[mirror_edk2.git] / NetworkPkg / IpSecDxe / IkeCommon.c

/** @file\r
  Common operation of the IKE\r
  \r
  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "Ike.h"\r
#include "IkeCommon.h"\r
#include "IpSecConfigImpl.h"\r
#include "IpSecDebug.h"\r
\r
//\r
// Initial the SPI\r
//\r
UINT32            mNextSpi  = IKE_SPI_BASE;\r
\r
/**\r
  Call Crypto Lib to generate a random value with eight-octet length.\r
  \r
  @return the 64 byte vaule.\r
\r
**/\r
UINT64\r
IkeGenerateCookie (\r
  VOID\r
  )\r
{\r
  UINT64     Cookie;\r
  EFI_STATUS Status;\r
\r
  Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
  if (EFI_ERROR (Status)) {\r
    return 0;\r
  } else {\r
    return Cookie;\r
  }\r
}\r
\r
/**\r
  Generate the random data for Nonce payload.\r
\r
  @param[in]  NonceSize      Size of the data in bytes.\r
  \r
  @return Buffer which contains the random data of the spcified size. \r
\r
**/\r
UINT8 *\r
IkeGenerateNonce (\r
  IN UINTN              NonceSize\r
  )\r
{\r
  UINT8                  *Nonce;\r
  EFI_STATUS             Status;\r
\r
  Nonce = AllocateZeroPool (NonceSize);\r
  if (Nonce == NULL) {\r
    return NULL;\r
  }\r
\r
  Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (Nonce);\r
    return NULL;\r
  } else {\r
    return Nonce;\r
  }\r
}\r
\r
/**\r
  Convert the IKE Header from Network order to Host order.\r
\r
  @param[in, out]  Header    The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrNetToHost (\r
  IN OUT IKE_HEADER *Header\r
  )\r
{\r
  Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
  Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
  Header->MessageId       = NTOHL (Header->MessageId);\r
  Header->Length          = NTOHL (Header->Length);\r
}\r
\r
/**\r
  Convert the IKE Header from Host order to Network order.\r
\r
  @param[in, out] Header     The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrHostToNet (\r
  IN OUT IKE_HEADER *Header\r
  )\r
{\r
  Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
  Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
  Header->MessageId       = HTONL (Header->MessageId);\r
  Header->Length          = HTONL (Header->Length);\r
}\r
\r
/**\r
  Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
\r
  @return A buffer of IKE_PAYLOAD.\r
\r
**/\r
IKE_PAYLOAD *\r
IkePayloadAlloc (\r
  VOID\r
  )\r
{\r
  IKE_PAYLOAD *IkePayload;\r
\r
  IkePayload            = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
  if (IkePayload == NULL) {\r
    return NULL;\r
  }\r
  \r
  IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
\r
  return IkePayload;\r
}\r
\r
/**\r
  Free a specified IKE_PAYLOAD buffer.\r
\r
  @param[in]  IkePayload   Pointer of IKE_PAYLOAD to be freed.\r
\r
**/\r
VOID\r
IkePayloadFree (\r
  IN IKE_PAYLOAD *IkePayload\r
  )\r
{\r
  if (IkePayload == NULL) {\r
    return;\r
  }\r
  //\r
  // If this IkePayload is not referred by others, free it.\r
  //\r
  if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
    FreePool (IkePayload->PayloadBuf);\r
  }\r
\r
  FreePool (IkePayload);\r
}\r
\r
/**\r
  Generate an new SPI.\r
\r
  @return a SPI in 4 bytes.\r
\r
**/\r
UINT32\r
IkeGenerateSpi (\r
  VOID\r
  )\r
{\r
  //\r
  // TODO: should generate SPI randomly to avoid security issue\r
  //\r
  return mNextSpi++;\r
}\r
\r
/**\r
  Generate a random data for IV\r
\r
  @param[in]  IvBuffer  The pointer of the IV buffer.\r
  @param[in]  IvSize    The IV size.\r
\r
  @retval     EFI_SUCCESS  Create a random data for IV.\r
  @retval     otherwise    Failed.\r
\r
**/\r
EFI_STATUS\r
IkeGenerateIv (\r
  IN UINT8                           *IvBuffer,\r
  IN UINTN                           IvSize\r
  )\r
{\r
  return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
}\r
\r
\r
/**\r
  Find SPD entry by a specified SPD selector.\r
\r
  @param[in] SpdSel       Point to SPD Selector to be searched for.\r
\r
  @retval Point to SPD Entry if the SPD entry found.\r
  @retval NULL if not found.\r
\r
**/\r
IPSEC_SPD_ENTRY *\r
IkeSearchSpdEntry (\r
  IN EFI_IPSEC_SPD_SELECTOR             *SpdSel\r
  )\r
{\r
  IPSEC_SPD_ENTRY *SpdEntry;\r
  LIST_ENTRY      *SpdList;\r
  LIST_ENTRY      *Entry;\r
\r
  SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
\r
  NET_LIST_FOR_EACH (Entry, SpdList) {\r
    SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
\r
    //\r
    // Find the required SPD entry\r
    //\r
    if (CompareSpdSelector (\r
          (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
          (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
          )) {\r
      return SpdEntry;\r
    }\r
\r
  }\r
\r
  return NULL;\r
}\r
\r
/**\r
  Get the IKE Version from the IKE_SA_SESSION.\r
\r
  @param[in]  Session  Pointer of the IKE_SA_SESSION.\r
\r
**/\r
UINT8\r
IkeGetVersionFromSession (\r
  IN UINT8    *Session\r
  )\r
{\r
  if (*(UINT32 *) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
    return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
  } else {\r
    //\r
    // Add IKEv1 support here.\r
    //\r
    return 0;\r
  }\r
}\r
\r
Commit	Line	Data
	1	/** @file\r
	2	Common operation of the IKE\r
	3	\r
	4	Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
	9	http://opensource.org/licenses/bsd-license.php.\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#include "Ike.h"\r
	17	#include "IkeCommon.h"\r
	18	#include "IpSecConfigImpl.h"\r
	19	#include "IpSecDebug.h"\r
	20	\r
	21	//\r
	22	// Initial the SPI\r
	23	//\r
	24	UINT32 mNextSpi = IKE_SPI_BASE;\r
	25	\r
	26	/**\r
	27	Call Crypto Lib to generate a random value with eight-octet length.\r
	28	\r
	29	@return the 64 byte vaule.\r
	30	\r
	31	**/\r
	32	UINT64\r
	33	IkeGenerateCookie (\r
	34	VOID\r
	35	)\r
	36	{\r
	37	UINT64 Cookie;\r
	38	EFI_STATUS Status;\r
	39	\r
	40	Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
	41	if (EFI_ERROR (Status)) {\r
	42	return 0;\r
	43	} else {\r
	44	return Cookie;\r
	45	}\r
	46	}\r
	47	\r
	48	/**\r
	49	Generate the random data for Nonce payload.\r
	50	\r
	51	@param[in] NonceSize Size of the data in bytes.\r
	52	\r
	53	@return Buffer which contains the random data of the spcified size. \r
	54	\r
	55	**/\r
	56	UINT8 *\r
	57	IkeGenerateNonce (\r
	58	IN UINTN NonceSize\r
	59	)\r
	60	{\r
	61	UINT8 *Nonce;\r
	62	EFI_STATUS Status;\r
	63	\r
	64	Nonce = AllocateZeroPool (NonceSize);\r
	65	if (Nonce == NULL) {\r
	66	return NULL;\r
	67	}\r
	68	\r
	69	Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
	70	if (EFI_ERROR (Status)) {\r
	71	FreePool (Nonce);\r
	72	return NULL;\r
	73	} else {\r
	74	return Nonce;\r
	75	}\r
	76	}\r
	77	\r
	78	/**\r
	79	Convert the IKE Header from Network order to Host order.\r
	80	\r
	81	@param[in, out] Header The pointer of the IKE_HEADER.\r
	82	\r
	83	**/\r
	84	VOID\r
	85	IkeHdrNetToHost (\r
	86	IN OUT IKE_HEADER *Header\r
	87	)\r
	88	{\r
	89	Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
	90	Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
	91	Header->MessageId = NTOHL (Header->MessageId);\r
	92	Header->Length = NTOHL (Header->Length);\r
	93	}\r
	94	\r
	95	/**\r
	96	Convert the IKE Header from Host order to Network order.\r
	97	\r
	98	@param[in, out] Header The pointer of the IKE_HEADER.\r
	99	\r
	100	**/\r
	101	VOID\r
	102	IkeHdrHostToNet (\r
	103	IN OUT IKE_HEADER *Header\r
	104	)\r
	105	{\r
	106	Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
	107	Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
	108	Header->MessageId = HTONL (Header->MessageId);\r
	109	Header->Length = HTONL (Header->Length);\r
	110	}\r
	111	\r
	112	/**\r
	113	Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
	114	\r
	115	@return A buffer of IKE_PAYLOAD.\r
	116	\r
	117	**/\r
	118	IKE_PAYLOAD *\r
	119	IkePayloadAlloc (\r
	120	VOID\r
	121	)\r
	122	{\r
	123	IKE_PAYLOAD *IkePayload;\r
	124	\r
	125	IkePayload = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
	126	if (IkePayload == NULL) {\r
	127	return NULL;\r
	128	}\r
	129	\r
	130	IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
	131	\r
	132	return IkePayload;\r
	133	}\r
	134	\r
	135	/**\r
	136	Free a specified IKE_PAYLOAD buffer.\r
	137	\r
	138	@param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.\r
	139	\r
	140	**/\r
	141	VOID\r
	142	IkePayloadFree (\r
	143	IN IKE_PAYLOAD *IkePayload\r
	144	)\r
	145	{\r
	146	if (IkePayload == NULL) {\r
	147	return;\r
	148	}\r
	149	//\r
	150	// If this IkePayload is not referred by others, free it.\r
	151	//\r
	152	if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
	153	FreePool (IkePayload->PayloadBuf);\r
	154	}\r
	155	\r
	156	FreePool (IkePayload);\r
	157	}\r
	158	\r
	159	/**\r
	160	Generate an new SPI.\r
	161	\r
	162	@return a SPI in 4 bytes.\r
	163	\r
	164	**/\r
	165	UINT32\r
	166	IkeGenerateSpi (\r
	167	VOID\r
	168	)\r
	169	{\r
	170	//\r
	171	// TODO: should generate SPI randomly to avoid security issue\r
	172	//\r
	173	return mNextSpi++;\r
	174	}\r
	175	\r
	176	/**\r
	177	Generate a random data for IV\r
	178	\r
	179	@param[in] IvBuffer The pointer of the IV buffer.\r
	180	@param[in] IvSize The IV size.\r
	181	\r
	182	@retval EFI_SUCCESS Create a random data for IV.\r
	183	@retval otherwise Failed.\r
	184	\r
	185	**/\r
	186	EFI_STATUS\r
	187	IkeGenerateIv (\r
	188	IN UINT8 *IvBuffer,\r
	189	IN UINTN IvSize\r
	190	)\r
	191	{\r
	192	return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
	193	}\r
	194	\r
	195	\r
	196	/**\r
	197	Find SPD entry by a specified SPD selector.\r
	198	\r
	199	@param[in] SpdSel Point to SPD Selector to be searched for.\r
	200	\r
	201	@retval Point to SPD Entry if the SPD entry found.\r
	202	@retval NULL if not found.\r
	203	\r
	204	**/\r
	205	IPSEC_SPD_ENTRY *\r
	206	IkeSearchSpdEntry (\r
	207	IN EFI_IPSEC_SPD_SELECTOR *SpdSel\r
	208	)\r
	209	{\r
	210	IPSEC_SPD_ENTRY *SpdEntry;\r
	211	LIST_ENTRY *SpdList;\r
	212	LIST_ENTRY *Entry;\r
	213	\r
	214	SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
	215	\r
	216	NET_LIST_FOR_EACH (Entry, SpdList) {\r
	217	SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
	218	\r
	219	//\r
	220	// Find the required SPD entry\r
	221	//\r
	222	if (CompareSpdSelector (\r
	223	(EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
	224	(EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
	225	)) {\r
	226	return SpdEntry;\r
	227	}\r
	228	\r
	229	}\r
	230	\r
	231	return NULL;\r
	232	}\r
	233	\r
	234	/**\r
	235	Get the IKE Version from the IKE_SA_SESSION.\r
	236	\r
	237	@param[in] Session Pointer of the IKE_SA_SESSION.\r
	238	\r
	239	**/\r
	240	UINT8\r
	241	IkeGetVersionFromSession (\r
	242	IN UINT8 *Session\r
	243	)\r
	244	{\r
	245	if ((UINT32 ) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
	246	return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
	247	} else {\r
	248	//\r
	249	// Add IKEv1 support here.\r
	250	//\r
	251	return 0;\r
	252	}\r
	253	}\r
	254	\r