+++ /dev/null
-/** @file\r
- Common operation of the IKE\r
-\r
- Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include "Ike.h"\r
-#include "IkeCommon.h"\r
-#include "IpSecConfigImpl.h"\r
-#include "IpSecDebug.h"\r
-\r
-/**\r
- Check whether the new generated Spi has existed.\r
-\r
- @param[in] IkeSaSession Pointer to the Child SA Session.\r
- @param[in] SpiValue SPI Value.\r
-\r
- @retval TRUE This SpiValue has existed in the Child SA Session\r
- @retval FALSE This SpiValue doesn't exist in the Child SA Session.\r
-\r
-**/\r
-BOOLEAN\r
-IkeSpiValueExisted (\r
- IN IKEV2_SA_SESSION *IkeSaSession,\r
- IN UINT32 SpiValue\r
- )\r
-{\r
- LIST_ENTRY *Entry;\r
- LIST_ENTRY *Next;\r
- IKEV2_CHILD_SA_SESSION *SaSession;\r
-\r
- Entry = NULL;\r
- Next = NULL;\r
- SaSession = NULL;\r
-\r
- //\r
- // Check whether the SPI value has existed in ChildSaEstablishSessionList.\r
- //\r
- NET_LIST_FOR_EACH_SAFE (Entry, Next, &IkeSaSession->ChildSaEstablishSessionList) {\r
- SaSession= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry);\r
- if (SaSession->LocalPeerSpi == SpiValue) {\r
- return TRUE;\r
- }\r
- }\r
-\r
- //\r
- // Check whether the SPI value has existed in ChildSaSessionList.\r
- //\r
- NET_LIST_FOR_EACH_SAFE (Entry, Next, &IkeSaSession->ChildSaSessionList) {\r
- SaSession= IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry);\r
- if (SaSession->LocalPeerSpi == SpiValue) {\r
- return TRUE;\r
- }\r
- }\r
-\r
- return FALSE;\r
-}\r
-\r
-/**\r
- Call Crypto Lib to generate a random value with eight-octet length.\r
-\r
- @return the 64 byte vaule.\r
-\r
-**/\r
-UINT64\r
-IkeGenerateCookie (\r
- VOID\r
- )\r
-{\r
- UINT64 Cookie;\r
- EFI_STATUS Status;\r
-\r
- Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)&Cookie, sizeof (UINT64));\r
- if (EFI_ERROR (Status)) {\r
- return 0;\r
- } else {\r
- return Cookie;\r
- }\r
-}\r
-\r
-/**\r
- Generate the random data for Nonce payload.\r
-\r
- @param[in] NonceSize Size of the data in bytes.\r
-\r
- @return Buffer which contains the random data of the spcified size.\r
-\r
-**/\r
-UINT8 *\r
-IkeGenerateNonce (\r
- IN UINTN NonceSize\r
- )\r
-{\r
- UINT8 *Nonce;\r
- EFI_STATUS Status;\r
-\r
- Nonce = AllocateZeroPool (NonceSize);\r
- if (Nonce == NULL) {\r
- return NULL;\r
- }\r
-\r
- Status = IpSecCryptoIoGenerateRandomBytes (Nonce, NonceSize);\r
- if (EFI_ERROR (Status)) {\r
- FreePool (Nonce);\r
- return NULL;\r
- } else {\r
- return Nonce;\r
- }\r
-}\r
-\r
-/**\r
- Convert the IKE Header from Network order to Host order.\r
-\r
- @param[in, out] Header The pointer of the IKE_HEADER.\r
-\r
-**/\r
-VOID\r
-IkeHdrNetToHost (\r
- IN OUT IKE_HEADER *Header\r
- )\r
-{\r
- Header->InitiatorCookie = NTOHLL (Header->InitiatorCookie);\r
- Header->ResponderCookie = NTOHLL (Header->ResponderCookie);\r
- Header->MessageId = NTOHL (Header->MessageId);\r
- Header->Length = NTOHL (Header->Length);\r
-}\r
-\r
-/**\r
- Convert the IKE Header from Host order to Network order.\r
-\r
- @param[in, out] Header The pointer of the IKE_HEADER.\r
-\r
-**/\r
-VOID\r
-IkeHdrHostToNet (\r
- IN OUT IKE_HEADER *Header\r
- )\r
-{\r
- Header->InitiatorCookie = HTONLL (Header->InitiatorCookie);\r
- Header->ResponderCookie = HTONLL (Header->ResponderCookie);\r
- Header->MessageId = HTONL (Header->MessageId);\r
- Header->Length = HTONL (Header->Length);\r
-}\r
-\r
-/**\r
- Allocate a buffer of IKE_PAYLOAD and set its Signature.\r
-\r
- @return A buffer of IKE_PAYLOAD.\r
-\r
-**/\r
-IKE_PAYLOAD *\r
-IkePayloadAlloc (\r
- VOID\r
- )\r
-{\r
- IKE_PAYLOAD *IkePayload;\r
-\r
- IkePayload = (IKE_PAYLOAD *) AllocateZeroPool (sizeof (IKE_PAYLOAD));\r
- if (IkePayload == NULL) {\r
- return NULL;\r
- }\r
-\r
- IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;\r
-\r
- return IkePayload;\r
-}\r
-\r
-/**\r
- Free a specified IKE_PAYLOAD buffer.\r
-\r
- @param[in] IkePayload Pointer of IKE_PAYLOAD to be freed.\r
-\r
-**/\r
-VOID\r
-IkePayloadFree (\r
- IN IKE_PAYLOAD *IkePayload\r
- )\r
-{\r
- if (IkePayload == NULL) {\r
- return;\r
- }\r
- //\r
- // If this IkePayload is not referred by others, free it.\r
- //\r
- if (!IkePayload->IsPayloadBufExt && (IkePayload->PayloadBuf != NULL)) {\r
- FreePool (IkePayload->PayloadBuf);\r
- }\r
-\r
- FreePool (IkePayload);\r
-}\r
-\r
-/**\r
- Generate an new SPI.\r
-\r
- @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA\r
- Session.\r
- @param[in, out] SpiValue Pointer to the new generated SPI value.\r
-\r
- @retval EFI_SUCCESS The operation performs successfully.\r
- @retval Otherwise The operation is failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IkeGenerateSpi (\r
- IN IKEV2_SA_SESSION *IkeSaSession,\r
- IN OUT UINT32 *SpiValue\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- Status = EFI_SUCCESS;\r
-\r
- while (TRUE) {\r
- //\r
- // Generate SPI randomly\r
- //\r
- Status = IpSecCryptoIoGenerateRandomBytes ((UINT8 *)SpiValue, sizeof (UINT32));\r
- if (EFI_ERROR (Status)) {\r
- break;\r
- }\r
-\r
- //\r
- // The set of SPI values in the range 1 through 255 are reserved by the\r
- // Internet Assigned Numbers Authority (IANA) for future use; a reserved\r
- // SPI value will not normally be assigned by IANA unless the use of the\r
- // assigned SPI value is specified in an RFC.\r
- //\r
- if (*SpiValue < IKE_SPI_BASE) {\r
- *SpiValue += IKE_SPI_BASE;\r
- }\r
-\r
- //\r
- // Check whether the new generated SPI has existed.\r
- //\r
- if (!IkeSpiValueExisted (IkeSaSession, *SpiValue)) {\r
- break;\r
- }\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Generate a random data for IV\r
-\r
- @param[in] IvBuffer The pointer of the IV buffer.\r
- @param[in] IvSize The IV size.\r
-\r
- @retval EFI_SUCCESS Create a random data for IV.\r
- @retval otherwise Failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IkeGenerateIv (\r
- IN UINT8 *IvBuffer,\r
- IN UINTN IvSize\r
- )\r
-{\r
- return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
-}\r
-\r
-\r
-/**\r
- Find SPD entry by a specified SPD selector.\r
-\r
- @param[in] SpdSel Point to SPD Selector to be searched for.\r
-\r
- @retval Point to SPD Entry if the SPD entry found.\r
- @retval NULL if not found.\r
-\r
-**/\r
-IPSEC_SPD_ENTRY *\r
-IkeSearchSpdEntry (\r
- IN EFI_IPSEC_SPD_SELECTOR *SpdSel\r
- )\r
-{\r
- IPSEC_SPD_ENTRY *SpdEntry;\r
- LIST_ENTRY *SpdList;\r
- LIST_ENTRY *Entry;\r
-\r
- SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
-\r
- NET_LIST_FOR_EACH (Entry, SpdList) {\r
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
-\r
- //\r
- // Find the required SPD entry\r
- //\r
- if (CompareSpdSelector (\r
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
- )) {\r
- return SpdEntry;\r
- }\r
-\r
- }\r
-\r
- return NULL;\r
-}\r
-\r
-/**\r
- Get the IKE Version from the IKE_SA_SESSION.\r
-\r
- @param[in] Session Pointer of the IKE_SA_SESSION.\r
-\r
-**/\r
-UINT8\r
-IkeGetVersionFromSession (\r
- IN UINT8 *Session\r
- )\r
-{\r
- if (*(UINT32 *) Session == IKEV2_SA_SESSION_SIGNATURE) {\r
- return ((IKEV2_SA_SESSION *) Session)->SessionCommon.IkeVer;\r
- } else {\r
- //\r
- // Add IKEv1 support here.\r
- //\r
- return 0;\r
- }\r
-}\r
-\r