/** @file\r
IKE Packet related operation.\r
\r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
LIST_ENTRY *PacketEntry;\r
LIST_ENTRY *Entry;\r
IKE_PAYLOAD *IkePayload;\r
+ EFI_STATUS RetStatus;\r
+\r
+ RetStatus = EFI_SUCCESS;\r
\r
if (!IkePacket->IsEncoded) {\r
IkePacket->IsEncoded = TRUE;\r
// Encryption payloads if needed\r
//\r
if (((IKEV2_SESSION_COMMON *) SessionCommon)->IkeVer == 2) {\r
- Ikev2EncodePacket ((IKEV2_SESSION_COMMON *) SessionCommon, IkePacket, IkeType);\r
+ RetStatus = Ikev2EncodePacket ((IKEV2_SESSION_COMMON *) SessionCommon, IkePacket, IkeType);\r
+ if (EFI_ERROR (RetStatus)) {\r
+ return NULL;\r
+ }\r
+ \r
} else {\r
//\r
- //If IKEv1 support, check it here.\r
+ // If IKEv1 support, check it here.\r
//\r
return NULL;\r
}\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
+ NotifyPayload = NULL;\r
CpPayload = NULL;\r
NotifyPayload = NULL;\r
\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_AUTH\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Auth Payload\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+\r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ }\r
+\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
}\r
\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+ \r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+\r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
//\r
// 5. Generate keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
CpPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
NotifyPayload = NULL;\r
CertPayload = NULL;\r
CertReqPayload = NULL;\r
(UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
PcdGet32 (PcdIpsecUefiCertificateSize)\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Certificate Payload\r
IKEV2_CERT_ENCODEING_X509_CERT_SIGN,\r
FALSE\r
);\r
+ if (CertPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
+ if (CertReqPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
//\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+ \r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
+\r
//\r
// 5. Generate SA Payload according to the Sa Data in ChildSaSession\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (CertPayload != NULL) {\r
+ IkePayloadFree (CertPayload);\r
+ }\r
+ \r
+ if (CertReqPayload != NULL) {\r
+ IkePayloadFree (CertReqPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+\r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+ \r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
//\r
// 5. Generat keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
//\r
// Generate Gxy\r
//\r
- Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
\r
//\r
// Get the key length of Authenticaion, Encryption, PRF, and Integrity.\r
//\r
// Generate Gxy \r
//\r
- Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;\r
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;\r
}\r