summaryrefslogtreecommitdiffstats
path: root/NetworkPkg/IpSecDxe/Ikev2
Commit message (Collapse)AuthorAgeFilesLines
* NetworkPkg: Remove IpSec driver and applicationWang, Fan2019-04-299-11471/+0
| | | | | | | | | | | | | * REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1697 The IpSec driver in NetworkPkg is not really used by platforms but has security risks. So it is scheduled to be removed from edk2, also include IpSecConfig application. Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Signed-off-by: Wang Fan <fan.wang@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-099-63/+9
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg/IpSecDxe: Fix issue to parse SA Payload.Jiaxin Wu2018-10-221-21/+39
| | | | | | | | | | | | | | | | | | | | | | | Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1251 *v2: Correct the type of parameters in Ikev2ParseProposalData(), and refined the corresponding description. IpSecDxe failed to create the Child SA during parsing SA Payload, the issue was caused by the below commit: SHA-1: 1e0db7b11987d0ec93be7dfe26102a327860fdbd * MdeModulePkg/NetworkPkg: Checking for NULL pointer before use. In above commit, it changed the value of IsMatch in Ikev2ChildSaParseSaPayload() to FALSE. That's correct but it exposed the potential bug in to match the correct proposal Data, which will cause the issue happen. Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg: IpSecDxe: Remove the redundant code.Songpeng Li2018-08-233-161/+0
| | | | | | | | | | | | | | | The functions that are never called have been removed. They are Ikev2OnPacketAccepted, Ikev2SaSessionOnDeleting, Ikev2ChildSaSessionLookupByMid, Ikev2ChildSaSessionOnDeleting and Ikev2ChildExchangeRekeySpi. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1064 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Songpeng Li <songpeng.li@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* NetworkPkg: Clean up source filesLiming Gao2018-06-289-475/+475
| | | | | | | | | 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
* MdeModulePkg/NetworkPkg: Checking for NULL pointer before use.Fu Siyuan2018-06-211-1/+1
| | | | | | | Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Sivaraman Nainar <sivaramann@amiindia.co.in> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg: Refine casting expression result to bigger sizeHao Wu2017-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly cast to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; 2). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 3). When the expression will be cast to pointer of possible greater size: UINT32 a,b; VOID *c; c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b); 4). When one side of a comparison expression contains only operands with rank less than UINT32: UINT8 a; UINT16 b; UINTN c; if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...} For rule 4), if we remove the 'UINTN' type cast like: if (a + b > c) {...} The VS compiler will complain with warning C4018 (signed/unsigned mismatch, level 3 warning) due to promoting 'a + b' to type 'int'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg/IpSecDxe: Add check to avoid possible divide by zeroHao Wu2017-02-211-1/+7
| | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IpSecDxe: correct one comment and remove the unused bufJiaxin Wu2016-12-061-17/+1
| | | | | | | | | | | Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Zhang Lubo <lubo.zhang@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg/IpSecDxe: Generate SPI randomly and correct IKE_SPI_BASE valueJiaxin Wu2016-09-061-1/+10
| | | | | | | | | | | | | This path made the following update: * Generate SPI randomly. * Correct IKE_SPI_BASE value according RFC 4302/4303. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IpSecDxe: Fix wrong IKE header "FLAG" updateJiaxin Wu2016-08-184-16/+28
| | | | | | | | | | | | | | | | | | | | | *v2: update the commit log and refine the code comments. There are three kinds of IKE Exchange process: #1. Initial Exchange #2. CREATE_CHILD_SA_Exchange #3. Information Exchange The IKE header "FLAG" update is incorrect in #2 and #3 exchange, which may cause the continue session failure. This patch is used to correct the updates of IKE header "FLAG" according the RFC4306 section 3.1. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg/IpSecDxe: Fix UEFI IKE Initial Exchange failureJiaxin Wu2016-08-181-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | *v2: update the commit log. IKE Initial Exchange message should cover below process: Initiator Responder Message1 HDR,SAil,KEi,Ni ------> Message2 <------ HDR,SArl,KEr,Nr,[CERTREQ] Message3 HDR,SK{} ------> Message4 <------ HDR,SK{} If Initial Exchange message is initiated by Linux IKE, it works well. But the failure will happen if it's initiated by UEFI IKE. This issue is caused by the no status check of NotifyCookiePayload. While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be returned from Ikev2ParserNotifyCookiePayload(). Current implementation return this error status directly, then the session will be broken. The correct behavior should check this status. If no COOKIE Notify payload, initiator don't need to retry the IKE_SA_INIT. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg: fix ASSERT_EFI_ERROR() typosLaszlo Ersek2016-06-301-1/+1
| | | | | | | | | | | | | | | | | | | A number of code locations use ASSERT_EFI_ERROR (BooleanExpression) instead of ASSERT (BooleanExpression) Fix them. Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
* NetworkPkg: Avoid potential NULL pointer dereferenceJiaxin Wu2016-06-274-11/+184
| | | | | | | | | | | | | | The commit of 6b16c9e7 removes ASSERT and use error handling in IpSecDxe driver, but may cause the potential NULL pointer dereference. So, this patch is used to avoid NULL pointer dereference. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg: Remove ASSERT and use error handling in IpSecDxeJiaxin Wu2016-06-215-87/+356
| | | | | | | | | | | | | This patch is used to refine the code by removing ASSERT and using error handling in IpSecDxe driver. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
* NetworkPkg: IpSecDxe: remove set but unused variablesLaszlo Ersek2016-03-251-2/+0
| | | | | | | | | | | Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
* NetworkPkg: Fix hang issue after system reconnected when IPSec has set upJiaxin Wu2015-08-142-7/+5
| | | | | | | | | | | | | IpSecStop() is incompetent to send out the delete information since the underlying IP child has been destroyed. Delete all established IKE SAs and related Child SAs directly. Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524
* NetworkPkg: Remove unused variables from IpSecDxe to fix GCC build.Samer El-Haj-Mahmoud2015-07-014-26/+5
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17773 6f19259b-4bc3-4df7-8a09-765794883524
* NetworkPkg: Fix typo.Shumin Qiu2015-03-161-3/+3
| | | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> Reviewed-by: Mudusuru Giri P <giri.p.mudusuru@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17049 6f19259b-4bc3-4df7-8a09-765794883524
* Update network stack code to use StrnCpy instead of StrCpy.Fu, Siyuan2014-08-081-2/+2
| | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed-By: Dong, Eric <eric.dong@intel.com> Reviewed-by: Wu, Jiaxin <jiaxin.wu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15773 6f19259b-4bc3-4df7-8a09-765794883524
* Refine code to make it more safely.Eric Dong2014-06-251-1/+2
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15589 6f19259b-4bc3-4df7-8a09-765794883524
* Fix CRLF formatTian, Hot2014-01-223-20/+20
| | | | | | Signed-off-by: Tian, Hot <hot.tian@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15157 6f19259b-4bc3-4df7-8a09-765794883524
* Bug fix: IpSec driver treats BOOLEAN as EFI_STATUS in error handling code.Fu Siyuan2014-01-061-3/+2
| | | | | | | | Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Jin, Eric <eric.jin@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15049 6f19259b-4bc3-4df7-8a09-765794883524
* 1.Update IPsec driver to set the Transform structure’s Next Payload field ↵qianouyang2011-11-232-240/+238
| | | | | | | | | | | to be zero when it is the last transform structure in a proposal. The same as Proposal Structure’s Next Payload filed, it also should be zero when it is the last proposal in the SA. 2.Delete all SAs in the IPsec->Stop(). Signed-off-by: qianouyang Reviewed-by: sfu5 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12768 6f19259b-4bc3-4df7-8a09-765794883524
* Add pointer check for NULL before dereference it.sfu52011-10-083-13/+164
| | | | | | | | | Signed-off-by: sfu5 Reviewed-by: xdu2 Reviewed-by: ydong10 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12514 6f19259b-4bc3-4df7-8a09-765794883524
* NetworkPkg: Add IN/OUT modifier.xdu22011-01-211-4/+4
| | | | git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11262 6f19259b-4bc3-4df7-8a09-765794883524
* NetworkPkg: Update the IpsecDxe driver related PCDs in NetworkPkg.dec.qianouyang2011-01-201-19/+19
| | | | git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11258 6f19259b-4bc3-4df7-8a09-765794883524
* NetworkPkg/IpSecDxe: Add missing EFIAPI for callback functionsjljusten2011-01-031-22/+23
| | | | | | | | Callback functions must always use EFIAPI. GCC 4.4 X64 flagged these mismatches in EFIAPI usage. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11221 6f19259b-4bc3-4df7-8a09-765794883524
* Add IPsec/Ikev2 support.qianouyang2010-12-319-0/+11091
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11219 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 19:16:39 +0000