]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/IpSecDxe/IkeCommon.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NetworkPkg: Fix typo.
[mirror_edk2.git] / NetworkPkg / IpSecDxe / IkeCommon.c
1 /** @file
2 Common operation of the IKE
3
4 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "Ike.h"
17 #include "IkeCommon.h"
18 #include "IpSecConfigImpl.h"
19 #include "IpSecDebug.h"
20
21 //
22 // Initial the SPI
23 //
24 UINT32 mNextSpi = IKE_SPI_BASE;
25 EFI_GUID mZeroGuid = { 0, 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0 } };
26
27 /**
28 Call Crypto Lib to generate a random value with eight-octet length.
29
30 @return the 64 byte vaule.
31
32 **/
33 UINT64
34 IkeGenerateCookie (
35 VOID
36 )
37 {
38 UINT64 Cookie;
39 EFI_STATUS Status;
40
41 Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));
42 if (EFI_ERROR (Status)) {
43 return 0;
44 } else {
45 return Cookie;
46 }
47 }
48
49 /**
50 Generate the random data for Nonce payload.
51
52 @param[in] NonceSize Size of the data in bytes.
53
54 @return Buffer which contains the random data of the spcified size.
55
56 **/
57 UINT8 *
58 IkeGenerateNonce (
59 IN UINTN NonceSize
60 )
61 {
62 UINT8 *Nonce;
63 EFI_STATUS Status;
64
65 Nonce = AllocateZeroPool (NonceSize);
66 if (Nonce == NULL) {
67 return NULL;
68 }
69
70 Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);
71 if (EFI_ERROR (Status)) {
72 FreePool (Nonce);
73 return NULL;
74 } else {
75 return Nonce;
76 }
77 }
78
79 /**
80 Convert the IKE Header from Network order to Host order.
81
82 @param[in, out] Header The pointer of the IKE_HEADER.
83
84 **/
85 VOID
86 IkeHdrNetToHost (
87 IN OUT IKE_HEADER *Header
88 )
89 {
90 Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);
91 Header->ResponderCookie = NTOHLL (Header->ResponderCookie);
92 Header->MessageId = NTOHL (Header->MessageId);
93 Header->Length = NTOHL (Header->Length);
94 }
95
96 /**
97 Convert the IKE Header from Host order to Network order.
98
99 @param[in, out] Header The pointer of the IKE_HEADER.
100
101 **/
102 VOID
103 IkeHdrHostToNet (
104 IN OUT IKE_HEADER *Header
105 )
106 {
107 Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);
108 Header->ResponderCookie = HTONLL (Header->ResponderCookie);
109 Header->MessageId = HTONL (Header->MessageId);
110 Header->Length = HTONL (Header->Length);
111 }
112
113 /**
114 Allocate a buffer of IKE_PAYLOAD and set its Signature.
115
116 @return A buffer of IKE_PAYLOAD.
117
118 **/
119 IKE_PAYLOAD *
120 IkePayloadAlloc (
121 VOID
122 )
123 {
124 IKE_PAYLOAD *IkePayload;
125
126 IkePayload = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));
127 if (IkePayload == NULL) {
128 return NULL;
129 }
130
131 IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;
132
133 return IkePayload;
134 }
135
136 /**
137 Free a specified IKE_PAYLOAD buffer.
138
139 @param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.
140
141 **/
142 VOID
143 IkePayloadFree (
144 IN IKE_PAYLOAD *IkePayload
145 )
146 {
147 if (IkePayload == NULL) {
148 return;
149 }
150 //
151 // If this IkePayload is not referred by others, free it.
152 //
153 if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {
154 FreePool (IkePayload->PayloadBuf);
155 }
156
157 FreePool (IkePayload);
158 }
159
160 /**
161 Generate an new SPI.
162
163 @return a SPI in 4 bytes.
164
165 **/
166 UINT32
167 IkeGenerateSpi (
168 VOID
169 )
170 {
171 //
172 // TODO: should generate SPI randomly to avoid security issue
173 //
174 return mNextSpi++;
175 }
176
177 /**
178 Generate a random data for IV
179
180 @param[in] IvBuffer The pointer of the IV buffer.
181 @param[in] IvSize The IV size.
182
183 @retval EFI_SUCCESS Create a random data for IV.
184 @retval otherwise Failed.
185
186 **/
187 EFI_STATUS
188 IkeGenerateIv (
189 IN UINT8 *IvBuffer,
190 IN UINTN IvSize
191 )
192 {
193 return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);
194 }
195
196
197 /**
198 Find SPD entry by a specified SPD selector.
199
200 @param[in] SpdSel Point to SPD Selector to be searched for.
201
202 @retval Point to SPD Entry if the SPD entry found.
203 @retval NULL if not found.
204
205 **/
206 IPSEC_SPD_ENTRY *
207 IkeSearchSpdEntry (
208 IN EFI_IPSEC_SPD_SELECTOR *SpdSel
209 )
210 {
211 IPSEC_SPD_ENTRY *SpdEntry;
212 LIST_ENTRY *SpdList;
213 LIST_ENTRY *Entry;
214
215 SpdList = &mConfigData[IPsecConfigDataTypeSpd];
216
217 NET_LIST_FOR_EACH (Entry, SpdList) {
218 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
219
220 //
221 // Find the required SPD entry
222 //
223 if (CompareSpdSelector (
224 (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,
225 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
226 )) {
227 return SpdEntry;
228 }
229
230 }
231
232 return NULL;
233 }
234
235 /**
236 Get the IKE Version from the IKE_SA_SESSION.
237
238 @param[in] Session Pointer of the IKE_SA_SESSION.
239
240 **/
241 UINT8
242 IkeGetVersionFromSession (
243 IN UINT8 *Session
244 )
245 {
246 if (*(UINT32 *) Session == IKEV2_SA_SESSION_SIGNATURE) {
247 return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;
248 } else {
249 //
250 // Add IKEv1 support here.
251 //
252 return 0;
253 }
254 }
255
EFI Development Kit II mirror for PVE