/** @file\r
The general interfaces of the IKEv2.\r
\r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
IKEV2_PACKET_HANDLER Handler;\r
IKE_PACKET *IkePacket;\r
EFI_STATUS Status;\r
- \r
+\r
if (UdpService == NULL || RemoteIp == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
//\r
return EFI_SUCCESS;\r
}\r
- \r
+\r
//\r
// Create a new IkeSaSession and initiate the common parameters.\r
//\r
// Set the specific parameters and state(IKE_STATE_INIT).\r
//\r
IkeSaSession->Spd = SpdEntry;\r
- IkeSaSession->Pad = PadEntry; \r
+ IkeSaSession->Pad = PadEntry;\r
SessionCommon = &IkeSaSession->SessionCommon;\r
SessionCommon->IsInitiator = TRUE;\r
SessionCommon->State = IkeStateInit;\r
// to support it.\r
//\r
SessionCommon->PreferDhGroup = IKEV2_TRANSFORM_ID_DH_1024MODP;\r
- \r
+\r
CopyMem (\r
&SessionCommon->RemotePeerIp,\r
RemoteIp,\r
sizeof (EFI_IP_ADDRESS)\r
);\r
- \r
+\r
CopyMem (\r
&SessionCommon->LocalPeerIp,\r
&UdpService->DefaultAddress,\r
/**\r
It is general interface to negotiate the Child SA.\r
\r
- There are three situations which will invoke this function. First, create a CHILD \r
- SA if the input Context is NULL. Second, rekeying the existing IKE SA if the Context \r
- is a IKEv2_SA_SESSION. Third, rekeying the existing CHILD SA if the context is a \r
+ There are three situations which will invoke this function. First, create a CHILD\r
+ SA if the input Context is NULL. Second, rekeying the existing IKE SA if the Context\r
+ is a IKEv2_SA_SESSION. Third, rekeying the existing CHILD SA if the context is a\r
IKEv2_CHILD_SA_SESSION.\r
\r
@param[in] IkeSaSession Pointer to IKEv2_SA_SESSION related to this operation.\r
@param[in] SpdEntry Pointer to IPSEC_SPD_ENTRY related to this operation.\r
@param[in] Context The data pass from the caller.\r
- \r
+\r
@retval EFI_SUCCESS The operation is successful.\r
@retval EFI_OUT_OF_RESOURCES The required system resource can't be allocated.\r
@retval EFI_UNSUPPORTED The condition is not support yet.\r
if (EFI_ERROR (Status)) {\r
goto ON_ERROR;\r
}\r
- \r
+\r
//\r
// Insert the ChildSaSession into processing child SA list.\r
//\r
It is general interface to start the Information Exchange.\r
\r
There are three situations which will invoke this function. First, deliver a Delete Information\r
- to delete the IKE SA if the input Context is NULL and the state of related IkeSaSeesion's is on \r
- deleting.Second, deliver a Notify Information without the contents if the input Context is NULL. \r
+ to delete the IKE SA if the input Context is NULL and the state of related IkeSaSeesion's is on\r
+ deleting.Second, deliver a Notify Information without the contents if the input Context is NULL.\r
Third, deliver a Notify Information if the input Context is not NULL.\r
\r
@param[in] IkeSaSession Pointer to IKEv2_SA_SESSION related to this operation.\r
IN UINT8 *Context\r
)\r
{\r
- \r
+\r
EFI_STATUS Status;\r
IKEV2_SA_SESSION *Ikev2SaSession;\r
IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
//\r
if (Ikev2SaSession->SessionCommon.State == IkeStateSaDeleting && Context == NULL) {\r
\r
- //\r
- // The IKE SA Session should be initiator if it triggers the deleting.\r
- //\r
- Ikev2SaSession->SessionCommon.IsInitiator = TRUE;\r
-\r
//\r
// Generate Information Packet which contains the Delete Payload.\r
//\r
//\r
// Send out the Packet\r
//\r
- Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);\r
+ if (UdpService != NULL && UdpService->Output != NULL) {\r
+ Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 0);\r
\r
- if (EFI_ERROR (Status)) {\r
- goto ON_ERROR;\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
}\r
} else if (!IsListEmpty (&Ikev2SaSession->DeleteSaList)) {\r
//\r
//\r
// Send out the Packet\r
//\r
- Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);\r
+ if (UdpService != NULL && UdpService->Output != NULL) {\r
+ Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &ChildSaSession->SessionCommon, IkePacket, 0);\r
\r
- if (EFI_ERROR (Status)) {\r
- goto ON_ERROR;\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
}\r
}\r
} else if (Context == NULL) {\r
/**\r
The general interface when received a IKEv2 packet for the IKE SA establishing.\r
\r
- This function first find the related IKE SA Session according to the IKE packet's \r
+ This function first find the related IKE SA Session according to the IKE packet's\r
remote IP. Then call the corresponding function to handle this IKE packet according\r
- to the related IKE SA Session's State. \r
+ to the related IKE SA Session's State.\r
\r
@param[in] UdpService Pointer of related UDP Service.\r
@param[in] IkePacket Data passed by caller.\r
IPSEC_PRIVATE_DATA *Private;\r
BOOLEAN IsNewSession;\r
\r
- Private = (UdpService->IpVersion == IP_VERSION_4) ? \r
+ Private = (UdpService->IpVersion == IP_VERSION_4) ?\r
IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :\r
IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);\r
\r
ChildSaSession = NULL;\r
ChildSaCommon = NULL;\r
- \r
+\r
//\r
// Lookup the remote ip address in the processing IKE SA session list.\r
//\r
&UdpService->DefaultAddress,\r
sizeof (EFI_IP_ADDRESS)\r
);\r
- \r
+\r
IsNewSession = TRUE;\r
}\r
\r
//\r
// Validate the IKE packet header.\r
//\r
- Status = Ikev2ValidateHeader (IkeSaSession, IkePacket->Header);\r
- if (EFI_ERROR (Status)) {\r
+ if (!Ikev2ValidateHeader (IkeSaSession, IkePacket->Header)) {\r
//\r
// Drop the packet if invalid IKE header.\r
//\r
//\r
// Generate a piggyback child SA in IKE_STATE_AUTH state.\r
//\r
- ASSERT (IsListEmpty (&IkeSaSession->ChildSaSessionList) && \r
+ ASSERT (IsListEmpty (&IkeSaSession->ChildSaSessionList) &&\r
IsListEmpty (&IkeSaSession->ChildSaEstablishSessionList));\r
- \r
+\r
ChildSaSession = Ikev2ChildSaSessionCreate (IkeSaSession, UdpService);\r
ChildSaCommon = &ChildSaSession->SessionCommon;\r
\r
//\r
// Initialize the SA data for Child SA.\r
- // \r
+ //\r
ChildSaSession->SaData = Ikev2InitializeSaData (ChildSaCommon);\r
}\r
\r
\r
//\r
// Remove the Established Child SA Session from the IkeSaSession->ChildSaSessionList\r
- // ,insert it into IkeSaSession->ChildSaEstablishSessionList and save this Child SA \r
+ // ,insert it into IkeSaSession->ChildSaEstablishSessionList and save this Child SA\r
// into SAD.\r
//\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (IkeSaSession->ChildSaSessionList.BackLink);\r
\r
/**\r
\r
- The general interface when received a IKEv2 packet for the IKE Child SA establishing \r
+ The general interface when received a IKEv2 packet for the IKE Child SA establishing\r
or IKE SA/CHILD SA rekeying.\r
\r
- This function first find the related IKE SA Session according to the IKE packet's \r
+ This function first find the related IKE SA Session according to the IKE packet's\r
remote IP. Then call the corresponding function to handle this IKE packet according\r
- to the related IKE Child Session's State. \r
+ to the related IKE Child Session's State.\r
\r
@param[in] UdpService Pointer of related UDP Service.\r
@param[in] IkePacket Data passed by caller.\r
IKEV2_CREATE_CHILD_REQUEST_TYPE RequestType;\r
IKE_PACKET *Reply;\r
IPSEC_PRIVATE_DATA *Private;\r
- \r
- Private = (UdpService->IpVersion == IP_VERSION_4) ? \r
+\r
+ Private = (UdpService->IpVersion == IP_VERSION_4) ?\r
IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :\r
IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);\r
\r
\r
//\r
// Get the request type: CreateChildSa/RekeyChildSa/RekeyIkeSa.\r
- // \r
+ //\r
RequestType = Ikev2ChildExchangeRequestType (IkePacket);\r
\r
switch (RequestType) {\r
case IkeRequestTypeCreateChildSa:\r
- case IkeRequestTypeRekeyChildSa: \r
- case IkeRequestTypeRekeyIkeSa: \r
+ case IkeRequestTypeRekeyChildSa:\r
+ case IkeRequestTypeRekeyIkeSa:\r
//\r
// Parse the IKE request packet. Not support CREATE_CHILD_SA exchange yet, so\r
- // only EFI_UNSUPPORTED will be returned and that will trigger a reply with a \r
+ // only EFI_UNSUPPORTED will be returned and that will trigger a reply with a\r
// Notify payload of type NO_ADDITIONAL_SAS.\r
//\r
Status = mIkev2CreateChild.Parser ((UINT8 *) IkeSaSession, IkePacket);\r
- if (EFI_ERROR (Status)) { \r
+ if (EFI_ERROR (Status)) {\r
goto ON_REPLY;\r
}\r
\r
//\r
return ;\r
}\r
- \r
+\r
ON_REPLY:\r
//\r
// Generate the reply packet if needed and send it out.\r
}\r
}\r
}\r
- } \r
+ }\r
return ;\r
}\r
\r
/**\r
\r
It is general interface to handle IKEv2 information Exchange.\r
- \r
- @param[in] UdpService Point to IKE UPD Service related to this information exchange. \r
+\r
+ @param[in] UdpService Point to IKE UPD Service related to this information exchange.\r
@param[in] IkePacket The IKE packet to be parsed.\r
\r
**/\r
IKEV2_SA_SESSION *IkeSaSession;\r
IPSEC_PRIVATE_DATA *Private;\r
\r
- Private = (UdpService->IpVersion == IP_VERSION_4) ? \r
- IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) : \r
+ Private = (UdpService->IpVersion == IP_VERSION_4) ?\r
+ IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :\r
IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);\r
\r
//\r
// Lookup the remote ip address in the processing IKE SA session list.\r
//\r
IkeSaSession = Ikev2SaSessionLookup (&Private->Ikev2EstablishedList, &IkePacket->RemotePeerIp);\r
- \r
+\r
if (IkeSaSession == NULL) {\r
//\r
// Drop the packet if no IKE SA associated.\r
// Validate the IKE packet header.\r
//\r
if (!Ikev2ValidateHeader (IkeSaSession, IkePacket->Header)) {\r
- \r
+\r
//\r
// Drop the packet if invalid IKE header.\r
//\r
return;\r
- } \r
+ }\r
\r
SessionCommon = &IkeSaSession->SessionCommon;\r
\r
// Drop the packet if fail to parse.\r
//\r
return;\r
- } \r
+ }\r
}\r
\r
-IKE_EXCHANGE_INTERFACE mIkev1Exchange = {
- 1,
+IKE_EXCHANGE_INTERFACE mIkev1Exchange = {\r
+ 1,\r
NULL, //Ikev1NegotiateSa\r
NULL, //Ikev1NegotiateChildSa\r
- NULL,
+ NULL,\r
NULL, //Ikev1HandleSa,\r
NULL, //Ikev1HandleChildSa\r
NULL, //Ikev1HandleInfo\r