Commit Graph

27 Commits

Author SHA1 Message Date
Jiaxin Wu 95aea2fac9 NetworkPkg/IpSecDxe: Fix issue to parse SA Payload.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1251

*v2: Correct the type of parameters in Ikev2ParseProposalData(), and refined
the corresponding description.

IpSecDxe failed to create the Child SA during parsing SA Payload, the issue
was caused by the below commit:

SHA-1: 1e0db7b119
* MdeModulePkg/NetworkPkg: Checking for NULL pointer before use.

In above commit, it changed the value of IsMatch in Ikev2ChildSaParseSaPayload()
to FALSE. That's correct but it exposed the potential bug in to match the correct
proposal Data, which will cause the issue happen.

Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2018-10-22 09:04:57 +08:00
Songpeng Li ad1e45ddb5 NetworkPkg: IpSecDxe: Remove the redundant code.
The functions that are never called have been removed.
They are Ikev2OnPacketAccepted, Ikev2SaSessionOnDeleting,
Ikev2ChildSaSessionLookupByMid, Ikev2ChildSaSessionOnDeleting
and Ikev2ChildExchangeRekeySpi.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1064
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Songpeng Li <songpeng.li@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2018-08-23 16:30:46 +08:00
Liming Gao f75a7f568e NetworkPkg: Clean up source files
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-28 11:19:49 +08:00
Fu Siyuan 1e0db7b119 MdeModulePkg/NetworkPkg: Checking for NULL pointer before use.
Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Sivaraman Nainar <sivaramann@amiindia.co.in>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2018-06-21 08:49:47 +08:00
Hao Wu ce5c3273c3 NetworkPkg: Refine casting expression result to bigger size
There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.

An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);

Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.

The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;

2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;

3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);

4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}

For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
2017-03-06 14:33:23 +08:00
Hao Wu ce8e582c06 NetworkPkg/IpSecDxe: Add check to avoid possible divide by zero
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2017-02-21 09:25:54 +08:00
Jiaxin Wu aa63a86601 NetworkPkg/IpSecDxe: correct one comment and remove the unused buf
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-12-06 18:37:25 +08:00
Jiaxin Wu 96c13c0117 NetworkPkg/IpSecDxe: Generate SPI randomly and correct IKE_SPI_BASE value
This path made the following update:
* Generate SPI randomly.
* Correct IKE_SPI_BASE value according RFC 4302/4303.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-09-06 19:01:04 +08:00
Jiaxin Wu 7822a1d91d NetworkPkg/IpSecDxe: Fix wrong IKE header "FLAG" update
*v2: update the commit log and refine the code comments.

There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange

The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-08-18 16:53:28 +08:00
Jiaxin Wu 40b83d6114 NetworkPkg/IpSecDxe: Fix UEFI IKE Initial Exchange failure
*v2: update the commit log.

IKE Initial Exchange message should cover below process:
           Initiator                    Responder
Message1 HDR,SAil,KEi,Ni  ------>
Message2                  <------   HDR,SArl,KEr,Nr,[CERTREQ]
Message3 HDR,SK{}         ------>
Message4                  <------   HDR,SK{}

If Initial Exchange message is initiated by Linux IKE, it works well.
But the failure will happen if it's initiated by UEFI IKE. This issue
is caused by the no status check of NotifyCookiePayload.

While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet
doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be
returned from Ikev2ParserNotifyCookiePayload(). Current implementation
return this error status directly, then the session will be broken. The
correct behavior should check this status. If no COOKIE Notify payload,
initiator don't need to retry the IKE_SA_INIT.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-08-18 16:53:14 +08:00
Laszlo Ersek bb7a152c2c NetworkPkg: fix ASSERT_EFI_ERROR() typos
A number of code locations use

  ASSERT_EFI_ERROR (BooleanExpression)

instead of

  ASSERT (BooleanExpression)

Fix them.

Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-30 13:08:03 +02:00
Jiaxin Wu 6771c1d658 NetworkPkg: Avoid potential NULL pointer dereference
The commit of 6b16c9e7 removes ASSERT and use error handling
in IpSecDxe driver, but may cause the potential NULL pointer
dereference. So, this patch is used to avoid NULL pointer
dereference.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-06-27 10:11:46 +08:00
Jiaxin Wu 6b16c9e7ea NetworkPkg: Remove ASSERT and use error handling in IpSecDxe
This patch is used to refine the code by removing ASSERT and
using error handling in IpSecDxe driver.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-06-21 12:56:24 +08:00
Laszlo Ersek aa5fc205dd NetworkPkg: IpSecDxe: remove set but unused variables
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
2016-03-25 10:52:31 +01:00
Jiaxin Wu 5dd08a463d NetworkPkg: Fix hang issue after system reconnected when IPSec has set up
IpSecStop() is incompetent to send out the delete information since the underlying
IP child has been destroyed. Delete all established IKE SAs and related
Child SAs directly.

Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-14 07:41:51 +00:00
Samer El-Haj-Mahmoud e8837eddf3 NetworkPkg: Remove unused variables from IpSecDxe to fix GCC build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17773 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-01 03:35:32 +00:00
Shumin Qiu 5edac28e83 NetworkPkg: Fix typo.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Mudusuru Giri P <giri.p.mudusuru@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17049 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-16 01:46:32 +00:00
Fu, Siyuan 2922e29ad8 Update network stack code to use StrnCpy instead of StrCpy.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-By: Dong, Eric <eric.dong@intel.com>
Reviewed-by: Wu, Jiaxin <jiaxin.wu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15773 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-08 00:41:14 +00:00
Eric Dong 393a3169c2 Refine code to make it more safely.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15589 6f19259b-4bc3-4df7-8a09-765794883524
2014-06-25 05:44:37 +00:00
Tian, Hot 44de1013cf Fix CRLF format
Signed-off-by: Tian, Hot <hot.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15157 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-22 08:39:32 +00:00
Fu Siyuan 979fc9eab5 Bug fix: IpSec driver treats BOOLEAN as EFI_STATUS in error handling code.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Jin, Eric <eric.jin@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15049 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-06 03:01:09 +00:00
qianouyang 6cf9230ff2 1.Update IPsec driver to set the Transform structure’s Next Payload field to be zero when it is the last transform structure in a proposal. The same as Proposal Structure’s Next Payload filed, it also should be zero when it is the last proposal in the SA.
2.Delete all SAs in the IPsec->Stop().

Signed-off-by: qianouyang
Reviewed-by: sfu5

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12768 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-23 10:31:04 +00:00
sfu5 02a758cb0b Add pointer check for NULL before dereference it.
Signed-off-by: sfu5
Reviewed-by: xdu2
Reviewed-by: ydong10


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12514 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-08 02:55:30 +00:00
xdu2 686d4d4a86 NetworkPkg: Add IN/OUT modifier.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11262 6f19259b-4bc3-4df7-8a09-765794883524
2011-01-21 05:18:29 +00:00
qianouyang bfd4204b2d NetworkPkg: Update the IpsecDxe driver related PCDs in NetworkPkg.dec.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11258 6f19259b-4bc3-4df7-8a09-765794883524
2011-01-20 08:44:28 +00:00
jljusten 1d8fa5e94f NetworkPkg/IpSecDxe: Add missing EFIAPI for callback functions
Callback functions must always use EFIAPI.

GCC 4.4 X64 flagged these mismatches in EFIAPI usage.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11221 6f19259b-4bc3-4df7-8a09-765794883524
2011-01-03 03:17:20 +00:00
qianouyang 9166f840d2 Add IPsec/Ikev2 support.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11219 6f19259b-4bc3-4df7-8a09-765794883524
2010-12-31 10:43:54 +00:00