1. Update IPsec driver to produce EFI_IPSEC2_PROTOCOL which is defined by UEFI errata that will appear in UEFI 2.3 specification after 2.3 errata B and future UEFI Specifications after 2.3.

2. Update IPv6 driver to consume the EFI_IPSEC2_PROTOCOL.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10991 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
xdu2 2010-11-01 08:19:28 +00:00
parent 780847d128
commit 68d3f2fb61
12 changed files with 362 additions and 246 deletions

View File

@ -15,7 +15,7 @@
#include "Ip6Impl.h" #include "Ip6Impl.h"
EFI_IPSEC_PROTOCOL *mIpSec = NULL; EFI_IPSEC2_PROTOCOL *mIpSec = NULL;
EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = { EFI_IP6_PROTOCOL mEfiIp6ProtocolTemplete = {
EfiIp6GetModeData, EfiIp6GetModeData,

View File

@ -89,7 +89,7 @@
#define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured) #define IP6_NO_MAPPING(IpInstance) (!(IpInstance)->Interface->Configured)
extern EFI_IPSEC_PROTOCOL *mIpSec; extern EFI_IPSEC2_PROTOCOL *mIpSec;
// //
// IP6_TXTOKEN_WRAP wraps the upper layer's transmit token. // IP6_TXTOKEN_WRAP wraps the upper layer's transmit token.

View File

@ -481,11 +481,11 @@ Ip6IpSecFree (
actions: bypass the packet, discard the packet, or protect the packet. actions: bypass the packet, discard the packet, or protect the packet.
@param[in] IpSb The IP6 service instance. @param[in] IpSb The IP6 service instance.
@param[in] Head The caller-supplied IP6 header. @param[in, out] Head The caller-supplied IP6 header.
@param[in, out] LastHead The next header field of last IP header. @param[in, out] LastHead The next header field of last IP header.
@param[in, out] Netbuf The IP6 packet to be processed by IPsec. @param[in, out] Netbuf The IP6 packet to be processed by IPsec.
@param[in] ExtHdrs The caller-supplied options. @param[in, out] ExtHdrs The caller-supplied options.
@param[in] ExtHdrsLen The length of the option. @param[in, out] ExtHdrsLen The length of the option.
@param[in] Direction The directionality in an SPD entry, @param[in] Direction The directionality in an SPD entry,
EfiIPsecInBound, or EfiIPsecOutBound. EfiIPsecInBound, or EfiIPsecOutBound.
@param[in] Context The token's wrap. @param[in] Context The token's wrap.
@ -501,18 +501,20 @@ Ip6IpSecFree (
**/ **/
EFI_STATUS EFI_STATUS
Ip6IpSecProcessPacket ( Ip6IpSecProcessPacket (
IN IP6_SERVICE *IpSb, IN IP6_SERVICE *IpSb,
IN EFI_IP6_HEADER *Head, IN OUT EFI_IP6_HEADER **Head,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT NET_BUF **Netbuf, IN OUT NET_BUF **Netbuf,
IN VOID *ExtHdrs, IN OUT UINT8 **ExtHdrs,
IN UINT32 ExtHdrsLen, IN OUT UINT32 *ExtHdrsLen,
IN EFI_IPSEC_TRAFFIC_DIR Direction, IN EFI_IPSEC_TRAFFIC_DIR Direction,
IN VOID *Context IN VOID *Context
) )
{ {
NET_FRAGMENT *FragmentTable; NET_FRAGMENT *FragmentTable;
NET_FRAGMENT *OriginalFragmentTable;
UINT32 FragmentCount; UINT32 FragmentCount;
UINT32 OriginalFragmentCount;
EFI_EVENT RecycleEvent; EFI_EVENT RecycleEvent;
NET_BUF *Packet; NET_BUF *Packet;
IP6_TXTOKEN_WRAP *TxWrap; IP6_TXTOKEN_WRAP *TxWrap;
@ -520,6 +522,7 @@ Ip6IpSecProcessPacket (
EFI_STATUS Status; EFI_STATUS Status;
EFI_IP6_HEADER *PacketHead; EFI_IP6_HEADER *PacketHead;
UINT8 *Buf; UINT8 *Buf;
EFI_IP6_HEADER ZeroHead;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
Packet = *Netbuf; Packet = *Netbuf;
@ -530,6 +533,7 @@ Ip6IpSecProcessPacket (
Buf = NULL; Buf = NULL;
TxWrap = (IP6_TXTOKEN_WRAP *) Context; TxWrap = (IP6_TXTOKEN_WRAP *) Context;
FragmentCount = Packet->BlockOpNum; FragmentCount = Packet->BlockOpNum;
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
if (mIpSec == NULL) { if (mIpSec == NULL) {
gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec); gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);
@ -562,7 +566,7 @@ Ip6IpSecProcessPacket (
// //
// Bypass all multicast inbound or outbound traffic. // Bypass all multicast inbound or outbound traffic.
// //
if (IP6_IS_MULTICAST (&Head->DestinationAddress) || IP6_IS_MULTICAST (&Head->SourceAddress)) { if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress) || IP6_IS_MULTICAST (&(*Head)->SourceAddress)) {
goto ON_EXIT; goto ON_EXIT;
} }
@ -577,6 +581,8 @@ Ip6IpSecProcessPacket (
} }
Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount); Status = NetbufBuildExt (Packet, FragmentTable, &FragmentCount);
OriginalFragmentTable = FragmentTable;
OriginalFragmentCount = FragmentCount;
if (EFI_ERROR(Status)) { if (EFI_ERROR(Status)) {
FreePool (FragmentTable); FreePool (FragmentTable);
@ -586,16 +592,16 @@ Ip6IpSecProcessPacket (
// //
// Convert host byte order to network byte order // Convert host byte order to network byte order
// //
Ip6NtohHead (Head); Ip6NtohHead (*Head);
Status = mIpSec->Process ( Status = mIpSec->ProcessExt (
mIpSec, mIpSec,
IpSb->Controller, IpSb->Controller,
IP_VERSION_6, IP_VERSION_6,
(VOID *) Head, (VOID *) (*Head),
LastHead, LastHead,
NULL, (VOID **) ExtHdrs,
0, ExtHdrsLen,
(EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable), (EFI_IPSEC_FRAGMENT_DATA **) (&FragmentTable),
&FragmentCount, &FragmentCount,
Direction, Direction,
@ -604,14 +610,20 @@ Ip6IpSecProcessPacket (
// //
// Convert back to host byte order // Convert back to host byte order
// //
Ip6NtohHead (Head); Ip6NtohHead (*Head);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
goto ON_EXIT; goto ON_EXIT;
} }
if (Direction == EfiIPsecOutBound && TxWrap != NULL) { if (OriginalFragmentCount == FragmentCount && OriginalFragmentTable == FragmentTable) {
//
// For ByPass Packet
//
goto ON_EXIT;
}
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
TxWrap->IpSecRecycleSignal = RecycleEvent; TxWrap->IpSecRecycleSignal = RecycleEvent;
TxWrap->Packet = NetbufFromExt ( TxWrap->Packet = NetbufFromExt (
FragmentTable, FragmentTable,
@ -626,6 +638,13 @@ Ip6IpSecProcessPacket (
goto ON_EXIT; goto ON_EXIT;
} }
CopyMem (
IP6_GET_CLIP_INFO (TxWrap->Packet),
IP6_GET_CLIP_INFO (Packet),
sizeof (IP6_CLIP_INFO)
);
NetIpSecNetbufFree(Packet);
*Netbuf = TxWrap->Packet; *Netbuf = TxWrap->Packet;
} else { } else {
@ -652,11 +671,11 @@ Ip6IpSecProcessPacket (
goto ON_EXIT; goto ON_EXIT;
} }
if (Direction == EfiIPsecInBound) { if (Direction == EfiIPsecInBound && 0 != CompareMem (&ZeroHead, *Head, sizeof (EFI_IP6_HEADER))) {
PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace ( PacketHead = (EFI_IP6_HEADER *) NetbufAllocSpace (
Packet, Packet,
sizeof (EFI_IP6_HEADER) + ExtHdrsLen, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen,
NET_BUF_HEAD NET_BUF_HEAD
); );
if (PacketHead == NULL) { if (PacketHead == NULL) {
@ -664,22 +683,22 @@ Ip6IpSecProcessPacket (
goto ON_EXIT; goto ON_EXIT;
} }
CopyMem (PacketHead, Head, sizeof (EFI_IP6_HEADER)); CopyMem (PacketHead, *Head, sizeof (EFI_IP6_HEADER));
*Head = PacketHead;
Packet->Ip.Ip6 = PacketHead; Packet->Ip.Ip6 = PacketHead;
if (ExtHdrs != NULL) { if (*ExtHdrs != NULL) {
Buf = (UINT8 *) (PacketHead + 1); Buf = (UINT8 *) (PacketHead + 1);
CopyMem (Buf, ExtHdrs, ExtHdrsLen); CopyMem (Buf, *ExtHdrs, *ExtHdrsLen);
} }
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE); NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
CopyMem ( CopyMem (
IP6_GET_CLIP_INFO (Packet), IP6_GET_CLIP_INFO (Packet),
IP6_GET_CLIP_INFO (IpSecWrap->Packet), IP6_GET_CLIP_INFO (IpSecWrap->Packet),
sizeof (IP6_CLIP_INFO) sizeof (IP6_CLIP_INFO)
); );
} }
*Netbuf = Packet; *Netbuf = Packet;
} }
@ -688,73 +707,72 @@ ON_EXIT:
} }
/** /**
The IP6 input routine. It is called by the IP6_INTERFACE when an Pre-process the IPv6 packet. First validates the IPv6 packet, and
IP6 fragment is received from MNP. then reassembles packet if it is necessary.
@param[in] Packet The IP6 packet received. @param[in] IpSb The IP6 service instance.
@param[in] IoStatus The return status of receive request. @param[in, out] Packet The received IP6 packet to be processed.
@param[in] Flag The link layer flag for the packet received, such @param[in] Flag The link layer flag for the packet received, such
as multicast. as multicast.
@param[in] Context The IP6 service instance that owns the MNP. @param[out] Payload The pointer to the payload of the recieved packet.
it starts from the first byte of the extension header.
@param[out] LastHead The pointer of NextHeader of the last extension
header processed by IP6.
@param[out] ExtHdrsLen The length of the whole option.
@param[out] UnFragmentLen The length of unfragmented length of extension headers.
@param[out] Fragmented Indicate whether the packet is fragmented.
@param[out] Head The pointer to the EFI_IP6_Header.
@retval EFI_SUCCESS The received packet is well format.
@retval EFI_INVALID_PARAMETER The received packet is malformed.
**/ **/
VOID EFI_STATUS
Ip6AcceptFrame ( Ip6PreProcessPacket (
IN NET_BUF *Packet, IN IP6_SERVICE *IpSb,
IN EFI_STATUS IoStatus, IN OUT NET_BUF **Packet,
IN UINT32 Flag, IN UINT32 Flag,
IN VOID *Context OUT UINT8 **Payload,
OUT UINT8 **LastHead,
OUT UINT32 *ExtHdrsLen,
OUT UINT32 *UnFragmentLen,
OUT BOOLEAN *Fragmented,
OUT EFI_IP6_HEADER **Head
) )
{ {
IP6_SERVICE *IpSb;
IP6_CLIP_INFO *Info;
EFI_IP6_HEADER *Head;
UINT16 PayloadLen; UINT16 PayloadLen;
UINT8 *Payload;
UINT16 TotalLen; UINT16 TotalLen;
UINT8 *LastHead;
UINT32 FormerHeadOffset; UINT32 FormerHeadOffset;
UINT32 UnFragmentLen;
UINT32 ExtHdrsLen;
UINT32 HeadLen; UINT32 HeadLen;
BOOLEAN Fragmented;
IP6_FRAGMENT_HEADER *FragmentHead; IP6_FRAGMENT_HEADER *FragmentHead;
UINT16 FragmentOffset; UINT16 FragmentOffset;
EFI_STATUS Status; IP6_CLIP_INFO *Info;
EFI_IPv6_ADDRESS Loopback; EFI_IPv6_ADDRESS Loopback;
IpSb = (IP6_SERVICE *) Context; HeadLen = 0;
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE); PayloadLen = 0;
Payload = NULL;
//
// Check input parameters
//
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
goto Drop;
}
// //
// Check whether the input packet is a valid packet // Check whether the input packet is a valid packet
// //
if (Packet->TotalSize < IP6_MIN_HEADLEN) { if ((*Packet)->TotalSize < IP6_MIN_HEADLEN) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Get header information of the packet. // Get header information of the packet.
// //
Head = (EFI_IP6_HEADER *) NetbufGetByte (Packet, 0, NULL); *Head = (EFI_IP6_HEADER *) NetbufGetByte (*Packet, 0, NULL);
if (Head == NULL) { if (*Head == NULL) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Multicast addresses must not be used as source addresses in IPv6 packets. // Multicast addresses must not be used as source addresses in IPv6 packets.
// //
if ((Head->Version != 6) || (IP6_IS_MULTICAST (&Head->SourceAddress))) { if (((*Head)->Version != 6) || (IP6_IS_MULTICAST (&(*Head)->SourceAddress))) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
@ -762,20 +780,20 @@ Ip6AcceptFrame (
// //
ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS)); ZeroMem (&Loopback, sizeof (EFI_IPv6_ADDRESS));
Loopback.Addr[15] = 0x1; Loopback.Addr[15] = 0x1;
if ((CompareMem (&Loopback, &Head->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) || if ((CompareMem (&Loopback, &(*Head)->DestinationAddress, sizeof (EFI_IPv6_ADDRESS)) == 0) ||
(NetIp6IsUnspecifiedAddr (&Head->DestinationAddress))) { (NetIp6IsUnspecifiedAddr (&(*Head)->DestinationAddress))) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Convert the IP header to host byte order. // Convert the IP header to host byte order.
// //
Packet->Ip.Ip6 = Ip6NtohHead (Head); (*Packet)->Ip.Ip6 = Ip6NtohHead (*Head);
// //
// Get the per packet info. // Get the per packet info.
// //
Info = IP6_GET_CLIP_INFO (Packet); Info = IP6_GET_CLIP_INFO (*Packet);
Info->LinkFlag = Flag; Info->LinkFlag = Flag;
Info->CastType = 0; Info->CastType = 0;
@ -783,10 +801,10 @@ Ip6AcceptFrame (
Info->CastType = Ip6Promiscuous; Info->CastType = Ip6Promiscuous;
} }
if (Ip6IsOneOfSetAddress (IpSb, &Head->DestinationAddress, NULL, NULL)) { if (Ip6IsOneOfSetAddress (IpSb, &(*Head)->DestinationAddress, NULL, NULL)) {
Info->CastType = Ip6Unicast; Info->CastType = Ip6Unicast;
} else if (IP6_IS_MULTICAST (&Head->DestinationAddress)) { } else if (IP6_IS_MULTICAST (&(*Head)->DestinationAddress)) {
if (Ip6FindMldEntry (IpSb, &Head->DestinationAddress) != NULL) { if (Ip6FindMldEntry (IpSb, &(*Head)->DestinationAddress) != NULL) {
Info->CastType = Ip6Multicast; Info->CastType = Ip6Multicast;
} }
} }
@ -795,11 +813,11 @@ Ip6AcceptFrame (
// Drop the packet that is not delivered to us. // Drop the packet that is not delivered to us.
// //
if (Info->CastType == 0) { if (Info->CastType == 0) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
PayloadLen = Head->PayloadLength; PayloadLen = (*Head)->PayloadLength;
Info->Start = 0; Info->Start = 0;
Info->Length = PayloadLen; Info->Length = PayloadLen;
@ -813,52 +831,51 @@ Ip6AcceptFrame (
// //
// Mnp may deliver frame trailer sequence up, trim it off. // Mnp may deliver frame trailer sequence up, trim it off.
// //
if (TotalLen < Packet->TotalSize) { if (TotalLen < (*Packet)->TotalSize) {
NetbufTrim (Packet, Packet->TotalSize - TotalLen, FALSE); NetbufTrim (*Packet, (*Packet)->TotalSize - TotalLen, FALSE);
} }
if (TotalLen != Packet->TotalSize) { if (TotalLen != (*Packet)->TotalSize) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Check the extension headers, if exist validate them // Check the extension headers, if exist validate them
// //
if (PayloadLen != 0) { if (PayloadLen != 0) {
Payload = AllocatePool ((UINTN) PayloadLen); *Payload = AllocatePool ((UINTN) PayloadLen);
if (Payload == NULL) { if (*Payload == NULL) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload); NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
} }
LastHead = NULL;
if (!Ip6IsExtsValid ( if (!Ip6IsExtsValid (
IpSb, IpSb,
Packet, *Packet,
&Head->NextHeader, &(*Head)->NextHeader,
Payload, *Payload,
(UINT32) PayloadLen, (UINT32) PayloadLen,
TRUE, TRUE,
&FormerHeadOffset, &FormerHeadOffset,
&LastHead, LastHead,
&ExtHdrsLen, ExtHdrsLen,
&UnFragmentLen, UnFragmentLen,
&Fragmented Fragmented
)) { )) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
HeadLen = sizeof (EFI_IP6_HEADER) + UnFragmentLen; HeadLen = sizeof (EFI_IP6_HEADER) + *UnFragmentLen;
if (Fragmented) { if (*Fragmented) {
// //
// Get the fragment offset from the Fragment header // Get the fragment offset from the Fragment header
// //
FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (Packet, HeadLen, NULL); FragmentHead = (IP6_FRAGMENT_HEADER *) NetbufGetByte (*Packet, HeadLen, NULL);
if (FragmentHead == NULL) { if (FragmentHead == NULL) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
FragmentOffset = NTOHS (FragmentHead->FragmentOffset); FragmentOffset = NTOHS (FragmentHead->FragmentOffset);
@ -888,49 +905,49 @@ Ip6AcceptFrame (
// Fragments should in the unit of 8 octets long except the last one. // Fragments should in the unit of 8 octets long except the last one.
// //
if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) { if ((Info->LastFrag == 0) && (Info->Length % 8 != 0)) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Reassemble the packet. // Reassemble the packet.
// //
Packet = Ip6Reassemble (&IpSb->Assemble, Packet); *Packet = Ip6Reassemble (&IpSb->Assemble, *Packet);
if (Packet == NULL) { if (*Packet == NULL) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
// //
// Re-check the assembled packet to get the right values. // Re-check the assembled packet to get the right values.
// //
Head = Packet->Ip.Ip6; *Head = (*Packet)->Ip.Ip6;
PayloadLen = Head->PayloadLength; PayloadLen = (*Head)->PayloadLength;
if (PayloadLen != 0) { if (PayloadLen != 0) {
if (Payload != NULL) { if (*Payload != NULL) {
FreePool (Payload); FreePool (*Payload);
} }
Payload = AllocatePool ((UINTN) PayloadLen); *Payload = AllocatePool ((UINTN) PayloadLen);
if (Payload == NULL) { if (*Payload == NULL) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
NetbufCopy (Packet, sizeof (EFI_IP6_HEADER), PayloadLen, Payload); NetbufCopy (*Packet, sizeof (EFI_IP6_HEADER), PayloadLen, *Payload);
} }
if (!Ip6IsExtsValid ( if (!Ip6IsExtsValid (
IpSb, IpSb,
Packet, *Packet,
&Head->NextHeader, &(*Head)->NextHeader,
Payload, *Payload,
(UINT32) PayloadLen, (UINT32) PayloadLen,
TRUE, TRUE,
NULL, NULL,
&LastHead, LastHead,
&ExtHdrsLen, ExtHdrsLen,
&UnFragmentLen, UnFragmentLen,
&Fragmented Fragmented
)) { )) {
goto Restart; return EFI_INVALID_PARAMETER;
} }
} }
@ -938,30 +955,109 @@ Ip6AcceptFrame (
// Trim the head off, after this point, the packet is headless. // Trim the head off, after this point, the packet is headless.
// and Packet->TotalLen == Info->Length. // and Packet->TotalLen == Info->Length.
// //
NetbufTrim (Packet, sizeof (EFI_IP6_HEADER) + ExtHdrsLen, TRUE); NetbufTrim (*Packet, sizeof (EFI_IP6_HEADER) + *ExtHdrsLen, TRUE);
return EFI_SUCCESS;
}
/**
The IP6 input routine. It is called by the IP6_INTERFACE when an
IP6 fragment is received from MNP.
@param[in] Packet The IP6 packet received.
@param[in] IoStatus The return status of receive request.
@param[in] Flag The link layer flag for the packet received, such
as multicast.
@param[in] Context The IP6 service instance that owns the MNP.
**/
VOID
Ip6AcceptFrame (
IN NET_BUF *Packet,
IN EFI_STATUS IoStatus,
IN UINT32 Flag,
IN VOID *Context
)
{
IP6_SERVICE *IpSb;
EFI_IP6_HEADER *Head;
UINT8 *Payload;
UINT8 *LastHead;
UINT32 UnFragmentLen;
UINT32 ExtHdrsLen;
BOOLEAN Fragmented;
EFI_STATUS Status;
EFI_IP6_HEADER ZeroHead;
IpSb = (IP6_SERVICE *) Context;
NET_CHECK_SIGNATURE (IpSb, IP6_SERVICE_SIGNATURE);
Payload = NULL;
LastHead = NULL;
//
// Check input parameters
//
if (EFI_ERROR (IoStatus) || (IpSb->State == IP6_SERVICE_DESTROY)) {
goto Drop;
}
//
// Pre-Process the Ipv6 Packet and then reassemble if it is necessary.
//
Status = Ip6PreProcessPacket (
IpSb,
&Packet,
Flag,
&Payload,
&LastHead,
&ExtHdrsLen,
&UnFragmentLen,
&Fragmented,
&Head
);
if (EFI_ERROR (Status)) {
goto Restart;
}
// //
// After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer, // After trim off, the packet is a esp/ah/udp/tcp/icmp6 net buffer,
// and no need consider any other ahead ext headers. // and no need consider any other ahead ext headers.
// //
Status = Ip6IpSecProcessPacket ( Status = Ip6IpSecProcessPacket (
IpSb, IpSb,
Head, &Head,
LastHead, // need get the lasthead value for input LastHead, // need get the lasthead value for input
&Packet, &Packet,
NULL, &Payload,
0, &ExtHdrsLen,
EfiIPsecInBound, EfiIPsecInBound,
NULL NULL
); );
if (EFI_ERROR(Status)) { if (EFI_ERROR (Status)) {
goto Restart; goto Restart;
} }
// //
// TODO: may check the last head again, the same as the output routine // If the packet is protected by IPsec Tunnel Mode, Check the Inner Ip Packet.
// //
ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));
if (0 == CompareMem (Head, &ZeroHead, sizeof (EFI_IP6_HEADER))) {
Status = Ip6PreProcessPacket (
IpSb,
&Packet,
Flag,
&Payload,
&LastHead,
&ExtHdrsLen,
&UnFragmentLen,
&Fragmented,
&Head
);
if (EFI_ERROR (Status)) {
goto Restart;
}
}
// //
// Packet may have been changed. The ownership of the packet // Packet may have been changed. The ownership of the packet

View File

@ -137,39 +137,39 @@ Ip6InstanceDeliverPacket (
); );
/** /**
The work function to locate IPsec protocol to process the inbound or The work function to locate the IPsec protocol to process the inbound or
outbound IP packets. The process routine handls the packet with the following outbound IP packets. The process routine handles the packet with the following
actions: bypass the packet, discard the packet, or protect the packet. actions: bypass the packet, discard the packet, or protect the packet.
@param[in] IpSb The IP6 service instance. @param[in] IpSb The IP6 service instance.
@param[in] Head The caller supplied IP6 header. @param[in, out] Head The caller-supplied IP6 header.
@param[in, out] LastHead The next header field of last IP header. @param[in, out] LastHead The next header field of last IP header.
@param[in, out] Netbuf The IP6 packet to be processed by IPsec. @param[in, out] Netbuf The IP6 packet to be processed by IPsec.
@param[in] ExtHdrs The caller supplied options. @param[in, out] ExtHdrs The caller-supplied options.
@param[in] ExtHdrsLen The length of the option. @param[in, out] ExtHdrsLen The length of the option.
@param[in] Direction The directionality in an SPD entry, @param[in] Direction The directionality in an SPD entry,
EfiIPsecInBound or EfiIPsecOutBound. EfiIPsecInBound, or EfiIPsecOutBound.
@param[in] Context The token's wrap. @param[in] Context The token's wrap.
@retval EFI_SUCCESS The IPsec protocol is not available or disabled. @retval EFI_SUCCESS The IPsec protocol is not available or disabled.
@retval EFI_SUCCESS The packet was bypassed and all buffers remain the same. @retval EFI_SUCCESS The packet was bypassed, and all buffers remain the same.
@retval EFI_SUCCESS The packet was protected. @retval EFI_SUCCESS The packet was protected.
@retval EFI_ACCESS_DENIED The packet was discarded. @retval EFI_ACCESS_DENIED The packet was discarded.
@retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation. @retval EFI_OUT_OF_RESOURCES There are not suffcient resources to complete the operation.
@retval EFI_BUFFER_TOO_SMALL The number of non-empty block is bigger than the @retval EFI_BUFFER_TOO_SMALL The number of non-empty blocks is bigger than the
number of input data blocks when building a fragment table. number of input data blocks when building a fragment table.
**/ **/
EFI_STATUS EFI_STATUS
Ip6IpSecProcessPacket ( Ip6IpSecProcessPacket (
IN IP6_SERVICE *IpSb, IN IP6_SERVICE *IpSb,
IN EFI_IP6_HEADER *Head, IN OUT EFI_IP6_HEADER **Head,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT NET_BUF **Netbuf, IN OUT NET_BUF **Netbuf,
IN VOID *ExtHdrs, IN OUT UINT8 **ExtHdrs,
IN UINT32 ExtHdrsLen, IN OUT UINT32 *ExtHdrsLen,
IN EFI_IPSEC_TRAFFIC_DIR Direction, IN EFI_IPSEC_TRAFFIC_DIR Direction,
IN VOID *Context IN VOID *Context
); );
/** /**

View File

@ -638,11 +638,11 @@ Ip6Output (
Status = Ip6IpSecProcessPacket ( Status = Ip6IpSecProcessPacket (
IpSb, IpSb,
Head, &Head,
LastHeader, // no need get the lasthead value for output LastHeader, // no need get the lasthead value for output
&Packet, &Packet,
ExtHdrs, &ExtHdrs,
ExtHdrsLen, &ExtHdrsLen,
EfiIPsecOutBound, EfiIPsecOutBound,
Context Context
); );

View File

@ -2365,7 +2365,7 @@ EfiIpSecConfigGetNextSelector (
NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) { NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List); CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
if (IsFound || mIsZeroSelector[DataType](Selector)) { if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {
// //
// If found the appointed entry, then duplicate the next one and return, // If found the appointed entry, then duplicate the next one and return,
// or if the appointed entry is zero, then return the first one directly. // or if the appointed entry is zero, then return the first one directly.

View File

@ -18,15 +18,15 @@
// Alogrithm's informations for the Encrypt/Decrpt Alogrithm. // Alogrithm's informations for the Encrypt/Decrpt Alogrithm.
// //
ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = { ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
{EFI_IPSEC_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL}, {IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL} {(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
}; };
// //
// Alogrithm's informations for the Authentication algorithm // Alogrithm's informations for the Authentication algorithm
// //
AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = { AUTH_ALGORITHM mIpsecAuthAlgorithmList[IPSEC_AUTH_ALGORITHM_LIST_SIZE] = {
{EFI_IPSEC_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL}, {IKE_AALG_NONE, 0, 0, 0, NULL, NULL, NULL, NULL},
{EFI_IPSEC_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL}, {IKE_AALG_NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
{(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL} {(UINT8)-1, 0, 0, 0, NULL, NULL, NULL, NULL}
}; };

View File

@ -22,6 +22,23 @@
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2 #define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3 #define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
///
/// Authentication Algorithm Definition
/// The number value definition is aligned to IANA assignment
///
#define IKE_AALG_NONE 0x00
#define IKE_AALG_SHA1HMAC 0x02
#define IKE_AALG_NULL 0xFB
///
/// Encryption Algorithm Definition
/// The number value definition is aligned to IANA assignment
///
#define IKE_EALG_NONE 0x00
#define IKE_EALG_3DESCBC 0x03
#define IKE_EALG_NULL 0x0B
#define IKE_EALG_AESCBC 0x0C
/** /**
Prototype of Hash GetContextSize. Prototype of Hash GetContextSize.

View File

@ -174,7 +174,7 @@ IpSecDriverEntryPoint (
{ {
EFI_STATUS Status; EFI_STATUS Status;
IPSEC_PRIVATE_DATA *Private; IPSEC_PRIVATE_DATA *Private;
EFI_IPSEC_PROTOCOL *IpSec; EFI_IPSEC2_PROTOCOL *IpSec;
// //
// Check whether ipsec protocol has already been installed. // Check whether ipsec protocol has already been installed.
@ -218,7 +218,7 @@ IpSecDriverEntryPoint (
Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE; Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;
Private->ImageHandle = ImageHandle; Private->ImageHandle = ImageHandle;
CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC_PROTOCOL)); CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));
// //
// Initilize Private's members. Thess members is used for IKE. // Initilize Private's members. Thess members is used for IKE.

View File

@ -15,7 +15,7 @@
#include "IpSecConfigImpl.h" #include "IpSecConfigImpl.h"
EFI_IPSEC_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE }; EFI_IPSEC2_PROTOCOL mIpSecInstance = { IpSecProcess, NULL, TRUE };
extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum]; extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
@ -656,11 +656,11 @@ IpSecLookupSpdEntry (
@param[in] NicHandle Instance of the network interface. @param[in] NicHandle Instance of the network interface.
@param[in] IpVersion IPV4 or IPV6. @param[in] IpVersion IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header. @param[in, out] IpHead Pointer to the IP Header.
@param[in] LastHead The protocol of the next layer to be processed by IPsec. @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
@param[in] OptionsBuffer Pointer to the options buffer. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in] OptionsLength Length of the options buffer. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments. @param[in, out] FragmentTable Pointer to a list of fragments.
@param[in] FragmentCount Number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction. @param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources. @param[out] RecycleSignal Event for recycling of resources.
@ -672,15 +672,15 @@ IpSecLookupSpdEntry (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
IpSecProcess ( IpSecProcess (
IN EFI_IPSEC_PROTOCOL *This, IN EFI_IPSEC2_PROTOCOL *This,
IN EFI_HANDLE NicHandle, IN EFI_HANDLE NicHandle,
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, IN OUT VOID **OptionsBuffer,
IN UINT32 OptionsLength, IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
OUT EFI_EVENT *RecycleSignal OUT EFI_EVENT *RecycleSignal
) )

View File

@ -88,16 +88,19 @@ struct _IPSEC_SPD_ENTRY {
}; };
typedef struct _IPSEC_SAD_DATA { typedef struct _IPSEC_SAD_DATA {
EFI_IPSEC_MODE Mode; EFI_IPSEC_MODE Mode;
UINT64 SequenceNumber; UINT64 SequenceNumber;
UINT8 AntiReplayWindowSize; UINT8 AntiReplayWindowSize;
UINT64 AntiReplayBitmap[4]; // bitmap for received packet UINT64 AntiReplayBitmap[4]; // bitmap for received packet
EFI_IPSEC_ALGO_INFO AlgoInfo; EFI_IPSEC_ALGO_INFO AlgoInfo;
EFI_IPSEC_SA_LIFETIME SaLifetime; EFI_IPSEC_SA_LIFETIME SaLifetime;
UINT32 PathMTU; UINT32 PathMTU;
IPSEC_SPD_ENTRY *SpdEntry; IPSEC_SPD_ENTRY *SpdEntry;
BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled EFI_IPSEC_SPD_SELECTOR *SpdSelector;
BOOLEAN ManualSet; BOOLEAN ESNEnabled; // Extended (64-bit) SN enabled
BOOLEAN ManualSet;
EFI_IP_ADDRESS TunnelDestAddress;
EFI_IP_ADDRESS TunnelSourceAddress;
} IPSEC_SAD_DATA; } IPSEC_SAD_DATA;
typedef struct _IPSEC_SAD_ENTRY { typedef struct _IPSEC_SAD_ENTRY {
@ -122,7 +125,7 @@ struct _IPSEC_PRIVATE_DATA {
UINT32 Signature; UINT32 Signature;
EFI_HANDLE Handle; // Virtual handle to install private prtocol EFI_HANDLE Handle; // Virtual handle to install private prtocol
EFI_HANDLE ImageHandle; EFI_HANDLE ImageHandle;
EFI_IPSEC_PROTOCOL IpSec; EFI_IPSEC2_PROTOCOL IpSec;
EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig; EFI_IPSEC_CONFIG_PROTOCOL IpSecConfig;
BOOLEAN SetBySelf; BOOLEAN SetBySelf;
LIST_ENTRY Udp4List; LIST_ENTRY Udp4List;
@ -146,13 +149,13 @@ struct _IPSEC_PRIVATE_DATA {
@param[in, out] IpHead Points to IP header containing the ESP/AH header @param[in, out] IpHead Points to IP header containing the ESP/AH header
to be trimed on input, and without ESP/AH header to be trimed on input, and without ESP/AH header
on return. on return.
@param[in] LastHead The Last Header in IP header on return. @param[out] LastHead The Last Header in IP header on return.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@param[in] FragmentCount Number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return. @param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent Event for recycling of resources. @param[out] RecycleEvent Event for recycling of resources.
@ -164,11 +167,11 @@ EFI_STATUS
IpSecProtectInboundPacket ( IpSecProtectInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry, OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
); );
@ -184,13 +187,13 @@ IpSecProtectInboundPacket (
@param[in, out] IpHead Point to IP header containing the orginal IP header @param[in, out] IpHead Point to IP header containing the orginal IP header
to be processed on input, and inserted ESP/AH header to be processed on input, and inserted ESP/AH header
on return. on return.
@param[in] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@param[in] FragmentCount Number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[in] SadEntry Related SAD entry. @param[in] SadEntry Related SAD entry.
@param[out] RecycleEvent Event for recycling of resources. @param[out] RecycleEvent Event for recycling of resources.
@ -202,11 +205,11 @@ EFI_STATUS
IpSecProtectOutboundPacket ( IpSecProtectOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
); );
@ -274,11 +277,11 @@ IpSecLookupSadBySpi (
@param[in] NicHandle Instance of the network interface. @param[in] NicHandle Instance of the network interface.
@param[in] IpVersion IPV4 or IPV6. @param[in] IpVersion IPV4 or IPV6.
@param[in, out] IpHead Pointer to the IP Header. @param[in, out] IpHead Pointer to the IP Header.
@param[in] LastHead The protocol of the next layer to be processed by IPsec. @param[in, out] LastHead The protocol of the next layer to be processed by IPsec.
@param[in] OptionsBuffer Pointer to the options buffer. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in] OptionsLength Length of the options buffer. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments. @param[in, out] FragmentTable Pointer to a list of fragments.
@param[in] FragmentCount Number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[in] TrafficDirection Traffic direction. @param[in] TrafficDirection Traffic direction.
@param[out] RecycleSignal Event for recycling of resources. @param[out] RecycleSignal Event for recycling of resources.
@ -290,21 +293,21 @@ IpSecLookupSadBySpi (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
IpSecProcess ( IpSecProcess (
IN EFI_IPSEC_PROTOCOL *This, IN EFI_IPSEC2_PROTOCOL *This,
IN EFI_HANDLE NicHandle, IN EFI_HANDLE NicHandle,
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, IN OUT VOID **OptionsBuffer,
IN UINT32 OptionsLength, IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection, IN EFI_IPSEC_TRAFFIC_DIR TrafficDirection,
OUT EFI_EVENT *RecycleSignal OUT EFI_EVENT *RecycleSignal
); );
extern EFI_DPC_PROTOCOL *mDpc; extern EFI_DPC_PROTOCOL *mDpc;
extern EFI_IPSEC_PROTOCOL mIpSecInstance; extern EFI_IPSEC2_PROTOCOL mIpSecInstance;
extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2; extern EFI_COMPONENT_NAME2_PROTOCOL gIpSecComponentName2;
extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName; extern EFI_COMPONENT_NAME_PROTOCOL gIpSecComponentName;

View File

@ -124,8 +124,8 @@ IpSecAuthPayload (
) )
{ {
switch (AuthAlgId) { switch (AuthAlgId) {
case EFI_IPSEC_AALG_NONE : case IKE_AALG_NONE :
case EFI_IPSEC_AALG_NULL : case IKE_AALG_NULL :
return EFI_SUCCESS; return EFI_SUCCESS;
default: default:
@ -222,15 +222,15 @@ IpSecEspDecryptPayload (
EFI_ESP_TAIL *EspTail; EFI_ESP_TAIL *EspTail;
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) { switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
case EFI_IPSEC_EALG_NULL: case IKE_EALG_NULL:
EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL)); EspTail = (EFI_ESP_TAIL *) (PayloadBuffer + EncryptSize - sizeof (EFI_ESP_TAIL));
*PaddingSize = EspTail->PaddingLength; *PaddingSize = EspTail->PaddingLength;
*NextHeader = EspTail->NextHeader; *NextHeader = EspTail->NextHeader;
*PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL); *PlainPayloadSize = EncryptSize - EspTail->PaddingLength - sizeof (EFI_ESP_TAIL);
break; break;
case EFI_IPSEC_EALG_3DESCBC: case IKE_EALG_3DESCBC:
case EFI_IPSEC_EALG_AESCBC: case IKE_EALG_AESCBC:
// //
// TODO: support these algorithm // TODO: support these algorithm
// //
@ -269,11 +269,11 @@ IpSecEspEncryptPayload (
) )
{ {
switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) { switch (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId) {
case EFI_IPSEC_EALG_NULL: case IKE_EALG_NULL:
return EFI_SUCCESS; return EFI_SUCCESS;
case EFI_IPSEC_EALG_3DESCBC: case IKE_EALG_3DESCBC:
case EFI_IPSEC_EALG_AESCBC: case IKE_EALG_AESCBC:
// //
// TODO: support these algorithms // TODO: support these algorithms
// //
@ -296,12 +296,12 @@ IpSecEspEncryptPayload (
to be trimed on input, and without ESP header to be trimed on input, and without ESP header
on return. on return.
@param[out] LastHead The Last Header in IP header on return. @param[out] LastHead The Last Header in IP header on return.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@param[in] FragmentCount The number of fragments. @param[in, out] FragmentCount The number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return. @param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent The event for recycling of resources. @param[out] RecycleEvent The event for recycling of resources.
@ -318,10 +318,10 @@ IpSecEspInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
OUT UINT8 *LastHead, OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry, OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
) )
@ -558,13 +558,13 @@ ON_EXIT:
@param[in, out] IpHead Points to IP header containing the orginal IP header @param[in, out] IpHead Points to IP header containing the orginal IP header
to be processed on input, and inserted ESP header to be processed on input, and inserted ESP header
on return. on return.
@param[in] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@param[in] FragmentCount The number of fragments. @param[in, out] FragmentCount The number of fragments.
@param[in] SadEntry The related SAD entry. @param[in] SadEntry The related SAD entry.
@param[out] RecycleEvent The event for recycling of resources. @param[out] RecycleEvent The event for recycling of resources.
@ -576,11 +576,11 @@ EFI_STATUS
IpSecEspOutboundPacket ( IpSecEspOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
) )
@ -825,29 +825,29 @@ ON_EXIT:
@param[in, out] IpHead Points to IP header containing the ESP/AH header @param[in, out] IpHead Points to IP header containing the ESP/AH header
to be trimed on input, and without ESP/AH header to be trimed on input, and without ESP/AH header
on return. on return.
@param[in] LastHead The Last Header in IP header on return. @param[out] LastHead The Last Header in IP header on return.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@param[in] FragmentCount The number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[out] SpdEntry Pointer to contain the address of SPD entry on return. @param[out] SpdEntry Pointer to contain the address of SPD entry on return.
@param[out] RecycleEvent The event for recycling of resources. @param[out] RecycleEvent Event for recycling of resources.
@retval EFI_SUCCESS The operation was successful. @retval EFI_SUCCESS The operation is successful.
@retval EFI_UNSUPPORTED The IPSEC protocol is not supported. @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
**/ **/
EFI_STATUS EFI_STATUS
IpSecProtectInboundPacket ( IpSecProtectInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT IPSEC_SPD_ENTRY **SpdEntry, OUT IPSEC_SPD_ENTRY **SpdEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
) )
@ -875,26 +875,26 @@ IpSecProtectInboundPacket (
} }
/** /**
This function processes the output traffic with IPsec. This fucntion processes the output traffic with IPsec.
It protected the sending packet by encrypting it payload and inserting ESP/AH header It protected the sending packet by encrypting it payload and inserting ESP/AH header
in the orginal IP header, then returns the IpHeader and IPsec protected Fragmentable. in the orginal IP header, then return the IpHeader and IPsec protected Fragmentable.
@param[in] IpVersion The version of IP. @param[in] IpVersion The version of IP.
@param[in, out] IpHead Points to IP header containing the orginal IP header @param[in, out] IpHead Point to IP header containing the orginal IP header
to be processed on input, and inserted ESP/AH header to be processed on input, and inserted ESP/AH header
on return. on return.
@param[in] LastHead The Last Header in the IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer. It is optional.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@param[in] FragmentCount The number of fragments. @param[in, out] FragmentCount Number of fragments.
@param[in] SadEntry The related SAD entry. @param[in] SadEntry Related SAD entry.
@param[out] RecycleEvent The event for recycling of resources. @param[out] RecycleEvent Event for recycling of resources.
@retval EFI_SUCCESS The operation was successful. @retval EFI_SUCCESS The operation is successful.
@retval EFI_UNSUPPORTED If the IPSEC protocol is not supported. @retval EFI_UNSUPPORTED If the IPSEC protocol is not supported.
**/ **/
@ -902,11 +902,11 @@ EFI_STATUS
IpSecProtectOutboundPacket ( IpSecProtectOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN VOID *OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer, OPTIONAL
IN UINT32 OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength, OPTIONAL
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,
OUT EFI_EVENT *RecycleEvent OUT EFI_EVENT *RecycleEvent
) )