2 Common operation of the IKE
4 Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include "IkeCommon.h"
12 #include "IpSecConfigImpl.h"
13 #include "IpSecDebug.h"
16 Check whether the new generated Spi has existed.
18 @param[in] IkeSaSession Pointer to the Child SA Session.
19 @param[in] SpiValue SPI Value.
21 @retval TRUE This SpiValue has existed in the Child SA Session
22 @retval FALSE This SpiValue doesn't exist in the Child SA Session.
27 IN IKEV2_SA_SESSION
*IkeSaSession
,
33 IKEV2_CHILD_SA_SESSION
*SaSession
;
40 // Check whether the SPI value has existed in ChildSaEstablishSessionList.
42 NET_LIST_FOR_EACH_SAFE (Entry
, Next
, &IkeSaSession
->ChildSaEstablishSessionList
) {
43 SaSession
= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry
);
44 if (SaSession
->LocalPeerSpi
== SpiValue
) {
50 // Check whether the SPI value has existed in ChildSaSessionList.
52 NET_LIST_FOR_EACH_SAFE (Entry
, Next
, &IkeSaSession
->ChildSaSessionList
) {
53 SaSession
= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry
);
54 if (SaSession
->LocalPeerSpi
== SpiValue
) {
63 Call Crypto Lib to generate a random value with eight-octet length.
65 @return the 64 byte vaule.
76 Status
= IpSecCryptoIoGenerateRandomBytes ((UINT8
*)&Cookie
, sizeof (UINT64
));
77 if (EFI_ERROR (Status
)) {
85 Generate the random data for Nonce payload.
87 @param[in] NonceSize Size of the data in bytes.
89 @return Buffer which contains the random data of the spcified size.
100 Nonce
= AllocateZeroPool (NonceSize
);
105 Status
= IpSecCryptoIoGenerateRandomBytes (Nonce
, NonceSize
);
106 if (EFI_ERROR (Status
)) {
115 Convert the IKE Header from Network order to Host order.
117 @param[in, out] Header The pointer of the IKE_HEADER.
122 IN OUT IKE_HEADER
*Header
125 Header
->InitiatorCookie
= NTOHLL (Header
->InitiatorCookie
);
126 Header
->ResponderCookie
= NTOHLL (Header
->ResponderCookie
);
127 Header
->MessageId
= NTOHL (Header
->MessageId
);
128 Header
->Length
= NTOHL (Header
->Length
);
132 Convert the IKE Header from Host order to Network order.
134 @param[in, out] Header The pointer of the IKE_HEADER.
139 IN OUT IKE_HEADER
*Header
142 Header
->InitiatorCookie
= HTONLL (Header
->InitiatorCookie
);
143 Header
->ResponderCookie
= HTONLL (Header
->ResponderCookie
);
144 Header
->MessageId
= HTONL (Header
->MessageId
);
145 Header
->Length
= HTONL (Header
->Length
);
149 Allocate a buffer of IKE_PAYLOAD and set its Signature.
151 @return A buffer of IKE_PAYLOAD.
159 IKE_PAYLOAD
*IkePayload
;
161 IkePayload
= (IKE_PAYLOAD
*) AllocateZeroPool (sizeof (IKE_PAYLOAD
));
162 if (IkePayload
== NULL
) {
166 IkePayload
->Signature
= IKE_PAYLOAD_SIGNATURE
;
172 Free a specified IKE_PAYLOAD buffer.
174 @param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.
179 IN IKE_PAYLOAD
*IkePayload
182 if (IkePayload
== NULL
) {
186 // If this IkePayload is not referred by others, free it.
188 if (!IkePayload
->IsPayloadBufExt
&& (IkePayload
->PayloadBuf
!= NULL
)) {
189 FreePool (IkePayload
->PayloadBuf
);
192 FreePool (IkePayload
);
198 @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
200 @param[in, out] SpiValue Pointer to the new generated SPI value.
202 @retval EFI_SUCCESS The operation performs successfully.
203 @retval Otherwise The operation is failed.
208 IN IKEV2_SA_SESSION
*IkeSaSession
,
209 IN OUT UINT32
*SpiValue
214 Status
= EFI_SUCCESS
;
218 // Generate SPI randomly
220 Status
= IpSecCryptoIoGenerateRandomBytes ((UINT8
*)SpiValue
, sizeof (UINT32
));
221 if (EFI_ERROR (Status
)) {
226 // The set of SPI values in the range 1 through 255 are reserved by the
227 // Internet Assigned Numbers Authority (IANA) for future use; a reserved
228 // SPI value will not normally be assigned by IANA unless the use of the
229 // assigned SPI value is specified in an RFC.
231 if (*SpiValue
< IKE_SPI_BASE
) {
232 *SpiValue
+= IKE_SPI_BASE
;
236 // Check whether the new generated SPI has existed.
238 if (!IkeSpiValueExisted (IkeSaSession
, *SpiValue
)) {
247 Generate a random data for IV
249 @param[in] IvBuffer The pointer of the IV buffer.
250 @param[in] IvSize The IV size.
252 @retval EFI_SUCCESS Create a random data for IV.
253 @retval otherwise Failed.
262 return IpSecCryptoIoGenerateRandomBytes (IvBuffer
, IvSize
);
267 Find SPD entry by a specified SPD selector.
269 @param[in] SpdSel Point to SPD Selector to be searched for.
271 @retval Point to SPD Entry if the SPD entry found.
272 @retval NULL if not found.
277 IN EFI_IPSEC_SPD_SELECTOR
*SpdSel
280 IPSEC_SPD_ENTRY
*SpdEntry
;
284 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
286 NET_LIST_FOR_EACH (Entry
, SpdList
) {
287 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
290 // Find the required SPD entry
292 if (CompareSpdSelector (
293 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
294 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
305 Get the IKE Version from the IKE_SA_SESSION.
307 @param[in] Session Pointer of the IKE_SA_SESSION.
311 IkeGetVersionFromSession (
315 if (*(UINT32
*) Session
== IKEV2_SA_SESSION_SIGNATURE
) {
316 return ((IKEV2_SA_SESSION
*) Session
)->SessionCommon
.IkeVer
;
319 // Add IKEv1 support here.