2 The implementation of IPSEC_CONFIG_PROTOCOL.
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include "IpSecConfigImpl.h"
17 #include "IpSecDebug.h"
19 LIST_ENTRY mConfigData
[IPsecConfigDataTypeMaximum
];
20 BOOLEAN mSetBySelf
= FALSE
;
23 // Common CompareSelector routine entry for spd/sad/pad.
25 IPSEC_COMPARE_SELECTOR mCompareSelector
[] = {
26 (IPSEC_COMPARE_SELECTOR
) CompareSpdSelector
,
27 (IPSEC_COMPARE_SELECTOR
) CompareSaId
,
28 (IPSEC_COMPARE_SELECTOR
) ComparePadId
32 // Common IsZeroSelector routine entry for spd/sad/pad.
34 IPSEC_IS_ZERO_SELECTOR mIsZeroSelector
[] = {
35 (IPSEC_IS_ZERO_SELECTOR
) IsZeroSpdSelector
,
36 (IPSEC_IS_ZERO_SELECTOR
) IsZeroSaId
,
37 (IPSEC_IS_ZERO_SELECTOR
) IsZeroPadId
41 // Common DuplicateSelector routine entry for spd/sad/pad.
43 IPSEC_DUPLICATE_SELECTOR mDuplicateSelector
[] = {
44 (IPSEC_DUPLICATE_SELECTOR
) DuplicateSpdSelector
,
45 (IPSEC_DUPLICATE_SELECTOR
) DuplicateSaId
,
46 (IPSEC_DUPLICATE_SELECTOR
) DuplicatePadId
50 // Common FixPolicyEntry routine entry for spd/sad/pad.
52 IPSEC_FIX_POLICY_ENTRY mFixPolicyEntry
[] = {
53 (IPSEC_FIX_POLICY_ENTRY
) FixSpdEntry
,
54 (IPSEC_FIX_POLICY_ENTRY
) FixSadEntry
,
55 (IPSEC_FIX_POLICY_ENTRY
) FixPadEntry
59 // Common UnfixPolicyEntry routine entry for spd/sad/pad.
61 IPSEC_FIX_POLICY_ENTRY mUnfixPolicyEntry
[] = {
62 (IPSEC_FIX_POLICY_ENTRY
) UnfixSpdEntry
,
63 (IPSEC_FIX_POLICY_ENTRY
) UnfixSadEntry
,
64 (IPSEC_FIX_POLICY_ENTRY
) UnfixPadEntry
68 // Common SetPolicyEntry routine entry for spd/sad/pad.
70 IPSEC_SET_POLICY_ENTRY mSetPolicyEntry
[] = {
71 (IPSEC_SET_POLICY_ENTRY
) SetSpdEntry
,
72 (IPSEC_SET_POLICY_ENTRY
) SetSadEntry
,
73 (IPSEC_SET_POLICY_ENTRY
) SetPadEntry
77 // Common GetPolicyEntry routine entry for spd/sad/pad.
79 IPSEC_GET_POLICY_ENTRY mGetPolicyEntry
[] = {
80 (IPSEC_GET_POLICY_ENTRY
) GetSpdEntry
,
81 (IPSEC_GET_POLICY_ENTRY
) GetSadEntry
,
82 (IPSEC_GET_POLICY_ENTRY
) GetPadEntry
86 // Routine entry for IpSecConfig protocol.
88 EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance
= {
89 EfiIpSecConfigSetData
,
90 EfiIpSecConfigGetData
,
91 EfiIpSecConfigGetNextSelector
,
92 EfiIpSecConfigRegisterNotify
,
93 EfiIpSecConfigUnregisterNotify
97 Get the all IPSec configuration variables and store those variables
98 to the internal data structure.
100 This founction is called by IpSecConfigInitialize() that is to intialize the
101 IPsecConfiguration Protocol.
103 @param[in] Private Point to IPSEC_PRIVATE_DATA.
105 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
106 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
107 @retval others Other errors is found during the variable getting.
112 IN IPSEC_PRIVATE_DATA
*Private
116 Check if the specified EFI_IP_ADDRESS_INFO is in EFI_IP_ADDRESS_INFO list.
118 @param[in] AddressInfo Pointer of IP_ADDRESS_INFO to be search in AddressInfo list.
119 @param[in] AddressInfoList A list that contains IP_ADDRESS_INFOs.
120 @param[in] AddressCount Point out how many IP_ADDRESS_INFO in the list.
122 @retval TRUE The specified AddressInfo is in the AddressInfoList.
123 @retval FALSE The specified AddressInfo is not in the AddressInfoList.
128 IN EFI_IP_ADDRESS_INFO
*AddressInfo
,
129 IN EFI_IP_ADDRESS_INFO
*AddressInfoList
,
130 IN UINT32 AddressCount
135 for (Index
= 0; Index
< AddressCount
; Index
++) {
138 &AddressInfoList
[Index
].Address
,
139 sizeof (EFI_IP_ADDRESS
)
141 AddressInfo
->PrefixLength
== AddressInfoList
[Index
].PrefixLength
150 Compare two SPD Selectors.
152 Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
153 NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
154 Local Addresses and remote Addresses.
156 @param[in] Selector1 Pointer of first SPD Selector.
157 @param[in] Selector2 Pointer of second SPD Selector.
159 @retval TRUE This two Selector have the same value in above fields.
160 @retval FALSE Not all above fields have the same value in these two Selectors.
165 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
166 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
169 EFI_IPSEC_SPD_SELECTOR
*SpdSel1
;
170 EFI_IPSEC_SPD_SELECTOR
*SpdSel2
;
174 SpdSel1
= &Selector1
->SpdSelector
;
175 SpdSel2
= &Selector2
->SpdSelector
;
179 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
180 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
181 // two Spdselectors. Since the SPD supports two directions, it needs to
182 // compare two directions.
184 if ((SpdSel1
->LocalAddressCount
!= SpdSel2
->LocalAddressCount
&&
185 SpdSel1
->LocalAddressCount
!= SpdSel2
->RemoteAddressCount
) ||
186 (SpdSel1
->RemoteAddressCount
!= SpdSel2
->RemoteAddressCount
&&
187 SpdSel1
->RemoteAddressCount
!= SpdSel2
->LocalAddressCount
) ||
188 SpdSel1
->NextLayerProtocol
!= SpdSel2
->NextLayerProtocol
||
189 SpdSel1
->LocalPort
!= SpdSel2
->LocalPort
||
190 SpdSel1
->LocalPortRange
!= SpdSel2
->LocalPortRange
||
191 SpdSel1
->RemotePort
!= SpdSel2
->RemotePort
||
192 SpdSel1
->RemotePortRange
!= SpdSel2
->RemotePortRange
199 // Compare the all LocalAddress fields in the two Spdselectors.
200 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
201 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
204 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
205 if (!IsInAddressInfoList (
206 &SpdSel1
->LocalAddress
[Index
],
207 SpdSel2
->LocalAddress
,
208 SpdSel2
->LocalAddressCount
215 for (Index
= 0; Index
< SpdSel2
->LocalAddressCount
; Index
++) {
216 if (!IsInAddressInfoList (
217 &SpdSel2
->LocalAddress
[Index
],
218 SpdSel1
->LocalAddress
,
219 SpdSel1
->LocalAddressCount
227 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
228 if (!IsInAddressInfoList (
229 &SpdSel1
->RemoteAddress
[Index
],
230 SpdSel2
->RemoteAddress
,
231 SpdSel2
->RemoteAddressCount
239 for (Index
= 0; Index
< SpdSel2
->RemoteAddressCount
; Index
++) {
240 if (!IsInAddressInfoList (
241 &SpdSel2
->RemoteAddress
[Index
],
242 SpdSel1
->RemoteAddress
,
243 SpdSel1
->RemoteAddressCount
251 // Finish the one direction compare. If it is matched, return; otherwise,
252 // compare the other direction.
258 // Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and
259 // SpdSel1->RemoteAddress doesn't equal to SpdSel2->RemoteAddress. Try to compare
260 // the RemoteAddress to LocalAddress.
263 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
264 if (!IsInAddressInfoList (
265 &SpdSel1
->RemoteAddress
[Index
],
266 SpdSel2
->LocalAddress
,
267 SpdSel2
->LocalAddressCount
274 for (Index
= 0; Index
< SpdSel2
->RemoteAddressCount
; Index
++) {
275 if (!IsInAddressInfoList (
276 &SpdSel2
->RemoteAddress
[Index
],
277 SpdSel1
->LocalAddress
,
278 SpdSel1
->LocalAddressCount
286 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
287 if (!IsInAddressInfoList (
288 &SpdSel1
->LocalAddress
[Index
],
289 SpdSel2
->RemoteAddress
,
290 SpdSel2
->RemoteAddressCount
298 for (Index
= 0; Index
< SpdSel2
->LocalAddressCount
; Index
++) {
299 if (!IsInAddressInfoList (
300 &SpdSel2
->LocalAddress
[Index
],
301 SpdSel1
->RemoteAddress
,
302 SpdSel1
->RemoteAddressCount
315 @param[in] Selector1 Pointer of first SA ID.
316 @param[in] Selector2 Pointer of second SA ID.
318 @retval TRUE This two Selectors have the same SA ID.
319 @retval FALSE This two Selecotrs don't have the same SA ID.
324 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
325 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
328 EFI_IPSEC_SA_ID
*SaId1
;
329 EFI_IPSEC_SA_ID
*SaId2
;
332 SaId1
= &Selector1
->SaId
;
333 SaId2
= &Selector2
->SaId
;
336 if (CompareMem (SaId1
, SaId2
, sizeof (EFI_IPSEC_SA_ID
)) != 0) {
346 @param[in] Selector1 Pointer of first PAD ID.
347 @param[in] Selector2 Pointer of second PAD ID.
349 @retval TRUE This two Selectors have the same PAD ID.
350 @retval FALSE This two Selecotrs don't have the same PAD ID.
355 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
356 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
359 EFI_IPSEC_PAD_ID
*PadId1
;
360 EFI_IPSEC_PAD_ID
*PadId2
;
363 PadId1
= &Selector1
->PadId
;
364 PadId2
= &Selector2
->PadId
;
368 // Compare the PeerIdValid fields in PadId.
370 if (PadId1
->PeerIdValid
!= PadId2
->PeerIdValid
) {
374 // Compare the PeerId fields in PadId if PeerIdValid is true.
377 PadId1
->PeerIdValid
&&
378 AsciiStriCmp ((CONST CHAR8
*) PadId1
->Id
.PeerId
, (CONST CHAR8
*) PadId2
->Id
.PeerId
) != 0
383 // Compare the IpAddress fields in PadId if PeerIdValid is false.
386 !PadId1
->PeerIdValid
&&
387 (PadId1
->Id
.IpAddress
.PrefixLength
!= PadId2
->Id
.IpAddress
.PrefixLength
||
388 CompareMem (&PadId1
->Id
.IpAddress
.Address
, &PadId2
->Id
.IpAddress
.Address
, sizeof (EFI_IP_ADDRESS
)) != 0)
397 Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount
400 @param[in] Selector Pointer of the SPD Selector.
402 @retval TRUE If the SPD Selector is Zero.
403 @retval FALSE If the SPD Selector is not Zero.
408 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
411 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
414 SpdSel
= &Selector
->SpdSelector
;
417 if (SpdSel
->LocalAddressCount
== 0 && SpdSel
->RemoteAddressCount
== 0) {
425 Check if the SA ID is Zero by its DestAddress.
427 @param[in] Selector Pointer of the SA ID.
429 @retval TRUE If the SA ID is Zero.
430 @retval FALSE If the SA ID is not Zero.
435 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
438 EFI_IP_ADDRESS
*DestAddr
;
439 EFI_IP_ADDRESS ZeroAddr
;
442 DestAddr
= &Selector
->SaId
.DestAddress
;
445 ZeroMem (&ZeroAddr
, sizeof (EFI_IP_ADDRESS
));
447 if (CompareMem (DestAddr
, &ZeroAddr
, sizeof (EFI_IP_ADDRESS
)) == 0) {
455 Check if the PAD ID is Zero.
457 @param[in] Selector Pointer of the PAD ID.
459 @retval TRUE If the PAD ID is Zero.
460 @retval FALSE If the PAD ID is not Zero.
465 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
468 EFI_IPSEC_PAD_ID
*PadId
;
469 EFI_IPSEC_PAD_ID ZeroId
;
472 PadId
= &Selector
->PadId
;
475 ZeroMem (&ZeroId
, sizeof (EFI_IPSEC_PAD_ID
));
477 if (CompareMem (PadId
, &ZeroId
, sizeof (EFI_IPSEC_PAD_ID
)) == 0) {
485 Copy Source SPD Selector to the Destination SPD Selector.
487 @param[in, out] DstSel Pointer of Destination SPD Selector.
488 @param[in] SrcSel Pointer of Source SPD Selector.
489 @param[in, out] Size The size of the Destination SPD Selector. If it
490 not NULL and its value less than the size of
491 Source SPD Selector, the value of Source SPD
492 Selector's size will be passed to caller by this
495 @retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL
496 @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
497 @retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD
498 Selector successfully.
502 DuplicateSpdSelector (
503 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
504 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
508 EFI_IPSEC_SPD_SELECTOR
*Dst
;
509 EFI_IPSEC_SPD_SELECTOR
*Src
;
511 Dst
= &DstSel
->SpdSelector
;
512 Src
= &SrcSel
->SpdSelector
;
514 if (Dst
== NULL
|| Src
== NULL
) {
515 return EFI_INVALID_PARAMETER
;
518 if (Size
!= NULL
&& (*Size
) < SIZE_OF_SPD_SELECTOR (Src
)) {
519 *Size
= SIZE_OF_SPD_SELECTOR (Src
);
520 return EFI_BUFFER_TOO_SMALL
;
523 // Copy the base structure of spd selector.
525 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_SPD_SELECTOR
));
528 // Copy the local address array of spd selector.
530 Dst
->LocalAddress
= (EFI_IP_ADDRESS_INFO
*) (Dst
+ 1);
534 sizeof (EFI_IP_ADDRESS_INFO
) * Dst
->LocalAddressCount
538 // Copy the remote address array of spd selector.
540 Dst
->RemoteAddress
= Dst
->LocalAddress
+ Dst
->LocalAddressCount
;
544 sizeof (EFI_IP_ADDRESS_INFO
) * Dst
->RemoteAddressCount
551 Copy Source SA ID to the Destination SA ID.
553 @param[in, out] DstSel Pointer of Destination SA ID.
554 @param[in] SrcSel Pointer of Source SA ID.
555 @param[in, out] Size The size of the Destination SA ID. If it
556 not NULL and its value less than the size of
557 Source SA ID, the value of Source SA ID's size
558 will be passed to caller by this parameter.
560 @retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.
561 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
562 @retval EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.
567 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
568 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
572 EFI_IPSEC_SA_ID
*Dst
;
573 EFI_IPSEC_SA_ID
*Src
;
578 if (Dst
== NULL
|| Src
== NULL
) {
579 return EFI_INVALID_PARAMETER
;
582 if (Size
!= NULL
&& *Size
< sizeof (EFI_IPSEC_SA_ID
)) {
583 *Size
= sizeof (EFI_IPSEC_SA_ID
);
584 return EFI_BUFFER_TOO_SMALL
;
587 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_SA_ID
));
593 Copy Source PAD ID to the Destination PAD ID.
595 @param[in, out] DstSel Pointer of Destination PAD ID.
596 @param[in] SrcSel Pointer of Source PAD ID.
597 @param[in, out] Size The size of the Destination PAD ID. If it
598 not NULL and its value less than the size of
599 Source PAD ID, the value of Source PAD ID's size
600 will be passed to caller by this parameter.
602 @retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.
603 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID .
604 @retval EFI_SUCCESS Copy Source PAD ID to the Destination PAD ID successfully.
609 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
610 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
614 EFI_IPSEC_PAD_ID
*Dst
;
615 EFI_IPSEC_PAD_ID
*Src
;
617 Dst
= &DstSel
->PadId
;
618 Src
= &SrcSel
->PadId
;
620 if (Dst
== NULL
|| Src
== NULL
) {
621 return EFI_INVALID_PARAMETER
;
624 if (Size
!= NULL
&& *Size
< sizeof (EFI_IPSEC_PAD_ID
)) {
625 *Size
= sizeof (EFI_IPSEC_PAD_ID
);
626 return EFI_BUFFER_TOO_SMALL
;
629 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_PAD_ID
));
635 Fix the value of some members of SPD Selector.
637 This function is called by IpSecCopyPolicyEntry()which copy the Policy
638 Entry into the Variable. Since some members in SPD Selector are pointers,
639 a physical address to relative address convertion is required before copying
640 this SPD entry into the variable.
642 @param[in] Selector Pointer of SPD Selector.
643 @param[in, out] Data Pointer of SPD Data.
648 IN EFI_IPSEC_SPD_SELECTOR
*Selector
,
649 IN OUT EFI_IPSEC_SPD_DATA
*Data
653 // It assumes that all ref buffers in spd selector and data are
654 // stored in the continous memory and close to the base structure.
656 FIX_REF_BUF_ADDR (Selector
->LocalAddress
, Selector
);
657 FIX_REF_BUF_ADDR (Selector
->RemoteAddress
, Selector
);
659 if (Data
->ProcessingPolicy
!= NULL
) {
660 if (Data
->ProcessingPolicy
->TunnelOption
!= NULL
) {
661 FIX_REF_BUF_ADDR (Data
->ProcessingPolicy
->TunnelOption
, Data
);
664 FIX_REF_BUF_ADDR (Data
->ProcessingPolicy
, Data
);
670 Fix the value of some members of SA ID.
672 This function is called by IpSecCopyPolicyEntry()which copy the Policy
673 Entry into the Variable. Since some members in SA ID are pointers,
674 a physical address to relative address conversion is required before copying
675 this SAD into the variable.
677 @param[in] SaId Pointer of SA ID
678 @param[in, out] Data Pointer of SA Data.
683 IN EFI_IPSEC_SA_ID
*SaId
,
684 IN OUT EFI_IPSEC_SA_DATA
*Data
688 // It assumes that all ref buffers in sad selector and data are
689 // stored in the continous memory and close to the base structure.
691 if (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
!= NULL
) {
692 FIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
, Data
);
695 if (SaId
->Proto
== EfiIPsecESP
&& Data
->AlgoInfo
.EspAlgoInfo
.EncKey
!= NULL
) {
696 FIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.EncKey
, Data
);
699 if (Data
->SpdSelector
!= NULL
) {
700 if (Data
->SpdSelector
->LocalAddress
!= NULL
) {
701 FIX_REF_BUF_ADDR (Data
->SpdSelector
->LocalAddress
, Data
);
704 FIX_REF_BUF_ADDR (Data
->SpdSelector
->RemoteAddress
, Data
);
705 FIX_REF_BUF_ADDR (Data
->SpdSelector
, Data
);
711 Fix the value of some members of PAD ID.
713 This function is called by IpSecCopyPolicyEntry()which copy the Policy
714 Entry into the Variable. Since some members in PAD ID are pointers,
715 a physical address to relative address conversion is required before copying
716 this PAD into the variable.
718 @param[in] PadId Pointer of PAD ID.
719 @param[in, out] Data Pointer of PAD Data.
724 IN EFI_IPSEC_PAD_ID
*PadId
,
725 IN OUT EFI_IPSEC_PAD_DATA
*Data
729 // It assumes that all ref buffers in pad selector and data are
730 // stored in the continous memory and close to the base structure.
732 if (Data
->AuthData
!= NULL
) {
733 FIX_REF_BUF_ADDR (Data
->AuthData
, Data
);
736 if (Data
->RevocationData
!= NULL
) {
737 FIX_REF_BUF_ADDR (Data
->RevocationData
, Data
);
743 Recover the value of some members of SPD Selector.
745 This function is corresponding to FixSpdEntry(). It recovers the value of members
746 of SPD Selector that are fixed by FixSpdEntry().
748 @param[in, out] Selector Pointer of SPD Selector.
749 @param[in, out] Data Pointer of SPD Data.
754 IN OUT EFI_IPSEC_SPD_SELECTOR
*Selector
,
755 IN OUT EFI_IPSEC_SPD_DATA
*Data
759 // It assumes that all ref buffers in spd selector and data are
760 // stored in the continous memory and close to the base structure.
762 UNFIX_REF_BUF_ADDR (Selector
->LocalAddress
, Selector
);
763 UNFIX_REF_BUF_ADDR (Selector
->RemoteAddress
, Selector
);
765 if (Data
->ProcessingPolicy
!= NULL
) {
766 UNFIX_REF_BUF_ADDR (Data
->ProcessingPolicy
, Data
);
767 if (Data
->ProcessingPolicy
->TunnelOption
!= NULL
) {
768 UNFIX_REF_BUF_ADDR (Data
->ProcessingPolicy
->TunnelOption
, Data
);
775 Recover the value of some members of SA ID.
777 This function is corresponding to FixSadEntry(). It recovers the value of members
778 of SAD ID that are fixed by FixSadEntry().
780 @param[in, out] SaId Pointer of SAD ID.
781 @param[in, out] Data Pointer of SAD Data.
786 IN OUT EFI_IPSEC_SA_ID
*SaId
,
787 IN OUT EFI_IPSEC_SA_DATA
*Data
791 // It assumes that all ref buffers in sad selector and data are
792 // stored in the continous memory and close to the base structure.
794 if (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
!= NULL
) {
795 UNFIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
, Data
);
798 if (SaId
->Proto
== EfiIPsecESP
&& Data
->AlgoInfo
.EspAlgoInfo
.EncKey
!= NULL
) {
799 UNFIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.EncKey
, Data
);
802 if (Data
->SpdSelector
!= NULL
) {
803 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
, Data
);
804 if (Data
->SpdSelector
->LocalAddress
!= NULL
) {
805 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
->LocalAddress
, Data
);
808 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
->RemoteAddress
, Data
);
814 Recover the value of some members of PAD ID.
816 This function is corresponding to FixPadEntry(). It recovers the value of members
817 of PAD ID that are fixed by FixPadEntry().
819 @param[in] PadId Pointer of PAD ID.
820 @param[in, out] Data Pointer of PAD Data.
825 IN EFI_IPSEC_PAD_ID
*PadId
,
826 IN OUT EFI_IPSEC_PAD_DATA
*Data
830 // It assumes that all ref buffers in pad selector and data are
831 // stored in the continous memory and close to the base structure.
833 if (Data
->AuthData
!= NULL
) {
834 UNFIX_REF_BUF_ADDR (Data
->AuthData
, Data
);
837 if (Data
->RevocationData
!= NULL
) {
838 UNFIX_REF_BUF_ADDR (Data
->RevocationData
, Data
);
844 Set the security policy information for the EFI IPsec driver.
846 The IPsec configuration data has a unique selector/identifier separately to
847 identify a data entry.
849 @param[in] Selector Pointer to an entry selector on operated
850 configuration data specified by DataType.
851 A NULL Selector causes the entire specified-type
852 configuration information to be flushed.
853 @param[in] Data The data buffer to be set. The structure
854 of the data buffer should be EFI_IPSEC_SPD_DATA.
855 @param[in] Context Pointer to one entry selector that describes
856 the expected position the new data entry will
857 be added. If Context is NULL, the new entry will
858 be appended the end of database.
860 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
861 - Selector is not NULL and its LocalAddress
862 is NULL or its RemoteAddress is NULL.
863 - Data is not NULL and its Action is Protected
864 and its plolicy is NULL.
865 - Data is not NULL, its Action is not protected,
866 and its policy is not NULL.
867 - The Action of Data is Protected, its policy
868 mode is Tunnel, and its tunnel option is NULL.
869 - The Action of Data is protected and its policy
870 mode is not Tunnel and it tunnel option is not NULL.
871 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
872 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
877 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
879 IN VOID
*Context OPTIONAL
882 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
883 EFI_IPSEC_SPD_DATA
*SpdData
;
884 EFI_IPSEC_SPD_SELECTOR
*InsertBefore
;
888 LIST_ENTRY
*EntryInsertBefore
;
890 LIST_ENTRY
*NextEntry
;
892 IPSEC_SPD_ENTRY
*SpdEntry
;
893 IPSEC_SAD_ENTRY
*SadEntry
;
897 SpdSel
= (Selector
== NULL
) ? NULL
: &Selector
->SpdSelector
;
898 SpdData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_SPD_DATA
*) Data
;
899 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->SpdSelector
;
900 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
902 if (SpdSel
!= NULL
) {
903 if (SpdSel
->LocalAddress
== NULL
|| SpdSel
->RemoteAddress
== NULL
) {
904 return EFI_INVALID_PARAMETER
;
908 if (SpdData
!= NULL
) {
909 if ((SpdData
->Action
== EfiIPsecActionProtect
&& SpdData
->ProcessingPolicy
== NULL
) ||
910 (SpdData
->Action
!= EfiIPsecActionProtect
&& SpdData
->ProcessingPolicy
!= NULL
)
912 return EFI_INVALID_PARAMETER
;
915 if (SpdData
->Action
== EfiIPsecActionProtect
) {
916 if ((SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
&& SpdData
->ProcessingPolicy
->TunnelOption
== NULL
) ||
917 (SpdData
->ProcessingPolicy
->Mode
!= EfiIPsecTunnel
&& SpdData
->ProcessingPolicy
->TunnelOption
!= NULL
)
919 return EFI_INVALID_PARAMETER
;
924 // The default behavior is to insert the node ahead of the header.
926 EntryInsertBefore
= SpdList
;
929 // Remove the existed spd entry.
931 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, SpdList
) {
933 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
935 if (SpdSel
== NULL
||
936 CompareSpdSelector ((EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
, (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
)
939 // Record the existed entry position to keep the original order.
941 EntryInsertBefore
= SpdEntry
->List
.ForwardLink
;
942 RemoveEntryList (&SpdEntry
->List
);
945 // Update the reverse ref of sad entry in the spd.sas list.
947 SpdSas
= &SpdEntry
->Data
->Sas
;
948 NET_LIST_FOR_EACH (Entry2
, SpdSas
) {
949 SadEntry
= IPSEC_SAD_ENTRY_FROM_SPD (Entry2
);
950 SadEntry
->Data
->SpdEntry
= NULL
;
953 // Free the existed spd entry
959 // Return success here if only want to remove the spd entry.
961 if (SpdData
== NULL
|| SpdSel
== NULL
) {
965 // Search the appointed entry position if InsertBefore is not NULL.
967 if (InsertBefore
!= NULL
) {
969 NET_LIST_FOR_EACH (Entry
, SpdList
) {
970 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
972 if (CompareSpdSelector (
973 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
,
974 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
976 EntryInsertBefore
= Entry
;
983 // Do Padding for the different Arch.
985 SpdEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_SPD_ENTRY
));
986 SpdEntrySize
= ALIGN_VARIABLE (SpdEntrySize
+ (UINTN
)SIZE_OF_SPD_SELECTOR (SpdSel
));
987 SpdEntrySize
+= IpSecGetSizeOfEfiSpdData (SpdData
);
989 SpdEntry
= AllocateZeroPool (SpdEntrySize
);
991 if (SpdEntry
== NULL
) {
992 return EFI_OUT_OF_RESOURCES
;
995 // Fix the address of Selector and Data buffer and copy them, which is
996 // continous memory and close to the base structure of spd entry.
998 SpdEntry
->Selector
= (EFI_IPSEC_SPD_SELECTOR
*) ALIGN_POINTER ((SpdEntry
+ 1), sizeof (UINTN
));
999 SpdEntry
->Data
= (IPSEC_SPD_DATA
*) ALIGN_POINTER (
1000 ((UINT8
*) SpdEntry
->Selector
+ SIZE_OF_SPD_SELECTOR (SpdSel
)),
1004 DuplicateSpdSelector (
1005 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
,
1006 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
1011 SpdEntry
->Data
->Name
,
1013 sizeof (SpdData
->Name
)
1015 SpdEntry
->Data
->PackageFlag
= SpdData
->PackageFlag
;
1016 SpdEntry
->Data
->Action
= SpdData
->Action
;
1019 // Fix the address of ProcessingPolicy and copy it if need, which is continous
1020 // memory and close to the base structure of sad data.
1022 if (SpdData
->Action
!= EfiIPsecActionProtect
) {
1023 SpdEntry
->Data
->ProcessingPolicy
= NULL
;
1025 SpdEntry
->Data
->ProcessingPolicy
= (EFI_IPSEC_PROCESS_POLICY
*) ALIGN_POINTER (
1029 IpSecDuplicateProcessPolicy (SpdEntry
->Data
->ProcessingPolicy
, SpdData
->ProcessingPolicy
);
1032 // Update the sas list of the new spd entry.
1034 InitializeListHead (&SpdEntry
->Data
->Sas
);
1036 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1038 NET_LIST_FOR_EACH (Entry
, SadList
) {
1039 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1041 for (Index
= 0; Index
< SpdData
->SaIdCount
; Index
++) {
1044 (EFI_IPSEC_CONFIG_SELECTOR
*) &SpdData
->SaId
[Index
],
1045 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
1047 InsertTailList (&SpdEntry
->Data
->Sas
, &SadEntry
->BySpd
);
1048 SadEntry
->Data
->SpdEntry
= SpdEntry
;
1053 // Insert the new spd entry.
1055 InsertTailList (EntryInsertBefore
, &SpdEntry
->List
);
1061 Set the security association information for the EFI IPsec driver.
1063 The IPsec configuration data has a unique selector/identifier separately to
1064 identify a data entry.
1066 @param[in] Selector Pointer to an entry selector on operated
1067 configuration data specified by DataType.
1068 A NULL Selector causes the entire specified-type
1069 configuration information to be flushed.
1070 @param[in] Data The data buffer to be set. The structure
1071 of the data buffer should be EFI_IPSEC_SA_DATA.
1072 @param[in] Context Pointer to one entry selector which describes
1073 the expected position the new data entry will
1074 be added. If Context is NULL,the new entry will
1075 be appended the end of database.
1077 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
1078 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1083 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1085 IN VOID
*Context OPTIONAL
1088 IPSEC_SAD_ENTRY
*SadEntry
;
1089 IPSEC_SPD_ENTRY
*SpdEntry
;
1091 LIST_ENTRY
*NextEntry
;
1092 LIST_ENTRY
*SadList
;
1093 LIST_ENTRY
*SpdList
;
1094 EFI_IPSEC_SA_ID
*SaId
;
1095 EFI_IPSEC_SA_DATA
*SaData
;
1096 EFI_IPSEC_SA_ID
*InsertBefore
;
1097 LIST_ENTRY
*EntryInsertBefore
;
1100 SaId
= (Selector
== NULL
) ? NULL
: &Selector
->SaId
;
1101 SaData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_SA_DATA
*) Data
;
1102 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->SaId
;
1103 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1106 // The default behavior is to insert the node ahead of the header.
1108 EntryInsertBefore
= SadList
;
1111 // Remove the existed sad entry.
1113 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, SadList
) {
1115 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1119 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
,
1120 (EFI_IPSEC_CONFIG_SELECTOR
*) SaId
1123 // Record the existed entry position to keep the original order.
1125 EntryInsertBefore
= SadEntry
->List
.ForwardLink
;
1128 // Update the related sad.byspd field.
1130 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1131 RemoveEntryList (&SadEntry
->BySpd
);
1134 RemoveEntryList (&SadEntry
->List
);
1135 FreePool (SadEntry
);
1139 // Return success here if only want to remove the sad entry
1141 if (SaData
== NULL
|| SaId
== NULL
) {
1145 // Search the appointed entry position if InsertBefore is not NULL.
1147 if (InsertBefore
!= NULL
) {
1149 NET_LIST_FOR_EACH (Entry
, SadList
) {
1150 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1153 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
,
1154 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
1156 EntryInsertBefore
= Entry
;
1163 // Do Padding for different Arch.
1165 SadEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_SAD_ENTRY
));
1166 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ sizeof (EFI_IPSEC_SA_DATA
));
1167 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ sizeof (IPSEC_SAD_DATA
));
1169 if (SaId
->Proto
== EfiIPsecAH
) {
1170 SadEntrySize
+= SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
;
1172 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
1173 SadEntrySize
+= SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
;
1176 SadEntry
= AllocateZeroPool (SadEntrySize
);
1178 if (SadEntry
== NULL
) {
1179 return EFI_OUT_OF_RESOURCES
;
1182 // Fix the address of Id and Data buffer and copy them, which is
1183 // continous memory and close to the base structure of sad entry.
1185 SadEntry
->Id
= (EFI_IPSEC_SA_ID
*) ALIGN_POINTER ((SadEntry
+ 1), sizeof (UINTN
));
1186 SadEntry
->Data
= (IPSEC_SAD_DATA
*) ALIGN_POINTER ((SadEntry
->Id
+ 1), sizeof (UINTN
));
1188 CopyMem (SadEntry
->Id
, SaId
, sizeof (EFI_IPSEC_SA_ID
));
1190 SadEntry
->Data
->Mode
= SaData
->Mode
;
1191 SadEntry
->Data
->SequenceNumber
= SaData
->SNCount
;
1192 SadEntry
->Data
->AntiReplayWindowSize
= SaData
->AntiReplayWindows
;
1195 &SadEntry
->Data
->AntiReplayBitmap
,
1196 sizeof (SadEntry
->Data
->AntiReplayBitmap
)
1200 &SadEntry
->Data
->AlgoInfo
,
1201 sizeof (EFI_IPSEC_ALGO_INFO
)
1204 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
= SaData
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
;
1205 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
= SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
;
1207 if (SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
!= 0) {
1208 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SadEntry
->Data
+ 1), sizeof (UINTN
));
1210 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1211 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1212 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
1216 if (SaId
->Proto
== EfiIPsecESP
) {
1217 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
= SaData
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
;
1218 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
= SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
;
1220 if (SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
!= 0) {
1221 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
= (VOID
*) ALIGN_POINTER (
1222 ((UINT8
*) (SadEntry
->Data
+ 1) +
1223 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
),
1227 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1228 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1229 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
1235 &SadEntry
->Data
->SaLifetime
,
1236 &SaData
->SaLifetime
,
1237 sizeof (EFI_IPSEC_SA_LIFETIME
)
1240 SadEntry
->Data
->PathMTU
= SaData
->PathMTU
;
1241 SadEntry
->Data
->SpdEntry
= NULL
;
1242 SadEntry
->Data
->ESNEnabled
= FALSE
;
1243 SadEntry
->Data
->ManualSet
= SaData
->ManualSet
;
1246 // Update the spd.sas list of the spd entry specified by sad.selector
1248 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
1250 for (Entry
= SpdList
->ForwardLink
; Entry
!= SpdList
&& SaData
->SpdSelector
!= NULL
; Entry
= Entry
->ForwardLink
) {
1252 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1253 if (CompareSpdSelector (
1254 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
,
1255 (EFI_IPSEC_CONFIG_SELECTOR
*) SaData
->SpdSelector
1256 ) && SpdEntry
->Data
->Action
== EfiIPsecActionProtect
) {
1257 SadEntry
->Data
->SpdEntry
= SpdEntry
;
1258 InsertTailList (&SpdEntry
->Data
->Sas
, &SadEntry
->BySpd
);
1262 // Insert the new sad entry.
1264 InsertTailList (EntryInsertBefore
, &SadEntry
->List
);
1270 Set the peer authorization configuration information for the EFI IPsec driver.
1272 The IPsec configuration data has a unique selector/identifier separately to
1273 identify a data entry.
1275 @param[in] Selector Pointer to an entry selector on operated
1276 configuration data specified by DataType.
1277 A NULL Selector causes the entire specified-type
1278 configuration information to be flushed.
1279 @param[in] Data The data buffer to be set. The structure
1280 of the data buffer should be EFI_IPSEC_PAD_DATA.
1281 @param[in] Context Pointer to one entry selector that describes
1282 the expected position the new data entry will
1283 be added. If Context is NULL, the new entry will
1284 be appended the end of database.
1286 @retval EFI_OUT_OF_RESOURCES The required system resources could not be allocated.
1287 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1292 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1294 IN VOID
*Context OPTIONAL
1297 IPSEC_PAD_ENTRY
*PadEntry
;
1298 EFI_IPSEC_PAD_ID
*PadId
;
1299 EFI_IPSEC_PAD_DATA
*PadData
;
1300 LIST_ENTRY
*PadList
;
1302 LIST_ENTRY
*NextEntry
;
1303 EFI_IPSEC_PAD_ID
*InsertBefore
;
1304 LIST_ENTRY
*EntryInsertBefore
;
1307 PadId
= (Selector
== NULL
) ? NULL
: &Selector
->PadId
;
1308 PadData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_PAD_DATA
*) Data
;
1309 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->PadId
;
1310 PadList
= &mConfigData
[IPsecConfigDataTypePad
];
1313 // The default behavior is to insert the node ahead of the header.
1315 EntryInsertBefore
= PadList
;
1318 // Remove the existed pad entry.
1320 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, PadList
) {
1322 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1324 if (PadId
== NULL
||
1325 ComparePadId ((EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
, (EFI_IPSEC_CONFIG_SELECTOR
*) PadId
)
1328 // Record the existed entry position to keep the original order.
1330 EntryInsertBefore
= PadEntry
->List
.ForwardLink
;
1331 RemoveEntryList (&PadEntry
->List
);
1333 FreePool (PadEntry
);
1337 // Return success here if only want to remove the pad entry
1339 if (PadData
== NULL
|| PadId
== NULL
) {
1343 // Search the appointed entry position if InsertBefore is not NULL.
1345 if (InsertBefore
!= NULL
) {
1347 NET_LIST_FOR_EACH (Entry
, PadList
) {
1348 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1351 (EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
,
1352 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
1354 EntryInsertBefore
= Entry
;
1361 // Do PADDING for different arch.
1363 PadEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_PAD_ENTRY
));
1364 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ sizeof (EFI_IPSEC_PAD_ID
));
1365 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ sizeof (EFI_IPSEC_PAD_DATA
));
1366 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ (PadData
->AuthData
!= NULL
? PadData
->AuthDataSize
: 0));
1367 PadEntrySize
+= PadData
->RevocationData
!= NULL
? PadData
->RevocationDataSize
: 0;
1369 PadEntry
= AllocateZeroPool (PadEntrySize
);
1371 if (PadEntry
== NULL
) {
1372 return EFI_OUT_OF_RESOURCES
;
1375 // Fix the address of Id and Data buffer and copy them, which is
1376 // continous memory and close to the base structure of pad entry.
1378 PadEntry
->Id
= (EFI_IPSEC_PAD_ID
*) ALIGN_POINTER ((PadEntry
+ 1), sizeof (UINTN
));
1379 PadEntry
->Data
= (EFI_IPSEC_PAD_DATA
*) ALIGN_POINTER ((PadEntry
->Id
+ 1), sizeof (UINTN
));
1381 CopyMem (PadEntry
->Id
, PadId
, sizeof (EFI_IPSEC_PAD_ID
));
1383 PadEntry
->Data
->AuthProtocol
= PadData
->AuthProtocol
;
1384 PadEntry
->Data
->AuthMethod
= PadData
->AuthMethod
;
1385 PadEntry
->Data
->IkeIdFlag
= PadData
->IkeIdFlag
;
1387 if (PadData
->AuthData
!= NULL
) {
1388 PadEntry
->Data
->AuthDataSize
= PadData
->AuthDataSize
;
1389 PadEntry
->Data
->AuthData
= (VOID
*) ALIGN_POINTER (PadEntry
->Data
+ 1, sizeof (UINTN
));
1391 PadEntry
->Data
->AuthData
,
1393 PadData
->AuthDataSize
1396 PadEntry
->Data
->AuthDataSize
= 0;
1397 PadEntry
->Data
->AuthData
= NULL
;
1400 if (PadData
->RevocationData
!= NULL
) {
1401 PadEntry
->Data
->RevocationDataSize
= PadData
->RevocationDataSize
;
1402 PadEntry
->Data
->RevocationData
= (VOID
*) ALIGN_POINTER (
1403 ((UINT8
*) (PadEntry
->Data
+ 1) + PadData
->AuthDataSize
),
1407 PadEntry
->Data
->RevocationData
,
1408 PadData
->RevocationData
,
1409 PadData
->RevocationDataSize
1412 PadEntry
->Data
->RevocationDataSize
= 0;
1413 PadEntry
->Data
->RevocationData
= NULL
;
1416 // Insert the new pad entry.
1418 InsertTailList (EntryInsertBefore
, &PadEntry
->List
);
1424 This function lookup the data entry from IPsec SPD. Return the configuration
1425 value of the specified SPD Entry.
1427 @param[in] Selector Pointer to an entry selector which is an identifier
1429 @param[in, out] DataSize On output the size of data returned in Data.
1430 @param[out] Data The buffer to return the contents of the IPsec
1431 configuration data. The type of the data buffer
1432 is associated with the DataType.
1434 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1435 @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.
1436 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1437 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1438 updated with the size needed to complete the request.
1443 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1444 IN OUT UINTN
*DataSize
,
1448 IPSEC_SPD_ENTRY
*SpdEntry
;
1449 IPSEC_SAD_ENTRY
*SadEntry
;
1450 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
1451 EFI_IPSEC_SPD_DATA
*SpdData
;
1452 LIST_ENTRY
*SpdList
;
1457 SpdSel
= &Selector
->SpdSelector
;
1458 SpdData
= (EFI_IPSEC_SPD_DATA
*) Data
;
1459 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
1461 NET_LIST_FOR_EACH (Entry
, SpdList
) {
1462 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1465 // Find the required spd entry
1467 if (CompareSpdSelector (
1468 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
1469 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
1472 RequiredSize
= IpSecGetSizeOfSpdData (SpdEntry
->Data
);
1473 if (*DataSize
< RequiredSize
) {
1474 *DataSize
= RequiredSize
;
1475 return EFI_BUFFER_TOO_SMALL
;
1478 if (SpdData
== NULL
) {
1479 return EFI_INVALID_PARAMETER
;
1482 *DataSize
= RequiredSize
;
1485 // Extract and fill all SaId array from the spd.sas list
1487 SpdSas
= &SpdEntry
->Data
->Sas
;
1488 SpdData
->SaIdCount
= 0;
1490 NET_LIST_FOR_EACH (Entry
, SpdSas
) {
1491 SadEntry
= IPSEC_SAD_ENTRY_FROM_SPD (Entry
);
1493 &SpdData
->SaId
[SpdData
->SaIdCount
++],
1495 sizeof (EFI_IPSEC_SA_ID
)
1499 // Fill the other fields in spd data.
1501 CopyMem (SpdData
->Name
, SpdEntry
->Data
->Name
, sizeof (SpdData
->Name
));
1503 SpdData
->PackageFlag
= SpdEntry
->Data
->PackageFlag
;
1504 SpdData
->Action
= SpdEntry
->Data
->Action
;
1506 if (SpdData
->Action
!= EfiIPsecActionProtect
) {
1507 SpdData
->ProcessingPolicy
= NULL
;
1509 SpdData
->ProcessingPolicy
= (EFI_IPSEC_PROCESS_POLICY
*) ((UINT8
*) SpdData
+ sizeof (EFI_IPSEC_SPD_DATA
) + (SpdData
->SaIdCount
- 1) * sizeof (EFI_IPSEC_SA_ID
));
1511 IpSecDuplicateProcessPolicy (
1512 SpdData
->ProcessingPolicy
,
1513 SpdEntry
->Data
->ProcessingPolicy
1521 return EFI_NOT_FOUND
;
1525 This function lookup the data entry from IPsec SAD. Return the configuration
1526 value of the specified SAD Entry.
1528 @param[in] Selector Pointer to an entry selector which is an identifier
1530 @param[in, out] DataSize On output, the size of data returned in Data.
1531 @param[out] Data The buffer to return the contents of the IPsec
1532 configuration data. The type of the data buffer
1533 is associated with the DataType.
1535 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1536 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1537 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1538 updated with the size needed to complete the request.
1543 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1544 IN OUT UINTN
*DataSize
,
1548 IPSEC_SAD_ENTRY
*SadEntry
;
1550 LIST_ENTRY
*SadList
;
1551 EFI_IPSEC_SA_ID
*SaId
;
1552 EFI_IPSEC_SA_DATA
*SaData
;
1555 SaId
= &Selector
->SaId
;
1556 SaData
= (EFI_IPSEC_SA_DATA
*) Data
;
1557 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1559 NET_LIST_FOR_EACH (Entry
, SadList
) {
1560 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1563 // Find the required sad entry.
1566 (EFI_IPSEC_CONFIG_SELECTOR
*) SaId
,
1567 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
1570 // Calculate the required size of the sad entry.
1571 // Data Layout is follows:
1572 // |EFI_IPSEC_SA_DATA
1574 // |EncryptKey (Optional)
1575 // |SpdSelector (Optional)
1577 RequiredSize
= ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA
));
1579 if (SaId
->Proto
== EfiIPsecAH
) {
1580 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
);
1582 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
1583 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
);
1586 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1587 RequiredSize
+= SIZE_OF_SPD_SELECTOR (SadEntry
->Data
->SpdEntry
->Selector
);
1592 if (*DataSize
< RequiredSize
) {
1593 *DataSize
= RequiredSize
;
1594 return EFI_BUFFER_TOO_SMALL
;
1597 // Fill the data fields of sad entry.
1599 *DataSize
= RequiredSize
;
1600 SaData
->Mode
= SadEntry
->Data
->Mode
;
1601 SaData
->SNCount
= SadEntry
->Data
->SequenceNumber
;
1602 SaData
->AntiReplayWindows
= SadEntry
->Data
->AntiReplayWindowSize
;
1605 &SaData
->SaLifetime
,
1606 &SadEntry
->Data
->SaLifetime
,
1607 sizeof (EFI_IPSEC_SA_LIFETIME
)
1612 sizeof (EFI_IPSEC_ALGO_INFO
)
1615 if (SaId
->Proto
== EfiIPsecAH
) {
1617 // Copy AH alogrithm INFO to SaData
1619 SaData
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
= SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
;
1620 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
= SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
;
1621 if (SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
!= 0) {
1622 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SaData
+ 1), sizeof (UINTN
));
1624 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKey
,
1625 SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKey
,
1626 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
1629 } else if (SaId
->Proto
== EfiIPsecESP
) {
1631 // Copy ESP alogrithem INFO to SaData
1633 SaData
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
;
1634 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
;
1635 if (SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
!= 0) {
1636 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SaData
+ 1), sizeof (UINTN
));
1638 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1639 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1640 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
1644 SaData
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
;
1645 SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
;
1647 if (SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
!= 0) {
1648 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
= (VOID
*) ALIGN_POINTER (
1649 ((UINT8
*) (SaData
+ 1) +
1650 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
),
1654 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1655 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1656 SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
1661 SaData
->PathMTU
= SadEntry
->Data
->PathMTU
;
1664 // Fill the spd selector field of sad data
1666 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1668 SaData
->SpdSelector
= (EFI_IPSEC_SPD_SELECTOR
*) (
1671 SIZE_OF_SPD_SELECTOR (SadEntry
->Data
->SpdEntry
->Selector
)
1674 DuplicateSpdSelector (
1675 (EFI_IPSEC_CONFIG_SELECTOR
*) SaData
->SpdSelector
,
1676 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Data
->SpdEntry
->Selector
,
1682 SaData
->SpdSelector
= NULL
;
1685 SaData
->ManualSet
= SadEntry
->Data
->ManualSet
;
1691 return EFI_NOT_FOUND
;
1695 This function lookup the data entry from IPsec PAD. Return the configuration
1696 value of the specified PAD Entry.
1698 @param[in] Selector Pointer to an entry selector which is an identifier
1700 @param[in, out] DataSize On output the size of data returned in Data.
1701 @param[out] Data The buffer to return the contents of the IPsec
1702 configuration data. The type of the data buffer
1703 is associated with the DataType.
1705 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1706 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1707 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1708 updated with the size needed to complete the request.
1713 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1714 IN OUT UINTN
*DataSize
,
1718 IPSEC_PAD_ENTRY
*PadEntry
;
1719 LIST_ENTRY
*PadList
;
1721 EFI_IPSEC_PAD_ID
*PadId
;
1722 EFI_IPSEC_PAD_DATA
*PadData
;
1725 PadId
= &Selector
->PadId
;
1726 PadData
= (EFI_IPSEC_PAD_DATA
*) Data
;
1727 PadList
= &mConfigData
[IPsecConfigDataTypePad
];
1729 NET_LIST_FOR_EACH (Entry
, PadList
) {
1730 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1733 // Find the required pad entry.
1736 (EFI_IPSEC_CONFIG_SELECTOR
*) PadId
,
1737 (EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
1740 // Calculate the required size of the pad entry.
1742 RequiredSize
= ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA
));
1743 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ PadEntry
->Data
->AuthDataSize
);
1744 RequiredSize
+= PadEntry
->Data
->RevocationDataSize
;
1746 if (*DataSize
< RequiredSize
) {
1747 *DataSize
= RequiredSize
;
1748 return EFI_BUFFER_TOO_SMALL
;
1751 // Fill the data fields of pad entry
1753 *DataSize
= RequiredSize
;
1754 PadData
->AuthProtocol
= PadEntry
->Data
->AuthProtocol
;
1755 PadData
->AuthMethod
= PadEntry
->Data
->AuthMethod
;
1756 PadData
->IkeIdFlag
= PadEntry
->Data
->IkeIdFlag
;
1759 // Copy Authentication data.
1761 if (PadEntry
->Data
->AuthData
!= NULL
) {
1763 PadData
->AuthDataSize
= PadEntry
->Data
->AuthDataSize
;
1764 PadData
->AuthData
= (VOID
*) ALIGN_POINTER ((PadData
+ 1), sizeof (UINTN
));
1767 PadEntry
->Data
->AuthData
,
1768 PadData
->AuthDataSize
1772 PadData
->AuthDataSize
= 0;
1773 PadData
->AuthData
= NULL
;
1776 // Copy Revocation Data.
1778 if (PadEntry
->Data
->RevocationData
!= NULL
) {
1780 PadData
->RevocationDataSize
= PadEntry
->Data
->RevocationDataSize
;
1781 PadData
->RevocationData
= (VOID
*) ALIGN_POINTER (
1782 ((UINT8
*) (PadData
+ 1) + PadData
->AuthDataSize
),
1786 PadData
->RevocationData
,
1787 PadEntry
->Data
->RevocationData
,
1788 PadData
->RevocationDataSize
1792 PadData
->RevocationDataSize
= 0;
1793 PadData
->RevocationData
= NULL
;
1800 return EFI_NOT_FOUND
;
1804 Copy Source Process Policy to the Destination Process Policy.
1806 @param[in] Dst Pointer to the Source Process Policy.
1807 @param[in] Src Pointer to the Destination Process Policy.
1811 IpSecDuplicateProcessPolicy (
1812 IN EFI_IPSEC_PROCESS_POLICY
*Dst
,
1813 IN EFI_IPSEC_PROCESS_POLICY
*Src
1817 // Firstly copy the structure content itself.
1819 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_PROCESS_POLICY
));
1822 // Recursively copy the tunnel option if needed.
1824 if (Dst
->Mode
!= EfiIPsecTunnel
) {
1825 ASSERT (Dst
->TunnelOption
== NULL
);
1827 Dst
->TunnelOption
= (EFI_IPSEC_TUNNEL_OPTION
*) ALIGN_POINTER ((Dst
+ 1), sizeof (UINTN
));
1831 sizeof (EFI_IPSEC_TUNNEL_OPTION
)
1837 Calculate the a whole size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed
1838 to by the pointer members.
1840 @param[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.
1842 @return the whole size the specified EFI_IPSEC_SPD_DATA.
1846 IpSecGetSizeOfEfiSpdData (
1847 IN EFI_IPSEC_SPD_DATA
*SpdData
1852 Size
= ALIGN_VARIABLE (sizeof (IPSEC_SPD_DATA
));
1854 if (SpdData
->Action
== EfiIPsecActionProtect
) {
1855 Size
= ALIGN_VARIABLE (Size
+ sizeof (EFI_IPSEC_PROCESS_POLICY
));
1857 if (SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
1858 Size
= ALIGN_VARIABLE (Size
+ sizeof (EFI_IPSEC_TUNNEL_OPTION
));
1866 Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed
1867 to by the pointer members and the buffer size used by the Sa List.
1869 @param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.
1871 @return the whole size of IPSEC_SPD_DATA.
1875 IpSecGetSizeOfSpdData (
1876 IN IPSEC_SPD_DATA
*SpdData
1882 Size
= sizeof (EFI_IPSEC_SPD_DATA
) - sizeof (EFI_IPSEC_SA_ID
);
1884 if (SpdData
->Action
== EfiIPsecActionProtect
) {
1885 Size
+= sizeof (EFI_IPSEC_PROCESS_POLICY
);
1887 if (SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
1888 Size
+= sizeof (EFI_IPSEC_TUNNEL_OPTION
);
1892 NET_LIST_FOR_EACH (Link
, &SpdData
->Sas
) {
1893 Size
+= sizeof (EFI_IPSEC_SA_ID
);
1900 Get the IPsec Variable.
1902 Get the all variables which start with the string contained in VaraiableName.
1903 Since all IPsec related variable store in continual space, those kinds of
1904 variable can be searched by the EfiGetNextVariableName. Those variables also are
1905 returned in a continual buffer.
1907 @param[in] VariableName Pointer to a specified Variable Name.
1908 @param[in] VendorGuid Pointer to a specified Vendor Guid.
1909 @param[in] Attributes Point to memory location to return the attributes
1910 of variable. If the point is NULL, the parameter
1912 @param[in, out] DataSize As input, point to the maximum size of return
1913 Data-Buffer. As output, point to the actual
1914 size of the returned Data-Buffer.
1915 @param[in] Data Point to return Data-Buffer.
1917 @retval EFI_ABORTED If the Variable size which contained in the variable
1918 structure doesn't match the variable size obtained
1919 from the EFIGetVariable.
1920 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
1921 been updated with the size needed to complete the request.
1922 @retval EFI_SUCCESS The function completed successfully.
1923 @retval others Other errors found during the variable getting.
1927 IN CHAR16
*VariableName
,
1928 IN EFI_GUID
*VendorGuid
,
1929 IN UINT32
*Attributes
, OPTIONAL
1930 IN OUT UINTN
*DataSize
,
1935 EFI_GUID VendorGuidI
;
1936 UINTN VariableNameLength
;
1937 CHAR16
*VariableNameI
;
1938 UINTN VariableNameISize
;
1939 UINTN VariableNameISizeNew
;
1940 UINTN VariableIndex
;
1941 UINTN VariableCount
;
1942 IP_SEC_VARIABLE_INFO IpSecVariableInfo
;
1946 // The variable name constructor is "VariableName + Info/0001/0002/... + NULL".
1947 // So the varialbe name is like "VariableNameInfo", "VariableName0001", ...
1948 // "VariableNameNULL".
1950 VariableNameLength
= StrLen (VariableName
);
1951 VariableNameISize
= (VariableNameLength
+ 5) * sizeof (CHAR16
);
1952 VariableNameI
= AllocateZeroPool (VariableNameISize
);
1953 ASSERT (VariableNameI
!= NULL
);
1956 // Construct the varible name of ipsecconfig meta data.
1958 UnicodeSPrint (VariableNameI
, VariableNameISize
, L
"%s%s", VariableName
, L
"Info");
1960 DataSizeI
= sizeof (IpSecVariableInfo
);
1962 Status
= gRT
->GetVariable (
1969 if (EFI_ERROR (Status
)) {
1973 if (*DataSize
< IpSecVariableInfo
.VariableSize
) {
1974 *DataSize
= IpSecVariableInfo
.VariableSize
;
1975 Status
= EFI_BUFFER_TOO_SMALL
;
1979 VariableCount
= IpSecVariableInfo
.VariableCount
;
1980 VariableNameI
[0] = L
'\0';
1982 while (VariableCount
!= 0) {
1984 // Get the variable name one by one in the variable database.
1986 VariableNameISizeNew
= VariableNameISize
;
1987 Status
= gRT
->GetNextVariableName (
1988 &VariableNameISizeNew
,
1992 if (Status
== EFI_BUFFER_TOO_SMALL
) {
1993 VariableNameI
= ReallocatePool (
1995 VariableNameISizeNew
,
1998 VariableNameISize
= VariableNameISizeNew
;
2000 Status
= gRT
->GetNextVariableName (
2001 &VariableNameISizeNew
,
2007 if (EFI_ERROR (Status
)) {
2011 // Check whether the current variable is the required "ipsecconfig".
2013 if (StrnCmp (VariableNameI
, VariableName
, VariableNameLength
) == 0 ||
2014 CompareGuid (VendorGuid
, &VendorGuidI
)
2017 // Parse the variable count of the current ipsecconfig data.
2019 VariableIndex
= StrDecimalToUintn (VariableNameI
+ VariableNameLength
);
2020 if (VariableIndex
!= 0 && VariableIndex
<= IpSecVariableInfo
.VariableCount
) {
2022 // Get the variable size of the current ipsecconfig data.
2025 Status
= gRT
->GetVariable (
2032 ASSERT (Status
== EFI_BUFFER_TOO_SMALL
);
2034 // Validate the variable count and variable size.
2036 if (VariableIndex
!= IpSecVariableInfo
.VariableCount
) {
2038 // If the varaibe is not the last one, its size should be the max
2039 // size of the single variable.
2041 if (DataSizeI
!= IpSecVariableInfo
.SingleVariableSize
) {
2045 if (DataSizeI
!= IpSecVariableInfo
.VariableSize
% IpSecVariableInfo
.SingleVariableSize
) {
2050 // Get the variable data of the current ipsecconfig data and
2051 // store it into user buffer continously.
2053 Status
= gRT
->GetVariable (
2058 (UINT8
*) Data
+ (VariableIndex
- 1) * IpSecVariableInfo
.SingleVariableSize
2060 ASSERT_EFI_ERROR (Status
);
2066 // The VariableCount in "VariableNameInfo" varaible should have the correct
2067 // numbers of variables which name starts with VariableName.
2069 if (VariableCount
!= 0) {
2070 Status
= EFI_ABORTED
;
2074 FreePool (VariableNameI
);
2079 Set the IPsec variables.
2081 Set all IPsec variables which start with the specified variable name. Those variables
2084 @param[in] VariableName The name of the vendor's variable. It is a
2085 Null-Terminated Unicode String.
2086 @param[in] VendorGuid Unify identifier for vendor.
2087 @param[in] Attributes Point to memory location to return the attributes of
2088 variable. If the point is NULL, the parameter would be ignored.
2089 @param[in] DataSize The size in bytes of Data-Buffer.
2090 @param[in] Data Points to the content of the variable.
2092 @retval EFI_SUCCESS The firmware successfully stored the variable and its data, as
2093 defined by the Attributes.
2094 @retval others Storing the variables failed.
2099 IN CHAR16
*VariableName
,
2100 IN EFI_GUID
*VendorGuid
,
2101 IN UINT32 Attributes
,
2107 CHAR16
*VariableNameI
;
2108 UINTN VariableNameSize
;
2109 UINTN VariableIndex
;
2110 IP_SEC_VARIABLE_INFO IpSecVariableInfo
;
2111 UINT64 MaximumVariableStorageSize
;
2112 UINT64 RemainingVariableStorageSize
;
2113 UINT64 MaximumVariableSize
;
2115 Status
= gRT
->QueryVariableInfo (
2117 &MaximumVariableStorageSize
,
2118 &RemainingVariableStorageSize
,
2119 &MaximumVariableSize
2121 if (EFI_ERROR (Status
)) {
2126 // "VariableName + Info/0001/0002/... + NULL"
2128 VariableNameSize
= (StrLen (VariableName
) + 5) * sizeof (CHAR16
);
2129 VariableNameI
= AllocateZeroPool (VariableNameSize
);
2131 if (VariableNameI
== NULL
) {
2132 Status
= EFI_OUT_OF_RESOURCES
;
2136 // Construct the variable of ipsecconfig general information. Like the total
2137 // numbers of the Ipsecconfig variables, the total size of all ipsecconfig variables.
2139 UnicodeSPrint (VariableNameI
, VariableNameSize
, L
"%s%s", VariableName
, L
"Info");
2140 MaximumVariableSize
-= VariableNameSize
;
2142 IpSecVariableInfo
.VariableCount
= (UINT32
) ((DataSize
+ (UINTN
) MaximumVariableSize
- 1) / (UINTN
) MaximumVariableSize
);
2143 IpSecVariableInfo
.VariableSize
= (UINT32
) DataSize
;
2144 IpSecVariableInfo
.SingleVariableSize
= (UINT32
) MaximumVariableSize
;
2147 // Set the variable of ipsecconfig general information.
2149 Status
= gRT
->SetVariable (
2153 sizeof (IpSecVariableInfo
),
2156 if (EFI_ERROR (Status
)) {
2157 DEBUG ((DEBUG_ERROR
, "Error set ipsecconfig meta data with %r\n", Status
));
2161 for (VariableIndex
= 0; VariableIndex
< IpSecVariableInfo
.VariableCount
; VariableIndex
++) {
2163 // Construct and set the variable of ipsecconfig data one by one.
2164 // The index of variable name begin from 0001, and the varaible name
2165 // likes "VariableName0001", "VaraiableName0002"....
2167 UnicodeSPrint (VariableNameI
, VariableNameSize
, L
"%s%04d", VariableName
, VariableIndex
+ 1);
2168 Status
= gRT
->SetVariable (
2172 (VariableIndex
== IpSecVariableInfo
.VariableCount
- 1) ?
2173 (DataSize
% (UINTN
) MaximumVariableSize
) :
2174 (UINTN
) MaximumVariableSize
,
2175 (UINT8
*) Data
+ VariableIndex
* (UINTN
) MaximumVariableSize
2178 if (EFI_ERROR (Status
)) {
2179 DEBUG ((DEBUG_ERROR
, "Error set ipsecconfig variable data with %r\n", Status
));
2185 if (VariableNameI
!= NULL
) {
2186 FreePool (VariableNameI
);
2193 Return the configuration value for the EFI IPsec driver.
2195 This function lookup the data entry from IPsec database or IKEv2 configuration
2196 information. The expected data type and unique identification are described in
2197 DataType and Selector parameters.
2199 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2200 @param[in] DataType The type of data to retrieve.
2201 @param[in] Selector Pointer to an entry selector that is an identifier of the IPsec
2202 configuration data entry.
2203 @param[in, out] DataSize On output the size of data returned in Data.
2204 @param[out] Data The buffer to return the contents of the IPsec configuration data.
2205 The type of the data buffer associated with the DataType.
2207 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
2208 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
2212 - Data is NULL and *DataSize is not zero
2213 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
2214 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2215 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
2216 updated with the size needed to complete the request.
2221 EfiIpSecConfigGetData (
2222 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2223 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2224 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2225 IN OUT UINTN
*DataSize
,
2229 if (This
== NULL
|| Selector
== NULL
|| DataSize
== NULL
) {
2230 return EFI_INVALID_PARAMETER
;
2233 if (*DataSize
!= 0 && Data
== NULL
) {
2234 return EFI_INVALID_PARAMETER
;
2237 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2238 return EFI_UNSUPPORTED
;
2241 return mGetPolicyEntry
[DataType
](Selector
, DataSize
, Data
);
2245 Set the security association, security policy and peer authorization configuration
2246 information for the EFI IPsec driver.
2248 This function is used to set the IPsec configuration information of type DataType for
2249 the EFI IPsec driver.
2250 The IPsec configuration data has a unique selector/identifier separately to identify
2251 a data entry. The selector structure depends on DataType's definition.
2252 Using SetData() with a Data of NULL causes the IPsec configuration data entry identified
2253 by DataType and Selector to be deleted.
2255 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2256 @param[in] DataType The type of data to be set.
2257 @param[in] Selector Pointer to an entry selector on operated configuration data
2258 specified by DataType. A NULL Selector causes the entire
2259 specified-type configuration information to be flushed.
2260 @param[in] Data The data buffer to be set. The structure of the data buffer is
2261 associated with the DataType.
2262 @param[in] InsertBefore Pointer to one entry selector which describes the expected
2263 position the new data entry will be added. If InsertBefore is NULL,
2264 the new entry will be appended to the end of the database.
2266 @retval EFI_SUCCESS The specified configuration entry data was set successfully.
2267 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
2269 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2270 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
2275 EfiIpSecConfigSetData (
2276 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2277 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2278 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2280 IN EFI_IPSEC_CONFIG_SELECTOR
*InsertBefore OPTIONAL
2286 return EFI_INVALID_PARAMETER
;
2289 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2290 return EFI_UNSUPPORTED
;
2293 Status
= mSetPolicyEntry
[DataType
](Selector
, Data
, InsertBefore
);
2295 if (!EFI_ERROR (Status
) && !mSetBySelf
) {
2297 // Save the updated config data into variable.
2306 Enumerates the current selector for IPsec configuration data entry.
2308 This function is called multiple times to retrieve the entry Selector in IPsec
2309 configuration database. On each call to GetNextSelector(), the next entry
2310 Selector are retrieved into the output interface.
2312 If the entire IPsec configuration database has been iterated, the error
2313 EFI_NOT_FOUND is returned.
2314 If the Selector buffer is too small for the next Selector copy, an
2315 EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect
2316 the size of buffer needed.
2318 On the initial call to GetNextSelector() to start the IPsec configuration database
2319 search, a pointer to the buffer with all zero value is passed in Selector. Calls
2320 to SetData() between calls to GetNextSelector may produce unpredictable results.
2322 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2323 @param[in] DataType The type of IPsec configuration data to retrieve.
2324 @param[in, out] SelectorSize The size of the Selector buffer.
2325 @param[in, out] Selector On input, supplies the pointer to last Selector that was
2326 returned by GetNextSelector().
2327 On output, returns one copy of the current entry Selector
2328 of a given DataType.
2330 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
2331 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
2333 - SelectorSize is NULL.
2335 @retval EFI_NOT_FOUND The next configuration data entry was not found.
2336 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2337 @retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter
2338 has been updated with the size needed to complete the search
2344 EfiIpSecConfigGetNextSelector (
2345 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2346 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2347 IN OUT UINTN
*SelectorSize
,
2348 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*Selector
2352 IPSEC_COMMON_POLICY_ENTRY
*CommonEntry
;
2355 if (This
== NULL
|| Selector
== NULL
|| SelectorSize
== NULL
) {
2356 return EFI_INVALID_PARAMETER
;
2359 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2360 return EFI_UNSUPPORTED
;
2365 NET_LIST_FOR_EACH (Link
, &mConfigData
[DataType
]) {
2366 CommonEntry
= BASE_CR (Link
, IPSEC_COMMON_POLICY_ENTRY
, List
);
2368 if (IsFound
|| mIsZeroSelector
[DataType
](Selector
)) {
2370 // If found the appointed entry, then duplicate the next one and return,
2371 // or if the appointed entry is zero, then return the first one directly.
2373 return mDuplicateSelector
[DataType
](Selector
, CommonEntry
->Selector
, SelectorSize
);
2376 // Set the flag if find the appointed entry.
2378 IsFound
= mCompareSelector
[DataType
](Selector
, CommonEntry
->Selector
);
2382 return EFI_NOT_FOUND
;
2386 Register an event that is to be signaled whenever a configuration process on the
2387 specified IPsec configuration information is done.
2389 The register function is not surpport now and always returns EFI_UNSUPPORTED.
2391 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2392 @param[in] DataType The type of data to be registered the event for.
2393 @param[in] Event The event to be registered.
2395 @retval EFI_SUCCESS The event is registered successfully.
2396 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
2397 @retval EFI_ACCESS_DENIED The Event is already registered for the DataType.
2398 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
2399 DataType is not supported.
2404 EfiIpSecConfigRegisterNotify (
2405 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2406 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2410 return EFI_UNSUPPORTED
;
2414 Remove the specified event that was previously registered on the specified IPsec
2417 This function is not support now and alwasy return EFI_UNSUPPORTED.
2419 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2420 @param[in] DataType The configuration data type to remove the registered event for.
2421 @param[in] Event The event to be unregistered.
2423 @retval EFI_SUCCESS The event was removed successfully.
2424 @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the
2426 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
2427 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
2428 DataType is not supported.
2433 EfiIpSecConfigUnregisterNotify (
2434 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2435 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2439 return EFI_UNSUPPORTED
;
2443 Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.
2445 This function is a caller defined function, and it is called by the IpSecVisitConfigData().
2446 The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to
2447 copy all types of IPsec Config datas into one buffer and store this buffer into firmware in
2448 the form of several variables.
2450 @param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.
2451 @param[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied
2453 @param[in] Data Points to data to be copied to the buffer. The
2454 Data type is related to the Type.
2455 @param[in] SelectorSize The size of the Selector.
2456 @param[in] DataSize The size of the Data.
2457 @param[in, out] Buffer The buffer to store the Selector and Data.
2459 @retval EFI_SUCCESS Copy the Selector and Data to a buffer successfully.
2460 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
2464 IpSecCopyPolicyEntry (
2465 IN EFI_IPSEC_CONFIG_DATA_TYPE Type
,
2466 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2468 IN UINTN SelectorSize
,
2470 IN OUT IPSEC_VARIABLE_BUFFER
*Buffer
2473 IPSEC_VAR_ITEM_HEADER SelectorHeader
;
2474 IPSEC_VAR_ITEM_HEADER DataHeader
;
2478 if (Type
== IPsecConfigDataTypeSad
) {
2480 // Don't save automatically-generated sa entry into variable.
2482 if (((EFI_IPSEC_SA_DATA
*) Data
)->ManualSet
== FALSE
) {
2487 // Increase the capacity size of the buffer if needed.
2489 EntrySize
= ALIGN_VARIABLE (sizeof (SelectorHeader
));
2490 EntrySize
= ALIGN_VARIABLE (EntrySize
+ SelectorSize
);
2491 EntrySize
= ALIGN_VARIABLE (EntrySize
+ sizeof (SelectorHeader
));
2492 EntrySize
= ALIGN_VARIABLE (EntrySize
+ DataSize
);
2494 //EntrySize = SelectorSize + DataSize + 2 * sizeof (SelectorHeader);
2495 if (Buffer
->Capacity
- Buffer
->Size
< EntrySize
) {
2497 // Calculate the required buffer
2499 Buffer
->Capacity
+= EntrySize
;
2500 TempPoint
= AllocatePool (Buffer
->Capacity
);
2502 if (Buffer
->Ptr
== NULL
) {
2503 return EFI_OUT_OF_RESOURCES
;
2506 // Copy the old Buffer to new buffer and free the old one.
2508 CopyMem (TempPoint
, Buffer
->Ptr
, Buffer
->Size
);
2509 FreePool (Buffer
->Ptr
);
2511 Buffer
->Ptr
= TempPoint
;
2514 mFixPolicyEntry
[Type
](Selector
, Data
);
2517 // Fill the selector header and copy it into buffer.
2519 SelectorHeader
.Type
= (UINT8
) (Type
| IPSEC_VAR_ITEM_HEADER_LOGO_BIT
);
2520 SelectorHeader
.Size
= (UINT16
) SelectorSize
;
2523 Buffer
->Ptr
+ Buffer
->Size
,
2525 sizeof (SelectorHeader
)
2527 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ sizeof (SelectorHeader
));
2530 // Copy the selector into buffer.
2533 Buffer
->Ptr
+ Buffer
->Size
,
2537 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ SelectorSize
);
2540 // Fill the data header and copy it into buffer.
2542 DataHeader
.Type
= (UINT8
) Type
;
2543 DataHeader
.Size
= (UINT16
) DataSize
;
2546 Buffer
->Ptr
+ Buffer
->Size
,
2550 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ sizeof (DataHeader
));
2552 // Copy the data into buffer.
2555 Buffer
->Ptr
+ Buffer
->Size
,
2559 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ DataSize
);
2561 mUnfixPolicyEntry
[Type
](Selector
, Data
);
2567 Visit all IPsec Configurations of specified Type and call the caller defined
2570 @param[in] DataType The specified IPsec Config Data Type.
2571 @param[in] Routine The function defined by the caller.
2572 @param[in] Context The data passed to the Routine.
2574 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
2575 @retval EFI_SUCCESS This function completed successfully.
2579 IpSecVisitConfigData (
2580 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2581 IN IPSEC_COPY_POLICY_ENTRY Routine
,
2585 EFI_STATUS GetNextStatus
;
2586 EFI_STATUS GetDataStatus
;
2587 EFI_STATUS RoutineStatus
;
2588 EFI_IPSEC_CONFIG_SELECTOR
*Selector
;
2592 UINTN SelectorBufferSize
;
2593 UINTN DataBufferSize
;
2594 BOOLEAN FirstGetNext
;
2596 FirstGetNext
= TRUE
;
2599 SelectorBufferSize
= sizeof (EFI_IPSEC_CONFIG_SELECTOR
);
2600 Selector
= AllocateZeroPool (SelectorBufferSize
);
2602 if (Selector
== NULL
) {
2603 return EFI_OUT_OF_RESOURCES
;
2608 // Get the real size of the selector.
2610 SelectorSize
= SelectorBufferSize
;
2611 GetNextStatus
= EfiIpSecConfigGetNextSelector (
2612 &mIpSecConfigInstance
,
2617 if (GetNextStatus
== EFI_BUFFER_TOO_SMALL
) {
2618 FreePool (Selector
);
2619 SelectorBufferSize
= SelectorSize
;
2621 // Allocate zero pool for the first selector, while store the last
2622 // selector content for the other selectors.
2625 Selector
= AllocateZeroPool (SelectorBufferSize
);
2627 Selector
= AllocateCopyPool (SelectorBufferSize
, Selector
);
2630 if (Selector
== NULL
) {
2631 return EFI_OUT_OF_RESOURCES
;
2634 // Get the content of the selector.
2636 GetNextStatus
= EfiIpSecConfigGetNextSelector (
2637 &mIpSecConfigInstance
,
2644 if (EFI_ERROR (GetNextStatus
)) {
2648 FirstGetNext
= FALSE
;
2651 // Get the real size of the policy entry according to the selector.
2653 DataSize
= DataBufferSize
;
2654 GetDataStatus
= EfiIpSecConfigGetData (
2655 &mIpSecConfigInstance
,
2661 if (GetDataStatus
== EFI_BUFFER_TOO_SMALL
) {
2666 DataBufferSize
= DataSize
;
2667 Data
= AllocateZeroPool (DataBufferSize
);
2670 return EFI_OUT_OF_RESOURCES
;
2673 // Get the content of the policy entry according to the selector.
2675 GetDataStatus
= EfiIpSecConfigGetData (
2676 &mIpSecConfigInstance
,
2684 if (EFI_ERROR (GetDataStatus
)) {
2688 // Prepare the buffer of updated policy entry, which is stored in
2689 // the continous memory, and then save into variable later.
2691 RoutineStatus
= Routine (
2699 if (EFI_ERROR (RoutineStatus
)) {
2708 if (Selector
!= NULL
) {
2709 FreePool (Selector
);
2716 This function is the subfunction of EFIIpSecConfigSetData.
2718 This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.
2720 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
2721 @retval EFI_SUCCESS Saved the configration successfully.
2722 @retval Others Other errors were found while obtaining the variable.
2730 IPSEC_VARIABLE_BUFFER Buffer
;
2732 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
2735 Buffer
.Capacity
= IPSEC_DEFAULT_VARIABLE_SIZE
;
2736 Buffer
.Ptr
= AllocateZeroPool (Buffer
.Capacity
);
2738 if (Buffer
.Ptr
== NULL
) {
2739 return EFI_OUT_OF_RESOURCES
;
2742 // For each policy database, prepare the contious buffer to save into variable.
2744 for (Type
= IPsecConfigDataTypeSpd
; Type
< IPsecConfigDataTypeMaximum
; Type
++) {
2745 IpSecVisitConfigData (
2747 (IPSEC_COPY_POLICY_ENTRY
) IpSecCopyPolicyEntry
,
2752 // Save the updated policy database into variable.
2754 Status
= IpSecSetVariable (
2755 IPSECCONFIG_VARIABLE_NAME
,
2756 &gEfiIpSecConfigProtocolGuid
,
2757 EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_NON_VOLATILE
,
2762 FreePool (Buffer
.Ptr
);
2768 Get the all IPSec configuration variables and store those variables
2769 to the internal data structure.
2771 This founction is called by IpSecConfigInitialize() which is to intialize the
2772 IPsecConfiguration Protocol.
2774 @param[in] Private Point to IPSEC_PRIVATE_DATA.
2776 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
2777 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
2778 @retval others Other errors is found while obtaining the variable.
2782 IpSecConfigRestore (
2783 IN IPSEC_PRIVATE_DATA
*Private
2789 IPSEC_VAR_ITEM_HEADER
*Header
;
2791 EFI_IPSEC_CONFIG_SELECTOR
*Selector
;
2792 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
2798 Size
= sizeof (Value
);
2802 Status
= gRT
->GetVariable (
2803 IPSECCONFIG_STATUS_NAME
,
2804 &gEfiIpSecConfigProtocolGuid
,
2810 if (!EFI_ERROR (Status
) && Value
== IPSEC_STATUS_ENABLED
) {
2811 Private
->IpSec
.DisabledFlag
= FALSE
;
2814 // Get the real size of policy database in variable.
2816 Status
= IpSecGetVariable (
2817 IPSECCONFIG_VARIABLE_NAME
,
2818 &gEfiIpSecConfigProtocolGuid
,
2823 if (Status
== EFI_BUFFER_TOO_SMALL
) {
2825 Buffer
= AllocateZeroPool (BufferSize
);
2826 if (Buffer
== NULL
) {
2827 return EFI_OUT_OF_RESOURCES
;
2830 // Get the content of policy database in variable.
2832 Status
= IpSecGetVariable (
2833 IPSECCONFIG_VARIABLE_NAME
,
2834 &gEfiIpSecConfigProtocolGuid
,
2839 if (EFI_ERROR (Status
)) {
2844 for (Ptr
= Buffer
; Ptr
< Buffer
+ BufferSize
;) {
2846 Header
= (IPSEC_VAR_ITEM_HEADER
*) Ptr
;
2847 Type
= (EFI_IPSEC_CONFIG_DATA_TYPE
) (Header
->Type
& IPSEC_VAR_ITEM_HEADER_CONTENT_BIT
);
2848 ASSERT (((Header
->Type
& 0x80) == IPSEC_VAR_ITEM_HEADER_LOGO_BIT
) && (Type
< IPsecConfigDataTypeMaximum
));
2850 Selector
= (EFI_IPSEC_CONFIG_SELECTOR
*) ALIGN_POINTER (Header
+ 1, sizeof (UINTN
));
2851 Header
= (IPSEC_VAR_ITEM_HEADER
*) ALIGN_POINTER (
2852 (UINT8
*) Selector
+ Header
->Size
,
2855 ASSERT (Header
->Type
== Type
);
2857 Data
= ALIGN_POINTER (Header
+ 1, sizeof (UINTN
));
2859 mUnfixPolicyEntry
[Type
](Selector
, Data
);
2862 // Update each policy entry according to the content in variable.
2865 Status
= EfiIpSecConfigSetData (
2866 &Private
->IpSecConfig
,
2874 if (EFI_ERROR (Status
)) {
2879 Ptr
= ALIGN_POINTER ((UINT8
*) Data
+ Header
->Size
, sizeof (UINTN
));
2889 Install and Initialize IPsecConfig protocol
2891 @param[in, out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish,
2892 the pointer of IPsecConfig Protocol implementation will copy
2893 into its IPsecConfig member.
2895 @retval EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.
2896 @retval Others Initializing the IPsecConfig Protocol failed.
2899 IpSecConfigInitialize (
2900 IN OUT IPSEC_PRIVATE_DATA
*Private
2903 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
2906 &Private
->IpSecConfig
,
2907 &mIpSecConfigInstance
,
2908 sizeof (EFI_IPSEC_CONFIG_PROTOCOL
)
2912 // Initialize the list head of policy database.
2914 for (Type
= IPsecConfigDataTypeSpd
; Type
< IPsecConfigDataTypeMaximum
; Type
++) {
2915 InitializeListHead (&mConfigData
[Type
]);
2918 // Restore the content of policy database according to the variable.
2920 IpSecConfigRestore (Private
);
2922 return gBS
->InstallMultipleProtocolInterfaces (
2924 &gEfiIpSecConfigProtocolGuid
,
2925 &Private
->IpSecConfig
,