IN UINT8 *EspBuffer,\r
IN UINTN EspSize,\r
IN IPSEC_SAD_ENTRY *SadEntry,\r
- IN UINTN *IcvSize\r
+ IN UINTN IcvSize\r
)\r
{\r
EFI_STATUS Status;\r
//\r
// Calculate the size of authentication payload.\r
//\r
- *IcvSize = IpSecGetIcvLength (SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId);\r
- AuthSize = EspSize - *IcvSize;\r
+ AuthSize = EspSize - IcvSize;\r
\r
//\r
// Calculate the icv buffer and size of the payload.\r
HashFragment,\r
1,\r
IcvBuffer,\r
- *IcvSize\r
+ IcvSize\r
);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
//\r
// Compare the calculated icv and the appended original icv.\r
//\r
- if (CompareMem (EspBuffer + AuthSize, IcvBuffer, *IcvSize) == 0) {\r
+ if (CompareMem (EspBuffer + AuthSize, IcvBuffer, IcvSize) == 0) {\r
return EFI_SUCCESS;\r
}\r
\r
\r
@retval EFI_SUCCESS The operation was successful.\r
@retval EFI_ACCESS_DENIED One or more following conditions is TRUE:\r
- - ESP header was not found.\r
+ - ESP header was not found or mal-format.\r
- The related SAD entry was not found.\r
- The related SAD entry does not support the ESP protocol.\r
@retval EFI_OUT_OF_RESOURCES The required system resource can't be allocated.\r
NET_BUF *Payload;\r
UINTN EspSize;\r
UINTN IvSize;\r
+ UINTN BlockSize;\r
+ UINTN MiscSize;\r
UINTN PlainPayloadSize;\r
UINTN PaddingSize;\r
UINTN IcvSize;\r
NetbufCopy (Payload, 0, (UINT32) EspSize, ProcessBuffer);\r
\r
//\r
- // Authenticate the esp wrapped buffer by the auth keys which is from SAD entry.\r
+ // Get the IcvSize for authentication and BlockSize/IvSize for Decryption.\r
+ //\r
+ IcvSize = IpSecGetIcvLength (SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId);\r
+ IvSize = IpSecGetEncryptIvLength (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId);\r
+ BlockSize = IpSecGetEncryptBlockSize (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId);\r
+ \r
+ //\r
+ // Make sure the ESP packet is not mal-formt.\r
+ // 1. Check whether the Espsize is larger than ESP header + IvSize + EspTail + IcvSize.\r
+ // 2. Check whether the left payload size is multiple of IvSize.\r
+ //\r
+ MiscSize = sizeof (EFI_ESP_HEADER) + IvSize + IcvSize;\r
+ if (EspSize <= (MiscSize + sizeof (EFI_ESP_TAIL))) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto ON_EXIT;\r
+ }\r
+ if ((EspSize - MiscSize) % BlockSize != 0) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Authenticate the ESP packet.\r
//\r
- IcvSize = 0;\r
if (SadData->AlgoInfo.EspAlgoInfo.AuthKey != NULL) {\r
Status = IpSecEspAuthVerifyPayload (\r
ProcessBuffer,\r
EspSize,\r
SadEntry,\r
- &IcvSize\r
+ IcvSize\r
);\r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
//\r
// Decrypt the payload by the SAD entry if it has decrypt key.\r
//\r
- IvSize = IpSecGetEncryptIvLength (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId);\r
if (SadData->AlgoInfo.EspAlgoInfo.EncKey != NULL) {\r
Status = IpSecCryptoIoDecrypt (\r
SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId,\r
EspTail = (EFI_ESP_TAIL *) (ProcessBuffer + EspSize - IcvSize - sizeof (EFI_ESP_TAIL));\r
PaddingSize = EspTail->PaddingLength;\r
NextHeader = EspTail->NextHeader;\r
- PlainPayloadSize = EspSize - sizeof (EFI_ESP_HEADER) - IvSize - IcvSize - sizeof (EFI_ESP_TAIL) - PaddingSize;\r
+ \r
+ if (EspSize <= (MiscSize + sizeof (EFI_ESP_TAIL) + PaddingSize)) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto ON_EXIT;\r
+ }\r
+ PlainPayloadSize = EspSize - MiscSize - sizeof (EFI_ESP_TAIL) - PaddingSize;\r
\r
//\r
// TODO: handle anti-replay window\r