[mirror_edk2.git] / NetworkPkg / IpSecDxe / IkeCommon.c

/** @file\r
  Common operation of the IKE\r
  \r
  Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "Ike.h"\r
#include "IkeCommon.h"\r
#include "IpSecConfigImpl.h"\r
#include "IpSecDebug.h"\r
\r
//\r
// Initial the SPI\r
//\r
UINT32            mNextSpi  = IKE_SPI_BASE;\r
EFI_GUID          mZeroGuid = { 0, 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0 } };\r
\r
/**\r
  Call Crypto Lib to generate a random value with eight-octet length.\r
  \r
  @return the 64 byte vaule.\r
\r
**/\r
UINT64\r
IkeGenerateCookie (\r
  VOID\r
  )\r
{\r
  UINT64     Cookie;\r
  EFI_STATUS Status;\r
\r
  Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
  if (EFI_ERROR (Status)) {\r
    return 0;\r
  } else {\r
    return Cookie;\r
  }\r
}\r
\r
/**\r
  Generate the random data for Nonce payload.\r
\r
  @param[in]  NonceSize      Size of the data in bytes.\r
  \r
  @return Buffer which contains the random data of the spcified size. \r
\r
**/\r
UINT8 *\r
IkeGenerateNonce (\r
  IN UINTN              NonceSize\r
  )\r
{\r
  UINT8                  *Nonce;\r
  EFI_STATUS             Status;\r
\r
  Nonce = AllocateZeroPool (NonceSize);\r
  if (Nonce == NULL) {\r
    return NULL;\r
  }\r
\r
  Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
  if (EFI_ERROR (Status)) {\r
    FreePool (Nonce);\r
    return NULL;\r
  } else {\r
    return Nonce;\r
  }\r
}\r
\r
/**\r
  Convert the IKE Header from Network order to Host order.\r
\r
  @param[in, out]  Header    The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrNetToHost (\r
  IN OUT IKE_HEADER *Header\r
  )\r
{\r
  Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
  Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
  Header->MessageId       = NTOHL (Header->MessageId);\r
  Header->Length          = NTOHL (Header->Length);\r
}\r
\r
/**\r
  Convert the IKE Header from Host order to Network order.\r
\r
  @param[in, out] Header     The pointer of the IKE_HEADER.\r
\r
**/\r
VOID\r
IkeHdrHostToNet (\r
  IN OUT IKE_HEADER *Header\r
  )\r
{\r
  Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
  Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
  Header->MessageId       = HTONL (Header->MessageId);\r
  Header->Length          = HTONL (Header->Length);\r
}\r
\r
/**\r
  Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
\r
  @return A buffer of IKE_PAYLOAD.\r
\r
**/\r
IKE_PAYLOAD *\r
IkePayloadAlloc (\r
  VOID\r
  )\r
{\r
  IKE_PAYLOAD *IkePayload;\r
\r
  IkePayload            = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
  if (IkePayload == NULL) {\r
    return NULL;\r
  }\r
  \r
  IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
\r
  return IkePayload;\r
}\r
\r
/**\r
  Free a specified IKE_PAYLOAD buffer.\r
\r
  @param[in]  IkePayload   Pointer of IKE_PAYLOAD to be freed.\r
\r
**/\r
VOID\r
IkePayloadFree (\r
  IN IKE_PAYLOAD *IkePayload\r
  )\r
{\r
  if (IkePayload == NULL) {\r
    return;\r
  }\r
  //\r
  // If this IkePayload is not referred by others, free it.\r
  //\r
  if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
    FreePool (IkePayload->PayloadBuf);\r
  }\r
\r
  FreePool (IkePayload);\r
}\r
\r
/**\r
  Generate an new SPI.\r
\r
  @return a SPI in 4 bytes.\r
\r
**/\r
UINT32\r
IkeGenerateSpi (\r
  VOID\r
  )\r
{\r
  //\r
  // TODO: should generate SPI randomly to avoid security issue\r
  //\r
  return mNextSpi++;\r
}\r
\r
/**\r
  Generate a random data for IV\r
\r
  @param[in]  IvBuffer  The pointer of the IV buffer.\r
  @param[in]  IvSize    The IV size.\r
\r
  @retval     EFI_SUCCESS  Create a random data for IV.\r
  @retval     otherwise    Failed.\r
\r
**/\r
EFI_STATUS\r
IkeGenerateIv (\r
  IN UINT8                           *IvBuffer,\r
  IN UINTN                           IvSize\r
  )\r
{\r
  return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
}\r
\r
\r
/**
  Find SPD entry by a specified SPD selector.

  @param[in] SpdSel       Point to SPD Selector to be searched for.\r

  @retval Point to SPD Entry if the SPD entry found.\r
  @retval NULL if not found.

**/
IPSEC_SPD_ENTRY *
IkeSearchSpdEntry (\r
  IN EFI_IPSEC_SPD_SELECTOR             *SpdSel
  )
{
  IPSEC_SPD_ENTRY *SpdEntry;
  LIST_ENTRY      *SpdList;
  LIST_ENTRY      *Entry;

  SpdList = &mConfigData[IPsecConfigDataTypeSpd];

  NET_LIST_FOR_EACH (Entry, SpdList) {
    SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);

    //
    // Find the required SPD entry\r
    //
    if (CompareSpdSelector (
          (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,
          (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
          )) {
      return SpdEntry;
    }

  }

  return NULL;
}\r
\r
/**\r
  Get the IKE Version from the IKE_SA_SESSION.\r
\r
  @param[in]  Session  Pointer of the IKE_SA_SESSION.\r
\r
**/\r
UINT8\r
IkeGetVersionFromSession (\r
  IN UINT8    *Session\r
  )\r
{\r
  if (*(UINT32 *) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
    return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
  } else {\r
    //\r
    // Add IKEv1 support here.\r
    //\r
    return 0;\r
  }\r
}\r
\r
Commit	Line	Data
9166f840	1	/** @file\r
	2	Common operation of the IKE\r
	3	\r
ce68d3bc	4	Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>\r
9166f840	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
	9	http://opensource.org/licenses/bsd-license.php.\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#include "Ike.h"\r
	17	#include "IkeCommon.h"\r
	18	#include "IpSecConfigImpl.h"\r
	19	#include "IpSecDebug.h"\r
	20	\r
	21	//\r
	22	// Initial the SPI\r
	23	//\r
	24	UINT32 mNextSpi = IKE_SPI_BASE;\r
ce68d3bc	25	EFI_GUID mZeroGuid = { 0, 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0 } };\r
9166f840	26	\r
	27	/**\r
	28	Call Crypto Lib to generate a random value with eight-octet length.\r
	29	\r
	30	@return the 64 byte vaule.\r
	31	\r
	32	**/\r
	33	UINT64\r
	34	IkeGenerateCookie (\r
	35	VOID\r
	36	)\r
	37	{\r
	38	UINT64 Cookie;\r
	39	EFI_STATUS Status;\r
	40	\r
	41	Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
	42	if (EFI_ERROR (Status)) {\r
	43	return 0;\r
	44	} else {\r
	45	return Cookie;\r
	46	}\r
	47	}\r
	48	\r
	49	/**\r
	50	Generate the random data for Nonce payload.\r
	51	\r
	52	@param[in] NonceSize Size of the data in bytes.\r
	53	\r
	54	@return Buffer which contains the random data of the spcified size. \r
	55	\r
	56	**/\r
	57	UINT8 *\r
	58	IkeGenerateNonce (\r
	59	IN UINTN NonceSize\r
	60	)\r
	61	{\r
	62	UINT8 *Nonce;\r
	63	EFI_STATUS Status;\r
	64	\r
	65	Nonce = AllocateZeroPool (NonceSize);\r
	66	if (Nonce == NULL) {\r
	67	return NULL;\r
	68	}\r
	69	\r
	70	Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
	71	if (EFI_ERROR (Status)) {\r
	72	FreePool (Nonce);\r
	73	return NULL;\r
	74	} else {\r
	75	return Nonce;\r
	76	}\r
	77	}\r
	78	\r
	79	/**\r
	80	Convert the IKE Header from Network order to Host order.\r
	81	\r
	82	@param[in, out] Header The pointer of the IKE_HEADER.\r
	83	\r
	84	**/\r
	85	VOID\r
	86	IkeHdrNetToHost (\r
	87	IN OUT IKE_HEADER *Header\r
	88	)\r
	89	{\r
90	Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
91	Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
92	Header->MessageId = NTOHL (Header->MessageId);\r
93	Header->Length = NTOHL (Header->Length);\r
94	}\r
95	\r
96	/**\r
97	Convert the IKE Header from Host order to Network order.\r
98	\r
99	@param[in, out] Header The pointer of the IKE_HEADER.\r
100	\r
101	**/\r
102	VOID\r
103	IkeHdrHostToNet (\r
104	IN OUT IKE_HEADER *Header\r
105	)\r
106	{\r
107	Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
108	Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
109	Header->MessageId = HTONL (Header->MessageId);\r
110	Header->Length = HTONL (Header->Length);\r
111	}\r
112	\r
113	/**\r
114	Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
115	\r
116	@return A buffer of IKE_PAYLOAD.\r
117	\r
118	**/\r
119	IKE_PAYLOAD *\r
120	IkePayloadAlloc (\r
121	VOID\r
122	)\r
123	{\r
124	IKE_PAYLOAD *IkePayload;\r
125	\r
126	IkePayload = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
127	if (IkePayload == NULL) {\r
128	return NULL;\r
129	}\r
130	\r
131	IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
132	\r
133	return IkePayload;\r
134	}\r
135	\r
136	/**\r
137	Free a specified IKE_PAYLOAD buffer.\r
138	\r
139	@param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.\r
140	\r
141	**/\r
142	VOID\r
143	IkePayloadFree (\r
144	IN IKE_PAYLOAD *IkePayload\r
145	)\r
146	{\r
147	if (IkePayload == NULL) {\r
148	return;\r
149	}\r
150	//\r
151	// If this IkePayload is not referred by others, free it.\r
152	//\r
153	if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
154	FreePool (IkePayload->PayloadBuf);\r
155	}\r
156	\r
157	FreePool (IkePayload);\r
158	}\r
159	\r
160	/**\r
161	Generate an new SPI.\r
162	\r
163	@return a SPI in 4 bytes.\r
164	\r
165	**/\r
166	UINT32\r
167	IkeGenerateSpi (\r
168	VOID\r
169	)\r
170	{\r
171	//\r
172	// TODO: should generate SPI randomly to avoid security issue\r
173	//\r
174	return mNextSpi++;\r
175	}\r
176	\r
177	/**\r
178	Generate a random data for IV\r
179	\r
180	@param[in] IvBuffer The pointer of the IV buffer.\r
181	@param[in] IvSize The IV size.\r
182	\r
183	@retval EFI_SUCCESS Create a random data for IV.\r
184	@retval otherwise Failed.\r
185	\r
186	**/\r
187	EFI_STATUS\r
188	IkeGenerateIv (\r
189	IN UINT8 *IvBuffer,\r
190	IN UINTN IvSize\r
191	)\r
192	{\r
193	return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
194	}\r
195	\r
196	\r
197	/**
198	Find SPD entry by a specified SPD selector.
199
200	@param[in] SpdSel Point to SPD Selector to be searched for.\r
201
202	@retval Point to SPD Entry if the SPD entry found.\r
203	@retval NULL if not found.
204
205	**/
206	IPSEC_SPD_ENTRY *
207	IkeSearchSpdEntry (\r
208	IN EFI_IPSEC_SPD_SELECTOR *SpdSel
209	)
210	{
211	IPSEC_SPD_ENTRY *SpdEntry;
212	LIST_ENTRY *SpdList;
213	LIST_ENTRY *Entry;
214
215	SpdList = &mConfigData[IPsecConfigDataTypeSpd];
216
217	NET_LIST_FOR_EACH (Entry, SpdList) {
218	SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
219
220	//
221	// Find the required SPD entry\r
222	//
223	if (CompareSpdSelector (
224	(EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,
225	(EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
226	)) {
227	return SpdEntry;
228	}
229
230	}
231
232	return NULL;
233	}\r
234	\r
235	/**\r
236	Get the IKE Version from the IKE_SA_SESSION.\r
237	\r
238	@param[in] Session Pointer of the IKE_SA_SESSION.\r
239	\r
240	**/\r
241	UINT8\r
242	IkeGetVersionFromSession (\r
243	IN UINT8 *Session\r
244	)\r
245	{\r
246	if ((UINT32 ) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
247	return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
248	} else {\r
249	//\r
250	// Add IKEv1 support here.\r
251	//\r
252	return 0;\r
253	}\r
254	}\r
255	\r