The operations for IKEv2 SA.\r
\r
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
- Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
// 1. Allocate IKE packet\r
//\r
IkePacket = IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket->Hdr\r
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {\r
IkeSaSession->NiBlkSize = IKE_NONCE_SIZE;\r
IkeSaSession->NiBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT (IkeSaSession->NiBlock != NULL);\r
+ if (IkeSaSession->NiBlock == NULL) {\r
+ goto CheckError;\r
+ }\r
}\r
\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
NonceSize = NoncePayload->PayloadSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER);\r
NonceBuffer = (UINT8 *) AllocatePool (NonceSize);\r
- ASSERT (NonceBuffer != NULL);\r
+ if (NonceBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto CheckError;\r
+ }\r
+ \r
CopyMem (\r
NonceBuffer,\r
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),\r
// 5. Generate Nr_b\r
//\r
IkeSaSession->NrBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT_EFI_ERROR (IkeSaSession->NrBlock != NULL);\r
+ ASSERT (IkeSaSession->NrBlock != NULL);\r
IkeSaSession->NrBlkSize = IKE_NONCE_SIZE;\r
\r
//\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
+ NotifyPayload = NULL;\r
CpPayload = NULL;\r
NotifyPayload = NULL;\r
\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_AUTH\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Auth Payload\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+\r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ }\r
+\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
}\r
\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+ \r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+\r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
}\r
} else {\r
//\r
//\r
// 5. Generate keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
CpPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
NotifyPayload = NULL;\r
CertPayload = NULL;\r
CertReqPayload = NULL;\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
(UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
PcdGet32 (PcdIpsecUefiCertificateSize)\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Certificate Payload\r
IKEV2_CERT_ENCODEING_X509_CERT_SIGN,\r
FALSE\r
);\r
+ if (CertPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
+ if (CertReqPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
//\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+ \r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
+\r
//\r
// 5. Generate SA Payload according to the Sa Data in ChildSaSession\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (CertPayload != NULL) {\r
+ IkePayloadFree (CertPayload);\r
+ }\r
+ \r
+ if (CertReqPayload != NULL) {\r
+ IkePayloadFree (CertReqPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+\r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+ \r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
}\r
} else {\r
//\r
//\r
// 5. Generat keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IKEV2_SESSION_KEYS *IkeKeys;\r
\r
IkeSaSession->IkeKeys = AllocateZeroPool (sizeof (IKEV2_SESSION_KEYS));\r
- ASSERT (IkeSaSession->IkeKeys != NULL);\r
+ if (IkeSaSession->IkeKeys == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ \r
IkeKeys = IkeSaSession->IkeKeys;\r
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));\r
- ASSERT (IkeKeys->DhBuffer != NULL);\r
+ if (IkeKeys->DhBuffer == NULL) {\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Init DH with the certain DH Group Description.\r
//\r
IkeKeys->DhBuffer->GxSize = OakleyModpGroup[(UINT8)IkeSaSession->SessionCommon.PreferDhGroup].Size >> 3;\r
IkeKeys->DhBuffer->GxBuffer = AllocateZeroPool (IkeKeys->DhBuffer->GxSize);\r
- ASSERT (IkeKeys->DhBuffer->GxBuffer != NULL);\r
+ if (IkeKeys->DhBuffer->GxBuffer == NULL) {\r
+ FreePool (IkeKeys->DhBuffer);\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get X PublicKey\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));\r
+ \r
+ FreePool (IkeKeys->DhBuffer->GxBuffer);\r
+ \r
+ FreePool (IkeKeys->DhBuffer);\r
+ \r
+ FreePool (IkeSaSession->IkeKeys);\r
+ \r
return Status;\r
}\r
\r
PubKeySize = KePayload->PayloadSize - sizeof (IKEV2_KEY_EXCHANGE);\r
DhBuffer->GxySize = DhBuffer->GxSize;\r
DhBuffer->GxyBuffer = AllocateZeroPool (DhBuffer->GxySize);\r
- ASSERT (DhBuffer->GxyBuffer != NULL);\r
+ if (DhBuffer->GxyBuffer == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get GxyBuf\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));\r
+\r
+ FreePool (DhBuffer->GxyBuffer);\r
+ \r
return Status;\r
}\r
\r
//\r
DhBuffer->GySize = PubKeySize;\r
DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);\r
- ASSERT (DhBuffer->GyBuffer != NULL);\r
+ if (DhBuffer->GyBuffer == NULL) {\r
+ FreePool (DhBuffer->GxyBuffer);\r
+ \r
+ return Status;\r
+ }\r
+ \r
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);\r
\r
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);\r
//\r
// Generate Gxy\r
//\r
- Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
\r
//\r
// Get the key length of Authenticaion, Encryption, PRF, and Integrity.\r
//\r
KeyBufferSize = IkeSaSession->NiBlkSize + IkeSaSession->NrBlkSize;\r
KeyBuffer = AllocateZeroPool (KeyBufferSize);\r
- ASSERT (KeyBuffer != NULL);\r
+ if (KeyBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (KeyBuffer, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);\r
CopyMem (KeyBuffer + IkeSaSession->NiBlkSize, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);\r
//\r
// Generate Gxy \r
//\r
- Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;\r
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;\r
}\r
projects / mirror_edk2.git / blobdiff