projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 9166f840 | 1 | /** @file\r |
| f75a7f56 | 2 | The interfaces of IKE/Child session operations and payload related operations\r |
| 9166f840 | 3 | used by IKE Exchange Process.\r |
| 4 | \r | |
| f75a7f56 | 5 | Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r |
| 9166f840 | 6 | \r |
| ecf98fbc | 7 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
| 9166f840 | 8 | \r |
| 9 | **/\r | |
| 10 | \r | |
| 11 | #ifndef _IKE_V2_UTILITY_H_\r | |
| 12 | #define _IKE_V2_UTILITY_H_\r | |
| 13 | \r | |
| 14 | #include "Ikev2.h"\r | |
| 15 | #include "IkeCommon.h"\r | |
| 16 | #include "IpSecCryptIo.h"\r | |
| 17 | \r | |
| 18 | #include <Library/PcdLib.h>\r | |
| 19 | \r | |
| 20 | #define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM 2\r | |
| 21 | #define IKEV2_SUPPORT_PRF_ALGORITHM_NUM 1\r | |
| 22 | #define IKEV2_SUPPORT_DH_ALGORITHM_NUM 2\r | |
| 23 | #define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM 1\r | |
| 24 | \r | |
| 25 | /**\r | |
| 26 | Allocate buffer for IKEV2_SA_SESSION and initialize it.\r | |
| 27 | \r | |
| 28 | @param[in] Private Pointer to IPSEC_PRIVATE_DATA.\r | |
| 29 | @param[in] UdpService Pointer to IKE_UDP_SERVICE related to this IKE SA Session.\r | |
| 30 | \r | |
| 31 | @return Pointer to IKEV2_SA_SESSION.\r | |
| 32 | \r | |
| 33 | **/\r | |
| 34 | IKEV2_SA_SESSION *\r | |
| 35 | Ikev2SaSessionAlloc (\r | |
| 36 | IN IPSEC_PRIVATE_DATA *Private,\r | |
| 37 | IN IKE_UDP_SERVICE *UdpService\r | |
| 38 | );\r | |
| 39 | \r | |
| 40 | /**\r | |
| 41 | Register Establish IKEv2 SA into Private->Ikev2EstablishedList.\r | |
| 42 | \r | |
| 43 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.\r | |
| 44 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
| 45 | \r | |
| 46 | **/\r | |
| 47 | VOID\r | |
| 48 | Ikev2SaSessionReg (\r | |
| 49 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 50 | IN IPSEC_PRIVATE_DATA *Private\r | |
| 51 | );\r | |
| 52 | \r | |
| 53 | /**\r | |
| 54 | Find a IKEV2_SA_SESSION by the remote peer IP.\r | |
| 55 | \r | |
| 56 | @param[in] SaSessionList SaSession List to be searched.\r | |
| 57 | @param[in] RemotePeerIp Pointer to specified IP address.\r | |
| 58 | \r | |
| 59 | @return Pointer to IKEV2_SA_SESSION if find one or NULL.\r | |
| 60 | \r | |
| 61 | **/\r | |
| 62 | IKEV2_SA_SESSION *\r | |
| 63 | Ikev2SaSessionLookup (\r | |
| 64 | IN LIST_ENTRY *SaSessionList,\r | |
| 65 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
| 66 | );\r | |
| 67 | \r | |
| 68 | /**\r | |
| 69 | Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either\r | |
| 70 | Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r | |
| 71 | \r | |
| 72 | @param[in] SaSessionList Pointer to list to be inserted into.\r | |
| f75a7f56 LG |
73 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.\r |
| 74 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the\r | |
| 9166f840 | 75 | unique IKEV2_SA_SESSION.\r |
| 76 | \r | |
| 77 | **/\r | |
| 78 | VOID\r | |
| 79 | Ikev2SaSessionInsert (\r | |
| 80 | IN LIST_ENTRY *SaSessionList,\r | |
| 81 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 82 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
| 83 | );\r | |
| 84 | \r | |
| 85 | /**\r | |
| 86 | Remove the SA Session by Remote Peer IP.\r | |
| 87 | \r | |
| 88 | @param[in] SaSessionList Pointer to list to be searched.\r | |
| 89 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.\r | |
| 90 | \r | |
| f75a7f56 | 91 | @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.\r |
| 9166f840 | 92 | \r |
| 93 | **/\r | |
| 94 | IKEV2_SA_SESSION *\r | |
| 95 | Ikev2SaSessionRemove (\r | |
| 96 | IN LIST_ENTRY *SaSessionList,\r | |
| 97 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
| 98 | );\r | |
| 99 | \r | |
| 100 | \r | |
| 9166f840 | 101 | /**\r |
| 102 | After IKE/Child SA is estiblished, close the time event and free sent packet.\r | |
| 103 | \r | |
| 104 | @param[in] SessionCommon Pointer to a Session Common.\r | |
| 105 | \r | |
| 106 | **/\r | |
| 107 | VOID\r | |
| 108 | Ikev2SessionCommonRefresh (\r | |
| 109 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
| 110 | );\r | |
| 111 | \r | |
| 112 | /**\r | |
| f75a7f56 | 113 | Free specified IKEV2 SA Session.\r |
| 9166f840 | 114 | \r |
| 115 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.\r | |
| 116 | \r | |
| 117 | **/\r | |
| 118 | VOID\r | |
| 119 | Ikev2SaSessionFree (\r | |
| 120 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
| 121 | );\r | |
| 122 | \r | |
| 123 | /**\r | |
| f75a7f56 | 124 | Free specified Seession Common. The session common would belong to a IKE SA or\r |
| 9166f840 | 125 | a Child SA.\r |
| 126 | \r | |
| 127 | @param[in] SessionCommon Pointer to a Session Common.\r | |
| 128 | \r | |
| 129 | **/\r | |
| 130 | VOID\r | |
| 131 | Ikev2SaSessionCommonFree (\r | |
| 132 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
| 133 | );\r | |
| 134 | \r | |
| 135 | /**\r | |
| 136 | Increase the MessageID in IkeSaSession.\r | |
| 137 | \r | |
| 138 | @param[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.\r | |
| 139 | \r | |
| 140 | **/\r | |
| 141 | VOID\r | |
| 142 | Ikev2SaSessionIncreaseMessageId (\r | |
| 143 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
| 144 | );\r | |
| 145 | \r | |
| 146 | /**\r | |
| 147 | Allocate Momery for IKEV2 Child SA Session.\r | |
| f75a7f56 | 148 | \r |
| 9166f840 | 149 | @param[in] UdpService Pointer to IKE_UDP_SERVICE.\r |
| f75a7f56 | 150 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA\r |
| 9166f840 | 151 | Session.\r |
| 152 | \r | |
| 153 | @retval Pointer of a new created IKEV2 Child SA Session.\r | |
| 154 | \r | |
| 155 | **/\r | |
| 156 | IKEV2_CHILD_SA_SESSION *\r | |
| 157 | Ikev2ChildSaSessionAlloc (\r | |
| 158 | IN IKE_UDP_SERVICE *UdpService,\r | |
| 159 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
| 160 | );\r | |
| 161 | \r | |
| 162 | /**\r | |
| f75a7f56 LG |
163 | Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.\r |
| 164 | If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one\r | |
| 9166f840 | 165 | then register the new one.\r |
| 166 | \r | |
| 167 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r | |
| 168 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
| 169 | \r | |
| 170 | **/\r | |
| 171 | VOID\r | |
| 172 | Ikev2ChildSaSessionReg (\r | |
| 173 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
| 174 | IN IPSEC_PRIVATE_DATA *Private\r | |
| 175 | );\r | |
| 176 | \r | |
| 177 | /**\r | |
| 178 | This function find the Child SA by the specified Spi.\r | |
| 44de1013 HT |
179 | \r |
| 180 | This functin find a ChildSA session by searching the ChildSaSessionlist of\r | |
| 9166f840 | 181 | the input IKEV2_SA_SESSION by specified MessageID.\r |
| f75a7f56 | 182 | \r |
| 9166f840 | 183 | @param[in] SaSessionList Pointer to List to be searched.\r |
| 184 | @param[in] Spi Specified SPI.\r | |
| 44de1013 | 185 | \r |
| 9166f840 | 186 | @return Pointer to IKEV2_CHILD_SA_SESSION.\r |
| 187 | \r | |
| 188 | **/\r | |
| 189 | IKEV2_CHILD_SA_SESSION *\r | |
| 190 | Ikev2ChildSaSessionLookupBySpi (\r | |
| 191 | IN LIST_ENTRY *SaSessionList,\r | |
| 192 | IN UINT32 Spi\r | |
| 193 | );\r | |
| 194 | \r | |
| 9166f840 | 195 | \r |
| 196 | /**\r | |
| 197 | Insert a Child SA Session into the specified ChildSa list..\r | |
| 198 | \r | |
| 199 | @param[in] SaSessionList Pointer to list to be inserted in.\r | |
| 200 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.\r | |
| 201 | \r | |
| 202 | **/\r | |
| 203 | VOID\r | |
| 204 | Ikev2ChildSaSessionInsert (\r | |
| 205 | IN LIST_ENTRY *SaSessionList,\r | |
| 206 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
| 207 | );\r | |
| 208 | \r | |
| 209 | /**\r | |
| 210 | Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.\r | |
| f75a7f56 | 211 | \r |
| 9166f840 | 212 | @param[in] SaSessionList The SA Session List to be iterated.\r |
| 213 | @param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.\r | |
| f75a7f56 LG |
214 | @param[in] ListType The type of the List to indicate whether it is a\r |
| 215 | Established.\r | |
| 9166f840 | 216 | \r |
| 217 | @return The point to IKEV2_CHILD_SA_SESSION.\r | |
| f75a7f56 | 218 | \r |
| 9166f840 | 219 | **/\r |
| 220 | IKEV2_CHILD_SA_SESSION *\r | |
| 221 | Ikev2ChildSaSessionRemove (\r | |
| 222 | IN LIST_ENTRY *SaSessionList,\r | |
| f75a7f56 LG |
223 | IN UINT32 Spi,\r |
| 224 | IN UINT8 ListType\r | |
| 9166f840 | 225 | );\r |
| 226 | \r | |
| 9166f840 | 227 | \r |
| 228 | /**\r | |
| f75a7f56 | 229 | Free the memory located for the specified IKEV2_CHILD_SA_SESSION.\r |
| 9166f840 | 230 | \r |
| 231 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
| 232 | \r | |
| 233 | **/\r | |
| 234 | VOID\r | |
| 235 | Ikev2ChildSaSessionFree (\r | |
| 236 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
| 237 | );\r | |
| 238 | \r | |
| 239 | /**\r | |
| 240 | Free the specified DhBuffer.\r | |
| 241 | \r | |
| 242 | @param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.\r | |
| f75a7f56 | 243 | \r |
| 9166f840 | 244 | **/\r |
| 245 | VOID\r | |
| 246 | Ikev2DhBufferFree (\r | |
| 247 | IN IKEV2_DH_BUFFER *DhBuffer\r | |
| 248 | );\r | |
| 249 | \r | |
| 250 | /**\r | |
| 251 | Delete the specified established Child SA.\r | |
| 252 | \r | |
| 253 | This function delete the Child SA directly and dont send the Information Packet to\r | |
| 254 | remote peer.\r | |
| 255 | \r | |
| 256 | @param[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.\r | |
| 257 | @param[in] Spi SPI used to find the Child SA.\r | |
| 258 | \r | |
| 259 | @retval EFI_NOT_FOUND Pointer of IKE SA Session is NULL.\r | |
| 260 | @retval EFI_NOT_FOUND There is no specified Child SA related with the input\r | |
| 261 | SPI under this IKE SA Session.\r | |
| 262 | @retval EFI_SUCCESS Delete the Child SA successfully.\r | |
| 263 | \r | |
| 264 | **/\r | |
| 265 | EFI_STATUS\r | |
| 266 | Ikev2ChildSaSilentDelete (\r | |
| 267 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 268 | IN UINT32 Spi\r | |
| 269 | );\r | |
| 270 | \r | |
| 271 | /**\r | |
| 272 | This function is to parse a request IKE packet and return its request type.\r | |
| f75a7f56 | 273 | The request type is one of IKE CHILD SA creation, IKE SA rekeying and\r |
| 9166f840 | 274 | IKE CHILD SA rekeying.\r |
| 275 | \r | |
| 276 | @param[in] IkePacket IKE packet to be prased.\r | |
| 277 | \r | |
| 278 | return the type of the IKE packet.\r | |
| 279 | \r | |
| 280 | **/\r | |
| 281 | IKEV2_CREATE_CHILD_REQUEST_TYPE\r | |
| 282 | Ikev2ChildExchangeRequestType(\r | |
| 283 | IN IKE_PACKET *IkePacket\r | |
| 284 | );\r | |
| 285 | \r | |
| 9166f840 | 286 | \r |
| 287 | /**\r | |
| 288 | Associate a SPD selector to the Child SA Session.\r | |
| 289 | \r | |
| f75a7f56 | 290 | This function is called when the Child SA is not the first child SA of its\r |
| 9166f840 | 291 | IKE SA. It associate a SPD to this Child SA.\r |
| 292 | \r | |
| f75a7f56 | 293 | @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to\r |
| 9166f840 | 294 | a SPD selector.\r |
| 295 | \r | |
| 296 | @retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.\r | |
| 297 | @retval EFI_NOT_FOUND Can't find the related SPD selector.\r | |
| 298 | \r | |
| 299 | **/\r | |
| 300 | EFI_STATUS\r | |
| 301 | Ikev2ChildSaAssociateSpdEntry (\r | |
| 302 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
| 303 | );\r | |
| 304 | \r | |
| 305 | /**\r | |
| 306 | Validate the IKE header of received IKE packet.\r | |
| 307 | \r | |
| 308 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this IKE packet.\r | |
| 309 | @param[in] IkeHdr Pointer to IKE header of received IKE packet.\r | |
| 310 | \r | |
| 311 | @retval TRUE If the IKE header is valid.\r | |
| 312 | @retval FALSE If the IKE header is invalid.\r | |
| 313 | \r | |
| 314 | **/\r | |
| 315 | BOOLEAN\r | |
| 316 | Ikev2ValidateHeader (\r | |
| 317 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 318 | IN IKE_HEADER *IkeHdr\r | |
| 319 | );\r | |
| 320 | \r | |
| 321 | /**\r | |
| 322 | Create and intialize IKEV2_SA_DATA for speicifed IKEV2_SESSION_COMMON.\r | |
| 323 | \r | |
| 324 | This function will be only called by the initiator. The responder's IKEV2_SA_DATA\r | |
| 325 | will be generated during parsed the initiator packet.\r | |
| 326 | \r | |
| 327 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to.\r | |
| 328 | \r | |
| 329 | @retval a Pointer to a new IKEV2_SA_DATA or NULL.\r | |
| 330 | \r | |
| 331 | **/\r | |
| 332 | IKEV2_SA_DATA *\r | |
| 333 | Ikev2InitializeSaData (\r | |
| 334 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
| 335 | );\r | |
| 336 | \r | |
| 337 | /**\r | |
| 338 | Store the SA into SAD.\r | |
| 339 | \r | |
| 340 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
| 341 | \r | |
| 342 | **/\r | |
| 343 | VOID\r | |
| 344 | Ikev2StoreSaData (\r | |
| 345 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
| 346 | );\r | |
| 347 | \r | |
| 348 | /**\r | |
| 349 | Routine process before the payload decoding.\r | |
| 350 | \r | |
| 351 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
| 352 | @param[in] PayloadBuf Pointer to the payload.\r | |
| 353 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
| 354 | @param[in] PayloadType Type of Payload.\r | |
| 355 | \r | |
| 356 | **/\r | |
| 357 | VOID\r | |
| 358 | Ikev2ChildSaBeforeDecodePayload (\r | |
| 359 | IN UINT8 *SessionCommon,\r | |
| 360 | IN UINT8 *PayloadBuf,\r | |
| 361 | IN UINTN PayloadSize,\r | |
| 362 | IN UINT8 PayloadType\r | |
| 363 | );\r | |
| 364 | \r | |
| 365 | /**\r | |
| 366 | Routine Process after the encode payload.\r | |
| 367 | \r | |
| 368 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
| 369 | @param[in] PayloadBuf Pointer to the payload.\r | |
| 370 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
| 371 | @param[in] PayloadType Type of Payload.\r | |
| 372 | \r | |
| 373 | **/\r | |
| 374 | VOID\r | |
| 375 | Ikev2ChildSaAfterEncodePayload (\r | |
| 376 | IN UINT8 *SessionCommon,\r | |
| 377 | IN UINT8 *PayloadBuf,\r | |
| 378 | IN UINTN PayloadSize,\r | |
| 379 | IN UINT8 PayloadType\r | |
| 380 | );\r | |
| 381 | \r | |
| 382 | /**\r | |
| 383 | Generate Ikev2 SA payload according to SessionSaData\r | |
| 384 | \r | |
| 385 | @param[in] SessionSaData The data used in SA payload.\r | |
| f75a7f56 | 386 | @param[in] NextPayload The payload type presented in NextPayload field of\r |
| 9166f840 | 387 | SA Payload header.\r |
| 388 | @param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r | |
| 389 | (2) for CHILD_SA or (3) for INFO.\r | |
| 390 | \r | |
| 391 | @retval a Pointer to SA IKE payload.\r | |
| f75a7f56 | 392 | \r |
| 9166f840 | 393 | **/\r |
| 394 | IKE_PAYLOAD *\r | |
| 395 | Ikev2GenerateSaPayload (\r | |
| 396 | IN IKEV2_SA_DATA *SessionSaData,\r | |
| 397 | IN UINT8 NextPayload,\r | |
| 398 | IN IKE_SESSION_TYPE Type\r | |
| 399 | );\r | |
| 400 | \r | |
| 401 | /**\r | |
| 402 | Generate a ID payload.\r | |
| 403 | \r | |
| 404 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
| f75a7f56 | 405 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
| 9166f840 | 406 | of ID Payload header.\r |
| 407 | \r | |
| 408 | @retval Pointer to ID IKE payload.\r | |
| 409 | \r | |
| 410 | **/\r | |
| 411 | IKE_PAYLOAD *\r | |
| 412 | Ikev2GenerateIdPayload (\r | |
| 413 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
| 414 | IN UINT8 NextPayload\r | |
| 415 | );\r | |
| 416 | \r | |
| 417 | /**\r | |
| 418 | Generate a ID payload.\r | |
| 419 | \r | |
| 420 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
| f75a7f56 | 421 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
| 9166f840 | 422 | of ID Payload header.\r |
| 423 | @param[in] InCert Pointer to the Certificate which distinguished name\r | |
| 424 | will be added into the Id payload.\r | |
| 425 | @param[in] CertSize Size of the Certificate.\r | |
| 426 | \r | |
| 427 | @retval Pointer to ID IKE payload.\r | |
| 428 | \r | |
| 429 | **/\r | |
| 430 | IKE_PAYLOAD *\r | |
| 431 | Ikev2GenerateCertIdPayload (\r | |
| 432 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
| f75a7f56 | 433 | IN UINT8 NextPayload,\r |
| 9166f840 | 434 | IN UINT8 *InCert,\r |
| 435 | IN UINTN CertSize\r | |
| 436 | );\r | |
| 437 | \r | |
| 438 | /**\r | |
| 439 | Generate a Nonce payload contenting the input parameter NonceBuf.\r | |
| 440 | \r | |
| f75a7f56 | 441 | @param[in] NonceBuf The nonce buffer content the whole Nonce payload block\r |
| 9166f840 | 442 | except the payload header.\r |
| 443 | @param[in] NonceSize The buffer size of the NonceBuf\r | |
| f75a7f56 | 444 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
| 9166f840 | 445 | of Nonce Payload header.\r |
| 446 | \r | |
| 447 | @retval Pointer to Nonce IKE paload.\r | |
| 448 | \r | |
| 449 | **/\r | |
| 450 | IKE_PAYLOAD *\r | |
| 451 | Ikev2GenerateNoncePayload (\r | |
| 452 | IN UINT8 *NonceBuf,\r | |
| 453 | IN UINTN NonceSize,\r | |
| 454 | IN UINT8 NextPayload\r | |
| 455 | );\r | |
| 456 | \r | |
| 457 | /**\r | |
| 458 | Generate the Notify payload.\r | |
| 459 | \r | |
| 460 | Since the structure of Notify payload which defined in RFC 4306 is simple, so\r | |
| f75a7f56 LG |
461 | there is no internal data structure for Notify payload. This function generate\r |
| 462 | Notify payload defined in RFC 4306, but all the fields in this payload are still\r | |
| 463 | in host order and need call Ikev2EncodePayload() to convert those fields from\r | |
| 9166f840 | 464 | the host order to network order beforing sending it.\r |
| 465 | \r | |
| 466 | @param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r | |
| 467 | For IPsec SAs it MUST be neither (2) for AH or (3)\r | |
| 468 | for ESP.\r | |
| f75a7f56 | 469 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
| 9166f840 | 470 | the Notify payload.\r |
| 471 | @param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.\r | |
| f75a7f56 | 472 | @param[in] MessageType The message type in NotifyMessageType field of the\r |
| 9166f840 | 473 | Notify Payload.\r |
| 474 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
| 475 | @param[in] NotifyData Pointer to buffer contains the notification data.\r | |
| 476 | @param[in] NotifyDataSize The size of NotifyData in bytes.\r | |
| f75a7f56 | 477 | \r |
| 9166f840 | 478 | \r |
| 479 | @retval Pointer to IKE Notify Payload.\r | |
| 480 | \r | |
| 481 | **/\r | |
| 482 | IKE_PAYLOAD *\r | |
| 483 | Ikev2GenerateNotifyPayload (\r | |
| 484 | IN UINT8 ProtocolId,\r | |
| 485 | IN UINT8 NextPayload,\r | |
| 486 | IN UINT8 SpiSize,\r | |
| 487 | IN UINT16 MessageType,\r | |
| 488 | IN UINT8 *SpiBuf,\r | |
| 489 | IN UINT8 *NotifyData,\r | |
| 490 | IN UINTN NotifyDataSize\r | |
| 491 | );\r | |
| 492 | \r | |
| 493 | /**\r | |
| 494 | Generate the Delete payload.\r | |
| 495 | \r | |
| f75a7f56 LG |
496 | Since the structure of Delete payload which defined in RFC 4306 is simple,\r |
| 497 | there is no internal data structure for Delete payload. This function generate\r | |
| 498 | Delete payload defined in RFC 4306, but all the fields in this payload are still\r | |
| 499 | in host order and need call Ikev2EncodePayload() to convert those fields from\r | |
| 9166f840 | 500 | the host order to network order beforing sending it.\r |
| 501 | \r | |
| 502 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r | |
| f75a7f56 | 503 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
| 9166f840 | 504 | the Delete payload.\r |
| 505 | @param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r | |
| 506 | @param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r | |
| 507 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
| 508 | \r | |
| 509 | @retval Pointer to IKE Delete Payload.\r | |
| 510 | \r | |
| 511 | **/\r | |
| 512 | IKE_PAYLOAD *\r | |
| 513 | Ikev2GenerateDeletePayload (\r | |
| 514 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 515 | IN UINT8 NextPayload,\r | |
| 516 | IN UINT8 SpiSize,\r | |
| 517 | IN UINT16 SpiNum,\r | |
| f75a7f56 | 518 | IN UINT8 *SpiBuf\r |
| 9166f840 | 519 | );\r |
| 520 | \r | |
| 521 | /**\r | |
| 522 | Generate the Configuration payload.\r | |
| 523 | \r | |
| f75a7f56 LG |
524 | This function generates a configuration payload defined in RFC 4306, but all the\r |
| 525 | fields in this payload are still in host order and need call Ikev2EncodePayload()\r | |
| 9166f840 | 526 | to convert those fields from the host order to network order beforing sending it.\r |
| 527 | \r | |
| 528 | @param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r | |
| 529 | generation.\r | |
| f75a7f56 | 530 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
| 9166f840 | 531 | the Delete payload.\r |
| 532 | @param[in] CfgType The attribute type in the Configuration attribute.\r | |
| 533 | \r | |
| 534 | @retval Pointer to IKE CP Payload.\r | |
| 535 | \r | |
| 536 | **/\r | |
| 537 | IKE_PAYLOAD *\r | |
| 538 | Ikev2GenerateCpPayload (\r | |
| 539 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 540 | IN UINT8 NextPayload,\r | |
| 541 | IN UINT8 CfgType\r | |
| 542 | );\r | |
| 543 | \r | |
| 544 | /**\r | |
| 545 | Generate a Authentication Payload.\r | |
| 546 | \r | |
| f75a7f56 LG |
547 | This function is used for both Authentication generation and verification. When the\r |
| 548 | IsVerify is TRUE, it create a Auth Data for verification. This function choose the\r | |
| 9166f840 | 549 | related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r |
| 550 | and the value of IsVerify parameter.\r | |
| 551 | \r | |
| 552 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
| f75a7f56 | 553 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r |
| 9166f840 | 554 | payload generation.\r |
| f75a7f56 | 555 | @param[in] NextPayload The type filled into the Authentication Payload next\r |
| 9166f840 | 556 | payload field.\r |
| 557 | @param[in] IsVerify If it is TURE, the Authentication payload is used for\r | |
| 558 | verification.\r | |
| 559 | \r | |
| 560 | @return pointer to IKE Authentication payload for pre-shard key method.\r | |
| 561 | \r | |
| 562 | **/\r | |
| 563 | IKE_PAYLOAD *\r | |
| 564 | Ikev2PskGenerateAuthPayload (\r | |
| 565 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 566 | IN IKE_PAYLOAD *IdPayload,\r | |
| 567 | IN UINT8 NextPayload,\r | |
| 568 | IN BOOLEAN IsVerify\r | |
| 569 | );\r | |
| 570 | \r | |
| 571 | /**\r | |
| f75a7f56 | 572 | Generate a Authentication Payload for Certificate Auth method.\r |
| 9166f840 | 573 | \r |
| f75a7f56 LG |
574 | This function has two functions. One is creating a local Authentication\r |
| 575 | Payload for sending and other is creating the remote Authentication data\r | |
| 9166f840 | 576 | for verification when the IsVerify is TURE.\r |
| 577 | \r | |
| 578 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
| f75a7f56 | 579 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r |
| 9166f840 | 580 | payload generation.\r |
| f75a7f56 | 581 | @param[in] NextPayload The type filled into the Authentication Payload\r |
| 9166f840 | 582 | next payload field.\r |
| f75a7f56 | 583 | @param[in] IsVerify If it is TURE, the Authentication payload is used\r |
| 9166f840 | 584 | for verification.\r |
| f75a7f56 | 585 | @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when\r |
| 9166f840 | 586 | verify the authenticate payload.\r |
| f75a7f56 | 587 | @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it\r |
| 9166f840 | 588 | when verify the authenticate payload.\r |
| f75a7f56 | 589 | @param[in] UefiKeyPwd Pointer to the password of UEFI private key.\r |
| 9166f840 | 590 | Ignore it when verify the authenticate payload.\r |
| f75a7f56 | 591 | @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when\r |
| 9166f840 | 592 | verify the authenticate payload.\r |
| 593 | \r | |
| 594 | @return pointer to IKE Authentication payload for certification method.\r | |
| 595 | \r | |
| 596 | **/\r | |
| 597 | IKE_PAYLOAD *\r | |
| 598 | Ikev2CertGenerateAuthPayload (\r | |
| 599 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 600 | IN IKE_PAYLOAD *IdPayload,\r | |
| 601 | IN UINT8 NextPayload,\r | |
| 602 | IN BOOLEAN IsVerify,\r | |
| 603 | IN UINT8 *UefiPrivateKey,\r | |
| 604 | IN UINTN UefiPrivateKeyLen,\r | |
| 605 | IN UINT8 *UefiKeyPwd,\r | |
| 606 | IN UINTN UefiKeyPwdLen\r | |
| 607 | );\r | |
| 608 | \r | |
| 609 | /**\r | |
| 610 | Generate TS payload.\r | |
| 611 | \r | |
| 612 | This function generates TSi or TSr payload according to type of next payload.\r | |
| 613 | If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r | |
| 614 | TSr payload\r | |
| f75a7f56 | 615 | \r |
| 9166f840 | 616 | @param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.\r |
| f75a7f56 | 617 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
| 9166f840 | 618 | of ID Payload header.\r |
| 619 | @param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r | |
| 620 | If yes, it means the Tsi and Tsr payload should be with\r | |
| 621 | Max port range and address range and protocol is marked\r | |
| 622 | as zero.\r | |
| 623 | \r | |
| 624 | @retval Pointer to Ts IKE payload.\r | |
| 625 | \r | |
| 626 | **/\r | |
| 627 | IKE_PAYLOAD *\r | |
| 628 | Ikev2GenerateTsPayload (\r | |
| 629 | IN IKEV2_CHILD_SA_SESSION *ChildSa,\r | |
| 630 | IN UINT8 NextPayload,\r | |
| 631 | IN BOOLEAN IsTunnel\r | |
| 632 | );\r | |
| 633 | \r | |
| 634 | /**\r | |
| 635 | Parser the Notify Cookie payload.\r | |
| 636 | \r | |
| 637 | This function parses the Notify Cookie payload.If the Notify ProtocolId is not\r | |
| 638 | IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r | |
| 639 | the COOKIE, return EFI_INVALID_PARAMETER.\r | |
| 640 | \r | |
| f75a7f56 | 641 | @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the\r |
| 9166f840 | 642 | Notify Cookie payload.\r |
| 643 | the Notify payload.\r | |
| 644 | @param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.\r | |
| 645 | \r | |
| 646 | @retval EFI_SUCCESS The Notify Cookie Payload is valid.\r | |
| 647 | @retval EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.\r | |
| 648 | @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r | |
| 649 | \r | |
| 650 | **/\r | |
| 651 | EFI_STATUS\r | |
| 652 | Ikev2ParserNotifyCookiePayload (\r | |
| 653 | IN IKE_PAYLOAD *IkeNCookie,\r | |
| 654 | IN OUT IKEV2_SA_SESSION *IkeSaSession\r | |
| 655 | );\r | |
| 656 | \r | |
| 657 | /**\r | |
| 658 | Generate the Certificate payload or Certificate Request Payload.\r | |
| 659 | \r | |
| f75a7f56 | 660 | Since the Certificate Payload structure is same with Certificate Request Payload,\r |
| 9166f840 | 661 | the only difference is that one contains the Certificate Data, other contains\r |
| f75a7f56 LG |
662 | the acceptable certificateion CA. This function generate Certificate payload\r |
| 663 | or Certificate Request Payload defined in RFC 4306, but all the fields\r | |
| 664 | in the payload are still in host order and need call Ikev2EncodePayload()\r | |
| 9166f840 | 665 | to convert those fields from the host order to network order beforing sending it.\r |
| 666 | \r | |
| f75a7f56 | 667 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload\r |
| 9166f840 | 668 | generation.\r |
| f75a7f56 | 669 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
| 9166f840 | 670 | the Delete payload.\r |
| 671 | @param[in] Certificate Pointer of buffer contains the certification data.\r | |
| 672 | @param[in] CertificateLen The length of Certificate in byte.\r | |
| 673 | @param[in] EncodeType Specified the Certificate Encodeing which is defined\r | |
| 674 | in RFC 4306.\r | |
| 675 | @param[in] IsRequest To indicate create Certificate Payload or Certificate\r | |
| 676 | Request Payload. If it is TURE, create Certificate\r | |
| 677 | Request Payload. Otherwise, create Certificate Payload.\r | |
| 678 | \r | |
| 679 | @retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r | |
| 680 | payload or Certificated Request payload.\r | |
| 681 | \r | |
| 682 | **/\r | |
| 683 | IKE_PAYLOAD *\r | |
| 684 | Ikev2GenerateCertificatePayload (\r | |
| 685 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 686 | IN UINT8 NextPayload,\r | |
| 687 | IN UINT8 *Certificate,\r | |
| 688 | IN UINTN CertificateLen,\r | |
| 689 | IN UINT8 EncodeType,\r | |
| 690 | IN BOOLEAN IsRequest\r | |
| 691 | );\r | |
| f75a7f56 | 692 | \r |
| 9166f840 | 693 | /**\r |
| 694 | General interface of payload encoding.\r | |
| 695 | \r | |
| f75a7f56 LG |
696 | This function encode the internal data structure into payload which\r |
| 697 | is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input\r | |
| 698 | payload and converted payload. Only the SA payload use the interal structure\r | |
| 699 | to store the attribute. Other payload use structure which is same with the RFC\r | |
| 700 | defined, for this kind payloads just do host order to network order change of\r | |
| 9166f840 | 701 | some fields.\r |
| 702 | \r | |
| 703 | @param[in] SessionCommon Pointer to IKE Session Common used to encode the payload.\r | |
| 704 | @param[in, out] IkePayload Pointer to IKE payload to be encode as input, and\r | |
| 705 | store the encoded result as output.\r | |
| 706 | \r | |
| 707 | @retval EFI_INVALID_PARAMETER Meet error when encode the SA payload.\r | |
| 708 | @retval EFI_SUCCESS Encode successfully.\r | |
| 709 | \r | |
| 710 | **/\r | |
| 711 | EFI_STATUS\r | |
| 712 | Ikev2EncodePayload (\r | |
| 713 | IN UINT8 *SessionCommon,\r | |
| 714 | IN OUT IKE_PAYLOAD *IkePayload\r | |
| 715 | );\r | |
| 716 | \r | |
| 717 | /**\r | |
| 718 | The general interface of decode Payload.\r | |
| 719 | \r | |
| 720 | This function convert the received Payload into internal structure.\r | |
| 721 | \r | |
| 722 | @param[in] SessionCommon Pointer to IKE Session Common to use for decoding.\r | |
| 723 | @param[in, out] IkePayload Pointer to IKE payload to be decode as input, and\r | |
| f75a7f56 | 724 | store the decoded result as output.\r |
| 9166f840 | 725 | \r |
| 726 | @retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.\r | |
| 727 | @retval EFI_SUCCESS Decode successfully.\r | |
| 728 | \r | |
| 729 | **/\r | |
| 730 | EFI_STATUS\r | |
| 731 | Ikev2DecodePayload (\r | |
| 732 | IN UINT8 *SessionCommon,\r | |
| 733 | IN OUT IKE_PAYLOAD *IkePayload\r | |
| 734 | );\r | |
| 735 | \r | |
| 736 | /**\r | |
| 737 | Decrypt IKE packet.\r | |
| 738 | \r | |
| 739 | This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.\r | |
| 740 | \r | |
| f75a7f56 | 741 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r |
| 9166f840 | 742 | some parameter used during decrypting.\r |
| f75a7f56 | 743 | @param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,\r |
| 9166f840 | 744 | and the decrypted reslult as output.\r |
| 745 | @param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
| 746 | IKE_CHILD_TYPE are supportted.\r | |
| 747 | \r | |
| f75a7f56 | 748 | @retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the\r |
| 9166f840 | 749 | IKE packet length is not Algorithm Block Size\r |
| 750 | alignment.\r | |
| 751 | @retval EFI_SUCCESS Decrypt IKE packet successfully.\r | |
| f75a7f56 | 752 | \r |
| 9166f840 | 753 | **/\r |
| 754 | EFI_STATUS\r | |
| 755 | Ikev2DecryptPacket (\r | |
| 756 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
| 757 | IN OUT IKE_PACKET *IkePacket,\r | |
| 758 | IN OUT UINTN IkeType\r | |
| 759 | );\r | |
| 760 | \r | |
| 761 | /**\r | |
| 762 | Encrypt IKE packet.\r | |
| 763 | \r | |
| 764 | This function encrypt IKE packet before sending it. The Encrypted IKE packet\r | |
| 765 | is put in to IKEV2 Encrypted Payload.\r | |
| f75a7f56 | 766 | \r |
| 9166f840 | 767 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r |
| 768 | @param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r | |
| 769 | \r | |
| 770 | @retval EFI_SUCCESS Operation is successful.\r | |
| 771 | @retval Others OPeration is failed.\r | |
| 772 | \r | |
| 773 | **/\r | |
| 774 | EFI_STATUS\r | |
| 775 | Ikev2EncryptPacket (\r | |
| 776 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
| 777 | IN OUT IKE_PACKET *IkePacket\r | |
| 778 | );\r | |
| 779 | \r | |
| 780 | /**\r | |
| 781 | Encode the IKE packet.\r | |
| 782 | \r | |
| 783 | This function put all Payloads into one payload then encrypt it if needed.\r | |
| 784 | \r | |
| f75a7f56 | 785 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r |
| 9166f840 | 786 | some parameter used during IKE packet encoding.\r |
| f75a7f56 | 787 | @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,\r |
| 9166f840 | 788 | and the encoded reslult as output.\r |
| 789 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
| 790 | IKE_CHILD_TYPE are supportted.\r | |
| 791 | \r | |
| 792 | @retval EFI_SUCCESS Encode IKE packet successfully.\r | |
| 793 | @retval Otherwise Encode IKE packet failed.\r | |
| 794 | \r | |
| 795 | **/\r | |
| 796 | EFI_STATUS\r | |
| 797 | Ikev2EncodePacket (\r | |
| 798 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
| 799 | IN OUT IKE_PACKET *IkePacket,\r | |
| 800 | IN UINTN IkeType\r | |
| 801 | );\r | |
| 802 | \r | |
| 803 | /**\r | |
| 804 | Decode the IKE packet.\r | |
| 805 | \r | |
| f75a7f56 | 806 | This function first decrypts the IKE packet if needed , then separats the whole\r |
| 9166f840 | 807 | IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.\r |
| f75a7f56 LG |
808 | \r |
| 809 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing\r | |
| 9166f840 | 810 | some parameter used by IKE packet decoding.\r |
| f75a7f56 | 811 | @param[in, out] IkePacket The IKE Packet to be decoded on input, and\r |
| 9166f840 | 812 | the decoded result on return.\r |
| 813 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
| 814 | IKE_CHILD_TYPE are supportted.\r | |
| 815 | \r | |
| 816 | @retval EFI_SUCCESS The IKE packet is decoded successfull.\r | |
| 817 | @retval Otherwise The IKE packet decoding is failed.\r | |
| 818 | \r | |
| 819 | **/\r | |
| 820 | EFI_STATUS\r | |
| 821 | Ikev2DecodePacket (\r | |
| 822 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
| 823 | IN OUT IKE_PACKET *IkePacket,\r | |
| 824 | IN UINTN IkeType\r | |
| 825 | );\r | |
| 826 | \r | |
| 9166f840 | 827 | \r |
| 828 | /**\r | |
| 829 | Send out IKEV2 packet.\r | |
| 830 | \r | |
| 831 | @param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r | |
| 832 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r | |
| 833 | @param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r | |
| f75a7f56 LG |
834 | @param[in] IkeType The type of IKE to point what's kind of the IKE\r |
| 835 | packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE\r | |
| 9166f840 | 836 | and IKE_CHILD_TYPE are supportted.\r |
| 837 | \r | |
| 838 | @retval EFI_SUCCESS The operation complete successfully.\r | |
| 839 | @retval Otherwise The operation is failed.\r | |
| 840 | \r | |
| 841 | **/\r | |
| 842 | EFI_STATUS\r | |
| 843 | Ikev2SendIkePacket (\r | |
| 844 | IN IKE_UDP_SERVICE *IkeUdpService,\r | |
| 845 | IN UINT8 *SessionCommon,\r | |
| 846 | IN IKE_PACKET *IkePacket,\r | |
| 847 | IN UINTN IkeType\r | |
| 848 | );\r | |
| 849 | \r | |
| 850 | /**\r | |
| 851 | Callback function for the IKE life time is over.\r | |
| 852 | \r | |
| f75a7f56 | 853 | This function will mark the related IKE SA Session as deleting and trigger a\r |
| 9166f840 | 854 | Information negotiation.\r |
| 855 | \r | |
| 856 | @param[in] Event The time out event.\r | |
| 857 | @param[in] Context Pointer to data passed by caller.\r | |
| f75a7f56 | 858 | \r |
| 9166f840 | 859 | **/\r |
| 860 | VOID\r | |
| 861 | EFIAPI\r | |
| 862 | Ikev2LifetimeNotify (\r | |
| 863 | IN EFI_EVENT Event,\r | |
| 864 | IN VOID *Context\r | |
| 865 | );\r | |
| 866 | \r | |
| 867 | /**\r | |
| 868 | This function will be called if the TimeOut Event is signaled.\r | |
| 869 | \r | |
| 870 | @param[in] Event The signaled Event.\r | |
| 871 | @param[in] Context The data passed by caller.\r | |
| 872 | \r | |
| 873 | **/\r | |
| 874 | VOID\r | |
| 875 | EFIAPI\r | |
| 876 | Ikev2ResendNotify (\r | |
| 877 | IN EFI_EVENT Event,\r | |
| 878 | IN VOID *Context\r | |
| 879 | );\r | |
| 880 | \r | |
| 881 | /**\r | |
| f75a7f56 | 882 | Generate a Key Exchange payload according to the DH group type and save the\r |
| 9166f840 | 883 | public Key into IkeSaSession IkeKey field.\r |
| 884 | \r | |
| 885 | @param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r | |
| f75a7f56 | 886 | @param[in] NextPayload The payload type presented in the NextPayload field of Key\r |
| 9166f840 | 887 | Exchange Payload header.\r |
| 888 | \r | |
| 889 | @retval Pointer to Key IKE payload.\r | |
| 890 | \r | |
| 891 | **/\r | |
| 892 | IKE_PAYLOAD *\r | |
| 893 | Ikev2GenerateKePayload (\r | |
| f75a7f56 LG |
894 | IN OUT IKEV2_SA_SESSION *IkeSaSession,\r |
| 895 | IN UINT8 NextPayload\r | |
| 9166f840 | 896 | );\r |
| 897 | \r | |
| 898 | /**\r | |
| 899 | Check if the SPD is related to the input Child SA Session.\r | |
| 900 | \r | |
| 901 | This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r | |
| f75a7f56 LG |
902 | back function of IpSecVisitConfigData().\r |
| 903 | \r | |
| 9166f840 | 904 | \r |
| 905 | @param[in] Type Type of the input Config Selector.\r | |
| f75a7f56 LG |
906 | @param[in] Selector Pointer to the Configure Selector to be checked.\r |
| 907 | @param[in] Data Pointer to the Configure Selector's Data passed\r | |
| 9166f840 | 908 | from the caller.\r |
| 909 | @param[in] SelectorSize The buffer size of Selector.\r | |
| 910 | @param[in] DataSize The buffer size of the Data.\r | |
| 911 | @param[in] Context The data passed from the caller. It is a Child\r | |
| 912 | SA Session in this context.\r | |
| 913 | \r | |
| f75a7f56 LG |
914 | @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.\r |
| 915 | @retval EFI_ABORTED The SPD Selector is related to the Child SA session and\r | |
| 9166f840 | 916 | set the ChildSaSession->Spd to point to this SPD Selector.\r |
| 917 | \r | |
| 918 | **/\r | |
| 919 | EFI_STATUS\r | |
| 920 | Ikev2MatchSpdEntry (\r | |
| 921 | IN EFI_IPSEC_CONFIG_DATA_TYPE Type,\r | |
| 922 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
| 923 | IN VOID *Data,\r | |
| 924 | IN UINTN SelectorSize,\r | |
| 925 | IN UINTN DataSize,\r | |
| 926 | IN VOID *Context\r | |
| 927 | );\r | |
| 928 | \r | |
| 929 | /**\r | |
| 930 | Check if the Algorithm ID is supported.\r | |
| 931 | \r | |
| 932 | @param[in] AlgorithmId The specified Algorithm ID.\r | |
| 933 | @param[in] Type The type used to indicate the Algorithm is for Encrypt or\r | |
| 934 | Authentication.\r | |
| 935 | \r | |
| 936 | @retval TRUE If the Algorithm ID is supported.\r | |
| 937 | @retval FALSE If the Algorithm ID is not supported.\r | |
| 938 | \r | |
| 939 | **/\r | |
| 940 | BOOLEAN\r | |
| 941 | Ikev2IsSupportAlg (\r | |
| 942 | IN UINT16 AlgorithmId,\r | |
| 943 | IN UINT8 Type\r | |
| 944 | );\r | |
| 945 | \r | |
| 946 | /**\r | |
| 947 | Generate a ChildSa Session and insert it into related IkeSaSession.\r | |
| 948 | \r | |
| 949 | @param[in] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
| 950 | @param[in] UdpService Pointer to related IKE_UDP_SERVICE.\r | |
| 951 | \r | |
| 952 | @return pointer of IKEV2_CHILD_SA_SESSION.\r | |
| 953 | \r | |
| 954 | **/\r | |
| 955 | IKEV2_CHILD_SA_SESSION *\r | |
| 956 | Ikev2ChildSaSessionCreate (\r | |
| 957 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
| 958 | IN IKE_UDP_SERVICE *UdpService\r | |
| 959 | ) ;\r | |
| 960 | \r | |
| 961 | /**\r | |
| 962 | Parse the received Initial Exchange Packet.\r | |
| f75a7f56 LG |
963 | \r |
| 964 | This function parse the SA Payload and Key Payload to find out the cryptographic\r | |
| 965 | suite for the further IKE negotiation and fill it into the IKE SA Session's\r | |
| 9166f840 | 966 | CommonSession->SaParams.\r |
| 967 | \r | |
| 968 | @param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
| 969 | @param[in] SaPayload The received packet.\r | |
| f75a7f56 | 970 | @param[in] Type The received packet IKE header flag.\r |
| 9166f840 | 971 | \r |
| 972 | @retval TRUE If the SA proposal in Packet is acceptable.\r | |
| 973 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
| 974 | \r | |
| 975 | **/\r | |
| 976 | BOOLEAN\r | |
| 977 | Ikev2SaParseSaPayload (\r | |
| 978 | IN OUT IKEV2_SA_SESSION *IkeSaSession,\r | |
| 979 | IN IKE_PAYLOAD *SaPayload,\r | |
| 980 | IN UINT8 Type\r | |
| 981 | );\r | |
| 982 | \r | |
| 983 | /**\r | |
| 984 | Parse the received Authentication Exchange Packet.\r | |
| f75a7f56 | 985 | \r |
| 9166f840 | 986 | This function parse the SA Payload and Key Payload to find out the cryptographic\r |
| 987 | suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r | |
| f75a7f56 LG |
988 | \r |
| 989 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to\r | |
| 9166f840 | 990 | this Authentication Exchange.\r |
| 991 | @param[in] SaPayload The received packet.\r | |
| f75a7f56 LG |
992 | @param[in] Type The IKE header's flag of received packet .\r |
| 993 | \r | |
| 9166f840 | 994 | @retval TRUE If the SA proposal in Packet is acceptable.\r |
| 995 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
| 996 | \r | |
| 997 | **/\r | |
| 998 | BOOLEAN\r | |
| 999 | Ikev2ChildSaParseSaPayload (\r | |
| 1000 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
| 1001 | IN IKE_PAYLOAD *SaPayload,\r | |
| 1002 | IN UINT8 Type\r | |
| 1003 | );\r | |
| 1004 | \r | |
| 1005 | /**\r | |
| 1006 | Generate Key buffer from fragments.\r | |
| 1007 | \r | |
| f75a7f56 LG |
1008 | If the digest length of specified HashAlgId is larger than or equal with the\r |
| 1009 | required output key length, derive the key directly. Otherwise, Key Material\r | |
| 1010 | needs to be PRF-based concatenation according to 2.13 of RFC 4306:\r | |
| 9166f840 | 1011 | prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r |
| 1012 | T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r | |
| 1013 | then derive the key from this key material.\r | |
| f75a7f56 | 1014 | \r |
| 9166f840 | 1015 | @param[in] HashAlgId The Hash Algorithm ID used to generate key.\r |
| 1016 | @param[in] HashKey Pointer to a key buffer which contains hash key.\r | |
| 1017 | @param[in] HashKeyLength The length of HashKey in bytes.\r | |
| f75a7f56 | 1018 | @param[in, out] OutputKey Pointer to buffer which is used to receive the\r |
| 9166f840 | 1019 | output key.\r |
| 1020 | @param[in] OutputKeyLength The length of OutPutKey buffer.\r | |
| 1021 | @param[in] Fragments Pointer to the data to be used to generate key.\r | |
| 1022 | @param[in] NumFragments The numbers of the Fragement.\r | |
| 1023 | \r | |
| 1024 | @retval EFI_SUCCESS The operation complete successfully.\r | |
| 1025 | @retval EFI_INVALID_PARAMETER If NumFragments is zero.\r | |
| 1026 | @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r | |
| 1027 | @retval Others The operation is failed.\r | |
| 1028 | \r | |
| 1029 | **/\r | |
| 1030 | EFI_STATUS\r | |
| 1031 | Ikev2SaGenerateKey (\r | |
| 1032 | IN UINT8 HashAlgId,\r | |
| 1033 | IN UINT8 *HashKey,\r | |
| 1034 | IN UINTN HashKeyLength,\r | |
| 1035 | IN OUT UINT8 *OutputKey,\r | |
| 1036 | IN UINTN OutputKeyLength,\r | |
| 1037 | IN PRF_DATA_FRAGMENT *Fragments,\r | |
| 1038 | IN UINTN NumFragments\r | |
| 1039 | );\r | |
| 1040 | \r | |
| 1041 | /**\r | |
| 1042 | Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r | |
| 1043 | \r | |
| 1044 | ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r | |
| f75a7f56 | 1045 | the SpdSelector in ChildSaSession is more accurated or the scope is smaller\r |
| 9166f840 | 1046 | than the one in ChildSaSession->Spd, especially for the tunnel mode.\r |
| f75a7f56 | 1047 | \r |
| 9166f840 | 1048 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r |
| 6b16c9e7 JW |
1049 | \r |
| 1050 | @retval EFI_SUCCESS The operation complete successfully.\r | |
| 1051 | @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r | |
| f75a7f56 | 1052 | \r |
| 9166f840 | 1053 | **/\r |
| 6b16c9e7 | 1054 | EFI_STATUS\r |
| 9166f840 | 1055 | Ikev2ChildSaSessionSpdSelectorCreate (\r |
| 1056 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
| 1057 | );\r | |
| 1058 | \r | |
| 1059 | extern IKE_ALG_GUID_INFO mIPsecEncrAlgInfo[];\r | |
| 1060 | #endif\r | |
| 1061 | \r |