]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - NetworkPkg/IpSecDxe/IkeCommon.c
ArmVirtPkg/FdtPL011SerialPortLib: Set the PL011 UART clock rate
[mirror_edk2.git] / NetworkPkg / IpSecDxe / IkeCommon.c
... / ...
CommitLineData
1/** @file\r
2 Common operation of the IKE\r
3 \r
4 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include "Ike.h"\r
17#include "IkeCommon.h"\r
18#include "IpSecConfigImpl.h"\r
19#include "IpSecDebug.h"\r
20\r
21//\r
22// Initial the SPI\r
23//\r
24UINT32 mNextSpi = IKE_SPI_BASE;\r
25\r
26/**\r
27 Call Crypto Lib to generate a random value with eight-octet length.\r
28 \r
29 @return the 64 byte vaule.\r
30\r
31**/\r
32UINT64\r
33IkeGenerateCookie (\r
34 VOID\r
35 )\r
36{\r
37 UINT64 Cookie;\r
38 EFI_STATUS Status;\r
39\r
40 Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
41 if (EFI_ERROR (Status)) {\r
42 return 0;\r
43 } else {\r
44 return Cookie;\r
45 }\r
46}\r
47\r
48/**\r
49 Generate the random data for Nonce payload.\r
50\r
51 @param[in] NonceSize Size of the data in bytes.\r
52 \r
53 @return Buffer which contains the random data of the spcified size. \r
54\r
55**/\r
56UINT8 *\r
57IkeGenerateNonce (\r
58 IN UINTN NonceSize\r
59 )\r
60{\r
61 UINT8 *Nonce;\r
62 EFI_STATUS Status;\r
63\r
64 Nonce = AllocateZeroPool (NonceSize);\r
65 if (Nonce == NULL) {\r
66 return NULL;\r
67 }\r
68\r
69 Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
70 if (EFI_ERROR (Status)) {\r
71 FreePool (Nonce);\r
72 return NULL;\r
73 } else {\r
74 return Nonce;\r
75 }\r
76}\r
77\r
78/**\r
79 Convert the IKE Header from Network order to Host order.\r
80\r
81 @param[in, out] Header The pointer of the IKE_HEADER.\r
82\r
83**/\r
84VOID\r
85IkeHdrNetToHost (\r
86 IN OUT IKE_HEADER *Header\r
87 )\r
88{\r
89 Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
90 Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
91 Header->MessageId = NTOHL (Header->MessageId);\r
92 Header->Length = NTOHL (Header->Length);\r
93}\r
94\r
95/**\r
96 Convert the IKE Header from Host order to Network order.\r
97\r
98 @param[in, out] Header The pointer of the IKE_HEADER.\r
99\r
100**/\r
101VOID\r
102IkeHdrHostToNet (\r
103 IN OUT IKE_HEADER *Header\r
104 )\r
105{\r
106 Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
107 Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
108 Header->MessageId = HTONL (Header->MessageId);\r
109 Header->Length = HTONL (Header->Length);\r
110}\r
111\r
112/**\r
113 Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
114\r
115 @return A buffer of IKE_PAYLOAD.\r
116\r
117**/\r
118IKE_PAYLOAD *\r
119IkePayloadAlloc (\r
120 VOID\r
121 )\r
122{\r
123 IKE_PAYLOAD *IkePayload;\r
124\r
125 IkePayload = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
126 if (IkePayload == NULL) {\r
127 return NULL;\r
128 }\r
129 \r
130 IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
131\r
132 return IkePayload;\r
133}\r
134\r
135/**\r
136 Free a specified IKE_PAYLOAD buffer.\r
137\r
138 @param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.\r
139\r
140**/\r
141VOID\r
142IkePayloadFree (\r
143 IN IKE_PAYLOAD *IkePayload\r
144 )\r
145{\r
146 if (IkePayload == NULL) {\r
147 return;\r
148 }\r
149 //\r
150 // If this IkePayload is not referred by others, free it.\r
151 //\r
152 if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
153 FreePool (IkePayload->PayloadBuf);\r
154 }\r
155\r
156 FreePool (IkePayload);\r
157}\r
158\r
159/**\r
160 Generate an new SPI.\r
161\r
162 @return a SPI in 4 bytes.\r
163\r
164**/\r
165UINT32\r
166IkeGenerateSpi (\r
167 VOID\r
168 )\r
169{\r
170 //\r
171 // TODO: should generate SPI randomly to avoid security issue\r
172 //\r
173 return mNextSpi++;\r
174}\r
175\r
176/**\r
177 Generate a random data for IV\r
178\r
179 @param[in] IvBuffer The pointer of the IV buffer.\r
180 @param[in] IvSize The IV size.\r
181\r
182 @retval EFI_SUCCESS Create a random data for IV.\r
183 @retval otherwise Failed.\r
184\r
185**/\r
186EFI_STATUS\r
187IkeGenerateIv (\r
188 IN UINT8 *IvBuffer,\r
189 IN UINTN IvSize\r
190 )\r
191{\r
192 return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
193}\r
194\r
195\r
196/**\r
197 Find SPD entry by a specified SPD selector.\r
198\r
199 @param[in] SpdSel Point to SPD Selector to be searched for.\r
200\r
201 @retval Point to SPD Entry if the SPD entry found.\r
202 @retval NULL if not found.\r
203\r
204**/\r
205IPSEC_SPD_ENTRY *\r
206IkeSearchSpdEntry (\r
207 IN EFI_IPSEC_SPD_SELECTOR *SpdSel\r
208 )\r
209{\r
210 IPSEC_SPD_ENTRY *SpdEntry;\r
211 LIST_ENTRY *SpdList;\r
212 LIST_ENTRY *Entry;\r
213\r
214 SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
215\r
216 NET_LIST_FOR_EACH (Entry, SpdList) {\r
217 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
218\r
219 //\r
220 // Find the required SPD entry\r
221 //\r
222 if (CompareSpdSelector (\r
223 (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
224 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
225 )) {\r
226 return SpdEntry;\r
227 }\r
228\r
229 }\r
230\r
231 return NULL;\r
232}\r
233\r
234/**\r
235 Get the IKE Version from the IKE_SA_SESSION.\r
236\r
237 @param[in] Session Pointer of the IKE_SA_SESSION.\r
238\r
239**/\r
240UINT8\r
241IkeGetVersionFromSession (\r
242 IN UINT8 *Session\r
243 )\r
244{\r
245 if (*(UINT32 *) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
246 return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
247 } else {\r
248 //\r
249 // Add IKEv1 support here.\r
250 //\r
251 return 0;\r
252 }\r
253}\r
254\r