[mirror_edk2.git] / NetworkPkg / IpSecDxe / Ikev2 / Info.c

/** @file\r
  The Implementations for Information Exchange.\r
\r
  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
  Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
  \r
**/\r
\r
#include "Utility.h"\r
#include "IpSecDebug.h"\r
#include "IpSecConfigImpl.h"\r
\r
/**\r
  Generate Information Packet.\r
\r
  The information Packet may contain one Delete Payload, or Notify Payload, which \r
  dependes on the Context's parameters.\r
\r
  @param[in]  SaSession   Pointer to IKE SA Session or Child SA Session which is \r
                          related to the information Exchange.\r
  @param[in]  Context     The Data passed from the caller. If the Context is not NULL\r
                          it should contain the information for Notification Data.\r
                          \r
  @retval     Pointer of IKE_PACKET generated.\r
\r
**/\r
IKE_PACKET *\r
Ikev2InfoGenerator (\r
  IN UINT8                         *SaSession,\r
  IN VOID                          *Context\r
  )\r
{\r
  IKEV2_SA_SESSION            *IkeSaSession;\r
  IKEV2_CHILD_SA_SESSION      *ChildSaSession;\r
  IKE_PACKET                  *IkePacket;\r
  IKE_PAYLOAD                 *IkePayload;\r
  IKEV2_INFO_EXCHANGE_CONTEXT *InfoContext;\r
\r
  InfoContext  = NULL;\r
  IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
  IkePacket    = IkePacketAlloc ();\r
  if (IkePacket == NULL) {\r
    return NULL;\r
  }\r
\r
  //\r
  // Fill IkePacket Header.\r
  //\r
  IkePacket->Header->ExchangeType    = IKEV2_EXCHANGE_TYPE_INFO;\r
  IkePacket->Header->Version         = (UINT8) (2 << 4); \r
\r
  if (Context != NULL) {\r
    InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;\r
  }\r
\r
  //\r
  // For Liveness Check\r
  //\r
  if (InfoContext != NULL && \r
      (InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify) \r
    ) {\r
    IkePacket->Header->MessageId       = InfoContext->MessageId;\r
    IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
    IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_NONE;\r
    IkePacket->Header->Flags           = IKE_HEADER_FLAGS_RESPOND;\r
    //\r
    // TODO: add Notify Payload for Notification Information.\r
    //\r
    return IkePacket;\r
  }\r
  \r
  //\r
  // For delete SAs\r
  //  \r
  if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {\r
\r
    IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
\r
    //\r
    // If the information message is response message,the MessageId should\r
    // be same as the request MessageId which passed through the Context.\r
    //\r
    if (InfoContext != NULL) {\r
      IkePacket->Header->MessageId     = InfoContext->MessageId;\r
    } else {\r
      IkePacket->Header->MessageId     = IkeSaSession->MessageId;\r
      Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
    }\r
    //\r
    // If the state is on deleting generate a Delete Payload for it.\r
    //\r
    if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {\r
      IkePayload = Ikev2GenerateDeletePayload (\r
                     IkeSaSession, \r
                     IKEV2_PAYLOAD_TYPE_NONE, \r
                     0, \r
                     0, \r
                     NULL\r
                     );  \r
      if (IkePayload == NULL) {\r
        goto ERROR_EXIT;\r
      }\r
      //\r
      // Fill the next payload in IkePacket's Header.\r
      //\r
      IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_DELETE;\r
      IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
      IkePacket->Private           = IkeSaSession->SessionCommon.Private;\r
      IkePacket->Spi               = 0;\r
      IkePacket->IsDeleteInfo      = TRUE;\r
            \r
    } else if (Context != NULL) {\r
      //\r
      // TODO: If contest is not NULL Generate a Notify Payload.\r
      //\r
    } else {\r
      //\r
      // The input parameter is not correct.\r
      //\r
      goto ERROR_EXIT;\r
    }\r
\r
    if (IkeSaSession->SessionCommon.IsInitiator) {\r
      IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
    }  \r
  } else {\r
    //\r
    // Delete the Child SA Information Exchagne\r
    //\r
    ChildSaSession                     = (IKEV2_CHILD_SA_SESSION *) SaSession;\r
    IkeSaSession                       = ChildSaSession->IkeSaSession;\r
    IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;\r
    IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;\r
\r
    //\r
    // If the information message is response message,the MessageId should\r
    // be same as the request MessageId which passed through the Context.\r
    //\r
    if (InfoContext != NULL && InfoContext->MessageId != 0) {\r
      IkePacket->Header->MessageId     = InfoContext->MessageId;\r
    } else {\r
      IkePacket->Header->MessageId     = ChildSaSession->IkeSaSession->MessageId;\r
      Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
    }\r
    \r
    IkePayload     = Ikev2GenerateDeletePayload (\r
                       ChildSaSession->IkeSaSession,\r
                       IKEV2_PAYLOAD_TYPE_DELETE,\r
                       4,\r
                       1,\r
                       (UINT8 *)&ChildSaSession->LocalPeerSpi\r
                       );\r
    if (IkePayload == NULL) {\r
      goto ERROR_EXIT;\r
    }\r
    //\r
    // Fill the Next Payload in IkePacket's Header.\r
    //\r
    IkePacket->Header->NextPayload     = IKEV2_PAYLOAD_TYPE_DELETE;\r
    IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
\r
    IkePacket->Private      = IkeSaSession->SessionCommon.Private;\r
    IkePacket->Spi          = ChildSaSession->LocalPeerSpi;\r
    IkePacket->IsDeleteInfo = TRUE;\r
\r
    if (!ChildSaSession->SessionCommon.IsInitiator) {\r
      //\r
      // If responder, use the MessageId fromt the initiator.\r
      //\r
      IkePacket->Header->MessageId = ChildSaSession->MessageId;\r
    }\r
\r
    //\r
    // Change the IsOnDeleting Flag\r
    //\r
    ChildSaSession->SessionCommon.IsOnDeleting = TRUE;\r
\r
    if (ChildSaSession->SessionCommon.IsInitiator) {\r
      IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
    }\r
  }\r
\r
  if (InfoContext != NULL) {\r
    IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;\r
  }\r
  \r
  return IkePacket;\r
\r
ERROR_EXIT:\r
   if (IkePacket != NULL) {\r
     FreePool (IkePacket);\r
   }\r
   return NULL;\r
\r
}\r
\r
/**\r
  Parse the Info Exchange.\r
\r
  @param[in]  SaSession   Pointer to IKEV2_SA_SESSION.\r
  @param[in]  IkePacket   Pointer to IkePacket related to the Information Exchange.\r
\r
  @retval  EFI_SUCCESS    The operation finised successed.\r
\r
**/\r
EFI_STATUS\r
Ikev2InfoParser (\r
  IN UINT8                         *SaSession,\r
  IN IKE_PACKET                    *IkePacket\r
  )\r
{\r
  IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
  IKEV2_SA_SESSION       *IkeSaSession;\r
  IKE_PAYLOAD            *DeletePayload;\r
  IKE_PAYLOAD            *IkePayload;\r
  IKEV2_DELETE           *Delete;\r
  LIST_ENTRY             *Entry;\r
  LIST_ENTRY             *ListEntry;\r
  UINT8                  Index;\r
  UINT32                 Spi;\r
  UINT8                  *SpiBuffer;\r
  IPSEC_PRIVATE_DATA     *Private;\r
  UINT8                  Value;\r
  EFI_STATUS             Status;\r
  IKE_PACKET             *RespondPacket;\r
  \r
  IKEV2_INFO_EXCHANGE_CONTEXT Context;\r
  \r
  IkeSaSession   = (IKEV2_SA_SESSION *) SaSession;\r
\r
  DeletePayload  = NULL;\r
  Private        = NULL;\r
  RespondPacket  = NULL;\r
  Status         = EFI_SUCCESS;\r
  \r
  //\r
  // For Liveness Check\r
  //\r
  if (IkePacket->Header->NextPayload == IKEV2_PAYLOAD_TYPE_NONE &&\r
      (IkePacket->PayloadTotalSize == 0)\r
      ) {\r
    if (IkePacket->Header->Flags == IKE_HEADER_FLAGS_INIT) {\r
      //\r
      // If it is Liveness check request, reply it.\r
      //\r
      Context.InfoType  = Ikev2InfoLiveCheck;\r
      Context.MessageId = IkePacket->Header->MessageId;\r
      RespondPacket     = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
\r
      if (RespondPacket == NULL) {\r
        Status = EFI_INVALID_PARAMETER;\r
        return Status;\r
      }\r
      Status = Ikev2SendIkePacket (\r
                 IkeSaSession->SessionCommon.UdpService,\r
                 (UINT8 *)(&IkeSaSession->SessionCommon),\r
                 RespondPacket,\r
                 0\r
                 );\r
\r
    } else {\r
      //\r
      // Todo: verify the liveness check response packet.\r
      //\r
    }\r
    return Status;\r
  }\r
\r
  //\r
  // For SA Delete\r
  //\r
  NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {   \r
\r
  //\r
  // Iterate payloads to find the Delete/Notify Payload.\r
  //\r
    IkePayload  = IKE_PAYLOAD_BY_PACKET (Entry);\r
    \r
    if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {\r
      DeletePayload = IkePayload;\r
      Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;\r
\r
      if (Delete->SpiSize == 0) {\r
        //\r
        // Delete IKE SA.\r
        //\r
        if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting) {\r
          RemoveEntryList (&IkeSaSession->BySessionTable);\r
          Ikev2SaSessionFree (IkeSaSession);\r
          //\r
          // Checking the Private status.\r
          //\r
          //\r
          // when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec\r
          // status should be changed.\r
          //\r
          Private = IkeSaSession->SessionCommon.Private;\r
          if (Private != NULL && Private->IsIPsecDisabling) {\r
            //\r
            // After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in\r
            // IPsec status variable.\r
            //\r
            if (IsListEmpty (&Private->Ikev1EstablishedList) && \r
                (IsListEmpty (&Private->Ikev2EstablishedList))\r
               ) {\r
              Value  = IPSEC_STATUS_DISABLED;\r
              Status = gRT->SetVariable (\r
                         IPSECCONFIG_STATUS_NAME,\r
                         &gEfiIpSecConfigProtocolGuid,\r
                         EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
                         sizeof (Value),\r
                         &Value\r
                         );\r
              if (!EFI_ERROR (Status)) {\r
                //\r
                // Set the DisabledFlag in Private data.\r
                //\r
                Private->IpSec.DisabledFlag = TRUE;\r
                Private->IsIPsecDisabling   = FALSE;\r
              }\r
            }\r
          }\r
        } else {\r
          IkeSaSession->SessionCommon.State = IkeStateSaDeleting;\r
          Context.InfoType                  = Ikev2InfoDelete;\r
          Context.MessageId                 = IkePacket->Header->MessageId;\r
\r
          RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
          if (RespondPacket == NULL) {\r
            Status = EFI_INVALID_PARAMETER;\r
            return Status;\r
          }\r
          Status = Ikev2SendIkePacket (\r
                     IkeSaSession->SessionCommon.UdpService, \r
                     (UINT8 *)(&IkeSaSession->SessionCommon), \r
                     RespondPacket, \r
                     0\r
                     );\r
        }\r
      } else if (Delete->SpiSize == 4) {\r
        //\r
        // Move the Child SAs to DeleteList\r
        //\r
        SpiBuffer = (UINT8 *)(Delete + 1);\r
        for (Index = 0; Index < Delete->NumSpis; Index++) {\r
          Spi = ReadUnaligned32 ((UINT32 *)SpiBuffer);\r
          for (ListEntry = IkeSaSession->ChildSaEstablishSessionList.ForwardLink;\r
               ListEntry != &IkeSaSession->ChildSaEstablishSessionList;\r
          ) {\r
            ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (ListEntry);\r
            ListEntry = ListEntry->ForwardLink;\r
\r
            if (ChildSaSession->RemotePeerSpi == HTONL(Spi)) {\r
              if (ChildSaSession->SessionCommon.State != IkeStateSaDeleting) {\r
\r
                //\r
                // Insert the ChildSa Session into Delete List.\r
                //\r
                InsertTailList (&IkeSaSession->DeleteSaList, &ChildSaSession->ByDelete);\r
                ChildSaSession->SessionCommon.State       = IkeStateSaDeleting;\r
                ChildSaSession->SessionCommon.IsInitiator = FALSE;\r
                ChildSaSession->MessageId                 = IkePacket->Header->MessageId;\r
\r
                Context.InfoType = Ikev2InfoDelete;\r
                Context.MessageId = IkePacket->Header->MessageId;\r
          \r
                RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);\r
                if (RespondPacket == NULL) {\r
                  Status = EFI_INVALID_PARAMETER;\r
                  return Status;\r
                }\r
                Status = Ikev2SendIkePacket (\r
                           ChildSaSession->SessionCommon.UdpService,\r
                           (UINT8 *)(&ChildSaSession->SessionCommon),\r
                           RespondPacket, \r
                           0\r
                           );\r
              } else {\r
                //\r
                // Delete the Child SA.\r
                //\r
                Ikev2ChildSaSilentDelete (IkeSaSession, Spi);\r
                RemoveEntryList (&ChildSaSession->ByDelete);\r
              }\r
            }\r
          }\r
          SpiBuffer = SpiBuffer + sizeof (Spi);\r
        }\r
      }\r
    }\r
  }\r
  \r
  return Status;\r
}\r
\r
GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER  mIkev2Info = {\r
  Ikev2InfoParser,\r
  Ikev2InfoGenerator\r
};\r
Commit	Line	Data
9166f840	1	/** @file\r
	2	The Implementations for Information Exchange.\r
	3	\r
e8837edd	4	(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
6b16c9e7	5	Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
9166f840	6	\r
	7	This program and the accompanying materials\r
	8	are licensed and made available under the terms and conditions of the BSD License\r
	9	which accompanies this distribution. The full text of the license may be found at\r
	10	http://opensource.org/licenses/bsd-license.php.\r
	11	\r
	12	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	13	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	14	\r
	15	**/\r
	16	\r
	17	#include "Utility.h"\r
	18	#include "IpSecDebug.h"\r
	19	#include "IpSecConfigImpl.h"\r
	20	\r
	21	/**\r
	22	Generate Information Packet.\r
	23	\r
	24	The information Packet may contain one Delete Payload, or Notify Payload, which \r
	25	dependes on the Context's parameters.\r
	26	\r
	27	@param[in] SaSession Pointer to IKE SA Session or Child SA Session which is \r
	28	related to the information Exchange.\r
	29	@param[in] Context The Data passed from the caller. If the Context is not NULL\r
	30	it should contain the information for Notification Data.\r
	31	\r
	32	@retval Pointer of IKE_PACKET generated.\r
	33	\r
	34	**/\r
	35	IKE_PACKET *\r
	36	Ikev2InfoGenerator (\r
	37	IN UINT8 *SaSession,\r
	38	IN VOID *Context\r
	39	)\r
	40	{\r
	41	IKEV2_SA_SESSION *IkeSaSession;\r
	42	IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
	43	IKE_PACKET *IkePacket;\r
	44	IKE_PAYLOAD *IkePayload;\r
	45	IKEV2_INFO_EXCHANGE_CONTEXT *InfoContext;\r
	46	\r
	47	InfoContext = NULL;\r
	48	IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
	49	IkePacket = IkePacketAlloc ();\r
6b16c9e7 JW	50	if (IkePacket == NULL) {\r
	51	return NULL;\r
	52	}\r
9166f840	53	\r
	54	//\r
	55	// Fill IkePacket Header.\r
	56	//\r
	57	IkePacket->Header->ExchangeType = IKEV2_EXCHANGE_TYPE_INFO;\r
	58	IkePacket->Header->Version = (UINT8) (2 << 4); \r
	59	\r
	60	if (Context != NULL) {\r
	61	InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;\r
	62	}\r
	63	\r
	64	//\r
	65	// For Liveness Check\r
	66	//\r
	67	if (InfoContext != NULL && \r
	68	(InfoContext->InfoType == Ikev2InfoLiveCheck \|\| InfoContext->InfoType == Ikev2InfoNotify) \r
	69	) {\r
	70	IkePacket->Header->MessageId = InfoContext->MessageId;\r
	71	IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
	72	IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
	73	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_NONE;\r
	74	IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
	75	//\r
	76	// TODO: add Notify Payload for Notification Information.\r
	77	//\r
	78	return IkePacket;\r
	79	}\r
	80	\r
	81	//\r
	82	// For delete SAs\r
	83	// \r
	84	if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {\r
	85	\r
	86	IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;\r
	87	IkePacket->Header->ResponderCookie = IkeSaSession->ResponderCookie;\r
	88	\r
	89	//\r
	90	// If the information message is response message,the MessageId should\r
	91	// be same as the request MessageId which passed through the Context.\r
	92	//\r
	93	if (InfoContext != NULL) {\r
	94	IkePacket->Header->MessageId = InfoContext->MessageId;\r
	95	} else {\r
	96	IkePacket->Header->MessageId = IkeSaSession->MessageId;\r
	97	Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
	98	}\r
	99	//\r
	100	// If the state is on deleting generate a Delete Payload for it.\r
	101	//\r
	102	if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {\r
	103	IkePayload = Ikev2GenerateDeletePayload (\r
	104	IkeSaSession, \r
	105	IKEV2_PAYLOAD_TYPE_NONE, \r
	106	0, \r
	107	0, \r
	108	NULL\r
	109	); \r
	110	if (IkePayload == NULL) {\r
	111	goto ERROR_EXIT;\r
	112	}\r
	113	//\r
	114	// Fill the next payload in IkePacket's Header.\r
	115	//\r
	116	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_DELETE;\r
117	IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
118	IkePacket->Private = IkeSaSession->SessionCommon.Private;\r
119	IkePacket->Spi = 0;\r
120	IkePacket->IsDeleteInfo = TRUE;\r
121	\r
122	} else if (Context != NULL) {\r
123	//\r
124	// TODO: If contest is not NULL Generate a Notify Payload.\r
125	//\r
126	} else {\r
127	//\r
128	// The input parameter is not correct.\r
129	//\r
130	goto ERROR_EXIT;\r
7822a1d9 JW	131	}\r
	132	\r
	133	if (IkeSaSession->SessionCommon.IsInitiator) {\r
	134	IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
	135	} \r
9166f840	136	} else {\r
	137	//\r
	138	// Delete the Child SA Information Exchagne\r
	139	//\r
	140	ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession;\r
	141	IkeSaSession = ChildSaSession->IkeSaSession;\r
	142	IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;\r
	143	IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;\r
	144	\r
	145	//\r
	146	// If the information message is response message,the MessageId should\r
	147	// be same as the request MessageId which passed through the Context.\r
	148	//\r
	149	if (InfoContext != NULL && InfoContext->MessageId != 0) {\r
	150	IkePacket->Header->MessageId = InfoContext->MessageId;\r
	151	} else {\r
	152	IkePacket->Header->MessageId = ChildSaSession->IkeSaSession->MessageId;\r
	153	Ikev2SaSessionIncreaseMessageId (IkeSaSession);\r
	154	}\r
	155	\r
	156	IkePayload = Ikev2GenerateDeletePayload (\r
	157	ChildSaSession->IkeSaSession,\r
	158	IKEV2_PAYLOAD_TYPE_DELETE,\r
	159	4,\r
	160	1,\r
	161	(UINT8 *)&ChildSaSession->LocalPeerSpi\r
	162	);\r
	163	if (IkePayload == NULL) {\r
	164	goto ERROR_EXIT;\r
	165	}\r
	166	//\r
	167	// Fill the Next Payload in IkePacket's Header.\r
	168	//\r
	169	IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_DELETE;\r
	170	IKE_PACKET_APPEND_PAYLOAD (IkePacket, IkePayload);\r
	171	\r
	172	IkePacket->Private = IkeSaSession->SessionCommon.Private;\r
	173	IkePacket->Spi = ChildSaSession->LocalPeerSpi;\r
	174	IkePacket->IsDeleteInfo = TRUE;\r
	175	\r
	176	if (!ChildSaSession->SessionCommon.IsInitiator) {\r
	177	//\r
	178	// If responder, use the MessageId fromt the initiator.\r
	179	//\r
	180	IkePacket->Header->MessageId = ChildSaSession->MessageId;\r
	181	}\r
	182	\r
	183	//\r
	184	// Change the IsOnDeleting Flag\r
	185	//\r
	186	ChildSaSession->SessionCommon.IsOnDeleting = TRUE;\r
7822a1d9 JW	187	\r
	188	if (ChildSaSession->SessionCommon.IsInitiator) {\r
	189	IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
	190	}\r
9166f840	191	}\r
9166f840	192	\r
7822a1d9 JW	193	if (InfoContext != NULL) {\r
7822a1d9 JW	194	IkePacket->Header->Flags \|= IKE_HEADER_FLAGS_RESPOND;\r
9166f840	195	}\r
7822a1d9	196	\r
9166f840	197	return IkePacket;\r
	198	\r
	199	ERROR_EXIT:\r
	200	if (IkePacket != NULL) {\r
	201	FreePool (IkePacket);\r
	202	}\r
	203	return NULL;\r
	204	\r
	205	}\r
	206	\r
	207	/**\r
	208	Parse the Info Exchange.\r
	209	\r
	210	@param[in] SaSession Pointer to IKEV2_SA_SESSION.\r
	211	@param[in] IkePacket Pointer to IkePacket related to the Information Exchange.\r
	212	\r
	213	@retval EFI_SUCCESS The operation finised successed.\r
	214	\r
	215	**/\r
	216	EFI_STATUS\r
	217	Ikev2InfoParser (\r
	218	IN UINT8 *SaSession,\r
	219	IN IKE_PACKET *IkePacket\r
	220	)\r
	221	{\r
	222	IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
	223	IKEV2_SA_SESSION *IkeSaSession;\r
9166f840	224	IKE_PAYLOAD *DeletePayload;\r
	225	IKE_PAYLOAD *IkePayload;\r
	226	IKEV2_DELETE *Delete;\r
	227	LIST_ENTRY *Entry;\r
	228	LIST_ENTRY *ListEntry;\r
	229	UINT8 Index;\r
	230	UINT32 Spi;\r
	231	UINT8 *SpiBuffer;\r
	232	IPSEC_PRIVATE_DATA *Private;\r
	233	UINT8 Value;\r
	234	EFI_STATUS Status;\r
	235	IKE_PACKET *RespondPacket;\r
	236	\r
	237	IKEV2_INFO_EXCHANGE_CONTEXT Context;\r
	238	\r
	239	IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
	240	\r
9166f840	241	DeletePayload = NULL;\r
	242	Private = NULL;\r
	243	RespondPacket = NULL;\r
	244	Status = EFI_SUCCESS;\r
	245	\r
	246	//\r
	247	// For Liveness Check\r
	248	//\r
	249	if (IkePacket->Header->NextPayload == IKEV2_PAYLOAD_TYPE_NONE &&\r
	250	(IkePacket->PayloadTotalSize == 0)\r
	251	) {\r
	252	if (IkePacket->Header->Flags == IKE_HEADER_FLAGS_INIT) {\r
	253	//\r
	254	// If it is Liveness check request, reply it.\r
	255	//\r
	256	Context.InfoType = Ikev2InfoLiveCheck;\r
	257	Context.MessageId = IkePacket->Header->MessageId;\r
	258	RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
	259	\r
	260	if (RespondPacket == NULL) {\r
	261	Status = EFI_INVALID_PARAMETER;\r
	262	return Status;\r
	263	}\r
	264	Status = Ikev2SendIkePacket (\r
	265	IkeSaSession->SessionCommon.UdpService,\r
	266	(UINT8 *)(&IkeSaSession->SessionCommon),\r
	267	RespondPacket,\r
	268	0\r
	269	);\r
	270	\r
	271	} else {\r
	272	//\r
	273	// Todo: verify the liveness check response packet.\r
	274	//\r
	275	}\r
	276	return Status;\r
	277	}\r
	278	\r
	279	//\r
	280	// For SA Delete\r
	281	//\r
	282	NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) { \r
	283	\r
	284	//\r
	285	// Iterate payloads to find the Delete/Notify Payload.\r
	286	//\r
	287	IkePayload = IKE_PAYLOAD_BY_PACKET (Entry);\r
	288	\r
	289	if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {\r
	290	DeletePayload = IkePayload;\r
	291	Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;\r
	292	\r
	293	if (Delete->SpiSize == 0) {\r
	294	//\r
	295	// Delete IKE SA.\r
	296	//\r
	297	if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting) {\r
	298	RemoveEntryList (&IkeSaSession->BySessionTable);\r
	299	Ikev2SaSessionFree (IkeSaSession);\r
	300	//\r
	301	// Checking the Private status.\r
	302	//\r
	303	//\r
	304	// when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec\r
305	// status should be changed.\r
306	//\r
307	Private = IkeSaSession->SessionCommon.Private;\r
308	if (Private != NULL && Private->IsIPsecDisabling) {\r
309	//\r
310	// After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in\r
311	// IPsec status variable.\r
312	//\r
313	if (IsListEmpty (&Private->Ikev1EstablishedList) && \r
314	(IsListEmpty (&Private->Ikev2EstablishedList))\r
315	) {\r
316	Value = IPSEC_STATUS_DISABLED;\r
317	Status = gRT->SetVariable (\r
318	IPSECCONFIG_STATUS_NAME,\r
319	&gEfiIpSecConfigProtocolGuid,\r
320	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_NON_VOLATILE,\r
321	sizeof (Value),\r
322	&Value\r
323	);\r
324	if (!EFI_ERROR (Status)) {\r
325	//\r
326	// Set the DisabledFlag in Private data.\r
327	//\r
328	Private->IpSec.DisabledFlag = TRUE;\r
329	Private->IsIPsecDisabling = FALSE;\r
330	}\r
331	}\r
332	}\r
333	} else {\r
334	IkeSaSession->SessionCommon.State = IkeStateSaDeleting;\r
335	Context.InfoType = Ikev2InfoDelete;\r
336	Context.MessageId = IkePacket->Header->MessageId;\r
337	\r
338	RespondPacket = Ikev2InfoGenerator ((UINT8 *)IkeSaSession, &Context);\r
339	if (RespondPacket == NULL) {\r
340	Status = EFI_INVALID_PARAMETER;\r
341	return Status;\r
342	}\r
343	Status = Ikev2SendIkePacket (\r
344	IkeSaSession->SessionCommon.UdpService, \r
345	(UINT8 *)(&IkeSaSession->SessionCommon), \r
346	RespondPacket, \r
347	0\r
348	);\r
349	}\r
350	} else if (Delete->SpiSize == 4) {\r
351	//\r
352	// Move the Child SAs to DeleteList\r
353	//\r
354	SpiBuffer = (UINT8 *)(Delete + 1);\r
355	for (Index = 0; Index < Delete->NumSpis; Index++) {\r
356	Spi = ReadUnaligned32 ((UINT32 *)SpiBuffer);\r
357	for (ListEntry = IkeSaSession->ChildSaEstablishSessionList.ForwardLink;\r
358	ListEntry != &IkeSaSession->ChildSaEstablishSessionList;\r
359	) {\r
360	ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (ListEntry);\r
361	ListEntry = ListEntry->ForwardLink;\r
362	\r
363	if (ChildSaSession->RemotePeerSpi == HTONL(Spi)) {\r
364	if (ChildSaSession->SessionCommon.State != IkeStateSaDeleting) {\r
365	\r
366	//\r
367	// Insert the ChildSa Session into Delete List.\r
368	//\r
369	InsertTailList (&IkeSaSession->DeleteSaList, &ChildSaSession->ByDelete);\r
370	ChildSaSession->SessionCommon.State = IkeStateSaDeleting;\r
371	ChildSaSession->SessionCommon.IsInitiator = FALSE;\r
372	ChildSaSession->MessageId = IkePacket->Header->MessageId;\r
373	\r
374	Context.InfoType = Ikev2InfoDelete;\r
375	Context.MessageId = IkePacket->Header->MessageId;\r
376	\r
377	RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);\r
378	if (RespondPacket == NULL) {\r
379	Status = EFI_INVALID_PARAMETER;\r
380	return Status;\r
381	}\r
382	Status = Ikev2SendIkePacket (\r
383	ChildSaSession->SessionCommon.UdpService,\r
384	(UINT8 *)(&ChildSaSession->SessionCommon),\r
385	RespondPacket, \r
386	0\r
387	);\r
388	} else {\r
389	//\r
390	// Delete the Child SA.\r
391	//\r
392	Ikev2ChildSaSilentDelete (IkeSaSession, Spi);\r
393	RemoveEntryList (&ChildSaSession->ByDelete);\r
394	}\r
395	}\r
396	}\r
397	SpiBuffer = SpiBuffer + sizeof (Spi);\r
398	}\r
399	}\r
400	}\r
401	}\r
402	\r
403	return Status;\r
404	}\r
405	\r
406	GLOBAL_REMOVE_IF_UNREFERENCED IKEV2_PACKET_HANDLER mIkev2Info = {\r
407	Ikev2InfoParser,\r
408	Ikev2InfoGenerator\r
409	};\r