/** @file\r
The implementation of Payloads Creation.\r
\r
- Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "IpSecCryptIo.h"\r
\r
//\r
-// The Constant String of "Key Pad for IKEv2" for Authentication Payload generation. \r
+// The Constant String of "Key Pad for IKEv2" for Authentication Payload generation.\r
//\r
#define CONSTANT_KEY_SIZE 17\r
-GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 mConstantKey[CONSTANT_KEY_SIZE] = \r
+GLOBAL_REMOVE_IF_UNREFERENCED CHAR8 mConstantKey[CONSTANT_KEY_SIZE] =\r
{\r
'K', 'e', 'y', ' ', 'P', 'a', 'd', ' ', 'f', 'o', 'r', ' ', 'I', 'K', 'E', 'v', '2'\r
};\r
Generate Ikev2 SA payload according to SessionSaData\r
\r
@param[in] SessionSaData The data used in SA payload.\r
- @param[in] NextPayload The payload type presented in NextPayload field of \r
+ @param[in] NextPayload The payload type presented in NextPayload field of\r
SA Payload header.\r
@param[in] Type The SA type. It MUST be neither (1) for IKE_SA or\r
(2) for CHILD_SA or (3) for INFO.\r
\r
@retval a Pointer to SA IKE payload.\r
- \r
+\r
**/\r
IKE_PAYLOAD *\r
Ikev2GenerateSaPayload (\r
UINTN SaDataSize;\r
\r
SaPayload = IkePayloadAlloc ();\r
- ASSERT (SaPayload != NULL);\r
+ if (SaPayload == NULL) {\r
+ return NULL;\r
+ }\r
+\r
//\r
// TODO: Get the Proposal Number and Transform Number from IPsec Config,\r
// after the Ipsecconfig Application is support it.\r
//\r
- \r
+\r
if (Type == IkeSessionTypeIkeSa) {\r
- SaDataSize = sizeof (IKEV2_SA_DATA) + \r
+ SaDataSize = sizeof (IKEV2_SA_DATA) +\r
SessionSaData->NumProposals * sizeof (IKEV2_PROPOSAL_DATA) +\r
sizeof (IKEV2_TRANSFORM_DATA) * SessionSaData->NumProposals * 4;\r
} else {\r
- SaDataSize = sizeof (IKEV2_SA_DATA) + \r
+ SaDataSize = sizeof (IKEV2_SA_DATA) +\r
SessionSaData->NumProposals * sizeof (IKEV2_PROPOSAL_DATA) +\r
sizeof (IKEV2_TRANSFORM_DATA) * SessionSaData->NumProposals * 3;\r
- \r
+\r
}\r
\r
SaData = AllocateZeroPool (SaDataSize);\r
- ASSERT (SaData != NULL);\r
+ if (SaData == NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ return NULL;\r
+ }\r
\r
CopyMem (SaData, SessionSaData, SaDataSize);\r
SaData->SaHeader.Header.NextPayload = NextPayload;\r
/**\r
Generate a Nonce payload containing the input parameter NonceBuf.\r
\r
- @param[in] NonceBuf The nonce buffer contains the whole Nonce payload block \r
+ @param[in] NonceBuf The nonce buffer contains the whole Nonce payload block\r
except the payload header.\r
@param[in] NonceSize The buffer size of the NonceBuf\r
- @param[in] NextPayload The payload type presented in the NextPayload field \r
+ @param[in] NextPayload The payload type presented in the NextPayload field\r
of Nonce Payload header.\r
\r
@retval Pointer to Nonce IKE paload.\r
NonceBlock = NonceBuf;\r
\r
Nonce = AllocateZeroPool (Size);\r
- ASSERT (Nonce != NULL);\r
+ if (Nonce == NULL) {\r
+ return NULL;\r
+ }\r
+\r
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));\r
\r
Nonce->Header.NextPayload = NextPayload;\r
Nonce->Header.PayloadLength = (UINT16) Size;\r
NoncePayload = IkePayloadAlloc ();\r
+ if (NoncePayload == NULL) {\r
+ FreePool (Nonce);\r
+ return NULL;\r
+ }\r
\r
- ASSERT (NoncePayload != NULL);\r
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;\r
NoncePayload->PayloadBuf = (UINT8 *) Nonce;\r
NoncePayload->PayloadSize = Size;\r
}\r
\r
/**\r
- Generate a Key Exchange payload according to the DH group type and save the \r
+ Generate a Key Exchange payload according to the DH group type and save the\r
public Key into IkeSaSession IkeKey field.\r
\r
@param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.\r
- @param[in] NextPayload The payload type presented in the NextPayload field of Key \r
+ @param[in] NextPayload The payload type presented in the NextPayload field of Key\r
Exchange Payload header.\r
\r
@retval Pointer to Key IKE payload.\r
} else {\r
KeSize = sizeof (IKEV2_KEY_EXCHANGE) + IkeKeys->DhBuffer->GxSize;\r
}\r
- \r
+\r
//\r
// Allocate buffer for Key Exchange\r
//\r
Ke = AllocateZeroPool (KeSize);\r
- ASSERT (Ke != NULL);\r
+ if (Ke == NULL) {\r
+ return NULL;\r
+ }\r
\r
Ke->Header.NextPayload = NextPayload;\r
Ke->Header.PayloadLength = (UINT16) KeSize;\r
Ke->DhGroup = IkeSaSession->SessionCommon.PreferDhGroup;\r
\r
CopyMem (Ke + 1, IkeKeys->DhBuffer->GxBuffer, IkeKeys->DhBuffer->GxSize);\r
- \r
+\r
+ //\r
+ // Create IKE_PAYLOAD to point to Key Exchange payload\r
//\r
- // Create IKE_PAYLOAD to point to Key Exchange payload \r
- // \r
KePayload = IkePayloadAlloc ();\r
- ASSERT (KePayload != NULL);\r
- \r
+ if (KePayload == NULL) {\r
+ FreePool (Ke);\r
+ return NULL;\r
+ }\r
+\r
KePayload->PayloadType = IKEV2_PAYLOAD_TYPE_KE;\r
KePayload->PayloadBuf = (UINT8 *) Ke;\r
KePayload->PayloadSize = KeSize;\r
Generate a ID payload.\r
\r
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r
- @param[in] NextPayload The payload type presented in the NextPayload field \r
+ @param[in] NextPayload The payload type presented in the NextPayload field\r
of ID Payload header.\r
\r
@retval Pointer to ID IKE payload.\r
// ! !\r
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\r
//\r
- \r
+\r
IpVersion = CommonSession->UdpService->IpVersion;\r
AddrSize = (UINT8) ((IpVersion == IP_VERSION_4) ? sizeof(EFI_IPv4_ADDRESS) : sizeof(EFI_IPv6_ADDRESS));\r
IdSize = sizeof (IKEV2_ID) + AddrSize;\r
\r
Id = (IKEV2_ID *) AllocateZeroPool (IdSize);\r
- ASSERT (Id != NULL);\r
+ if (Id == NULL) {\r
+ return NULL;\r
+ }\r
\r
IdPayload = IkePayloadAlloc ();\r
- ASSERT (IdPayload != NULL);\r
+ if (IdPayload == NULL) {\r
+ FreePool (Id);\r
+ return NULL;\r
+ }\r
\r
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);\r
IdPayload->PayloadBuf = (UINT8 *) Id;\r
IdPayload->PayloadSize = IdSize;\r
\r
//\r
- // Set generic header of identification payload \r
+ // Set generic header of identification payload\r
//\r
Id->Header.NextPayload = NextPayload;\r
Id->Header.PayloadLength = (UINT16) IdSize;\r
Generate a ID payload.\r
\r
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.\r
- @param[in] NextPayload The payload type presented in the NextPayload field \r
+ @param[in] NextPayload The payload type presented in the NextPayload field\r
of ID Payload header.\r
@param[in] InCert Pointer to the Certificate which distinguished name\r
will be added into the Id payload.\r
IKE_PAYLOAD *IdPayload;\r
IKEV2_ID *Id;\r
UINTN IdSize;\r
- UINT8 IpVersion;\r
UINTN SubjectSize;\r
UINT8 *CertSubject;\r
- \r
+\r
//\r
// ID payload\r
// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1\r
\r
SubjectSize = 0;\r
CertSubject = NULL;\r
- IpVersion = CommonSession->UdpService->IpVersion;\r
IpSecCryptoIoGetSubjectFromCert (\r
InCert,\r
CertSize,\r
IdSize = sizeof (IKEV2_ID) + SubjectSize;\r
\r
Id = (IKEV2_ID *) AllocateZeroPool (IdSize);\r
- ASSERT (Id != NULL);\r
+ if (Id == NULL) {\r
+ return NULL;\r
+ }\r
\r
IdPayload = IkePayloadAlloc ();\r
- ASSERT (IdPayload != NULL);\r
+ if (IdPayload == NULL) {\r
+ FreePool (Id);\r
+ return NULL;\r
+ }\r
\r
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);\r
IdPayload->PayloadBuf = (UINT8 *) Id;\r
IdPayload->PayloadSize = IdSize;\r
\r
//\r
- // Set generic header of identification payload \r
+ // Set generic header of identification payload\r
//\r
Id->Header.NextPayload = NextPayload;\r
Id->Header.PayloadLength = (UINT16) IdSize;\r
/**\r
Generate a Authentication Payload.\r
\r
- This function is used for both Authentication generation and verification. When the \r
- IsVerify is TRUE, it create a Auth Data for verification. This function choose the \r
+ This function is used for both Authentication generation and verification. When the\r
+ IsVerify is TRUE, it create a Auth Data for verification. This function choose the\r
related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type\r
and the value of IsVerify parameter.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
- @param[in] IdPayload Pointer to the ID payload to be used for Authentication \r
+ @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r
payload generation.\r
- @param[in] NextPayload The type filled into the Authentication Payload next \r
+ @param[in] NextPayload The type filled into the Authentication Payload next\r
payload field.\r
@param[in] IsVerify If it is TURE, the Authentication payload is used for\r
verification.\r
// ! !\r
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\r
//\r
- \r
+\r
KeyBuf = NULL;\r
AuthPayload = NULL;\r
Digest = NULL;\r
- \r
+\r
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);\r
Digest = AllocateZeroPool (DigestSize);\r
-\r
if (Digest == NULL) {\r
return NULL;\r
}\r
+\r
if (IdPayload == NULL) {\r
return NULL;\r
}\r
+\r
//\r
// Calcualte Prf(Seceret, "Key Pad for IKEv2");\r
//\r
Status = IpSecCryptoIoHmac (\r
(UINT8)IkeSaSession->SessionCommon.SaParams->Prf,\r
IkeSaSession->Pad->Data->AuthData,\r
- IkeSaSession->Pad->Data->AuthDataSize, \r
+ IkeSaSession->Pad->Data->AuthDataSize,\r
(HASH_DATA_FRAGMENT *)Fragments,\r
1,\r
Digest,\r
// Store the AuthKey into KeyBuf\r
//\r
KeyBuf = AllocateZeroPool (DigestSize);\r
- ASSERT (KeyBuf != NULL);\r
+ if (KeyBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
CopyMem (KeyBuf, Digest, DigestSize);\r
KeySize = DigestSize;\r
\r
\r
//\r
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].\r
- // \r
+ //\r
Fragments[2].Data = AllocateZeroPool (DigestSize);\r
+ if (Fragments[2].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
// Allocate buffer for Auth Payload\r
//\r
AuthPayload = IkePayloadAlloc ();\r
- ASSERT (AuthPayload != NULL);\r
+ if (AuthPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
\r
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + DigestSize;\r
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);\r
- ASSERT (PayloadBuf != NULL);\r
+ if (PayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
//\r
// Fill in Auth payload.\r
//\r
Digest,\r
DigestSize\r
);\r
- \r
+\r
//\r
// Fill in IKE_PACKET\r
//\r
if (Fragments[2].Data != NULL) {\r
//\r
// Free the buffer which contains the result of Prf(SK_Pr, IDi/r)\r
- // \r
+ //\r
FreePool (Fragments[2].Data);\r
}\r
\r
}\r
\r
/**\r
- Generate a Authentication Payload for Certificate Auth method. \r
+ Generate a Authentication Payload for Certificate Auth method.\r
\r
- This function has two functions. One is creating a local Authentication \r
- Payload for sending and other is creating the remote Authentication data \r
+ This function has two functions. One is creating a local Authentication\r
+ Payload for sending and other is creating the remote Authentication data\r
for verification when the IsVerify is TURE.\r
\r
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.\r
- @param[in] IdPayload Pointer to the ID payload to be used for Authentication \r
+ @param[in] IdPayload Pointer to the ID payload to be used for Authentication\r
payload generation.\r
- @param[in] NextPayload The type filled into the Authentication Payload \r
+ @param[in] NextPayload The type filled into the Authentication Payload\r
next payload field.\r
- @param[in] IsVerify If it is TURE, the Authentication payload is used \r
+ @param[in] IsVerify If it is TURE, the Authentication payload is used\r
for verification.\r
- @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when \r
+ @param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when\r
verify the authenticate payload.\r
- @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it \r
+ @param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it\r
when verify the authenticate payload.\r
- @param[in] UefiKeyPwd Pointer to the password of UEFI private key. \r
+ @param[in] UefiKeyPwd Pointer to the password of UEFI private key.\r
Ignore it when verify the authenticate payload.\r
- @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when \r
+ @param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when\r
verify the authenticate payload.\r
\r
@return pointer to IKE Authentication payload for Cerifitcation method.\r
UINT8 *Digest;\r
UINTN DigestSize;\r
PRF_DATA_FRAGMENT Fragments[3];\r
- UINT8 *KeyBuf;\r
- UINTN KeySize;\r
IKE_PAYLOAD *AuthPayload;\r
IKEV2_AUTH *PayloadBuf;\r
EFI_STATUS Status;\r
//\r
// Initial point\r
//\r
- KeyBuf = NULL;\r
AuthPayload = NULL;\r
Digest = NULL;\r
Signature = NULL;\r
}\r
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);\r
Digest = AllocateZeroPool (DigestSize);\r
-\r
if (Digest == NULL) {\r
return NULL;\r
}\r
\r
- //\r
- // Store the AuthKey into KeyBuf\r
- //\r
- KeyBuf = AllocateZeroPool (DigestSize);\r
- ASSERT (KeyBuf != NULL);\r
-\r
- CopyMem (KeyBuf, Digest, DigestSize);\r
- KeySize = DigestSize;\r
-\r
//\r
// Calculate Prf(SK_Pi/r, IDi/r)\r
//\r
IpSecDumpBuf ("RealMessage1", Fragments[0].Data, Fragments[0].DataSize);\r
IpSecDumpBuf ("NonceRDdata", Fragments[1].Data, Fragments[1].DataSize);\r
}\r
- \r
+\r
//\r
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].\r
- // \r
+ //\r
Fragments[2].Data = AllocateZeroPool (DigestSize);\r
+ if (Fragments[2].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
\r
IpSecDumpBuf ("HashSignedOctects", Digest, DigestSize);\r
//\r
- // Sign the data by the private Key \r
+ // Sign the data by the private Key\r
//\r
if (!IsVerify) {\r
IpSecCryptoIoAuthDataWithCertificate (\r
// Allocate buffer for Auth Payload\r
//\r
AuthPayload = IkePayloadAlloc ();\r
- ASSERT (AuthPayload != NULL);\r
+ if (AuthPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
\r
if (!IsVerify) {\r
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + SigSize;\r
}\r
\r
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);\r
- ASSERT (PayloadBuf != NULL);\r
+ if (PayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
//\r
// Fill in Auth payload.\r
//\r
AuthPayload->PayloadType = IKEV2_PAYLOAD_TYPE_AUTH;\r
\r
EXIT:\r
- if (KeyBuf != NULL) {\r
- FreePool (KeyBuf);\r
- }\r
if (Digest != NULL) {\r
FreePool (Digest);\r
}\r
if (Fragments[2].Data != NULL) {\r
//\r
// Free the buffer which contains the result of Prf(SK_Pr, IDi/r)\r
- // \r
+ //\r
FreePool (Fragments[2].Data);\r
}\r
\r
This function generates TSi or TSr payload according to type of next payload.\r
If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate\r
TSr payload.\r
- \r
+\r
@param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.\r
- @param[in] NextPayload The payload type presented in the NextPayload field \r
+ @param[in] NextPayload The payload type presented in the NextPayload field\r
of ID Payload header.\r
@param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.\r
If yes, it means the Tsi and Tsr payload should be with\r
//\r
\r
TsPayload = IkePayloadAlloc();\r
- ASSERT (TsPayload != NULL);\r
+ if (TsPayload == NULL) {\r
+ return NULL;\r
+ }\r
\r
IpVersion = ChildSa->SessionCommon.UdpService->IpVersion;\r
//\r
- // The Starting Address and Ending Address is variable length depends on \r
+ // The Starting Address and Ending Address is variable length depends on\r
// is IPv4 or IPv6\r
//\r
AddrSize = (UINT8)((IpVersion == IP_VERSION_4) ? sizeof (EFI_IPv4_ADDRESS) : sizeof (EFI_IPv6_ADDRESS));\r
SelectorSize = sizeof (TRAFFIC_SELECTOR) + 2 * AddrSize;\r
TsPayloadSize = sizeof (IKEV2_TS) + SelectorSize;\r
TsPayloadBuf = AllocateZeroPool (TsPayloadSize);\r
- ASSERT (TsPayloadBuf != NULL);\r
+ if (TsPayloadBuf == NULL) {\r
+ goto ON_ERROR;\r
+ }\r
\r
TsPayload->PayloadBuf = (UINT8 *) TsPayloadBuf;\r
TsSelector = (TRAFFIC_SELECTOR*)(TsPayloadBuf + 1);\r
TsSelector->TSType = (UINT8)((IpVersion == IP_VERSION_4) ? IKEV2_TS_TYPE_IPV4_ADDR_RANGE : IKEV2_TS_TYPS_IPV6_ADDR_RANGE);\r
\r
//\r
- // For tunnel mode \r
+ // For tunnel mode\r
//\r
if (IsTunnel) {\r
TsSelector->IpProtocolId = IKEV2_TS_ANY_PROTOCOL;\r
//\r
if (NextPayload == IKEV2_PAYLOAD_TYPE_TS_RSP){\r
//\r
- // Create initiator Traffic Selector \r
- // \r
+ // Create initiator Traffic Selector\r
+ //\r
TsSelector->SelecorLen = (UINT16)SelectorSize;\r
\r
//\r
if (ChildSa->SessionCommon.IsInitiator) {\r
if (ChildSa->Spd->Selector->LocalPort != 0 &&\r
ChildSa->Spd->Selector->LocalPortRange == 0) {\r
- // \r
+ //\r
// For not port range.\r
//\r
TsSelector->StartPort = ChildSa->Spd->Selector->LocalPort;\r
goto ON_ERROR;\r
}\r
} else {\r
- if (ChildSa->Spd->Selector->RemotePort != 0 && \r
+ if (ChildSa->Spd->Selector->RemotePort != 0 &&\r
ChildSa->Spd->Selector->RemotePortRange == 0) {\r
//\r
// For not port range.\r
//\r
// Copy Address.Currently the address range is not supported.\r
// The Starting address is same as Ending address\r
- // TODO: Support Address Range. \r
+ // TODO: Support Address Range.\r
//\r
CopyMem (\r
(UINT8*)TsSelector + sizeof(TRAFFIC_SELECTOR),\r
}else{\r
//\r
// Create responder Traffic Selector\r
- // \r
+ //\r
TsSelector->SelecorLen = (UINT16)SelectorSize;\r
- \r
+\r
//\r
// Currently only support the port range from 0~0xffff. Don't support other\r
// port range.\r
//\r
// Copy Address.Currently the address range is not supported.\r
// The Starting address is same as Ending address\r
- // TODO: Support Address Range. \r
+ // TODO: Support Address Range.\r
//\r
CopyMem (\r
(UINT8*)TsSelector + sizeof(TRAFFIC_SELECTOR),\r
TsSelector->IpProtocolId = (UINT8)ChildSa->Spd->Selector->NextLayerProtocol;\r
} else {\r
TsSelector->IpProtocolId = IKEV2_TS_ANY_PROTOCOL;\r
- } \r
- \r
+ }\r
+\r
TsPayloadBuf->Header.NextPayload = NextPayload;\r
TsPayloadBuf->Header.PayloadLength = (UINT16)TsPayloadSize;\r
TsPayloadBuf->TSNumbers = 1;\r
\r
ON_ERROR:\r
if (TsPayload != NULL) {\r
- IkePayloadFree (TsPayload); \r
+ IkePayloadFree (TsPayload);\r
TsPayload = NULL;\r
}\r
-ON_EXIT: \r
+ON_EXIT:\r
return TsPayload;\r
}\r
\r
Generate the Notify payload.\r
\r
Since the structure of Notify payload which defined in RFC 4306 is simple, so\r
- there is no internal data structure for Notify payload. This function generate \r
- Notify payload defined in RFC 4306, but all the fields in this payload are still \r
- in host order and need call Ikev2EncodePayload() to convert those fields from \r
+ there is no internal data structure for Notify payload. This function generate\r
+ Notify payload defined in RFC 4306, but all the fields in this payload are still\r
+ in host order and need call Ikev2EncodePayload() to convert those fields from\r
the host order to network order beforing sending it.\r
\r
@param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).\r
For IPsec SAs it MUST be neither (2) for AH or (3)\r
for ESP.\r
- @param[in] NextPayload The next paylaod type in NextPayload field of \r
+ @param[in] NextPayload The next paylaod type in NextPayload field of\r
the Notify payload.\r
- @param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload. \r
- @param[in] MessageType The message type in NotifyMessageType field of the \r
+ @param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.\r
+ @param[in] MessageType The message type in NotifyMessageType field of the\r
Notify Payload.\r
@param[in] SpiBuf Pointer to buffer contains the SPI value.\r
@param[in] NotifyData Pointer to buffer contains the notification data.\r
@param[in] NotifyDataSize The size of NotifyData in bytes.\r
- \r
+\r
\r
@retval Pointer to IKE Notify Payload.\r
\r
//\r
NotifyPayloadLen = (UINT16) (sizeof (IKEV2_NOTIFY) + NotifyDataSize + SpiSize);\r
Notify = (IKEV2_NOTIFY *) AllocateZeroPool (NotifyPayloadLen);\r
- ASSERT (Notify != NULL);\r
+ if (Notify == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Set Delete Payload's Generic Header\r
// Create Payload for and set type as IKEV2_PAYLOAD_TYPE_NOTIFY\r
//\r
NotifyPayload = IkePayloadAlloc ();\r
- ASSERT (NotifyPayload != NULL);\r
+ if (NotifyPayload == NULL) {\r
+ FreePool (Notify);\r
+ return NULL;\r
+ }\r
+\r
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;\r
NotifyPayload->PayloadBuf = (UINT8 *) Notify;\r
NotifyPayload->PayloadSize = NotifyPayloadLen;\r
/**\r
Generate the Delete payload.\r
\r
- Since the structure of Delete payload which defined in RFC 4306 is simple, \r
- there is no internal data structure for Delete payload. This function generate \r
- Delete payload defined in RFC 4306, but all the fields in this payload are still \r
- in host order and need call Ikev2EncodePayload() to convert those fields from \r
+ Since the structure of Delete payload which defined in RFC 4306 is simple,\r
+ there is no internal data structure for Delete payload. This function generate\r
+ Delete payload defined in RFC 4306, but all the fields in this payload are still\r
+ in host order and need call Ikev2EncodePayload() to convert those fields from\r
the host order to network order beforing sending it.\r
\r
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.\r
- @param[in] NextPayload The next paylaod type in NextPayload field of \r
+ @param[in] NextPayload The next paylaod type in NextPayload field of\r
the Delete payload.\r
@param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.\r
@param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.\r
IN UINT8 SpiSize,\r
IN UINT16 SpiNum,\r
IN UINT8 *SpiBuf\r
- \r
+\r
)\r
{\r
IKE_PAYLOAD *DelPayload;\r
if (SpiBufSize != 0 && SpiBuf == NULL) {\r
return NULL;\r
}\r
- \r
+\r
DelPayloadLen = (UINT16) (sizeof (IKEV2_DELETE) + SpiBufSize);\r
\r
Del = AllocateZeroPool (DelPayloadLen);\r
- ASSERT (Del != NULL);\r
- \r
+ if (Del == NULL) {\r
+ return NULL;\r
+ }\r
+\r
//\r
// Set Delete Payload's Generic Header\r
//\r
//\r
CopyMem (Del + 1, SpiBuf, SpiBufSize);\r
DelPayload = IkePayloadAlloc ();\r
- ASSERT (DelPayload != NULL);\r
+ if (DelPayload == NULL) {\r
+ FreePool (Del);\r
+ return NULL;\r
+ }\r
+\r
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;\r
DelPayload->PayloadBuf = (UINT8 *) Del;\r
DelPayload->PayloadSize = DelPayloadLen;\r
/**\r
Generate the Configuration payload.\r
\r
- This function generate configuration payload defined in RFC 4306, but all the \r
- fields in this payload are still in host order and need call Ikev2EncodePayload() \r
+ This function generate configuration payload defined in RFC 4306, but all the\r
+ fields in this payload are still in host order and need call Ikev2EncodePayload()\r
to convert those fields from the host order to network order beforing sending it.\r
\r
- @param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload \r
+ @param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload\r
generation.\r
- @param[in] NextPayload The next paylaod type in NextPayload field of \r
+ @param[in] NextPayload The next paylaod type in NextPayload field of\r
the Delete payload.\r
@param[in] CfgType The attribute type in the Configuration attribute.\r
\r
CfgAttributes = (IKEV2_CFG_ATTRIBUTES *)((UINT8 *)Cfg + sizeof (IKEV2_CFG));\r
\r
//\r
- // Only generate the configuration payload with an empty INTERNAL_IP4_ADDRESS \r
- // or INTERNAL_IP6_ADDRESS. \r
+ // Only generate the configuration payload with an empty INTERNAL_IP4_ADDRESS\r
+ // or INTERNAL_IP6_ADDRESS.\r
//\r
\r
Cfg->Header.NextPayload = NextPayload;\r
IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not\r
the COOKIE, return EFI_INVALID_PARAMETER.\r
\r
- @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the \r
+ @param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the\r
Notify Cookie payload.\r
the Notify payload.\r
@param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.\r
Ikev2ParserNotifyCookiePayload (\r
IN IKE_PAYLOAD *IkeNCookie,\r
IN OUT IKEV2_SA_SESSION *IkeSaSession\r
- ) \r
+ )\r
{\r
IKEV2_NOTIFY *NotifyPayload;\r
UINTN NotifyDataSize;\r
\r
NotifyPayload = (IKEV2_NOTIFY *)IkeNCookie->PayloadBuf;\r
\r
- if ((NotifyPayload->ProtocolId != IPSEC_PROTO_ISAKMP) || \r
+ if ((NotifyPayload->ProtocolId != IPSEC_PROTO_ISAKMP) ||\r
(NotifyPayload->SpiSize != 0) ||\r
(NotifyPayload->MessageType != IKEV2_NOTIFICATION_COOKIE)\r
) {\r
IkeSaSession->NCookieSize = NotifyDataSize;\r
\r
CopyMem (\r
- IkeSaSession->NCookie, \r
- NotifyPayload + sizeof (IKEV2_NOTIFY), \r
+ IkeSaSession->NCookie,\r
+ (UINT8 *)NotifyPayload + sizeof (IKEV2_NOTIFY),\r
NotifyDataSize\r
);\r
\r
/**\r
Generate the Certificate payload or Certificate Request Payload.\r
\r
- Since the Certificate Payload structure is same with Certificate Request Payload, \r
+ Since the Certificate Payload structure is same with Certificate Request Payload,\r
the only difference is that one contains the Certificate Data, other contains\r
- the acceptable certificateion CA. This function generate Certificate payload \r
- or Certificate Request Payload defined in RFC 4306, but all the fields \r
- in the payload are still in host order and need call Ikev2EncodePayload() \r
+ the acceptable certificateion CA. This function generate Certificate payload\r
+ or Certificate Request Payload defined in RFC 4306, but all the fields\r
+ in the payload are still in host order and need call Ikev2EncodePayload()\r
to convert those fields from the host order to network order beforing sending it.\r
\r
- @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload \r
+ @param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload\r
generation.\r
- @param[in] NextPayload The next paylaod type in NextPayload field of \r
+ @param[in] NextPayload The next paylaod type in NextPayload field of\r
the Delete payload.\r
@param[in] Certificate Pointer of buffer contains the certification data.\r
@param[in] CertificateLen The length of Certificate in byte.\r
in RFC 4306.\r
@param[in] IsRequest To indicate create Certificate Payload or Certificate\r
Request Payload. If it is TURE, create Certificate\r
- Payload. Otherwise, create Certificate Request Payload.\r
+ Request Payload. Otherwise, create Certificate Payload.\r
\r
@retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r
payload or Certificated Request payload.\r
\r
Status = EFI_SUCCESS;\r
PublicKey = NULL;\r
- PublicKeyLen = 0; \r
+ PublicKeyLen = 0;\r
\r
if (!IsRequest) {\r
PayloadLen = (UINT16) (sizeof (IKEV2_CERT) + CertificateLen);\r
if (Cert == NULL) {\r
return NULL;\r
}\r
- \r
+\r
//\r
// Generate Certificate Payload or Certificate Request Payload.\r
//\r
&PublicKeyLen\r
);\r
if (EFI_ERROR (Status)) {\r
- goto ON_EXIT; \r
+ goto ON_EXIT;\r
}\r
\r
Fragment[0].Data = PublicKey;\r
if (HashData == NULL) {\r
goto ON_EXIT;\r
}\r
- \r
+\r
Status = IpSecCryptoIoHash (\r
IKE_AALG_SHA1HMAC,\r
Fragment,\r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
}\r
- \r
+\r
CopyMem (\r
((UINT8 *)Cert) + sizeof (IKEV2_CERT),\r
HashData,\r
if (CertPayload == NULL) {\r
goto ON_EXIT;\r
}\r
- \r
+\r
if (!IsRequest) {\r
CertPayload->PayloadType = IKEV2_PAYLOAD_TYPE_CERT;\r
} else {\r
@param[in] SaData Pointer to IKEV2_SA_DATA to be transfered.\r
\r
@retval return the pointer of IKEV2_SA.\r
- \r
+\r
**/\r
IKEV2_SA*\r
Ikev2EncodeSa (\r
UINTN TransformIndex;\r
IKE_SA_ATTRIBUTE *SaAttribute;\r
IKEV2_PROPOSAL *Proposal;\r
- IKEV2_PROPOSAL *LastProposal;\r
IKEV2_TRANSFORM *Transform;\r
- IKEV2_TRANSFORM *LastTransform;\r
- \r
+\r
//\r
// Transform IKE_SA_DATA structure to IKE_SA Payload.\r
// Header length is host order.\r
//\r
TotalTransforms = 0;\r
//\r
- // Caculate the Proposal numbers and Transform numbers.\r
+ // Calculate the Proposal numbers and Transform numbers.\r
//\r
for (ProposalIndex = 0; ProposalIndex < SaData->NumProposals; ProposalIndex++) {\r
\r
// Allocate buffer for IKE_SA.\r
//\r
Sa = AllocateZeroPool (SaSize);\r
- ASSERT (Sa != NULL);\r
+ if (Sa == NULL) {\r
+ return NULL;\r
+ }\r
+\r
CopyMem (Sa, SaData, sizeof (IKEV2_SA));\r
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);\r
ProposalsSize = 0;\r
- LastProposal = NULL;\r
Proposal = (IKEV2_PROPOSAL *) (Sa + 1);\r
\r
//\r
}\r
\r
TransformsSize = 0;\r
- LastTransform = NULL;\r
Transform = (IKEV2_TRANSFORM *) ((UINT8 *) (Proposal + 1) + Proposal->SpiSize);\r
\r
//\r
\r
TransformSize = sizeof (IKEV2_TRANSFORM) + SaAttrsSize;\r
TransformsSize += TransformSize;\r
- \r
+\r
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_MORE;\r
Transform->Header.PayloadLength = HTONS ((UINT16)TransformSize);\r
- \r
- if (TransformIndex == ProposalData->NumTransforms) {\r
- LastTransform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE;\r
+\r
+ if (TransformIndex == ((UINT32)ProposalData->NumTransforms - 1)) {\r
+ Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE;\r
}\r
\r
Transform = (IKEV2_TRANSFORM *)((UINT8 *) Transform + TransformSize);\r
}\r
- \r
+\r
//\r
// Set Proposal's Generic Header.\r
//\r
ProposalsSize += ProposalSize;\r
Proposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_MORE;\r
Proposal->Header.PayloadLength = HTONS ((UINT16)ProposalSize);\r
- \r
- if (ProposalIndex == SaData->NumProposals) {\r
- LastProposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_NONE;\r
+\r
+ if (ProposalIndex == (UINTN)(SaData->NumProposals - 1)) {\r
+ Proposal->Header.NextPayload = IKE_PROPOSAL_NEXT_PAYLOAD_NONE;\r
}\r
\r
//\r
\r
This function converts the received SA payload to internal data structure.\r
\r
- @param[in] SessionCommon Pointer to IKE Common Session used to decode the SA \r
+ @param[in] SessionCommon Pointer to IKE Common Session used to decode the SA\r
Payload.\r
@param[in] Sa Pointer to SA Payload\r
\r
Proposal = (IKEV2_PROPOSAL *)((IKEV2_SA *)(Sa)+1);\r
\r
//\r
- // Caculate the number of Proposal payload and the total numbers of\r
+ // Calculate the number of Proposal payload and the total numbers of\r
// Transforms payload (the transforms in all proposal payload).\r
//\r
while (SaRemaining > sizeof (IKEV2_PROPOSAL)) {\r
}\r
\r
//\r
- // Check the proposal number. The Proposal Payload type is 2. Nonce Paylod is 0.\r
- // SUM(ProposalNextPayload) = Proposal Num * 2 + Noce Payload Type (0).\r
+ // Check the proposal number.\r
+ // The proposal Substructure, the NextPayLoad field indicates : 0 (last) or 2 (more)\r
+ // which Specifies whether this is the last Proposal Substructure in the SA.\r
+ // Here suming all Proposal NextPayLoad field to check the proposal number is correct\r
+ // or not.\r
//\r
if (TotalProposals == 0 ||\r
- (TotalProposals - 1) * IKE_PROPOSAL_NEXT_PAYLOAD_MORE + IKE_PROPOSAL_NEXT_PAYLOAD_NONE != ProposalNextPayloadSum\r
+ (TotalProposals - 1) * IKE_PROPOSAL_NEXT_PAYLOAD_MORE != ProposalNextPayloadSum\r
) {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
TotalProposals * sizeof (IKEV2_PROPOSAL_DATA) +\r
TotalTransforms * sizeof (IKEV2_TRANSFORM_DATA)\r
);\r
- ASSERT (SaData != NULL);\r
+ if (SaData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (SaData, Sa, sizeof (IKEV2_SA));\r
SaData->NumProposals = TotalProposals;\r
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);\r
ProposalIndex < TotalProposals;\r
ProposalIndex++\r
) {\r
- \r
+\r
//\r
// TODO: check ProposalId\r
//\r
// SpiSize == 4\r
//\r
Spi = AllocateZeroPool (Proposal->SpiSize);\r
- ASSERT (Spi != NULL);\r
+ if (Spi == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);\r
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));\r
ProposalData->Spi = Spi;\r
SaAttrRemaining = TransformSize - sizeof (IKEV2_TRANSFORM);\r
\r
//\r
- // According to RFC 4603, currently only the Key length attribute type is \r
+ // According to RFC 4603, currently only the Key length attribute type is\r
// supported. For each Transform, there is only one attributeion.\r
//\r
if (SaAttrRemaining > 0) {\r
if (TransformData->Attribute.AttrType != IKEV2_ATTRIBUTE_TYPE_KEYLEN) {\r
Status = EFI_INVALID_PARAMETER;\r
goto Exit;\r
- } \r
+ }\r
}\r
\r
//\r
// Move to next Transform\r
- // \r
+ //\r
Transform = IKEV2_NEXT_TRANSFORM_WITH_SIZE (Transform, TransformSize);\r
}\r
Proposal = IKEV2_NEXT_PROPOSAL_WITH_SIZE (Proposal, ProposalSize);\r
/**\r
General interface of payload encoding.\r
\r
- This function encodes the internal data structure into payload which \r
+ This function encodes the internal data structure into payload which\r
is defined in RFC 4306. The IkePayload->PayloadBuf is used to store both the input\r
payload and converted payload. Only the SA payload use the interal structure\r
to store the attribute. Other payload use structure which is same with the RFC\r
NotifyPayload = (IKEV2_NOTIFY *) IkePayload->PayloadBuf;\r
NotifyPayload->MessageType = HTONS (NotifyPayload->MessageType);\r
break;\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_DELETE:\r
DeletePayload = (IKEV2_DELETE *) IkePayload->PayloadBuf;\r
DeletePayload->NumSpis = HTONS (DeletePayload->NumSpis);\r
break;\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_KE:\r
KeyPayload = (IKEV2_KEY_EXCHANGE *) IkePayload->PayloadBuf;\r
KeyPayload->DhGroup = HTONS (KeyPayload->DhGroup);\r
break;\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_TS_INIT:\r
case IKEV2_PAYLOAD_TYPE_TS_RSP:\r
TsPayload = (IKEV2_TS *) IkePayload->PayloadBuf;\r
TrafficSelector->SelecorLen = HTONS (TrafficSelector->SelecorLen);\r
TrafficSelector->StartPort = HTONS (TrafficSelector->StartPort);\r
TrafficSelector->EndPort = HTONS (TrafficSelector->EndPort);\r
- \r
+\r
}\r
\r
break;\r
CfgAttribute = (IKEV2_CFG_ATTRIBUTES *)(((IKEV2_CFG *) IkePayload->PayloadBuf) + 1);\r
CfgAttribute->AttritType = HTONS (CfgAttribute->AttritType);\r
CfgAttribute->ValueLength = HTONS (CfgAttribute->ValueLength);\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_ID_INIT:\r
case IKEV2_PAYLOAD_TYPE_ID_RSP:\r
case IKEV2_PAYLOAD_TYPE_AUTH:\r
default:\r
break;\r
}\r
- \r
+\r
PayloadHdr = (IKEV2_COMMON_PAYLOAD_HEADER *) IkePayload->PayloadBuf;\r
IkePayload->PayloadSize = PayloadHdr->PayloadLength;\r
PayloadHdr->PayloadLength = HTONS (PayloadHdr->PayloadLength);\r
\r
@param[in] SessionCommon Pointer to IKE Session Common used for decoding.\r
@param[in, out] IkePayload Pointer to IKE payload to be decoded as input, and\r
- store the decoded result as output. \r
+ store the decoded result as output.\r
\r
@retval EFI_INVALID_PARAMETER Meet error when decoding the SA payload.\r
@retval EFI_SUCCESS Decoded successfully.\r
// Transform the IKE payload to Internal IKE structure.\r
// Only the SA payload and Hash Payload use the interal\r
// structure to store the attribute. Other payloads use\r
- // structure which is same with the definitions in RFC, \r
- // so there is no need to tranform them to internal IKE \r
+ // structure which is same with the definitions in RFC,\r
+ // so there is no need to tranform them to internal IKE\r
// structure.\r
//\r
Status = EFI_SUCCESS;\r
if (!IkePayload->IsPayloadBufExt) {\r
FreePool (IkePayload->PayloadBuf);\r
}\r
- \r
+\r
IkePayload->PayloadBuf = (UINT8 *) SaData;\r
- IkePayload->IsPayloadBufExt = FALSE; \r
+ IkePayload->IsPayloadBufExt = FALSE;\r
break;\r
\r
case IKEV2_PAYLOAD_TYPE_ID_INIT:\r
NotifyPayload = (IKEV2_NOTIFY *) PayloadHdr;\r
NotifyPayload->MessageType = NTOHS (NotifyPayload->MessageType);\r
break;\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_DELETE:\r
if (PayloadSize < sizeof (IKEV2_DELETE)) {\r
Status = EFI_INVALID_PARAMETER;\r
DeletePayload = (IKEV2_DELETE *) PayloadHdr;\r
DeletePayload->NumSpis = NTOHS (DeletePayload->NumSpis);\r
break;\r
- \r
+\r
case IKEV2_PAYLOAD_TYPE_AUTH:\r
if (PayloadSize < sizeof (IKEV2_AUTH)) {\r
Status = EFI_INVALID_PARAMETER;\r
case IKEV2_PAYLOAD_TYPE_KE:\r
KeyPayload = (IKEV2_KEY_EXCHANGE *) IkePayload->PayloadBuf;\r
KeyPayload->DhGroup = HTONS (KeyPayload->DhGroup);\r
- break; \r
+ break;\r
\r
case IKEV2_PAYLOAD_TYPE_TS_INIT:\r
case IKEV2_PAYLOAD_TYPE_TS_RSP :\r
/**\r
Decode the IKE packet.\r
\r
- This function first decrypts the IKE packet if needed , then separates the whole \r
+ This function first decrypts the IKE packet if needed , then separates the whole\r
IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.\r
- \r
- @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing \r
+\r
+ @param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing\r
some parameter used by IKE packet decoding.\r
- @param[in, out] IkePacket The IKE Packet to be decoded on input, and \r
+ @param[in, out] IkePacket The IKE Packet to be decoded on input, and\r
the decoded result on return.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supported.\r
IKEV2_SA_SESSION *IkeSaSession;\r
\r
IkeHeader = NULL;\r
- \r
+\r
//\r
// Check if the IkePacket need decrypt.\r
//\r
// If the IkePacket doesn't contain any payload return invalid parameter.\r
//\r
if (IkePacket->Header->NextPayload == IKEV2_PAYLOAD_TYPE_NONE) {\r
- if ((SessionCommon->State >= IkeStateAuth) && \r
+ if ((SessionCommon->State >= IkeStateAuth) &&\r
(IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INFO)\r
) {\r
//\r
//\r
if (IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INIT) {\r
IkeHeader = AllocateZeroPool (sizeof (IKE_HEADER));\r
- ASSERT (IkeHeader != NULL);\r
+ if (IkeHeader == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));\r
\r
//\r
IkeSaSession->RespPacket = AllocateZeroPool (IkePacket->Header->Length);\r
if (IkeSaSession->RespPacket == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
- goto Exit; \r
+ goto Exit;\r
}\r
IkeSaSession->RespPacketSize = IkePacket->Header->Length;\r
CopyMem (IkeSaSession->RespPacket, IkeHeader, sizeof (IKE_HEADER));\r
IkeSaSession->RespPacket + sizeof (IKE_HEADER),\r
IkePacket->PayloadsBuf,\r
IkePacket->Header->Length - sizeof (IKE_HEADER)\r
- ); \r
+ );\r
} else {\r
IkeSaSession->InitPacket = AllocateZeroPool (IkePacket->Header->Length);\r
if (IkeSaSession->InitPacket == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
- goto Exit; \r
+ goto Exit;\r
}\r
IkeSaSession->InitPacketSize = IkePacket->Header->Length;\r
CopyMem (IkeSaSession->InitPacket, IkeHeader, sizeof (IKE_HEADER));\r
}\r
\r
//\r
- // Point to the first Payload \r
+ // Point to the first Payload\r
//\r
PayloadHdr = (IKEV2_COMMON_PAYLOAD_HEADER *) IkePacket->PayloadsBuf;\r
PayloadType = IkePacket->Header->NextPayload;\r
// Initial IkePayload\r
//\r
IkePayload = IkePayloadAlloc ();\r
- ASSERT (IkePayload != NULL);\r
+ if (IkePayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
IkePayload->PayloadType = PayloadType;\r
IkePayload->PayloadBuf = (UINT8 *) PayloadHdr;\r
\r
This function puts all Payloads into one payload then encrypt it if needed.\r
\r
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing \r
+ @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r
some parameter used during IKE packet encoding.\r
- @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input, \r
+ @param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,\r
and the encoded result as output.\r
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
// Encrypt all payload and transfer IKE packet header from Host order to Network order.\r
//\r
Status = Ikev2EncryptPacket (SessionCommon, IkePacket);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
} else {\r
//\r
// Fill in the lenght into IkePacket header and transfer Host order to Network order.\r
}\r
\r
//\r
- // If the packet is first message, store whole message in IkeSa->InitiPacket \r
+ // If the packet is first message, store whole message in IkeSa->InitiPacket\r
// for following Auth Payload calculation.\r
//\r
if (IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INIT) {\r
IkeSaSession = IKEV2_SA_SESSION_FROM_COMMON (SessionCommon);\r
- if (SessionCommon->IsInitiator) { \r
+ if (SessionCommon->IsInitiator) {\r
IkeSaSession->InitPacketSize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);\r
IkeSaSession->InitPacket = AllocateZeroPool (IkeSaSession->InitPacketSize);\r
- ASSERT (IkeSaSession->InitPacket != NULL);\r
+ if (IkeSaSession->InitPacket == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
);\r
PayloadTotalSize = PayloadTotalSize + IkePayload->PayloadSize;\r
}\r
- } else { \r
+ } else {\r
IkeSaSession->RespPacketSize = IkePacket->PayloadTotalSize + sizeof(IKE_HEADER);\r
IkeSaSession->RespPacket = AllocateZeroPool (IkeSaSession->RespPacketSize);\r
- ASSERT (IkeSaSession->RespPacket != NULL);\r
+ if (IkeSaSession->RespPacket == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
\r
This function decrypts the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.\r
\r
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing \r
+ @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing\r
some parameter used during decrypting.\r
- @param[in, out] IkePacket Pointer to IKE_PACKET to be decrypted as input, \r
+ @param[in, out] IkePacket Pointer to IKE_PACKET to be decrypted as input,\r
and the decrypted result as output.\r
@param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and\r
IKE_CHILD_TYPE are supportted.\r
@retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the\r
IKE packet length is not aligned with Algorithm Block Size\r
@retval EFI_SUCCESS Decrypt IKE packet successfully.\r
- \r
+\r
**/\r
EFI_STATUS\r
Ikev2DecryptPacket (\r
)\r
{\r
UINT8 CryptBlockSize; // Encrypt Block Size\r
- UINTN DecryptedSize; // Encrypted IKE Payload Size \r
+ UINTN DecryptedSize; // Encrypted IKE Payload Size\r
UINT8 *DecryptedBuf; // Encrypted IKE Payload buffer\r
UINTN IntegritySize;\r
UINT8 *IntegrityBuffer;\r
- UINTN IvSize; // Iv Size \r
- UINT8 CheckSumSize; // Integrity Check Sum Size depends on intergrity Auth \r
+ UINTN IvSize; // Iv Size\r
+ UINT8 CheckSumSize; // Integrity Check Sum Size depends on intergrity Auth\r
UINT8 *CheckSumData; // Check Sum data\r
IKEV2_SA_SESSION *IkeSaSession;\r
IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
EFI_STATUS Status;\r
UINT8 PadLen;\r
- UINTN CryptKeyLength;\r
HASH_DATA_FRAGMENT Fragments[1];\r
\r
IvSize = 0;\r
IkeSaSession = NULL;\r
CryptBlockSize = 0;\r
CheckSumSize = 0;\r
- CryptKeyLength = 0;\r
\r
//\r
// Check if the first payload is the Encrypted payload\r
// Get the Block Size\r
//\r
if (SessionCommon->IkeSessionType == IkeSessionTypeIkeSa) {\r
- \r
+\r
CryptBlockSize = (UINT8) IpSecGetEncryptBlockSize ((UINT8) SessionCommon->SaParams->EncAlgId);\r
- CryptKeyLength = IpSecGetEncryptKeyLength ((UINT8) SessionCommon->SaParams->EncAlgId);\r
+\r
CheckSumSize = (UINT8) IpSecGetIcvLength ((UINT8) SessionCommon->SaParams->IntegAlgId);\r
IkeSaSession = IKEV2_SA_SESSION_FROM_COMMON (SessionCommon);\r
\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);\r
IkeSaSession = ChildSaSession->IkeSaSession;\r
CryptBlockSize = (UINT8) IpSecGetEncryptBlockSize ((UINT8) IkeSaSession->SessionCommon.SaParams->EncAlgId);\r
- CryptKeyLength = IpSecGetEncryptKeyLength ((UINT8) IkeSaSession->SessionCommon.SaParams->EncAlgId);\r
CheckSumSize = (UINT8) IpSecGetIcvLength ((UINT8) IkeSaSession->SessionCommon.SaParams->IntegAlgId);\r
} else {\r
//\r
}\r
\r
CheckSumData = AllocateZeroPool (CheckSumSize);\r
- ASSERT (CheckSumData != NULL);\r
+ if (CheckSumData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill in the Integrity buffer\r
//\r
IntegritySize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);\r
IntegrityBuffer = AllocateZeroPool (IntegritySize);\r
- ASSERT (IntegrityBuffer != NULL);\r
+ if (IntegrityBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));\r
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);\r
\r
//\r
- // Change Host order to Network order, since the header order was changed \r
+ // Change Host order to Network order, since the header order was changed\r
// in the IkePacketFromNetbuf.\r
//\r
IkeHdrHostToNet ((IKE_HEADER *)IntegrityBuffer);\r
Status = EFI_ACCESS_DENIED;\r
goto ON_EXIT;\r
}\r
- \r
+\r
IvSize = CryptBlockSize;\r
- \r
+\r
//\r
// Decrypt the payload with the key.\r
//\r
DecryptedSize = IkePacket->PayloadTotalSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER) - IvSize - CheckSumSize;\r
DecryptedBuf = AllocateZeroPool (DecryptedSize);\r
- ASSERT (DecryptedBuf != NULL);\r
+ if (DecryptedBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
CopyMem (\r
DecryptedBuf,\r
// Save the next payload of encrypted payload into IkePacket->Hdr->NextPayload\r
//\r
IkePacket->Header->NextPayload = ((IKEV2_ENCRYPTED *) IkePacket->PayloadsBuf)->Header.NextPayload;\r
- \r
+\r
//\r
// Free old IkePacket->PayloadBuf and point it to decrypted paylaod buffer.\r
//\r
IkePacket->PayloadTotalSize = DecryptedSize - PadLen;\r
\r
IPSEC_DUMP_BUF ("Decrypted Buffer", DecryptedBuf, DecryptedSize);\r
- \r
+\r
\r
ON_EXIT:\r
if (CheckSumData != NULL) {\r
if (IntegrityBuffer != NULL) {\r
FreePool (IntegrityBuffer);\r
}\r
- \r
+\r
return Status;\r
}\r
\r
\r
This function encrypt IKE packet before sending it. The Encrypted IKE packet\r
is put in to IKEV2 Encrypted Payload.\r
- \r
+\r
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.\r
@param[in, out] IkePacket Pointer to IKE packet to be encrypted.\r
\r
{\r
UINT8 CryptBlockSize; // Encrypt Block Size\r
UINT8 CryptBlockSizeMask; // Block Mask\r
- UINTN EncryptedSize; // Encrypted IKE Payload Size \r
+ UINTN EncryptedSize; // Encrypted IKE Payload Size\r
UINT8 *EncryptedBuf; // Encrypted IKE Payload buffer\r
UINT8 *EncryptPayloadBuf; // Contain whole Encrypted Payload\r
UINTN EncryptPayloadSize; // Total size of the Encrypted payload\r
- UINT8 *IntegrityBuf; // Buffer to be intergity \r
- UINT32 IntegrityBufSize; // Buffer size of IntegrityBuf\r
+ UINT8 *IntegrityBuf; // Buffer to be intergity\r
UINT8 *IvBuffer; // Initialization Vector\r
- UINT8 IvSize; // Iv Size \r
- UINT8 CheckSumSize; // Integrity Check Sum Size depends on intergrity Auth \r
+ UINT8 IvSize; // Iv Size\r
+ UINT8 CheckSumSize; // Integrity Check Sum Size depends on intergrity Auth\r
UINT8 *CheckSumData; // Check Sum data\r
UINTN Index;\r
IKE_PAYLOAD *EncryptPayload;\r
EFI_STATUS Status;\r
LIST_ENTRY *Entry;\r
IKE_PAYLOAD *IkePayload;\r
- UINTN CryptKeyLength;\r
HASH_DATA_FRAGMENT Fragments[1];\r
\r
Status = EFI_SUCCESS;\r
IkeSaSession = NULL;\r
CryptBlockSize = 0;\r
CheckSumSize = 0;\r
- CryptKeyLength = 0;\r
IntegrityBuf = NULL;\r
//\r
// Get the Block Size\r
if (SessionCommon->IkeSessionType == IkeSessionTypeIkeSa) {\r
\r
CryptBlockSize = (UINT8) IpSecGetEncryptBlockSize ((UINT8) SessionCommon->SaParams->EncAlgId);\r
- CryptKeyLength = IpSecGetEncryptKeyLength ((UINT8) SessionCommon->SaParams->EncAlgId);\r
CheckSumSize = (UINT8) IpSecGetIcvLength ((UINT8) SessionCommon->SaParams->IntegAlgId);\r
IkeSaSession = IKEV2_SA_SESSION_FROM_COMMON (SessionCommon);\r
\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);\r
IkeSaSession = ChildSaSession->IkeSaSession;\r
CryptBlockSize = (UINT8) IpSecGetEncryptBlockSize ((UINT8) IkeSaSession->SessionCommon.SaParams->EncAlgId);\r
- CryptKeyLength = IpSecGetEncryptKeyLength ((UINT8) IkeSaSession->SessionCommon.SaParams->EncAlgId);\r
CheckSumSize = (UINT8) IpSecGetIcvLength ((UINT8) IkeSaSession->SessionCommon.SaParams->IntegAlgId);\r
}\r
- \r
+\r
//\r
// Calcualte the EncryptPayloadSize and the PAD length\r
//\r
CryptBlockSizeMask = (UINT8) (CryptBlockSize - 1);\r
EncryptedSize = (IkePacket->PayloadTotalSize + sizeof (IKEV2_PAD_LEN) + CryptBlockSizeMask) & ~CryptBlockSizeMask;\r
EncryptedBuf = (UINT8 *) AllocateZeroPool (EncryptedSize);\r
- ASSERT (EncryptedBuf != NULL);\r
+ if (EncryptedBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Copy all payload into EncryptedIkePayload\r
//\r
EncryptPayloadSize = sizeof(IKEV2_ENCRYPTED) + IvSize + EncryptedSize + CheckSumSize;\r
EncryptPayloadBuf = AllocateZeroPool (EncryptPayloadSize);\r
- ASSERT (EncryptPayloadBuf != NULL);\r
+ if (EncryptPayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill in Header of Encrypted Payload\r
\r
//\r
// Fill in the IKE Packet header\r
- // \r
+ //\r
IkePacket->PayloadTotalSize = EncryptPayloadSize;\r
IkePacket->Header->Length = (UINT32) (sizeof (IKE_HEADER) + IkePacket->PayloadTotalSize);\r
IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_ENCRYPT;\r
- \r
+\r
IntegrityBuf = AllocateZeroPool (IkePacket->Header->Length);\r
if (IntegrityBuf == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ON_EXIT;\r
}\r
- IntegrityBufSize = IkePacket->Header->Length;\r
IkeHdrHostToNet (IkePacket->Header);\r
\r
CopyMem (IntegrityBuf, IkePacket->Header, sizeof (IKE_HEADER));\r
(UINT8)IkeSaSession->SessionCommon.SaParams->IntegAlgId,\r
IkeSaSession->IkeKeys->SkArKey,\r
IkeSaSession->IkeKeys->SkArKeySize,\r
- (HASH_DATA_FRAGMENT *) Fragments, \r
+ (HASH_DATA_FRAGMENT *) Fragments,\r
1,\r
CheckSumData,\r
CheckSumSize\r
// Create Encrypted Payload and add into IkePacket->PayloadList\r
//\r
EncryptPayload = IkePayloadAlloc ();\r
- ASSERT (EncryptPayload != NULL);\r
+ if (EncryptPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill the encrypted payload into the IKE_PAYLOAD structure.\r
EncryptPayload->PayloadBuf = EncryptPayloadBuf;\r
EncryptPayload->PayloadSize = EncryptPayloadSize;\r
EncryptPayload->PayloadType = IKEV2_PAYLOAD_TYPE_ENCRYPT;\r
- \r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, EncryptPayload);\r
\r
ON_EXIT:\r
return Status;\r
}\r
\r
-/**\r
- Save some useful payloads after accepting the Packet.\r
-\r
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.\r
- @param[in] IkePacket Pointer to received IkePacet.\r
- @param[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info\r
- exchange.\r
-\r
-**/\r
-VOID\r
-Ikev2OnPacketAccepted (\r
- IN IKEV2_SESSION_COMMON *SessionCommon,\r
- IN IKE_PACKET *IkePacket,\r
- IN UINT8 IkeType\r
- )\r
-{\r
- return;\r
-}\r
\r
/**\r
\r
The notification function. It will be called when the related UDP_TX_TOKEN's event\r
is signaled.\r
\r
- This function frees the Net Buffer pointed to the input Packet. \r
- \r
+ This function frees the Net Buffer pointed to the input Packet.\r
+\r
@param[in] Packet Pointer to Net buffer containing the sending IKE packet.\r
@param[in] EndPoint Pointer to UDP_END_POINT containing the remote and local\r
address information.\r
\r
IkePacket = (IKE_PACKET *) Context;\r
Private = NULL;\r
- \r
+\r
if (EFI_ERROR (IoStatus)) {\r
DEBUG ((DEBUG_ERROR, "Error send the last packet in IkeSessionTypeIkeSa with %r\n", IoStatus));\r
}\r
- \r
+\r
NetbufFree (Packet);\r
\r
if (IkePacket->IsDeleteInfo) {\r
if (IkePacket->Spi != 0 ) {\r
//\r
// At that time, the established Child SA still in eht ChildSaEstablishSessionList.\r
- // And meanwhile, if the Child SA is in the the ChildSa in Delete list, \r
+ // And meanwhile, if the Child SA is in the the ChildSa in Delete list,\r
// remove it from delete list and delete it direclty.\r
//\r
ChildSaSession = Ikev2ChildSaSessionLookupBySpi (\r
IkePacketFree (IkePacket);\r
\r
//\r
- // when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec status \r
+ // when all IKE SAs were disabled by calling "IPsecConfig -disable", the IPsec status\r
// should be changed.\r
//\r
if (Private != NULL && Private->IsIPsecDisabling) {\r
@param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.\r
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.\r
@param[in] IkePacket Pointer to IKE_PACKET to be sent out.\r
- @param[in] IkeType The type of IKE to point what's kind of the IKE \r
- packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE \r
+ @param[in] IkeType The type of IKE to point what's kind of the IKE\r
+ packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE\r
and IKE_CHILD_TYPE are supportted.\r
\r
@retval EFI_SUCCESS The operation complete successfully.\r
IKEV2_SESSION_COMMON *Common;\r
\r
Common = (IKEV2_SESSION_COMMON *) SessionCommon;\r
- \r
+\r
//\r
// Set the resend interval\r
//\r
\r
IKE_PACKET_REF (IkePacket);\r
//\r
- // If the last sent packet is same with this round packet, the packet is resent packet. \r
+ // If the last sent packet is same with this round packet, the packet is resent packet.\r
//\r
if (IkePacket != Common->LastSentPacket && Common->LastSentPacket != NULL) {\r
IkePacketFree (Common->LastSentPacket);\r
// Transform IkePacke to NetBuf\r
//\r
IkePacketNetbuf = IkeNetbufFromPacket ((UINT8 *) SessionCommon, IkePacket, IkeType);\r
- ASSERT (IkePacketNetbuf != NULL);\r
+ if (IkePacketNetbuf == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
ZeroMem (&EndPoint, sizeof (UDP_END_POINT));\r
EndPoint.RemotePort = IKE_DEFAULT_PORT;\r
projects / mirror_edk2.git / blobdiff