diff options
Diffstat (limited to 'NetworkPkg/IpSecDxe/Ikev2')
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/ChildSa.c | 50 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Exchange.c | 6 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Ikev2.h | 4 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Info.c | 62 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Payload.c | 42 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Payload.h | 12 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Sa.c | 184 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Utility.c | 354 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Utility.h | 236 |
9 files changed, 475 insertions, 475 deletions
diff --git a/NetworkPkg/IpSecDxe/Ikev2/ChildSa.c b/NetworkPkg/IpSecDxe/Ikev2/ChildSa.c index eaccad2086..a8791cca15 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/ChildSa.c +++ b/NetworkPkg/IpSecDxe/Ikev2/ChildSa.c @@ -1,7 +1,7 @@ /** @file
The operations for Child SA.
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -16,12 +16,12 @@ #include "Utility.h"
/**
- Generate IKE Packet for CREATE_CHILD_SA exchange.
+ Generate IKE Packet for CREATE_CHILD_SA exchange.
This IKE Packet would be the packet for creating new CHILD SA, or the packet for
rekeying existing IKE SA, or the packet for existing CHILD SA.
-
- @param[in] SaSession Pointer to related SA session.
+
+ @param[in] SaSession Pointer to related SA session.
@param[in] Context The data passed by the caller.
return a pointer of IKE packet.
@@ -42,12 +42,12 @@ Ikev2CreateChildGenerator ( NotifyPayload = NULL;
MessageId = NULL;
-
+
ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession;
if (ChildSaSession == NULL) {
return NULL;
}
-
+
IkePacket = IkePacketAlloc();
if (IkePacket == NULL) {
return NULL;
@@ -57,28 +57,28 @@ Ikev2CreateChildGenerator ( if (Context != NULL) {
MessageId = (UINT32 *) Context;
}
-
+
IkePacket->Header->Version = (UINT8) (2 << 4);
IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_NOTIFY;
IkePacket->Header->ExchangeType = IKE_XCG_TYPE_CREATE_CHILD_SA;
-
+
if (ChildSaSession->SessionCommon.IkeSessionType == IkeSessionTypeChildSa) {
//
// 1.a Fill the IkePacket->Hdr
- //
+ //
IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;
IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;
-
+
if (MessageId != NULL) {
IkePacket->Header->MessageId = *MessageId;
} else {
IkePacket->Header->MessageId = ChildSaSession->MessageId;
- }
-
+ }
+
if (ChildSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;
}
-
+
} else {
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
//
@@ -91,8 +91,8 @@ Ikev2CreateChildGenerator ( IkePacket->Header->MessageId = *MessageId;
} else {
IkePacket->Header->MessageId = IkeSaSession->MessageId;
- }
-
+ }
+
if (IkeSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;
}
@@ -101,7 +101,7 @@ Ikev2CreateChildGenerator ( if (MessageId != NULL) {
IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;
}
-
+
//
// According to RFC4306, Chapter 4.
// A minimal implementation may support the CREATE_CHILD_SA exchange only to
@@ -110,33 +110,33 @@ Ikev2CreateChildGenerator ( NotifyPayload = Ikev2GenerateNotifyPayload (
0,
IKEV2_PAYLOAD_TYPE_NONE,
- 0,
+ 0,
IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS,
NULL,
NULL,
0
);
- if (NotifyPayload == NULL) {
+ if (NotifyPayload == NULL) {
IkePacketFree (IkePacket);
return NULL;
}
-
+
IKE_PACKET_APPEND_PAYLOAD (IkePacket, NotifyPayload);
//
- // TODO: Support the CREATE_CHILD_SA exchange.
- //
+ // TODO: Support the CREATE_CHILD_SA exchange.
+ //
return IkePacket;
}
/**
Parse the IKE packet of CREATE_CHILD_SA exchange.
-
+
This function parse the IKE packet and save the related information to further
- calculation.
-
+ calculation.
+
@param[in] SaSession Pointer to IKEv2_CHILD_SA_SESSION related to this Exchange.
@param[in] IkePacket Received packet to be parsed.
-
+
@retval EFI_SUCCESS The IKE Packet is acceptable.
@retval EFI_UNSUPPORTED Not support the CREATE_CHILD_SA request.
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c index 5609964fa4..0f2f94f118 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c @@ -1,7 +1,7 @@ /** @file
The general interfaces of the IKEv2.
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -498,7 +498,7 @@ Ikev2HandleSa ( if (ChildSaSession == NULL) {
goto ON_ERROR;
}
-
+
ChildSaCommon = &ChildSaSession->SessionCommon;
}
@@ -526,7 +526,7 @@ Ikev2HandleSa ( if (ChildSaSession == NULL) {
goto ON_ERROR;
}
-
+
ChildSaCommon = &ChildSaSession->SessionCommon;
//
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Ikev2.h b/NetworkPkg/IpSecDxe/Ikev2/Ikev2.h index a2b733a4d2..268464b5cc 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Ikev2.h +++ b/NetworkPkg/IpSecDxe/Ikev2/Ikev2.h @@ -1,7 +1,7 @@ /** @file
IKEv2 related definitions.
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -231,7 +231,7 @@ typedef struct { UINT8 *Data;
} PRF_DATA_FRAGMENT;
-typedef
+typedef
IKE_PACKET *
(*IKEV2_PACKET_GENERATOR) (
IN UINT8 *SaSession,
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Info.c b/NetworkPkg/IpSecDxe/Ikev2/Info.c index 0d2b290817..22ce9e676f 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Info.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Info.c @@ -2,7 +2,7 @@ The Implementations for Information Exchange.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -11,7 +11,7 @@ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
+
**/
#include "Utility.h"
@@ -21,14 +21,14 @@ /**
Generate Information Packet.
- The information Packet may contain one Delete Payload, or Notify Payload, which
+ The information Packet may contain one Delete Payload, or Notify Payload, which
dependes on the Context's parameters.
- @param[in] SaSession Pointer to IKE SA Session or Child SA Session which is
+ @param[in] SaSession Pointer to IKE SA Session or Child SA Session which is
related to the information Exchange.
@param[in] Context The Data passed from the caller. If the Context is not NULL
it should contain the information for Notification Data.
-
+
@retval Pointer of IKE_PACKET generated.
**/
@@ -55,7 +55,7 @@ Ikev2InfoGenerator ( // Fill IkePacket Header.
//
IkePacket->Header->ExchangeType = IKEV2_EXCHANGE_TYPE_INFO;
- IkePacket->Header->Version = (UINT8) (2 << 4);
+ IkePacket->Header->Version = (UINT8) (2 << 4);
if (Context != NULL) {
InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;
@@ -64,8 +64,8 @@ Ikev2InfoGenerator ( //
// For Liveness Check
//
- if (InfoContext != NULL &&
- (InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify)
+ if (InfoContext != NULL &&
+ (InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify)
) {
IkePacket->Header->MessageId = InfoContext->MessageId;
IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;
@@ -77,10 +77,10 @@ Ikev2InfoGenerator ( //
return IkePacket;
}
-
+
//
// For delete SAs
- //
+ //
if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {
IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;
@@ -101,12 +101,12 @@ Ikev2InfoGenerator ( //
if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {
IkePayload = Ikev2GenerateDeletePayload (
- IkeSaSession,
- IKEV2_PAYLOAD_TYPE_NONE,
- 0,
- 0,
+ IkeSaSession,
+ IKEV2_PAYLOAD_TYPE_NONE,
+ 0,
+ 0,
NULL
- );
+ );
if (IkePayload == NULL) {
goto ERROR_EXIT;
}
@@ -118,7 +118,7 @@ Ikev2InfoGenerator ( IkePacket->Private = IkeSaSession->SessionCommon.Private;
IkePacket->Spi = 0;
IkePacket->IsDeleteInfo = TRUE;
-
+
} else if (Context != NULL) {
//
// TODO: If contest is not NULL Generate a Notify Payload.
@@ -132,7 +132,7 @@ Ikev2InfoGenerator ( if (IkeSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;
- }
+ }
} else {
//
// Delete the Child SA Information Exchagne
@@ -152,7 +152,7 @@ Ikev2InfoGenerator ( IkePacket->Header->MessageId = ChildSaSession->IkeSaSession->MessageId;
Ikev2SaSessionIncreaseMessageId (IkeSaSession);
}
-
+
IkePayload = Ikev2GenerateDeletePayload (
ChildSaSession->IkeSaSession,
IKEV2_PAYLOAD_TYPE_DELETE,
@@ -193,7 +193,7 @@ Ikev2InfoGenerator ( if (InfoContext != NULL) {
IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;
}
-
+
return IkePacket;
ERROR_EXIT:
@@ -233,16 +233,16 @@ Ikev2InfoParser ( UINT8 Value;
EFI_STATUS Status;
IKE_PACKET *RespondPacket;
-
+
IKEV2_INFO_EXCHANGE_CONTEXT Context;
-
+
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
DeletePayload = NULL;
Private = NULL;
RespondPacket = NULL;
Status = EFI_SUCCESS;
-
+
//
// For Liveness Check
//
@@ -279,13 +279,13 @@ Ikev2InfoParser ( //
// For SA Delete
//
- NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {
+ NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {
//
// Iterate payloads to find the Delete/Notify Payload.
//
IkePayload = IKE_PAYLOAD_BY_PACKET (Entry);
-
+
if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {
DeletePayload = IkePayload;
Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;
@@ -310,7 +310,7 @@ Ikev2InfoParser ( // After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in
// IPsec status variable.
//
- if (IsListEmpty (&Private->Ikev1EstablishedList) &&
+ if (IsListEmpty (&Private->Ikev1EstablishedList) &&
(IsListEmpty (&Private->Ikev2EstablishedList))
) {
Value = IPSEC_STATUS_DISABLED;
@@ -341,9 +341,9 @@ Ikev2InfoParser ( return Status;
}
Status = Ikev2SendIkePacket (
- IkeSaSession->SessionCommon.UdpService,
- (UINT8 *)(&IkeSaSession->SessionCommon),
- RespondPacket,
+ IkeSaSession->SessionCommon.UdpService,
+ (UINT8 *)(&IkeSaSession->SessionCommon),
+ RespondPacket,
0
);
}
@@ -373,7 +373,7 @@ Ikev2InfoParser ( Context.InfoType = Ikev2InfoDelete;
Context.MessageId = IkePacket->Header->MessageId;
-
+
RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);
if (RespondPacket == NULL) {
Status = EFI_INVALID_PARAMETER;
@@ -382,7 +382,7 @@ Ikev2InfoParser ( Status = Ikev2SendIkePacket (
ChildSaSession->SessionCommon.UdpService,
(UINT8 *)(&ChildSaSession->SessionCommon),
- RespondPacket,
+ RespondPacket,
0
);
} else {
@@ -399,7 +399,7 @@ Ikev2InfoParser ( }
}
}
-
+
return Status;
}
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Payload.c b/NetworkPkg/IpSecDxe/Ikev2/Payload.c index 237743b1b1..218c26f934 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Payload.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Payload.c @@ -2,7 +2,7 @@ The implementation of Payloads Creation.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -55,7 +55,7 @@ Ikev2GenerateSaPayload ( if (SaPayload == NULL) {
return NULL;
}
-
+
//
// TODO: Get the Proposal Number and Transform Number from IPsec Config,
// after the Ipsecconfig Application is support it.
@@ -127,7 +127,7 @@ Ikev2GenerateNoncePayload ( if (Nonce == NULL) {
return NULL;
}
-
+
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));
Nonce->Header.NextPayload = NextPayload;
@@ -137,7 +137,7 @@ Ikev2GenerateNoncePayload ( FreePool (Nonce);
return NULL;
}
-
+
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;
NoncePayload->PayloadBuf = (UINT8 *) Nonce;
NoncePayload->PayloadSize = Size;
@@ -428,11 +428,11 @@ Ikev2PskGenerateAuthPayload ( if (Digest == NULL) {
return NULL;
}
-
+
if (IdPayload == NULL) {
return NULL;
}
-
+
//
// Calcualte Prf(Seceret, "Key Pad for IKEv2");
//
@@ -460,7 +460,7 @@ Ikev2PskGenerateAuthPayload ( Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
-
+
CopyMem (KeyBuf, Digest, DigestSize);
KeySize = DigestSize;
@@ -522,7 +522,7 @@ Ikev2PskGenerateAuthPayload ( Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
-
+
Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize);
@@ -557,7 +557,7 @@ Ikev2PskGenerateAuthPayload ( Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
-
+
//
// Fill in Auth payload.
//
@@ -761,7 +761,7 @@ Ikev2CertGenerateAuthPayload ( Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
-
+
Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize);
@@ -820,7 +820,7 @@ Ikev2CertGenerateAuthPayload ( Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
-
+
//
// Fill in Auth payload.
//
@@ -1229,7 +1229,7 @@ Ikev2GenerateNotifyPayload ( FreePool (Notify);
return NULL;
}
-
+
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;
NotifyPayload->PayloadBuf = (UINT8 *) Notify;
NotifyPayload->PayloadSize = NotifyPayloadLen;
@@ -1320,7 +1320,7 @@ Ikev2GenerateDeletePayload ( FreePool (Del);
return NULL;
}
-
+
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;
DelPayload->PayloadBuf = (UINT8 *) Del;
DelPayload->PayloadSize = DelPayloadLen;
@@ -1687,7 +1687,7 @@ Ikev2EncodeSa ( if (Sa == NULL) {
return NULL;
}
-
+
CopyMem (Sa, SaData, sizeof (IKEV2_SA));
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);
ProposalsSize = 0;
@@ -1884,7 +1884,7 @@ Ikev2DecodeSa ( Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
-
+
CopyMem (SaData, Sa, sizeof (IKEV2_SA));
SaData->NumProposals = TotalProposals;
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);
@@ -1921,7 +1921,7 @@ Ikev2DecodeSa ( Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
-
+
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));
ProposalData->Spi = Spi;
@@ -2357,7 +2357,7 @@ Ikev2DecodePacket ( Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
-
+
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));
//
@@ -2565,7 +2565,7 @@ Ikev2EncodePacket ( if (IkeSaSession->InitPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
-
+
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@@ -2584,7 +2584,7 @@ Ikev2EncodePacket ( if (IkeSaSession->RespPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
-
+
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@@ -2695,7 +2695,7 @@ Ikev2DecryptPacket ( Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
-
+
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);
@@ -2910,7 +2910,7 @@ Ikev2EncryptPacket ( Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
-
+
//
// Copy all payload into EncryptedIkePayload
//
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Payload.h b/NetworkPkg/IpSecDxe/Ikev2/Payload.h index 7a85792ed7..544c9b9948 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Payload.h +++ b/NetworkPkg/IpSecDxe/Ikev2/Payload.h @@ -1,7 +1,7 @@ /** @file
The Definitions related to IKEv2 payload.
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -37,12 +37,12 @@ #define IKEV2_PAYLOAD_TYPE_EAP 48
//
-// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
+// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
//
-// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
+// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
// original initiator of the IKE_SA
//
-// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
+// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
// a message containing the same message ID.
//
#define IKE_HEADER_FLAGS_INIT 0x08
@@ -67,7 +67,7 @@ typedef struct { #pragma pack(1)
typedef struct {
IKEV2_COMMON_PAYLOAD_HEADER Header;
- //
+ //
// Proposals
//
} IKEV2_SA;
@@ -94,7 +94,7 @@ typedef struct { //
// IKEv2 Transform ID for Encrypt Algorithm (ENCR)
-//
+//
#define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
#define IKEV2_TRANSFORM_ID_ENCR_DES 2
#define IKEV2_TRANSFORM_ID_ENCR_3DES 3
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Sa.c b/NetworkPkg/IpSecDxe/Ikev2/Sa.c index f9421ed4e8..554bcabd49 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Sa.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Sa.c @@ -2,7 +2,7 @@ The operations for IKEv2 SA.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -23,7 +23,7 @@ Generates the DH Key.
This generates the DH local public key and store it in the IKEv2 SA Session's GxBuffer.
-
+
@param[in] IkeSaSession Pointer to related IKE SA Session.
@retval EFI_SUCCESS The operation succeeded.
@@ -155,7 +155,7 @@ Ikev2InitPskGenerator ( // IkeSaSession is responder. If resending IKE_SA_INIT with Cookie Notify
// No need to recompute the Public key.
//
- if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {
+ if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {
Status = Ikev2GenerateSaDhPublicKey (IkeSaSession);
if (EFI_ERROR (Status)) {
goto CheckError;
@@ -166,7 +166,7 @@ Ikev2InitPskGenerator ( // 4. Generate KE Payload according to SaParams->DhGroup
//
KePayload = Ikev2GenerateKePayload (
- IkeSaSession,
+ IkeSaSession,
IKEV2_PAYLOAD_TYPE_NONCE
);
@@ -223,7 +223,7 @@ CheckError: if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
- return NULL;
+ return NULL;
}
/**
@@ -241,7 +241,7 @@ EFI_STATUS Ikev2InitPskParser (
IN UINT8 *SaSession,
IN IKE_PACKET *IkePacket
- )
+ )
{
IKEV2_SA_SESSION *IkeSaSession;
IKE_PAYLOAD *SaPayload;
@@ -305,7 +305,7 @@ Ikev2InitPskParser ( Status = EFI_OUT_OF_RESOURCES;
goto CheckError;
}
-
+
CopyMem (
NonceBuffer,
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),
@@ -410,7 +410,7 @@ CheckError: if (NonceBuffer != NULL) {
FreePool (NonceBuffer);
}
-
+
return Status;
}
@@ -439,7 +439,7 @@ Ikev2AuthPskGenerator ( IKE_PAYLOAD *NotifyPayload;
IKE_PAYLOAD *CpPayload;
IKEV2_CHILD_SA_SESSION *ChildSaSession;
-
+
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
@@ -453,7 +453,7 @@ Ikev2AuthPskGenerator ( NotifyPayload = NULL;
CpPayload = NULL;
NotifyPayload = NULL;
-
+
//
// 1. Allocate IKE Packet
//
@@ -476,7 +476,7 @@ Ikev2AuthPskGenerator ( }
//
- // According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should
+ // According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should
// be always number 0 and 1;
//
IkePacket->Header->MessageId = 1;
@@ -623,7 +623,7 @@ CheckError: if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
-
+
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
@@ -631,7 +631,7 @@ CheckError: if (AuthPayload != NULL) {
IkePayloadFree (AuthPayload);
}
-
+
if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
@@ -639,20 +639,20 @@ CheckError: if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
-
+
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
-
+
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
-
+
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
-
- return NULL;
+
+ return NULL;
}
/**
@@ -661,13 +661,13 @@ CheckError: @param[in] SaSession Pointer to the IKE_SA_SESSION related to this packet.
@param[in] IkePacket Pointer to the IKE_AUTH packet to be parsered.
- @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA
+ @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA
proposal is unacceptable.
@retval EFI_SUCCESS The IKE packet is acceptable and the
relative data is saved for furthure communication.
**/
-EFI_STATUS
+EFI_STATUS
Ikev2AuthPskParser (
IN UINT8 *SaSession,
IN IKE_PACKET *IkePacket
@@ -733,7 +733,7 @@ Ikev2AuthPskParser ( // Check IkePacket Header is match the state
//
if (IkeSaSession->SessionCommon.IsInitiator) {
-
+
//
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND
//
@@ -830,7 +830,7 @@ Ikev2AuthPskParser ( (((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)
) {
return EFI_INVALID_PARAMETER;
- }
+ }
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)
) {
@@ -847,7 +847,7 @@ Ikev2AuthPskParser ( return EFI_INVALID_PARAMETER;
}
//
- // Get the Virtual IP address from the Tsi traffic selector.
+ // Get the Virtual IP address from the Tsi traffic selector.
// TODO: check the CFG reply payload
//
CopyMem (
@@ -856,7 +856,7 @@ Ikev2AuthPskParser ( (ChildSaSession->SessionCommon.UdpService->IpVersion == IP_VERSION_4) ?
sizeof (EFI_IPv4_ADDRESS) : sizeof (EFI_IPv6_ADDRESS)
);
- }
+ }
}
//
@@ -866,7 +866,7 @@ Ikev2AuthPskParser ( if (EFI_ERROR (Status)) {
return Status;
}
-
+
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -874,7 +874,7 @@ Ikev2AuthPskParser ( IKEV2_DUMP_STATE (IkeSaSession->SessionCommon.State, IkeStateIkeSaEstablished);
IkeSaSession->SessionCommon.State = IkeStateIkeSaEstablished;
}
-
+
return EFI_SUCCESS;
}
@@ -892,7 +892,7 @@ IKE_PACKET* Ikev2InitCertGenerator (
IN UINT8 *SaSession,
IN VOID *Context
- )
+ )
{
IKE_PACKET *IkePacket;
IKE_PAYLOAD *CertReqPayload;
@@ -944,7 +944,7 @@ Ikev2InitCertGenerator ( @retval EFI_SUCCESS The IKEv2 packet is acceptable and the relative data is
saved for furthure communication.
- @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.
+ @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.
@retval EFI_UNSUPPORTED The certificate authentication is not supported.
**/
@@ -956,11 +956,11 @@ Ikev2InitCertParser ( {
if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {
return EFI_UNSUPPORTED;
- }
-
+ }
+
//
// The first two messages exchange is same between PSK and Cert.
- // Todo: Parse Certificate Request from responder Initial Exchange.
+ // Todo: Parse Certificate Request from responder Initial Exchange.
//
return Ikev2InitPskParser (SaSession, IkePacket);
}
@@ -1071,7 +1071,7 @@ Ikev2AuthCertGenerator ( if (CertPayload == NULL) {
goto CheckError;
}
-
+
if (IkeSaSession->SessionCommon.IsInitiator) {
CertReqPayload = Ikev2GenerateCertificatePayload (
IkeSaSession,
@@ -1083,7 +1083,7 @@ Ikev2AuthCertGenerator ( );
if (CertReqPayload == NULL) {
goto CheckError;
- }
+ }
}
//
@@ -1126,15 +1126,15 @@ Ikev2AuthCertGenerator ( IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
);
}
-
+
if (CpPayload == NULL) {
goto CheckError;
- }
+ }
}
if (AuthPayload == NULL) {
goto CheckError;
- }
+ }
//
// 5. Generate SA Payload according to the Sa Data in ChildSaSession
@@ -1165,7 +1165,7 @@ Ikev2AuthCertGenerator ( );
//
- // Generate Notify Payload. If transport mode, there should have Notify
+ // Generate Notify Payload. If transport mode, there should have Notify
// payload with TRANSPORT_MODE notification.
//
NotifyPayload = Ikev2GenerateNotifyPayload (
@@ -1222,7 +1222,7 @@ CheckError: if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
-
+
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
@@ -1230,7 +1230,7 @@ CheckError: if (CertPayload != NULL) {
IkePayloadFree (CertPayload);
}
-
+
if (CertReqPayload != NULL) {
IkePayloadFree (CertReqPayload);
}
@@ -1242,24 +1242,24 @@ CheckError: if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
-
+
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
-
+
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
-
+
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
-
+
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
-
- return NULL;
+
+ return NULL;
}
/**
@@ -1342,7 +1342,7 @@ Ikev2AuthCertParser ( }
}
- if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) ||
+ if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) ||
(TsrPayload == NULL) || (CertPayload == NULL)) {
goto Exit;
}
@@ -1354,7 +1354,7 @@ Ikev2AuthCertParser ( // Check IkePacket Header is match the state
//
if (IkeSaSession->SessionCommon.IsInitiator) {
-
+
//
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND
//
@@ -1451,7 +1451,7 @@ Ikev2AuthCertParser ( (((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)
) {
goto Exit;
- }
+ }
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)
) {
@@ -1468,7 +1468,7 @@ Ikev2AuthCertParser ( goto Exit;
}
//
- // Get the Virtual IP address from the Tsi traffic selector.
+ // Get the Virtual IP address from the Tsi traffic selector.
// TODO: check the CFG reply payload
//
CopyMem (
@@ -1479,7 +1479,7 @@ Ikev2AuthCertParser ( );
}
}
-
+
//
// 5. Generat keymats for IPsec protocol.
//
@@ -1487,7 +1487,7 @@ Ikev2AuthCertParser ( if (EFI_ERROR (Status)) {
goto Exit;
}
-
+
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -1528,7 +1528,7 @@ Ikev2GenerateSaDhPublicKey ( if (IkeSaSession->IkeKeys == NULL) {
return EFI_OUT_OF_RESOURCES;
}
-
+
IkeKeys = IkeSaSession->IkeKeys;
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));
if (IkeKeys->DhBuffer == NULL) {
@@ -1560,13 +1560,13 @@ Ikev2GenerateSaDhPublicKey ( );
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));
-
+
FreePool (IkeKeys->DhBuffer->GxBuffer);
-
+
FreePool (IkeKeys->DhBuffer);
-
+
FreePool (IkeSaSession->IkeKeys);
-
+
return Status;
}
@@ -1583,7 +1583,7 @@ Ikev2GenerateSaDhPublicKey ( @param[in] DhBuffer Pointer to buffer of peer's puliic key.
@param[in] KePayload Pointer to received key payload.
-
+
@retval EFI_SUCCESS The operation succeeded.
@retval Otherwise The operation failed.
@@ -1622,7 +1622,7 @@ Ikev2GenerateSaDhComputeKey ( DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));
FreePool (DhBuffer->GxyBuffer);
-
+
return Status;
}
@@ -1633,10 +1633,10 @@ Ikev2GenerateSaDhComputeKey ( DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);
if (DhBuffer->GyBuffer == NULL) {
FreePool (DhBuffer->GxyBuffer);
-
+
return Status;
}
-
+
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);
@@ -1705,7 +1705,7 @@ Ikev2GenerateSaKeys ( //
// If one or more algorithm is not support, return EFI_UNSUPPORTED.
//
- if (AuthAlgKeyLen == 0 ||
+ if (AuthAlgKeyLen == 0 ||
EncryptAlgKeyLen == 0 ||
IntegrityAlgKeyLen == 0 ||
PrfAlgKeyLen == 0
@@ -1767,8 +1767,8 @@ Ikev2GenerateSaKeys ( IPSEC_DUMP_BUF (">>> NrBlock", IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
IPSEC_DUMP_BUF (">>> InitiatorCookie", (UINT8 *)&IkeSaSession->InitiatorCookie, sizeof(UINT64));
IPSEC_DUMP_BUF (">>> ResponderCookie", (UINT8 *)&IkeSaSession->ResponderCookie, sizeof(UINT64));
-
- OutputKeyLength = PrfAlgKeyLen +
+
+ OutputKeyLength = PrfAlgKeyLen +
2 * EncryptAlgKeyLen +
2 * AuthAlgKeyLen +
2 * IntegrityAlgKeyLen;
@@ -1818,7 +1818,7 @@ Ikev2GenerateSaKeys ( }
IkeSaSession->IkeKeys->SkAiKeySize = IntegrityAlgKeyLen;
CopyMem (IkeSaSession->IkeKeys->SkAiKey, OutputKey + PrfAlgKeyLen, IntegrityAlgKeyLen);
-
+
IPSEC_DUMP_BUF (">>> SK_Ai Key", IkeSaSession->IkeKeys->SkAiKey, IkeSaSession->IkeKeys->SkAiKeySize);
//
@@ -1835,7 +1835,7 @@ Ikev2GenerateSaKeys ( OutputKey + PrfAlgKeyLen + IntegrityAlgKeyLen,
IntegrityAlgKeyLen
);
-
+
IPSEC_DUMP_BUF (">>> SK_Ar Key", IkeSaSession->IkeKeys->SkArKey, IkeSaSession->IkeKeys->SkArKeySize);
//
@@ -1847,14 +1847,14 @@ Ikev2GenerateSaKeys ( goto Exit;
}
IkeSaSession->IkeKeys->SkEiKeySize = EncryptAlgKeyLen;
-
+
CopyMem (
IkeSaSession->IkeKeys->SkEiKey,
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,
EncryptAlgKeyLen
);
IPSEC_DUMP_BUF (
- ">>> SK_Ei Key",
+ ">>> SK_Ei Key",
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,
EncryptAlgKeyLen
);
@@ -1915,7 +1915,7 @@ Ikev2GenerateSaKeys ( IkeSaSession->IkeKeys->SkPrKey,
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,
AuthAlgKeyLen
- );
+ );
IPSEC_DUMP_BUF (
">>> SK_Pr Key",
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,
@@ -1958,7 +1958,7 @@ Exit: }
}
-
+
return Status;
}
@@ -1988,16 +1988,16 @@ Ikev2GenerateChildSaKeys ( Status = EFI_SUCCESS;
OutputKey = NULL;
-
+
if (KePayload != NULL) {
//
- // Generate Gxy
+ // Generate Gxy
//
Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);
if (EFI_ERROR (Status)) {
goto Exit;
}
-
+
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;
}
@@ -2021,7 +2021,7 @@ Ikev2GenerateChildSaKeys ( }
//
- //
+ //
// If KePayload is not NULL, calculate KEYMAT = prf+(SK_d, g^ir (new) | Ni | Nr ),
// otherwise, KEYMAT = prf+(SK_d, Ni | Nr )
//
@@ -2045,16 +2045,16 @@ Ikev2GenerateChildSaKeys ( );
if (EFI_ERROR (Status)) {
- goto Exit;
+ goto Exit;
}
-
+
//
// Copy KEYMATE (SK_ENCRYPT_i | SK_ENCRYPT_r | SK_INTEG_i | SK_INTEG_r) to
// ChildKeyMates.
- //
+ //
if (!ChildSaSession->SessionCommon.IsInitiator) {
- //
+ //
// Initiator Encryption Key
//
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
@@ -2080,8 +2080,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -2097,8 +2097,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2114,8 +2114,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2131,8 +2131,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey,
@@ -2148,8 +2148,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -2165,8 +2165,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2182,8 +2182,8 @@ Ikev2GenerateChildSaKeys ( if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
- }
-
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2233,7 +2233,7 @@ Exit: if (OutputKey != NULL) {
FreePool (OutputKey);
}
-
+
return EFI_SUCCESS;
}
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index 8589af0b2a..698aba1327 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -2,7 +2,7 @@ The Common operations used by IKE Exchange Process.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -21,7 +21,7 @@ UINT16 mIkev2EncryptAlgorithmList[IKEV2_SUPPORT_ENCRYPT_ALGORITHM_NUM] = {
IKEV2_TRANSFORM_ID_ENCR_3DES,
- IKEV2_TRANSFORM_ID_ENCR_AES_CBC,
+ IKEV2_TRANSFORM_ID_ENCR_AES_CBC,
};
UINT16 mIkev2PrfAlgorithmList[IKEV2_SUPPORT_PRF_ALGORITHM_NUM] = {
@@ -69,7 +69,7 @@ Ikev2SaSessionAlloc ( IkeSaSession->InitiatorCookie = IkeGenerateCookie ();
IkeSaSession->ResponderCookie = 0;
//
- // BUGBUG: Message ID starts from 2 is to match the OpenSwan requirement, but it
+ // BUGBUG: Message ID starts from 2 is to match the OpenSwan requirement, but it
// might not match the IPv6 Logo. In its test specification, it mentions that
// the Message ID should start from zero after the IKE_SA_INIT exchange.
//
@@ -143,7 +143,7 @@ Ikev2SaSessionReg ( //
// Cleanup the fields of SessionCommon for processing.
- //
+ //
Ikev2SessionCommonRefresh (SessionCommon);
//
@@ -163,8 +163,8 @@ Ikev2SaSessionReg ( );
if (EFI_ERROR(Status)){
//
- // If TimerEvent creation failed, the SA will be alive untill user disable it or
- // receiving a Delete Payload from peer.
+ // If TimerEvent creation failed, the SA will be alive untill user disable it or
+ // receiving a Delete Payload from peer.
//
return;
}
@@ -177,7 +177,7 @@ Ikev2SaSessionReg ( } else {
Lifetime = IkeSaSession->Spd->Data->ProcessingPolicy->SaLifetime.HardLifetime;
}
-
+
Status = gBS->SetTimer (
SessionCommon->TimeoutEvent,
TimerRelative,
@@ -185,8 +185,8 @@ Ikev2SaSessionReg ( );
if (EFI_ERROR(Status)){
//
- // If SetTimer failed, the SA will be alive untill user disable it or
- // receiving a Delete Payload from peer.
+ // If SetTimer failed, the SA will be alive untill user disable it or
+ // receiving a Delete Payload from peer.
//
return ;
}
@@ -239,8 +239,8 @@ Ikev2SaSessionLookup ( Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.
@param[in] SaSessionList Pointer to list to be inserted into.
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
- @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
+ @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
+ @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
unique IKEV2_SA_SESSION.
**/
@@ -261,7 +261,7 @@ Ikev2SaSessionInsert ( @param[in] SaSessionList Pointer to list to be searched.
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
- @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address or NULL.
+ @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address or NULL.
**/
IKEV2_SA_SESSION *
@@ -307,7 +307,7 @@ Ikev2SaSessionOnDeleting ( }
/**
- Free specified Seession Common. The session common would belong to a IKE SA or
+ Free specified Seession Common. The session common would belong to a IKE SA or
a Child SA.
@param[in] SessionCommon Pointer to a Session Common.
@@ -358,7 +358,7 @@ Ikev2SessionCommonRefresh ( return ;
}
/**
- Free specified IKEV2 SA Session.
+ Free specified IKEV2 SA Session.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.
@@ -374,7 +374,7 @@ Ikev2SaSessionFree ( IKEV2_DH_BUFFER *DhBuffer;
ASSERT (IkeSaSession != NULL);
-
+
//
// Delete Common Session
//
@@ -419,7 +419,7 @@ Ikev2SaSessionFree ( //
// Delete Keys
- //
+ //
if (IkeKeys->SkAiKey != NULL) {
FreePool (IkeKeys->SkAiKey);
}
@@ -495,9 +495,9 @@ Ikev2SaSessionIncreaseMessageId ( /**
Allocate memory for IKEV2 Child SA Session.
-
+
@param[in] UdpService Pointer to IKE_UDP_SERVICE.
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
+ @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
Session.
@retval Pointer of a new created IKEV2 Child SA Session or NULL.
@@ -534,7 +534,7 @@ Ikev2ChildSaSessionAlloc ( FreePool (ChildSaSession);
return NULL;
}
-
+
ChildSaCommon = &ChildSaSession->SessionCommon;
ChildSaCommon->UdpService = UdpService;
ChildSaCommon->Private = IkeSaSession->SessionCommon.Private;
@@ -566,8 +566,8 @@ Ikev2ChildSaSessionAlloc ( }
/**
- Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
- If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
+ Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
+ If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
then register the new one.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.
@@ -610,9 +610,9 @@ Ikev2ChildSaSessionReg ( //
// Cleanup the fields of SessionCommon for processing.
- //
+ //
Ikev2SessionCommonRefresh (SessionCommon);
-
+
//
// Insert the ready child SA session into established list.
//
@@ -692,7 +692,7 @@ Ikev2ChildSaSessionLookupByMid ( This functin find a ChildSA session by searching the ChildSaSessionlist of
the input IKEV2_SA_SESSION by specified MessageID.
-
+
@param[in] SaSessionList Pointer to List to be searched.
@param[in] Spi Specified SPI.
@@ -737,19 +737,19 @@ Ikev2ChildSaSessionInsert ( /**
Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.
-
+
@param[in] SaSessionList The SA Session List to be iterated.
@param[in] Spi Spi used to identified the IKEV2_CHILD_SA_SESSION.
- @param[in] ListType The type of the List to indicate whether it is a
- Established.
+ @param[in] ListType The type of the List to indicate whether it is a
+ Established.
@return The point to IKEV2_CHILD_SA_SESSION or NULL.
-
+
**/
IKEV2_CHILD_SA_SESSION *
Ikev2ChildSaSessionRemove (
IN LIST_ENTRY *SaSessionList,
- IN UINT32 Spi,
+ IN UINT32 Spi,
IN UINT8 ListType
)
{
@@ -758,7 +758,7 @@ Ikev2ChildSaSessionRemove ( IKEV2_CHILD_SA_SESSION *ChildSaSession;
NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, SaSessionList) {
-
+
if (ListType == IKEV2_ESTABLISHED_CHILDSA_LIST || ListType == IKEV2_ESTABLISHING_CHILDSA_LIST) {
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry);
} else if (ListType == IKEV2_DELET_CHILDSA_LIST) {
@@ -793,7 +793,7 @@ Ikev2ChildSaSessionOnDeleting ( }
/**
- Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
+ Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.
@@ -907,7 +907,7 @@ Ikev2ChildSaSilentDelete ( //
ChildSession = Ikev2ChildSaSessionRemove(
&(IkeSaSession->ChildSaEstablishSessionList),
- Spi,
+ Spi,
IKEV2_ESTABLISHED_CHILDSA_LIST
);
if (ChildSession == NULL) {
@@ -916,7 +916,7 @@ Ikev2ChildSaSilentDelete ( LocalSpi = ChildSession->LocalPeerSpi;
RemoteSpi = ChildSession->RemotePeerSpi;
-
+
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
Selector = AllocateZeroPool (SelectorSize);
if (Selector == NULL) {
@@ -938,7 +938,7 @@ Ikev2ChildSaSilentDelete ( Status = EFI_OUT_OF_RESOURCES;
break;
}
-
+
Status = EfiIpSecConfigGetNextSelector (
&Private->IpSecConfig,
IPsecConfigDataTypeSad,
@@ -962,7 +962,7 @@ Ikev2ChildSaSilentDelete ( Status = EFI_OUT_OF_RESOURCES;
break;
}
-
+
CopyMem (RemoteSelector, Selector, SelectorSize);
}
@@ -977,7 +977,7 @@ Ikev2ChildSaSilentDelete ( Status = EFI_OUT_OF_RESOURCES;
break;
}
-
+
CopyMem (LocalSelector, Selector, SelectorSize);
}
}
@@ -1032,12 +1032,12 @@ Ikev2ChildSaSilentDelete ( Free the specified DhBuffer.
@param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.
-
+
**/
VOID
Ikev2DhBufferFree (
IKEV2_DH_BUFFER *DhBuffer
-)
+)
{
if (DhBuffer != NULL) {
if (DhBuffer->GxBuffer != NULL) {
@@ -1058,7 +1058,7 @@ Ikev2DhBufferFree ( /**
This function is to parse a request IKE packet and return its request type.
- The request type is one of IKE CHILD SA creation, IKE SA rekeying and
+ The request type is one of IKE CHILD SA creation, IKE SA rekeying and
IKE CHILD SA rekeying.
@param[in] IkePacket IKE packet to be prased.
@@ -1085,10 +1085,10 @@ Ikev2ChildExchangeRequestType( //
Flag = TRUE;
}
- if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_NOTIFY) {
+ if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_NOTIFY) {
if (((IKEV2_NOTIFY*)IkePayload)->MessageType == IKEV2_NOTIFICATION_REKEY_SA) {
//
- // If notify payload with REKEY_SA message type, the IkePacket is for
+ // If notify payload with REKEY_SA message type, the IkePacket is for
// rekeying Child SA.
//
return IkeRequestTypeRekeyChildSa;
@@ -1103,7 +1103,7 @@ Ikev2ChildExchangeRequestType( return IkeRequestTypeRekeyIkeSa;
} else {
//
- // If the Notify payloaad with transport mode message type, the IkePacket is
+ // If the Notify payloaad with transport mode message type, the IkePacket is
// for create Child SA.
//
return IkeRequestTypeCreateChildSa;
@@ -1113,10 +1113,10 @@ Ikev2ChildExchangeRequestType( /**
Associate a SPD selector to the Child SA Session.
- This function is called when the Child SA is not the first child SA of its
+ This function is called when the Child SA is not the first child SA of its
IKE SA. It associate a SPD to this Child SA.
- @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
+ @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
a SPD selector.
@retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.
@@ -1139,7 +1139,7 @@ Ikev2ChildSaAssociateSpdEntry ( /**
This function finds the SPI from Create Child SA Exchange Packet.
-
+
@param[in] IkePacket Pointer to IKE_PACKET to be searched.
@retval SPI number or 0 if it is not supported.
@@ -1152,7 +1152,7 @@ Ikev2ChildExchangeRekeySpi ( {
//
// Not support yet.
- //
+ //
return 0;
}
@@ -1202,7 +1202,7 @@ Ikev2ValidateHeader ( //
// Information Exchagne and Create Child Exchange can be started from each part.
//
- if (IkeHdr->ExchangeType != IKEV2_EXCHANGE_TYPE_INFO &&
+ if (IkeHdr->ExchangeType != IKEV2_EXCHANGE_TYPE_INFO &&
IkeHdr->ExchangeType != IKEV2_EXCHANGE_TYPE_CREATE_CHILD
) {
if (IkeSaSession->SessionCommon.IsInitiator) {
@@ -1277,7 +1277,7 @@ Ikev2InitializeSaData ( ProposalData->ProposalIndex = 1;
//
- // If SA data for IKE_SA_INIT exchage, contains 4 transforms. If SA data for
+ // If SA data for IKE_SA_INIT exchage, contains 4 transforms. If SA data for
// IKE_AUTH exchange contains 3 transforms.
//
if (SessionCommon->IkeSessionType == IkeSessionTypeIkeSa) {
@@ -1297,7 +1297,7 @@ Ikev2InitializeSaData ( FreePool (SaData);
return NULL;
}
-
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1370,7 +1370,7 @@ Ikev2InitializeSaData ( FreePool (SaData);
return NULL;
}
-
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1456,9 +1456,9 @@ Ikev2StoreSaData ( //
// Create a SpdSelector. In this implementation, one SPD represents
- // 2 direction traffic, so in here, there needs to reverse the local address
+ // 2 direction traffic, so in here, there needs to reverse the local address
// and remote address for Remote Peer's SA, then reverse again for the locate
- // SA.
+ // SA.
//
TempAddressCount = ChildSaSession->SpdSelector->LocalAddressCount;
TempAddressInfo = ChildSaSession->SpdSelector->LocalAddress;
@@ -1483,7 +1483,7 @@ Ikev2StoreSaData ( //
if (SaData.Mode == EfiIPsecTunnel) {
CopyMem (
- &SaData.TunnelSourceAddress,
+ &SaData.TunnelSourceAddress,
&ChildSaSession->Spd->Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
sizeof (EFI_IP_ADDRESS)
);
@@ -1512,13 +1512,13 @@ Ikev2StoreSaData ( //
// Store the local SA into SAD.
- //
+ //
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->SpdSelector->LocalAddressCount;
ChildSaSession->SpdSelector->RemoteAddress = ChildSaSession->SpdSelector->LocalAddress;
ChildSaSession->SpdSelector->LocalAddress = TempAddressInfo;
ChildSaSession->SpdSelector->LocalAddressCount = TempAddressCount;
-
+
SaId.Spi = ChildSaSession->RemotePeerSpi;
CopyMem (&SaId.DestAddress, &ChildSaSession->SessionCommon.RemotePeerIp, sizeof (EFI_IP_ADDRESS));
@@ -1555,12 +1555,12 @@ Ikev2StoreSaData ( /**
Call back function of the IKE life time is over.
- This function will mark the related IKE SA Session as deleting and trigger a
+ This function will mark the related IKE SA Session as deleting and trigger a
Information negotiation.
@param[in] Event The signaled Event.
@param[in] Context Pointer to data passed by caller.
-
+
**/
VOID
EFIAPI
@@ -1602,7 +1602,7 @@ Ikev2LifetimeNotify ( //
// Change the Child SA Session's State to IKE_STATE_SA_DELETING.
- //
+ //
DEBUG ((
DEBUG_INFO,
"\n------ChildSa Lifetime is out(SPI):(0x%x)------\n",
@@ -1638,7 +1638,7 @@ Ikev2ResendNotify ( UINT8 Value;
EFI_STATUS Status;
- ASSERT (Context != NULL);
+ ASSERT (Context != NULL);
IkeSaSession = NULL;
ChildSaSession = NULL;
SessionCommon = (IKEV2_SESSION_COMMON *) Context;
@@ -1714,9 +1714,9 @@ Ikev2ResendNotify ( if (ChildSaSession->SessionCommon.State == IkeStateSaDeleting) {
//
- // Established Child SA should be remove from the SAD entry and
- // DeleteList. The function of Ikev2DeleteChildSaSilent() will remove
- // the childSA from the IkeSaSession->ChildSaEstablishedList. So there
+ // Established Child SA should be remove from the SAD entry and
+ // DeleteList. The function of Ikev2DeleteChildSaSilent() will remove
+ // the childSA from the IkeSaSession->ChildSaEstablishedList. So there
// is no need to remove it here.
//
Ikev2ChildSaSilentDelete (IkeSaSession, ChildSaSession->LocalPeerSpi);
@@ -1759,19 +1759,19 @@ Ikev2ResendNotify ( Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,
- the SpdSelector in ChildSaSession is more accurated or the scope is smaller
+ the SpdSelector in ChildSaSession is more accurated or the scope is smaller
than the one in ChildSaSession->Spd, especially for the tunnel mode.
-
+
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
-
+
**/
EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
- )
+ )
{
EFI_STATUS Status;
@@ -1786,26 +1786,26 @@ Ikev2ChildSaSessionSpdSelectorCreate ( }
}
CopyMem (
- ChildSaSession->SpdSelector,
- ChildSaSession->Spd->Selector,
+ ChildSaSession->SpdSelector,
+ ChildSaSession->Spd->Selector,
sizeof (EFI_IPSEC_SPD_SELECTOR)
);
ChildSaSession->SpdSelector->RemoteAddress = AllocateCopyPool (
- ChildSaSession->Spd->Selector->RemoteAddressCount *
- sizeof (EFI_IP_ADDRESS_INFO),
+ ChildSaSession->Spd->Selector->RemoteAddressCount *
+ sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->RemoteAddress
);
if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
Status = EFI_OUT_OF_RESOURCES;
FreePool (ChildSaSession->SpdSelector);
-
+
return Status;
}
-
+
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
- ChildSaSession->Spd->Selector->LocalAddressCount *
- sizeof (EFI_IP_ADDRESS_INFO),
+ ChildSaSession->Spd->Selector->LocalAddressCount *
+ sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->LocalAddress
);
if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
@@ -1814,12 +1814,12 @@ Ikev2ChildSaSessionSpdSelectorCreate ( FreePool (ChildSaSession->SpdSelector->RemoteAddress);
FreePool (ChildSaSession->SpdSelector);
-
+
return Status;
}
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
- ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
+ ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
}
return Status;
@@ -1853,7 +1853,7 @@ Ikev2ChildSaSessionCreate ( //
// Set the specific parameters.
- //
+ //
ChildSaSession->Spd = IkeSaSession->Spd;
ChildSaCommon = &ChildSaSession->SessionCommon;
ChildSaCommon->IsInitiator = IkeSaSession->SessionCommon.IsInitiator;
@@ -1883,7 +1883,7 @@ Ikev2ChildSaSessionCreate ( Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
-
+
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
@@ -1892,13 +1892,13 @@ Ikev2ChildSaSessionCreate ( Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
-
+
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
//
- // Only if the Create Child SA is called for the IKE_INIT Exchange and
- // IkeSaSession is initiator (Only Initiator's SPD is not NULL), Set the
+ // Only if the Create Child SA is called for the IKE_INIT Exchange and
+ // IkeSaSession is initiator (Only Initiator's SPD is not NULL), Set the
// Traffic Selectors related information here.
//
if (IkeSaSession->SessionCommon.State == IkeStateAuth && IkeSaSession->Spd != NULL) {
@@ -1918,20 +1918,20 @@ Ikev2ChildSaSessionCreate ( Check if the SPD is related to the input Child SA Session.
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call
- back function of IpSecVisitConfigData().
-
+ back function of IpSecVisitConfigData().
+
@param[in] Type Type of the input Config Selector.
- @param[in] Selector Pointer to the Configure Selector to be checked.
- @param[in] Data Pointer to the Configure Selector's Data passed
+ @param[in] Selector Pointer to the Configure Selector to be checked.
+ @param[in] Data Pointer to the Configure Selector's Data passed
from the caller.
@param[in] SelectorSize The buffer size of Selector.
@param[in] DataSize The buffer size of the Data.
@param[in] Context The data passed from the caller. It is a Child
SA Session in this context.
- @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
- @retval EFI_ABORTED The SPD Selector is related to the Child SA session and
+ @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
+ @retval EFI_ABORTED The SPD Selector is related to the Child SA session and
set the ChildSaSession->Spd to point to this SPD Selector.
**/
@@ -1962,7 +1962,7 @@ Ikev2MatchSpdEntry ( ChildSaSession = (IKEV2_CHILD_SA_SESSION *) Context;
IpVersion = ChildSaSession->SessionCommon.UdpService->IpVersion;
- SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) Selector;
+ SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) Selector;
IsMatch = TRUE;
if (SpdSelector->NextLayerProtocol == EFI_IP_PROTO_UDP &&
@@ -1991,7 +1991,7 @@ Ikev2MatchSpdEntry ( IsMatch = FALSE;
}
- IsMatch = (BOOLEAN) (IsMatch &&
+ IsMatch = (BOOLEAN) (IsMatch &&
IpSecMatchIpAddress (
IpVersion,
&ChildSaSession->SessionCommon.LocalPeerIp,
@@ -1999,7 +1999,7 @@ Ikev2MatchSpdEntry ( SpdSelector->LocalAddressCount
));
- IsMatch = (BOOLEAN) (IsMatch &&
+ IsMatch = (BOOLEAN) (IsMatch &&
IpSecMatchIpAddress (
IpVersion,
&ChildSaSession->SessionCommon.RemotePeerIp,
@@ -2073,12 +2073,12 @@ Ikev2IsSupportAlg ( @param[in] ProposalData Pointer to related IKEV2_PROPOSAL_DATA.
@param[out] PreferEncryptAlgorithm Output of preferred encrypt algorithm.
- @param[out] PreferIntegrityAlgorithm Output of preferred integrity algorithm.
- @param[out] PreferPrfAlgorithm Output of preferred PRF algorithm. Only
+ @param[out] PreferIntegrityAlgorithm Output of preferred integrity algorithm.
+ @param[out] PreferPrfAlgorithm Output of preferred PRF algorithm. Only
for IKE SA.
- @param[out] PreferDhGroup Output of preferred DH group. Only for
+ @param[out] PreferDhGroup Output of preferred DH group. Only for
IKE SA.
- @param[out] PreferEncryptKeylength Output of preferred encrypt key length
+ @param[out] PreferEncryptKeylength Output of preferred encrypt key length
in bytes.
@param[out] IsSupportEsn Output of value about the Extented Sequence
Number is support or not. Only for Child SA.
@@ -2088,7 +2088,7 @@ Ikev2IsSupportAlg ( **/
VOID
Ikev2ParseProposalData (
- IN IKEV2_PROPOSAL_DATA *ProposalData,
+ IN IKEV2_PROPOSAL_DATA *ProposalData,
OUT UINT16 *PreferEncryptAlgorithm,
OUT UINT16 *PreferIntegrityAlgorithm,
OUT UINT16 *PreferPrfAlgorithm,
@@ -2096,7 +2096,7 @@ Ikev2ParseProposalData ( OUT UINTN *PreferEncryptKeylength,
OUT BOOLEAN *IsSupportEsn,
IN BOOLEAN IsChildSa
-)
+)
{
IKEV2_TRANSFORM_DATA *TransformData;
UINT8 TransformIndex;
@@ -2105,7 +2105,7 @@ Ikev2ParseProposalData ( // Check input parameters.
//
if (ProposalData == NULL ||
- PreferEncryptAlgorithm == NULL ||
+ PreferEncryptAlgorithm == NULL ||
PreferIntegrityAlgorithm == NULL ||
PreferEncryptKeylength == NULL
) {
@@ -2120,14 +2120,14 @@ Ikev2ParseProposalData ( if (PreferPrfAlgorithm == NULL || PreferDhGroup == NULL) {
return;
}
- }
+ }
TransformData = (IKEV2_TRANSFORM_DATA *)(ProposalData + 1);
for (TransformIndex = 0; TransformIndex < ProposalData->NumTransforms; TransformIndex++) {
- switch (TransformData->TransformType) {
+ switch (TransformData->TransformType) {
//
- // For IKE SA there are four algorithm types. Encryption Algorithm, Pseudo-random Function,
- // Integrity Algorithm, Diffie-Hellman Group. For Child SA, there are three algorithm types.
+ // For IKE SA there are four algorithm types. Encryption Algorithm, Pseudo-random Function,
+ // Integrity Algorithm, Diffie-Hellman Group. For Child SA, there are three algorithm types.
// Encryption Algorithm, Integrity Algorithm, Extended Sequence Number.
//
case IKEV2_TRANSFORM_TYPE_ENCR:
@@ -2154,7 +2154,7 @@ Ikev2ParseProposalData ( if (*PreferPrfAlgorithm == 0 && Ikev2IsSupportAlg (TransformData->TransformId, IKE_PRF_TYPE)) {
*PreferPrfAlgorithm = TransformData->TransformId;
}
- }
+ }
break;
case IKEV2_TRANSFORM_TYPE_INTEG :
@@ -2162,21 +2162,21 @@ Ikev2ParseProposalData ( *PreferIntegrityAlgorithm = TransformData->TransformId;
}
break;
-
+
case IKEV2_TRANSFORM_TYPE_DH :
if (!IsChildSa) {
if (*PreferDhGroup == 0 && Ikev2IsSupportAlg (TransformData->TransformId, IKE_DH_TYPE)) {
*PreferDhGroup = TransformData->TransformId;
}
- }
+ }
break;
-
+
case IKEV2_TRANSFORM_TYPE_ESN :
if (IsChildSa) {
if (TransformData->TransformId != 0) {
*IsSupportEsn = TRUE;
}
- }
+ }
break;
default:
@@ -2188,14 +2188,14 @@ Ikev2ParseProposalData ( /**
Parse the received Initial Exchange Packet.
-
- This function parse the SA Payload and Key Payload to find out the cryptographic
- suite for the further IKE negotiation and fill it into the IKE SA Session's
+
+ This function parse the SA Payload and Key Payload to find out the cryptographic
+ suite for the further IKE negotiation and fill it into the IKE SA Session's
CommonSession->SaParams.
@param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.
@param[in] SaPayload The received packet.
- @param[in] Type The received packet IKE header flag.
+ @param[in] Type The received packet IKE header flag.
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -2246,7 +2246,7 @@ Ikev2SaParseSaPayload ( // Get the preferred algorithms.
//
Ikev2ParseProposalData (
- ProposalData,
+ ProposalData,
&PreferEncryptAlgorithm,
&PreferIntegrityAlgorithm,
&PreferPrfAlgorithm,
@@ -2258,17 +2258,17 @@ Ikev2SaParseSaPayload ( if (PreferEncryptAlgorithm != 0 &&
PreferIntegrityAlgorithm != 0 &&
- PreferPrfAlgorithm != 0 &&
+ PreferPrfAlgorithm != 0 &&
PreferDhGroup != 0
) {
//
- // Find the matched one.
+ // Find the matched one.
//
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
-
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2296,13 +2296,13 @@ Ikev2SaParseSaPayload ( // one than one transform with same type.
//
CopyMem (
- (IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1),
- ProposalData,
+ (IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1),
+ ProposalData,
SaDataSize - sizeof (IKEV2_SA_DATA)
);
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
-
+
return TRUE;
} else {
PreferEncryptAlgorithm = 0;
@@ -2315,21 +2315,21 @@ Ikev2SaParseSaPayload ( //
// Point to next Proposal.
//
- ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
+ ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
}
} else if (Type == IKE_HEADER_FLAGS_RESPOND) {
//
- // First check the SA proposal's ProtoctolID and Transform Numbers. Since it is
- // the responded SA proposal, suppose it only has one proposal and the transform Numbers
- // is 4.
+ // First check the SA proposal's ProtoctolID and Transform Numbers. Since it is
+ // the responded SA proposal, suppose it only has one proposal and the transform Numbers
+ // is 4.
//
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *) SaPayload->PayloadBuf + 1);
if (ProposalData->ProtocolId != IPSEC_PROTO_ISAKMP || ProposalData->NumTransforms != 4) {
return FALSE;
}
//
- // Get the preferred algorithms.
+ // Get the preferred algorithms.
//
Ikev2ParseProposalData (
ProposalData,
@@ -2338,17 +2338,17 @@ Ikev2SaParseSaPayload ( &PreferPrfAlgorithm,
&PreferDhGroup,
&PreferEncryptKeylength,
- NULL,
+ NULL,
FALSE
);
- //
+ //
// Check if the Sa proposal data from received packet is in the IkeSaSession->SaData.
//
ProposalData = (IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1);
for (ProposalIndex = 0; ProposalIndex < IkeSaSession->SaData->NumProposals && (!IsMatch); ProposalIndex++) {
Ikev2ParseProposalData (
- ProposalData,
+ ProposalData,
&EncryptAlgorithm,
&IntegrityAlgorithm,
&PrfAlgorithm,
@@ -2369,11 +2369,11 @@ Ikev2SaParseSaPayload ( IntegrityAlgorithm = 0;
PrfAlgorithm = 0;
DhGroup = 0;
- EncryptKeylength = 0;
+ EncryptKeylength = 0;
}
- ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
- ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
+ ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
+ ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
}
if (IsMatch) {
@@ -2381,32 +2381,32 @@ Ikev2SaParseSaPayload ( if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
-
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
IkeSaSession->SessionCommon.SaParams->Prf = PreferPrfAlgorithm;
IkeSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
IkeSaSession->SessionCommon.PreferDhGroup = PreferDhGroup;
-
+
return TRUE;
}
}
-
+
return FALSE;
}
/**
Parse the received Authentication Exchange Packet.
-
+
This function parse the SA Payload and Key Payload to find out the cryptographic
suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.
-
- @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
+
+ @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
this Authentication Exchange.
@param[in] SaPayload The received packet.
- @param[in] Type The IKE header's flag of received packet .
-
+ @param[in] Type The IKE header's flag of received packet .
+
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -2465,18 +2465,18 @@ Ikev2ChildSaParseSaPayload ( //
// Don't support the ESN now.
//
- if (PreferEncryptAlgorithm != 0 &&
+ if (PreferEncryptAlgorithm != 0 &&
PreferIntegrityAlgorithm != 0 &&
!IsSupportEsn
) {
//
- // Find the matched one.
+ // Find the matched one.
//
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
-
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2499,7 +2499,7 @@ Ikev2ChildSaParseSaPayload ( //
// BUGBUG: Suppose there are 4 transforms in the matched proposal. If
- // the matched Proposal has more than 4 transforms that means there
+ // the matched Proposal has more than 4 transforms that means there
// are more than one transform with same type.
//
CopyMem (
@@ -2511,17 +2511,17 @@ Ikev2ChildSaParseSaPayload ( ((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->ProposalIndex = 1;
((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi = AllocateCopyPool (
- sizeof (ChildSaSession->LocalPeerSpi),
+ sizeof (ChildSaSession->LocalPeerSpi),
&ChildSaSession->LocalPeerSpi
);
if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
FreePool (ChildSaSession->SessionCommon.SaParams);
FreePool (ChildSaSession->SaData );
-
+
return FALSE;
}
-
+
return TRUE;
} else {
@@ -2533,14 +2533,14 @@ Ikev2ChildSaParseSaPayload ( //
// Point to next Proposal
//
- ProposalData = (IKEV2_PROPOSAL_DATA *)((UINT8 *)(ProposalData + 1) +
+ ProposalData = (IKEV2_PROPOSAL_DATA *)((UINT8 *)(ProposalData + 1) +
ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
}
} else if (Type == IKE_HEADER_FLAGS_RESPOND) {
//
- // First check the SA proposal's ProtoctolID and Transform Numbers. Since it is
- // the responded SA proposal, suppose it only has one proposal and the transform Numbers
- // is 3.
+ // First check the SA proposal's ProtoctolID and Transform Numbers. Since it is
+ // the responded SA proposal, suppose it only has one proposal and the transform Numbers
+ // is 3.
//
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (ProposalData->ProtocolId != IPSEC_PROTO_IPSEC_ESP || ProposalData->NumTransforms != 3) {
@@ -2564,7 +2564,7 @@ Ikev2ChildSaParseSaPayload ( for (ProposalIndex = 0; ProposalIndex < ChildSaSession->SaData->NumProposals && (!IsMatch); ProposalIndex++) {
Ikev2ParseProposalData (
- ProposalData,
+ ProposalData,
&EncryptAlgorithm,
&IntegrityAlgorithm,
NULL,
@@ -2576,7 +2576,7 @@ Ikev2ChildSaParseSaPayload ( if (EncryptAlgorithm == PreferEncryptAlgorithm &&
EncryptKeylength == PreferEncryptKeylength &&
IntegrityAlgorithm == PreferIntegrityAlgorithm &&
- IsSupportEsn == PreferIsSupportEsn
+ IsSupportEsn == PreferIsSupportEsn
) {
IsMatch = TRUE;
} else {
@@ -2584,17 +2584,17 @@ Ikev2ChildSaParseSaPayload ( PreferIntegrityAlgorithm = 0;
IsSupportEsn = TRUE;
}
- ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
- ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
+ ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) +
+ ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA));
}
-
+
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (IsMatch) {
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
-
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2609,17 +2609,17 @@ Ikev2ChildSaParseSaPayload ( /**
Generate Key buffer from fragments.
- If the digest length of specified HashAlgId is larger than or equal with the
- required output key length, derive the key directly. Otherwise, Key Material
- needs to be PRF-based concatenation according to 2.13 of RFC 4306:
+ If the digest length of specified HashAlgId is larger than or equal with the
+ required output key length, derive the key directly. Otherwise, Key Material
+ needs to be PRF-based concatenation according to 2.13 of RFC 4306:
prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),
T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)
then derive the key from this key material.
-
+
@param[in] HashAlgId The Hash Algorithm ID used to generate key.
@param[in] HashKey Pointer to a key buffer which contains hash key.
@param[in] HashKeyLength The length of HashKey in bytes.
- @param[in, out] OutputKey Pointer to buffer which is used to receive the
+ @param[in, out] OutputKey Pointer to buffer which is used to receive the
output key.
@param[in] OutputKeyLength The length of OutPutKey buffer.
@param[in] Fragments Pointer to the data to be used to generate key.
@@ -2682,11 +2682,11 @@ Ikev2SaGenerateKey ( if (OutputKeyLength <= DigestSize) {
Status = IpSecCryptoIoHmac (
HashAlgId,
- HashKey,
- HashKeyLength,
- (HASH_DATA_FRAGMENT *) Fragments,
- NumFragments,
- Digest,
+ HashKey,
+ HashKeyLength,
+ (HASH_DATA_FRAGMENT *) Fragments,
+ NumFragments,
+ Digest,
DigestSize
);
if (EFI_ERROR (Status)) {
@@ -2713,7 +2713,7 @@ Ikev2SaGenerateKey ( Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
-
+
LocalFragments[1].DataSize = FragmentsSize;
//
@@ -2722,7 +2722,7 @@ Ikev2SaGenerateKey ( FragmentsSize = 0;
for (Index = 0; Index < NumFragments; Index++) {
CopyMem (
- LocalFragments[1].Data + FragmentsSize,
+ LocalFragments[1].Data + FragmentsSize,
Fragments[Index].Data,
Fragments[Index].DataSize
);
@@ -2743,17 +2743,17 @@ Ikev2SaGenerateKey ( Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
-
+
LocalFragments[0].DataSize = AuthKeyLength;
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;
for (Index = 0; Index < Round; Index++) {
Status = IpSecCryptoIoHmac (
- HashAlgId,
- HashKey,
- HashKeyLength,
+ HashAlgId,
+ HashKey,
+ HashKeyLength,
(HASH_DATA_FRAGMENT *)(Index == 0 ? &LocalFragments[1] : LocalFragments),
- Index == 0 ? 2 : 3,
+ Index == 0 ? 2 : 3,
Digest,
DigestSize
);
@@ -2761,25 +2761,25 @@ Ikev2SaGenerateKey ( goto Exit;
}
CopyMem (
- LocalFragments[0].Data,
- Digest,
+ LocalFragments[0].Data,
+ Digest,
DigestSize
);
if (OutputKeyLength > DigestSize * (Index + 1)) {
CopyMem (
- OutputKey + Index * DigestSize,
- Digest,
+ OutputKey + Index * DigestSize,
+ Digest,
DigestSize
);
LocalFragments[0].DataSize = DigestSize;
TailData ++;
} else {
- //
+ //
// The last round
//
CopyMem (
- OutputKey + Index * DigestSize,
- Digest,
+ OutputKey + Index * DigestSize,
+ Digest,
OutputKeyLength - Index * DigestSize
);
}
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.h b/NetworkPkg/IpSecDxe/Ikev2/Utility.h index 319b6cb32c..8383ff8dd6 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.h +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.h @@ -1,8 +1,8 @@ /** @file
- The interfaces of IKE/Child session operations and payload related operations
+ The interfaces of IKE/Child session operations and payload related operations
used by IKE Exchange Process.
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -76,8 +76,8 @@ Ikev2SaSessionLookup ( Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.
@param[in] SaSessionList Pointer to list to be inserted into.
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
- @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
+ @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
+ @param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
unique IKEV2_SA_SESSION.
**/
@@ -94,7 +94,7 @@ Ikev2SaSessionInsert ( @param[in] SaSessionList Pointer to list to be searched.
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
- @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.
+ @retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.
**/
IKEV2_SA_SESSION *
@@ -129,7 +129,7 @@ Ikev2SessionCommonRefresh ( );
/**
- Free specified IKEV2 SA Session.
+ Free specified IKEV2 SA Session.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.
@@ -140,7 +140,7 @@ Ikev2SaSessionFree ( );
/**
- Free specified Seession Common. The session common would belong to a IKE SA or
+ Free specified Seession Common. The session common would belong to a IKE SA or
a Child SA.
@param[in] SessionCommon Pointer to a Session Common.
@@ -164,9 +164,9 @@ Ikev2SaSessionIncreaseMessageId ( /**
Allocate Momery for IKEV2 Child SA Session.
-
+
@param[in] UdpService Pointer to IKE_UDP_SERVICE.
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
+ @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
Session.
@retval Pointer of a new created IKEV2 Child SA Session.
@@ -179,8 +179,8 @@ Ikev2ChildSaSessionAlloc ( );
/**
- Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
- If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
+ Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
+ If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
then register the new one.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.
@@ -198,7 +198,7 @@ Ikev2ChildSaSessionReg ( This functin find a ChildSA session by searching the ChildSaSessionlist of
the input IKEV2_SA_SESSION by specified MessageID.
-
+
@param[in] SaSessionList Pointer to List to be searched.
@param[in] Spi Specified SPI.
@@ -241,20 +241,20 @@ Ikev2ChildSaSessionInsert ( /**
Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.
-
+
@param[in] SaSessionList The SA Session List to be iterated.
@param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.
- @param[in] ListType The type of the List to indicate whether it is a
- Established.
+ @param[in] ListType The type of the List to indicate whether it is a
+ Established.
@return The point to IKEV2_CHILD_SA_SESSION.
-
+
**/
IKEV2_CHILD_SA_SESSION *
Ikev2ChildSaSessionRemove (
IN LIST_ENTRY *SaSessionList,
- IN UINT32 Spi,
- IN UINT8 ListType
+ IN UINT32 Spi,
+ IN UINT8 ListType
);
/**
@@ -271,7 +271,7 @@ Ikev2ChildSaSessionOnDeleting ( );
/**
- Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
+ Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.
@@ -285,7 +285,7 @@ Ikev2ChildSaSessionFree ( Free the specified DhBuffer.
@param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.
-
+
**/
VOID
Ikev2DhBufferFree (
@@ -315,7 +315,7 @@ Ikev2ChildSaSilentDelete ( /**
This function is to parse a request IKE packet and return its request type.
- The request type is one of IKE CHILD SA creation, IKE SA rekeying and
+ The request type is one of IKE CHILD SA creation, IKE SA rekeying and
IKE CHILD SA rekeying.
@param[in] IkePacket IKE packet to be prased.
@@ -330,7 +330,7 @@ Ikev2ChildExchangeRequestType( /**
This function finds the SPI from Create Child Sa Exchange Packet.
-
+
@param[in] IkePacket Pointer to IKE_PACKET to be searched.
@retval SPI number.
@@ -345,10 +345,10 @@ Ikev2ChildExchangeRekeySpi( /**
Associate a SPD selector to the Child SA Session.
- This function is called when the Child SA is not the first child SA of its
+ This function is called when the Child SA is not the first child SA of its
IKE SA. It associate a SPD to this Child SA.
- @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
+ @param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
a SPD selector.
@retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.
@@ -441,13 +441,13 @@ Ikev2ChildSaAfterEncodePayload ( Generate Ikev2 SA payload according to SessionSaData
@param[in] SessionSaData The data used in SA payload.
- @param[in] NextPayload The payload type presented in NextPayload field of
+ @param[in] NextPayload The payload type presented in NextPayload field of
SA Payload header.
@param[in] Type The SA type. It MUST be neither (1) for IKE_SA or
(2) for CHILD_SA or (3) for INFO.
@retval a Pointer to SA IKE payload.
-
+
**/
IKE_PAYLOAD *
Ikev2GenerateSaPayload (
@@ -460,7 +460,7 @@ Ikev2GenerateSaPayload ( Generate a ID payload.
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
- @param[in] NextPayload The payload type presented in the NextPayload field
+ @param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@retval Pointer to ID IKE payload.
@@ -476,7 +476,7 @@ Ikev2GenerateIdPayload ( Generate a ID payload.
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
- @param[in] NextPayload The payload type presented in the NextPayload field
+ @param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@param[in] InCert Pointer to the Certificate which distinguished name
will be added into the Id payload.
@@ -488,7 +488,7 @@ Ikev2GenerateIdPayload ( IKE_PAYLOAD *
Ikev2GenerateCertIdPayload (
IN IKEV2_SESSION_COMMON *CommonSession,
- IN UINT8 NextPayload,
+ IN UINT8 NextPayload,
IN UINT8 *InCert,
IN UINTN CertSize
);
@@ -496,10 +496,10 @@ Ikev2GenerateCertIdPayload ( /**
Generate a Nonce payload contenting the input parameter NonceBuf.
- @param[in] NonceBuf The nonce buffer content the whole Nonce payload block
+ @param[in] NonceBuf The nonce buffer content the whole Nonce payload block
except the payload header.
@param[in] NonceSize The buffer size of the NonceBuf
- @param[in] NextPayload The payload type presented in the NextPayload field
+ @param[in] NextPayload The payload type presented in the NextPayload field
of Nonce Payload header.
@retval Pointer to Nonce IKE paload.
@@ -516,23 +516,23 @@ Ikev2GenerateNoncePayload ( Generate the Notify payload.
Since the structure of Notify payload which defined in RFC 4306 is simple, so
- there is no internal data structure for Notify payload. This function generate
- Notify payload defined in RFC 4306, but all the fields in this payload are still
- in host order and need call Ikev2EncodePayload() to convert those fields from
+ there is no internal data structure for Notify payload. This function generate
+ Notify payload defined in RFC 4306, but all the fields in this payload are still
+ in host order and need call Ikev2EncodePayload() to convert those fields from
the host order to network order beforing sending it.
@param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).
For IPsec SAs it MUST be neither (2) for AH or (3)
for ESP.
- @param[in] NextPayload The next paylaod type in NextPayload field of
+ @param[in] NextPayload The next paylaod type in NextPayload field of
the Notify payload.
@param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.
- @param[in] MessageType The message type in NotifyMessageType field of the
+ @param[in] MessageType The message type in NotifyMessageType field of the
Notify Payload.
@param[in] SpiBuf Pointer to buffer contains the SPI value.
@param[in] NotifyData Pointer to buffer contains the notification data.
@param[in] NotifyDataSize The size of NotifyData in bytes.
-
+
@retval Pointer to IKE Notify Payload.
@@ -551,14 +551,14 @@ Ikev2GenerateNotifyPayload ( /**
Generate the Delete payload.
- Since the structure of Delete payload which defined in RFC 4306 is simple,
- there is no internal data structure for Delete payload. This function generate
- Delete payload defined in RFC 4306, but all the fields in this payload are still
- in host order and need call Ikev2EncodePayload() to convert those fields from
+ Since the structure of Delete payload which defined in RFC 4306 is simple,
+ there is no internal data structure for Delete payload. This function generate
+ Delete payload defined in RFC 4306, but all the fields in this payload are still
+ in host order and need call Ikev2EncodePayload() to convert those fields from
the host order to network order beforing sending it.
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
- @param[in] NextPayload The next paylaod type in NextPayload field of
+ @param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.
@param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.
@@ -573,19 +573,19 @@ Ikev2GenerateDeletePayload ( IN UINT8 NextPayload,
IN UINT8 SpiSize,
IN UINT16 SpiNum,
- IN UINT8 *SpiBuf
+ IN UINT8 *SpiBuf
);
/**
Generate the Configuration payload.
- This function generates a configuration payload defined in RFC 4306, but all the
- fields in this payload are still in host order and need call Ikev2EncodePayload()
+ This function generates a configuration payload defined in RFC 4306, but all the
+ fields in this payload are still in host order and need call Ikev2EncodePayload()
to convert those fields from the host order to network order beforing sending it.
@param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload
generation.
- @param[in] NextPayload The next paylaod type in NextPayload field of
+ @param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] CfgType The attribute type in the Configuration attribute.
@@ -602,15 +602,15 @@ Ikev2GenerateCpPayload ( /**
Generate a Authentication Payload.
- This function is used for both Authentication generation and verification. When the
- IsVerify is TRUE, it create a Auth Data for verification. This function choose the
+ This function is used for both Authentication generation and verification. When the
+ IsVerify is TRUE, it create a Auth Data for verification. This function choose the
related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type
and the value of IsVerify parameter.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
- @param[in] IdPayload Pointer to the ID payload to be used for Authentication
+ @param[in] IdPayload Pointer to the ID payload to be used for Authentication
payload generation.
- @param[in] NextPayload The type filled into the Authentication Payload next
+ @param[in] NextPayload The type filled into the Authentication Payload next
payload field.
@param[in] IsVerify If it is TURE, the Authentication payload is used for
verification.
@@ -627,26 +627,26 @@ Ikev2PskGenerateAuthPayload ( );
/**
- Generate a Authentication Payload for Certificate Auth method.
+ Generate a Authentication Payload for Certificate Auth method.
- This function has two functions. One is creating a local Authentication
- Payload for sending and other is creating the remote Authentication data
+ This function has two functions. One is creating a local Authentication
+ Payload for sending and other is creating the remote Authentication data
for verification when the IsVerify is TURE.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
- @param[in] IdPayload Pointer to the ID payload to be used for Authentication
+ @param[in] IdPayload Pointer to the ID payload to be used for Authentication
payload generation.
- @param[in] NextPayload The type filled into the Authentication Payload
+ @param[in] NextPayload The type filled into the Authentication Payload
next payload field.
- @param[in] IsVerify If it is TURE, the Authentication payload is used
+ @param[in] IsVerify If it is TURE, the Authentication payload is used
for verification.
- @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when
+ @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when
verify the authenticate payload.
- @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it
+ @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it
when verify the authenticate payload.
- @param[in] UefiKeyPwd Pointer to the password of UEFI private key.
+ @param[in] UefiKeyPwd Pointer to the password of UEFI private key.
Ignore it when verify the authenticate payload.
- @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when
+ @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when
verify the authenticate payload.
@return pointer to IKE Authentication payload for certification method.
@@ -670,9 +670,9 @@ Ikev2CertGenerateAuthPayload ( This function generates TSi or TSr payload according to type of next payload.
If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate
TSr payload
-
+
@param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.
- @param[in] NextPayload The payload type presented in the NextPayload field
+ @param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.
If yes, it means the Tsi and Tsr payload should be with
@@ -696,7 +696,7 @@ Ikev2GenerateTsPayload ( IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not
the COOKIE, return EFI_INVALID_PARAMETER.
- @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the
+ @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the
Notify Cookie payload.
the Notify payload.
@param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.
@@ -715,16 +715,16 @@ Ikev2ParserNotifyCookiePayload ( /**
Generate the Certificate payload or Certificate Request Payload.
- Since the Certificate Payload structure is same with Certificate Request Payload,
+ Since the Certificate Payload structure is same with Certificate Request Payload,
the only difference is that one contains the Certificate Data, other contains
- the acceptable certificateion CA. This function generate Certificate payload
- or Certificate Request Payload defined in RFC 4306, but all the fields
- in the payload are still in host order and need call Ikev2EncodePayload()
+ the acceptable certificateion CA. This function generate Certificate payload
+ or Certificate Request Payload defined in RFC 4306, but all the fields
+ in the payload are still in host order and need call Ikev2EncodePayload()
to convert those fields from the host order to network order beforing sending it.
- @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload
+ @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload
generation.
- @param[in] NextPayload The next paylaod type in NextPayload field of
+ @param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] Certificate Pointer of buffer contains the certification data.
@param[in] CertificateLen The length of Certificate in byte.
@@ -747,15 +747,15 @@ Ikev2GenerateCertificatePayload ( IN UINT8 EncodeType,
IN BOOLEAN IsRequest
);
-
+
/**
General interface of payload encoding.
- This function encode the internal data structure into payload which
- is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input
- payload and converted payload. Only the SA payload use the interal structure
- to store the attribute. Other payload use structure which is same with the RFC
- defined, for this kind payloads just do host order to network order change of
+ This function encode the internal data structure into payload which
+ is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input
+ payload and converted payload. Only the SA payload use the interal structure
+ to store the attribute. Other payload use structure which is same with the RFC
+ defined, for this kind payloads just do host order to network order change of
some fields.
@param[in] SessionCommon Pointer to IKE Session Common used to encode the payload.
@@ -779,7 +779,7 @@ Ikev2EncodePayload ( @param[in] SessionCommon Pointer to IKE Session Common to use for decoding.
@param[in, out] IkePayload Pointer to IKE payload to be decode as input, and
- store the decoded result as output.
+ store the decoded result as output.
@retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.
@retval EFI_SUCCESS Decode successfully.
@@ -796,18 +796,18 @@ Ikev2DecodePayload ( This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
+ @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
some parameter used during decrypting.
- @param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,
+ @param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,
and the decrypted reslult as output.
@param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
- @retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the
+ @retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the
IKE packet length is not Algorithm Block Size
alignment.
@retval EFI_SUCCESS Decrypt IKE packet successfully.
-
+
**/
EFI_STATUS
Ikev2DecryptPacket (
@@ -821,7 +821,7 @@ Ikev2DecryptPacket ( This function encrypt IKE packet before sending it. The Encrypted IKE packet
is put in to IKEV2 Encrypted Payload.
-
+
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.
@param[in, out] IkePacket Pointer to IKE packet to be encrypted.
@@ -840,9 +840,9 @@ Ikev2EncryptPacket ( This function put all Payloads into one payload then encrypt it if needed.
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
+ @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
some parameter used during IKE packet encoding.
- @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,
+ @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,
and the encoded reslult as output.
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
@@ -861,12 +861,12 @@ Ikev2EncodePacket ( /**
Decode the IKE packet.
- This function first decrypts the IKE packet if needed , then separats the whole
+ This function first decrypts the IKE packet if needed , then separats the whole
IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.
-
- @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing
+
+ @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing
some parameter used by IKE packet decoding.
- @param[in, out] IkePacket The IKE Packet to be decoded on input, and
+ @param[in, out] IkePacket The IKE Packet to be decoded on input, and
the decoded result on return.
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
@@ -904,8 +904,8 @@ Ikev2OnPacketAccepted ( @param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.
@param[in] IkePacket Pointer to IKE_PACKET to be sent out.
- @param[in] IkeType The type of IKE to point what's kind of the IKE
- packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE
+ @param[in] IkeType The type of IKE to point what's kind of the IKE
+ packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE
and IKE_CHILD_TYPE are supportted.
@retval EFI_SUCCESS The operation complete successfully.
@@ -923,12 +923,12 @@ Ikev2SendIkePacket ( /**
Callback function for the IKE life time is over.
- This function will mark the related IKE SA Session as deleting and trigger a
+ This function will mark the related IKE SA Session as deleting and trigger a
Information negotiation.
@param[in] Event The time out event.
@param[in] Context Pointer to data passed by caller.
-
+
**/
VOID
EFIAPI
@@ -952,11 +952,11 @@ Ikev2ResendNotify ( );
/**
- Generate a Key Exchange payload according to the DH group type and save the
+ Generate a Key Exchange payload according to the DH group type and save the
public Key into IkeSaSession IkeKey field.
@param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.
- @param[in] NextPayload The payload type presented in the NextPayload field of Key
+ @param[in] NextPayload The payload type presented in the NextPayload field of Key
Exchange Payload header.
@retval Pointer to Key IKE payload.
@@ -964,28 +964,28 @@ Ikev2ResendNotify ( **/
IKE_PAYLOAD *
Ikev2GenerateKePayload (
- IN OUT IKEV2_SA_SESSION *IkeSaSession,
- IN UINT8 NextPayload
+ IN OUT IKEV2_SA_SESSION *IkeSaSession,
+ IN UINT8 NextPayload
);
/**
Check if the SPD is related to the input Child SA Session.
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call
- back function of IpSecVisitConfigData().
-
+ back function of IpSecVisitConfigData().
+
@param[in] Type Type of the input Config Selector.
- @param[in] Selector Pointer to the Configure Selector to be checked.
- @param[in] Data Pointer to the Configure Selector's Data passed
+ @param[in] Selector Pointer to the Configure Selector to be checked.
+ @param[in] Data Pointer to the Configure Selector's Data passed
from the caller.
@param[in] SelectorSize The buffer size of Selector.
@param[in] DataSize The buffer size of the Data.
@param[in] Context The data passed from the caller. It is a Child
SA Session in this context.
- @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
- @retval EFI_ABORTED The SPD Selector is related to the Child SA session and
+ @retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
+ @retval EFI_ABORTED The SPD Selector is related to the Child SA session and
set the ChildSaSession->Spd to point to this SPD Selector.
**/
@@ -1033,14 +1033,14 @@ Ikev2ChildSaSessionCreate ( /**
Parse the received Initial Exchange Packet.
-
- This function parse the SA Payload and Key Payload to find out the cryptographic
- suite for the further IKE negotiation and fill it into the IKE SA Session's
+
+ This function parse the SA Payload and Key Payload to find out the cryptographic
+ suite for the further IKE negotiation and fill it into the IKE SA Session's
CommonSession->SaParams.
@param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.
@param[in] SaPayload The received packet.
- @param[in] Type The received packet IKE header flag.
+ @param[in] Type The received packet IKE header flag.
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -1055,15 +1055,15 @@ Ikev2SaParseSaPayload ( /**
Parse the received Authentication Exchange Packet.
-
+
This function parse the SA Payload and Key Payload to find out the cryptographic
suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.
-
- @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
+
+ @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
this Authentication Exchange.
@param[in] SaPayload The received packet.
- @param[in] Type The IKE header's flag of received packet .
-
+ @param[in] Type The IKE header's flag of received packet .
+
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -1078,17 +1078,17 @@ Ikev2ChildSaParseSaPayload ( /**
Generate Key buffer from fragments.
- If the digest length of specified HashAlgId is larger than or equal with the
- required output key length, derive the key directly. Otherwise, Key Material
- needs to be PRF-based concatenation according to 2.13 of RFC 4306:
+ If the digest length of specified HashAlgId is larger than or equal with the
+ required output key length, derive the key directly. Otherwise, Key Material
+ needs to be PRF-based concatenation according to 2.13 of RFC 4306:
prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),
T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)
then derive the key from this key material.
-
+
@param[in] HashAlgId The Hash Algorithm ID used to generate key.
@param[in] HashKey Pointer to a key buffer which contains hash key.
@param[in] HashKeyLength The length of HashKey in bytes.
- @param[in, out] OutputKey Pointer to buffer which is used to receive the
+ @param[in, out] OutputKey Pointer to buffer which is used to receive the
output key.
@param[in] OutputKeyLength The length of OutPutKey buffer.
@param[in] Fragments Pointer to the data to be used to generate key.
@@ -1115,14 +1115,14 @@ Ikev2SaGenerateKey ( Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,
- the SpdSelector in ChildSaSession is more accurated or the scope is smaller
+ the SpdSelector in ChildSaSession is more accurated or the scope is smaller
than the one in ChildSaSession->Spd, especially for the tunnel mode.
-
+
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
-
+
**/
EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (
|