mirror of https://github.com/acidanthera/audk.git
40b83d6114
*v2: update the commit log.
IKE Initial Exchange message should cover below process:
Initiator Responder
Message1 HDR,SAil,KEi,Ni ------>
Message2 <------ HDR,SArl,KEr,Nr,[CERTREQ]
Message3 HDR,SK{} ------>
Message4 <------ HDR,SK{}
If Initial Exchange message is initiated by Linux IKE, it works well.
But the failure will happen if it's initiated by UEFI IKE. This issue
is caused by the no status check of NotifyCookiePayload.
While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet
doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be
returned from Ikev2ParserNotifyCookiePayload(). Current implementation
return this error status directly, then the session will be broken. The
correct behavior should check this status. If no COOKIE Notify payload,
initiator don't need to retry the IKE_SA_INIT.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||
|---|---|---|
| .. | ||
| Ikev2 | ||
| ComponentName.c | ||
| IetfConstants.c | ||
| Ike.h | ||
| IkeCommon.c | ||
| IkeCommon.h | ||
| IkePacket.c | ||
| IkePacket.h | ||
| IkeService.c | ||
| IkeService.h | ||
| IpSecConfigImpl.c | ||
| IpSecConfigImpl.h | ||
| IpSecCryptIo.c | ||
| IpSecCryptIo.h | ||
| IpSecDebug.c | ||
| IpSecDebug.h | ||
| IpSecDriver.c | ||
| IpSecDxe.inf | ||
| IpSecDxe.uni | ||
| IpSecDxeExtra.uni | ||
| IpSecImpl.c | ||
| IpSecImpl.h | ||
| IpSecMain.c | ||