sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NetworkPkg: Clean up source files

Browse Source 
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Liming Gao
2018-06-27 21:12:32 +08:00
parent 9095d37b8f
commit f75a7f568e
180 changed files with 3642 additions and 3642 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NetworkPkg/IpSecDxe/ComponentName.c
View File

@@ -1,7 +1,7 @@
/** @file
UEFI Component Name(2) protocol implementation for IPsec driver.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -325,7 +325,7 @@ IpSecComponentNameGetControllerName (
if (ChildHandle != NULL) {
return EFI_UNSUPPORTED;
}
//
// Make sure this driver is currently managing ControllerHandle
//

4
NetworkPkg/IpSecDxe/IetfConstants.c
View File

@@ -1,7 +1,7 @@
/** @file
Cryptographic Parameter Constant Definitions from IETF;
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License

10
NetworkPkg/IpSecDxe/Ike.h
View File

@@ -1,7 +1,7 @@
/** @file
The common definition of IPsec Key Exchange (IKE).
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -55,7 +55,7 @@
#define IPSEC_ESP_BLOWFISH 7
#define IPSEC_ESP_3IDEA 8
#define IPSEC_ESP_DES_IV32 9
#define IPSEC_ESP_RC4 10 // It's reserved in IKEv2
#define IPSEC_ESP_RC4 10 // It's reserved in IKEv2
#define IPSEC_ESP_NULL 11
#define IPSEC_ESP_AES 12
@@ -150,7 +150,7 @@ typedef struct {
typedef union {
UINT16 AttrLength;
UINT16 AttrValue;
} IKE_SA_ATTR_UNION;
} IKE_SA_ATTR_UNION;
//
// SA Attribute present in Transform Payload
@@ -163,7 +163,7 @@ typedef struct {
#pragma pack()
//
// Contains the IKE packet information.
// Contains the IKE packet information.
//
typedef struct {
UINTN RefCount;
@@ -219,7 +219,7 @@ typedef struct {
//
// Each algorithm has its own Id, Guid, BlockSize and KeyLength.
// This struct contains these information for each algorithm. It is generic structure
// for both encryption and authentication algorithm.
// for both encryption and authentication algorithm.
// For authentication algorithm, the AlgSize means IcvSize. For encryption algorithm,
// it means IvSize.
//

38
NetworkPkg/IpSecDxe/IkeCommon.c
View File

@@ -1,7 +1,7 @@
/** @file
Common operation of the IKE
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -26,7 +26,7 @@
@retval TRUE This SpiValue has existed in the Child SA Session
@retval FALSE This SpiValue doesn't exist in the Child SA Session.
**/
BOOLEAN
IkeSpiValueExisted (
@@ -40,8 +40,8 @@ IkeSpiValueExisted (
Entry = NULL;
Next = NULL;
SaSession = NULL;
SaSession = NULL;
//
// Check whether the SPI value has existed in ChildSaEstablishSessionList.
//
@@ -67,7 +67,7 @@ IkeSpiValueExisted (
/**
Call Crypto Lib to generate a random value with eight-octet length.
@return the 64 byte vaule.
**/
@@ -91,8 +91,8 @@ IkeGenerateCookie (
Generate the random data for Nonce payload.
@param[in] NonceSize Size of the data in bytes.
@return Buffer which contains the random data of the spcified size.
@return Buffer which contains the random data of the spcified size.
**/
UINT8 *
@@ -168,7 +168,7 @@ IkePayloadAlloc (
if (IkePayload == NULL) {
return NULL;
}
IkePayload->Signature = IKE_PAYLOAD_SIGNATURE;
return IkePayload;
@@ -200,11 +200,11 @@ IkePayloadFree (
/**
Generate an new SPI.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
Session.
@param[in, out] SpiValue Pointer to the new generated SPI value.
@param[in, out] SpiValue Pointer to the new generated SPI value.
@retval EFI_SUCCESS The operation performs successfully.
@retval Otherwise The operation is failed.
@@ -218,7 +218,7 @@ IkeGenerateSpi (
EFI_STATUS Status;
Status = EFI_SUCCESS;
while (TRUE) {
//
// Generate SPI randomly
@@ -229,13 +229,13 @@ IkeGenerateSpi (
}
//
// The set of SPI values in the range 1 through 255 are reserved by the
// Internet Assigned Numbers Authority (IANA) for future use; a reserved
// SPI value will not normally be assigned by IANA unless the use of the
// The set of SPI values in the range 1 through 255 are reserved by the
// Internet Assigned Numbers Authority (IANA) for future use; a reserved
// SPI value will not normally be assigned by IANA unless the use of the
// assigned SPI value is specified in an RFC.
//
if (*SpiValue < IKE_SPI_BASE) {
*SpiValue += IKE_SPI_BASE;
*SpiValue += IKE_SPI_BASE;
}
//
@@ -245,7 +245,7 @@ IkeGenerateSpi (
break;
}
}
return Status;
}

18
NetworkPkg/IpSecDxe/IkeCommon.h
View File

@@ -1,7 +1,7 @@
/** @file
Common operation of the IKE.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -19,7 +19,7 @@
#include <Protocol/Udp4.h>
#include <Protocol/Udp6.h>
#include <Protocol/Ip4Config2.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
@@ -62,7 +62,7 @@
/**
Call Crypto Lib to generate a random value with eight-octet length.
@return the 64 byte vaule.
**/
@@ -75,8 +75,8 @@ IkeGenerateCookie (
Generate the random data for Nonce payload.
@param[in] NonceSize Size of the data in bytes.
@return Buffer which contains the random data of the spcified size.
@return Buffer which contains the random data of the spcified size.
**/
UINT8 *
@@ -131,11 +131,11 @@ IkePayloadFree (
/**
Generate an new SPI.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
Session.
@param[in, out] SpiValue Pointer to the new generated SPI value.
@param[in, out] SpiValue Pointer to the new generated SPI value.
@retval EFI_SUCCESS The operation performs successfully.
@retval Otherwise The operation is failed.

26
NetworkPkg/IpSecDxe/IkePacket.c
View File

@@ -1,7 +1,7 @@
/** @file
IKE Packet related operation.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -36,7 +36,7 @@ IkePacketAlloc (
IkePacket->RefCount = 1;
InitializeListHead (&IkePacket->PayloadList);
IkePacket->Header = (IKE_HEADER *) AllocateZeroPool (sizeof (IKE_HEADER));
if (IkePacket->Header == NULL) {
FreePool (IkePacket);
@@ -94,8 +94,8 @@ IkePacketFree (
/**
Callback funtion of NetbufFromExt()
@param[in] Arg The data passed from the NetBufFromExe().
@param[in] Arg The data passed from the NetBufFromExe().
**/
VOID
@@ -111,11 +111,11 @@ IkePacketNetbufFree (
/**
Copy the NetBuf into a IKE_PACKET sturcture.
Create a IKE_PACKET and fill the received IKE header into the header of IKE_PACKET
Create a IKE_PACKET and fill the received IKE header into the header of IKE_PACKET
and copy the recieved packet without IKE HEADER to the PayloadBuf of IKE_PACKET.
@param[in] Netbuf The pointer of the Netbuf which contains the whole received
@param[in] Netbuf The pointer of the Netbuf which contains the whole received
IKE packet.
@return The pointer of the IKE_PACKET which contains the received packet.
@@ -174,12 +174,12 @@ Error:
@param[in] SessionCommon Pointer of related IKE_COMMON_SESSION
@param[in] IkePacket Pointer of IKE_PACKET to be copy to NetBuf
@param[in] IkeType The IKE type to pointer the packet is for which IKE
phase. Now it supports IKE_SA_TYPE, IKE_CHILDSA_TYPE,
@param[in] IkeType The IKE type to pointer the packet is for which IKE
phase. Now it supports IKE_SA_TYPE, IKE_CHILDSA_TYPE,
IKE_INFO_TYPE.
@return a pointer of Netbuff which contains the IKE_PACKE in network order.
**/
NET_BUF *
IkeNetbufFromPacket (
@@ -210,7 +210,7 @@ IkeNetbufFromPacket (
if (EFI_ERROR (RetStatus)) {
return NULL;
}
} else {
//
// If IKEv1 support, check it here.
@@ -224,7 +224,7 @@ IkeNetbufFromPacket (
// Get the number of the payloads
//
NET_LIST_FOR_EACH (PacketEntry, &(IkePacket)->PayloadList) {
NumPayloads++;
}
//
@@ -258,7 +258,7 @@ IkeNetbufFromPacket (
IkePacketNetbufFree,
NULL
);
FreePool (Fragments);
return Netbuf;
}

14
NetworkPkg/IpSecDxe/IkePacket.h
View File

@@ -1,7 +1,7 @@
/** @file
IKE Packet related definitions and function declarations.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -10,7 +10,7 @@
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _IKE_V1_PACKET_H_
@@ -46,11 +46,11 @@ IkePacketFree (
/**
Copy the NetBuf into a IKE_PACKET sturcture.
Create a IKE_PACKET and fill the received IKE header into the header of IKE_PACKET
Create a IKE_PACKET and fill the received IKE header into the header of IKE_PACKET
and copy the recieved packet without IKE HEADER to the PayloadBuf of IKE_PACKET.
@param[in] Netbuf The pointer of the Netbuf which contains the whole received
@param[in] Netbuf The pointer of the Netbuf which contains the whole received
IKE packet.
@return The pointer of the IKE_PACKET which contains the received packet.
@@ -66,8 +66,8 @@ IkePacketFromNetbuf (
@param[in] SessionCommon Pointer of related IKE_COMMON_SESSION
@param[in] IkePacket Pointer of IKE_PACKET to be copy to NetBuf
@param[in] IkeType The IKE type to pointer the packet is for which IKE
phase. Now it supports IKE_SA_TYPE, IKE_CHILDSA_TYPE,
@param[in] IkeType The IKE type to pointer the packet is for which IKE
phase. Now it supports IKE_SA_TYPE, IKE_CHILDSA_TYPE,
IKE_INFO_TYPE.
@return A pointer of Netbuff which contains the contents of the IKE_PACKE in network order.

4
NetworkPkg/IpSecDxe/IkeService.c
View File

@@ -1,7 +1,7 @@
/** @file
Provide IPsec Key Exchange (IKE) service general interfaces.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -273,7 +273,7 @@ IkeOpenOutputUdp (
&BufSize,
IfInfo
);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}

50
NetworkPkg/IpSecDxe/Ikev2/ChildSa.c
View File

@@ -1,7 +1,7 @@
/** @file
The operations for Child SA.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -16,12 +16,12 @@
#include "Utility.h"
/**
Generate IKE Packet for CREATE_CHILD_SA exchange.
Generate IKE Packet for CREATE_CHILD_SA exchange.
This IKE Packet would be the packet for creating new CHILD SA, or the packet for
rekeying existing IKE SA, or the packet for existing CHILD SA.
@param[in] SaSession Pointer to related SA session.
@param[in] SaSession Pointer to related SA session.
@param[in] Context The data passed by the caller.
return a pointer of IKE packet.
@@ -42,12 +42,12 @@ Ikev2CreateChildGenerator (
NotifyPayload = NULL;
MessageId = NULL;
ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession;
if (ChildSaSession == NULL) {
return NULL;
}
IkePacket = IkePacketAlloc();
if (IkePacket == NULL) {
return NULL;
@@ -57,28 +57,28 @@ Ikev2CreateChildGenerator (
if (Context != NULL) {
MessageId = (UINT32 *) Context;
}
IkePacket->Header->Version = (UINT8) (2 << 4);
IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_NOTIFY;
IkePacket->Header->ExchangeType = IKE_XCG_TYPE_CREATE_CHILD_SA;
if (ChildSaSession->SessionCommon.IkeSessionType == IkeSessionTypeChildSa) {
//
// 1.a Fill the IkePacket->Hdr
//
//
IkePacket->Header->InitiatorCookie = ChildSaSession->IkeSaSession->InitiatorCookie;
IkePacket->Header->ResponderCookie = ChildSaSession->IkeSaSession->ResponderCookie;
if (MessageId != NULL) {
IkePacket->Header->MessageId = *MessageId;
} else {
IkePacket->Header->MessageId = ChildSaSession->MessageId;
}
}
if (ChildSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;
}
} else {
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
//
@@ -91,8 +91,8 @@ Ikev2CreateChildGenerator (
IkePacket->Header->MessageId = *MessageId;
} else {
IkePacket->Header->MessageId = IkeSaSession->MessageId;
}
}
if (IkeSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;
}
@@ -101,7 +101,7 @@ Ikev2CreateChildGenerator (
if (MessageId != NULL) {
IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;
}
//
// According to RFC4306, Chapter 4.
// A minimal implementation may support the CREATE_CHILD_SA exchange only to
@@ -110,33 +110,33 @@ Ikev2CreateChildGenerator (
NotifyPayload = Ikev2GenerateNotifyPayload (
0,
IKEV2_PAYLOAD_TYPE_NONE,
0,
0,
IKEV2_NOTIFICATION_NO_ADDITIONAL_SAS,
NULL,
NULL,
0
);
if (NotifyPayload == NULL) {
if (NotifyPayload == NULL) {
IkePacketFree (IkePacket);
return NULL;
}
IKE_PACKET_APPEND_PAYLOAD (IkePacket, NotifyPayload);
//
// TODO: Support the CREATE_CHILD_SA exchange.
//
// TODO: Support the CREATE_CHILD_SA exchange.
//
return IkePacket;
}
/**
Parse the IKE packet of CREATE_CHILD_SA exchange.
This function parse the IKE packet and save the related information to further
calculation.
calculation.
@param[in] SaSession Pointer to IKEv2_CHILD_SA_SESSION related to this Exchange.
@param[in] IkePacket Received packet to be parsed.
@retval EFI_SUCCESS The IKE Packet is acceptable.
@retval EFI_UNSUPPORTED Not support the CREATE_CHILD_SA request.

6
NetworkPkg/IpSecDxe/Ikev2/Exchange.c
View File

@@ -1,7 +1,7 @@
/** @file
The general interfaces of the IKEv2.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -498,7 +498,7 @@ Ikev2HandleSa (
if (ChildSaSession == NULL) {
goto ON_ERROR;
}
ChildSaCommon = &ChildSaSession->SessionCommon;
}
@@ -526,7 +526,7 @@ Ikev2HandleSa (
if (ChildSaSession == NULL) {
goto ON_ERROR;
}
ChildSaCommon = &ChildSaSession->SessionCommon;
//

4
NetworkPkg/IpSecDxe/Ikev2/Ikev2.h
View File

@@ -1,7 +1,7 @@
/** @file
IKEv2 related definitions.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -231,7 +231,7 @@ typedef struct {
UINT8 *Data;
} PRF_DATA_FRAGMENT;
typedef
typedef
IKE_PACKET *
(*IKEV2_PACKET_GENERATOR) (
IN UINT8 *SaSession,

62
NetworkPkg/IpSecDxe/Ikev2/Info.c
View File

@@ -2,7 +2,7 @@
The Implementations for Information Exchange.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -11,7 +11,7 @@
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Utility.h"
@@ -21,14 +21,14 @@
/**
Generate Information Packet.
The information Packet may contain one Delete Payload, or Notify Payload, which
The information Packet may contain one Delete Payload, or Notify Payload, which
dependes on the Context's parameters.
@param[in] SaSession Pointer to IKE SA Session or Child SA Session which is
@param[in] SaSession Pointer to IKE SA Session or Child SA Session which is
related to the information Exchange.
@param[in] Context The Data passed from the caller. If the Context is not NULL
it should contain the information for Notification Data.
@retval Pointer of IKE_PACKET generated.
**/
@@ -55,7 +55,7 @@ Ikev2InfoGenerator (
// Fill IkePacket Header.
//
IkePacket->Header->ExchangeType = IKEV2_EXCHANGE_TYPE_INFO;
IkePacket->Header->Version = (UINT8) (2 << 4);
IkePacket->Header->Version = (UINT8) (2 << 4);
if (Context != NULL) {
InfoContext = (IKEV2_INFO_EXCHANGE_CONTEXT *) Context;
@@ -64,8 +64,8 @@ Ikev2InfoGenerator (
//
// For Liveness Check
//
if (InfoContext != NULL &&
(InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify)
if (InfoContext != NULL &&
(InfoContext->InfoType == Ikev2InfoLiveCheck || InfoContext->InfoType == Ikev2InfoNotify)
) {
IkePacket->Header->MessageId = InfoContext->MessageId;
IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;
@@ -77,10 +77,10 @@ Ikev2InfoGenerator (
//
return IkePacket;
}
//
// For delete SAs
//
//
if (IkeSaSession->SessionCommon.IkeSessionType == IkeSessionTypeIkeSa) {
IkePacket->Header->InitiatorCookie = IkeSaSession->InitiatorCookie;
@@ -101,12 +101,12 @@ Ikev2InfoGenerator (
//
if (IkeSaSession->SessionCommon.State == IkeStateSaDeleting ) {
IkePayload = Ikev2GenerateDeletePayload (
IkeSaSession,
IKEV2_PAYLOAD_TYPE_NONE,
0,
0,
IkeSaSession,
IKEV2_PAYLOAD_TYPE_NONE,
0,
0,
NULL
);
);
if (IkePayload == NULL) {
goto ERROR_EXIT;
}
@@ -118,7 +118,7 @@ Ikev2InfoGenerator (
IkePacket->Private = IkeSaSession->SessionCommon.Private;
IkePacket->Spi = 0;
IkePacket->IsDeleteInfo = TRUE;
} else if (Context != NULL) {
//
// TODO: If contest is not NULL Generate a Notify Payload.
@@ -132,7 +132,7 @@ Ikev2InfoGenerator (
if (IkeSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;
}
}
} else {
//
// Delete the Child SA Information Exchagne
@@ -152,7 +152,7 @@ Ikev2InfoGenerator (
IkePacket->Header->MessageId = ChildSaSession->IkeSaSession->MessageId;
Ikev2SaSessionIncreaseMessageId (IkeSaSession);
}
IkePayload = Ikev2GenerateDeletePayload (
ChildSaSession->IkeSaSession,
IKEV2_PAYLOAD_TYPE_DELETE,
@@ -193,7 +193,7 @@ Ikev2InfoGenerator (
if (InfoContext != NULL) {
IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;
}
return IkePacket;
ERROR_EXIT:
@@ -233,16 +233,16 @@ Ikev2InfoParser (
UINT8 Value;
EFI_STATUS Status;
IKE_PACKET *RespondPacket;
IKEV2_INFO_EXCHANGE_CONTEXT Context;
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
DeletePayload = NULL;
Private = NULL;
RespondPacket = NULL;
Status = EFI_SUCCESS;
//
// For Liveness Check
//
@@ -279,13 +279,13 @@ Ikev2InfoParser (
//
// For SA Delete
//
NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {
NET_LIST_FOR_EACH (Entry, &(IkePacket)->PayloadList) {
//
// Iterate payloads to find the Delete/Notify Payload.
//
IkePayload = IKE_PAYLOAD_BY_PACKET (Entry);
if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_DELETE) {
DeletePayload = IkePayload;
Delete = (IKEV2_DELETE *)DeletePayload->PayloadBuf;
@@ -310,7 +310,7 @@ Ikev2InfoParser (
// After all IKE SAs were deleted, set the IPSEC_STATUS_DISABLED value in
// IPsec status variable.
//
if (IsListEmpty (&Private->Ikev1EstablishedList) &&
if (IsListEmpty (&Private->Ikev1EstablishedList) &&
(IsListEmpty (&Private->Ikev2EstablishedList))
) {
Value = IPSEC_STATUS_DISABLED;
@@ -341,9 +341,9 @@ Ikev2InfoParser (
return Status;
}
Status = Ikev2SendIkePacket (
IkeSaSession->SessionCommon.UdpService,
(UINT8 *)(&IkeSaSession->SessionCommon),
RespondPacket,
IkeSaSession->SessionCommon.UdpService,
(UINT8 *)(&IkeSaSession->SessionCommon),
RespondPacket,
0
);
}
@@ -373,7 +373,7 @@ Ikev2InfoParser (
Context.InfoType = Ikev2InfoDelete;
Context.MessageId = IkePacket->Header->MessageId;
RespondPacket = Ikev2InfoGenerator ((UINT8 *)ChildSaSession, &Context);
if (RespondPacket == NULL) {
Status = EFI_INVALID_PARAMETER;
@@ -382,7 +382,7 @@ Ikev2InfoParser (
Status = Ikev2SendIkePacket (
ChildSaSession->SessionCommon.UdpService,
(UINT8 *)(&ChildSaSession->SessionCommon),
RespondPacket,
RespondPacket,
0
);
} else {
@@ -399,7 +399,7 @@ Ikev2InfoParser (
}
}
}
return Status;
}

42
NetworkPkg/IpSecDxe/Ikev2/Payload.c
View File

@@ -2,7 +2,7 @@
The implementation of Payloads Creation.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -55,7 +55,7 @@ Ikev2GenerateSaPayload (
if (SaPayload == NULL) {
return NULL;
}
//
// TODO: Get the Proposal Number and Transform Number from IPsec Config,
// after the Ipsecconfig Application is support it.
@@ -127,7 +127,7 @@ Ikev2GenerateNoncePayload (
if (Nonce == NULL) {
return NULL;
}
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));
Nonce->Header.NextPayload = NextPayload;
@@ -137,7 +137,7 @@ Ikev2GenerateNoncePayload (
FreePool (Nonce);
return NULL;
}
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;
NoncePayload->PayloadBuf = (UINT8 *) Nonce;
NoncePayload->PayloadSize = Size;
@@ -428,11 +428,11 @@ Ikev2PskGenerateAuthPayload (
if (Digest == NULL) {
return NULL;
}
if (IdPayload == NULL) {
return NULL;
}
//
// Calcualte Prf(Seceret, "Key Pad for IKEv2");
//
@@ -460,7 +460,7 @@ Ikev2PskGenerateAuthPayload (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
CopyMem (KeyBuf, Digest, DigestSize);
KeySize = DigestSize;
@@ -522,7 +522,7 @@ Ikev2PskGenerateAuthPayload (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize);
@@ -557,7 +557,7 @@ Ikev2PskGenerateAuthPayload (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
//
// Fill in Auth payload.
//
@@ -761,7 +761,7 @@ Ikev2CertGenerateAuthPayload (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize);
@@ -820,7 +820,7 @@ Ikev2CertGenerateAuthPayload (
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
//
// Fill in Auth payload.
//
@@ -1229,7 +1229,7 @@ Ikev2GenerateNotifyPayload (
FreePool (Notify);
return NULL;
}
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;
NotifyPayload->PayloadBuf = (UINT8 *) Notify;
NotifyPayload->PayloadSize = NotifyPayloadLen;
@@ -1320,7 +1320,7 @@ Ikev2GenerateDeletePayload (
FreePool (Del);
return NULL;
}
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;
DelPayload->PayloadBuf = (UINT8 *) Del;
DelPayload->PayloadSize = DelPayloadLen;
@@ -1687,7 +1687,7 @@ Ikev2EncodeSa (
if (Sa == NULL) {
return NULL;
}
CopyMem (Sa, SaData, sizeof (IKEV2_SA));
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);
ProposalsSize = 0;
@@ -1884,7 +1884,7 @@ Ikev2DecodeSa (
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (SaData, Sa, sizeof (IKEV2_SA));
SaData->NumProposals = TotalProposals;
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);
@@ -1921,7 +1921,7 @@ Ikev2DecodeSa (
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));
ProposalData->Spi = Spi;
@@ -2357,7 +2357,7 @@ Ikev2DecodePacket (
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));
//
@@ -2565,7 +2565,7 @@ Ikev2EncodePacket (
if (IkeSaSession->InitPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@@ -2584,7 +2584,7 @@ Ikev2EncodePacket (
if (IkeSaSession->RespPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@@ -2695,7 +2695,7 @@ Ikev2DecryptPacket (
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);
@@ -2910,7 +2910,7 @@ Ikev2EncryptPacket (
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
//
// Copy all payload into EncryptedIkePayload
//

12
NetworkPkg/IpSecDxe/Ikev2/Payload.h
View File

@@ -1,7 +1,7 @@
/** @file
The Definitions related to IKEv2 payload.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -37,12 +37,12 @@
#define IKEV2_PAYLOAD_TYPE_EAP 48
//
// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1
//
// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the
// original initiator of the IKE_SA
//
// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to
// a message containing the same message ID.
//
#define IKE_HEADER_FLAGS_INIT 0x08
@@ -67,7 +67,7 @@ typedef struct {
#pragma pack(1)
typedef struct {
IKEV2_COMMON_PAYLOAD_HEADER Header;
//
//
// Proposals
//
} IKEV2_SA;
@@ -94,7 +94,7 @@ typedef struct {
//
// IKEv2 Transform ID for Encrypt Algorithm (ENCR)
//
//
#define IKEV2_TRANSFORM_ID_ENCR_DES_IV64 1
#define IKEV2_TRANSFORM_ID_ENCR_DES 2
#define IKEV2_TRANSFORM_ID_ENCR_3DES 3

184
NetworkPkg/IpSecDxe/Ikev2/Sa.c
View File

@@ -2,7 +2,7 @@
The operations for IKEv2 SA.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -23,7 +23,7 @@
Generates the DH Key.
This generates the DH local public key and store it in the IKEv2 SA Session's GxBuffer.
@param[in] IkeSaSession Pointer to related IKE SA Session.
@retval EFI_SUCCESS The operation succeeded.
@@ -155,7 +155,7 @@ Ikev2InitPskGenerator (
// IkeSaSession is responder. If resending IKE_SA_INIT with Cookie Notify
// No need to recompute the Public key.
//
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {
Status = Ikev2GenerateSaDhPublicKey (IkeSaSession);
if (EFI_ERROR (Status)) {
goto CheckError;
@@ -166,7 +166,7 @@ Ikev2InitPskGenerator (
// 4. Generate KE Payload according to SaParams->DhGroup
//
KePayload = Ikev2GenerateKePayload (
IkeSaSession,
IkeSaSession,
IKEV2_PAYLOAD_TYPE_NONCE
);
@@ -223,7 +223,7 @@ CheckError:
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
return NULL;
return NULL;
}
/**
@@ -241,7 +241,7 @@ EFI_STATUS
Ikev2InitPskParser (
IN UINT8 *SaSession,
IN IKE_PACKET *IkePacket
)
)
{
IKEV2_SA_SESSION *IkeSaSession;
IKE_PAYLOAD *SaPayload;
@@ -305,7 +305,7 @@ Ikev2InitPskParser (
Status = EFI_OUT_OF_RESOURCES;
goto CheckError;
}
CopyMem (
NonceBuffer,
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),
@@ -410,7 +410,7 @@ CheckError:
if (NonceBuffer != NULL) {
FreePool (NonceBuffer);
}
return Status;
}
@@ -439,7 +439,7 @@ Ikev2AuthPskGenerator (
IKE_PAYLOAD *NotifyPayload;
IKE_PAYLOAD *CpPayload;
IKEV2_CHILD_SA_SESSION *ChildSaSession;
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
@@ -453,7 +453,7 @@ Ikev2AuthPskGenerator (
NotifyPayload = NULL;
CpPayload = NULL;
NotifyPayload = NULL;
//
// 1. Allocate IKE Packet
//
@@ -476,7 +476,7 @@ Ikev2AuthPskGenerator (
}
//
// According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should
// According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should
// be always number 0 and 1;
//
IkePacket->Header->MessageId = 1;
@@ -623,7 +623,7 @@ CheckError:
if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
@@ -631,7 +631,7 @@ CheckError:
if (AuthPayload != NULL) {
IkePayloadFree (AuthPayload);
}
if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
@@ -639,20 +639,20 @@ CheckError:
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
return NULL;
return NULL;
}
/**
@@ -661,13 +661,13 @@ CheckError:
@param[in] SaSession Pointer to the IKE_SA_SESSION related to this packet.
@param[in] IkePacket Pointer to the IKE_AUTH packet to be parsered.
@retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA
@retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA
proposal is unacceptable.
@retval EFI_SUCCESS The IKE packet is acceptable and the
relative data is saved for furthure communication.
**/
EFI_STATUS
EFI_STATUS
Ikev2AuthPskParser (
IN UINT8 *SaSession,
IN IKE_PACKET *IkePacket
@@ -733,7 +733,7 @@ Ikev2AuthPskParser (
// Check IkePacket Header is match the state
//
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND
//
@@ -830,7 +830,7 @@ Ikev2AuthPskParser (
(((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)
) {
return EFI_INVALID_PARAMETER;
}
}
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)
) {
@@ -847,7 +847,7 @@ Ikev2AuthPskParser (
return EFI_INVALID_PARAMETER;
}
//
// Get the Virtual IP address from the Tsi traffic selector.
// Get the Virtual IP address from the Tsi traffic selector.
// TODO: check the CFG reply payload
//
CopyMem (
@@ -856,7 +856,7 @@ Ikev2AuthPskParser (
(ChildSaSession->SessionCommon.UdpService->IpVersion == IP_VERSION_4) ?
sizeof (EFI_IPv4_ADDRESS) : sizeof (EFI_IPv6_ADDRESS)
);
}
}
}
//
@@ -866,7 +866,7 @@ Ikev2AuthPskParser (
if (EFI_ERROR (Status)) {
return Status;
}
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -874,7 +874,7 @@ Ikev2AuthPskParser (
IKEV2_DUMP_STATE (IkeSaSession->SessionCommon.State, IkeStateIkeSaEstablished);
IkeSaSession->SessionCommon.State = IkeStateIkeSaEstablished;
}
return EFI_SUCCESS;
}
@@ -892,7 +892,7 @@ IKE_PACKET*
Ikev2InitCertGenerator (
IN UINT8 *SaSession,
IN VOID *Context
)
)
{
IKE_PACKET *IkePacket;
IKE_PAYLOAD *CertReqPayload;
@@ -944,7 +944,7 @@ Ikev2InitCertGenerator (
@retval EFI_SUCCESS The IKEv2 packet is acceptable and the relative data is
saved for furthure communication.
@retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.
@retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.
@retval EFI_UNSUPPORTED The certificate authentication is not supported.
**/
@@ -956,11 +956,11 @@ Ikev2InitCertParser (
{
if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {
return EFI_UNSUPPORTED;
}
}
//
// The first two messages exchange is same between PSK and Cert.
// Todo: Parse Certificate Request from responder Initial Exchange.
// Todo: Parse Certificate Request from responder Initial Exchange.
//
return Ikev2InitPskParser (SaSession, IkePacket);
}
@@ -1071,7 +1071,7 @@ Ikev2AuthCertGenerator (
if (CertPayload == NULL) {
goto CheckError;
}
if (IkeSaSession->SessionCommon.IsInitiator) {
CertReqPayload = Ikev2GenerateCertificatePayload (
IkeSaSession,
@@ -1083,7 +1083,7 @@ Ikev2AuthCertGenerator (
);
if (CertReqPayload == NULL) {
goto CheckError;
}
}
}
//
@@ -1126,15 +1126,15 @@ Ikev2AuthCertGenerator (
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
);
}
if (CpPayload == NULL) {
goto CheckError;
}
}
}
if (AuthPayload == NULL) {
goto CheckError;
}
}
//
// 5. Generate SA Payload according to the Sa Data in ChildSaSession
@@ -1165,7 +1165,7 @@ Ikev2AuthCertGenerator (
);
//
// Generate Notify Payload. If transport mode, there should have Notify
// Generate Notify Payload. If transport mode, there should have Notify
// payload with TRANSPORT_MODE notification.
//
NotifyPayload = Ikev2GenerateNotifyPayload (
@@ -1222,7 +1222,7 @@ CheckError:
if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
@@ -1230,7 +1230,7 @@ CheckError:
if (CertPayload != NULL) {
IkePayloadFree (CertPayload);
}
if (CertReqPayload != NULL) {
IkePayloadFree (CertReqPayload);
}
@@ -1242,24 +1242,24 @@ CheckError:
if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
return NULL;
return NULL;
}
/**
@@ -1342,7 +1342,7 @@ Ikev2AuthCertParser (
}
}
if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) ||
if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) ||
(TsrPayload == NULL) || (CertPayload == NULL)) {
goto Exit;
}
@@ -1354,7 +1354,7 @@ Ikev2AuthCertParser (
// Check IkePacket Header is match the state
//
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND
//
@@ -1451,7 +1451,7 @@ Ikev2AuthCertParser (
(((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)
) {
goto Exit;
}
}
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)
) {
@@ -1468,7 +1468,7 @@ Ikev2AuthCertParser (
goto Exit;
}
//
// Get the Virtual IP address from the Tsi traffic selector.
// Get the Virtual IP address from the Tsi traffic selector.
// TODO: check the CFG reply payload
//
CopyMem (
@@ -1479,7 +1479,7 @@ Ikev2AuthCertParser (
);
}
}
//
// 5. Generat keymats for IPsec protocol.
//
@@ -1487,7 +1487,7 @@ Ikev2AuthCertParser (
if (EFI_ERROR (Status)) {
goto Exit;
}
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -1528,7 +1528,7 @@ Ikev2GenerateSaDhPublicKey (
if (IkeSaSession->IkeKeys == NULL) {
return EFI_OUT_OF_RESOURCES;
}
IkeKeys = IkeSaSession->IkeKeys;
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));
if (IkeKeys->DhBuffer == NULL) {
@@ -1560,13 +1560,13 @@ Ikev2GenerateSaDhPublicKey (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));
FreePool (IkeKeys->DhBuffer->GxBuffer);
FreePool (IkeKeys->DhBuffer);
FreePool (IkeSaSession->IkeKeys);
return Status;
}
@@ -1583,7 +1583,7 @@ Ikev2GenerateSaDhPublicKey (
@param[in] DhBuffer Pointer to buffer of peer's puliic key.
@param[in] KePayload Pointer to received key payload.
@retval EFI_SUCCESS The operation succeeded.
@retval Otherwise The operation failed.
@@ -1622,7 +1622,7 @@ Ikev2GenerateSaDhComputeKey (
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));
FreePool (DhBuffer->GxyBuffer);
return Status;
}
@@ -1633,10 +1633,10 @@ Ikev2GenerateSaDhComputeKey (
DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);
if (DhBuffer->GyBuffer == NULL) {
FreePool (DhBuffer->GxyBuffer);
return Status;
}
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);
@@ -1705,7 +1705,7 @@ Ikev2GenerateSaKeys (
//
// If one or more algorithm is not support, return EFI_UNSUPPORTED.
//
if (AuthAlgKeyLen == 0 ||
if (AuthAlgKeyLen == 0 ||
EncryptAlgKeyLen == 0 ||
IntegrityAlgKeyLen == 0 ||
PrfAlgKeyLen == 0
@@ -1767,8 +1767,8 @@ Ikev2GenerateSaKeys (
IPSEC_DUMP_BUF (">>> NrBlock", IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
IPSEC_DUMP_BUF (">>> InitiatorCookie", (UINT8 *)&IkeSaSession->InitiatorCookie, sizeof(UINT64));
IPSEC_DUMP_BUF (">>> ResponderCookie", (UINT8 *)&IkeSaSession->ResponderCookie, sizeof(UINT64));
OutputKeyLength = PrfAlgKeyLen +
OutputKeyLength = PrfAlgKeyLen +
2 * EncryptAlgKeyLen +
2 * AuthAlgKeyLen +
2 * IntegrityAlgKeyLen;
@@ -1818,7 +1818,7 @@ Ikev2GenerateSaKeys (
}
IkeSaSession->IkeKeys->SkAiKeySize = IntegrityAlgKeyLen;
CopyMem (IkeSaSession->IkeKeys->SkAiKey, OutputKey + PrfAlgKeyLen, IntegrityAlgKeyLen);
IPSEC_DUMP_BUF (">>> SK_Ai Key", IkeSaSession->IkeKeys->SkAiKey, IkeSaSession->IkeKeys->SkAiKeySize);
//
@@ -1835,7 +1835,7 @@ Ikev2GenerateSaKeys (
OutputKey + PrfAlgKeyLen + IntegrityAlgKeyLen,
IntegrityAlgKeyLen
);
IPSEC_DUMP_BUF (">>> SK_Ar Key", IkeSaSession->IkeKeys->SkArKey, IkeSaSession->IkeKeys->SkArKeySize);
//
@@ -1847,14 +1847,14 @@ Ikev2GenerateSaKeys (
goto Exit;
}
IkeSaSession->IkeKeys->SkEiKeySize = EncryptAlgKeyLen;
CopyMem (
IkeSaSession->IkeKeys->SkEiKey,
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,
EncryptAlgKeyLen
);
IPSEC_DUMP_BUF (
">>> SK_Ei Key",
">>> SK_Ei Key",
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,
EncryptAlgKeyLen
);
@@ -1915,7 +1915,7 @@ Ikev2GenerateSaKeys (
IkeSaSession->IkeKeys->SkPrKey,
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,
AuthAlgKeyLen
);
);
IPSEC_DUMP_BUF (
">>> SK_Pr Key",
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,
@@ -1958,7 +1958,7 @@ Exit:
}
}
return Status;
}
@@ -1988,16 +1988,16 @@ Ikev2GenerateChildSaKeys (
Status = EFI_SUCCESS;
OutputKey = NULL;
if (KePayload != NULL) {
//
// Generate Gxy
// Generate Gxy
//
Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);
if (EFI_ERROR (Status)) {
goto Exit;
}
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;
}
@@ -2021,7 +2021,7 @@ Ikev2GenerateChildSaKeys (
}
//
//
//
// If KePayload is not NULL, calculate KEYMAT = prf+(SK_d, g^ir (new) | Ni | Nr ),
// otherwise, KEYMAT = prf+(SK_d, Ni | Nr )
//
@@ -2045,16 +2045,16 @@ Ikev2GenerateChildSaKeys (
);
if (EFI_ERROR (Status)) {
goto Exit;
goto Exit;
}
//
// Copy KEYMATE (SK_ENCRYPT_i | SK_ENCRYPT_r | SK_INTEG_i | SK_INTEG_r) to
// ChildKeyMates.
//
//
if (!ChildSaSession->SessionCommon.IsInitiator) {
//
//
// Initiator Encryption Key
//
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
@@ -2080,8 +2080,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -2097,8 +2097,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2114,8 +2114,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2131,8 +2131,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey,
@@ -2148,8 +2148,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -2165,8 +2165,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2182,8 +2182,8 @@ Ikev2GenerateChildSaKeys (
if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
}
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -2233,7 +2233,7 @@ Exit:
if (OutputKey != NULL) {
FreePool (OutputKey);
}
return EFI_SUCCESS;
}

354
NetworkPkg/IpSecDxe/Ikev2/Utility.c
View File

File diff suppressed because it is too large Load Diff

236
NetworkPkg/IpSecDxe/Ikev2/Utility.h
View File

@@ -1,8 +1,8 @@
/** @file
The interfaces of IKE/Child session operations and payload related operations
The interfaces of IKE/Child session operations and payload related operations
used by IKE Exchange Process.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -76,8 +76,8 @@ Ikev2SaSessionLookup (
Private->Ikev2SaSession list or Private->Ikev2EstablishedList list.
@param[in] SaSessionList Pointer to list to be inserted into.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be inserted.
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESSS to indicate the
unique IKEV2_SA_SESSION.
**/
@@ -94,7 +94,7 @@ Ikev2SaSessionInsert (
@param[in] SaSessionList Pointer to list to be searched.
@param[in] RemotePeerIp Pointer to EFI_IP_ADDRESS to use for SA Session search.
@retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.
@retval Pointer to IKEV2_SA_SESSION with the specified remote IP address.
**/
IKEV2_SA_SESSION *
@@ -129,7 +129,7 @@ Ikev2SessionCommonRefresh (
);
/**
Free specified IKEV2 SA Session.
Free specified IKEV2 SA Session.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION to be freed.
@@ -140,7 +140,7 @@ Ikev2SaSessionFree (
);
/**
Free specified Seession Common. The session common would belong to a IKE SA or
Free specified Seession Common. The session common would belong to a IKE SA or
a Child SA.
@param[in] SessionCommon Pointer to a Session Common.
@@ -164,9 +164,9 @@ Ikev2SaSessionIncreaseMessageId (
/**
Allocate Momery for IKEV2 Child SA Session.
@param[in] UdpService Pointer to IKE_UDP_SERVICE.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to this Child SA
Session.
@retval Pointer of a new created IKEV2 Child SA Session.
@@ -179,8 +179,8 @@ Ikev2ChildSaSessionAlloc (
);
/**
Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
Register a established IKEv2 Child SA into IkeSaSession->ChildSaEstablishSessionList.
If the there is IKEV2_CHILD_SA_SESSION with same remote peer IP, remove the old one
then register the new one.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION to be registered.
@@ -198,7 +198,7 @@ Ikev2ChildSaSessionReg (
This functin find a ChildSA session by searching the ChildSaSessionlist of
the input IKEV2_SA_SESSION by specified MessageID.
@param[in] SaSessionList Pointer to List to be searched.
@param[in] Spi Specified SPI.
@@ -241,20 +241,20 @@ Ikev2ChildSaSessionInsert (
/**
Remove the IKEV2_CHILD_SA_SESSION from IkeSaSessionList.
@param[in] SaSessionList The SA Session List to be iterated.
@param[in] Spi Spi used to identify the IKEV2_CHILD_SA_SESSION.
@param[in] ListType The type of the List to indicate whether it is a
Established.
@param[in] ListType The type of the List to indicate whether it is a
Established.
@return The point to IKEV2_CHILD_SA_SESSION.
**/
IKEV2_CHILD_SA_SESSION *
Ikev2ChildSaSessionRemove (
IN LIST_ENTRY *SaSessionList,
IN UINT32 Spi,
IN UINT8 ListType
IN UINT32 Spi,
IN UINT8 ListType
);
/**
@@ -271,7 +271,7 @@ Ikev2ChildSaSessionOnDeleting (
);
/**
Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
Free the memory located for the specified IKEV2_CHILD_SA_SESSION.
@param[in] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION.
@@ -285,7 +285,7 @@ Ikev2ChildSaSessionFree (
Free the specified DhBuffer.
@param[in] DhBuffer Pointer to IKEV2_DH_BUFFER to be freed.
**/
VOID
Ikev2DhBufferFree (
@@ -315,7 +315,7 @@ Ikev2ChildSaSilentDelete (
/**
This function is to parse a request IKE packet and return its request type.
The request type is one of IKE CHILD SA creation, IKE SA rekeying and
The request type is one of IKE CHILD SA creation, IKE SA rekeying and
IKE CHILD SA rekeying.
@param[in] IkePacket IKE packet to be prased.
@@ -330,7 +330,7 @@ Ikev2ChildExchangeRequestType(
/**
This function finds the SPI from Create Child Sa Exchange Packet.
@param[in] IkePacket Pointer to IKE_PACKET to be searched.
@retval SPI number.
@@ -345,10 +345,10 @@ Ikev2ChildExchangeRekeySpi(
/**
Associate a SPD selector to the Child SA Session.
This function is called when the Child SA is not the first child SA of its
This function is called when the Child SA is not the first child SA of its
IKE SA. It associate a SPD to this Child SA.
@param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
@param[in, out] ChildSaSession Pointer to the Child SA Session to be associated to
a SPD selector.
@retval EFI_SUCCESS Associate one SPD selector to this Child SA Session successfully.
@@ -441,13 +441,13 @@ Ikev2ChildSaAfterEncodePayload (
Generate Ikev2 SA payload according to SessionSaData
@param[in] SessionSaData The data used in SA payload.
@param[in] NextPayload The payload type presented in NextPayload field of
@param[in] NextPayload The payload type presented in NextPayload field of
SA Payload header.
@param[in] Type The SA type. It MUST be neither (1) for IKE_SA or
(2) for CHILD_SA or (3) for INFO.
@retval a Pointer to SA IKE payload.
**/
IKE_PAYLOAD *
Ikev2GenerateSaPayload (
@@ -460,7 +460,7 @@ Ikev2GenerateSaPayload (
Generate a ID payload.
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
@param[in] NextPayload The payload type presented in the NextPayload field
@param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@retval Pointer to ID IKE payload.
@@ -476,7 +476,7 @@ Ikev2GenerateIdPayload (
Generate a ID payload.
@param[in] CommonSession Pointer to IKEV2_SESSION_COMMON related to ID payload.
@param[in] NextPayload The payload type presented in the NextPayload field
@param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@param[in] InCert Pointer to the Certificate which distinguished name
will be added into the Id payload.
@@ -488,7 +488,7 @@ Ikev2GenerateIdPayload (
IKE_PAYLOAD *
Ikev2GenerateCertIdPayload (
IN IKEV2_SESSION_COMMON *CommonSession,
IN UINT8 NextPayload,
IN UINT8 NextPayload,
IN UINT8 *InCert,
IN UINTN CertSize
);
@@ -496,10 +496,10 @@ Ikev2GenerateCertIdPayload (
/**
Generate a Nonce payload contenting the input parameter NonceBuf.
@param[in] NonceBuf The nonce buffer content the whole Nonce payload block
@param[in] NonceBuf The nonce buffer content the whole Nonce payload block
except the payload header.
@param[in] NonceSize The buffer size of the NonceBuf
@param[in] NextPayload The payload type presented in the NextPayload field
@param[in] NextPayload The payload type presented in the NextPayload field
of Nonce Payload header.
@retval Pointer to Nonce IKE paload.
@@ -516,23 +516,23 @@ Ikev2GenerateNoncePayload (
Generate the Notify payload.
Since the structure of Notify payload which defined in RFC 4306 is simple, so
there is no internal data structure for Notify payload. This function generate
Notify payload defined in RFC 4306, but all the fields in this payload are still
in host order and need call Ikev2EncodePayload() to convert those fields from
there is no internal data structure for Notify payload. This function generate
Notify payload defined in RFC 4306, but all the fields in this payload are still
in host order and need call Ikev2EncodePayload() to convert those fields from
the host order to network order beforing sending it.
@param[in] ProtocolId The protocol type ID. For IKE_SA it MUST be one (1).
For IPsec SAs it MUST be neither (2) for AH or (3)
for ESP.
@param[in] NextPayload The next paylaod type in NextPayload field of
@param[in] NextPayload The next paylaod type in NextPayload field of
the Notify payload.
@param[in] SpiSize Size of the SPI in SPI size field of the Notify Payload.
@param[in] MessageType The message type in NotifyMessageType field of the
@param[in] MessageType The message type in NotifyMessageType field of the
Notify Payload.
@param[in] SpiBuf Pointer to buffer contains the SPI value.
@param[in] NotifyData Pointer to buffer contains the notification data.
@param[in] NotifyDataSize The size of NotifyData in bytes.
@retval Pointer to IKE Notify Payload.
@@ -551,14 +551,14 @@ Ikev2GenerateNotifyPayload (
/**
Generate the Delete payload.
Since the structure of Delete payload which defined in RFC 4306 is simple,
there is no internal data structure for Delete payload. This function generate
Delete payload defined in RFC 4306, but all the fields in this payload are still
in host order and need call Ikev2EncodePayload() to convert those fields from
Since the structure of Delete payload which defined in RFC 4306 is simple,
there is no internal data structure for Delete payload. This function generate
Delete payload defined in RFC 4306, but all the fields in this payload are still
in host order and need call Ikev2EncodePayload() to convert those fields from
the host order to network order beforing sending it.
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload generation.
@param[in] NextPayload The next paylaod type in NextPayload field of
@param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] SpiSize Size of the SPI in SPI size field of the Delete Payload.
@param[in] SpiNum Number of SPI in NumofSPIs field of the Delete Payload.
@@ -573,19 +573,19 @@ Ikev2GenerateDeletePayload (
IN UINT8 NextPayload,
IN UINT8 SpiSize,
IN UINT16 SpiNum,
IN UINT8 *SpiBuf
IN UINT8 *SpiBuf
);
/**
Generate the Configuration payload.
This function generates a configuration payload defined in RFC 4306, but all the
fields in this payload are still in host order and need call Ikev2EncodePayload()
This function generates a configuration payload defined in RFC 4306, but all the
fields in this payload are still in host order and need call Ikev2EncodePayload()
to convert those fields from the host order to network order beforing sending it.
@param[in] IkeSaSession Pointer to IKE SA Session to be used for Delete payload
generation.
@param[in] NextPayload The next paylaod type in NextPayload field of
@param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] CfgType The attribute type in the Configuration attribute.
@@ -602,15 +602,15 @@ Ikev2GenerateCpPayload (
/**
Generate a Authentication Payload.
This function is used for both Authentication generation and verification. When the
IsVerify is TRUE, it create a Auth Data for verification. This function choose the
This function is used for both Authentication generation and verification. When the
IsVerify is TRUE, it create a Auth Data for verification. This function choose the
related IKE_SA_INIT Message for Auth data creation according to the IKE Session's type
and the value of IsVerify parameter.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
@param[in] IdPayload Pointer to the ID payload to be used for Authentication
@param[in] IdPayload Pointer to the ID payload to be used for Authentication
payload generation.
@param[in] NextPayload The type filled into the Authentication Payload next
@param[in] NextPayload The type filled into the Authentication Payload next
payload field.
@param[in] IsVerify If it is TURE, the Authentication payload is used for
verification.
@@ -627,26 +627,26 @@ Ikev2PskGenerateAuthPayload (
);
/**
Generate a Authentication Payload for Certificate Auth method.
Generate a Authentication Payload for Certificate Auth method.
This function has two functions. One is creating a local Authentication
Payload for sending and other is creating the remote Authentication data
This function has two functions. One is creating a local Authentication
Payload for sending and other is creating the remote Authentication data
for verification when the IsVerify is TURE.
@param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to.
@param[in] IdPayload Pointer to the ID payload to be used for Authentication
@param[in] IdPayload Pointer to the ID payload to be used for Authentication
payload generation.
@param[in] NextPayload The type filled into the Authentication Payload
@param[in] NextPayload The type filled into the Authentication Payload
next payload field.
@param[in] IsVerify If it is TURE, the Authentication payload is used
@param[in] IsVerify If it is TURE, the Authentication payload is used
for verification.
@param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when
@param[in] UefiPrivateKey Pointer to the UEFI private key. Ignore it when
verify the authenticate payload.
@param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it
@param[in] UefiPrivateKeyLen The size of UefiPrivateKey in bytes. Ignore it
when verify the authenticate payload.
@param[in] UefiKeyPwd Pointer to the password of UEFI private key.
@param[in] UefiKeyPwd Pointer to the password of UEFI private key.
Ignore it when verify the authenticate payload.
@param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when
@param[in] UefiKeyPwdLen The size of UefiKeyPwd in bytes.Ignore it when
verify the authenticate payload.
@return pointer to IKE Authentication payload for certification method.
@@ -670,9 +670,9 @@ Ikev2CertGenerateAuthPayload (
This function generates TSi or TSr payload according to type of next payload.
If the next payload is Responder TS, gereate TSi Payload. Otherwise, generate
TSr payload
@param[in] ChildSa Pointer to IKEV2_CHILD_SA_SESSION related to this TS payload.
@param[in] NextPayload The payload type presented in the NextPayload field
@param[in] NextPayload The payload type presented in the NextPayload field
of ID Payload header.
@param[in] IsTunnel It indicates that if the Ts Payload is after the CP payload.
If yes, it means the Tsi and Tsr payload should be with
@@ -696,7 +696,7 @@ Ikev2GenerateTsPayload (
IPSEC_PROTO_ISAKMP or if the SpiSize is not zero or if the MessageType is not
the COOKIE, return EFI_INVALID_PARAMETER.
@param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the
@param[in] IkeNCookie Pointer to the IKE_PAYLOAD which contians the
Notify Cookie payload.
the Notify payload.
@param[in, out] IkeSaSession Pointer to the relevant IKE SA Session.
@@ -715,16 +715,16 @@ Ikev2ParserNotifyCookiePayload (
/**
Generate the Certificate payload or Certificate Request Payload.
Since the Certificate Payload structure is same with Certificate Request Payload,
Since the Certificate Payload structure is same with Certificate Request Payload,
the only difference is that one contains the Certificate Data, other contains
the acceptable certificateion CA. This function generate Certificate payload
or Certificate Request Payload defined in RFC 4306, but all the fields
in the payload are still in host order and need call Ikev2EncodePayload()
the acceptable certificateion CA. This function generate Certificate payload
or Certificate Request Payload defined in RFC 4306, but all the fields
in the payload are still in host order and need call Ikev2EncodePayload()
to convert those fields from the host order to network order beforing sending it.
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload
@param[in] IkeSaSession Pointer to IKE SA Session to be used of Delete payload
generation.
@param[in] NextPayload The next paylaod type in NextPayload field of
@param[in] NextPayload The next paylaod type in NextPayload field of
the Delete payload.
@param[in] Certificate Pointer of buffer contains the certification data.
@param[in] CertificateLen The length of Certificate in byte.
@@ -747,15 +747,15 @@ Ikev2GenerateCertificatePayload (
IN UINT8 EncodeType,
IN BOOLEAN IsRequest
);
/**
General interface of payload encoding.
This function encode the internal data structure into payload which
is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input
payload and converted payload. Only the SA payload use the interal structure
to store the attribute. Other payload use structure which is same with the RFC
defined, for this kind payloads just do host order to network order change of
This function encode the internal data structure into payload which
is defined in RFC 4306. The IkePayload->PayloadBuf used to store both the input
payload and converted payload. Only the SA payload use the interal structure
to store the attribute. Other payload use structure which is same with the RFC
defined, for this kind payloads just do host order to network order change of
some fields.
@param[in] SessionCommon Pointer to IKE Session Common used to encode the payload.
@@ -779,7 +779,7 @@ Ikev2EncodePayload (
@param[in] SessionCommon Pointer to IKE Session Common to use for decoding.
@param[in, out] IkePayload Pointer to IKE payload to be decode as input, and
store the decoded result as output.
store the decoded result as output.
@retval EFI_INVALID_PARAMETER Meet error when decode the SA payload.
@retval EFI_SUCCESS Decode successfully.
@@ -796,18 +796,18 @@ Ikev2DecodePayload (
This function decrpt the Encrypted IKE packet and put the result into IkePacket->PayloadBuf.
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
some parameter used during decrypting.
@param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,
@param[in, out] IkePacket Point to IKE_PACKET to be decrypted as input,
and the decrypted reslult as output.
@param[in, out] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
@retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the
@retval EFI_INVALID_PARAMETER If the IKE packet length is zero or the
IKE packet length is not Algorithm Block Size
alignment.
@retval EFI_SUCCESS Decrypt IKE packet successfully.
**/
EFI_STATUS
Ikev2DecryptPacket (
@@ -821,7 +821,7 @@ Ikev2DecryptPacket (
This function encrypt IKE packet before sending it. The Encrypted IKE packet
is put in to IKEV2 Encrypted Payload.
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON related to the IKE packet.
@param[in, out] IkePacket Pointer to IKE packet to be encrypted.
@@ -840,9 +840,9 @@ Ikev2EncryptPacket (
This function put all Payloads into one payload then encrypt it if needed.
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
@param[in] SessionCommon Pointer to IKEV2_SESSION_COMMON containing
some parameter used during IKE packet encoding.
@param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,
@param[in, out] IkePacket Pointer to IKE_PACKET to be encoded as input,
and the encoded reslult as output.
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
@@ -861,12 +861,12 @@ Ikev2EncodePacket (
/**
Decode the IKE packet.
This function first decrypts the IKE packet if needed , then separats the whole
This function first decrypts the IKE packet if needed , then separats the whole
IKE packet from the IkePacket->PayloadBuf into IkePacket payload list.
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON containing
some parameter used by IKE packet decoding.
@param[in, out] IkePacket The IKE Packet to be decoded on input, and
@param[in, out] IkePacket The IKE Packet to be decoded on input, and
the decoded result on return.
@param[in] IkeType The type of IKE. IKE_SA_TYPE, IKE_INFO_TYPE and
IKE_CHILD_TYPE are supportted.
@@ -904,8 +904,8 @@ Ikev2OnPacketAccepted (
@param[in] IkeUdpService Pointer to IKE_UDP_SERVICE used to send the IKE packet.
@param[in] SessionCommon Pointer to IKEV1_SESSION_COMMON related to the IKE packet.
@param[in] IkePacket Pointer to IKE_PACKET to be sent out.
@param[in] IkeType The type of IKE to point what's kind of the IKE
packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE
@param[in] IkeType The type of IKE to point what's kind of the IKE
packet is to be sent out. IKE_SA_TYPE, IKE_INFO_TYPE
and IKE_CHILD_TYPE are supportted.
@retval EFI_SUCCESS The operation complete successfully.
@@ -923,12 +923,12 @@ Ikev2SendIkePacket (
/**
Callback function for the IKE life time is over.
This function will mark the related IKE SA Session as deleting and trigger a
This function will mark the related IKE SA Session as deleting and trigger a
Information negotiation.
@param[in] Event The time out event.
@param[in] Context Pointer to data passed by caller.
**/
VOID
EFIAPI
@@ -952,11 +952,11 @@ Ikev2ResendNotify (
);
/**
Generate a Key Exchange payload according to the DH group type and save the
Generate a Key Exchange payload according to the DH group type and save the
public Key into IkeSaSession IkeKey field.
@param[in, out] IkeSaSession Pointer of the IKE_SA_SESSION.
@param[in] NextPayload The payload type presented in the NextPayload field of Key
@param[in] NextPayload The payload type presented in the NextPayload field of Key
Exchange Payload header.
@retval Pointer to Key IKE payload.
@@ -964,28 +964,28 @@ Ikev2ResendNotify (
**/
IKE_PAYLOAD *
Ikev2GenerateKePayload (
IN OUT IKEV2_SA_SESSION *IkeSaSession,
IN UINT8 NextPayload
IN OUT IKEV2_SA_SESSION *IkeSaSession,
IN UINT8 NextPayload
);
/**
Check if the SPD is related to the input Child SA Session.
This function is the subfunction of Ikev1AssociateSpdEntry(). It is the call
back function of IpSecVisitConfigData().
back function of IpSecVisitConfigData().
@param[in] Type Type of the input Config Selector.
@param[in] Selector Pointer to the Configure Selector to be checked.
@param[in] Data Pointer to the Configure Selector's Data passed
@param[in] Selector Pointer to the Configure Selector to be checked.
@param[in] Data Pointer to the Configure Selector's Data passed
from the caller.
@param[in] SelectorSize The buffer size of Selector.
@param[in] DataSize The buffer size of the Data.
@param[in] Context The data passed from the caller. It is a Child
SA Session in this context.
@retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
@retval EFI_ABORTED The SPD Selector is related to the Child SA session and
@retval EFI_SUCCESS The SPD Selector is not related to the Child SA Session.
@retval EFI_ABORTED The SPD Selector is related to the Child SA session and
set the ChildSaSession->Spd to point to this SPD Selector.
**/
@@ -1033,14 +1033,14 @@ Ikev2ChildSaSessionCreate (
/**
Parse the received Initial Exchange Packet.
This function parse the SA Payload and Key Payload to find out the cryptographic
suite for the further IKE negotiation and fill it into the IKE SA Session's
This function parse the SA Payload and Key Payload to find out the cryptographic
suite for the further IKE negotiation and fill it into the IKE SA Session's
CommonSession->SaParams.
@param[in, out] IkeSaSession Pointer to related IKEV2_SA_SESSION.
@param[in] SaPayload The received packet.
@param[in] Type The received packet IKE header flag.
@param[in] Type The received packet IKE header flag.
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -1055,15 +1055,15 @@ Ikev2SaParseSaPayload (
/**
Parse the received Authentication Exchange Packet.
This function parse the SA Payload and Key Payload to find out the cryptographic
suite for the ESP and fill it into the Child SA Session's CommonSession->SaParams.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to
this Authentication Exchange.
@param[in] SaPayload The received packet.
@param[in] Type The IKE header's flag of received packet .
@param[in] Type The IKE header's flag of received packet .
@retval TRUE If the SA proposal in Packet is acceptable.
@retval FALSE If the SA proposal in Packet is not acceptable.
@@ -1078,17 +1078,17 @@ Ikev2ChildSaParseSaPayload (
/**
Generate Key buffer from fragments.
If the digest length of specified HashAlgId is larger than or equal with the
required output key length, derive the key directly. Otherwise, Key Material
needs to be PRF-based concatenation according to 2.13 of RFC 4306:
If the digest length of specified HashAlgId is larger than or equal with the
required output key length, derive the key directly. Otherwise, Key Material
needs to be PRF-based concatenation according to 2.13 of RFC 4306:
prf+ (K,S) = T1 | T2 | T3 | T4 | ..., T1 = prf (K, S | 0x01),
T2 = prf (K, T1 | S | 0x02), T3 = prf (K, T2 | S | 0x03),T4 = prf (K, T3 | S | 0x04)
then derive the key from this key material.
@param[in] HashAlgId The Hash Algorithm ID used to generate key.
@param[in] HashKey Pointer to a key buffer which contains hash key.
@param[in] HashKeyLength The length of HashKey in bytes.
@param[in, out] OutputKey Pointer to buffer which is used to receive the
@param[in, out] OutputKey Pointer to buffer which is used to receive the
output key.
@param[in] OutputKeyLength The length of OutPutKey buffer.
@param[in] Fragments Pointer to the data to be used to generate key.
@@ -1115,14 +1115,14 @@ Ikev2SaGenerateKey (
Copy ChildSaSession->Spd->Selector to ChildSaSession->SpdSelector.
ChildSaSession->SpdSelector stores the real Spdselector for its SA. Sometime,
the SpdSelector in ChildSaSession is more accurated or the scope is smaller
the SpdSelector in ChildSaSession is more accurated or the scope is smaller
than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/
EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (

358
NetworkPkg/IpSecDxe/IpSecConfigImpl.c
View File

@@ -1,7 +1,7 @@
/** @file
The implementation of IPSEC_CONFIG_PROTOCOL.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -97,7 +97,7 @@ EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance = {
Get the all IPSec configuration variables and store those variables
to the internal data structure.
This founction is called by IpSecConfigInitialize() that is to intialize the
This founction is called by IpSecConfigInitialize() that is to intialize the
IPsecConfiguration Protocol.
@param[in] Private Point to IPSEC_PRIVATE_DATA.
@@ -121,7 +121,7 @@ IpSecConfigRestore (
@retval TRUE The specified AddressInfo is in the AddressInfoList.
@retval FALSE The specified AddressInfo is not in the AddressInfoList.
**/
BOOLEAN
IsInAddressInfoList(
@@ -152,20 +152,20 @@ IsInAddressInfoList(
AddressInfo,
&AddressInfoList[Index].Address,
sizeof (EFI_IP_ADDRESS)
) == 0 &&
) == 0 &&
AddressInfo->PrefixLength == AddressInfoList[Index].PrefixLength
) {
) {
return TRUE;
}
}
return FALSE;
}
/**
Compare two SPD Selectors.
Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
Local Addresses and remote Addresses.
@param[in] Selector1 Pointer of first SPD Selector.
@@ -173,7 +173,7 @@ IsInAddressInfoList(
@retval TRUE This two Selector have the same value in above fields.
@retval FALSE Not all above fields have the same value in these two Selectors.
**/
BOOLEAN
CompareSpdSelector (
@@ -193,7 +193,7 @@ CompareSpdSelector (
//
// Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
// LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
// two Spdselectors. Since the SPD supports two directions, it needs to
// two Spdselectors. Since the SPD supports two directions, it needs to
// compare two directions.
//
if ((SpdSel1->LocalAddressCount != SpdSel2->LocalAddressCount &&
@@ -209,10 +209,10 @@ CompareSpdSelector (
IsMatch = FALSE;
return IsMatch;
}
//
// Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
// SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
// TRUE.
//
@@ -263,14 +263,14 @@ CompareSpdSelector (
}
}
//
// Finish the one direction compare. If it is matched, return; otherwise,
// Finish the one direction compare. If it is matched, return; otherwise,
// compare the other direction.
//
if (IsMatch) {
return IsMatch;
}
//
// Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and
// Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and
// SpdSel1->RemoteAddress doesn't equal to SpdSel2->RemoteAddress. Try to compare
// the RemoteAddress to LocalAddress.
//
@@ -328,16 +328,16 @@ CompareSpdSelector (
Find if the two SPD Selectors has subordinative.
Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
Local Addresses and remote Addresses.
@param[in] Selector1 Pointer of first SPD Selector.
@param[in] Selector2 Pointer of second SPD Selector.
@retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.
@retval FALSE The first SPD Selector is not subordinate Selector of second
@retval FALSE The first SPD Selector is not subordinate Selector of second
SPD Selector.
**/
BOOLEAN
IsSubSpdSelector (
@@ -357,7 +357,7 @@ IsSubSpdSelector (
//
// Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
// LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
// two Spdselectors. Since the SPD supports two directions, it needs to
// two Spdselectors. Since the SPD supports two directions, it needs to
// compare two directions.
//
if (SpdSel1->LocalAddressCount > SpdSel2->LocalAddressCount ||
@@ -370,10 +370,10 @@ IsSubSpdSelector (
) {
IsMatch = FALSE;
}
//
// Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
// First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
// SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
// TRUE.
//
@@ -405,14 +405,14 @@ IsSubSpdSelector (
if (IsMatch) {
return IsMatch;
}
//
//
// The SPD selector in SPD entry is two way.
//
// Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
// LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
// two Spdselectors. Since the SPD supports two directions, it needs to
// two Spdselectors. Since the SPD supports two directions, it needs to
// compare two directions.
//
IsMatch = TRUE;
@@ -427,10 +427,10 @@ IsSubSpdSelector (
IsMatch = FALSE;
return IsMatch;
}
//
// Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
// First, SpdSel1->LocalAddress to SpdSel2->RemoteAddress && Compare
// First, SpdSel1->LocalAddress to SpdSel2->RemoteAddress && Compare
// SpdSel1->RemoteAddress to SpdSel2->LocalAddress. If all match, return
// TRUE.
//
@@ -458,7 +458,7 @@ IsSubSpdSelector (
}
}
return IsMatch;
}
/**
@@ -469,7 +469,7 @@ IsSubSpdSelector (
@retval TRUE This two Selectors have the same SA ID.
@retval FALSE This two Selecotrs don't have the same SA ID.
**/
BOOLEAN
CompareSaId (
@@ -500,7 +500,7 @@ CompareSaId (
@retval TRUE This two Selectors have the same PAD ID.
@retval FALSE This two Selecotrs don't have the same PAD ID.
**/
BOOLEAN
ComparePadId (
@@ -589,7 +589,7 @@ IsZeroSaId (
{
BOOLEAN IsZero;
EFI_IPSEC_CONFIG_SELECTOR ZeroSelector;
IsZero = FALSE;
ZeroMem (&ZeroSelector, sizeof (EFI_IPSEC_CONFIG_SELECTOR));
@@ -636,14 +636,14 @@ IsZeroPadId (
@param[in, out] DstSel Pointer of Destination SPD Selector.
@param[in] SrcSel Pointer of Source SPD Selector.
@param[in, out] Size The size of the Destination SPD Selector. If it
not NULL and its value less than the size of
Source SPD Selector, the value of Source SPD
@param[in, out] Size The size of the Destination SPD Selector. If it
not NULL and its value less than the size of
Source SPD Selector, the value of Source SPD
Selector's size will be passed to caller by this
parameter.
@retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL
@retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
@retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
@retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD
Selector successfully.
@@ -702,13 +702,13 @@ DuplicateSpdSelector (
@param[in, out] DstSel Pointer of Destination SA ID.
@param[in] SrcSel Pointer of Source SA ID.
@param[in, out] Size The size of the Destination SA ID. If it
not NULL and its value less than the size of
Source SA ID, the value of Source SA ID's size
@param[in, out] Size The size of the Destination SA ID. If it
not NULL and its value less than the size of
Source SA ID, the value of Source SA ID's size
will be passed to caller by this parameter.
@retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.
@retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
@retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
@retval EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.
**/
@@ -744,9 +744,9 @@ DuplicateSaId (
@param[in, out] DstSel Pointer of Destination PAD ID.
@param[in] SrcSel Pointer of Source PAD ID.
@param[in, out] Size The size of the Destination PAD ID. If it
not NULL and its value less than the size of
Source PAD ID, the value of Source PAD ID's size
@param[in, out] Size The size of the Destination PAD ID. If it
not NULL and its value less than the size of
Source PAD ID, the value of Source PAD ID's size
will be passed to caller by this parameter.
@retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.
@@ -782,11 +782,11 @@ DuplicatePadId (
}
/**
Fix the value of some members of SPD Selector.
Fix the value of some members of SPD Selector.
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in SPD Selector are pointers,
a physical address to relative address convertion is required before copying
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in SPD Selector are pointers,
a physical address to relative address convertion is required before copying
this SPD entry into the variable.
@param[in] Selector Pointer of SPD Selector.
@@ -817,11 +817,11 @@ FixSpdEntry (
}
/**
Fix the value of some members of SA ID.
Fix the value of some members of SA ID.
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in SA ID are pointers,
a physical address to relative address conversion is required before copying
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in SA ID are pointers,
a physical address to relative address conversion is required before copying
this SAD into the variable.
@param[in] SaId Pointer of SA ID
@@ -858,10 +858,10 @@ FixSadEntry (
}
/**
Fix the value of some members of PAD ID.
Fix the value of some members of PAD ID.
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in PAD ID are pointers,
This function is called by IpSecCopyPolicyEntry()which copy the Policy
Entry into the Variable. Since some members in PAD ID are pointers,
a physical address to relative address conversion is required before copying
this PAD into the variable.
@@ -890,7 +890,7 @@ FixPadEntry (
}
/**
Recover the value of some members of SPD Selector.
Recover the value of some members of SPD Selector.
This function is corresponding to FixSpdEntry(). It recovers the value of members
of SPD Selector that are fixed by FixSpdEntry().
@@ -918,11 +918,11 @@ UnfixSpdEntry (
UNFIX_REF_BUF_ADDR (Data->ProcessingPolicy->TunnelOption, Data);
}
}
}
/**
Recover the value of some members of SA ID.
Recover the value of some members of SA ID.
This function is corresponding to FixSadEntry(). It recovers the value of members
of SAD ID that are fixed by FixSadEntry().
@@ -961,7 +961,7 @@ UnfixSadEntry (
}
/**
Recover the value of some members of PAD ID.
Recover the value of some members of PAD ID.
This function is corresponding to FixPadEntry(). It recovers the value of members
of PAD ID that are fixed by FixPadEntry().
@@ -993,32 +993,32 @@ UnfixPadEntry (
/**
Set the security policy information for the EFI IPsec driver.
The IPsec configuration data has a unique selector/identifier separately to
The IPsec configuration data has a unique selector/identifier separately to
identify a data entry.
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
configuration information to be flushed.
@param[in] Data The data buffer to be set. The structure
@param[in] Data The data buffer to be set. The structure
of the data buffer should be EFI_IPSEC_SPD_DATA.
@param[in] Context Pointer to one entry selector that describes
the expected position the new data entry will
@param[in] Context Pointer to one entry selector that describes
the expected position the new data entry will
be added. If Context is NULL, the new entry will
be appended the end of database.
@retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
- Selector is not NULL and its LocalAddress
- Selector is not NULL and its LocalAddress
is NULL or its RemoteAddress is NULL.
- Data is not NULL and its Action is Protected
- Data is not NULL and its Action is Protected
and its plolicy is NULL.
- Data is not NULL, its Action is not protected,
and its policy is not NULL.
- The Action of Data is Protected, its policy
- The Action of Data is Protected, its policy
mode is Tunnel, and its tunnel option is NULL.
- The Action of Data is protected and its policy
- The Action of Data is protected and its policy
mode is not Tunnel and it tunnel option is not NULL.
- SadEntry requied to be set into new SpdEntry's Sas has
- SadEntry requied to be set into new SpdEntry's Sas has
been found but it is invalid.
@retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@@ -1085,7 +1085,7 @@ SetSpdEntry (
SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
if (SpdSel == NULL ||
if (SpdSel == NULL ||
CompareSpdSelector ((EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector, (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel)
) {
//
@@ -1098,26 +1098,26 @@ SetSpdEntry (
// Update the reverse ref of SAD entry in the SPD.sas list.
//
SpdSas = &SpdEntry->Data->Sas;
//
// Remove the related SAs from Sas(SadEntry->BySpd). If the SA entry is established by
// IKE, remove from mConfigData list(SadEntry->List) and then free it directly since its
// Remove the related SAs from Sas(SadEntry->BySpd). If the SA entry is established by
// IKE, remove from mConfigData list(SadEntry->List) and then free it directly since its
// SpdEntry will be freed later.
//
NET_LIST_FOR_EACH_SAFE (Entry2, NextEntry2, SpdSas) {
SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry2);
if (SadEntry->Data->SpdEntry != NULL) {
RemoveEntryList (&SadEntry->BySpd);
SadEntry->Data->SpdEntry = NULL;
}
if (!(SadEntry->Data->ManualSet)) {
RemoveEntryList (&SadEntry->List);
FreePool (SadEntry);
}
}
//
// Free the existed SPD entry
//
@@ -1184,7 +1184,7 @@ SetSpdEntry (
SpdEntry->Data->PackageFlag = SpdData->PackageFlag;
SpdEntry->Data->TrafficDirection = SpdData->TrafficDirection;
SpdEntry->Data->Action = SpdData->Action;
//
// Fix the address of ProcessingPolicy and copy it if need, which is continous
// memory and close to the base structure of SAD data.
@@ -1229,9 +1229,9 @@ SetSpdEntry (
return EFI_INVALID_PARAMETER;
}
}
}
}
}
//
// Insert the new SPD entry.
//
@@ -1243,17 +1243,17 @@ SetSpdEntry (
/**
Set the security association information for the EFI IPsec driver.
The IPsec configuration data has a unique selector/identifier separately to
The IPsec configuration data has a unique selector/identifier separately to
identify a data entry.
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
configuration information to be flushed.
@param[in] Data The data buffer to be set. The structure
@param[in] Data The data buffer to be set. The structure
of the data buffer should be EFI_IPSEC_SA_DATA.
@param[in] Context Pointer to one entry selector which describes
the expected position the new data entry will
@param[in] Context Pointer to one entry selector which describes
the expected position the new data entry will
be added. If Context is NULL,the new entry will
be appended the end of database.
@@ -1279,7 +1279,7 @@ SetSadEntry (
EFI_IPSEC_SA_ID *InsertBefore;
LIST_ENTRY *EntryInsertBefore;
UINTN SadEntrySize;
SaId = (Selector == NULL) ? NULL : &Selector->SaId;
SaData = (Data == NULL) ? NULL : (EFI_IPSEC_SA_DATA2 *) Data;
InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->SaId;
@@ -1297,7 +1297,7 @@ SetSadEntry (
SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);
if (SaId == NULL ||
if (SaId == NULL ||
CompareSaId (
(EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id,
(EFI_IPSEC_CONFIG_SELECTOR *) SaId
@@ -1348,7 +1348,7 @@ SetSadEntry (
SadEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SAD_ENTRY));
SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (EFI_IPSEC_SA_ID));
SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (IPSEC_SAD_DATA));
if (SaId->Proto == EfiIPsecAH) {
SadEntrySize += SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength;
} else {
@@ -1405,7 +1405,7 @@ SetSadEntry (
if (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength != 0) {
SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
((UINT8 *) (SadEntry->Data + 1) +
((UINT8 *) (SadEntry->Data + 1) +
SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength),
sizeof (UINTN)
);
@@ -1479,17 +1479,17 @@ SetSadEntry (
/**
Set the peer authorization configuration information for the EFI IPsec driver.
The IPsec configuration data has a unique selector/identifier separately to
The IPsec configuration data has a unique selector/identifier separately to
identify a data entry.
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
@param[in] Selector Pointer to an entry selector on operated
configuration data specified by DataType.
A NULL Selector causes the entire specified-type
configuration information to be flushed.
@param[in] Data The data buffer to be set. The structure
@param[in] Data The data buffer to be set. The structure
of the data buffer should be EFI_IPSEC_PAD_DATA.
@param[in] Context Pointer to one entry selector that describes
the expected position the new data entry will
@param[in] Context Pointer to one entry selector that describes
the expected position the new data entry will
be added. If Context is NULL, the new entry will
be appended the end of database.
@@ -1513,7 +1513,7 @@ SetPadEntry (
EFI_IPSEC_PAD_ID *InsertBefore;
LIST_ENTRY *EntryInsertBefore;
UINTN PadEntrySize;
PadId = (Selector == NULL) ? NULL : &Selector->PadId;
PadData = (Data == NULL) ? NULL : (EFI_IPSEC_PAD_DATA *) Data;
InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->PadId;
@@ -1531,7 +1531,7 @@ SetPadEntry (
PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);
if (PadId == NULL ||
if (PadId == NULL ||
ComparePadId ((EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id, (EFI_IPSEC_CONFIG_SELECTOR *) PadId)
) {
//
@@ -1631,16 +1631,16 @@ SetPadEntry (
}
/**
This function lookup the data entry from IPsec SPD. Return the configuration
This function lookup the data entry from IPsec SPD. Return the configuration
value of the specified SPD Entry.
@param[in] Selector Pointer to an entry selector which is an identifier
@param[in] Selector Pointer to an entry selector which is an identifier
of the SPD entry.
@param[in, out] DataSize On output the size of data returned in Data.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.
@retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
@@ -1713,7 +1713,7 @@ GetSpdEntry (
SpdData->PackageFlag = SpdEntry->Data->PackageFlag;
SpdData->TrafficDirection = SpdEntry->Data->TrafficDirection;
SpdData->Action = SpdEntry->Data->Action;
if (SpdData->Action != EfiIPsecActionProtect) {
SpdData->ProcessingPolicy = NULL;
} else {
@@ -1733,16 +1733,16 @@ GetSpdEntry (
}
/**
This function lookup the data entry from IPsec SAD. Return the configuration
This function lookup the data entry from IPsec SAD. Return the configuration
value of the specified SAD Entry.
@param[in] Selector Pointer to an entry selector which is an identifier
@param[in] Selector Pointer to an entry selector which is an identifier
of the SAD entry.
@param[in, out] DataSize On output, the size of data returned in Data.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
@retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
@@ -1783,8 +1783,8 @@ GetSadEntry (
// |EFI_IPSEC_SA_DATA
// |AuthKey
// |EncryptKey (Optional)
// |SpdSelector (Optional)
//
// |SpdSelector (Optional)
//
RequiredSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
if (SaId->Proto == EfiIPsecAH) {
@@ -1797,12 +1797,12 @@ GetSadEntry (
if (SadEntry->Data->SpdSelector != NULL) {
RequiredSize += SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector);
}
if (*DataSize < RequiredSize) {
*DataSize = RequiredSize;
return EFI_BUFFER_TOO_SMALL;
}
//
// Fill the data fields of SAD entry.
//
@@ -1895,7 +1895,7 @@ GetSadEntry (
RequiredSize -
SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector)
);
DuplicateSpdSelector (
(EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,
(EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,
@@ -1917,16 +1917,16 @@ GetSadEntry (
}
/**
This function lookup the data entry from IPsec PAD. Return the configuration
This function lookup the data entry from IPsec PAD. Return the configuration
value of the specified PAD Entry.
@param[in] Selector Pointer to an entry selector which is an identifier
@param[in] Selector Pointer to an entry selector which is an identifier
of the PAD entry.
@param[in, out] DataSize On output the size of data returned in Data.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@param[out] Data The buffer to return the contents of the IPsec
configuration data. The type of the data buffer
is associated with the DataType.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
@retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
@@ -2089,7 +2089,7 @@ IpSecGetSizeOfEfiSpdData (
/**
Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed
to by the pointer members and the buffer size used by the Sa List.
to by the pointer members and the buffer size used by the Sa List.
@param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.
@@ -2125,25 +2125,25 @@ IpSecGetSizeOfSpdData (
Get the IPsec Variable.
Get the all variables which start with the string contained in VaraiableName.
Since all IPsec related variable store in continual space, those kinds of
variable can be searched by the EfiGetNextVariableName. Those variables also are
Since all IPsec related variable store in continual space, those kinds of
variable can be searched by the EfiGetNextVariableName. Those variables also are
returned in a continual buffer.
@param[in] VariableName Pointer to a specified Variable Name.
@param[in] VendorGuid Pointer to a specified Vendor Guid.
@param[in] Attributes Point to memory location to return the attributes
of variable. If the point is NULL, the parameter
@param[in] Attributes Point to memory location to return the attributes
of variable. If the point is NULL, the parameter
would be ignored.
@param[in, out] DataSize As input, point to the maximum size of return
Data-Buffer. As output, point to the actual
@param[in, out] DataSize As input, point to the maximum size of return
Data-Buffer. As output, point to the actual
size of the returned Data-Buffer.
@param[in] Data Point to return Data-Buffer.
@retval EFI_ABORTED If the Variable size which contained in the variable
structure doesn't match the variable size obtained
structure doesn't match the variable size obtained
from the EFIGetVariable.
@retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
been updated with the size needed to complete the request.
been updated with the size needed to complete the request.
@retval EFI_SUCCESS The function completed successfully.
@retval others Other errors found during the variable getting.
**/
@@ -2179,7 +2179,7 @@ IpSecGetVariable (
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
//
// Construct the varible name of ipsecconfig meta data.
//
@@ -2318,14 +2318,14 @@ ON_EXIT:
@param[in] VariableName The name of the vendor's variable. It is a
Null-Terminated Unicode String.
@param[in] VendorGuid Unify identifier for vendor.
@param[in] Attributes Point to memory location to return the attributes of
@param[in] Attributes Point to memory location to return the attributes of
variable. If the point is NULL, the parameter would be ignored.
@param[in] DataSize The size in bytes of Data-Buffer.
@param[in] Data Points to the content of the variable.
@retval EFI_SUCCESS The firmware successfully stored the variable and its data, as
defined by the Attributes.
@retval others Storing the variables failed.
@retval others Storing the variables failed.
**/
EFI_STATUS
@@ -2355,7 +2355,7 @@ IpSecSetVariable (
if (EFI_ERROR (Status)) {
return Status;
}
//
// "VariableName + Info/0001/0002/... + NULL"
//
@@ -2372,7 +2372,7 @@ IpSecSetVariable (
//
UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%s", VariableName, L"Info");
MaximumVariableSize -= VariableNameSize;
IpSecVariableInfo.VariableCount = (UINT32) ((DataSize + (UINTN) MaximumVariableSize - 1) / (UINTN) MaximumVariableSize);
IpSecVariableInfo.VariableSize = (UINT32) DataSize;
IpSecVariableInfo.SingleVariableSize = (UINT32) MaximumVariableSize;
@@ -2397,7 +2397,7 @@ IpSecSetVariable (
// Construct and set the variable of ipsecconfig data one by one.
// The index of variable name begin from 0001, and the varaible name
// likes "VariableName0001", "VaraiableName0002"....
//
//
UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%04d", VariableName, VariableIndex + 1);
Status = gRT->SetVariable (
VariableNameI,
@@ -2424,20 +2424,20 @@ ON_EXIT:
}
/**
Return the configuration value for the EFI IPsec driver.
Return the configuration value for the EFI IPsec driver.
This function lookup the data entry from IPsec database or IKEv2 configuration
information. The expected data type and unique identification are described in
DataType and Selector parameters.
DataType and Selector parameters.
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
@param[in] DataType The type of data to retrieve.
@param[in] Selector Pointer to an entry selector that is an identifier of the IPsec
@param[in] Selector Pointer to an entry selector that is an identifier of the IPsec
configuration data entry.
@param[in, out] DataSize On output the size of data returned in Data.
@param[out] Data The buffer to return the contents of the IPsec configuration data.
The type of the data buffer associated with the DataType.
@param[out] Data The buffer to return the contents of the IPsec configuration data.
The type of the data buffer associated with the DataType.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
- This is NULL.
@@ -2477,26 +2477,26 @@ EfiIpSecConfigGetData (
/**
Set the security association, security policy and peer authorization configuration
information for the EFI IPsec driver.
information for the EFI IPsec driver.
This function is used to set the IPsec configuration information of type DataType for
the EFI IPsec driver.
The IPsec configuration data has a unique selector/identifier separately to identify
a data entry. The selector structure depends on DataType's definition.
Using SetData() with a Data of NULL causes the IPsec configuration data entry identified
by DataType and Selector to be deleted.
by DataType and Selector to be deleted.
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
@param[in] DataType The type of data to be set.
@param[in] Selector Pointer to an entry selector on operated configuration data
specified by DataType. A NULL Selector causes the entire
@param[in] Selector Pointer to an entry selector on operated configuration data
specified by DataType. A NULL Selector causes the entire
specified-type configuration information to be flushed.
@param[in] Data The data buffer to be set. The structure of the data buffer is
@param[in] Data The data buffer to be set. The structure of the data buffer is
associated with the DataType.
@param[in] InsertBefore Pointer to one entry selector which describes the expected
position the new data entry will be added. If InsertBefore is NULL,
the new entry will be appended to the end of the database.
@retval EFI_SUCCESS The specified configuration entry data was set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
- This is NULL.
@@ -2523,7 +2523,7 @@ EfiIpSecConfigSetData (
if (DataType >= IPsecConfigDataTypeMaximum) {
return EFI_UNSUPPORTED;
}
Status = mSetPolicyEntry[DataType](Selector, Data, InsertBefore);
if (!EFI_ERROR (Status) && !mSetBySelf) {
@@ -2537,30 +2537,30 @@ EfiIpSecConfigSetData (
}
/**
Enumerates the current selector for IPsec configuration data entry.
Enumerates the current selector for IPsec configuration data entry.
This function is called multiple times to retrieve the entry Selector in IPsec
configuration database. On each call to GetNextSelector(), the next entry
configuration database. On each call to GetNextSelector(), the next entry
Selector are retrieved into the output interface.
If the entire IPsec configuration database has been iterated, the error
If the entire IPsec configuration database has been iterated, the error
EFI_NOT_FOUND is returned.
If the Selector buffer is too small for the next Selector copy, an
EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect
If the Selector buffer is too small for the next Selector copy, an
EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect
the size of buffer needed.
On the initial call to GetNextSelector() to start the IPsec configuration database
search, a pointer to the buffer with all zero value is passed in Selector. Calls
to SetData() between calls to GetNextSelector may produce unpredictable results.
search, a pointer to the buffer with all zero value is passed in Selector. Calls
to SetData() between calls to GetNextSelector may produce unpredictable results.
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
@param[in] DataType The type of IPsec configuration data to retrieve.
@param[in, out] SelectorSize The size of the Selector buffer.
@param[in, out] Selector On input, supplies the pointer to last Selector that was
@param[in, out] Selector On input, supplies the pointer to last Selector that was
returned by GetNextSelector().
On output, returns one copy of the current entry Selector
of a given DataType.
of a given DataType.
@retval EFI_SUCCESS The specified configuration data was obtained successfully.
@retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
- This is NULL.
@@ -2569,7 +2569,7 @@ EfiIpSecConfigSetData (
@retval EFI_NOT_FOUND The next configuration data entry was not found.
@retval EFI_UNSUPPORTED The specified DataType is not supported.
@retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter
has been updated with the size needed to complete the search
has been updated with the size needed to complete the search
request.
**/
@@ -2618,14 +2618,14 @@ EfiIpSecConfigGetNextSelector (
/**
Register an event that is to be signaled whenever a configuration process on the
specified IPsec configuration information is done.
specified IPsec configuration information is done.
The register function is not surpport now and always returns EFI_UNSUPPORTED.
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
@param[in] DataType The type of data to be registered the event for.
@param[in] Event The event to be registered.
@retval EFI_SUCCESS The event is registered successfully.
@retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
@retval EFI_ACCESS_DENIED The Event is already registered for the DataType.
@@ -2646,16 +2646,16 @@ EfiIpSecConfigRegisterNotify (
/**
Remove the specified event that was previously registered on the specified IPsec
configuration data.
configuration data.
This function is not support now and alwasy return EFI_UNSUPPORTED.
@param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
@param[in] DataType The configuration data type to remove the registered event for.
@param[in] Event The event to be unregistered.
@retval EFI_SUCCESS The event was removed successfully.
@retval EFI_NOT_FOUND The Event specified by DataType could not be found in the
@retval EFI_NOT_FOUND The Event specified by DataType could not be found in the
database.
@retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
@retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
@@ -2677,10 +2677,10 @@ EfiIpSecConfigUnregisterNotify (
Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.
This function is a caller defined function, and it is called by the IpSecVisitConfigData().
The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to
The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to
copy all types of IPsec Config datas into one buffer and store this buffer into firmware in
the form of several variables.
@param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.
@param[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied
to the buffer.
@@ -2708,7 +2708,7 @@ IpSecCopyPolicyEntry (
IPSEC_VAR_ITEM_HEADER DataHeader;
UINTN EntrySize;
UINT8 *TempPoint;
if (Type == IPsecConfigDataTypeSad) {
//
// Don't save automatically-generated SA entry into variable.
@@ -2724,7 +2724,7 @@ IpSecCopyPolicyEntry (
EntrySize = ALIGN_VARIABLE (EntrySize + SelectorSize);
EntrySize = ALIGN_VARIABLE (EntrySize + sizeof (SelectorHeader));
EntrySize = ALIGN_VARIABLE (EntrySize + DataSize);
//EntrySize = SelectorSize + DataSize + 2 * sizeof (SelectorHeader);
if (Buffer->Capacity - Buffer->Size < EntrySize) {
//
@@ -2732,7 +2732,7 @@ IpSecCopyPolicyEntry (
//
Buffer->Capacity += EntrySize;
TempPoint = AllocatePool (Buffer->Capacity);
if (TempPoint == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -2741,8 +2741,8 @@ IpSecCopyPolicyEntry (
//
CopyMem (TempPoint, Buffer->Ptr, Buffer->Size);
FreePool (Buffer->Ptr);
Buffer->Ptr = TempPoint;
Buffer->Ptr = TempPoint;
}
mFixPolicyEntry[Type](Selector, Data);
@@ -2759,7 +2759,7 @@ IpSecCopyPolicyEntry (
sizeof (SelectorHeader)
);
Buffer->Size = ALIGN_VARIABLE (Buffer->Size + sizeof (SelectorHeader));
//
// Copy the selector into buffer.
//
@@ -2791,7 +2791,7 @@ IpSecCopyPolicyEntry (
DataSize
);
Buffer->Size = ALIGN_VARIABLE (Buffer->Size + DataSize);
mUnfixPolicyEntry[Type](Selector, Data);
return EFI_SUCCESS;
@@ -3002,7 +3002,7 @@ IpSecConfigSave (
Get the all IPSec configuration variables and store those variables
to the internal data structure.
This founction is called by IpSecConfigInitialize() which is to intialize the
This founction is called by IpSecConfigInitialize() which is to intialize the
IPsecConfiguration Protocol.
@param[in] Private Point to IPSEC_PRIVATE_DATA.
@@ -3080,10 +3080,10 @@ IpSecConfigRestore (
Header = (IPSEC_VAR_ITEM_HEADER *) Ptr;
Type = (EFI_IPSEC_CONFIG_DATA_TYPE) (Header->Type & IPSEC_VAR_ITEM_HEADER_CONTENT_BIT);
ASSERT (((Header->Type & 0x80) == IPSEC_VAR_ITEM_HEADER_LOGO_BIT) && (Type < IPsecConfigDataTypeMaximum));
Selector = (EFI_IPSEC_CONFIG_SELECTOR *) ALIGN_POINTER (Header + 1, sizeof (UINTN));
Header = (IPSEC_VAR_ITEM_HEADER *) ALIGN_POINTER (
(UINT8 *) Selector + Header->Size,
(UINT8 *) Selector + Header->Size,
sizeof (UINTN)
);
ASSERT (Header->Type == Type);

8
NetworkPkg/IpSecDxe/IpSecConfigImpl.h
View File

@@ -1,7 +1,7 @@
/** @file
Definitions related to IPSEC_CONFIG_PROTOCOL implementations.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -345,16 +345,16 @@ IpSecDuplicateProcessPolicy (
Find if the two SPD Selectors has subordinative.
Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
Local Addresses and remote Addresses.
@param[in] Selector1 Pointer of first SPD Selector.
@param[in] Selector2 Pointer of second SPD Selector.
@retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.
@retval FALSE The first SPD Selector is not subordinate Selector of second
@retval FALSE The first SPD Selector is not subordinate Selector of second
SPD Selector.
**/
BOOLEAN
IsSubSpdSelector (

86
NetworkPkg/IpSecDxe/IpSecCryptIo.c
View File

@@ -1,7 +1,7 @@
/** @file
Common interfaces to call Security library.
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -19,7 +19,7 @@
//
GLOBAL_REMOVE_IF_UNREFERENCED ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {
{IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},
{IKE_EALG_NONE, 0, 0, 1, NULL, NULL, NULL, NULL},
{IKE_EALG_NONE, 0, 0, 1, NULL, NULL, NULL, NULL},
{IKE_EALG_3DESCBC, 24, 8, 8, TdesGetContextSize, TdesInit, TdesCbcEncrypt, TdesCbcDecrypt},
{IKE_EALG_AESCBC, 16, 16, 16, AesGetContextSize, AesInit, AesCbcEncrypt, AesCbcDecrypt}
};
@@ -186,7 +186,7 @@ IpSecGenerateIv (
if (IvSize != 0) {
return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);
}
return EFI_SUCCESS;
}
@@ -196,7 +196,7 @@ IpSecGenerateIv (
@param[in] AlgorithmId The encryption algorithm ID.
@return the index.
**/
UINTN
IpSecGetIndexFromEncList (
@@ -204,13 +204,13 @@ IpSecGetIndexFromEncList (
)
{
UINT8 Index;
for (Index = 0; Index < IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE; Index++) {
if (AlgorithmId == mIpsecEncryptAlgorithmList[Index].AlgorithmId) {
return Index;
}
}
return (UINTN) -1;
}
@@ -220,7 +220,7 @@ IpSecGetIndexFromEncList (
@param[in] AlgorithmId The encryption algorithm ID.
@return the index.
**/
UINTN
IpSecGetIndexFromAuthList (
@@ -228,7 +228,7 @@ IpSecGetIndexFromAuthList (
)
{
UINT8 Index;
for (Index = 0; Index < IPSEC_AUTH_ALGORITHM_LIST_SIZE; Index++) {
if (AlgorithmId == mIpsecAuthAlgorithmList[Index].AlgorithmId) {
//
@@ -237,7 +237,7 @@ IpSecGetIndexFromAuthList (
return Index;
}
}
return (UINTN) -1;
}
@@ -275,14 +275,14 @@ IpSecCryptoIoEncrypt (
IN UINTN InDataLength,
OUT UINT8 *OutData
)
{
{
UINTN Index;
UINTN ContextSize;
UINT8 *Context;
EFI_STATUS Status;
Status = EFI_UNSUPPORTED;
switch (AlgorithmId) {
case IKE_EALG_NULL:
@@ -323,7 +323,7 @@ IpSecCryptoIoEncrypt (
if (Context != NULL) {
FreePool (Context);
}
return Status;
}
@@ -361,7 +361,7 @@ IpSecCryptoIoDecrypt (
IN UINTN InDataLength,
OUT UINT8 *OutData
)
{
{
UINTN Index;
UINTN ContextSize;
UINT8 *Context;
@@ -397,7 +397,7 @@ IpSecCryptoIoDecrypt (
//
if (mIpsecEncryptAlgorithmList[Index].CipherInitiate (Context, Key, KeyBits)) {
if (mIpsecEncryptAlgorithmList[Index].CipherDecrypt (Context, InData, InDataLength, Ivec, OutData)) {
Status = EFI_SUCCESS;
Status = EFI_SUCCESS;
}
}
break;
@@ -420,7 +420,7 @@ IpSecCryptoIoDecrypt (
the input algorithm ID. It computes all datas from InDataFragment and output
the result into the OutData buffer. If the OutDataSize is larger than the related
HMAC algorithm output size, return EFI_INVALID_PARAMETER.
@param[in] AlgorithmId The authentication Identification.
@param[in] Key Pointer of the authentication key.
@param[in] KeyLength The length of the Key in bytes.
@@ -519,8 +519,8 @@ IpSecCryptoIoHmac (
}
goto Exit;
}
}
default:
return Status;
}
@@ -577,11 +577,11 @@ IpSecCryptoIoHash (
Status = EFI_UNSUPPORTED;
OutHashData = NULL;
OutHashSize = IpSecGetHmacDigestLength (AlgorithmId);
//
// If the expected hash data size is larger than the related Hash algorithm
// output length, return EFI_INVALID_PARAMETER.
// output length, return EFI_INVALID_PARAMETER.
//
if (OutDataSize > OutHashSize) {
return EFI_INVALID_PARAMETER;
@@ -590,7 +590,7 @@ IpSecCryptoIoHash (
if (OutHashData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
switch (AlgorithmId) {
case IKE_AALG_NONE:
@@ -611,7 +611,7 @@ IpSecCryptoIoHash (
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
//
// Initiate Hash context and hash the input data.
//
@@ -631,13 +631,13 @@ IpSecCryptoIoHash (
// In some cases, like the Icv computing, the Icv size might be less than
// the key length size, so copy the part of hash data to the OutData.
//
CopyMem (OutData, OutHashData, OutDataSize);
CopyMem (OutData, OutHashData, OutDataSize);
Status = EFI_SUCCESS;
}
goto Exit;
}
goto Exit;
}
default:
return Status;
}
@@ -685,10 +685,10 @@ IpSecCryptoIoDhGetPublicKey (
IN CONST UINT8 *Prime,
OUT UINT8 *PublicKey,
IN OUT UINTN *PublicKeySize
)
)
{
EFI_STATUS Status;
*DhContext = DhNew ();
ASSERT (*DhContext != NULL);
if (!DhSetParameter (*DhContext, Generator, PrimeLength, Prime)) {
@@ -707,7 +707,7 @@ Exit:
DhFree (*DhContext);
DhContext = NULL;
}
return Status;
}
@@ -731,7 +731,7 @@ Exit:
**/
EFI_STATUS
IpSecCryptoIoDhComputeKey (
IN OUT UINT8 *DhContext,
IN OUT UINT8 *DhContext,
IN CONST UINT8 *PeerPublicKey,
IN UINTN PeerPublicKeySize,
OUT UINT8 *Key,
@@ -752,13 +752,13 @@ IpSecCryptoIoDhComputeKey (
@retval EFI_SUCCESS The operation performs successfully.
@retval EFI_INVALID_PARAMETER The DhContext is NULL.
**/
EFI_STATUS
IpSecCryptoIoFreeDh (
IN OUT UINT8 **DhContext
)
{
{
if (*DhContext == NULL) {
return EFI_INVALID_PARAMETER;
}
@@ -807,7 +807,7 @@ IpSecCryptoIoGenerateRandomBytes (
@param[in] KeyPwdSize The size of Key Password in bytes.
@param[out] OutData The pointer to the signed data.
@param[in, out] OutDataSize Pointer to contain the size of out data.
**/
VOID
IpSecCryptoIoAuthDataWithCertificate (
@@ -824,7 +824,7 @@ IpSecCryptoIoAuthDataWithCertificate (
UINT8 *RsaContext;
UINT8 *Signature;
UINTN SigSize;
SigSize = 0;
RsaContext = NULL;
@@ -844,12 +844,12 @@ IpSecCryptoIoAuthDataWithCertificate (
//
// Sign data
//
Signature = NULL;
Signature = NULL;
if (!RsaPkcs1Sign (RsaContext, InData, InDataSize, Signature, &SigSize)) {
Signature = AllocateZeroPool (SigSize);
} else {
return;
}
}
RsaPkcs1Sign (RsaContext, InData, InDataSize, Signature, &SigSize);
@@ -876,7 +876,7 @@ IpSecCryptoIoAuthDataWithCertificate (
@retval TRUE Valid signature encoded in PKCS1-v1_5.
@retval FALSE Invalid signature or invalid RSA context.
**/
BOOLEAN
IpSecCryptoIoVerifySignDataByCertificate (
@@ -912,7 +912,7 @@ IpSecCryptoIoVerifySignDataByCertificate (
// Retrieve the RSA public Key from Certificate
//
RsaGetPublicKeyFromX509 ((CONST UINT8 *)InCert, CertLen, (VOID **)&RsaContext);
//
// Verify data
//
@@ -964,9 +964,9 @@ IpSecCryptoIoGetPublicKeyFromCert (
}
*PublicKeyLen = 0;
RsaGetKey (RsaContext, RsaKeyN, NULL, PublicKeyLen);
*PublicKey = AllocateZeroPool (*PublicKeyLen);
if (*PublicKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@@ -992,10 +992,10 @@ EXIT:
@param[in] CertSize The size of the X509 certificate in bytes.
@param[out] CertSubject Pointer to the retrieved certificate subject.
@param[out] SubjectSize The size of Certificate Subject in bytes.
@retval EFI_SUCCESS Retrieved the certificate subject successfully.
@retval EFI_INVALID_PARAMETER The certificate is malformed.
**/
EFI_STATUS
IpSecCryptoIoGetSubjectFromCert (

26
NetworkPkg/IpSecDxe/IpSecCryptIo.h
View File

@@ -1,7 +1,7 @@
/** @file
Definitions related to the Cryptographic Operations in IPsec.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -47,9 +47,9 @@
/**
Prototype of HMAC GetContextSize.
Retrieves the size, in bytes, of the context buffer required.
@return The size, in bytes, of the context buffer required.
**/
@@ -61,13 +61,13 @@ UINTN
/**
Prototype of HMAC Operation Initiating.
Initialization with a new context.
@param[out] Context Input Context.
@param[in] Key Pointer to the key for HMAC.
@param[in] KeySize The length of the Key in bytes.
@retval TRUE Initialization Successfully.
**/
@@ -251,7 +251,7 @@ BOOLEAN
/**
Prototype of Hash Update
Digests the input data and updates hash context.
This function performs digest on a data buffer of the specified size.
@@ -354,7 +354,7 @@ typedef struct _AUTH_ALGORITHM {
UINT8 AlgorithmId;
//
// The Key length of the Algorithm
//
//
UINTN DigestLength;
//
// The ICV length of the Algorithm
@@ -578,7 +578,7 @@ IpSecCryptoIoDecrypt (
the input algorithm ID. It computes all datas from InDataFragment and output
the result into the OutData buffer. If the OutDataSize is larger than the related
HMAC algorithm output size, return EFI_INVALID_PARAMETER.
@param[in] AlgorithmId The authentication Identification.
@param[in] Key Pointer of the authentication key.
@param[in] KeyLength The length of the Key in bytes.
@@ -704,7 +704,7 @@ IpSecCryptoIoDhComputeKey (
@retval EFI_SUCCESS The operation performs successfully.
@retval EFI_INVALID_PARAMETER The DhContext is NULL.
**/
EFI_STATUS
IpSecCryptoIoFreeDh (
@@ -740,7 +740,7 @@ IpSecCryptoIoGenerateRandomBytes (
@param[in] KeyPwdSize The size of Key Password in bytes.
@param[out] OutData The pointer to the signed data.
@param[in, out] OutDataSize Pointer to contain the size of out data.
**/
VOID
IpSecCryptoIoAuthDataWithCertificate (
@@ -769,7 +769,7 @@ IpSecCryptoIoAuthDataWithCertificate (
@retval TRUE Valid signature encoded in PKCS1-v1_5.
@retval FALSE Invalid signature or invalid RSA context.
**/
BOOLEAN
IpSecCryptoIoVerifySignDataByCertificate (
@@ -810,10 +810,10 @@ IpSecCryptoIoGetPublicKeyFromCert (
@param[in] CertSize The size of the X509 certificate in bytes.
@param[out] CertSubject Pointer to the retrieved certificate subject.
@param[out] SubjectSize The size of Certificate Subject in bytes.
@retval EFI_SUCCESS Retrieved the certificate subject successfully.
@retval EFI_INVALID_PARAMETER The certificate is malformed.
**/
EFI_STATUS
IpSecCryptoIoGetSubjectFromCert (

16
NetworkPkg/IpSecDxe/IpSecDebug.c
View File

@@ -1,7 +1,7 @@
/** @file
The Interfaces of IPsec debug information printing.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -167,21 +167,21 @@ IkeDumpState (
)
{
if (Previous >= IKE_STATE_NUM || Current >= IKE_STATE_NUM) {
return;
return;
}
if (Previous == Current) {
if (IkeVersion == 1) {
DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev1StateStr[Previous]));
} else if (IkeVersion == 2) {
DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev2StateStr[Previous]));
}
}
} else {
if (IkeVersion == 1) {
DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev1StateStr[Previous], mIkev1StateStr[Current]));
} else {
DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev2StateStr[Previous], mIkev2StateStr[Current]));
}
}
}
}
@@ -223,7 +223,7 @@ IpSecDumpPacket (
case IKE_XCG_TYPE_QM:
TypeStr = mExchangeStr[2];
break;
case IKE_XCG_TYPE_SA_INIT:
TypeStr = mExchangeStr[3];
break;
@@ -239,7 +239,7 @@ IpSecDumpPacket (
case IKE_XCG_TYPE_INFO2:
TypeStr = mExchangeStr[6];
break;
default:
TypeStr = mExchangeStr[7];
break;
@@ -275,7 +275,7 @@ IpSecDumpPacket (
@param[in] IkePayload Point to payload to be printed.
@param[in] IkeVersion The specified version of IKE.
**/
VOID
IpSecDumpPayload (

6
NetworkPkg/IpSecDxe/IpSecDebug.h
View File

@@ -1,7 +1,7 @@
/** @file
The definition of functions and MACROs used for IPsec debug information printting.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -57,7 +57,7 @@ IpSecDumpAddress (
VOID
IkeDumpState (
IN UINT32 Previous,
IN UINT32 Current,
IN UINT32 Current,
IN UINT8 IkeVersion
);
@@ -81,7 +81,7 @@ IpSecDumpPacket (
@param[in] IkePayload Point to payload to be printed.
@param[in] IkeVersion The specified version of IKE.
**/
VOID
IpSecDumpPayload (

8
NetworkPkg/IpSecDxe/IpSecDriver.c
View File

@@ -1,7 +1,7 @@
/** @file
Driver Binding Protocol for IPsec Driver.
Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -28,7 +28,7 @@
@param[in] RemainingDevicePath Optional parameter used to pick a specific child
device to start.
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
@retval EFI_SUCCES This driver supports this device.
@retval EFI_ALREADY_STARTED This driver is already running on this device.
@retval other This driver does not support this device.
@@ -45,7 +45,7 @@ IpSecSupported (
{
EFI_STATUS Status;
EFI_GUID *UdpServiceBindingGuid;
if (IpVersion == IP_VERSION_4) {
UdpServiceBindingGuid = &gEfiUdp4ServiceBindingProtocolGuid;
} else {
@@ -213,7 +213,7 @@ IpSecStop (
//
if (!IsListEmpty (&Private->Ikev2EstablishedList)) {
NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {
Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);
Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);
RemoveEntryList (&Ikev2SaSession->BySessionTable);
Ikev2SaSessionFree (Ikev2SaSession);
}

14
NetworkPkg/IpSecDxe/IpSecDxe.inf
View File

@@ -6,7 +6,7 @@
# packet-level security for IP datagram. It provides the IP packet protection via
# ESP and it supports IKEv2 for key negotiation.
#
# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -63,7 +63,7 @@
Ikev2/Info.c
Ikev2/Payload.c
Ikev2/Exchange.c
[Packages]
@@ -85,18 +85,18 @@
BaseCryptLib
DpcLib
UdpIoLib
NetLib
NetLib
PcdLib
[Protocols]
gEfiIp4Config2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp4ProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES
gEfiUdp6ProtocolGuid ## SOMETIMES_CONSUMES
gEfiIpSecConfigProtocolGuid ## PRODUCES
gEfiIpSec2ProtocolGuid ## PRODUCES
[Pcd]
gEfiNetworkPkgTokenSpaceGuid.PcdIpsecCertificateEnabled ## SOMETIMES_CONSUMES
gEfiNetworkPkgTokenSpaceGuid.PcdIpsecUefiCaFile ## SOMETIMES_CONSUMES

4
NetworkPkg/IpSecDxe/IpSecDxe.uni
View File

@@ -6,13 +6,13 @@
// packet-level security for IP datagram. It provides the IP packet protection via
// ESP and it supports IKEv2 for key negotiation.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php.
//
//
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//

6
NetworkPkg/IpSecDxe/IpSecDxeExtra.uni
View File

@@ -1,7 +1,7 @@
// /** @file
// IpSecDxe Localized Strings and Content
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
@@ -13,8 +13,8 @@
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"IpSec DXE"

8
NetworkPkg/IpSecDxe/IpSecImpl.c
View File

@@ -2,7 +2,7 @@
The implementation of IPsec.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -1220,7 +1220,7 @@ IpSecTunnelOutboundPacket (
if (InnerHead == NULL) {
return NULL;
}
CopyMem (
InnerHead,
IpHead,
@@ -1236,7 +1236,7 @@ IpSecTunnelOutboundPacket (
if (InnerHead == NULL) {
return NULL;
}
CopyMem (
InnerHead,
IpHead,
@@ -1271,7 +1271,7 @@ IpSecTunnelOutboundPacket (
FreePool (InnerHead);
return NULL;
}
//
// 3. Check the Last Header, if it is TCP, UDP or ICMP recalcualate its pesudo
// CheckSum.

10
NetworkPkg/IpSecDxe/IpSecImpl.h
View File

@@ -1,7 +1,7 @@
/** @file
The definitions related to IPsec protocol implementation.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -151,11 +151,11 @@ struct _IPSEC_PRIVATE_DATA {
/**
This function processes the inbound traffic with IPsec.
It checks the received packet security property, trims the ESP/AH header, and then
It checks the received packet security property, trims the ESP/AH header, and then
returns without an IPsec protected IP Header and FragmentTable.
@param[in] IpVersion The version of IP.
@param[in, out] IpHead Points to IP header containing the ESP/AH header
@param[in, out] IpHead Points to IP header containing the ESP/AH header
to be trimed on input, and without ESP/AH header
on return.
@param[in, out] LastHead The Last Header in IP header on return.
@@ -281,7 +281,7 @@ IpSecLookupSpdEntry (
IN VOID *IpHead,
IN UINT8 *IpPayload,
IN UINT8 Protocol,
IN BOOLEAN IsOutbound,
IN BOOLEAN IsOutbound,
OUT EFI_IPSEC_ACTION *Action
);

30
NetworkPkg/IpSecDxe/IpSecMain.c
View File

@@ -1,7 +1,7 @@
/** @file
The mian interface of IPsec Protocol.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -70,9 +70,9 @@ IpSecProcess (
UINT8 OldLastHead;
BOOLEAN IsOutbound;
if (OptionsBuffer == NULL ||
OptionsLength == NULL ||
FragmentTable == NULL ||
if (OptionsBuffer == NULL ||
OptionsLength == NULL ||
FragmentTable == NULL ||
FragmentCount == NULL
) {
return EFI_INVALID_PARAMETER;
@@ -83,7 +83,7 @@ IpSecProcess (
OldLastHead = *LastHead;
*RecycleSignal = NULL;
SpdList = &mConfigData[IPsecConfigDataTypeSpd];
if (!IsOutbound) {
//
// For inbound traffic, process the ipsec header of the packet.
@@ -108,7 +108,7 @@ IpSecProcess (
}
if (Status == EFI_SUCCESS) {
//
// Check the spd entry if the packet is accessible.
//
@@ -120,18 +120,18 @@ IpSecProcess (
Status = EFI_ACCESS_DENIED;
NET_LIST_FOR_EACH (Entry, SpdList) {
SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
if (IsSubSpdSelector (
if (IsSubSpdSelector (
(EFI_IPSEC_CONFIG_SELECTOR *) SpdSelector,
(EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
)) {
Status = EFI_SUCCESS;
}
}
}
goto ON_EXIT;
}
}
}
Status = EFI_ACCESS_DENIED;
Status = EFI_ACCESS_DENIED;
NET_LIST_FOR_EACH (Entry, SpdList) {
//
@@ -145,7 +145,7 @@ IpSecProcess (
IpHead,
IpPayload,
OldLastHead,
IsOutbound,
IsOutbound,
&Action
))) {
//
@@ -222,20 +222,20 @@ IpSecProcess (
goto ON_EXIT;
case EfiIPsecActionDiscard:
goto ON_EXIT;
goto ON_EXIT;
}
}
//
// If don't find the related SPD entry, return the EFI_ACCESS_DENIED and discard it.
// But it the packet is NS/NA, it should be by passed even not find the related SPD entry.
//
if (OldLastHead == IP6_ICMP &&
if (OldLastHead == IP6_ICMP &&
(*IpPayload == ICMP_V6_NEIGHBOR_SOLICIT || *IpPayload == ICMP_V6_NEIGHBOR_ADVERTISE)
){
Status = EFI_SUCCESS;
}
ON_EXIT:
return Status;
}