2 Common operation of the IKE
4 Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17 #include "IkeCommon.h"
18 #include "IpSecConfigImpl.h"
19 #include "IpSecDebug.h"
22 Check whether the new generated Spi has existed.
24 @param[in] IkeSaSession Pointer to the Child SA Session.
25 @param[in] SpiValue SPI Value.
27 @retval TRUE This SpiValue has existed in the Child SA Session
28 @retval FALSE This SpiValue doesn't exist in the Child SA Session.
33 IN IKEV2_SA_SESSION
*IkeSaSession
,
39 IKEV2_CHILD_SA_SESSION
*SaSession
;
46 // Check whether the SPI value has existed in ChildSaEstablishSessionList.
48 NET_LIST_FOR_EACH_SAFE (Entry
, Next
, &IkeSaSession
->ChildSaEstablishSessionList
) {
49 SaSession
= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry
);
50 if (SaSession
->LocalPeerSpi
== SpiValue
) {
56 // Check whether the SPI value has existed in ChildSaSessionList.
58 NET_LIST_FOR_EACH_SAFE (Entry
, Next
, &IkeSaSession
->ChildSaSessionList
) {
59 SaSession
= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry
);
60 if (SaSession
->LocalPeerSpi
== SpiValue
) {
69 Call Crypto Lib to generate a random value with eight-octet length.
71 @return the 64 byte vaule.
82 Status
= IpSecCryptoIoGenerateRandomBytes ((UINT8
*)&Cookie
, sizeof (UINT64
));
83 if (EFI_ERROR (Status
)) {
91 Generate the random data for Nonce payload.
93 @param[in] NonceSize Size of the data in bytes.
95 @return Buffer which contains the random data of the spcified size.
106 Nonce
= AllocateZeroPool (NonceSize
);
111 Status
= IpSecCryptoIoGenerateRandomBytes (Nonce
, NonceSize
);
112 if (EFI_ERROR (Status
)) {
121 Convert the IKE Header from Network order to Host order.
123 @param[in, out] Header The pointer of the IKE_HEADER.
128 IN OUT IKE_HEADER
*Header
131 Header
->InitiatorCookie
= NTOHLL (Header
->InitiatorCookie
);
132 Header
->ResponderCookie
= NTOHLL (Header
->ResponderCookie
);
133 Header
->MessageId
= NTOHL (Header
->MessageId
);
134 Header
->Length
= NTOHL (Header
->Length
);
138 Convert the IKE Header from Host order to Network order.
140 @param[in, out] Header The pointer of the IKE_HEADER.
145 IN OUT IKE_HEADER
*Header
148 Header
->InitiatorCookie
= HTONLL (Header
->InitiatorCookie
);
149 Header
->ResponderCookie
= HTONLL (Header
->ResponderCookie
);
150 Header
->MessageId
= HTONL (Header
->MessageId
);
151 Header
->Length
= HTONL (Header
->Length
);
155 Allocate a buffer of IKE_PAYLOAD and set its Signature.
157 @return A buffer of IKE_PAYLOAD.
165 IKE_PAYLOAD
*IkePayload
;
167 IkePayload
= (IKE_PAYLOAD
*) AllocateZeroPool (sizeof (IKE_PAYLOAD
));
168 if (IkePayload
== NULL
) {
172 IkePayload
->Signature
= IKE_PAYLOAD_SIGNATURE
;
178 Free a specified IKE_PAYLOAD buffer.
180 @param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.
185 IN IKE_PAYLOAD
*IkePayload
188 if (IkePayload
== NULL
) {
192 // If this IkePayload is not referred by others, free it.
194 if (!IkePayload
->IsPayloadBufExt
&& (IkePayload
->PayloadBuf
!= NULL
)) {
195 FreePool (IkePayload
->PayloadBuf
);
198 FreePool (IkePayload
);
204 @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
206 @param[in, out] SpiValue Pointer to the new generated SPI value.
208 @retval EFI_SUCCESS The operation performs successfully.
209 @retval Otherwise The operation is failed.
214 IN IKEV2_SA_SESSION
*IkeSaSession
,
215 IN OUT UINT32
*SpiValue
220 Status
= EFI_SUCCESS
;
224 // Generate SPI randomly
226 Status
= IpSecCryptoIoGenerateRandomBytes ((UINT8
*)SpiValue
, sizeof (UINT32
));
227 if (EFI_ERROR (Status
)) {
232 // The set of SPI values in the range 1 through 255 are reserved by the
233 // Internet Assigned Numbers Authority (IANA) for future use; a reserved
234 // SPI value will not normally be assigned by IANA unless the use of the
235 // assigned SPI value is specified in an RFC.
237 if (*SpiValue
< IKE_SPI_BASE
) {
238 *SpiValue
+= IKE_SPI_BASE
;
242 // Check whether the new generated SPI has existed.
244 if (!IkeSpiValueExisted (IkeSaSession
, *SpiValue
)) {
253 Generate a random data for IV
255 @param[in] IvBuffer The pointer of the IV buffer.
256 @param[in] IvSize The IV size.
258 @retval EFI_SUCCESS Create a random data for IV.
259 @retval otherwise Failed.
268 return IpSecCryptoIoGenerateRandomBytes (IvBuffer
, IvSize
);
273 Find SPD entry by a specified SPD selector.
275 @param[in] SpdSel Point to SPD Selector to be searched for.
277 @retval Point to SPD Entry if the SPD entry found.
278 @retval NULL if not found.
283 IN EFI_IPSEC_SPD_SELECTOR
*SpdSel
286 IPSEC_SPD_ENTRY
*SpdEntry
;
290 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
292 NET_LIST_FOR_EACH (Entry
, SpdList
) {
293 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
296 // Find the required SPD entry
298 if (CompareSpdSelector (
299 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
300 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
311 Get the IKE Version from the IKE_SA_SESSION.
313 @param[in] Session Pointer of the IKE_SA_SESSION.
317 IkeGetVersionFromSession (
321 if (*(UINT32
*) Session
== IKEV2_SA_SESSION_SIGNATURE
) {
322 return ((IKEV2_SA_SESSION
*) Session
)->SessionCommon
.IkeVer
;
325 // Add IKEv1 support here.