (\r | |
490 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
491 | IN UINT8 NextPayload, \r | |
492 | IN UINT8 *InCert,\r | |
493 | IN UINTN CertSize\r | |
494 | );\r | |
495 | \r | |
496 | /**\r | |
497 | Generate a Nonce payload contenting the input parameter NonceBuf.\r | |
498 | \r | |
499 | @param[in] NonceBuf The nonce buffer content the whole Nonce payload block \r | |
500 | except the payload header.\r | |
501 | @param[in] NonceSize The buffer size of the NonceBuf\r | |
502 | @param[in] NextPayload The payload type presented in the NextPayload field \r | |
503 | of Nonce Payload header.\r | |
504 | \r | |
505 | @retval Pointer to Nonce IKE paload.\r | |
506 | \r | |
507 | **/\r | |
508 | IKE_PAYLOAD *\r | |
509 | Ikev2GenerateNoncePayload (\r | |
510 | IN UINT8 *NonceBuf,\r | |
511 | IN UINTN NonceSize,\r | |
512 | IN UINT8 NextPayload\r | |
513 | );\r | |
514 | \r | |
515 | /**\r | |
516 | Generate the Notify payload.\r | |
517 | \r | |
518 | Since the structure of Notify payload which defined in RFC 4306 is simple, so\r | |
519 | there is no internal data structure for Notify payload. This function generate \r | |
520 | Notify payload defined in RFC 4306, but all the fields in this payload are still \r | |
521 | in host order and need call Ikev2EncodePayload() to convert those fields from \r | |
522 | the host order to network order beforing sending it.\r | |
523 | \r | |
524 | @param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r | |
525 | For IPsec SAs it MUST be neither (2) for AH or (3)\r | |
526 | for ESP.\r | |
527 | @param[in] NextPayload The next paylaod type in NextPayload field of \r | |
528 | the Notify payload.\r | |
529 | @param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.\r | |
530 | @param[in] MessageType The message type in NotifyMessageType field of the \r | |
531 | Notify Payload.\r | |
532 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
533 | @param[in] NotifyData Pointer to buffer contains the notification data.\r | |
534 | @param[in] NotifyDataSize The size of NotifyData in bytes.\r | |
535 | \r | |
536 | \r | |
537 | @retval Pointer to IKE Notify Payload.\r | |
538 | \r | |
539 | **/\r | |
540 | IKE_PAYLOAD *\r | |
541 | Ikev2GenerateNotifyPayload (\r | |
542 | IN UINT8 ProtocolId,\r | |
543 | IN UINT8 NextPayload,\r | |
544 | IN UINT8 SpiSize,\r | |
545 | IN UINT16 MessageType,\r | |
546 | IN UINT8 *SpiBuf,\r | |
547 | IN UINT8 *NotifyData,\r | |
548 | IN UINTN NotifyDataSize\r | |
549 | );\r | |
550 | \r | |
551 | /**\r | |
552 | Generate the Delete payload.\r | |
553 | \r | |
554 | Since the structure of Delete payload which defined in RFC 4306 is simple, \r | |
555 | there is no internal data structure for Delete payload. This function generate \r | |
556 | Delete payload defined in RFC 4306, but all the fields in this payload are still \r | |
557 | in host order and need call Ikev2EncodePayload() to convert those fields from \r | |
558 | the host order to network order beforing sending it.\r | |
559 | \r | |
560 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r | |
561 | @param[in] NextPayload The next paylaod type in NextPayload field of \r | |
562 | the Delete payload.\r | |
563 | @param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r | |
564 | @param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r | |
565 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
566 | \r | |
567 | @retval Pointer to IKE Delete Payload.\r | |
568 | \r | |
569 | **/\r | |
570 | IKE_PAYLOAD *\r | |
571 | Ikev2GenerateDeletePayload (\r | |
572 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
573 | IN UINT8 NextPayload,\r | |
574 | IN UINT8 SpiSize,\r | |
575 | IN UINT16 SpiNum,\r | |
576 | IN UINT8 *SpiBuf \r | |
577 | );\r | |
578 | \r | |
579 | /**\r | |
580 | Generate the Configuration payload.\r | |
581 | \r | |
582 | This function generates a configuration payload defined in RFC 4306, but all the \r | |
583 | fields in this payload are still in host order and need call Ikev2EncodePayload() \r | |
584 | to convert those fields from the host order to network order beforing sending it.\r | |
585 | \r | |
586 | @param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r | |
587 | generation.\r | |
588 | @param[in] NextPayload The next paylaod type in NextPayload field of \r | |
589 | the Delete payload.\r | |
590 | @param[in] CfgType The attribute type in the Configuration attribute.\r | |
591 | \r | |
592 | @retval Pointer to IKE CP Payload.\r | |
593 | \r | |
594 | **/\r | |
595 | IKE_PAYLOAD *\r | |
596 | Ikev2GenerateCpPayload (\r | |
597 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
598 | IN UINT8 NextPayload,\r | |
599 | IN UINT8 CfgType\r | |
600 | );\r | |
601 | \r | |
602 | /**\r | |
603 | Generate a Authentication Payload.\r | |
604 | \r | |
605 | This function is used for both Authentication generation and verification. When the \r | |
606 | IsVerify is TRUE, it create a Auth Data for verification. This function choose the \r | |
607 | related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r | |
608 | and the value of IsVerify parameter.\r | |
609 | \r | |
610 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
611 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication \r | |
612 | payload generation.\r | |
613 | @param[in] NextPayload The type filled into the Authentication Payload next \r | |
614 | payload field.\r | |
615 | @param[in] IsVerify If it is TURE, the Authentication payload is used for\r | |
616 | verification.\r | |
617 | \r | |
618 | @return pointer to IKE Authentication payload for pre-shard key method.\r | |
619 | \r | |
620 | **/\r | |
621 | IKE_PAYLOAD *\r | |
622 | Ikev2PskGenerateAuthPayload (\r | |
623 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
624 | IN IKE_PAYLOAD *IdPayload,\r | |
625 | IN UINT8 NextPayload,\r | |
626 | IN BOOLEAN IsVerify\r | |
627 | );\r | |
628 | \r | |
629 | /**\r | |
630 | Generate a Authentication Payload for Certificate Auth method. \r | |
631 | \r | |
632 | This function has two functions. One is creating a local Authentication \r | |
633 | Payload for sending and other is creating the remote Authentication data \r | |
634 | for verification when the IsVerify is TURE.\r | |
635 | \r | |
636 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
637 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication \r | |
638 | payload generation.\r | |
639 | @param[in] NextPayload The type filled into the Authentication Payload \r | |
640 | next payload field.\r | |
641 | @param[in] IsVerify If it is TURE, the Authentication payload is used \r | |
642 | for verification.\r | |
643 | @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when \r | |
644 | verify the authenticate payload.\r | |
645 | @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it \r | |
646 | when verify the authenticate payload.\r | |
647 | @param[in] UefiKeyPwd Pointer to the password of UEFI private key. \r | |
648 | Ignore it when verify the authenticate payload.\r | |
649 | @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when \r | |
650 | verify the authenticate payload.\r | |
651 | \r | |
652 | @return pointer to IKE Authentication payload for certification method.\r | |
653 | \r | |
654 | **/\r | |
655 | IKE_PAYLOAD *\r | |
656 | Ikev2CertGenerateAuthPayload (\r | |
657 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
658 | IN IKE_PAYLOAD *IdPayload,\r | |
659 | IN UINT8 NextPayload,\r | |
660 | IN BOOLEAN IsVerify,\r | |
661 | IN UINT8 *UefiPrivateKey,\r | |
662 | IN UINTN UefiPrivateKeyLen,\r | |
663 | IN UINT8 *UefiKeyPwd,\r | |
664 | IN UINTN UefiKeyPwdLen\r | |
665 | );\r | |
666 | \r | |
667 | /**\r | |
668 | Generate TS payload.\r | |
669 | \r | |
670 | This function generates TSi or TSr payload according to type of next payload.\r | |
671 | If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r | |
672 | TSr payload\r | |
673 | \r | |
674 | @param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.\r | |
675 | @param[in] NextPayload The payload type presented in the NextPayload field \r | |
676 | of ID Payload header.\r | |
677 | @param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r | |
678 | If yes, it means the Tsi and Tsr payload should be with\r | |
679 | Max port range and address range and protocol is marked\r | |
680 | as zero.\r | |
681 | \r | |
682 | @retval Pointer to Ts IKE payload.\r | |
683 | \r | |
684 | **/\r | |
685 | IKE_PAYLOAD *\r | |
686 | Ikev2GenerateTsPayload (\r | |
687 | IN IKEV2_CHILD_SA_SESSION *ChildSa,\r | |
688 | IN UINT8 NextPayload,\r | |
689 | IN BOOLEAN IsTunnel\r | |
690 | );\r | |
691 | \r | |
692 | /**\r | |
693 | Parser the Notify Cookie payload.\r | |
694 | \r | |
695 | This function parses the Notify Cookie payload.If the Notify ProtocolId is not\r | |
696 | IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r | |
697 | the COOKIE, return EFI_INVALID_PARAMETER.\r | |
698 | \r | |
699 | @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the \r | |
700 | Notify Cookie payload.\r | |
701 | the Notify payload.\r | |
702 | @param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.\r | |
703 | \r | |
704 | @retval EFI_SUCCESS The Notify Cookie Payload is valid.\r | |
705 | @retval EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.\r | |
706 | @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r | |
707 | \r | |
708 | **/\r | |
709 | EFI_STATUS\r | |
710 | Ikev2ParserNotifyCookiePayload (\r | |
711 | IN IKE_PAYLOAD *IkeNCookie,\r | |
712 | IN OUT IKEV2_SA_SESSION *IkeSaSession\r | |
713 | );\r | |
714 | \r | |
715 | /**\r | |
716 | Generate the Certificate payload or Certificate Request Payload.\r | |
717 | \r | |
718 | Since the Certificate Payload structure is same with Certificate Request Payload, \r | |
719 | the only difference is that one contains the Certificate Data, other contains\r | |
720 | the acceptable certificateion CA. This function generate Certificate payload \r | |
721 | or Certificate Request Payload defined in RFC 4306, but all the fields \r | |
722 | in the payload are still in host order and need call Ikev2EncodePayload() \r | |
723 | to convert those fields from the host order to network order beforing sending it.\r | |
724 | \r | |
725 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload \r | |
726 | generation.\r | |
727 | @param[in] NextPayload The next paylaod type in NextPayload field of \r | |
728 | the Delete payload.\r | |
729 | @param[in] Certificate Pointer of buffer contains the certification data.\r | |
730 | @param[in] CertificateLen The length of Certificate in byte.\r | |
731 | @param[in] EncodeType Specified the Certificate Encodeing which is defined\r | |
732 | in RFC 4306.\r | |
733 | @param[in] IsRequest To indicate create Certificate Payload or Certificate\r | |
734 | Request Payload. If it is TURE, create Certificate\r | |
735 | Request Payload. Otherwise, create Certificate Payload.\r | |
736 | \r | |
737 | @retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r | |
738 | payload or Certificated Request payload.\r | |
739 | \r | |
740 | **/\r | |
741 | IKE_PAYLOAD *\r | |
742 | Ikev2GenerateCertificatePayload (\r | |
743 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
744 | IN UINT8 NextPayload,\r | |
745 | IN UINT8 *Certificate,\r | |
746 | IN UINTN CertificateLen,\r | |
747 | IN UINT8 EncodeType,\r | |
748 | IN BOOLEAN IsRequest\r | |
749 | );\r | |
750 | \r | |
751 | /**\r | |
752 | General interface of payload encoding.\r | |
753 | \r | |
754 | This function encode the internal data structure into payload which \r | |
755 | is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input \r | |
756 | payload and converted payload. Only the SA payload use the interal structure \r | |
757 | to store the attribute. Other payload use structure which is same with the RFC \r | |
758 | defined, for this kind payloads just do host order to network order change of \r | |
759 | some fields.\r | |
760 | \r | |
761 | @param[in] SessionCommon Pointer to IKE Session Common used to encode the payload.\r | |
762 | @param[in, out] IkePayload Pointer to IKE payload to be encode as input, and\r | |
763 | store the encoded result as output.\r | |
764 | \r | |
765 | @retval EFI_INVALID_PARAMETER Meet error when encode the SA payload.\r | |
766 | @retval EFI_SUCCESS Encode successfully.\r | |
767 | \r | |
768 | **/\r | |
769 | EFI_STATUS\r | |
770 | Ikev2EncodePayload (\r | |
771 | IN UINT8 *SessionCommon,\r | |
772 | IN OUT IKE_PAYLOAD *IkePayload\r | |
773 | );\r | |
774 | \r | |
775 | /**\r | |
776 | The general interface of decode Payload.\r | |
777 | \r | |
778 | This function convert the received Payload into internal structure.\r | |
779 | \r | |
780 | @param[in] SessionCommon Pointer to IKE Session Common to use for decoding.\r | |
781 | @param[in, out] IkePayload Pointer to IKE payload to be decode as input, and\r | |
782 | store the decoded result as output. \r | |
783 | \r | |
784 | @retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.\r | |
785 | @retval EFI_SUCCESS Decode successfully.\r | |
786 | \r | |
787 | **/\r | |
788 | EFI_STATUS\r | |
789 | Ikev2DecodePayload (\r | |
790 | IN UINT8 *SessionCommon,\r | |
791 | IN OUT IKE_PAYLOAD *IkePayload\r | |
792 | );\r | |
793 | \r | |
794 | /**\r | |
795 | Decrypt IKE packet.\r | |
796 | \r | |
797 | This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.\r | |
798 | \r | |
799 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing \r | |
800 | some parameter used during decrypting.\r | |
801 | @param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input, \r | |
802 | and the decrypted reslult as output.\r | |
803 | @param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
804 | IKE_CHILD_TYPE are supportted.\r | |
805 | \r | |
806 | @retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the \r | |
807 | IKE packet length is not Algorithm Block Size\r | |
808 | alignment.\r | |
809 | @retval EFI_SUCCESS Decrypt IKE packet successfully.\r | |
810 | \r | |
811 | **/\r | |
812 | EFI_STATUS\r | |
813 | Ikev2DecryptPacket (\r | |
814 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
815 | IN OUT IKE_PACKET *IkePacket,\r | |
816 | IN OUT UINTN IkeType\r | |
817 | );\r | |
818 | \r | |
819 | /**\r | |
820 | Encrypt IKE packet.\r | |
821 | \r | |
822 | This function encrypt IKE packet before sending it. The Encrypted IKE packet\r | |
823 | is put in to IKEV2 Encrypted Payload.\r | |
824 | \r | |
825 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r | |
826 | @param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r | |
827 | \r | |
828 | @retval EFI_SUCCESS Operation is successful.\r | |
829 | @retval Others OPeration is failed.\r | |
830 | \r | |
831 | **/\r | |
832 | EFI_STATUS\r | |
833 | Ikev2EncryptPacket (\r | |
834 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
835 | IN OUT IKE_PACKET *IkePacket\r | |
836 | );\r | |
837 | \r | |
838 | /**\r | |
839 | Encode the IKE packet.\r | |
840 | \r | |
841 | This function put all Payloads into one payload then encrypt it if needed.\r | |
842 | \r | |
843 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing \r | |
844 | some parameter used during IKE packet encoding.\r | |
845 | @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input, \r | |
846 | and the encoded reslult as output.\r | |
847 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
848 | IKE_CHILD_TYPE are supportted.\r | |
849 | \r | |
850 | @retval EFI_SUCCESS Encode IKE packet successfully.\r | |
851 | @retval Otherwise Encode IKE packet failed.\r | |
852 | \r | |
853 | **/\r | |
854 | EFI_STATUS\r | |
855 | Ikev2EncodePacket (\r | |
856 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
857 | IN OUT IKE_PACKET *IkePacket,\r | |
858 | IN UINTN IkeType\r | |
859 | );\r | |
860 | \r | |
861 | /**\r | |
862 | Decode the IKE packet.\r | |
863 | \r | |
864 | This function first decrypts the IKE packet if needed , then separats the whole \r | |
865 | IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.\r | |
866 | \r | |
867 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing \r | |
868 | some parameter used by IKE packet decoding.\r | |
869 | @param[in, out] IkePacket The IKE Packet to be decoded on input, and \r | |
870 | the decoded result on return.\r | |
871 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
872 | IKE_CHILD_TYPE are supportted.\r | |
873 | \r | |
874 | @retval EFI_SUCCESS The IKE packet is decoded successfull.\r | |
875 | @retval Otherwise The IKE packet decoding is failed.\r | |
876 | \r | |
877 | **/\r | |
878 | EFI_STATUS\r | |
879 | Ikev2DecodePacket (\r | |
880 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
881 | IN OUT IKE_PACKET *IkePacket,\r | |
882 | IN UINTN IkeType\r | |
883 | );\r | |
884 | \r | |
885 | /**\r | |
886 | Save some useful payloads after accepting the Packet.\r | |
887 | \r | |
888 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.\r | |
889 | @param[in] IkePacket Pointer to received IkePacet.\r | |
890 | @param[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info\r | |
891 | exchange.\r | |
892 | \r | |
893 | **/\r | |
894 | VOID\r | |
895 | Ikev2OnPacketAccepted (\r | |
896 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
897 | IN IKE_PACKET *IkePacket,\r | |
898 | IN UINT8 IkeType\r | |
899 | );\r | |
900 | \r | |
901 | /**\r | |
902 | Send out IKEV2 packet.\r | |
903 | \r | |
904 | @param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r | |
905 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r | |
906 | @param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r | |
907 | @param[in] IkeType The type of IKE to point what's kind of the IKE \r | |
908 | packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE \r | |
909 | and IKE_CHILD_TYPE are supportted.\r | |
910 | \r | |
911 | @retval EFI_SUCCESS The operation complete successfully.\r | |
912 | @retval Otherwise The operation is failed.\r | |
913 | \r | |
914 | **/\r | |
915 | EFI_STATUS\r | |
916 | Ikev2SendIkePacket (\r | |
917 | IN IKE_UDP_SERVICE *IkeUdpService,\r | |
918 | IN UINT8 *SessionCommon,\r | |
919 | IN IKE_PACKET *IkePacket,\r | |
920 | IN UINTN IkeType\r | |
921 | );\r | |
922 | \r | |
923 | /**\r | |
924 | Callback function for the IKE life time is over.\r | |
925 | \r | |
926 | This function will mark the related IKE SA Session as deleting and trigger a \r | |
927 | Information negotiation.\r | |
928 | \r | |
929 | @param[in] Event The time out event.\r | |
930 | @param[in] Context Pointer to data passed by caller.\r | |
931 | \r | |
932 | **/\r | |
933 | VOID\r | |
934 | EFIAPI\r | |
935 | Ikev2LifetimeNotify (\r | |
936 | IN EFI_EVENT Event,\r | |
937 | IN VOID *Context\r | |
938 | );\r | |
939 | \r | |
940 | /**\r | |
941 | This function will be called if the TimeOut Event is signaled.\r | |
942 | \r | |
943 | @param[in] Event The signaled Event.\r | |
944 | @param[in] Context The data passed by caller.\r | |
945 | \r | |
946 | **/\r | |
947 | VOID\r | |
948 | EFIAPI\r | |
949 | Ikev2ResendNotify (\r | |
950 | IN EFI_EVENT Event,\r | |
951 | IN VOID *Context\r | |
952 | );\r | |
953 | \r | |
954 | /**\r | |
955 | Generate a Key Exchange payload according to the DH group type and save the \r | |
956 | public Key into IkeSaSession IkeKey field.\r | |
957 | \r | |
958 | @param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r | |
959 | @param[in] NextPayload The payload type presented in the NextPayload field of Key \r | |
960 | Exchange Payload header.\r | |
961 | \r | |
962 | @retval Pointer to Key IKE payload.\r | |
963 | \r | |
964 | **/\r | |
965 | IKE_PAYLOAD *\r | |
966 | Ikev2GenerateKePayload (\r | |
967 | IN OUT IKEV2_SA_SESSION *IkeSaSession, \r | |
968 | IN UINT8 NextPayload \r | |
969 | );\r | |
970 | \r | |
971 | /**\r | |
972 | Check if the SPD is related to the input Child SA Session.\r | |
973 | \r | |
974 | This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r | |
975 | back function of IpSecVisitConfigData(). \r | |
976 | \r | |
977 | \r | |
978 | @param[in] Type Type of the input Config Selector.\r | |
979 | @param[in] Selector Pointer to the Configure Selector to be checked. \r | |
980 | @param[in] Data Pointer to the Configure Selector's Data passed \r | |
981 | from the caller.\r | |
982 | @param[in] SelectorSize The buffer size of Selector.\r | |
983 | @param[in] DataSize The buffer size of the Data.\r | |
984 | @param[in] Context The data passed from the caller. It is a Child\r | |
985 | SA Session in this context.\r | |
986 | \r | |
987 | @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session. \r | |
988 | @retval EFI_ABORTED The SPD Selector is related to the Child SA session and \r | |
989 | set the ChildSaSession->Spd to point to this SPD Selector.\r | |
990 | \r | |
991 | **/\r | |
992 | EFI_STATUS\r | |
993 | Ikev2MatchSpdEntry (\r | |
994 | IN EFI_IPSEC_CONFIG_DATA_TYPE Type,\r | |
995 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
996 | IN VOID *Data,\r | |
997 | IN UINTN SelectorSize,\r | |
998 | IN UINTN DataSize,\r | |
999 | IN VOID *Context\r | |
1000 | );\r | |
1001 | \r | |
1002 | /**\r | |
1003 | Check if the Algorithm ID is supported.\r | |
1004 | \r | |
1005 | @param[in] AlgorithmId The specified Algorithm ID.\r | |
1006 | @param[in] Type The type used to indicate the Algorithm is for Encrypt or\r | |
1007 | Authentication.\r | |
1008 | \r | |
1009 | @retval TRUE If the Algorithm ID is supported.\r | |
1010 | @retval FALSE If the Algorithm ID is not supported.\r | |
1011 | \r | |
1012 | **/\r | |
1013 | BOOLEAN\r | |
1014 | Ikev2IsSupportAlg (\r | |
1015 | IN UINT16 AlgorithmId,\r | |
1016 | IN UINT8 Type\r | |
1017 | );\r | |
1018 | \r | |
1019 | /**\r | |
1020 | Generate a ChildSa Session and insert it into related IkeSaSession.\r | |
1021 | \r | |
1022 | @param[in] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
1023 | @param[in] UdpService Pointer to related IKE_UDP_SERVICE.\r | |
1024 | \r | |
1025 | @return pointer of IKEV2_CHILD_SA_SESSION.\r | |
1026 | \r | |
1027 | **/\r | |
1028 | IKEV2_CHILD_SA_SESSION *\r | |
1029 | Ikev2ChildSaSessionCreate (\r | |
1030 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
1031 | IN IKE_UDP_SERVICE *UdpService\r | |
1032 | ) ;\r | |
1033 | \r | |
1034 | /**\r | |
1035 | Parse the received Initial Exchange Packet.\r | |
1036 | \r | |
1037 | This function parse the SA Payload and Key Payload to find out the cryptographic \r | |
1038 | suite for the further IKE negotiation and fill it into the IKE SA Session's \r | |
1039 | CommonSession->SaParams.\r | |
1040 | \r | |
1041 | @param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
1042 | @param[in] SaPayload The received packet.\r | |
1043 | @param[in] Type The received packet IKE header flag. \r | |
1044 | \r | |
1045 | @retval TRUE If the SA proposal in Packet is acceptable.\r | |
1046 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
1047 | \r | |
1048 | **/\r | |
1049 | BOOLEAN\r | |
1050 | Ikev2SaParseSaPayload (\r | |
1051 | IN OUT IKEV2_SA_SESSION *IkeSaSession,\r | |
1052 | IN IKE_PAYLOAD *SaPayload,\r | |
1053 | IN UINT8 Type\r | |
1054 | );\r | |
1055 | \r | |
1056 | /**\r | |
1057 | Parse the received Authentication Exchange Packet.\r | |
1058 | \r | |
1059 | This function parse the SA Payload and Key Payload to find out the cryptographic\r | |
1060 | suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r | |
1061 | \r | |
1062 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to \r | |
1063 | this Authentication Exchange.\r | |
1064 | @param[in] SaPayload The received packet.\r | |
1065 | @param[in] Type The IKE header's flag of received packet . \r | |
1066 | \r | |
1067 | @retval TRUE If the SA proposal in Packet is acceptable.\r | |
1068 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
1069 | \r | |
1070 | **/\r | |
1071 | BOOLEAN\r | |
1072 | Ikev2ChildSaParseSaPayload (\r | |
1073 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
1074 | IN IKE_PAYLOAD *SaPayload,\r | |
1075 | IN UINT8 Type\r | |
1076 | );\r | |
1077 | \r | |
1078 | /**\r | |
1079 | Generate Key buffer from fragments.\r | |
1080 | \r | |
1081 | If the digest length of specified HashAlgId is larger than or equal with the \r | |
1082 | required output key length, derive the key directly. Otherwise, Key Material \r | |
1083 | needs to be PRF-based concatenation according to 2.13 of RFC 4306: \r | |
1084 | prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r | |
1085 | T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r | |
1086 | then derive the key from this key material.\r | |
1087 | \r | |
1088 | @param[in] HashAlgId The Hash Algorithm ID used to generate key.\r | |
1089 | @param[in] HashKey Pointer to a key buffer which contains hash key.\r | |
1090 | @param[in] HashKeyLength The length of HashKey in bytes.\r | |
1091 | @param[in, out] OutputKey Pointer to buffer which is used to receive the \r | |
1092 | output key.\r | |
1093 | @param[in] OutputKeyLength The length of OutPutKey buffer.\r | |
1094 | @param[in] Fragments Pointer to the data to be used to generate key.\r | |
1095 | @param[in] NumFragments The numbers of the Fragement.\r | |
1096 | \r | |
1097 | @retval EFI_SUCCESS The operation complete successfully.\r | |
1098 | @retval EFI_INVALID_PARAMETER If NumFragments is zero.\r | |
1099 | @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r | |
1100 | @retval Others The operation is failed.\r | |
1101 | \r | |
1102 | **/\r | |
1103 | EFI_STATUS\r | |
1104 | Ikev2SaGenerateKey (\r | |
1105 | IN UINT8 HashAlgId,\r | |
1106 | IN UINT8 *HashKey,\r | |
1107 | IN UINTN HashKeyLength,\r | |
1108 | IN OUT UINT8 *OutputKey,\r | |
1109 | IN UINTN OutputKeyLength,\r | |
1110 | IN PRF_DATA_FRAGMENT *Fragments,\r | |
1111 | IN UINTN NumFragments\r | |
1112 | );\r | |
1113 | \r | |
1114 | /**\r | |
1115 | Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r | |
1116 | \r | |
1117 | ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r | |
1118 | the SpdSelector in ChildSaSession is more accurated or the scope is smaller \r | |
1119 | than the one in ChildSaSession->Spd, especially for the tunnel mode.\r | |
1120 | \r | |
1121 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r | |
1122 | \r | |
1123 | **/\r | |
1124 | VOID\r | |
1125 | Ikev2ChildSaSessionSpdSelectorCreate (\r | |
1126 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
1127 | );\r | |
1128 | \r | |
1129 | extern IKE_ALG_GUID_INFO mIPsecEncrAlgInfo[];\r | |
1130 | #endif\r | |
1131 | \r |