The implementation of Payloads Creation.\r
\r
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
- Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
UINTN SaDataSize;\r
\r
SaPayload = IkePayloadAlloc ();\r
- ASSERT (SaPayload != NULL);\r
+ if (SaPayload == NULL) {\r
+ return NULL;\r
+ }\r
+\r
//\r
// TODO: Get the Proposal Number and Transform Number from IPsec Config,\r
// after the Ipsecconfig Application is support it.\r
}\r
\r
SaData = AllocateZeroPool (SaDataSize);\r
- ASSERT (SaData != NULL);\r
+ if (SaData == NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ return NULL;\r
+ }\r
\r
CopyMem (SaData, SessionSaData, SaDataSize);\r
SaData->SaHeader.Header.NextPayload = NextPayload;\r
NonceBlock = NonceBuf;\r
\r
Nonce = AllocateZeroPool (Size);\r
- ASSERT (Nonce != NULL);\r
+ if (Nonce == NULL) {\r
+ return NULL;\r
+ }\r
+\r
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));\r
\r
Nonce->Header.NextPayload = NextPayload;\r
Nonce->Header.PayloadLength = (UINT16) Size;\r
NoncePayload = IkePayloadAlloc ();\r
+ if (NoncePayload == NULL) {\r
+ FreePool (Nonce);\r
+ return NULL;\r
+ }\r
\r
- ASSERT (NoncePayload != NULL);\r
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;\r
NoncePayload->PayloadBuf = (UINT8 *) Nonce;\r
NoncePayload->PayloadSize = Size;\r
// Allocate buffer for Key Exchange\r
//\r
Ke = AllocateZeroPool (KeSize);\r
- ASSERT (Ke != NULL);\r
+ if (Ke == NULL) {\r
+ return NULL;\r
+ }\r
\r
Ke->Header.NextPayload = NextPayload;\r
Ke->Header.PayloadLength = (UINT16) KeSize;\r
// Create IKE_PAYLOAD to point to Key Exchange payload\r
//\r
KePayload = IkePayloadAlloc ();\r
- ASSERT (KePayload != NULL);\r
+ if (KePayload == NULL) {\r
+ FreePool (Ke);\r
+ return NULL;\r
+ }\r
\r
KePayload->PayloadType = IKEV2_PAYLOAD_TYPE_KE;\r
KePayload->PayloadBuf = (UINT8 *) Ke;\r
IdSize = sizeof (IKEV2_ID) + AddrSize;\r
\r
Id = (IKEV2_ID *) AllocateZeroPool (IdSize);\r
- ASSERT (Id != NULL);\r
+ if (Id == NULL) {\r
+ return NULL;\r
+ }\r
\r
IdPayload = IkePayloadAlloc ();\r
- ASSERT (IdPayload != NULL);\r
+ if (IdPayload == NULL) {\r
+ FreePool (Id);\r
+ return NULL;\r
+ }\r
\r
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);\r
IdPayload->PayloadBuf = (UINT8 *) Id;\r
IdSize = sizeof (IKEV2_ID) + SubjectSize;\r
\r
Id = (IKEV2_ID *) AllocateZeroPool (IdSize);\r
- ASSERT (Id != NULL);\r
+ if (Id == NULL) {\r
+ return NULL;\r
+ }\r
\r
IdPayload = IkePayloadAlloc ();\r
- ASSERT (IdPayload != NULL);\r
+ if (IdPayload == NULL) {\r
+ FreePool (Id);\r
+ return NULL;\r
+ }\r
\r
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);\r
IdPayload->PayloadBuf = (UINT8 *) Id;\r
\r
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);\r
Digest = AllocateZeroPool (DigestSize);\r
-\r
if (Digest == NULL) {\r
return NULL;\r
}\r
+\r
if (IdPayload == NULL) {\r
return NULL;\r
}\r
+\r
//\r
// Calcualte Prf(Seceret, "Key Pad for IKEv2");\r
//\r
// Store the AuthKey into KeyBuf\r
//\r
KeyBuf = AllocateZeroPool (DigestSize);\r
- ASSERT (KeyBuf != NULL);\r
+ if (KeyBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
CopyMem (KeyBuf, Digest, DigestSize);\r
KeySize = DigestSize;\r
\r
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].\r
//\r
Fragments[2].Data = AllocateZeroPool (DigestSize);\r
+ if (Fragments[2].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
// Allocate buffer for Auth Payload\r
//\r
AuthPayload = IkePayloadAlloc ();\r
- ASSERT (AuthPayload != NULL);\r
+ if (AuthPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
\r
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + DigestSize;\r
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);\r
- ASSERT (PayloadBuf != NULL);\r
+ if (PayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
//\r
// Fill in Auth payload.\r
//\r
UINT8 *Digest;\r
UINTN DigestSize;\r
PRF_DATA_FRAGMENT Fragments[3];\r
- UINT8 *KeyBuf;\r
IKE_PAYLOAD *AuthPayload;\r
IKEV2_AUTH *PayloadBuf;\r
EFI_STATUS Status;\r
//\r
// Initial point\r
//\r
- KeyBuf = NULL;\r
AuthPayload = NULL;\r
Digest = NULL;\r
Signature = NULL;\r
}\r
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);\r
Digest = AllocateZeroPool (DigestSize);\r
-\r
if (Digest == NULL) {\r
return NULL;\r
}\r
\r
- //\r
- // Store the AuthKey into KeyBuf\r
- //\r
- KeyBuf = AllocateZeroPool (DigestSize);\r
- ASSERT (KeyBuf != NULL);\r
-\r
- CopyMem (KeyBuf, Digest, DigestSize);\r
-\r
//\r
// Calculate Prf(SK_Pi/r, IDi/r)\r
//\r
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].\r
//\r
Fragments[2].Data = AllocateZeroPool (DigestSize);\r
+ if (Fragments[2].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
// Allocate buffer for Auth Payload\r
//\r
AuthPayload = IkePayloadAlloc ();\r
- ASSERT (AuthPayload != NULL);\r
+ if (AuthPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
\r
if (!IsVerify) {\r
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + SigSize;\r
}\r
\r
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);\r
- ASSERT (PayloadBuf != NULL);\r
+ if (PayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto EXIT;\r
+ }\r
+\r
//\r
// Fill in Auth payload.\r
//\r
AuthPayload->PayloadType = IKEV2_PAYLOAD_TYPE_AUTH;\r
\r
EXIT:\r
- if (KeyBuf != NULL) {\r
- FreePool (KeyBuf);\r
- }\r
if (Digest != NULL) {\r
FreePool (Digest);\r
}\r
//\r
\r
TsPayload = IkePayloadAlloc();\r
- ASSERT (TsPayload != NULL);\r
+ if (TsPayload == NULL) {\r
+ return NULL;\r
+ }\r
\r
IpVersion = ChildSa->SessionCommon.UdpService->IpVersion;\r
//\r
SelectorSize = sizeof (TRAFFIC_SELECTOR) + 2 * AddrSize;\r
TsPayloadSize = sizeof (IKEV2_TS) + SelectorSize;\r
TsPayloadBuf = AllocateZeroPool (TsPayloadSize);\r
- ASSERT (TsPayloadBuf != NULL);\r
+ if (TsPayloadBuf == NULL) {\r
+ goto ON_ERROR;\r
+ }\r
\r
TsPayload->PayloadBuf = (UINT8 *) TsPayloadBuf;\r
TsSelector = (TRAFFIC_SELECTOR*)(TsPayloadBuf + 1);\r
//\r
NotifyPayloadLen = (UINT16) (sizeof (IKEV2_NOTIFY) + NotifyDataSize + SpiSize);\r
Notify = (IKEV2_NOTIFY *) AllocateZeroPool (NotifyPayloadLen);\r
- ASSERT (Notify != NULL);\r
+ if (Notify == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Set Delete Payload's Generic Header\r
// Create Payload for and set type as IKEV2_PAYLOAD_TYPE_NOTIFY\r
//\r
NotifyPayload = IkePayloadAlloc ();\r
- ASSERT (NotifyPayload != NULL);\r
+ if (NotifyPayload == NULL) {\r
+ FreePool (Notify);\r
+ return NULL;\r
+ }\r
+\r
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;\r
NotifyPayload->PayloadBuf = (UINT8 *) Notify;\r
NotifyPayload->PayloadSize = NotifyPayloadLen;\r
DelPayloadLen = (UINT16) (sizeof (IKEV2_DELETE) + SpiBufSize);\r
\r
Del = AllocateZeroPool (DelPayloadLen);\r
- ASSERT (Del != NULL);\r
+ if (Del == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Set Delete Payload's Generic Header\r
//\r
CopyMem (Del + 1, SpiBuf, SpiBufSize);\r
DelPayload = IkePayloadAlloc ();\r
- ASSERT (DelPayload != NULL);\r
+ if (DelPayload == NULL) {\r
+ FreePool (Del);\r
+ return NULL;\r
+ }\r
+\r
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;\r
DelPayload->PayloadBuf = (UINT8 *) Del;\r
DelPayload->PayloadSize = DelPayloadLen;\r
in RFC 4306.\r
@param[in] IsRequest To indicate create Certificate Payload or Certificate\r
Request Payload. If it is TURE, create Certificate\r
- Payload. Otherwise, create Certificate Request Payload.\r
+ Request Payload. Otherwise, create Certificate Payload.\r
\r
@retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r
payload or Certificated Request payload.\r
// Allocate buffer for IKE_SA.\r
//\r
Sa = AllocateZeroPool (SaSize);\r
- ASSERT (Sa != NULL);\r
+ if (Sa == NULL) {\r
+ return NULL;\r
+ }\r
+\r
CopyMem (Sa, SaData, sizeof (IKEV2_SA));\r
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);\r
ProposalsSize = 0;\r
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_MORE;\r
Transform->Header.PayloadLength = HTONS ((UINT16)TransformSize);\r
\r
- if (TransformIndex == (UINTN)(ProposalData->NumTransforms - 1)) {\r
+ if (TransformIndex == ((UINT32)ProposalData->NumTransforms - 1)) {\r
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE;\r
}\r
\r
TotalProposals * sizeof (IKEV2_PROPOSAL_DATA) +\r
TotalTransforms * sizeof (IKEV2_TRANSFORM_DATA)\r
);\r
- ASSERT (SaData != NULL);\r
+ if (SaData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (SaData, Sa, sizeof (IKEV2_SA));\r
SaData->NumProposals = TotalProposals;\r
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);\r
// SpiSize == 4\r
//\r
Spi = AllocateZeroPool (Proposal->SpiSize);\r
- ASSERT (Spi != NULL);\r
+ if (Spi == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);\r
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));\r
ProposalData->Spi = Spi;\r
//\r
if (IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INIT) {\r
IkeHeader = AllocateZeroPool (sizeof (IKE_HEADER));\r
- ASSERT (IkeHeader != NULL);\r
+ if (IkeHeader == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));\r
\r
//\r
// Initial IkePayload\r
//\r
IkePayload = IkePayloadAlloc ();\r
- ASSERT (IkePayload != NULL);\r
+ if (IkePayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
IkePayload->PayloadType = PayloadType;\r
IkePayload->PayloadBuf = (UINT8 *) PayloadHdr;\r
// Encrypt all payload and transfer IKE packet header from Host order to Network order.\r
//\r
Status = Ikev2EncryptPacket (SessionCommon, IkePacket);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
} else {\r
//\r
// Fill in the lenght into IkePacket header and transfer Host order to Network order.\r
if (SessionCommon->IsInitiator) {\r
IkeSaSession->InitPacketSize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);\r
IkeSaSession->InitPacket = AllocateZeroPool (IkeSaSession->InitPacketSize);\r
- ASSERT (IkeSaSession->InitPacket != NULL);\r
+ if (IkeSaSession->InitPacket == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
} else {\r
IkeSaSession->RespPacketSize = IkePacket->PayloadTotalSize + sizeof(IKE_HEADER);\r
IkeSaSession->RespPacket = AllocateZeroPool (IkeSaSession->RespPacketSize);\r
- ASSERT (IkeSaSession->RespPacket != NULL);\r
+ if (IkeSaSession->RespPacket == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
}\r
\r
CheckSumData = AllocateZeroPool (CheckSumSize);\r
- ASSERT (CheckSumData != NULL);\r
+ if (CheckSumData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill in the Integrity buffer\r
//\r
IntegritySize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);\r
IntegrityBuffer = AllocateZeroPool (IntegritySize);\r
- ASSERT (IntegrityBuffer != NULL);\r
+ if (IntegrityBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));\r
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);\r
\r
//\r
DecryptedSize = IkePacket->PayloadTotalSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER) - IvSize - CheckSumSize;\r
DecryptedBuf = AllocateZeroPool (DecryptedSize);\r
- ASSERT (DecryptedBuf != NULL);\r
+ if (DecryptedBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
CopyMem (\r
DecryptedBuf,\r
CryptBlockSizeMask = (UINT8) (CryptBlockSize - 1);\r
EncryptedSize = (IkePacket->PayloadTotalSize + sizeof (IKEV2_PAD_LEN) + CryptBlockSizeMask) & ~CryptBlockSizeMask;\r
EncryptedBuf = (UINT8 *) AllocateZeroPool (EncryptedSize);\r
- ASSERT (EncryptedBuf != NULL);\r
+ if (EncryptedBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Copy all payload into EncryptedIkePayload\r
//\r
EncryptPayloadSize = sizeof(IKEV2_ENCRYPTED) + IvSize + EncryptedSize + CheckSumSize;\r
EncryptPayloadBuf = AllocateZeroPool (EncryptPayloadSize);\r
- ASSERT (EncryptPayloadBuf != NULL);\r
+ if (EncryptPayloadBuf == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill in Header of Encrypted Payload\r
// Create Encrypted Payload and add into IkePacket->PayloadList\r
//\r
EncryptPayload = IkePayloadAlloc ();\r
- ASSERT (EncryptPayload != NULL);\r
+ if (EncryptPayload == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
\r
//\r
// Fill the encrypted payload into the IKE_PAYLOAD structure.\r
return Status;\r
}\r
\r
-/**\r
- Save some useful payloads after accepting the Packet.\r
-\r
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.\r
- @param[in] IkePacket Pointer to received IkePacet.\r
- @param[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info\r
- exchange.\r
-\r
-**/\r
-VOID\r
-Ikev2OnPacketAccepted (\r
- IN IKEV2_SESSION_COMMON *SessionCommon,\r
- IN IKE_PACKET *IkePacket,\r
- IN UINT8 IkeType\r
- )\r
-{\r
- return;\r
-}\r
\r
/**\r
\r
// Transform IkePacke to NetBuf\r
//\r
IkePacketNetbuf = IkeNetbufFromPacket ((UINT8 *) SessionCommon, IkePacket, IkeType);\r
- ASSERT (IkePacketNetbuf != NULL);\r
+ if (IkePacketNetbuf == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
ZeroMem (&EndPoint, sizeof (UDP_END_POINT));\r
EndPoint.RemotePort = IKE_DEFAULT_PORT;\r