From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8D09B1A1E3D for ; Mon, 5 Sep 2016 23:37:57 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP; 05 Sep 2016 23:37:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,290,1470726000"; d="scan'208";a="4880169" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga005.fm.intel.com with ESMTP; 05 Sep 2016 23:37:57 -0700 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 5 Sep 2016 23:37:56 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 5 Sep 2016 23:37:56 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.102]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.250]) with mapi id 14.03.0248.002; Tue, 6 Sep 2016 14:37:53 +0800 From: "Ye, Ting" To: "Wu, Jiaxin" , "edk2-devel@lists.01.org" CC: "Fu, Siyuan" Thread-Topic: [Patch] NetworkPkg/IpSecDxe: Generate SPI randomly and correct IKE_SPI_BASE value Thread-Index: AQHSB/A5Nuqi8OTaWk+yhXwU9YU04aBsAmpA Date: Tue, 6 Sep 2016 06:37:52 +0000 Message-ID: References: <1473133142-41256-1-git-send-email-jiaxin.wu@intel.com> In-Reply-To: <1473133142-41256-1-git-send-email-jiaxin.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWJjNDYwOGQtMTAyOC00M2UwLWI5ZGUtYjBlODgzNDU2YjBkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IkJmVTg4SHJkbU9nZmhBNW1sWWZtR0VLRnpwV1ZMQTlBYUtySzRrXC91OGo0PSJ9 x-ctpclassification: CTP_IC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] NetworkPkg/IpSecDxe: Generate SPI randomly and correct IKE_SPI_BASE value X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2016 06:37:57 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ye Ting =20 -----Original Message----- From: Wu, Jiaxin=20 Sent: Tuesday, September 06, 2016 11:39 AM To: edk2-devel@lists.01.org Cc: Ye, Ting ; Fu, Siyuan Subject: [Patch] NetworkPkg/IpSecDxe: Generate SPI randomly and correct IKE= _SPI_BASE value This path made the following update: * Generate SPI randomly. * Correct IKE_SPI_BASE value according RFC 4302/4303. Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/IpSecDxe/IkeCommon.c | 102 +++++++++++++++++++++++++++++++-= ---- NetworkPkg/IpSecDxe/IkeCommon.h | 20 ++++--- NetworkPkg/IpSecDxe/Ikev2/Utility.c | 11 +++- 3 files changed, 112 insertions(+), 21 deletions(-) diff --git a/NetworkPkg/IpSecDxe/IkeCommon.c b/NetworkPkg/IpSecDxe/IkeCommo= n.c index 6fc7c06..b1e4321 100644 --- a/NetworkPkg/IpSecDxe/IkeCommon.c +++ b/NetworkPkg/IpSecDxe/IkeCommon.c @@ -1,9 +1,9 @@ /** @file Common operation of the IKE =20 - Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights=20 + reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at http://opensource.org/licenses/bsd-license.php. @@ -16,14 +16,56 @@ #include "Ike.h" #include "IkeCommon.h" #include "IpSecConfigImpl.h" #include "IpSecDebug.h" =20 -// -// Initial the SPI -// -UINT32 mNextSpi =3D IKE_SPI_BASE; +/** + Check whether the new generated Spi has existed. + + @param[in] IkeSaSession Pointer to the Child SA Session. + @param[in] SpiValue SPI Value. + + @retval TRUE This SpiValue has existed in the Child SA Session + @retval FALSE This SpiValue doesn't exist in the Child SA Session. + =20 +**/ +BOOLEAN +IkeSpiValueExisted ( + IN IKEV2_SA_SESSION *IkeSaSession, + IN UINT32 SpiValue + ) +{ + LIST_ENTRY *Entry; + LIST_ENTRY *Next; + IKEV2_CHILD_SA_SESSION *SaSession; + + Entry =3D NULL; + Next =3D NULL; + SaSession =3D NULL; + =20 + // + // Check whether the SPI value has existed in ChildSaEstablishSessionLis= t. + // + NET_LIST_FOR_EACH_SAFE (Entry, Next, &IkeSaSession->ChildSaEstablishSess= ionList) { + SaSession=3D IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry); + if (SaSession->LocalPeerSpi =3D=3D SpiValue) { + return TRUE; + } + } + + // + // Check whether the SPI value has existed in ChildSaSessionList. + // + NET_LIST_FOR_EACH_SAFE (Entry, Next, &IkeSaSession->ChildSaSessionList) = { + SaSession=3D IKEV2_CHILD_SA_SESSION_BY_IKE_SA (Entry); + if (SaSession->LocalPeerSpi =3D=3D SpiValue) { + return TRUE; + } + } + + return FALSE; +} =20 /** Call Crypto Lib to generate a random value with eight-octet length. =20 @return the 64 byte vaule. @@ -156,23 +198,57 @@ IkePayloadFree ( FreePool (IkePayload); } =20 /** Generate an new SPI. - - @return a SPI in 4 bytes. + =20 + @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to th= is Child SA=20 + Session. + @param[in out] SpiValue Pointer to the new generated SPI value.=20 + =20 + @retval EFI_SUCCESS The operation performs successfully. + @retval Otherwise The operation is failed. =20 **/ -UINT32 +EFI_STATUS IkeGenerateSpi ( - VOID + IN IKEV2_SA_SESSION *IkeSaSession, + OUT UINT32 *SpiValue ) { - // - // TODO: should generate SPI randomly to avoid security issue - // - return mNextSpi++; + EFI_STATUS Status; + + Status =3D EFI_SUCCESS; +=20 + while (TRUE) { + // + // Generate SPI randomly + // + Status =3D IpSecCryptoIoGenerateRandomBytes ((UINT8 *)SpiValue, sizeof= (UINT32)); + if (EFI_ERROR (Status)) { + break; + } + + // + // The set of SPI values in the range 1 through 255 are reserved by th= e=20 + // Internet Assigned Numbers Authority (IANA) for future use; a reserv= ed=20 + // SPI value will not normally be assigned by IANA unless the use of t= he=20 + // assigned SPI value is specified in an RFC. + // + if (*SpiValue < IKE_SPI_BASE) { + *SpiValue +=3D IKE_SPI_BASE;=20 + } + + // + // Check whether the new generated SPI has existed. + // + if (!IkeSpiValueExisted (IkeSaSession, *SpiValue)) { + break; + } + } + =20 + return Status; } =20 /** Generate a random data for IV =20 diff --git a/NetworkPkg/IpSecDxe/IkeCommon.h b/NetworkPkg/IpSecDxe/IkeCommo= n.h index 714ecaa..7f7fd4d 100644 --- a/NetworkPkg/IpSecDxe/IkeCommon.h +++ b/NetworkPkg/IpSecDxe/IkeCommon.h @@ -1,9 +1,9 @@ /** @file Common operation of the IKE. =20 - Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights=20 + reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at http://opensource.org/licenses/bsd-license.php. @@ -37,11 +37,11 @@ =20 #define IKE_DEFAULT_PORT 500 #define IKE_DEFAULT_TIMEOUT_INTERVAL 10000 // 10s #define IKE_NONCE_SIZE 16 #define IKE_MAX_RETRY 4 -#define IKE_SPI_BASE 0x10000 +#define IKE_SPI_BASE 0x100 #define IKE_PAYLOAD_SIGNATURE SIGNATURE_32('I','K','E','P') #define IKE_PAYLOAD_BY_PACKET(a) CR(a,IKE_PAYLOAD,ByPacket,IKE_PAYLOA= D_SIGNATURE) =20 =20 #define IKE_PACKET_APPEND_PAYLOAD(IkePacket,IkePayload) \ @@ -128,18 +128,24 @@ VOID IkePayloadFree ( IN IKE_PAYLOAD *IkePayload ); =20 /** - Generate an unused SPI - - @return a SPI in 4 bytes. + Generate an new SPI. + =20 + @param[in] IkeSaSession Pointer to IKEV2_SA_SESSION related to th= is Child SA=20 + Session. + @param[in out] SpiValue Pointer to the new generated SPI value.=20 + =20 + @retval EFI_SUCCESS The operation performs successfully. + @retval Otherwise The operation is failed. =20 **/ -UINT32 +EFI_STATUS IkeGenerateSpi ( - VOID + IN IKEV2_SA_SESSION *IkeSaSession, + OUT UINT32 *SpiValue ); =20 /** Generate a random data for IV =20 diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev= 2/Utility.c index 5b26ba1..c365532 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -523,11 +523,20 @@ Ikev2ChildSaSessionAlloc ( // Initialize the fields of ChildSaSession and its SessionCommon. // ChildSaSession->Signature =3D IKEV2_CHILD_SA_SESSION_SIGNATURE; ChildSaSession->IkeSaSession =3D IkeSaSession; ChildSaSession->MessageId =3D IkeSaSession->MessageId; - ChildSaSession->LocalPeerSpi =3D IkeGenerateSpi (); + + // + // Generate an new SPI. + // + Status =3D IkeGenerateSpi (IkeSaSession,=20 + &(ChildSaSession->LocalPeerSpi)); if (EFI_ERROR (Status)) { + FreePool (ChildSaSession); + return NULL; + } + =20 ChildSaCommon =3D &ChildSaSession->SessionCommon; ChildSaCommon->UdpService =3D UdpService; ChildSaCommon->Private =3D IkeSaSession->SessionCommon.Priva= te; ChildSaCommon->IkeSessionType =3D IkeSessionTypeChildSa; ChildSaCommon->IkeVer =3D 2; -- 1.9.5.msysgit.1