This path made the following update: * Generate SPI randomly. * Correct IKE_SPI_BASE value according RFC 4302/4303. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
		
			
				
	
	
		
			196 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			196 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /** @file
 | |
|   Common operation of the IKE.
 | |
| 
 | |
|   Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
 | |
| 
 | |
|   This program and the accompanying materials
 | |
|   are licensed and made available under the terms and conditions of the BSD License
 | |
|   which accompanies this distribution.  The full text of the license may be found at
 | |
|   http://opensource.org/licenses/bsd-license.php.
 | |
| 
 | |
|   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 | |
|   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 | |
| 
 | |
| **/
 | |
| 
 | |
| #ifndef _IKE_COMMON_H_
 | |
| #define _IKE_COMMON_H_
 | |
| 
 | |
| #include <Protocol/Udp4.h>
 | |
| #include <Protocol/Udp6.h>
 | |
| #include <Protocol/Ip4Config2.h>
 | |
|  
 | |
| #include <Library/BaseLib.h>
 | |
| #include <Library/BaseMemoryLib.h>
 | |
| #include <Library/MemoryAllocationLib.h>
 | |
| #include <Library/UefiRuntimeServicesTableLib.h>
 | |
| #include <Library/UefiBootServicesTableLib.h>
 | |
| #include <Library/DebugLib.h>
 | |
| #include <Library/UdpIoLib.h>
 | |
| #include <Library/BaseCryptLib.h>
 | |
| 
 | |
| #include "Ikev2/Ikev2.h"
 | |
| #include "IpSecImpl.h"
 | |
| #include "IkePacket.h"
 | |
| #include "IpSecCryptIo.h"
 | |
| 
 | |
| 
 | |
| #define IKE_DEFAULT_PORT              500
 | |
| #define IKE_DEFAULT_TIMEOUT_INTERVAL  10000 // 10s
 | |
| #define IKE_NONCE_SIZE                16
 | |
| #define IKE_MAX_RETRY                 4
 | |
| #define IKE_SPI_BASE                  0x100
 | |
| #define IKE_PAYLOAD_SIGNATURE         SIGNATURE_32('I','K','E','P')
 | |
| #define IKE_PAYLOAD_BY_PACKET(a)      CR(a,IKE_PAYLOAD,ByPacket,IKE_PAYLOAD_SIGNATURE)
 | |
| 
 | |
| 
 | |
| #define IKE_PACKET_APPEND_PAYLOAD(IkePacket,IkePayload)                 \
 | |
|   do {                                                                  \
 | |
|     InsertTailList(&(IkePacket)->PayloadList, &(IkePayload)->ByPacket); \
 | |
|   } while (0)
 | |
| 
 | |
| #define IKE_PACKET_REMOVE_PAYLOAD(IkePacket,IkePayload)                 \
 | |
|   do {                                                                  \
 | |
|     RemoveEntryList(&(IkePayload)->ByPacket);                           \
 | |
|   } while (0)
 | |
| 
 | |
| #define IKE_PACKET_END_PAYLOAD(IkePacket, Node)                        \
 | |
|   Node = GetFirstNode (&(IkePacket)->PayloadList);                      \
 | |
|   while (!IsNodeAtEnd (&(IkePacket)->PayloadList, Node)) {             \
 | |
|     Node = GetNextNode (&(IkePacket)->PayloadList, Node);              \
 | |
|   }                                                                     \
 | |
| 
 | |
| /**
 | |
|   Call Crypto Lib to generate a random value with eight-octet length.
 | |
|   
 | |
|   @return the 64 byte vaule.
 | |
| 
 | |
| **/
 | |
| UINT64
 | |
| IkeGenerateCookie (
 | |
|   VOID
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Generate the random data for Nonce payload.
 | |
| 
 | |
|   @param[in]  NonceSize      Size of the data in bytes.
 | |
|   
 | |
|   @return Buffer which contains the random data of the spcified size. 
 | |
| 
 | |
| **/
 | |
| UINT8 *
 | |
| IkeGenerateNonce (
 | |
|   IN UINTN              NonceSize
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Convert the IKE Header from Network order to Host order.
 | |
| 
 | |
|   @param[in, out]  Header    The pointer of the IKE_HEADER.
 | |
| 
 | |
| **/
 | |
| VOID
 | |
| IkeHdrNetToHost (
 | |
|   IN OUT IKE_HEADER *Header
 | |
|   );
 | |
| 
 | |
| 
 | |
| /**
 | |
|   Convert the IKE Header from Host order to Network order.
 | |
| 
 | |
|   @param[in, out] Header     The pointer of the IKE_HEADER.
 | |
| 
 | |
| **/
 | |
| VOID
 | |
| IkeHdrHostToNet (
 | |
|   IN OUT IKE_HEADER *Header
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Allocate a buffer of IKE_PAYLOAD and set its Signature.
 | |
| 
 | |
|   @return A buffer of IKE_PAYLOAD.
 | |
| 
 | |
| **/
 | |
| IKE_PAYLOAD *
 | |
| IkePayloadAlloc (
 | |
|   VOID
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Free a specified IKE_PAYLOAD buffer.
 | |
| 
 | |
|   @param[in]  IkePayload   Pointer of IKE_PAYLOAD to be freed.
 | |
| 
 | |
| **/
 | |
| VOID
 | |
| IkePayloadFree (
 | |
|   IN IKE_PAYLOAD *IkePayload
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Generate an new SPI.
 | |
|   
 | |
|   @param[in]      IkeSaSession   Pointer to IKEV2_SA_SESSION related to this Child SA 
 | |
|                                  Session.
 | |
|   @param[in out]  SpiValue       Pointer to the new generated SPI value. 
 | |
|                               
 | |
|   @retval EFI_SUCCESS         The operation performs successfully.
 | |
|   @retval Otherwise           The operation is failed.
 | |
| 
 | |
| **/
 | |
| EFI_STATUS
 | |
| IkeGenerateSpi (
 | |
|   IN  IKEV2_SA_SESSION         *IkeSaSession,
 | |
|   OUT UINT32                   *SpiValue
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Generate a random data for IV
 | |
| 
 | |
|   @param[in]  IvBuffer  The pointer of the IV buffer.
 | |
|   @param[in]  IvSize    The IV size.
 | |
| 
 | |
|   @retval     EFI_SUCCESS  Create a random data for IV.
 | |
|   @retval     otherwise    Failed.
 | |
| 
 | |
| **/
 | |
| EFI_STATUS
 | |
| IkeGenerateIv (
 | |
|   IN UINT8                           *IvBuffer,
 | |
|   IN UINTN                           IvSize
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Get the IKE Version from the IKE_SA_SESSION.
 | |
| 
 | |
|   @param[in]  Session  Pointer of the IKE_SA_SESSION.
 | |
| 
 | |
| **/
 | |
| UINT8
 | |
| IkeGetVersionFromSession (
 | |
|   IN UINT8                    *Session
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Find SPD entry by a specified SPD selector.
 | |
| 
 | |
|   @param[in] SpdSel       Point to SPD Selector to be searched for.
 | |
| 
 | |
|   @retval Point to Spd Entry if the SPD entry found.
 | |
|   @retval NULL if not found.
 | |
| 
 | |
| **/
 | |
| IPSEC_SPD_ENTRY *
 | |
| IkeSearchSpdEntry (
 | |
|   IN EFI_IPSEC_SPD_SELECTOR             *SpdSel
 | |
|   );
 | |
| 
 | |
| extern MODP_GROUP             OakleyModpGroup[];
 | |
| extern IKE_ALG_GUID_INFO      mIPsecEncrAlgInfo[];
 | |
| extern IKE_ALG_GUID_INFO      mIPsecAuthAlgInfo[];
 | |
| 
 | |
| #endif
 | |
| 
 |