NetworkPkg/IpSecDxe: Fix wrong IKE header "FLAG" update

*v2: update the commit log and refine the code comments.

There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange

The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu
2016-08-15 11:49:56 +08:00
parent 40b83d6114
commit 7822a1d91d
4 changed files with 28 additions and 16 deletions

View File

@@ -1,7 +1,7 @@
/** @file
The Definitions related to IKEv2 payload.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -37,11 +37,16 @@
#define IKEV2_PAYLOAD_TYPE_EAP 48
//
// IKE header Flag for IKEv2
// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
//
// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
// original initiator of the IKE_SA
//
// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
// a message containing the same message ID.
//
#define IKE_HEADER_FLAGS_INIT 0x08
#define IKE_HEADER_FLAGS_RESPOND 0x20
#define IKE_HEADER_FLAGS_CHILD_INIT 0
//
// IKE Header Exchange Type for IKEv2