\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r
\r
@param[in] SaSessionList Pointer to list to be inserted into.\r
Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.\r
\r
@param[in] SaSessionList Pointer to list to be inserted into.\r
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted. \r
- @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the \r
+ @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.\r
+ @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the\r
@param[in] SaSessionList Pointer to list to be searched.\r
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.\r
\r
@param[in] SaSessionList Pointer to list to be searched.\r
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.\r
\r
- Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList. \r
- If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one \r
+ Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.\r
+ If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one\r
then register the new one.\r
\r
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r
then register the new one.\r
\r
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.\r
\r
This functin find a ChildSA session by searching the ChildSaSessionlist of\r
the input IKEV2_SA_SESSION by specified MessageID.\r
\r
This functin find a ChildSA session by searching the ChildSaSessionlist of\r
the input IKEV2_SA_SESSION by specified MessageID.\r
@param[in] SaSessionList The SA Session List to be iterated.\r
@param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.\r
@param[in] SaSessionList The SA Session List to be iterated.\r
@param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionRemove (\r
IN LIST_ENTRY *SaSessionList,\r
**/\r
IKEV2_CHILD_SA_SESSION *\r
Ikev2ChildSaSessionRemove (\r
IN LIST_ENTRY *SaSessionList,\r
Generate Ikev2 SA payload according to SessionSaData\r
\r
@param[in] SessionSaData The data used in SA payload.\r
Generate Ikev2 SA payload according to SessionSaData\r
\r
@param[in] SessionSaData The data used in SA payload.\r
SA Payload header.\r
@param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r
(2) for CHILD_SA or (3) for INFO.\r
\r
@retval a Pointer to SA IKE payload.\r
SA Payload header.\r
@param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r
(2) for CHILD_SA or (3) for INFO.\r
\r
@retval a Pointer to SA IKE payload.\r
of ID Payload header.\r
@param[in] InCert Pointer to the Certificate which distinguished name\r
will be added into the Id payload.\r
of ID Payload header.\r
@param[in] InCert Pointer to the Certificate which distinguished name\r
will be added into the Id payload.\r
IKE_PAYLOAD *\r
Ikev2GenerateCertIdPayload (\r
IN IKEV2_SESSION_COMMON *CommonSession,\r
IKE_PAYLOAD *\r
Ikev2GenerateCertIdPayload (\r
IN IKEV2_SESSION_COMMON *CommonSession,\r
Generate the Notify payload.\r
\r
Since the structure of Notify payload which defined in RFC 4306 is simple, so\r
Generate the Notify payload.\r
\r
Since the structure of Notify payload which defined in RFC 4306 is simple, so\r
- there is no internal data structure for Notify payload. This function generate \r
- Notify payload defined in RFC 4306, but all the fields in this payload are still \r
- in host order and need call Ikev2EncodePayload() to convert those fields from \r
+ there is no internal data structure for Notify payload. This function generate\r
+ Notify payload defined in RFC 4306, but all the fields in this payload are still\r
+ in host order and need call Ikev2EncodePayload() to convert those fields from\r
the host order to network order beforing sending it.\r
\r
@param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r
For IPsec SAs it MUST be neither (2) for AH or (3)\r
for ESP.\r
the host order to network order beforing sending it.\r
\r
@param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r
For IPsec SAs it MUST be neither (2) for AH or (3)\r
for ESP.\r
Notify Payload.\r
@param[in] SpiBuf Pointer to buffer contains the SPI value.\r
@param[in] NotifyData Pointer to buffer contains the notification data.\r
@param[in] NotifyDataSize The size of NotifyData in bytes.\r
Notify Payload.\r
@param[in] SpiBuf Pointer to buffer contains the SPI value.\r
@param[in] NotifyData Pointer to buffer contains the notification data.\r
@param[in] NotifyDataSize The size of NotifyData in bytes.\r
- Since the structure of Delete payload which defined in RFC 4306 is simple, \r
- there is no internal data structure for Delete payload. This function generate \r
- Delete payload defined in RFC 4306, but all the fields in this payload are still \r
- in host order and need call Ikev2EncodePayload() to convert those fields from \r
+ Since the structure of Delete payload which defined in RFC 4306 is simple,\r
+ there is no internal data structure for Delete payload. This function generate\r
+ Delete payload defined in RFC 4306, but all the fields in this payload are still\r
+ in host order and need call Ikev2EncodePayload() to convert those fields from\r
the host order to network order beforing sending it.\r
\r
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r
the host order to network order beforing sending it.\r
\r
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r
the Delete payload.\r
@param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r
@param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r
the Delete payload.\r
@param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r
@param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r
- This function generates a configuration payload defined in RFC 4306, but all the \r
- fields in this payload are still in host order and need call Ikev2EncodePayload() \r
+ This function generates a configuration payload defined in RFC 4306, but all the\r
+ fields in this payload are still in host order and need call Ikev2EncodePayload()\r
to convert those fields from the host order to network order beforing sending it.\r
\r
@param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r
generation.\r
to convert those fields from the host order to network order beforing sending it.\r
\r
@param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r
generation.\r
- This function is used for both Authentication generation and verification. When the \r
- IsVerify is TRUE, it create a Auth Data for verification. This function choose the \r
+ This function is used for both Authentication generation and verification. When the\r
+ IsVerify is TRUE, it create a Auth Data for verification. This function choose the\r
related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r
and the value of IsVerify parameter.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r
and the value of IsVerify parameter.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
- This function has two functions. One is creating a local Authentication \r
- Payload for sending and other is creating the remote Authentication data \r
+ This function has two functions. One is creating a local Authentication\r
+ Payload for sending and other is creating the remote Authentication data\r
for verification when the IsVerify is TURE.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
for verification when the IsVerify is TURE.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
verify the authenticate payload.\r
\r
@return pointer to IKE Authentication payload for certification method.\r
verify the authenticate payload.\r
\r
@return pointer to IKE Authentication payload for certification method.\r
This function generates TSi or TSr payload according to type of next payload.\r
If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r
TSr payload\r
This function generates TSi or TSr payload according to type of next payload.\r
If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r
TSr payload\r
of ID Payload header.\r
@param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r
If yes, it means the Tsi and Tsr payload should be with\r
of ID Payload header.\r
@param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r
If yes, it means the Tsi and Tsr payload should be with\r
IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r
the COOKIE, return EFI_INVALID_PARAMETER.\r
\r
IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r
the COOKIE, return EFI_INVALID_PARAMETER.\r
\r
- the acceptable certificateion CA. This function generate Certificate payload \r
- or Certificate Request Payload defined in RFC 4306, but all the fields \r
- in the payload are still in host order and need call Ikev2EncodePayload() \r
+ the acceptable certificateion CA. This function generate Certificate payload\r
+ or Certificate Request Payload defined in RFC 4306, but all the fields\r
+ in the payload are still in host order and need call Ikev2EncodePayload()\r
the Delete payload.\r
@param[in] Certificate Pointer of buffer contains the certification data.\r
@param[in] CertificateLen The length of Certificate in byte.\r
the Delete payload.\r
@param[in] Certificate Pointer of buffer contains the certification data.\r
@param[in] CertificateLen The length of Certificate in byte.\r
- This function encode the internal data structure into payload which \r
- is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input \r
- payload and converted payload. Only the SA payload use the interal structure \r
- to store the attribute. Other payload use structure which is same with the RFC \r
- defined, for this kind payloads just do host order to network order change of \r
+ This function encode the internal data structure into payload which\r
+ is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input\r
+ payload and converted payload. Only the SA payload use the interal structure\r
+ to store the attribute. Other payload use structure which is same with the RFC\r
+ defined, for this kind payloads just do host order to network order change of\r
\r
@param[in] SessionCommon Pointer to IKE Session Common to use for decoding.\r
@param[in, out] IkePayload Pointer to IKE payload to be decode as input, and\r
\r
@param[in] SessionCommon Pointer to IKE Session Common to use for decoding.\r
@param[in, out] IkePayload Pointer to IKE payload to be decode as input, and\r
\r
@retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.\r
@retval EFI_SUCCESS Decode successfully.\r
\r
@retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.\r
@retval EFI_SUCCESS Decode successfully.\r
and the decrypted reslult as output.\r
@param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
\r
and the decrypted reslult as output.\r
@param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
\r
IKE packet length is not Algorithm Block Size\r
alignment.\r
@retval EFI_SUCCESS Decrypt IKE packet successfully.\r
IKE packet length is not Algorithm Block Size\r
alignment.\r
@retval EFI_SUCCESS Decrypt IKE packet successfully.\r
\r
This function encrypt IKE packet before sending it. The Encrypted IKE packet\r
is put in to IKEV2 Encrypted Payload.\r
\r
This function encrypt IKE packet before sending it. The Encrypted IKE packet\r
is put in to IKEV2 Encrypted Payload.\r
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r
@param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r
\r
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r
@param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r
\r
and the encoded reslult as output.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
and the encoded reslult as output.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
the decoded result on return.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
the decoded result on return.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
@param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r
@param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r
@param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r
@param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r
- @param[in] IkeType The type of IKE to point what's kind of the IKE \r
- packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE \r
+ @param[in] IkeType The type of IKE to point what's kind of the IKE\r
+ packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE\r
Information negotiation.\r
\r
@param[in] Event The time out event.\r
@param[in] Context Pointer to data passed by caller.\r
Information negotiation.\r
\r
@param[in] Event The time out event.\r
@param[in] Context Pointer to data passed by caller.\r
public Key into IkeSaSession IkeKey field.\r
\r
@param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r
public Key into IkeSaSession IkeKey field.\r
\r
@param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r
);\r
\r
/**\r
Check if the SPD is related to the input Child SA Session.\r
\r
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r
);\r
\r
/**\r
Check if the SPD is related to the input Child SA Session.\r
\r
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call\r
- @param[in] Selector Pointer to the Configure Selector to be checked. \r
- @param[in] Data Pointer to the Configure Selector's Data passed \r
+ @param[in] Selector Pointer to the Configure Selector to be checked.\r
+ @param[in] Data Pointer to the Configure Selector's Data passed\r
from the caller.\r
@param[in] SelectorSize The buffer size of Selector.\r
@param[in] DataSize The buffer size of the Data.\r
@param[in] Context The data passed from the caller. It is a Child\r
SA Session in this context.\r
\r
from the caller.\r
@param[in] SelectorSize The buffer size of Selector.\r
@param[in] DataSize The buffer size of the Data.\r
@param[in] Context The data passed from the caller. It is a Child\r
SA Session in this context.\r
\r
- @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session. \r
- @retval EFI_ABORTED The SPD Selector is related to the Child SA session and \r
+ @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.\r
+ @retval EFI_ABORTED The SPD Selector is related to the Child SA session and\r
- \r
- This function parse the SA Payload and Key Payload to find out the cryptographic \r
- suite for the further IKE negotiation and fill it into the IKE SA Session's \r
+\r
+ This function parse the SA Payload and Key Payload to find out the cryptographic\r
+ suite for the further IKE negotiation and fill it into the IKE SA Session's\r
CommonSession->SaParams.\r
\r
@param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r
@param[in] SaPayload The received packet.\r
CommonSession->SaParams.\r
\r
@param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.\r
@param[in] SaPayload The received packet.\r
\r
@retval TRUE If the SA proposal in Packet is acceptable.\r
@retval FALSE If the SA proposal in Packet is not acceptable.\r
\r
@retval TRUE If the SA proposal in Packet is acceptable.\r
@retval FALSE If the SA proposal in Packet is not acceptable.\r
This function parse the SA Payload and Key Payload to find out the cryptographic\r
suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r
This function parse the SA Payload and Key Payload to find out the cryptographic\r
suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.\r
@retval TRUE If the SA proposal in Packet is acceptable.\r
@retval FALSE If the SA proposal in Packet is not acceptable.\r
\r
@retval TRUE If the SA proposal in Packet is acceptable.\r
@retval FALSE If the SA proposal in Packet is not acceptable.\r
\r
- If the digest length of specified HashAlgId is larger than or equal with the \r
- required output key length, derive the key directly. Otherwise, Key Material \r
- needs to be PRF-based concatenation according to 2.13 of RFC 4306: \r
+ If the digest length of specified HashAlgId is larger than or equal with the\r
+ required output key length, derive the key directly. Otherwise, Key Material\r
+ needs to be PRF-based concatenation according to 2.13 of RFC 4306:\r
prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r
T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r
then derive the key from this key material.\r
prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),\r
T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)\r
then derive the key from this key material.\r
@param[in] HashAlgId The Hash Algorithm ID used to generate key.\r
@param[in] HashKey Pointer to a key buffer which contains hash key.\r
@param[in] HashKeyLength The length of HashKey in bytes.\r
@param[in] HashAlgId The Hash Algorithm ID used to generate key.\r
@param[in] HashKey Pointer to a key buffer which contains hash key.\r
@param[in] HashKeyLength The length of HashKey in bytes.\r
output key.\r
@param[in] OutputKeyLength The length of OutPutKey buffer.\r
@param[in] Fragments Pointer to the data to be used to generate key.\r
output key.\r
@param[in] OutputKeyLength The length of OutPutKey buffer.\r
@param[in] Fragments Pointer to the data to be used to generate key.\r
Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r
\r
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r
Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.\r
\r
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,\r
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r
\r
@retval EFI_SUCCESS The operation complete successfully.\r
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r
\r
@retval EFI_SUCCESS The operation complete successfully.\r
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r