tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/NetworkPkg/IpSecDxe
History
Jiaxin Wu 40b83d6114 NetworkPkg/IpSecDxe: Fix UEFI IKE Initial Exchange failure 
*v2: update the commit log.

IKE Initial Exchange message should cover below process:
           Initiator                    Responder
Message1 HDR,SAil,KEi,Ni  ------>
Message2                  <------   HDR,SArl,KEr,Nr,[CERTREQ]
Message3 HDR,SK{}         ------>
Message4                  <------   HDR,SK{}

If Initial Exchange message is initiated by Linux IKE, it works well.
But the failure will happen if it's initiated by UEFI IKE. This issue
is caused by the no status check of NotifyCookiePayload.

While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet
doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be
returned from Ikev2ParserNotifyCookiePayload(). Current implementation
return this error status directly, then the session will be broken. The
correct behavior should check this status. If no COOKIE Notify payload,
initiator don't need to retry the IKE_SA_INIT.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
 		2016-08-18 16:53:14 +08:00
..
Ikev2 NetworkPkg/IpSecDxe: Fix UEFI IKE Initial Exchange failure 2016-08-18 16:53:14 +08:00
ComponentName.c 1. Add EFI_COMPONENT_NAME2_PROTOCOL.GetControllerName() support. 2012-12-13 06:47:06 +00:00
IetfConstants.c Add IPsec/Ikev2 support. 2010-12-31 10:43:54 +00:00
Ike.h Fix CRLF format 2014-01-22 08:39:32 +00:00
IkeCommon.c NetworkPkg: Remove mZeroGuid definition in IpSecDxe 2015-07-07 03:03:21 +00:00
IkeCommon.h NetworkPkg: Remove IpSecDxe and Ip4Config Protocol dependency. 2015-07-08 03:09:28 +00:00
IkePacket.c NetworkPkg: Avoid potential NULL pointer dereference 2016-06-27 10:11:46 +08:00
IkePacket.h Add IPsec/Ikev2 support. 2010-12-31 10:43:54 +00:00
IkeService.c NetworkPkg:Fix Network memory leak when calling GetModeData interface 2016-01-28 02:32:43 +00:00
IkeService.h NetworkPkg: Fix hang issue after system reconnected when IPSec has set up 2015-08-14 07:41:51 +00:00
IpSecConfigImpl.c NetworkPkg: Remove ASSERT and use error handling in IpSecDxe 2016-06-21 12:56:24 +08:00
IpSecConfigImpl.h NetworkPkg: comments clean up. 2011-01-21 08:00:22 +00:00
IpSecCryptIo.c NetworkPkg: Remove ASSERT and use error handling in IpSecDxe 2016-06-21 12:56:24 +08:00
IpSecCryptIo.h NetworkPkg: comments clean up. 2011-01-21 08:00:22 +00:00
IpSecDebug.c Fix code potential errors in IPsec. 2012-10-17 05:46:53 +00:00
IpSecDebug.h Fix code potential errors in IPsec. 2012-10-17 05:46:53 +00:00
IpSecDriver.c NetworkPkg: Fix hang issue after system reconnected when IPSec has set up 2015-08-14 07:41:51 +00:00
IpSecDxe.inf NetworkPkg: Remove IpSecDxe and Ip4Config Protocol dependency. 2015-07-08 03:09:28 +00:00
IpSecDxe.uni NetworkPkg: Convert all .uni files to utf-8 2015-12-15 04:56:57 +00:00
IpSecDxeExtra.uni NetworkPkg: Convert all .uni files to utf-8 2015-12-15 04:56:57 +00:00
IpSecImpl.c NetworkPkg: Remove ASSERT and use error handling in IpSecDxe 2016-06-21 12:56:24 +08:00
IpSecImpl.h NetworkPkg: TrafficDirection not saved in IPsecConfig. 2015-09-16 08:52:43 +00:00
IpSecMain.c Update the IPsec driver to check in invalid parameter of ProcessExt() according to UEFI Spec. 2011-05-31 02:03:57 +00:00