The implementation of Payloads Creation.\r
\r
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
- Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
if (SaPayload == NULL) {\r
return NULL;\r
}\r
- \r
+\r
//\r
// TODO: Get the Proposal Number and Transform Number from IPsec Config,\r
// after the Ipsecconfig Application is support it.\r
if (Nonce == NULL) {\r
return NULL;\r
}\r
- \r
+\r
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));\r
\r
Nonce->Header.NextPayload = NextPayload;\r
FreePool (Nonce);\r
return NULL;\r
}\r
- \r
+\r
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;\r
NoncePayload->PayloadBuf = (UINT8 *) Nonce;\r
NoncePayload->PayloadSize = Size;\r
if (Digest == NULL) {\r
return NULL;\r
}\r
- \r
+\r
if (IdPayload == NULL) {\r
return NULL;\r
}\r
- \r
+\r
//\r
// Calcualte Prf(Seceret, "Key Pad for IKEv2");\r
//\r
Status = EFI_OUT_OF_RESOURCES;\r
goto EXIT;\r
}\r
- \r
+\r
CopyMem (KeyBuf, Digest, DigestSize);\r
KeySize = DigestSize;\r
\r
Status = EFI_OUT_OF_RESOURCES;\r
goto EXIT;\r
}\r
- \r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
Status = EFI_OUT_OF_RESOURCES;\r
goto EXIT;\r
}\r
- \r
+\r
//\r
// Fill in Auth payload.\r
//\r
UINT8 *Digest;\r
UINTN DigestSize;\r
PRF_DATA_FRAGMENT Fragments[3];\r
- UINT8 *KeyBuf;\r
IKE_PAYLOAD *AuthPayload;\r
IKEV2_AUTH *PayloadBuf;\r
EFI_STATUS Status;\r
//\r
// Initial point\r
//\r
- KeyBuf = NULL;\r
AuthPayload = NULL;\r
Digest = NULL;\r
Signature = NULL;\r
return NULL;\r
}\r
\r
- //\r
- // Store the AuthKey into KeyBuf\r
- //\r
- KeyBuf = AllocateZeroPool (DigestSize);\r
- if (KeyBuf == NULL) {\r
- Status = EFI_OUT_OF_RESOURCES;\r
- goto EXIT;\r
- }\r
- \r
- CopyMem (KeyBuf, Digest, DigestSize);\r
-\r
//\r
// Calculate Prf(SK_Pi/r, IDi/r)\r
//\r
Status = EFI_OUT_OF_RESOURCES;\r
goto EXIT;\r
}\r
- \r
+\r
Fragments[2].DataSize = DigestSize;\r
CopyMem (Fragments[2].Data, Digest, DigestSize);\r
\r
Status = EFI_OUT_OF_RESOURCES;\r
goto EXIT;\r
}\r
- \r
+\r
//\r
// Fill in Auth payload.\r
//\r
AuthPayload->PayloadType = IKEV2_PAYLOAD_TYPE_AUTH;\r
\r
EXIT:\r
- if (KeyBuf != NULL) {\r
- FreePool (KeyBuf);\r
- }\r
if (Digest != NULL) {\r
FreePool (Digest);\r
}\r
FreePool (Notify);\r
return NULL;\r
}\r
- \r
+\r
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;\r
NotifyPayload->PayloadBuf = (UINT8 *) Notify;\r
NotifyPayload->PayloadSize = NotifyPayloadLen;\r
FreePool (Del);\r
return NULL;\r
}\r
- \r
+\r
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;\r
DelPayload->PayloadBuf = (UINT8 *) Del;\r
DelPayload->PayloadSize = DelPayloadLen;\r
in RFC 4306.\r
@param[in] IsRequest To indicate create Certificate Payload or Certificate\r
Request Payload. If it is TURE, create Certificate\r
- Payload. Otherwise, create Certificate Request Payload.\r
+ Request Payload. Otherwise, create Certificate Payload.\r
\r
@retval a Pointer to IKE Payload whose payload buffer containing the Certificate\r
payload or Certificated Request payload.\r
if (Sa == NULL) {\r
return NULL;\r
}\r
- \r
+\r
CopyMem (Sa, SaData, sizeof (IKEV2_SA));\r
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);\r
ProposalsSize = 0;\r
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_MORE;\r
Transform->Header.PayloadLength = HTONS ((UINT16)TransformSize);\r
\r
- if (TransformIndex == (UINTN)(ProposalData->NumTransforms - 1)) {\r
+ if (TransformIndex == ((UINT32)ProposalData->NumTransforms - 1)) {\r
Transform->Header.NextPayload = IKE_TRANSFORM_NEXT_PAYLOAD_NONE;\r
}\r
\r
Status = EFI_OUT_OF_RESOURCES;\r
goto Exit;\r
}\r
- \r
+\r
CopyMem (SaData, Sa, sizeof (IKEV2_SA));\r
SaData->NumProposals = TotalProposals;\r
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);\r
Status = EFI_OUT_OF_RESOURCES;\r
goto Exit;\r
}\r
- \r
+\r
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);\r
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));\r
ProposalData->Spi = Spi;\r
Status = EFI_OUT_OF_RESOURCES;\r
goto Exit;\r
}\r
- \r
+\r
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));\r
\r
//\r
// Encrypt all payload and transfer IKE packet header from Host order to Network order.\r
//\r
Status = Ikev2EncryptPacket (SessionCommon, IkePacket);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
} else {\r
//\r
// Fill in the lenght into IkePacket header and transfer Host order to Network order.\r
if (IkeSaSession->InitPacket == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
- \r
+\r
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
if (IkeSaSession->RespPacket == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
- \r
+\r
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));\r
PayloadTotalSize = 0;\r
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ON_EXIT;\r
}\r
- \r
+\r
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));\r
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);\r
\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ON_EXIT;\r
}\r
- \r
+\r
//\r
// Copy all payload into EncryptedIkePayload\r
//\r
return Status;\r
}\r
\r
-/**\r
- Save some useful payloads after accepting the Packet.\r
-\r
- @param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the operation.\r
- @param[in] IkePacket Pointer to received IkePacet.\r
- @param[in] IkeType The type used to indicate it is in IkeSa or ChildSa or Info\r
- exchange.\r
-\r
-**/\r
-VOID\r
-Ikev2OnPacketAccepted (\r
- IN IKEV2_SESSION_COMMON *SessionCommon,\r
- IN IKE_PACKET *IkePacket,\r
- IN UINT8 IkeType\r
- )\r
-{\r
- return;\r
-}\r
\r
/**\r
\r