]>
Commit | Line | Data |
---|---|---|
9166f840 | 1 | /** @file\r |
f75a7f56 | 2 | The interfaces of IKE/Child session operations and payload related operations\r |
9166f840 | 3 | used by IKE Exchange Process.\r |
4 | \r | |
f75a7f56 | 5 | Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9166f840 | 6 | \r |
ecf98fbc | 7 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9166f840 | 8 | \r |
9 | **/\r | |
10 | \r | |
11 | #ifndef _IKE_V2_UTILITY_H_\r | |
12 | #define _IKE_V2_UTILITY_H_\r | |
13 | \r | |
14 | #include "Ikev2.h"\r | |
15 | #include "IkeCommon.h"\r | |
16 | #include "IpSecCryptIo.h"\r | |
17 | \r | |
18 | #include <Library/PcdLib.h>\r | |
19 | \r | |
20 | #define IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM 2\r | |
21 | #define IKEV2_SUPPORT_PRF_ALGORITHM_NUM 1\r | |
22 | #define IKEV2_SUPPORT_DH_ALGORITHM_NUM 2\r | |
23 | #define IKEV2_SUPPORT_AUTH_ALGORITHM_NUM 1\r | |
24 | \r | |
25 | /**\r | |
26 | Allocate buffer for IKEV2_SA_SESSION and initialize it.\r | |
27 | \r | |
28 | @param[in] Private Pointer to IPSEC_PRIVATE_DATA.\r | |
29 | @param[in] UdpService Pointer to IKE_UDP_SERVICE related to this IKE SA Session.\r | |
30 | \r | |
31 | @return Pointer to IKEV2_SA_SESSION.\r | |
32 | \r | |
33 | **/\r | |
34 | IKEV2_SA_SESSION *\r | |
35 | Ikev2SaSessionAlloc (\r | |
36 | IN IPSEC_PRIVATE_DATA *Private,\r | |
37 | IN IKE_UDP_SERVICE *UdpService\r | |
38 | );\r | |
39 | \r | |
40 | /**\r | |
41 | Register Establish IKEv2 SA into Private->Ikev2EstablishedList.\r | |
42 | \r | |
43 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be registered.\r | |
44 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
45 | \r | |
46 | **/\r | |
47 | VOID\r | |
48 | Ikev2SaSessionReg (\r | |
49 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
50 | IN IPSEC_PRIVATE_DATA *Private\r | |
51 | );\r | |
52 | \r | |
53 | /**\r | |
54 | Find a IKEV2_SA_SESSION by the remote peer IP.\r | |
55 | \r | |
56 | @param[in] SaSessionList SaSession List to be searched.\r | |
57 | @param[in] RemotePeerIp Pointer to specified IP address.\r | |
58 | \r | |
59 | @return Pointer to IKEV2_SA_SESSION if find one or NULL.\r | |
60 | \r | |
61 | **/\r | |
62 | IKEV2_SA_SESSION *\r | |
63 | Ikev2SaSessionLookup (\r | |
64 | IN LIST_ENTRY *SaSessionList,\r | |
65 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
66 | );\r | |
67 | \r | |
68 | /**\r | |
69 | Insert a IKE_SA_SESSION into IkeSaSession list. The IkeSaSession list is either\r | |
70 | Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r | |
71 | \r | |
72 | @param[in] SaSessionList Pointer to list to be inserted into.\r | |
f75a7f56 LG |
73 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.\r |
74 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the\r | |
9166f840 | 75 | unique IKEV2_SA_SESSION.\r |
76 | \r | |
77 | **/\r | |
78 | VOID\r | |
79 | Ikev2SaSessionInsert (\r | |
80 | IN LIST_ENTRY *SaSessionList,\r | |
81 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
82 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
83 | );\r | |
84 | \r | |
85 | /**\r | |
86 | Remove the SA Session by Remote Peer IP.\r | |
87 | \r | |
88 | @param[in] SaSessionList Pointer to list to be searched.\r | |
89 | @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.\r | |
90 | \r | |
f75a7f56 | 91 | @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.\r |
9166f840 | 92 | \r |
93 | **/\r | |
94 | IKEV2_SA_SESSION *\r | |
95 | Ikev2SaSessionRemove (\r | |
96 | IN LIST_ENTRY *SaSessionList,\r | |
97 | IN EFI_IP_ADDRESS *RemotePeerIp\r | |
98 | );\r | |
99 | \r | |
100 | \r | |
9166f840 | 101 | /**\r |
102 | After IKE/Child SA is estiblished, close the time event and free sent packet.\r | |
103 | \r | |
104 | @param[in] SessionCommon Pointer to a Session Common.\r | |
105 | \r | |
106 | **/\r | |
107 | VOID\r | |
108 | Ikev2SessionCommonRefresh (\r | |
109 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
110 | );\r | |
111 | \r | |
112 | /**\r | |
f75a7f56 | 113 | Free specified IKEV2 SA Session.\r |
9166f840 | 114 | \r |
115 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.\r | |
116 | \r | |
117 | **/\r | |
118 | VOID\r | |
119 | Ikev2SaSessionFree (\r | |
120 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
121 | );\r | |
122 | \r | |
123 | /**\r | |
f75a7f56 | 124 | Free specified Seession Common. The session common would belong to a IKE SA or\r |
9166f840 | 125 | a Child SA.\r |
126 | \r | |
127 | @param[in] SessionCommon Pointer to a Session Common.\r | |
128 | \r | |
129 | **/\r | |
130 | VOID\r | |
131 | Ikev2SaSessionCommonFree (\r | |
132 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
133 | );\r | |
134 | \r | |
135 | /**\r | |
136 | Increase the MessageID in IkeSaSession.\r | |
137 | \r | |
138 | @param[in] IkeSaSession Pointer to a specified IKEV2_SA_SESSION.\r | |
139 | \r | |
140 | **/\r | |
141 | VOID\r | |
142 | Ikev2SaSessionIncreaseMessageId (\r | |
143 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
144 | );\r | |
145 | \r | |
146 | /**\r | |
147 | Allocate Momery for IKEV2 Child SA Session.\r | |
f75a7f56 | 148 | \r |
9166f840 | 149 | @param[in] UdpService Pointer to IKE_UDP_SERVICE.\r |
f75a7f56 | 150 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA\r |
9166f840 | 151 | Session.\r |
152 | \r | |
153 | @retval Pointer of a new created IKEV2 Child SA Session.\r | |
154 | \r | |
155 | **/\r | |
156 | IKEV2_CHILD_SA_SESSION *\r | |
157 | Ikev2ChildSaSessionAlloc (\r | |
158 | IN IKE_UDP_SERVICE *UdpService,\r | |
159 | IN IKEV2_SA_SESSION *IkeSaSession\r | |
160 | );\r | |
161 | \r | |
162 | /**\r | |
f75a7f56 LG |
163 | Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.\r |
164 | If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one\r | |
9166f840 | 165 | then register the new one.\r |
166 | \r | |
167 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r | |
168 | @param[in] Private Pointer to IPSEC_PRAVATE_DATA.\r | |
169 | \r | |
170 | **/\r | |
171 | VOID\r | |
172 | Ikev2ChildSaSessionReg (\r | |
173 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
174 | IN IPSEC_PRIVATE_DATA *Private\r | |
175 | );\r | |
176 | \r | |
177 | /**\r | |
178 | This function find the Child SA by the specified Spi.\r | |
44de1013 HT |
179 | \r |
180 | This functin find a ChildSA session by searching the ChildSaSessionlist of\r | |
9166f840 | 181 | the input IKEV2_SA_SESSION by specified MessageID.\r |
f75a7f56 | 182 | \r |
9166f840 | 183 | @param[in] SaSessionList Pointer to List to be searched.\r |
184 | @param[in] Spi Specified SPI.\r | |
44de1013 | 185 | \r |
9166f840 | 186 | @return Pointer to IKEV2_CHILD_SA_SESSION.\r |
187 | \r | |
188 | **/\r | |
189 | IKEV2_CHILD_SA_SESSION *\r | |
190 | Ikev2ChildSaSessionLookupBySpi (\r | |
191 | IN LIST_ENTRY *SaSessionList,\r | |
192 | IN UINT32 Spi\r | |
193 | );\r | |
194 | \r | |
9166f840 | 195 | \r |
196 | /**\r | |
197 | Insert a Child SA Session into the specified ChildSa list..\r | |
198 | \r | |
199 | @param[in] SaSessionList Pointer to list to be inserted in.\r | |
200 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be inserted.\r | |
201 | \r | |
202 | **/\r | |
203 | VOID\r | |
204 | Ikev2ChildSaSessionInsert (\r | |
205 | IN LIST_ENTRY *SaSessionList,\r | |
206 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
207 | );\r | |
208 | \r | |
209 | /**\r | |
210 | Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.\r | |
f75a7f56 | 211 | \r |
9166f840 | 212 | @param[in] SaSessionList The SA Session List to be iterated.\r |
213 | @param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.\r | |
f75a7f56 LG |
214 | @param[in] ListType The type of the List to indicate whether it is a\r |
215 | Established.\r | |
9166f840 | 216 | \r |
217 | @return The point to IKEV2_CHILD_SA_SESSION.\r | |
f75a7f56 | 218 | \r |
9166f840 | 219 | **/\r |
220 | IKEV2_CHILD_SA_SESSION *\r | |
221 | Ikev2ChildSaSessionRemove (\r | |
222 | IN LIST_ENTRY *SaSessionList,\r | |
f75a7f56 LG |
223 | IN UINT32 Spi,\r |
224 | IN UINT8 ListType\r | |
9166f840 | 225 | );\r |
226 | \r | |
9166f840 | 227 | \r |
228 | /**\r | |
f75a7f56 | 229 | Free the memory located for the specified IKEV2_CHILD_SA_SESSION.\r |
9166f840 | 230 | \r |
231 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
232 | \r | |
233 | **/\r | |
234 | VOID\r | |
235 | Ikev2ChildSaSessionFree (\r | |
236 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
237 | );\r | |
238 | \r | |
239 | /**\r | |
240 | Free the specified DhBuffer.\r | |
241 | \r | |
242 | @param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.\r | |
f75a7f56 | 243 | \r |
9166f840 | 244 | **/\r |
245 | VOID\r | |
246 | Ikev2DhBufferFree (\r | |
247 | IN IKEV2_DH_BUFFER *DhBuffer\r | |
248 | );\r | |
249 | \r | |
250 | /**\r | |
251 | Delete the specified established Child SA.\r | |
252 | \r | |
253 | This function delete the Child SA directly and dont send the Information Packet to\r | |
254 | remote peer.\r | |
255 | \r | |
256 | @param[in] IkeSaSession Pointer to a IKE SA Session used to be searched for.\r | |
257 | @param[in] Spi SPI used to find the Child SA.\r | |
258 | \r | |
259 | @retval EFI_NOT_FOUND Pointer of IKE SA Session is NULL.\r | |
260 | @retval EFI_NOT_FOUND There is no specified Child SA related with the input\r | |
261 | SPI under this IKE SA Session.\r | |
262 | @retval EFI_SUCCESS Delete the Child SA successfully.\r | |
263 | \r | |
264 | **/\r | |
265 | EFI_STATUS\r | |
266 | Ikev2ChildSaSilentDelete (\r | |
267 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
268 | IN UINT32 Spi\r | |
269 | );\r | |
270 | \r | |
271 | /**\r | |
272 | This function is to parse a request IKE packet and return its request type.\r | |
f75a7f56 | 273 | The request type is one of IKE CHILD SA creation, IKE SA rekeying and\r |
9166f840 | 274 | IKE CHILD SA rekeying.\r |
275 | \r | |
276 | @param[in] IkePacket IKE packet to be prased.\r | |
277 | \r | |
278 | return the type of the IKE packet.\r | |
279 | \r | |
280 | **/\r | |
281 | IKEV2_CREATE_CHILD_REQUEST_TYPE\r | |
282 | Ikev2ChildExchangeRequestType(\r | |
283 | IN IKE_PACKET *IkePacket\r | |
284 | );\r | |
285 | \r | |
9166f840 | 286 | \r |
287 | /**\r | |
288 | Associate a SPD selector to the Child SA Session.\r | |
289 | \r | |
f75a7f56 | 290 | This function is called when the Child SA is not the first child SA of its\r |
9166f840 | 291 | IKE SA. It associate a SPD to this Child SA.\r |
292 | \r | |
f75a7f56 | 293 | @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to\r |
9166f840 | 294 | a SPD selector.\r |
295 | \r | |
296 | @retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.\r | |
297 | @retval EFI_NOT_FOUND Can't find the related SPD selector.\r | |
298 | \r | |
299 | **/\r | |
300 | EFI_STATUS\r | |
301 | Ikev2ChildSaAssociateSpdEntry (\r | |
302 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
303 | );\r | |
304 | \r | |
305 | /**\r | |
306 | Validate the IKE header of received IKE packet.\r | |
307 | \r | |
308 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this IKE packet.\r | |
309 | @param[in] IkeHdr Pointer to IKE header of received IKE packet.\r | |
310 | \r | |
311 | @retval TRUE If the IKE header is valid.\r | |
312 | @retval FALSE If the IKE header is invalid.\r | |
313 | \r | |
314 | **/\r | |
315 | BOOLEAN\r | |
316 | Ikev2ValidateHeader (\r | |
317 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
318 | IN IKE_HEADER *IkeHdr\r | |
319 | );\r | |
320 | \r | |
321 | /**\r | |
322 | Create and intialize IKEV2_SA_DATA for speicifed IKEV2_SESSION_COMMON.\r | |
323 | \r | |
324 | This function will be only called by the initiator. The responder's IKEV2_SA_DATA\r | |
325 | will be generated during parsed the initiator packet.\r | |
326 | \r | |
327 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to.\r | |
328 | \r | |
329 | @retval a Pointer to a new IKEV2_SA_DATA or NULL.\r | |
330 | \r | |
331 | **/\r | |
332 | IKEV2_SA_DATA *\r | |
333 | Ikev2InitializeSaData (\r | |
334 | IN IKEV2_SESSION_COMMON *SessionCommon\r | |
335 | );\r | |
336 | \r | |
337 | /**\r | |
338 | Store the SA into SAD.\r | |
339 | \r | |
340 | @param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.\r | |
341 | \r | |
342 | **/\r | |
343 | VOID\r | |
344 | Ikev2StoreSaData (\r | |
345 | IN IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
346 | );\r | |
347 | \r | |
348 | /**\r | |
349 | Routine process before the payload decoding.\r | |
350 | \r | |
351 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
352 | @param[in] PayloadBuf Pointer to the payload.\r | |
353 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
354 | @param[in] PayloadType Type of Payload.\r | |
355 | \r | |
356 | **/\r | |
357 | VOID\r | |
358 | Ikev2ChildSaBeforeDecodePayload (\r | |
359 | IN UINT8 *SessionCommon,\r | |
360 | IN UINT8 *PayloadBuf,\r | |
361 | IN UINTN PayloadSize,\r | |
362 | IN UINT8 PayloadType\r | |
363 | );\r | |
364 | \r | |
365 | /**\r | |
366 | Routine Process after the encode payload.\r | |
367 | \r | |
368 | @param[in] SessionCommon Pointer to ChildSa SessionCommon.\r | |
369 | @param[in] PayloadBuf Pointer to the payload.\r | |
370 | @param[in] PayloadSize Size of PayloadBuf in byte.\r | |
371 | @param[in] PayloadType Type of Payload.\r | |
372 | \r | |
373 | **/\r | |
374 | VOID\r | |
375 | Ikev2ChildSaAfterEncodePayload (\r | |
376 | IN UINT8 *SessionCommon,\r | |
377 | IN UINT8 *PayloadBuf,\r | |
378 | IN UINTN PayloadSize,\r | |
379 | IN UINT8 PayloadType\r | |
380 | );\r | |
381 | \r | |
382 | /**\r | |
383 | Generate Ikev2 SA payload according to SessionSaData\r | |
384 | \r | |
385 | @param[in] SessionSaData The data used in SA payload.\r | |
f75a7f56 | 386 | @param[in] NextPayload The payload type presented in NextPayload field of\r |
9166f840 | 387 | SA Payload header.\r |
388 | @param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r | |
389 | (2) for CHILD_SA or (3) for INFO.\r | |
390 | \r | |
391 | @retval a Pointer to SA IKE payload.\r | |
f75a7f56 | 392 | \r |
9166f840 | 393 | **/\r |
394 | IKE_PAYLOAD *\r | |
395 | Ikev2GenerateSaPayload (\r | |
396 | IN IKEV2_SA_DATA *SessionSaData,\r | |
397 | IN UINT8 NextPayload,\r | |
398 | IN IKE_SESSION_TYPE Type\r | |
399 | );\r | |
400 | \r | |
401 | /**\r | |
402 | Generate a ID payload.\r | |
403 | \r | |
404 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
f75a7f56 | 405 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
9166f840 | 406 | of ID Payload header.\r |
407 | \r | |
408 | @retval Pointer to ID IKE payload.\r | |
409 | \r | |
410 | **/\r | |
411 | IKE_PAYLOAD *\r | |
412 | Ikev2GenerateIdPayload (\r | |
413 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
414 | IN UINT8 NextPayload\r | |
415 | );\r | |
416 | \r | |
417 | /**\r | |
418 | Generate a ID payload.\r | |
419 | \r | |
420 | @param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r | |
f75a7f56 | 421 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
9166f840 | 422 | of ID Payload header.\r |
423 | @param[in] InCert Pointer to the Certificate which distinguished name\r | |
424 | will be added into the Id payload.\r | |
425 | @param[in] CertSize Size of the Certificate.\r | |
426 | \r | |
427 | @retval Pointer to ID IKE payload.\r | |
428 | \r | |
429 | **/\r | |
430 | IKE_PAYLOAD *\r | |
431 | Ikev2GenerateCertIdPayload (\r | |
432 | IN IKEV2_SESSION_COMMON *CommonSession,\r | |
f75a7f56 | 433 | IN UINT8 NextPayload,\r |
9166f840 | 434 | IN UINT8 *InCert,\r |
435 | IN UINTN CertSize\r | |
436 | );\r | |
437 | \r | |
438 | /**\r | |
439 | Generate a Nonce payload contenting the input parameter NonceBuf.\r | |
440 | \r | |
f75a7f56 | 441 | @param[in] NonceBuf The nonce buffer content the whole Nonce payload block\r |
9166f840 | 442 | except the payload header.\r |
443 | @param[in] NonceSize The buffer size of the NonceBuf\r | |
f75a7f56 | 444 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
9166f840 | 445 | of Nonce Payload header.\r |
446 | \r | |
447 | @retval Pointer to Nonce IKE paload.\r | |
448 | \r | |
449 | **/\r | |
450 | IKE_PAYLOAD *\r | |
451 | Ikev2GenerateNoncePayload (\r | |
452 | IN UINT8 *NonceBuf,\r | |
453 | IN UINTN NonceSize,\r | |
454 | IN UINT8 NextPayload\r | |
455 | );\r | |
456 | \r | |
457 | /**\r | |
458 | Generate the Notify payload.\r | |
459 | \r | |
460 | Since the structure of Notify payload which defined in RFC 4306 is simple, so\r | |
f75a7f56 LG |
461 | there is no internal data structure for Notify payload. This function generate\r |
462 | Notify payload defined in RFC 4306, but all the fields in this payload are still\r | |
463 | in host order and need call Ikev2EncodePayload() to convert those fields from\r | |
9166f840 | 464 | the host order to network order beforing sending it.\r |
465 | \r | |
466 | @param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r | |
467 | For IPsec SAs it MUST be neither (2) for AH or (3)\r | |
468 | for ESP.\r | |
f75a7f56 | 469 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
9166f840 | 470 | the Notify payload.\r |
471 | @param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.\r | |
f75a7f56 | 472 | @param[in] MessageType The message type in NotifyMessageType field of the\r |
9166f840 | 473 | Notify Payload.\r |
474 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
475 | @param[in] NotifyData Pointer to buffer contains the notification data.\r | |
476 | @param[in] NotifyDataSize The size of NotifyData in bytes.\r | |
f75a7f56 | 477 | \r |
9166f840 | 478 | \r |
479 | @retval Pointer to IKE Notify Payload.\r | |
480 | \r | |
481 | **/\r | |
482 | IKE_PAYLOAD *\r | |
483 | Ikev2GenerateNotifyPayload (\r | |
484 | IN UINT8 ProtocolId,\r | |
485 | IN UINT8 NextPayload,\r | |
486 | IN UINT8 SpiSize,\r | |
487 | IN UINT16 MessageType,\r | |
488 | IN UINT8 *SpiBuf,\r | |
489 | IN UINT8 *NotifyData,\r | |
490 | IN UINTN NotifyDataSize\r | |
491 | );\r | |
492 | \r | |
493 | /**\r | |
494 | Generate the Delete payload.\r | |
495 | \r | |
f75a7f56 LG |
496 | Since the structure of Delete payload which defined in RFC 4306 is simple,\r |
497 | there is no internal data structure for Delete payload. This function generate\r | |
498 | Delete payload defined in RFC 4306, but all the fields in this payload are still\r | |
499 | in host order and need call Ikev2EncodePayload() to convert those fields from\r | |
9166f840 | 500 | the host order to network order beforing sending it.\r |
501 | \r | |
502 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r | |
f75a7f56 | 503 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
9166f840 | 504 | the Delete payload.\r |
505 | @param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r | |
506 | @param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r | |
507 | @param[in] SpiBuf Pointer to buffer contains the SPI value.\r | |
508 | \r | |
509 | @retval Pointer to IKE Delete Payload.\r | |
510 | \r | |
511 | **/\r | |
512 | IKE_PAYLOAD *\r | |
513 | Ikev2GenerateDeletePayload (\r | |
514 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
515 | IN UINT8 NextPayload,\r | |
516 | IN UINT8 SpiSize,\r | |
517 | IN UINT16 SpiNum,\r | |
f75a7f56 | 518 | IN UINT8 *SpiBuf\r |
9166f840 | 519 | );\r |
520 | \r | |
521 | /**\r | |
522 | Generate the Configuration payload.\r | |
523 | \r | |
f75a7f56 LG |
524 | This function generates a configuration payload defined in RFC 4306, but all the\r |
525 | fields in this payload are still in host order and need call Ikev2EncodePayload()\r | |
9166f840 | 526 | to convert those fields from the host order to network order beforing sending it.\r |
527 | \r | |
528 | @param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r | |
529 | generation.\r | |
f75a7f56 | 530 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
9166f840 | 531 | the Delete payload.\r |
532 | @param[in] CfgType The attribute type in the Configuration attribute.\r | |
533 | \r | |
534 | @retval Pointer to IKE CP Payload.\r | |
535 | \r | |
536 | **/\r | |
537 | IKE_PAYLOAD *\r | |
538 | Ikev2GenerateCpPayload (\r | |
539 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
540 | IN UINT8 NextPayload,\r | |
541 | IN UINT8 CfgType\r | |
542 | );\r | |
543 | \r | |
544 | /**\r | |
545 | Generate a Authentication Payload.\r | |
546 | \r | |
f75a7f56 LG |
547 | This function is used for both Authentication generation and verification. When the\r |
548 | IsVerify is TRUE, it create a Auth Data for verification. This function choose the\r | |
9166f840 | 549 | related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r |
550 | and the value of IsVerify parameter.\r | |
551 | \r | |
552 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
f75a7f56 | 553 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r |
9166f840 | 554 | payload generation.\r |
f75a7f56 | 555 | @param[in] NextPayload The type filled into the Authentication Payload next\r |
9166f840 | 556 | payload field.\r |
557 | @param[in] IsVerify If it is TURE, the Authentication payload is used for\r | |
558 | verification.\r | |
559 | \r | |
560 | @return pointer to IKE Authentication payload for pre-shard key method.\r | |
561 | \r | |
562 | **/\r | |
563 | IKE_PAYLOAD *\r | |
564 | Ikev2PskGenerateAuthPayload (\r | |
565 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
566 | IN IKE_PAYLOAD *IdPayload,\r | |
567 | IN UINT8 NextPayload,\r | |
568 | IN BOOLEAN IsVerify\r | |
569 | );\r | |
570 | \r | |
571 | /**\r | |
f75a7f56 | 572 | Generate a Authentication Payload for Certificate Auth method.\r |
9166f840 | 573 | \r |
f75a7f56 LG |
574 | This function has two functions. One is creating a local Authentication\r |
575 | Payload for sending and other is creating the remote Authentication data\r | |
9166f840 | 576 | for verification when the IsVerify is TURE.\r |
577 | \r | |
578 | @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r | |
f75a7f56 | 579 | @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r |
9166f840 | 580 | payload generation.\r |
f75a7f56 | 581 | @param[in] NextPayload The type filled into the Authentication Payload\r |
9166f840 | 582 | next payload field.\r |
f75a7f56 | 583 | @param[in] IsVerify If it is TURE, the Authentication payload is used\r |
9166f840 | 584 | for verification.\r |
f75a7f56 | 585 | @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when\r |
9166f840 | 586 | verify the authenticate payload.\r |
f75a7f56 | 587 | @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it\r |
9166f840 | 588 | when verify the authenticate payload.\r |
f75a7f56 | 589 | @param[in] UefiKeyPwd Pointer to the password of UEFI private key.\r |
9166f840 | 590 | Ignore it when verify the authenticate payload.\r |
f75a7f56 | 591 | @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when\r |
9166f840 | 592 | verify the authenticate payload.\r |
593 | \r | |
594 | @return pointer to IKE Authentication payload for certification method.\r | |
595 | \r | |
596 | **/\r | |
597 | IKE_PAYLOAD *\r | |
598 | Ikev2CertGenerateAuthPayload (\r | |
599 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
600 | IN IKE_PAYLOAD *IdPayload,\r | |
601 | IN UINT8 NextPayload,\r | |
602 | IN BOOLEAN IsVerify,\r | |
603 | IN UINT8 *UefiPrivateKey,\r | |
604 | IN UINTN UefiPrivateKeyLen,\r | |
605 | IN UINT8 *UefiKeyPwd,\r | |
606 | IN UINTN UefiKeyPwdLen\r | |
607 | );\r | |
608 | \r | |
609 | /**\r | |
610 | Generate TS payload.\r | |
611 | \r | |
612 | This function generates TSi or TSr payload according to type of next payload.\r | |
613 | If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r | |
614 | TSr payload\r | |
f75a7f56 | 615 | \r |
9166f840 | 616 | @param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.\r |
f75a7f56 | 617 | @param[in] NextPayload The payload type presented in the NextPayload field\r |
9166f840 | 618 | of ID Payload header.\r |
619 | @param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r | |
620 | If yes, it means the Tsi and Tsr payload should be with\r | |
621 | Max port range and address range and protocol is marked\r | |
622 | as zero.\r | |
623 | \r | |
624 | @retval Pointer to Ts IKE payload.\r | |
625 | \r | |
626 | **/\r | |
627 | IKE_PAYLOAD *\r | |
628 | Ikev2GenerateTsPayload (\r | |
629 | IN IKEV2_CHILD_SA_SESSION *ChildSa,\r | |
630 | IN UINT8 NextPayload,\r | |
631 | IN BOOLEAN IsTunnel\r | |
632 | );\r | |
633 | \r | |
634 | /**\r | |
635 | Parser the Notify Cookie payload.\r | |
636 | \r | |
637 | This function parses the Notify Cookie payload.If the Notify ProtocolId is not\r | |
638 | IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r | |
639 | the COOKIE, return EFI_INVALID_PARAMETER.\r | |
640 | \r | |
f75a7f56 | 641 | @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the\r |
9166f840 | 642 | Notify Cookie payload.\r |
643 | the Notify payload.\r | |
644 | @param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.\r | |
645 | \r | |
646 | @retval EFI_SUCCESS The Notify Cookie Payload is valid.\r | |
647 | @retval EFI_INVALID_PARAMETER The Notify Cookie Payload is invalid.\r | |
648 | @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r | |
649 | \r | |
650 | **/\r | |
651 | EFI_STATUS\r | |
652 | Ikev2ParserNotifyCookiePayload (\r | |
653 | IN IKE_PAYLOAD *IkeNCookie,\r | |
654 | IN OUT IKEV2_SA_SESSION *IkeSaSession\r | |
655 | );\r | |
656 | \r | |
657 | /**\r | |
658 | Generate the Certificate payload or Certificate Request Payload.\r | |
659 | \r | |
f75a7f56 | 660 | Since the Certificate Payload structure is same with Certificate Request Payload,\r |
9166f840 | 661 | the only difference is that one contains the Certificate Data, other contains\r |
f75a7f56 LG |
662 | the acceptable certificateion CA. This function generate Certificate payload\r |
663 | or Certificate Request Payload defined in RFC 4306, but all the fields\r | |
664 | in the payload are still in host order and need call Ikev2EncodePayload()\r | |
9166f840 | 665 | to convert those fields from the host order to network order beforing sending it.\r |
666 | \r | |
f75a7f56 | 667 | @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload\r |
9166f840 | 668 | generation.\r |
f75a7f56 | 669 | @param[in] NextPayload The next paylaod type in NextPayload field of\r |
9166f840 | 670 | the Delete payload.\r |
671 | @param[in] Certificate Pointer of buffer contains the certification data.\r | |
672 | @param[in] CertificateLen The length of Certificate in byte.\r | |
673 | @param[in] EncodeType Specified the Certificate Encodeing which is defined\r | |
674 | in RFC 4306.\r | |
675 | @param[in] IsRequest To indicate create Certificate Payload or Certificate\r | |
676 | Request Payload. If it is TURE, create Certificate\r | |
677 | Request Payload. Otherwise, create Certificate Payload.\r | |
678 | \r | |
679 | @retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r | |
680 | payload or Certificated Request payload.\r | |
681 | \r | |
682 | **/\r | |
683 | IKE_PAYLOAD *\r | |
684 | Ikev2GenerateCertificatePayload (\r | |
685 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
686 | IN UINT8 NextPayload,\r | |
687 | IN UINT8 *Certificate,\r | |
688 | IN UINTN CertificateLen,\r | |
689 | IN UINT8 EncodeType,\r | |
690 | IN BOOLEAN IsRequest\r | |
691 | );\r | |
f75a7f56 | 692 | \r |
9166f840 | 693 | /**\r |
694 | General interface of payload encoding.\r | |
695 | \r | |
f75a7f56 LG |
696 | This function encode the internal data structure into payload which\r |
697 | is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input\r | |
698 | payload and converted payload. Only the SA payload use the interal structure\r | |
699 | to store the attribute. Other payload use structure which is same with the RFC\r | |
700 | defined, for this kind payloads just do host order to network order change of\r | |
9166f840 | 701 | some fields.\r |
702 | \r | |
703 | @param[in] SessionCommon Pointer to IKE Session Common used to encode the payload.\r | |
704 | @param[in, out] IkePayload Pointer to IKE payload to be encode as input, and\r | |
705 | store the encoded result as output.\r | |
706 | \r | |
707 | @retval EFI_INVALID_PARAMETER Meet error when encode the SA payload.\r | |
708 | @retval EFI_SUCCESS Encode successfully.\r | |
709 | \r | |
710 | **/\r | |
711 | EFI_STATUS\r | |
712 | Ikev2EncodePayload (\r | |
713 | IN UINT8 *SessionCommon,\r | |
714 | IN OUT IKE_PAYLOAD *IkePayload\r | |
715 | );\r | |
716 | \r | |
717 | /**\r | |
718 | The general interface of decode Payload.\r | |
719 | \r | |
720 | This function convert the received Payload into internal structure.\r | |
721 | \r | |
722 | @param[in] SessionCommon Pointer to IKE Session Common to use for decoding.\r | |
723 | @param[in, out] IkePayload Pointer to IKE payload to be decode as input, and\r | |
f75a7f56 | 724 | store the decoded result as output.\r |
9166f840 | 725 | \r |
726 | @retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.\r | |
727 | @retval EFI_SUCCESS Decode successfully.\r | |
728 | \r | |
729 | **/\r | |
730 | EFI_STATUS\r | |
731 | Ikev2DecodePayload (\r | |
732 | IN UINT8 *SessionCommon,\r | |
733 | IN OUT IKE_PAYLOAD *IkePayload\r | |
734 | );\r | |
735 | \r | |
736 | /**\r | |
737 | Decrypt IKE packet.\r | |
738 | \r | |
739 | This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.\r | |
740 | \r | |
f75a7f56 | 741 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r |
9166f840 | 742 | some parameter used during decrypting.\r |
f75a7f56 | 743 | @param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,\r |
9166f840 | 744 | and the decrypted reslult as output.\r |
745 | @param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
746 | IKE_CHILD_TYPE are supportted.\r | |
747 | \r | |
f75a7f56 | 748 | @retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the\r |
9166f840 | 749 | IKE packet length is not Algorithm Block Size\r |
750 | alignment.\r | |
751 | @retval EFI_SUCCESS Decrypt IKE packet successfully.\r | |
f75a7f56 | 752 | \r |
9166f840 | 753 | **/\r |
754 | EFI_STATUS\r | |
755 | Ikev2DecryptPacket (\r | |
756 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
757 | IN OUT IKE_PACKET *IkePacket,\r | |
758 | IN OUT UINTN IkeType\r | |
759 | );\r | |
760 | \r | |
761 | /**\r | |
762 | Encrypt IKE packet.\r | |
763 | \r | |
764 | This function encrypt IKE packet before sending it. The Encrypted IKE packet\r | |
765 | is put in to IKEV2 Encrypted Payload.\r | |
f75a7f56 | 766 | \r |
9166f840 | 767 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r |
768 | @param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r | |
769 | \r | |
770 | @retval EFI_SUCCESS Operation is successful.\r | |
771 | @retval Others OPeration is failed.\r | |
772 | \r | |
773 | **/\r | |
774 | EFI_STATUS\r | |
775 | Ikev2EncryptPacket (\r | |
776 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
777 | IN OUT IKE_PACKET *IkePacket\r | |
778 | );\r | |
779 | \r | |
780 | /**\r | |
781 | Encode the IKE packet.\r | |
782 | \r | |
783 | This function put all Payloads into one payload then encrypt it if needed.\r | |
784 | \r | |
f75a7f56 | 785 | @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r |
9166f840 | 786 | some parameter used during IKE packet encoding.\r |
f75a7f56 | 787 | @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,\r |
9166f840 | 788 | and the encoded reslult as output.\r |
789 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
790 | IKE_CHILD_TYPE are supportted.\r | |
791 | \r | |
792 | @retval EFI_SUCCESS Encode IKE packet successfully.\r | |
793 | @retval Otherwise Encode IKE packet failed.\r | |
794 | \r | |
795 | **/\r | |
796 | EFI_STATUS\r | |
797 | Ikev2EncodePacket (\r | |
798 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
799 | IN OUT IKE_PACKET *IkePacket,\r | |
800 | IN UINTN IkeType\r | |
801 | );\r | |
802 | \r | |
803 | /**\r | |
804 | Decode the IKE packet.\r | |
805 | \r | |
f75a7f56 | 806 | This function first decrypts the IKE packet if needed , then separats the whole\r |
9166f840 | 807 | IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.\r |
f75a7f56 LG |
808 | \r |
809 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing\r | |
9166f840 | 810 | some parameter used by IKE packet decoding.\r |
f75a7f56 | 811 | @param[in, out] IkePacket The IKE Packet to be decoded on input, and\r |
9166f840 | 812 | the decoded result on return.\r |
813 | @param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r | |
814 | IKE_CHILD_TYPE are supportted.\r | |
815 | \r | |
816 | @retval EFI_SUCCESS The IKE packet is decoded successfull.\r | |
817 | @retval Otherwise The IKE packet decoding is failed.\r | |
818 | \r | |
819 | **/\r | |
820 | EFI_STATUS\r | |
821 | Ikev2DecodePacket (\r | |
822 | IN IKEV2_SESSION_COMMON *SessionCommon,\r | |
823 | IN OUT IKE_PACKET *IkePacket,\r | |
824 | IN UINTN IkeType\r | |
825 | );\r | |
826 | \r | |
9166f840 | 827 | \r |
828 | /**\r | |
829 | Send out IKEV2 packet.\r | |
830 | \r | |
831 | @param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r | |
832 | @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r | |
833 | @param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r | |
f75a7f56 LG |
834 | @param[in] IkeType The type of IKE to point what's kind of the IKE\r |
835 | packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE\r | |
9166f840 | 836 | and IKE_CHILD_TYPE are supportted.\r |
837 | \r | |
838 | @retval EFI_SUCCESS The operation complete successfully.\r | |
839 | @retval Otherwise The operation is failed.\r | |
840 | \r | |
841 | **/\r | |
842 | EFI_STATUS\r | |
843 | Ikev2SendIkePacket (\r | |
844 | IN IKE_UDP_SERVICE *IkeUdpService,\r | |
845 | IN UINT8 *SessionCommon,\r | |
846 | IN IKE_PACKET *IkePacket,\r | |
847 | IN UINTN IkeType\r | |
848 | );\r | |
849 | \r | |
850 | /**\r | |
851 | Callback function for the IKE life time is over.\r | |
852 | \r | |
f75a7f56 | 853 | This function will mark the related IKE SA Session as deleting and trigger a\r |
9166f840 | 854 | Information negotiation.\r |
855 | \r | |
856 | @param[in] Event The time out event.\r | |
857 | @param[in] Context Pointer to data passed by caller.\r | |
f75a7f56 | 858 | \r |
9166f840 | 859 | **/\r |
860 | VOID\r | |
861 | EFIAPI\r | |
862 | Ikev2LifetimeNotify (\r | |
863 | IN EFI_EVENT Event,\r | |
864 | IN VOID *Context\r | |
865 | );\r | |
866 | \r | |
867 | /**\r | |
868 | This function will be called if the TimeOut Event is signaled.\r | |
869 | \r | |
870 | @param[in] Event The signaled Event.\r | |
871 | @param[in] Context The data passed by caller.\r | |
872 | \r | |
873 | **/\r | |
874 | VOID\r | |
875 | EFIAPI\r | |
876 | Ikev2ResendNotify (\r | |
877 | IN EFI_EVENT Event,\r | |
878 | IN VOID *Context\r | |
879 | );\r | |
880 | \r | |
881 | /**\r | |
f75a7f56 | 882 | Generate a Key Exchange payload according to the DH group type and save the\r |
9166f840 | 883 | public Key into IkeSaSession IkeKey field.\r |
884 | \r | |
885 | @param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r | |
f75a7f56 | 886 | @param[in] NextPayload The payload type presented in the NextPayload field of Key\r |
9166f840 | 887 | Exchange Payload header.\r |
888 | \r | |
889 | @retval Pointer to Key IKE payload.\r | |
890 | \r | |
891 | **/\r | |
892 | IKE_PAYLOAD *\r | |
893 | Ikev2GenerateKePayload (\r | |
f75a7f56 LG |
894 | IN OUT IKEV2_SA_SESSION *IkeSaSession,\r |
895 | IN UINT8 NextPayload\r | |
9166f840 | 896 | );\r |
897 | \r | |
898 | /**\r | |
899 | Check if the SPD is related to the input Child SA Session.\r | |
900 | \r | |
901 | This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r | |
f75a7f56 LG |
902 | back function of IpSecVisitConfigData().\r |
903 | \r | |
9166f840 | 904 | \r |
905 | @param[in] Type Type of the input Config Selector.\r | |
f75a7f56 LG |
906 | @param[in] Selector Pointer to the Configure Selector to be checked.\r |
907 | @param[in] Data Pointer to the Configure Selector's Data passed\r | |
9166f840 | 908 | from the caller.\r |
909 | @param[in] SelectorSize The buffer size of Selector.\r | |
910 | @param[in] DataSize The buffer size of the Data.\r | |
911 | @param[in] Context The data passed from the caller. It is a Child\r | |
912 | SA Session in this context.\r | |
913 | \r | |
f75a7f56 LG |
914 | @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.\r |
915 | @retval EFI_ABORTED The SPD Selector is related to the Child SA session and\r | |
9166f840 | 916 | set the ChildSaSession->Spd to point to this SPD Selector.\r |
917 | \r | |
918 | **/\r | |
919 | EFI_STATUS\r | |
920 | Ikev2MatchSpdEntry (\r | |
921 | IN EFI_IPSEC_CONFIG_DATA_TYPE Type,\r | |
922 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
923 | IN VOID *Data,\r | |
924 | IN UINTN SelectorSize,\r | |
925 | IN UINTN DataSize,\r | |
926 | IN VOID *Context\r | |
927 | );\r | |
928 | \r | |
929 | /**\r | |
930 | Check if the Algorithm ID is supported.\r | |
931 | \r | |
932 | @param[in] AlgorithmId The specified Algorithm ID.\r | |
933 | @param[in] Type The type used to indicate the Algorithm is for Encrypt or\r | |
934 | Authentication.\r | |
935 | \r | |
936 | @retval TRUE If the Algorithm ID is supported.\r | |
937 | @retval FALSE If the Algorithm ID is not supported.\r | |
938 | \r | |
939 | **/\r | |
940 | BOOLEAN\r | |
941 | Ikev2IsSupportAlg (\r | |
942 | IN UINT16 AlgorithmId,\r | |
943 | IN UINT8 Type\r | |
944 | );\r | |
945 | \r | |
946 | /**\r | |
947 | Generate a ChildSa Session and insert it into related IkeSaSession.\r | |
948 | \r | |
949 | @param[in] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
950 | @param[in] UdpService Pointer to related IKE_UDP_SERVICE.\r | |
951 | \r | |
952 | @return pointer of IKEV2_CHILD_SA_SESSION.\r | |
953 | \r | |
954 | **/\r | |
955 | IKEV2_CHILD_SA_SESSION *\r | |
956 | Ikev2ChildSaSessionCreate (\r | |
957 | IN IKEV2_SA_SESSION *IkeSaSession,\r | |
958 | IN IKE_UDP_SERVICE *UdpService\r | |
959 | ) ;\r | |
960 | \r | |
961 | /**\r | |
962 | Parse the received Initial Exchange Packet.\r | |
f75a7f56 LG |
963 | \r |
964 | This function parse the SA Payload and Key Payload to find out the cryptographic\r | |
965 | suite for the further IKE negotiation and fill it into the IKE SA Session's\r | |
9166f840 | 966 | CommonSession->SaParams.\r |
967 | \r | |
968 | @param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r | |
969 | @param[in] SaPayload The received packet.\r | |
f75a7f56 | 970 | @param[in] Type The received packet IKE header flag.\r |
9166f840 | 971 | \r |
972 | @retval TRUE If the SA proposal in Packet is acceptable.\r | |
973 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
974 | \r | |
975 | **/\r | |
976 | BOOLEAN\r | |
977 | Ikev2SaParseSaPayload (\r | |
978 | IN OUT IKEV2_SA_SESSION *IkeSaSession,\r | |
979 | IN IKE_PAYLOAD *SaPayload,\r | |
980 | IN UINT8 Type\r | |
981 | );\r | |
982 | \r | |
983 | /**\r | |
984 | Parse the received Authentication Exchange Packet.\r | |
f75a7f56 | 985 | \r |
9166f840 | 986 | This function parse the SA Payload and Key Payload to find out the cryptographic\r |
987 | suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r | |
f75a7f56 LG |
988 | \r |
989 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to\r | |
9166f840 | 990 | this Authentication Exchange.\r |
991 | @param[in] SaPayload The received packet.\r | |
f75a7f56 LG |
992 | @param[in] Type The IKE header's flag of received packet .\r |
993 | \r | |
9166f840 | 994 | @retval TRUE If the SA proposal in Packet is acceptable.\r |
995 | @retval FALSE If the SA proposal in Packet is not acceptable.\r | |
996 | \r | |
997 | **/\r | |
998 | BOOLEAN\r | |
999 | Ikev2ChildSaParseSaPayload (\r | |
1000 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession,\r | |
1001 | IN IKE_PAYLOAD *SaPayload,\r | |
1002 | IN UINT8 Type\r | |
1003 | );\r | |
1004 | \r | |
1005 | /**\r | |
1006 | Generate Key buffer from fragments.\r | |
1007 | \r | |
f75a7f56 LG |
1008 | If the digest length of specified HashAlgId is larger than or equal with the\r |
1009 | required output key length, derive the key directly. Otherwise, Key Material\r | |
1010 | needs to be PRF-based concatenation according to 2.13 of RFC 4306:\r | |
9166f840 | 1011 | prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r |
1012 | T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r | |
1013 | then derive the key from this key material.\r | |
f75a7f56 | 1014 | \r |
9166f840 | 1015 | @param[in] HashAlgId The Hash Algorithm ID used to generate key.\r |
1016 | @param[in] HashKey Pointer to a key buffer which contains hash key.\r | |
1017 | @param[in] HashKeyLength The length of HashKey in bytes.\r | |
f75a7f56 | 1018 | @param[in, out] OutputKey Pointer to buffer which is used to receive the\r |
9166f840 | 1019 | output key.\r |
1020 | @param[in] OutputKeyLength The length of OutPutKey buffer.\r | |
1021 | @param[in] Fragments Pointer to the data to be used to generate key.\r | |
1022 | @param[in] NumFragments The numbers of the Fragement.\r | |
1023 | \r | |
1024 | @retval EFI_SUCCESS The operation complete successfully.\r | |
1025 | @retval EFI_INVALID_PARAMETER If NumFragments is zero.\r | |
1026 | @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r | |
1027 | @retval Others The operation is failed.\r | |
1028 | \r | |
1029 | **/\r | |
1030 | EFI_STATUS\r | |
1031 | Ikev2SaGenerateKey (\r | |
1032 | IN UINT8 HashAlgId,\r | |
1033 | IN UINT8 *HashKey,\r | |
1034 | IN UINTN HashKeyLength,\r | |
1035 | IN OUT UINT8 *OutputKey,\r | |
1036 | IN UINTN OutputKeyLength,\r | |
1037 | IN PRF_DATA_FRAGMENT *Fragments,\r | |
1038 | IN UINTN NumFragments\r | |
1039 | );\r | |
1040 | \r | |
1041 | /**\r | |
1042 | Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r | |
1043 | \r | |
1044 | ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r | |
f75a7f56 | 1045 | the SpdSelector in ChildSaSession is more accurated or the scope is smaller\r |
9166f840 | 1046 | than the one in ChildSaSession->Spd, especially for the tunnel mode.\r |
f75a7f56 | 1047 | \r |
9166f840 | 1048 | @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r |
6b16c9e7 JW |
1049 | \r |
1050 | @retval EFI_SUCCESS The operation complete successfully.\r | |
1051 | @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r | |
f75a7f56 | 1052 | \r |
9166f840 | 1053 | **/\r |
6b16c9e7 | 1054 | EFI_STATUS\r |
9166f840 | 1055 | Ikev2ChildSaSessionSpdSelectorCreate (\r |
1056 | IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r | |
1057 | );\r | |
1058 | \r | |
1059 | extern IKE_ALG_GUID_INFO mIPsecEncrAlgInfo[];\r | |
1060 | #endif\r | |
1061 | \r |