]>
Commit | Line | Data |
---|---|---|
a3bcde70 HT |
1 | /** @file\r |
2 | The implementation of policy entry operation function in IpSecConfig application.\r | |
3 | \r | |
7a49cd08 | 4 | Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r |
a3bcde70 HT |
5 | \r |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #include "IpSecConfig.h"\r | |
17 | #include "Indexer.h"\r | |
18 | #include "Match.h"\r | |
19 | #include "Helper.h"\r | |
20 | #include "ForEach.h"\r | |
21 | #include "PolicyEntryOperation.h"\r | |
22 | \r | |
23 | /**\r | |
24 | Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r | |
25 | \r | |
26 | @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
27 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
76389e18 | 28 | @param[in, out] Mask The pointer to the Mask.\r |
a3bcde70 HT |
29 | \r |
30 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r | |
31 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
32 | \r | |
33 | **/\r | |
34 | EFI_STATUS\r | |
35 | CreateSpdSelector (\r | |
36 | OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r | |
37 | IN LIST_ENTRY *ParamPackage,\r | |
38 | IN OUT UINT32 *Mask\r | |
39 | )\r | |
40 | {\r | |
41 | EFI_STATUS Status;\r | |
42 | EFI_STATUS ReturnStatus;\r | |
43 | CONST CHAR16 *ValueStr;\r | |
44 | \r | |
45 | Status = EFI_SUCCESS;\r | |
46 | ReturnStatus = EFI_SUCCESS;\r | |
47 | \r | |
48 | //\r | |
49 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
50 | //\r | |
51 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r | |
52 | if (ValueStr != NULL) {\r | |
53 | Selector->LocalAddressCount = 1;\r | |
54 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r | |
55 | if (EFI_ERROR (Status)) {\r | |
56 | ShellPrintHiiEx (\r | |
57 | -1,\r | |
58 | -1,\r | |
59 | NULL,\r | |
60 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
61 | mHiiHandle,\r | |
62 | mAppName,\r | |
63 | L"--local",\r | |
64 | ValueStr\r | |
65 | );\r | |
66 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
67 | } else {\r | |
68 | *Mask |= LOCAL;\r | |
69 | }\r | |
70 | }\r | |
71 | \r | |
72 | //\r | |
73 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
74 | //\r | |
75 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r | |
76 | if (ValueStr != NULL) {\r | |
77 | Selector->RemoteAddressCount = 1;\r | |
78 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r | |
79 | if (EFI_ERROR (Status)) {\r | |
80 | ShellPrintHiiEx (\r | |
81 | -1,\r | |
82 | -1,\r | |
83 | NULL,\r | |
84 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
85 | mHiiHandle,\r | |
86 | mAppName,\r | |
87 | L"--remote",\r | |
88 | ValueStr\r | |
89 | );\r | |
90 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
91 | } else {\r | |
92 | *Mask |= REMOTE;\r | |
93 | }\r | |
94 | }\r | |
95 | \r | |
96 | Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r | |
97 | \r | |
98 | //\r | |
99 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
100 | //\r | |
101 | Status = GetNumber (\r | |
102 | L"--proto",\r | |
103 | (UINT16) -1,\r | |
104 | &Selector->NextLayerProtocol,\r | |
105 | sizeof (UINT16),\r | |
106 | mMapIpProtocol,\r | |
107 | ParamPackage,\r | |
108 | FORMAT_NUMBER | FORMAT_STRING\r | |
109 | );\r | |
110 | if (!EFI_ERROR (Status)) {\r | |
111 | *Mask |= PROTO;\r | |
112 | }\r | |
113 | \r | |
114 | if (Status == EFI_INVALID_PARAMETER) {\r | |
115 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
116 | }\r | |
117 | \r | |
118 | Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r | |
119 | Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r | |
120 | \r | |
121 | //\r | |
122 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
123 | //\r | |
124 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r | |
125 | if (ValueStr != NULL) {\r | |
126 | Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r | |
127 | if (EFI_ERROR (Status)) {\r | |
128 | ShellPrintHiiEx (\r | |
129 | -1,\r | |
130 | -1,\r | |
131 | NULL,\r | |
132 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
133 | mHiiHandle,\r | |
134 | mAppName,\r | |
135 | L"--local-port",\r | |
136 | ValueStr\r | |
137 | );\r | |
138 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
139 | } else {\r | |
140 | *Mask |= LOCAL_PORT;\r | |
141 | }\r | |
142 | }\r | |
143 | \r | |
144 | //\r | |
145 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
146 | //\r | |
147 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r | |
148 | if (ValueStr != NULL) {\r | |
149 | Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r | |
150 | if (EFI_ERROR (Status)) {\r | |
151 | ShellPrintHiiEx (\r | |
152 | -1,\r | |
153 | -1,\r | |
154 | NULL,\r | |
155 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
156 | mHiiHandle,\r | |
157 | mAppName,\r | |
158 | L"--remote-port",\r | |
159 | ValueStr\r | |
160 | );\r | |
161 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
162 | } else {\r | |
163 | *Mask |= REMOTE_PORT;\r | |
164 | }\r | |
165 | }\r | |
166 | \r | |
167 | //\r | |
168 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
169 | //\r | |
170 | Status = GetNumber (\r | |
171 | L"--icmp-type",\r | |
172 | (UINT8) -1,\r | |
173 | &Selector->LocalPort,\r | |
174 | sizeof (UINT16),\r | |
175 | NULL,\r | |
176 | ParamPackage,\r | |
177 | FORMAT_NUMBER\r | |
178 | );\r | |
179 | if (!EFI_ERROR (Status)) {\r | |
180 | *Mask |= ICMP_TYPE;\r | |
181 | }\r | |
182 | \r | |
183 | if (Status == EFI_INVALID_PARAMETER) {\r | |
184 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
185 | }\r | |
186 | \r | |
187 | //\r | |
188 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
189 | //\r | |
190 | Status = GetNumber (\r | |
191 | L"--icmp-code",\r | |
192 | (UINT8) -1,\r | |
193 | &Selector->RemotePort,\r | |
194 | sizeof (UINT16),\r | |
195 | NULL,\r | |
196 | ParamPackage,\r | |
197 | FORMAT_NUMBER\r | |
198 | );\r | |
199 | if (!EFI_ERROR (Status)) {\r | |
200 | *Mask |= ICMP_CODE;\r | |
201 | }\r | |
202 | \r | |
203 | if (Status == EFI_INVALID_PARAMETER) {\r | |
204 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
205 | }\r | |
206 | \r | |
207 | return ReturnStatus;\r | |
208 | }\r | |
209 | \r | |
210 | /**\r | |
211 | Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r | |
212 | \r | |
213 | @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
214 | @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
215 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
216 | @param[out] Mask The pointer to the Mask.\r | |
217 | @param[in] CreateNew The switch to create new.\r | |
218 | \r | |
219 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r | |
220 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
221 | \r | |
222 | **/\r | |
223 | EFI_STATUS\r | |
224 | CreateSpdEntry (\r | |
225 | OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r | |
226 | OUT EFI_IPSEC_SPD_DATA **Data,\r | |
227 | IN LIST_ENTRY *ParamPackage,\r | |
228 | OUT UINT32 *Mask,\r | |
229 | IN BOOLEAN CreateNew\r | |
230 | )\r | |
231 | {\r | |
232 | EFI_STATUS Status;\r | |
233 | EFI_STATUS ReturnStatus;\r | |
234 | CONST CHAR16 *ValueStr;\r | |
235 | UINTN DataSize;\r | |
236 | \r | |
237 | Status = EFI_SUCCESS;\r | |
238 | *Mask = 0;\r | |
239 | \r | |
240 | *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r | |
241 | ASSERT (*Selector != NULL);\r | |
242 | \r | |
243 | (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r | |
244 | (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r | |
245 | \r | |
246 | ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r | |
247 | \r | |
248 | //\r | |
249 | // SPD DATA\r | |
250 | // NOTE: Allocate enough memory and add padding for different arch.\r | |
251 | //\r | |
252 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r | |
253 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r | |
254 | DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r | |
255 | \r | |
256 | *Data = AllocateZeroPool (DataSize);\r | |
257 | ASSERT (*Data != NULL);\r | |
258 | \r | |
259 | (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r | |
260 | (*Data + 1),\r | |
261 | sizeof (UINTN)\r | |
262 | );\r | |
263 | (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r | |
264 | ((*Data)->ProcessingPolicy + 1),\r | |
265 | sizeof (UINTN)\r | |
266 | );\r | |
267 | \r | |
268 | \r | |
269 | //\r | |
270 | // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r | |
271 | //\r | |
272 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r | |
273 | if (ValueStr != NULL) {\r | |
274 | UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);\r | |
275 | *Mask |= NAME;\r | |
276 | }\r | |
277 | \r | |
278 | //\r | |
279 | // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r | |
280 | //\r | |
281 | Status = GetNumber (\r | |
282 | L"--packet-flag",\r | |
283 | (UINT8) -1,\r | |
284 | &(*Data)->PackageFlag,\r | |
285 | sizeof (UINT32),\r | |
286 | NULL,\r | |
287 | ParamPackage,\r | |
288 | FORMAT_NUMBER\r | |
289 | );\r | |
290 | if (!EFI_ERROR (Status)) {\r | |
291 | *Mask |= PACKET_FLAG;\r | |
292 | }\r | |
293 | \r | |
294 | if (Status == EFI_INVALID_PARAMETER) {\r | |
295 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
296 | }\r | |
297 | \r | |
298 | //\r | |
299 | // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r | |
300 | //\r | |
301 | Status = GetNumber (\r | |
302 | L"--action",\r | |
303 | (UINT8) -1,\r | |
304 | &(*Data)->Action,\r | |
305 | sizeof (UINT32),\r | |
306 | mMapIpSecAction,\r | |
307 | ParamPackage,\r | |
308 | FORMAT_STRING\r | |
309 | );\r | |
310 | if (!EFI_ERROR (Status)) {\r | |
311 | *Mask |= ACTION;\r | |
312 | }\r | |
313 | \r | |
314 | if (Status == EFI_INVALID_PARAMETER) {\r | |
315 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
316 | }\r | |
317 | \r | |
318 | //\r | |
319 | // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r | |
320 | //\r | |
321 | if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r | |
322 | (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r | |
323 | *Mask |= EXT_SEQUENCE;\r | |
324 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r | |
325 | (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r | |
326 | *Mask |= EXT_SEQUENCE;\r | |
327 | }\r | |
328 | \r | |
329 | //\r | |
330 | // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r | |
331 | //\r | |
332 | if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r | |
333 | (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r | |
334 | *Mask |= SEQUENCE_OVERFLOW;\r | |
335 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r | |
336 | (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r | |
337 | *Mask |= SEQUENCE_OVERFLOW;\r | |
338 | }\r | |
339 | \r | |
340 | //\r | |
341 | // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r | |
342 | //\r | |
343 | if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r | |
344 | (*Data)->ProcessingPolicy->FragCheck = TRUE;\r | |
345 | *Mask |= FRAGMENT_CHECK;\r | |
346 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r | |
347 | (*Data)->ProcessingPolicy->FragCheck = FALSE;\r | |
348 | *Mask |= FRAGMENT_CHECK;\r | |
349 | }\r | |
350 | \r | |
351 | //\r | |
352 | // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r | |
353 | //\r | |
354 | Status = GetNumber (\r | |
355 | L"--lifebyte",\r | |
356 | (UINT64) -1,\r | |
357 | &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r | |
358 | sizeof (UINT64),\r | |
359 | NULL,\r | |
360 | ParamPackage,\r | |
361 | FORMAT_NUMBER\r | |
362 | );\r | |
363 | if (!EFI_ERROR (Status)) {\r | |
364 | *Mask |= LIFEBYTE;\r | |
365 | }\r | |
366 | \r | |
367 | if (Status == EFI_INVALID_PARAMETER) {\r | |
368 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
369 | }\r | |
370 | \r | |
371 | Status = GetNumber (\r | |
372 | L"--lifetime",\r | |
373 | (UINT64) -1,\r | |
374 | &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r | |
375 | sizeof (UINT64),\r | |
376 | NULL,\r | |
377 | ParamPackage,\r | |
378 | FORMAT_NUMBER\r | |
379 | );\r | |
380 | if (!EFI_ERROR (Status)) {\r | |
381 | *Mask |= LIFETIME;\r | |
382 | }\r | |
383 | if (Status == EFI_INVALID_PARAMETER) {\r | |
384 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
385 | }\r | |
386 | \r | |
387 | Status = GetNumber (\r | |
388 | L"--lifetime-soft",\r | |
389 | (UINT64) -1,\r | |
390 | &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r | |
391 | sizeof (UINT64),\r | |
392 | NULL,\r | |
393 | ParamPackage,\r | |
394 | FORMAT_NUMBER\r | |
395 | );\r | |
396 | if (!EFI_ERROR (Status)) {\r | |
397 | *Mask |= LIFETIME_SOFT;\r | |
398 | }\r | |
399 | \r | |
400 | if (Status == EFI_INVALID_PARAMETER) {\r | |
401 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
402 | }\r | |
403 | \r | |
404 | (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r | |
405 | Status = GetNumber (\r | |
406 | L"--mode",\r | |
407 | 0,\r | |
408 | &(*Data)->ProcessingPolicy->Mode,\r | |
409 | sizeof (UINT32),\r | |
410 | mMapIpSecMode,\r | |
411 | ParamPackage,\r | |
412 | FORMAT_STRING\r | |
413 | );\r | |
414 | if (!EFI_ERROR (Status)) {\r | |
415 | *Mask |= MODE;\r | |
416 | }\r | |
417 | \r | |
418 | if (Status == EFI_INVALID_PARAMETER) {\r | |
419 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
420 | }\r | |
421 | \r | |
422 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r | |
423 | if (ValueStr != NULL) {\r | |
424 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r | |
425 | if (EFI_ERROR (Status)) {\r | |
426 | ShellPrintHiiEx (\r | |
427 | -1,\r | |
428 | -1,\r | |
429 | NULL,\r | |
430 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
431 | mHiiHandle,\r | |
432 | mAppName,\r | |
433 | L"--tunnel-local",\r | |
434 | ValueStr\r | |
435 | );\r | |
436 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
437 | } else {\r | |
438 | *Mask |= TUNNEL_LOCAL;\r | |
439 | }\r | |
440 | }\r | |
441 | \r | |
442 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r | |
443 | if (ValueStr != NULL) {\r | |
444 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r | |
445 | if (EFI_ERROR (Status)) {\r | |
446 | ShellPrintHiiEx (\r | |
447 | -1,\r | |
448 | -1,\r | |
449 | NULL,\r | |
450 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
451 | mHiiHandle,\r | |
452 | mAppName,\r | |
453 | L"--tunnel-remote",\r | |
454 | ValueStr\r | |
455 | );\r | |
456 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
457 | } else {\r | |
458 | *Mask |= TUNNEL_REMOTE;\r | |
459 | }\r | |
460 | }\r | |
461 | \r | |
462 | (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r | |
463 | Status = GetNumber (\r | |
464 | L"--dont-fragment",\r | |
465 | 0,\r | |
466 | &(*Data)->ProcessingPolicy->TunnelOption->DF,\r | |
467 | sizeof (UINT32),\r | |
468 | mMapDfOption,\r | |
469 | ParamPackage,\r | |
470 | FORMAT_STRING\r | |
471 | );\r | |
472 | if (!EFI_ERROR (Status)) {\r | |
473 | *Mask |= DONT_FRAGMENT;\r | |
474 | }\r | |
475 | \r | |
476 | if (Status == EFI_INVALID_PARAMETER) {\r | |
477 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
478 | }\r | |
479 | \r | |
480 | (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r | |
481 | Status = GetNumber (\r | |
482 | L"--ipsec-proto",\r | |
483 | 0,\r | |
484 | &(*Data)->ProcessingPolicy->Proto,\r | |
485 | sizeof (UINT32),\r | |
486 | mMapIpSecProtocol,\r | |
487 | ParamPackage,\r | |
488 | FORMAT_STRING\r | |
489 | );\r | |
490 | if (!EFI_ERROR (Status)) {\r | |
491 | *Mask |= IPSEC_PROTO;\r | |
492 | }\r | |
493 | \r | |
494 | if (Status == EFI_INVALID_PARAMETER) {\r | |
495 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
496 | }\r | |
497 | \r | |
498 | Status = GetNumber (\r | |
499 | L"--encrypt-algo",\r | |
500 | 0,\r | |
501 | &(*Data)->ProcessingPolicy->EncAlgoId,\r | |
502 | sizeof (UINT8),\r | |
503 | mMapEncAlgo,\r | |
504 | ParamPackage,\r | |
505 | FORMAT_STRING\r | |
506 | );\r | |
507 | if (!EFI_ERROR (Status)) {\r | |
508 | *Mask |= ENCRYPT_ALGO;\r | |
509 | }\r | |
510 | \r | |
511 | if (Status == EFI_INVALID_PARAMETER) {\r | |
512 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
513 | }\r | |
514 | \r | |
515 | Status = GetNumber (\r | |
516 | L"--auth-algo",\r | |
517 | 0,\r | |
518 | &(*Data)->ProcessingPolicy->AuthAlgoId,\r | |
519 | sizeof (UINT8),\r | |
520 | mMapAuthAlgo,\r | |
521 | ParamPackage,\r | |
522 | FORMAT_STRING\r | |
523 | );\r | |
524 | if (!EFI_ERROR (Status)) {\r | |
525 | *Mask |= AUTH_ALGO;\r | |
526 | }\r | |
527 | \r | |
528 | if (Status == EFI_INVALID_PARAMETER) {\r | |
529 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
530 | }\r | |
531 | \r | |
532 | //\r | |
533 | // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r | |
534 | //\r | |
535 | if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r | |
536 | (*Data)->ProcessingPolicy->TunnelOption = NULL;\r | |
537 | }\r | |
538 | \r | |
539 | if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r | |
540 | LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r | |
541 | DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r | |
542 | if ((*Data)->Action != EfiIPsecActionProtect) {\r | |
543 | //\r | |
544 | // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r | |
545 | //\r | |
546 | (*Data)->ProcessingPolicy = NULL;\r | |
547 | }\r | |
548 | }\r | |
549 | \r | |
550 | if (CreateNew) {\r | |
551 | if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r | |
552 | ShellPrintHiiEx (\r | |
553 | -1,\r | |
554 | -1,\r | |
555 | NULL,\r | |
556 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
557 | mHiiHandle,\r | |
558 | mAppName,\r | |
559 | L"--local --remote --proto --action"\r | |
560 | );\r | |
561 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
562 | } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r | |
563 | ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r | |
564 | ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r | |
565 | ShellPrintHiiEx (\r | |
566 | -1,\r | |
567 | -1,\r | |
568 | NULL,\r | |
569 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
570 | mHiiHandle,\r | |
571 | mAppName,\r | |
572 | L"--tunnel-local --tunnel-remote"\r | |
573 | );\r | |
574 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
575 | }\r | |
576 | }\r | |
577 | \r | |
578 | return ReturnStatus;\r | |
579 | }\r | |
580 | \r | |
581 | /**\r | |
64b2d0e5 | 582 | Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.\r |
a3bcde70 HT |
583 | \r |
584 | @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r | |
64b2d0e5 | 585 | @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 HT |
586 | @param[in] ParamPackage The pointer to the ParamPackage list.\r |
587 | @param[out] Mask The pointer to the Mask.\r | |
588 | @param[in] CreateNew The switch to create new.\r | |
589 | \r | |
64b2d0e5 | 590 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.\r |
a3bcde70 HT |
591 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r |
592 | \r | |
593 | **/\r | |
594 | EFI_STATUS\r | |
595 | CreateSadEntry (\r | |
596 | OUT EFI_IPSEC_SA_ID **SaId,\r | |
64b2d0e5 | 597 | OUT EFI_IPSEC_SA_DATA2 **Data,\r |
a3bcde70 HT |
598 | IN LIST_ENTRY *ParamPackage,\r |
599 | OUT UINT32 *Mask,\r | |
600 | IN BOOLEAN CreateNew\r | |
601 | )\r | |
602 | {\r | |
603 | EFI_STATUS Status;\r | |
604 | EFI_STATUS ReturnStatus;\r | |
605 | UINTN AuthKeyLength;\r | |
606 | UINTN EncKeyLength;\r | |
607 | CONST CHAR16 *ValueStr;\r | |
64b2d0e5 | 608 | CHAR8 *AsciiStr;\r |
a3bcde70 HT |
609 | UINTN DataSize;\r |
610 | \r | |
611 | Status = EFI_SUCCESS;\r | |
612 | ReturnStatus = EFI_SUCCESS;\r | |
613 | *Mask = 0;\r | |
614 | AuthKeyLength = 0;\r | |
615 | EncKeyLength = 0;\r | |
616 | \r | |
617 | *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r | |
618 | ASSERT (*SaId != NULL);\r | |
619 | \r | |
620 | //\r | |
621 | // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r | |
622 | //\r | |
623 | Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r | |
624 | if (!EFI_ERROR (Status)) {\r | |
625 | *Mask |= SPI;\r | |
626 | }\r | |
627 | \r | |
628 | if (Status == EFI_INVALID_PARAMETER) {\r | |
629 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
630 | }\r | |
631 | \r | |
632 | //\r | |
633 | // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r | |
634 | //\r | |
635 | Status = GetNumber (\r | |
636 | L"--ipsec-proto",\r | |
637 | 0,\r | |
638 | &(*SaId)->Proto,\r | |
639 | sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r | |
640 | mMapIpSecProtocol,\r | |
641 | ParamPackage,\r | |
642 | FORMAT_STRING\r | |
643 | );\r | |
644 | if (!EFI_ERROR (Status)) {\r | |
645 | *Mask |= IPSEC_PROTO;\r | |
646 | }\r | |
647 | \r | |
648 | if (Status == EFI_INVALID_PARAMETER) {\r | |
649 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
650 | }\r | |
651 | \r | |
652 | //\r | |
64b2d0e5 | 653 | // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.\r |
a3bcde70 HT |
654 | //\r |
655 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r | |
656 | if (ValueStr != NULL) {\r | |
64b2d0e5 | 657 | AuthKeyLength = StrLen (ValueStr);\r |
a3bcde70 HT |
658 | }\r |
659 | \r | |
660 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r | |
661 | if (ValueStr != NULL) {\r | |
64b2d0e5 | 662 | EncKeyLength = StrLen (ValueStr);\r |
a3bcde70 HT |
663 | }\r |
664 | \r | |
665 | //\r | |
64b2d0e5 | 666 | // EFI_IPSEC_SA_DATA2:\r |
a3bcde70 | 667 | // +------------\r |
64b2d0e5 | 668 | // | EFI_IPSEC_SA_DATA2\r |
a3bcde70 HT |
669 | // +-----------------------\r |
670 | // | AuthKey\r | |
671 | // +-------------------------\r | |
672 | // | EncKey\r | |
673 | // +-------------------------\r | |
674 | // | SpdSelector\r | |
675 | //\r | |
676 | // Notes: To make sure the address alignment add padding after each data if needed.\r | |
677 | //\r | |
64b2d0e5 | 678 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r |
a3bcde70 HT |
679 | DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r |
680 | DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r | |
681 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r | |
682 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r | |
683 | DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r | |
684 | \r | |
685 | \r | |
686 | \r | |
687 | *Data = AllocateZeroPool (DataSize);\r | |
688 | ASSERT (*Data != NULL);\r | |
689 | \r | |
690 | (*Data)->ManualSet = TRUE;\r | |
691 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r | |
692 | (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r | |
693 | ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r | |
694 | sizeof (UINTN)\r | |
695 | );\r | |
696 | (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r | |
697 | ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r | |
698 | sizeof (UINTN)\r | |
699 | );\r | |
700 | (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r | |
701 | ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r | |
702 | sizeof (UINTN));\r | |
703 | (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r | |
704 | (*Data)->SpdSelector->LocalAddress + 1,\r | |
705 | sizeof (UINTN)\r | |
706 | );\r | |
707 | \r | |
708 | (*Data)->Mode = EfiIPsecTransport;\r | |
709 | Status = GetNumber (\r | |
710 | L"--mode",\r | |
711 | 0,\r | |
712 | &(*Data)->Mode,\r | |
713 | sizeof (EFI_IPSEC_MODE),\r | |
714 | mMapIpSecMode,\r | |
715 | ParamPackage,\r | |
716 | FORMAT_STRING\r | |
717 | );\r | |
718 | if (!EFI_ERROR (Status)) {\r | |
719 | *Mask |= MODE;\r | |
720 | }\r | |
721 | \r | |
722 | if (Status == EFI_INVALID_PARAMETER) {\r | |
723 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
724 | }\r | |
725 | \r | |
726 | //\r | |
727 | // According to RFC 4303-3.3.3. The first packet sent using a given SA\r | |
728 | // will contain a sequence number of 1.\r | |
729 | //\r | |
730 | (*Data)->SNCount = 1;\r | |
731 | Status = GetNumber (\r | |
732 | L"--sequence-number",\r | |
733 | (UINT64) -1,\r | |
734 | &(*Data)->SNCount,\r | |
735 | sizeof (UINT64),\r | |
736 | NULL,\r | |
737 | ParamPackage,\r | |
738 | FORMAT_NUMBER\r | |
739 | );\r | |
740 | if (!EFI_ERROR (Status)) {\r | |
741 | *Mask |= SEQUENCE_NUMBER;\r | |
742 | }\r | |
743 | \r | |
744 | if (Status == EFI_INVALID_PARAMETER) {\r | |
745 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
746 | }\r | |
747 | \r | |
748 | (*Data)->AntiReplayWindows = 0;\r | |
749 | Status = GetNumber (\r | |
750 | L"--antireplay-window",\r | |
751 | (UINT8) -1,\r | |
752 | &(*Data)->AntiReplayWindows,\r | |
753 | sizeof (UINT8),\r | |
754 | NULL,\r | |
755 | ParamPackage,\r | |
756 | FORMAT_NUMBER\r | |
757 | );\r | |
758 | if (!EFI_ERROR (Status)) {\r | |
759 | *Mask |= SEQUENCE_NUMBER;\r | |
760 | }\r | |
761 | \r | |
762 | if (Status == EFI_INVALID_PARAMETER) {\r | |
763 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
764 | }\r | |
765 | \r | |
766 | Status = GetNumber (\r | |
767 | L"--encrypt-algo",\r | |
768 | 0,\r | |
769 | &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r | |
770 | sizeof (UINT8),\r | |
771 | mMapEncAlgo,\r | |
772 | ParamPackage,\r | |
773 | FORMAT_STRING\r | |
774 | );\r | |
775 | if (!EFI_ERROR (Status)) {\r | |
776 | *Mask |= ENCRYPT_ALGO;\r | |
777 | }\r | |
778 | \r | |
779 | if (Status == EFI_INVALID_PARAMETER) {\r | |
780 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
781 | }\r | |
782 | \r | |
783 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r | |
784 | if (ValueStr != NULL ) {\r | |
785 | (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r | |
64b2d0e5 | 786 | AsciiStr = AllocateZeroPool (EncKeyLength + 1);\r |
7a49cd08 | 787 | ASSERT (AsciiStr != NULL);\r |
64b2d0e5 | 788 | UnicodeStrToAsciiStr (ValueStr, AsciiStr);\r |
789 | CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);\r | |
790 | FreePool (AsciiStr);\r | |
a3bcde70 HT |
791 | *Mask |= ENCRYPT_KEY;\r |
792 | } else {\r | |
793 | (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r | |
794 | }\r | |
795 | \r | |
796 | Status = GetNumber (\r | |
797 | L"--auth-algo",\r | |
798 | 0,\r | |
799 | &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r | |
800 | sizeof (UINT8),\r | |
801 | mMapAuthAlgo,\r | |
802 | ParamPackage,\r | |
803 | FORMAT_STRING\r | |
804 | );\r | |
805 | if (!EFI_ERROR (Status)) {\r | |
806 | *Mask |= AUTH_ALGO;\r | |
807 | }\r | |
808 | \r | |
809 | if (Status == EFI_INVALID_PARAMETER) {\r | |
810 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
811 | }\r | |
812 | \r | |
813 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r | |
814 | if (ValueStr != NULL) {\r | |
815 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r | |
64b2d0e5 | 816 | AsciiStr = AllocateZeroPool (AuthKeyLength + 1);\r |
817 | UnicodeStrToAsciiStr (ValueStr, AsciiStr);\r | |
818 | CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);\r | |
819 | FreePool (AsciiStr);\r | |
a3bcde70 HT |
820 | *Mask |= AUTH_KEY;\r |
821 | } else {\r | |
822 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r | |
823 | }\r | |
824 | \r | |
825 | Status = GetNumber (\r | |
826 | L"--lifebyte",\r | |
827 | (UINT64) -1,\r | |
828 | &(*Data)->SaLifetime.ByteCount,\r | |
829 | sizeof (UINT64),\r | |
830 | NULL,\r | |
831 | ParamPackage,\r | |
832 | FORMAT_NUMBER\r | |
833 | );\r | |
834 | if (!EFI_ERROR (Status)) {\r | |
835 | *Mask |= LIFEBYTE;\r | |
836 | }\r | |
837 | \r | |
838 | if (Status == EFI_INVALID_PARAMETER) {\r | |
839 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
840 | }\r | |
841 | \r | |
842 | Status = GetNumber (\r | |
843 | L"--lifetime",\r | |
844 | (UINT64) -1,\r | |
845 | &(*Data)->SaLifetime.HardLifetime,\r | |
846 | sizeof (UINT64),\r | |
847 | NULL,\r | |
848 | ParamPackage,\r | |
849 | FORMAT_NUMBER\r | |
850 | );\r | |
851 | if (!EFI_ERROR (Status)) {\r | |
852 | *Mask |= LIFETIME;\r | |
853 | }\r | |
854 | \r | |
855 | if (Status == EFI_INVALID_PARAMETER) {\r | |
856 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
857 | }\r | |
858 | \r | |
859 | Status = GetNumber (\r | |
860 | L"--lifetime-soft",\r | |
861 | (UINT64) -1,\r | |
862 | &(*Data)->SaLifetime.SoftLifetime,\r | |
863 | sizeof (UINT64),\r | |
864 | NULL,\r | |
865 | ParamPackage,\r | |
866 | FORMAT_NUMBER\r | |
867 | );\r | |
868 | if (!EFI_ERROR (Status)) {\r | |
869 | *Mask |= LIFETIME_SOFT;\r | |
870 | }\r | |
871 | \r | |
872 | if (Status == EFI_INVALID_PARAMETER) {\r | |
873 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
874 | }\r | |
875 | \r | |
876 | Status = GetNumber (\r | |
877 | L"--path-mtu",\r | |
878 | (UINT32) -1,\r | |
879 | &(*Data)->PathMTU,\r | |
880 | sizeof (UINT32),\r | |
881 | NULL,\r | |
882 | ParamPackage,\r | |
883 | FORMAT_NUMBER\r | |
884 | );\r | |
885 | if (!EFI_ERROR (Status)) {\r | |
886 | *Mask |= PATH_MTU;\r | |
887 | }\r | |
888 | \r | |
889 | if (Status == EFI_INVALID_PARAMETER) {\r | |
890 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
891 | }\r | |
892 | \r | |
64b2d0e5 | 893 | //\r |
894 | // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r | |
895 | //\r | |
896 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");\r | |
897 | if (ValueStr != NULL) {\r | |
898 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);\r | |
899 | if (EFI_ERROR (Status)) {\r | |
900 | ShellPrintHiiEx (\r | |
901 | -1,\r | |
902 | -1,\r | |
903 | NULL,\r | |
904 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
905 | mHiiHandle,\r | |
906 | mAppName,\r | |
907 | L"--tunnel-dest",\r | |
908 | ValueStr\r | |
909 | );\r | |
910 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
911 | } else {\r | |
912 | *Mask |= DEST;\r | |
913 | }\r | |
914 | }\r | |
915 | \r | |
916 | //\r | |
da7c529c | 917 | // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r |
64b2d0e5 | 918 | //\r |
919 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");\r | |
920 | if (ValueStr != NULL) {\r | |
921 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);\r | |
922 | if (EFI_ERROR (Status)) {\r | |
923 | ShellPrintHiiEx (\r | |
924 | -1,\r | |
925 | -1,\r | |
926 | NULL,\r | |
927 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
928 | mHiiHandle,\r | |
929 | mAppName,\r | |
930 | L"--tunnel-source",\r | |
931 | ValueStr\r | |
932 | );\r | |
933 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
934 | } else {\r | |
935 | *Mask |= SOURCE;\r | |
936 | }\r | |
937 | }\r | |
da7c529c | 938 | \r |
939 | //\r | |
940 | // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set\r | |
941 | //\r | |
942 | if ((*Data)->Mode == EfiIPsecTunnel) {\r | |
943 | if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {\r | |
944 | ShellPrintHiiEx (\r | |
945 | -1,\r | |
946 | -1,\r | |
947 | NULL,\r | |
948 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
949 | mHiiHandle,\r | |
950 | mAppName,\r | |
951 | L"--tunnel-source --tunnel-dest"\r | |
952 | );\r | |
953 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
954 | }\r | |
955 | }\r | |
a3bcde70 HT |
956 | ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r |
957 | \r | |
958 | if (CreateNew) {\r | |
da7c529c | 959 | if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {\r |
a3bcde70 HT |
960 | ShellPrintHiiEx (\r |
961 | -1,\r | |
962 | -1,\r | |
963 | NULL,\r | |
964 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
965 | mHiiHandle,\r | |
966 | mAppName,\r | |
da7c529c | 967 | L"--spi --ipsec-proto --local --remote"\r |
a3bcde70 HT |
968 | );\r |
969 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
970 | } else {\r | |
971 | if ((*SaId)->Proto == EfiIPsecAH) {\r | |
972 | if ((*Mask & AUTH_ALGO) == 0) {\r | |
973 | ShellPrintHiiEx (\r | |
974 | -1,\r | |
975 | -1,\r | |
976 | NULL,\r | |
977 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
978 | mHiiHandle,\r | |
979 | mAppName,\r | |
980 | L"--auth-algo"\r | |
981 | );\r | |
982 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
780847d1 | 983 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r |
a3bcde70 HT |
984 | ShellPrintHiiEx (\r |
985 | -1,\r | |
986 | -1,\r | |
987 | NULL,\r | |
988 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
989 | mHiiHandle,\r | |
990 | mAppName,\r | |
991 | L"--auth-key"\r | |
992 | );\r | |
993 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
994 | }\r | |
995 | } else {\r | |
da7c529c | 996 | if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {\r |
a3bcde70 HT |
997 | ShellPrintHiiEx (\r |
998 | -1,\r | |
999 | -1,\r | |
1000 | NULL,\r | |
1001 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1002 | mHiiHandle,\r | |
1003 | mAppName,\r | |
da7c529c | 1004 | L"--encrypt-algo --auth-algo"\r |
a3bcde70 HT |
1005 | );\r |
1006 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
780847d1 | 1007 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r |
a3bcde70 HT |
1008 | ShellPrintHiiEx (\r |
1009 | -1,\r | |
1010 | -1,\r | |
1011 | NULL,\r | |
1012 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1013 | mHiiHandle,\r | |
1014 | mAppName,\r | |
1015 | L"--encrypt-key"\r | |
1016 | );\r | |
1017 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
da7c529c | 1018 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r |
1019 | ShellPrintHiiEx (\r | |
1020 | -1,\r | |
1021 | -1,\r | |
1022 | NULL,\r | |
1023 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1024 | mHiiHandle,\r | |
1025 | mAppName,\r | |
1026 | L"--auth-key"\r | |
1027 | );\r | |
1028 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
a3bcde70 HT |
1029 | }\r |
1030 | }\r | |
1031 | }\r | |
1032 | }\r | |
1033 | \r | |
1034 | return ReturnStatus;\r | |
1035 | }\r | |
1036 | \r | |
1037 | /**\r | |
1038 | Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r | |
1039 | \r | |
1040 | @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1041 | @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1042 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
1043 | @param[out] Mask The pointer to the Mask.\r | |
1044 | @param[in] CreateNew The switch to create new.\r | |
1045 | \r | |
1046 | @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r | |
1047 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1048 | \r | |
1049 | **/\r | |
1050 | EFI_STATUS\r | |
1051 | CreatePadEntry (\r | |
1052 | OUT EFI_IPSEC_PAD_ID **PadId,\r | |
1053 | OUT EFI_IPSEC_PAD_DATA **Data,\r | |
1054 | IN LIST_ENTRY *ParamPackage,\r | |
1055 | OUT UINT32 *Mask,\r | |
1056 | IN BOOLEAN CreateNew\r | |
1057 | )\r | |
1058 | {\r | |
1059 | EFI_STATUS Status;\r | |
1060 | EFI_STATUS ReturnStatus;\r | |
780847d1 | 1061 | SHELL_FILE_HANDLE FileHandle;\r |
a3bcde70 HT |
1062 | UINT64 FileSize;\r |
1063 | UINTN AuthDataLength;\r | |
1064 | UINTN RevocationDataLength;\r | |
1065 | UINTN DataLength;\r | |
1066 | UINTN Index;\r | |
1067 | CONST CHAR16 *ValueStr;\r | |
1068 | UINTN DataSize;\r | |
1069 | \r | |
1070 | Status = EFI_SUCCESS;\r | |
1071 | ReturnStatus = EFI_SUCCESS;\r | |
1072 | *Mask = 0;\r | |
1073 | AuthDataLength = 0;\r | |
1074 | RevocationDataLength = 0;\r | |
1075 | \r | |
1076 | *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r | |
1077 | ASSERT (*PadId != NULL);\r | |
1078 | \r | |
1079 | //\r | |
1080 | // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r | |
1081 | //\r | |
1082 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r | |
1083 | if (ValueStr != NULL) {\r | |
1084 | (*PadId)->PeerIdValid = FALSE;\r | |
1085 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r | |
1086 | if (EFI_ERROR (Status)) {\r | |
1087 | ShellPrintHiiEx (\r | |
1088 | -1,\r | |
1089 | -1,\r | |
1090 | NULL,\r | |
1091 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
1092 | mHiiHandle,\r | |
1093 | mAppName,\r | |
1094 | L"--peer-address",\r | |
1095 | ValueStr\r | |
1096 | );\r | |
1097 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1098 | } else {\r | |
1099 | *Mask |= PEER_ADDRESS;\r | |
1100 | }\r | |
1101 | }\r | |
1102 | \r | |
1103 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r | |
1104 | if (ValueStr != NULL) {\r | |
1105 | (*PadId)->PeerIdValid = TRUE;\r | |
1106 | StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);\r | |
1107 | *Mask |= PEER_ID;\r | |
1108 | }\r | |
1109 | \r | |
1110 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r | |
1111 | if (ValueStr != NULL) {\r | |
1112 | if (ValueStr[0] == L'@') {\r | |
1113 | //\r | |
1114 | // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r | |
1115 | //\r | |
1116 | Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r | |
1117 | if (EFI_ERROR (Status)) {\r | |
1118 | ShellPrintHiiEx (\r | |
1119 | -1,\r | |
1120 | -1,\r | |
1121 | NULL,\r | |
1122 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1123 | mHiiHandle,\r | |
1124 | mAppName,\r | |
1125 | &ValueStr[1]\r | |
1126 | );\r | |
1127 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1128 | } else {\r | |
1129 | Status = ShellGetFileSize (FileHandle, &FileSize);\r | |
1130 | ShellCloseFile (&FileHandle);\r | |
1131 | if (EFI_ERROR (Status)) {\r | |
1132 | ShellPrintHiiEx (\r | |
1133 | -1,\r | |
1134 | -1,\r | |
1135 | NULL,\r | |
1136 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1137 | mHiiHandle,\r | |
1138 | mAppName,\r | |
1139 | &ValueStr[1]\r | |
1140 | );\r | |
1141 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1142 | } else {\r | |
1143 | AuthDataLength = (UINTN) FileSize;\r | |
1144 | }\r | |
1145 | }\r | |
1146 | } else {\r | |
1147 | AuthDataLength = StrLen (ValueStr);\r | |
1148 | }\r | |
1149 | }\r | |
1150 | \r | |
1151 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r | |
1152 | if (ValueStr != NULL) {\r | |
1153 | RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r | |
1154 | }\r | |
1155 | \r | |
1156 | //\r | |
1157 | // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r | |
1158 | // in different Arch.\r | |
1159 | //\r | |
1160 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r | |
1161 | DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r | |
1162 | DataSize += RevocationDataLength;\r | |
1163 | \r | |
1164 | *Data = AllocateZeroPool (DataSize);\r | |
1165 | ASSERT (*Data != NULL);\r | |
1166 | \r | |
1167 | (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r | |
1168 | (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r | |
1169 | (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r | |
1170 | \r | |
1171 | //\r | |
1172 | // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r | |
1173 | //\r | |
1174 | Status = GetNumber (\r | |
1175 | L"--auth-proto",\r | |
1176 | 0,\r | |
1177 | &(*Data)->AuthProtocol,\r | |
1178 | sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r | |
1179 | mMapAuthProto,\r | |
1180 | ParamPackage,\r | |
1181 | FORMAT_STRING\r | |
1182 | );\r | |
1183 | if (!EFI_ERROR (Status)) {\r | |
1184 | *Mask |= AUTH_PROTO;\r | |
1185 | }\r | |
1186 | \r | |
1187 | if (Status == EFI_INVALID_PARAMETER) {\r | |
1188 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1189 | }\r | |
1190 | \r | |
1191 | Status = GetNumber (\r | |
1192 | L"--auth-method",\r | |
1193 | 0,\r | |
1194 | &(*Data)->AuthMethod,\r | |
1195 | sizeof (EFI_IPSEC_AUTH_METHOD),\r | |
1196 | mMapAuthMethod,\r | |
1197 | ParamPackage,\r | |
1198 | FORMAT_STRING\r | |
1199 | );\r | |
1200 | if (!EFI_ERROR (Status)) {\r | |
1201 | *Mask |= AUTH_METHOD;\r | |
1202 | }\r | |
1203 | \r | |
1204 | if (Status == EFI_INVALID_PARAMETER) {\r | |
1205 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1206 | }\r | |
1207 | \r | |
1208 | if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r | |
1209 | (*Data)->IkeIdFlag = TRUE;\r | |
1210 | *Mask |= IKE_ID;\r | |
1211 | }\r | |
1212 | \r | |
1213 | if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r | |
1214 | (*Data)->IkeIdFlag = FALSE;\r | |
1215 | *Mask |= IKE_ID;\r | |
1216 | }\r | |
1217 | \r | |
1218 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r | |
1219 | if (ValueStr != NULL) {\r | |
1220 | if (ValueStr[0] == L'@') {\r | |
1221 | //\r | |
1222 | // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r | |
1223 | //\r | |
1224 | \r | |
1225 | Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r | |
1226 | if (EFI_ERROR (Status)) {\r | |
1227 | ShellPrintHiiEx (\r | |
1228 | -1,\r | |
1229 | -1,\r | |
1230 | NULL,\r | |
1231 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1232 | mHiiHandle,\r | |
1233 | mAppName,\r | |
1234 | &ValueStr[1]\r | |
1235 | );\r | |
1236 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1237 | (*Data)->AuthData = NULL;\r | |
1238 | } else {\r | |
1239 | DataLength = AuthDataLength;\r | |
64b2d0e5 | 1240 | Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r |
a3bcde70 HT |
1241 | ShellCloseFile (&FileHandle);\r |
1242 | if (EFI_ERROR (Status)) {\r | |
1243 | ShellPrintHiiEx (\r | |
1244 | -1,\r | |
1245 | -1,\r | |
1246 | NULL,\r | |
1247 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1248 | mHiiHandle,\r | |
1249 | mAppName,\r | |
1250 | &ValueStr[1]\r | |
1251 | );\r | |
1252 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1253 | (*Data)->AuthData = NULL;\r | |
1254 | } else {\r | |
1255 | ASSERT (DataLength == AuthDataLength);\r | |
1256 | *Mask |= AUTH_DATA;\r | |
1257 | }\r | |
1258 | }\r | |
1259 | } else {\r | |
1260 | for (Index = 0; Index < AuthDataLength; Index++) {\r | |
1261 | ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r | |
1262 | }\r | |
1263 | (*Data)->AuthDataSize = AuthDataLength;\r | |
1264 | *Mask |= AUTH_DATA;\r | |
1265 | }\r | |
1266 | }\r | |
1267 | \r | |
1268 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r | |
1269 | if (ValueStr != NULL) {\r | |
1270 | CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r | |
1271 | (*Data)->RevocationDataSize = RevocationDataLength;\r | |
1272 | *Mask |= REVOCATION_DATA;\r | |
1273 | } else {\r | |
1274 | (*Data)->RevocationData = NULL;\r | |
1275 | }\r | |
1276 | \r | |
1277 | if (CreateNew) {\r | |
1278 | if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r | |
1279 | ShellPrintHiiEx (\r | |
1280 | -1,\r | |
1281 | -1,\r | |
1282 | NULL,\r | |
1283 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1284 | mHiiHandle,\r | |
1285 | mAppName,\r | |
1286 | L"--peer-id --peer-address"\r | |
1287 | );\r | |
1288 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1289 | } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r | |
1290 | ShellPrintHiiEx (\r | |
1291 | -1,\r | |
1292 | -1,\r | |
1293 | NULL,\r | |
1294 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1295 | mHiiHandle,\r | |
1296 | mAppName,\r | |
1297 | L"--auth-method --auth-data"\r | |
1298 | );\r | |
1299 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1300 | }\r | |
1301 | }\r | |
1302 | \r | |
1303 | return ReturnStatus;\r | |
1304 | }\r | |
1305 | \r | |
1306 | CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r | |
1307 | (CREATE_POLICY_ENTRY) CreateSpdEntry,\r | |
1308 | (CREATE_POLICY_ENTRY) CreateSadEntry,\r | |
1309 | (CREATE_POLICY_ENTRY) CreatePadEntry\r | |
1310 | };\r | |
1311 | \r | |
1312 | /**\r | |
1313 | Combine old SPD entry with new SPD entry.\r | |
1314 | \r | |
1315 | @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
1316 | @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
1317 | @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
1318 | @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
1319 | @param[in] Mask The pointer to the Mask.\r | |
1320 | @param[out] CreateNew The switch to create new.\r | |
1321 | \r | |
1322 | @retval EFI_SUCCESS Combined successfully.\r | |
1323 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1324 | \r | |
1325 | **/\r | |
1326 | EFI_STATUS\r | |
1327 | CombineSpdEntry (\r | |
1328 | IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r | |
1329 | IN OUT EFI_IPSEC_SPD_DATA *OldData,\r | |
1330 | IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r | |
1331 | IN EFI_IPSEC_SPD_DATA *NewData,\r | |
1332 | IN UINT32 Mask,\r | |
1333 | OUT BOOLEAN *CreateNew\r | |
1334 | )\r | |
1335 | {\r | |
1336 | \r | |
1337 | //\r | |
1338 | // Process Selector\r | |
1339 | //\r | |
1340 | *CreateNew = FALSE;\r | |
1341 | if ((Mask & LOCAL) == 0) {\r | |
1342 | NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r | |
1343 | NewSelector->LocalAddress = OldSelector->LocalAddress;\r | |
1344 | } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r | |
1345 | (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r | |
1346 | *CreateNew = TRUE;\r | |
1347 | }\r | |
1348 | \r | |
1349 | if ((Mask & REMOTE) == 0) {\r | |
1350 | NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r | |
1351 | NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r | |
1352 | } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r | |
1353 | (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r | |
1354 | *CreateNew = TRUE;\r | |
1355 | }\r | |
1356 | \r | |
1357 | if ((Mask & PROTO) == 0) {\r | |
1358 | NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r | |
1359 | } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r | |
1360 | *CreateNew = TRUE;\r | |
1361 | }\r | |
1362 | \r | |
1363 | switch (NewSelector->NextLayerProtocol) {\r | |
1364 | case EFI_IP4_PROTO_TCP:\r | |
1365 | case EFI_IP4_PROTO_UDP:\r | |
1366 | if ((Mask & LOCAL_PORT) == 0) {\r | |
1367 | NewSelector->LocalPort = OldSelector->LocalPort;\r | |
1368 | NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r | |
1369 | } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r | |
1370 | (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r | |
1371 | *CreateNew = TRUE;\r | |
1372 | }\r | |
1373 | \r | |
1374 | if ((Mask & REMOTE_PORT) == 0) {\r | |
1375 | NewSelector->RemotePort = OldSelector->RemotePort;\r | |
1376 | NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r | |
1377 | } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r | |
1378 | (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r | |
1379 | *CreateNew = TRUE;\r | |
1380 | }\r | |
1381 | break;\r | |
1382 | \r | |
1383 | case EFI_IP4_PROTO_ICMP:\r | |
1384 | if ((Mask & ICMP_TYPE) == 0) {\r | |
1385 | NewSelector->LocalPort = OldSelector->LocalPort;\r | |
1386 | } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r | |
1387 | *CreateNew = TRUE;\r | |
1388 | }\r | |
1389 | \r | |
1390 | if ((Mask & ICMP_CODE) == 0) {\r | |
1391 | NewSelector->RemotePort = OldSelector->RemotePort;\r | |
1392 | } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r | |
1393 | *CreateNew = TRUE;\r | |
1394 | }\r | |
1395 | break;\r | |
1396 | }\r | |
1397 | //\r | |
1398 | // Process Data\r | |
1399 | //\r | |
1400 | if ((Mask & NAME) != 0) {\r | |
1401 | AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);\r | |
1402 | }\r | |
1403 | \r | |
1404 | if ((Mask & PACKET_FLAG) != 0) {\r | |
1405 | OldData->PackageFlag = NewData->PackageFlag;\r | |
1406 | }\r | |
1407 | \r | |
1408 | if ((Mask & ACTION) != 0) {\r | |
1409 | OldData->Action = NewData->Action;\r | |
1410 | }\r | |
1411 | \r | |
1412 | if (OldData->Action != EfiIPsecActionProtect) {\r | |
1413 | OldData->ProcessingPolicy = NULL;\r | |
1414 | } else {\r | |
1415 | //\r | |
1416 | // Protect\r | |
1417 | //\r | |
1418 | if (OldData->ProcessingPolicy == NULL) {\r | |
1419 | //\r | |
1420 | // Just point to new data if originally NULL.\r | |
1421 | //\r | |
1422 | OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r | |
1423 | if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r | |
1424 | (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r | |
1425 | ) {\r | |
1426 | //\r | |
1427 | // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r | |
1428 | //\r | |
1429 | ShellPrintHiiEx (\r | |
1430 | -1,\r | |
1431 | -1,\r | |
1432 | NULL,\r | |
1433 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1434 | mHiiHandle,\r | |
1435 | mAppName,\r | |
1436 | L"--tunnel-local --tunnel-remote"\r | |
1437 | );\r | |
1438 | return EFI_INVALID_PARAMETER;\r | |
1439 | }\r | |
1440 | } else {\r | |
1441 | //\r | |
1442 | // Modify some of the data.\r | |
1443 | //\r | |
1444 | if ((Mask & EXT_SEQUENCE) != 0) {\r | |
1445 | OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r | |
1446 | }\r | |
1447 | \r | |
1448 | if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r | |
1449 | OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r | |
1450 | }\r | |
1451 | \r | |
1452 | if ((Mask & FRAGMENT_CHECK) != 0) {\r | |
1453 | OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r | |
1454 | }\r | |
1455 | \r | |
1456 | if ((Mask & LIFEBYTE) != 0) {\r | |
1457 | OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r | |
1458 | }\r | |
1459 | \r | |
1460 | if ((Mask & LIFETIME_SOFT) != 0) {\r | |
1461 | OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r | |
1462 | }\r | |
1463 | \r | |
1464 | if ((Mask & LIFETIME) != 0) {\r | |
1465 | OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r | |
1466 | }\r | |
1467 | \r | |
1468 | if ((Mask & MODE) != 0) {\r | |
1469 | OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r | |
1470 | }\r | |
1471 | \r | |
1472 | if ((Mask & IPSEC_PROTO) != 0) {\r | |
1473 | OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r | |
1474 | }\r | |
1475 | \r | |
1476 | if ((Mask & AUTH_ALGO) != 0) {\r | |
1477 | OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r | |
1478 | }\r | |
1479 | \r | |
1480 | if ((Mask & ENCRYPT_ALGO) != 0) {\r | |
1481 | OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r | |
1482 | }\r | |
1483 | \r | |
1484 | if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r | |
1485 | OldData->ProcessingPolicy->TunnelOption = NULL;\r | |
1486 | } else {\r | |
1487 | if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r | |
1488 | //\r | |
1489 | // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r | |
1490 | //\r | |
1491 | if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r | |
1492 | ShellPrintHiiEx (\r | |
1493 | -1,\r | |
1494 | -1,\r | |
1495 | NULL,\r | |
1496 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1497 | mHiiHandle,\r | |
1498 | mAppName,\r | |
1499 | L"--tunnel-local --tunnel-remote"\r | |
1500 | );\r | |
1501 | return EFI_INVALID_PARAMETER;\r | |
1502 | }\r | |
1503 | \r | |
1504 | OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r | |
1505 | } else {\r | |
1506 | if ((Mask & TUNNEL_LOCAL) != 0) {\r | |
1507 | CopyMem (\r | |
1508 | &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r | |
1509 | &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r | |
1510 | sizeof (EFI_IP_ADDRESS)\r | |
1511 | );\r | |
1512 | }\r | |
1513 | \r | |
1514 | if ((Mask & TUNNEL_REMOTE) != 0) {\r | |
1515 | CopyMem (\r | |
1516 | &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r | |
1517 | &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r | |
1518 | sizeof (EFI_IP_ADDRESS)\r | |
1519 | );\r | |
1520 | }\r | |
1521 | \r | |
1522 | if ((Mask & DONT_FRAGMENT) != 0) {\r | |
1523 | OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r | |
1524 | }\r | |
1525 | }\r | |
1526 | }\r | |
1527 | }\r | |
1528 | }\r | |
1529 | \r | |
1530 | return EFI_SUCCESS;\r | |
1531 | }\r | |
1532 | \r | |
1533 | /**\r | |
1534 | Combine old SAD entry with new SAD entry.\r | |
1535 | \r | |
1536 | @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r | |
64b2d0e5 | 1537 | @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 | 1538 | @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r |
64b2d0e5 | 1539 | @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 HT |
1540 | @param[in] Mask The pointer to the Mask.\r |
1541 | @param[out] CreateNew The switch to create new.\r | |
1542 | \r | |
1543 | @retval EFI_SUCCESS Combined successfully.\r | |
1544 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1545 | \r | |
1546 | **/\r | |
1547 | EFI_STATUS\r | |
1548 | CombineSadEntry (\r | |
1549 | IN OUT EFI_IPSEC_SA_ID *OldSaId,\r | |
686d4d4a | 1550 | IN OUT EFI_IPSEC_SA_DATA2 *OldData,\r |
a3bcde70 | 1551 | IN EFI_IPSEC_SA_ID *NewSaId,\r |
686d4d4a | 1552 | IN EFI_IPSEC_SA_DATA2 *NewData,\r |
a3bcde70 HT |
1553 | IN UINT32 Mask,\r |
1554 | OUT BOOLEAN *CreateNew\r | |
1555 | )\r | |
1556 | {\r | |
1557 | \r | |
1558 | *CreateNew = FALSE;\r | |
1559 | \r | |
1560 | if ((Mask & SPI) == 0) {\r | |
1561 | NewSaId->Spi = OldSaId->Spi;\r | |
1562 | } else if (NewSaId->Spi != OldSaId->Spi) {\r | |
1563 | *CreateNew = TRUE;\r | |
1564 | }\r | |
1565 | \r | |
1566 | if ((Mask & IPSEC_PROTO) == 0) {\r | |
1567 | NewSaId->Proto = OldSaId->Proto;\r | |
1568 | } else if (NewSaId->Proto != OldSaId->Proto) {\r | |
1569 | *CreateNew = TRUE;\r | |
1570 | }\r | |
1571 | \r | |
1572 | if ((Mask & DEST) == 0) {\r | |
64b2d0e5 | 1573 | CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));\r |
1574 | } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r | |
a3bcde70 HT |
1575 | *CreateNew = TRUE;\r |
1576 | }\r | |
1577 | \r | |
64b2d0e5 | 1578 | if ((Mask & SOURCE) == 0) {\r |
1579 | CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));\r | |
1580 | } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r | |
1581 | *CreateNew = TRUE;\r | |
1582 | }\r | |
a3bcde70 HT |
1583 | //\r |
1584 | // Process SA_DATA.\r | |
1585 | //\r | |
1586 | if ((Mask & MODE) != 0) {\r | |
1587 | OldData->Mode = NewData->Mode;\r | |
1588 | }\r | |
1589 | \r | |
1590 | if ((Mask & SEQUENCE_NUMBER) != 0) {\r | |
1591 | OldData->SNCount = NewData->SNCount;\r | |
1592 | }\r | |
1593 | \r | |
1594 | if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r | |
1595 | OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r | |
1596 | }\r | |
1597 | \r | |
1598 | if ((Mask & AUTH_ALGO) != 0) {\r | |
1599 | OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r | |
1600 | }\r | |
1601 | \r | |
1602 | if ((Mask & AUTH_KEY) != 0) {\r | |
1603 | OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r | |
1604 | OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r | |
1605 | }\r | |
1606 | \r | |
1607 | if ((Mask & ENCRYPT_ALGO) != 0) {\r | |
1608 | OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r | |
1609 | }\r | |
1610 | \r | |
1611 | if ((Mask & ENCRYPT_KEY) != 0) {\r | |
1612 | OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r | |
1613 | OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r | |
1614 | }\r | |
1615 | \r | |
1616 | if (NewSaId->Proto == EfiIPsecAH) {\r | |
1617 | if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r | |
1618 | //\r | |
1619 | // Should not provide encrypt_* if AH.\r | |
1620 | //\r | |
1621 | ShellPrintHiiEx (\r | |
1622 | -1,\r | |
1623 | -1,\r | |
1624 | NULL,\r | |
1625 | STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r | |
1626 | mHiiHandle,\r | |
1627 | mAppName,\r | |
1628 | L"--encrypt-algo --encrypt-key"\r | |
1629 | );\r | |
1630 | return EFI_INVALID_PARAMETER;\r | |
1631 | }\r | |
1632 | }\r | |
1633 | \r | |
1634 | if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r | |
1635 | //\r | |
1636 | // AH -> ESP\r | |
1637 | // Should provide encrypt_algo at least.\r | |
1638 | //\r | |
1639 | if ((Mask & ENCRYPT_ALGO) == 0) {\r | |
1640 | ShellPrintHiiEx (\r | |
1641 | -1,\r | |
1642 | -1,\r | |
1643 | NULL,\r | |
1644 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1645 | mHiiHandle,\r | |
1646 | mAppName,\r | |
1647 | L"--encrypt-algo"\r | |
1648 | );\r | |
1649 | return EFI_INVALID_PARAMETER;\r | |
1650 | }\r | |
1651 | \r | |
1652 | //\r | |
1653 | // Encrypt_key should be provided if algorithm is not NONE.\r | |
1654 | //\r | |
780847d1 | 1655 | if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r |
a3bcde70 HT |
1656 | ShellPrintHiiEx (\r |
1657 | -1,\r | |
1658 | -1,\r | |
1659 | NULL,\r | |
1660 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1661 | mHiiHandle,\r | |
1662 | mAppName,\r | |
1663 | L"--encrypt-algo"\r | |
1664 | );\r | |
1665 | return EFI_INVALID_PARAMETER;\r | |
1666 | }\r | |
1667 | }\r | |
1668 | \r | |
1669 | if ((Mask & LIFEBYTE) != 0) {\r | |
1670 | OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r | |
1671 | }\r | |
1672 | \r | |
1673 | if ((Mask & LIFETIME_SOFT) != 0) {\r | |
1674 | OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r | |
1675 | }\r | |
1676 | \r | |
1677 | if ((Mask & LIFETIME) != 0) {\r | |
1678 | OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r | |
1679 | }\r | |
1680 | \r | |
1681 | if ((Mask & PATH_MTU) != 0) {\r | |
1682 | OldData->PathMTU = NewData->PathMTU;\r | |
1683 | }\r | |
1684 | //\r | |
1685 | // Process SpdSelector.\r | |
1686 | //\r | |
1687 | if (OldData->SpdSelector == NULL) {\r | |
1688 | if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r | |
1689 | if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r | |
1690 | ShellPrintHiiEx (\r | |
1691 | -1,\r | |
1692 | -1,\r | |
1693 | NULL,\r | |
1694 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1695 | mHiiHandle,\r | |
1696 | mAppName,\r | |
1697 | L"--local --remote --proto"\r | |
1698 | );\r | |
1699 | return EFI_INVALID_PARAMETER;\r | |
1700 | }\r | |
1701 | \r | |
1702 | OldData->SpdSelector = NewData->SpdSelector;\r | |
1703 | }\r | |
1704 | } else {\r | |
1705 | if ((Mask & LOCAL) != 0) {\r | |
1706 | OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r | |
1707 | OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r | |
1708 | }\r | |
1709 | \r | |
1710 | if ((Mask & REMOTE) != 0) {\r | |
1711 | OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r | |
1712 | OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r | |
1713 | }\r | |
1714 | \r | |
1715 | if ((Mask & PROTO) != 0) {\r | |
1716 | OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r | |
1717 | }\r | |
1718 | \r | |
1719 | if (OldData->SpdSelector != NULL) {\r | |
1720 | switch (OldData->SpdSelector->NextLayerProtocol) {\r | |
1721 | case EFI_IP4_PROTO_TCP:\r | |
1722 | case EFI_IP4_PROTO_UDP:\r | |
1723 | if ((Mask & LOCAL_PORT) != 0) {\r | |
1724 | OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r | |
1725 | }\r | |
1726 | \r | |
1727 | if ((Mask & REMOTE_PORT) != 0) {\r | |
1728 | OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r | |
1729 | }\r | |
1730 | break;\r | |
1731 | \r | |
1732 | case EFI_IP4_PROTO_ICMP:\r | |
1733 | if ((Mask & ICMP_TYPE) != 0) {\r | |
1734 | OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r | |
1735 | }\r | |
1736 | \r | |
1737 | if ((Mask & ICMP_CODE) != 0) {\r | |
1738 | OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r | |
1739 | }\r | |
1740 | break;\r | |
1741 | }\r | |
1742 | }\r | |
1743 | }\r | |
1744 | \r | |
1745 | return EFI_SUCCESS;\r | |
1746 | }\r | |
1747 | \r | |
1748 | /**\r | |
1749 | Combine old PAD entry with new PAD entry.\r | |
1750 | \r | |
1751 | @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1752 | @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1753 | @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1754 | @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1755 | @param[in] Mask The pointer to the Mask.\r | |
1756 | @param[out] CreateNew The switch to create new.\r | |
1757 | \r | |
1758 | @retval EFI_SUCCESS Combined successfully.\r | |
1759 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1760 | \r | |
1761 | **/\r | |
1762 | EFI_STATUS\r | |
1763 | CombinePadEntry (\r | |
1764 | IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r | |
1765 | IN OUT EFI_IPSEC_PAD_DATA *OldData,\r | |
1766 | IN EFI_IPSEC_PAD_ID *NewPadId,\r | |
1767 | IN EFI_IPSEC_PAD_DATA *NewData,\r | |
1768 | IN UINT32 Mask,\r | |
1769 | OUT BOOLEAN *CreateNew\r | |
1770 | )\r | |
1771 | {\r | |
1772 | \r | |
1773 | *CreateNew = FALSE;\r | |
1774 | \r | |
1775 | if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r | |
1776 | CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r | |
1777 | } else {\r | |
1778 | if ((Mask & PEER_ID) != 0) {\r | |
1779 | if (OldPadId->PeerIdValid) {\r | |
1780 | if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r | |
1781 | *CreateNew = TRUE;\r | |
1782 | }\r | |
1783 | } else {\r | |
1784 | *CreateNew = TRUE;\r | |
1785 | }\r | |
1786 | } else {\r | |
1787 | //\r | |
1788 | // MASK & PEER_ADDRESS\r | |
1789 | //\r | |
1790 | if (OldPadId->PeerIdValid) {\r | |
1791 | *CreateNew = TRUE;\r | |
1792 | } else {\r | |
1793 | if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r | |
1794 | (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r | |
1795 | *CreateNew = TRUE;\r | |
1796 | }\r | |
1797 | }\r | |
1798 | }\r | |
1799 | }\r | |
1800 | \r | |
1801 | if ((Mask & AUTH_PROTO) != 0) {\r | |
1802 | OldData->AuthProtocol = NewData->AuthProtocol;\r | |
1803 | }\r | |
1804 | \r | |
1805 | if ((Mask & AUTH_METHOD) != 0) {\r | |
1806 | OldData->AuthMethod = NewData->AuthMethod;\r | |
1807 | }\r | |
1808 | \r | |
1809 | if ((Mask & IKE_ID) != 0) {\r | |
1810 | OldData->IkeIdFlag = NewData->IkeIdFlag;\r | |
1811 | }\r | |
1812 | \r | |
1813 | if ((Mask & AUTH_DATA) != 0) {\r | |
1814 | OldData->AuthDataSize = NewData->AuthDataSize;\r | |
1815 | OldData->AuthData = NewData->AuthData;\r | |
1816 | }\r | |
1817 | \r | |
1818 | if ((Mask & REVOCATION_DATA) != 0) {\r | |
1819 | OldData->RevocationDataSize = NewData->RevocationDataSize;\r | |
1820 | OldData->RevocationData = NewData->RevocationData;\r | |
1821 | }\r | |
1822 | \r | |
1823 | return EFI_SUCCESS;\r | |
1824 | }\r | |
1825 | \r | |
1826 | COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r | |
1827 | (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r | |
1828 | (COMBINE_POLICY_ENTRY) CombineSadEntry,\r | |
1829 | (COMBINE_POLICY_ENTRY) CombinePadEntry\r | |
1830 | };\r | |
1831 | \r | |
1832 | /**\r | |
1833 | Edit entry information in the database.\r | |
1834 | \r | |
1835 | @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r | |
1836 | @param[in] Data The pointer to the data.\r | |
1837 | @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r | |
1838 | \r | |
1839 | @retval EFI_SUCCESS Continue the iteration.\r | |
1840 | @retval EFI_ABORTED Abort the iteration.\r | |
1841 | **/\r | |
1842 | EFI_STATUS\r | |
1843 | EditOperatePolicyEntry (\r | |
1844 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
1845 | IN VOID *Data,\r | |
1846 | IN EDIT_POLICY_ENTRY_CONTEXT *Context\r | |
1847 | )\r | |
1848 | {\r | |
1849 | EFI_STATUS Status;\r | |
1850 | BOOLEAN CreateNew;\r | |
1851 | \r | |
1852 | if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r | |
1853 | ASSERT (Context->DataType < 3);\r | |
1854 | \r | |
1855 | Status = mCombinePolicyEntry[Context->DataType] (\r | |
1856 | Selector,\r | |
1857 | Data,\r | |
1858 | Context->Selector,\r | |
1859 | Context->Data,\r | |
1860 | Context->Mask,\r | |
1861 | &CreateNew\r | |
1862 | );\r | |
1863 | if (!EFI_ERROR (Status)) {\r | |
1864 | if (CreateNew) {\r | |
1865 | //\r | |
1866 | // Insert new entry before old entry\r | |
1867 | //\r | |
1868 | Status = mIpSecConfig->SetData (\r | |
1869 | mIpSecConfig,\r | |
1870 | Context->DataType,\r | |
1871 | Context->Selector,\r | |
1872 | Data,\r | |
1873 | Selector\r | |
1874 | );\r | |
1875 | ASSERT_EFI_ERROR (Status);\r | |
1876 | //\r | |
1877 | // Delete old entry\r | |
1878 | //\r | |
1879 | Status = mIpSecConfig->SetData (\r | |
1880 | mIpSecConfig,\r | |
1881 | Context->DataType,\r | |
1882 | Selector,\r | |
1883 | NULL,\r | |
1884 | NULL\r | |
1885 | );\r | |
1886 | ASSERT_EFI_ERROR (Status);\r | |
1887 | } else {\r | |
1888 | Status = mIpSecConfig->SetData (\r | |
1889 | mIpSecConfig,\r | |
1890 | Context->DataType,\r | |
1891 | Context->Selector,\r | |
1892 | Data,\r | |
1893 | NULL\r | |
1894 | );\r | |
1895 | }\r | |
1896 | }\r | |
1897 | \r | |
1898 | Context->Status = Status;\r | |
1899 | return EFI_ABORTED;\r | |
1900 | }\r | |
1901 | \r | |
1902 | return EFI_SUCCESS;\r | |
1903 | }\r | |
1904 | \r | |
1905 | /**\r | |
1906 | Edit entry information in database according to datatype.\r | |
1907 | \r | |
1908 | @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r | |
1909 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
1910 | \r | |
1911 | @retval EFI_SUCCESS Edit entry information successfully.\r | |
1912 | @retval EFI_NOT_FOUND Can't find the specified entry.\r | |
1913 | @retval Others Some mistaken case.\r | |
1914 | **/\r | |
1915 | EFI_STATUS\r | |
1916 | EditPolicyEntry (\r | |
1917 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
1918 | IN LIST_ENTRY *ParamPackage\r | |
1919 | )\r | |
1920 | {\r | |
1921 | EFI_STATUS Status;\r | |
1922 | EDIT_POLICY_ENTRY_CONTEXT Context;\r | |
1923 | CONST CHAR16 *ValueStr;\r | |
1924 | \r | |
1925 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r | |
1926 | if (ValueStr == NULL) {\r | |
1927 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r | |
1928 | return EFI_NOT_FOUND;\r | |
1929 | }\r | |
1930 | \r | |
1931 | Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r | |
1932 | if (!EFI_ERROR (Status)) {\r | |
1933 | Context.DataType = DataType;\r | |
1934 | Context.Status = EFI_NOT_FOUND;\r | |
1935 | Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r | |
1936 | if (!EFI_ERROR (Status)) {\r | |
1937 | ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r | |
1938 | Status = Context.Status;\r | |
1939 | }\r | |
1940 | \r | |
1941 | if (Context.Selector != NULL) {\r | |
1942 | gBS->FreePool (Context.Selector);\r | |
1943 | }\r | |
1944 | \r | |
1945 | if (Context.Data != NULL) {\r | |
1946 | gBS->FreePool (Context.Data);\r | |
1947 | }\r | |
1948 | }\r | |
1949 | \r | |
1950 | if (Status == EFI_NOT_FOUND) {\r | |
1951 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r | |
1952 | } else if (EFI_ERROR (Status)) {\r | |
1953 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r | |
1954 | }\r | |
1955 | \r | |
1956 | return Status;\r | |
1957 | \r | |
1958 | }\r | |
1959 | \r | |
1960 | /**\r | |
1961 | Insert entry information in database.\r | |
1962 | \r | |
1963 | @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r | |
1964 | @param[in] Data The pointer to the data.\r | |
1965 | @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r | |
1966 | \r | |
1967 | @retval EFI_SUCCESS Continue the iteration.\r | |
1968 | @retval EFI_ABORTED Abort the iteration.\r | |
1969 | **/\r | |
1970 | EFI_STATUS\r | |
1971 | InsertPolicyEntry (\r | |
1972 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
1973 | IN VOID *Data,\r | |
1974 | IN INSERT_POLICY_ENTRY_CONTEXT *Context\r | |
1975 | )\r | |
1976 | {\r | |
1977 | //\r | |
1978 | // Found the entry which we want to insert before.\r | |
1979 | //\r | |
1980 | if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r | |
1981 | \r | |
1982 | Context->Status = mIpSecConfig->SetData (\r | |
1983 | mIpSecConfig,\r | |
1984 | Context->DataType,\r | |
1985 | Context->Selector,\r | |
1986 | Context->Data,\r | |
1987 | Selector\r | |
1988 | );\r | |
1989 | //\r | |
1990 | // Abort the iteration after the insertion.\r | |
1991 | //\r | |
1992 | return EFI_ABORTED;\r | |
1993 | }\r | |
1994 | \r | |
1995 | return EFI_SUCCESS;\r | |
1996 | }\r | |
1997 | \r | |
1998 | /**\r | |
1999 | Insert or add entry information in database according to datatype.\r | |
2000 | \r | |
2001 | @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r | |
2002 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
2003 | \r | |
2004 | @retval EFI_SUCCESS Insert or add entry information successfully.\r | |
2005 | @retval EFI_NOT_FOUND Can't find the specified entry.\r | |
2006 | @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r | |
2007 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
2008 | @retval Others Some mistaken case.\r | |
2009 | **/\r | |
2010 | EFI_STATUS\r | |
2011 | AddOrInsertPolicyEntry (\r | |
2012 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
2013 | IN LIST_ENTRY *ParamPackage\r | |
2014 | )\r | |
2015 | {\r | |
2016 | EFI_STATUS Status;\r | |
2017 | EFI_IPSEC_CONFIG_SELECTOR *Selector;\r | |
2018 | VOID *Data;\r | |
2019 | INSERT_POLICY_ENTRY_CONTEXT Context;\r | |
2020 | UINT32 Mask;\r | |
2021 | UINTN DataSize;\r | |
2022 | CONST CHAR16 *ValueStr;\r | |
2023 | \r | |
2024 | Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r | |
2025 | if (!EFI_ERROR (Status)) {\r | |
2026 | //\r | |
2027 | // Find if the Selector to be inserted already exists.\r | |
2028 | //\r | |
2029 | DataSize = 0;\r | |
2030 | Status = mIpSecConfig->GetData (\r | |
2031 | mIpSecConfig,\r | |
2032 | DataType,\r | |
2033 | Selector,\r | |
2034 | &DataSize,\r | |
2035 | NULL\r | |
2036 | );\r | |
2037 | if (Status == EFI_BUFFER_TOO_SMALL) {\r | |
2038 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r | |
2039 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r | |
2040 | Status = mIpSecConfig->SetData (\r | |
2041 | mIpSecConfig,\r | |
2042 | DataType,\r | |
2043 | Selector,\r | |
2044 | Data,\r | |
2045 | NULL\r | |
2046 | );\r | |
2047 | } else {\r | |
2048 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r | |
2049 | if (ValueStr == NULL) {\r | |
2050 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r | |
2051 | return EFI_NOT_FOUND;\r | |
2052 | }\r | |
2053 | \r | |
2054 | Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r | |
2055 | if (!EFI_ERROR (Status)) {\r | |
2056 | Context.DataType = DataType;\r | |
2057 | Context.Status = EFI_NOT_FOUND;\r | |
2058 | Context.Selector = Selector;\r | |
2059 | Context.Data = Data;\r | |
2060 | \r | |
2061 | ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r | |
2062 | Status = Context.Status;\r | |
2063 | if (Status == EFI_NOT_FOUND) {\r | |
2064 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r | |
2065 | }\r | |
2066 | }\r | |
2067 | }\r | |
2068 | \r | |
2069 | gBS->FreePool (Selector);\r | |
2070 | gBS->FreePool (Data);\r | |
2071 | }\r | |
2072 | \r | |
2073 | if (Status == EFI_UNSUPPORTED) {\r | |
2074 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r | |
2075 | } else if (EFI_ERROR (Status)) {\r | |
2076 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r | |
2077 | }\r | |
2078 | \r | |
2079 | return Status;\r | |
2080 | }\r |