NetworkPkg: Fix SPD entry edit policy issue in IPSecConfig.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
CommitLineData
a3bcde70
HT
1/** @file\r
2 The implementation of policy entry operation function in IpSecConfig application.\r
3\r
a51896e4 4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
a3bcde70
HT
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include "IpSecConfig.h"\r
17#include "Indexer.h"\r
18#include "Match.h"\r
19#include "Helper.h"\r
20#include "ForEach.h"\r
21#include "PolicyEntryOperation.h"\r
22\r
23/**\r
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r
25\r
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
27 @param[in] ParamPackage The pointer to the ParamPackage list.\r
76389e18 28 @param[in, out] Mask The pointer to the Mask.\r
a3bcde70
HT
29\r
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
32\r
33**/\r
34EFI_STATUS\r
35CreateSpdSelector (\r
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r
37 IN LIST_ENTRY *ParamPackage,\r
38 IN OUT UINT32 *Mask\r
39 )\r
40{\r
41 EFI_STATUS Status;\r
42 EFI_STATUS ReturnStatus;\r
43 CONST CHAR16 *ValueStr;\r
44\r
45 Status = EFI_SUCCESS;\r
46 ReturnStatus = EFI_SUCCESS;\r
47\r
48 //\r
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
50 //\r
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r
52 if (ValueStr != NULL) {\r
53 Selector->LocalAddressCount = 1;\r
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r
55 if (EFI_ERROR (Status)) {\r
56 ShellPrintHiiEx (\r
57 -1,\r
58 -1,\r
59 NULL,\r
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
61 mHiiHandle,\r
62 mAppName,\r
63 L"--local",\r
64 ValueStr\r
65 );\r
66 ReturnStatus = EFI_INVALID_PARAMETER;\r
67 } else {\r
68 *Mask |= LOCAL;\r
69 }\r
70 }\r
71\r
72 //\r
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
74 //\r
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r
76 if (ValueStr != NULL) {\r
77 Selector->RemoteAddressCount = 1;\r
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r
79 if (EFI_ERROR (Status)) {\r
80 ShellPrintHiiEx (\r
81 -1,\r
82 -1,\r
83 NULL,\r
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
85 mHiiHandle,\r
86 mAppName,\r
87 L"--remote",\r
88 ValueStr\r
89 );\r
90 ReturnStatus = EFI_INVALID_PARAMETER;\r
91 } else {\r
92 *Mask |= REMOTE;\r
93 }\r
94 }\r
95\r
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r
97\r
98 //\r
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
100 //\r
101 Status = GetNumber (\r
102 L"--proto",\r
103 (UINT16) -1,\r
104 &Selector->NextLayerProtocol,\r
105 sizeof (UINT16),\r
106 mMapIpProtocol,\r
107 ParamPackage,\r
108 FORMAT_NUMBER | FORMAT_STRING\r
109 );\r
110 if (!EFI_ERROR (Status)) {\r
111 *Mask |= PROTO;\r
112 }\r
113\r
114 if (Status == EFI_INVALID_PARAMETER) {\r
115 ReturnStatus = EFI_INVALID_PARAMETER;\r
116 }\r
117\r
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r
120\r
121 //\r
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
123 //\r
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r
125 if (ValueStr != NULL) {\r
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r
127 if (EFI_ERROR (Status)) {\r
128 ShellPrintHiiEx (\r
129 -1,\r
130 -1,\r
131 NULL,\r
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
133 mHiiHandle,\r
134 mAppName,\r
135 L"--local-port",\r
136 ValueStr\r
137 );\r
138 ReturnStatus = EFI_INVALID_PARAMETER;\r
139 } else {\r
140 *Mask |= LOCAL_PORT;\r
141 }\r
142 }\r
143\r
144 //\r
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
146 //\r
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r
148 if (ValueStr != NULL) {\r
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r
150 if (EFI_ERROR (Status)) {\r
151 ShellPrintHiiEx (\r
152 -1,\r
153 -1,\r
154 NULL,\r
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
156 mHiiHandle,\r
157 mAppName,\r
158 L"--remote-port",\r
159 ValueStr\r
160 );\r
161 ReturnStatus = EFI_INVALID_PARAMETER;\r
162 } else {\r
163 *Mask |= REMOTE_PORT;\r
164 }\r
165 }\r
166\r
167 //\r
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
169 //\r
170 Status = GetNumber (\r
171 L"--icmp-type",\r
172 (UINT8) -1,\r
173 &Selector->LocalPort,\r
174 sizeof (UINT16),\r
175 NULL,\r
176 ParamPackage,\r
177 FORMAT_NUMBER\r
178 );\r
179 if (!EFI_ERROR (Status)) {\r
180 *Mask |= ICMP_TYPE;\r
181 }\r
182\r
183 if (Status == EFI_INVALID_PARAMETER) {\r
184 ReturnStatus = EFI_INVALID_PARAMETER;\r
185 }\r
186\r
187 //\r
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
189 //\r
190 Status = GetNumber (\r
191 L"--icmp-code",\r
192 (UINT8) -1,\r
193 &Selector->RemotePort,\r
194 sizeof (UINT16),\r
195 NULL,\r
196 ParamPackage,\r
197 FORMAT_NUMBER\r
198 );\r
199 if (!EFI_ERROR (Status)) {\r
200 *Mask |= ICMP_CODE;\r
201 }\r
202\r
203 if (Status == EFI_INVALID_PARAMETER) {\r
204 ReturnStatus = EFI_INVALID_PARAMETER;\r
205 }\r
206\r
207 return ReturnStatus;\r
208}\r
209\r
210/**\r
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r
212\r
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r
215 @param[in] ParamPackage The pointer to the ParamPackage list.\r
216 @param[out] Mask The pointer to the Mask.\r
217 @param[in] CreateNew The switch to create new.\r
218\r
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
221\r
222**/\r
223EFI_STATUS\r
224CreateSpdEntry (\r
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r
226 OUT EFI_IPSEC_SPD_DATA **Data,\r
227 IN LIST_ENTRY *ParamPackage,\r
228 OUT UINT32 *Mask,\r
229 IN BOOLEAN CreateNew\r
230 )\r
231{\r
232 EFI_STATUS Status;\r
233 EFI_STATUS ReturnStatus;\r
234 CONST CHAR16 *ValueStr;\r
235 UINTN DataSize;\r
236\r
237 Status = EFI_SUCCESS;\r
238 *Mask = 0;\r
239\r
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r
241 ASSERT (*Selector != NULL);\r
242\r
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r
245\r
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r
247\r
248 //\r
249 // SPD DATA\r
250 // NOTE: Allocate enough memory and add padding for different arch.\r
251 //\r
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r
255\r
256 *Data = AllocateZeroPool (DataSize);\r
257 ASSERT (*Data != NULL);\r
258\r
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r
260 (*Data + 1),\r
261 sizeof (UINTN)\r
262 );\r
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r
264 ((*Data)->ProcessingPolicy + 1),\r
265 sizeof (UINTN)\r
266 );\r
267\r
268\r
269 //\r
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r
271 //\r
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r
273 if (ValueStr != NULL) {\r
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);\r
275 *Mask |= NAME;\r
276 }\r
277\r
278 //\r
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r
280 //\r
281 Status = GetNumber (\r
282 L"--packet-flag",\r
283 (UINT8) -1,\r
284 &(*Data)->PackageFlag,\r
285 sizeof (UINT32),\r
286 NULL,\r
287 ParamPackage,\r
288 FORMAT_NUMBER\r
289 );\r
290 if (!EFI_ERROR (Status)) {\r
291 *Mask |= PACKET_FLAG;\r
292 }\r
293\r
294 if (Status == EFI_INVALID_PARAMETER) {\r
295 ReturnStatus = EFI_INVALID_PARAMETER;\r
296 }\r
297\r
298 //\r
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r
300 //\r
301 Status = GetNumber (\r
302 L"--action",\r
303 (UINT8) -1,\r
304 &(*Data)->Action,\r
305 sizeof (UINT32),\r
306 mMapIpSecAction,\r
307 ParamPackage,\r
308 FORMAT_STRING\r
309 );\r
310 if (!EFI_ERROR (Status)) {\r
311 *Mask |= ACTION;\r
312 }\r
313\r
314 if (Status == EFI_INVALID_PARAMETER) {\r
315 ReturnStatus = EFI_INVALID_PARAMETER;\r
316 }\r
317\r
318 //\r
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r
320 //\r
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r
323 *Mask |= EXT_SEQUENCE;\r
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r
326 *Mask |= EXT_SEQUENCE;\r
327 }\r
328\r
329 //\r
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r
331 //\r
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r
334 *Mask |= SEQUENCE_OVERFLOW;\r
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r
337 *Mask |= SEQUENCE_OVERFLOW;\r
338 }\r
339\r
340 //\r
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r
342 //\r
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;\r
345 *Mask |= FRAGMENT_CHECK;\r
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;\r
348 *Mask |= FRAGMENT_CHECK;\r
349 }\r
350\r
351 //\r
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r
353 //\r
354 Status = GetNumber (\r
355 L"--lifebyte",\r
356 (UINT64) -1,\r
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r
358 sizeof (UINT64),\r
359 NULL,\r
360 ParamPackage,\r
361 FORMAT_NUMBER\r
362 );\r
363 if (!EFI_ERROR (Status)) {\r
364 *Mask |= LIFEBYTE;\r
365 }\r
366\r
367 if (Status == EFI_INVALID_PARAMETER) {\r
368 ReturnStatus = EFI_INVALID_PARAMETER;\r
369 }\r
370\r
371 Status = GetNumber (\r
372 L"--lifetime",\r
373 (UINT64) -1,\r
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r
375 sizeof (UINT64),\r
376 NULL,\r
377 ParamPackage,\r
378 FORMAT_NUMBER\r
379 );\r
380 if (!EFI_ERROR (Status)) {\r
381 *Mask |= LIFETIME;\r
382 }\r
383 if (Status == EFI_INVALID_PARAMETER) {\r
384 ReturnStatus = EFI_INVALID_PARAMETER;\r
385 }\r
386\r
387 Status = GetNumber (\r
388 L"--lifetime-soft",\r
389 (UINT64) -1,\r
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r
391 sizeof (UINT64),\r
392 NULL,\r
393 ParamPackage,\r
394 FORMAT_NUMBER\r
395 );\r
396 if (!EFI_ERROR (Status)) {\r
397 *Mask |= LIFETIME_SOFT;\r
398 }\r
399\r
400 if (Status == EFI_INVALID_PARAMETER) {\r
401 ReturnStatus = EFI_INVALID_PARAMETER;\r
402 }\r
403\r
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r
405 Status = GetNumber (\r
406 L"--mode",\r
407 0,\r
408 &(*Data)->ProcessingPolicy->Mode,\r
409 sizeof (UINT32),\r
410 mMapIpSecMode,\r
411 ParamPackage,\r
412 FORMAT_STRING\r
413 );\r
414 if (!EFI_ERROR (Status)) {\r
415 *Mask |= MODE;\r
416 }\r
417\r
418 if (Status == EFI_INVALID_PARAMETER) {\r
419 ReturnStatus = EFI_INVALID_PARAMETER;\r
420 }\r
421\r
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r
423 if (ValueStr != NULL) {\r
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r
425 if (EFI_ERROR (Status)) {\r
426 ShellPrintHiiEx (\r
427 -1,\r
428 -1,\r
429 NULL,\r
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
431 mHiiHandle,\r
432 mAppName,\r
433 L"--tunnel-local",\r
434 ValueStr\r
435 );\r
436 ReturnStatus = EFI_INVALID_PARAMETER;\r
437 } else {\r
438 *Mask |= TUNNEL_LOCAL;\r
439 }\r
440 }\r
441\r
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r
443 if (ValueStr != NULL) {\r
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r
445 if (EFI_ERROR (Status)) {\r
446 ShellPrintHiiEx (\r
447 -1,\r
448 -1,\r
449 NULL,\r
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
451 mHiiHandle,\r
452 mAppName,\r
453 L"--tunnel-remote",\r
454 ValueStr\r
455 );\r
456 ReturnStatus = EFI_INVALID_PARAMETER;\r
457 } else {\r
458 *Mask |= TUNNEL_REMOTE;\r
459 }\r
460 }\r
461\r
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r
463 Status = GetNumber (\r
464 L"--dont-fragment",\r
465 0,\r
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,\r
467 sizeof (UINT32),\r
468 mMapDfOption,\r
469 ParamPackage,\r
470 FORMAT_STRING\r
471 );\r
472 if (!EFI_ERROR (Status)) {\r
473 *Mask |= DONT_FRAGMENT;\r
474 }\r
475\r
476 if (Status == EFI_INVALID_PARAMETER) {\r
477 ReturnStatus = EFI_INVALID_PARAMETER;\r
478 }\r
479\r
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r
481 Status = GetNumber (\r
482 L"--ipsec-proto",\r
483 0,\r
484 &(*Data)->ProcessingPolicy->Proto,\r
485 sizeof (UINT32),\r
486 mMapIpSecProtocol,\r
487 ParamPackage,\r
488 FORMAT_STRING\r
489 );\r
490 if (!EFI_ERROR (Status)) {\r
491 *Mask |= IPSEC_PROTO;\r
492 }\r
493\r
494 if (Status == EFI_INVALID_PARAMETER) {\r
495 ReturnStatus = EFI_INVALID_PARAMETER;\r
496 }\r
497\r
498 Status = GetNumber (\r
499 L"--encrypt-algo",\r
500 0,\r
501 &(*Data)->ProcessingPolicy->EncAlgoId,\r
502 sizeof (UINT8),\r
503 mMapEncAlgo,\r
504 ParamPackage,\r
505 FORMAT_STRING\r
506 );\r
507 if (!EFI_ERROR (Status)) {\r
508 *Mask |= ENCRYPT_ALGO;\r
509 }\r
510\r
511 if (Status == EFI_INVALID_PARAMETER) {\r
512 ReturnStatus = EFI_INVALID_PARAMETER;\r
513 }\r
514\r
515 Status = GetNumber (\r
516 L"--auth-algo",\r
517 0,\r
518 &(*Data)->ProcessingPolicy->AuthAlgoId,\r
519 sizeof (UINT8),\r
520 mMapAuthAlgo,\r
521 ParamPackage,\r
522 FORMAT_STRING\r
523 );\r
524 if (!EFI_ERROR (Status)) {\r
525 *Mask |= AUTH_ALGO;\r
526 }\r
527\r
528 if (Status == EFI_INVALID_PARAMETER) {\r
529 ReturnStatus = EFI_INVALID_PARAMETER;\r
530 }\r
531\r
532 //\r
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r
534 //\r
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;\r
537 }\r
538\r
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r
542 if ((*Data)->Action != EfiIPsecActionProtect) {\r
543 //\r
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r
545 //\r
546 (*Data)->ProcessingPolicy = NULL;\r
547 }\r
548 }\r
549\r
550 if (CreateNew) {\r
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r
552 ShellPrintHiiEx (\r
553 -1,\r
554 -1,\r
555 NULL,\r
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
557 mHiiHandle,\r
558 mAppName,\r
559 L"--local --remote --proto --action"\r
560 );\r
561 ReturnStatus = EFI_INVALID_PARAMETER;\r
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r
565 ShellPrintHiiEx (\r
566 -1,\r
567 -1,\r
568 NULL,\r
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
570 mHiiHandle,\r
571 mAppName,\r
572 L"--tunnel-local --tunnel-remote"\r
573 );\r
574 ReturnStatus = EFI_INVALID_PARAMETER;\r
575 }\r
576 }\r
577\r
578 return ReturnStatus;\r
579}\r
580\r
581/**\r
64b2d0e5 582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.\r
a3bcde70
HT
583\r
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70
HT
586 @param[in] ParamPackage The pointer to the ParamPackage list.\r
587 @param[out] Mask The pointer to the Mask.\r
588 @param[in] CreateNew The switch to create new.\r
589\r
64b2d0e5 590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.\r
a3bcde70
HT
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
592\r
593**/\r
594EFI_STATUS\r
595CreateSadEntry (\r
596 OUT EFI_IPSEC_SA_ID **SaId,\r
64b2d0e5 597 OUT EFI_IPSEC_SA_DATA2 **Data,\r
a3bcde70
HT
598 IN LIST_ENTRY *ParamPackage,\r
599 OUT UINT32 *Mask,\r
600 IN BOOLEAN CreateNew\r
601 )\r
602{\r
603 EFI_STATUS Status;\r
604 EFI_STATUS ReturnStatus;\r
605 UINTN AuthKeyLength;\r
606 UINTN EncKeyLength;\r
607 CONST CHAR16 *ValueStr;\r
64b2d0e5 608 CHAR8 *AsciiStr;\r
a3bcde70
HT
609 UINTN DataSize;\r
610\r
611 Status = EFI_SUCCESS;\r
612 ReturnStatus = EFI_SUCCESS;\r
613 *Mask = 0;\r
614 AuthKeyLength = 0;\r
615 EncKeyLength = 0;\r
616\r
617 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r
618 ASSERT (*SaId != NULL);\r
619\r
620 //\r
621 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r
622 //\r
623 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r
624 if (!EFI_ERROR (Status)) {\r
625 *Mask |= SPI;\r
626 }\r
627\r
628 if (Status == EFI_INVALID_PARAMETER) {\r
629 ReturnStatus = EFI_INVALID_PARAMETER;\r
630 }\r
631\r
632 //\r
633 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r
634 //\r
635 Status = GetNumber (\r
636 L"--ipsec-proto",\r
637 0,\r
638 &(*SaId)->Proto,\r
639 sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r
640 mMapIpSecProtocol,\r
641 ParamPackage,\r
642 FORMAT_STRING\r
643 );\r
644 if (!EFI_ERROR (Status)) {\r
645 *Mask |= IPSEC_PROTO;\r
646 }\r
647\r
648 if (Status == EFI_INVALID_PARAMETER) {\r
649 ReturnStatus = EFI_INVALID_PARAMETER;\r
650 }\r
651\r
652 //\r
64b2d0e5 653 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.\r
a3bcde70
HT
654 //\r
655 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
656 if (ValueStr != NULL) {\r
64b2d0e5 657 AuthKeyLength = StrLen (ValueStr);\r
a3bcde70
HT
658 }\r
659\r
660 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
661 if (ValueStr != NULL) {\r
64b2d0e5 662 EncKeyLength = StrLen (ValueStr);\r
a3bcde70
HT
663 }\r
664\r
665 //\r
64b2d0e5 666 // EFI_IPSEC_SA_DATA2:\r
a3bcde70 667 // +------------\r
64b2d0e5 668 // | EFI_IPSEC_SA_DATA2\r
a3bcde70
HT
669 // +-----------------------\r
670 // | AuthKey\r
671 // +-------------------------\r
672 // | EncKey\r
673 // +-------------------------\r
674 // | SpdSelector\r
675 //\r
676 // Notes: To make sure the address alignment add padding after each data if needed.\r
677 //\r
64b2d0e5 678 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r
a3bcde70
HT
679 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r
680 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r
681 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r
682 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r
683 DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r
684\r
685\r
686\r
687 *Data = AllocateZeroPool (DataSize);\r
688 ASSERT (*Data != NULL);\r
689\r
690 (*Data)->ManualSet = TRUE;\r
691 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r
692 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
693 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r
694 sizeof (UINTN)\r
695 );\r
696 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r
697 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r
698 sizeof (UINTN)\r
699 );\r
700 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
701 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r
702 sizeof (UINTN));\r
703 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
704 (*Data)->SpdSelector->LocalAddress + 1,\r
705 sizeof (UINTN)\r
706 );\r
707\r
708 (*Data)->Mode = EfiIPsecTransport;\r
709 Status = GetNumber (\r
710 L"--mode",\r
711 0,\r
712 &(*Data)->Mode,\r
713 sizeof (EFI_IPSEC_MODE),\r
714 mMapIpSecMode,\r
715 ParamPackage,\r
716 FORMAT_STRING\r
717 );\r
718 if (!EFI_ERROR (Status)) {\r
719 *Mask |= MODE;\r
720 }\r
721\r
722 if (Status == EFI_INVALID_PARAMETER) {\r
723 ReturnStatus = EFI_INVALID_PARAMETER;\r
724 }\r
725\r
726 //\r
727 // According to RFC 4303-3.3.3. The first packet sent using a given SA\r
728 // will contain a sequence number of 1.\r
729 //\r
730 (*Data)->SNCount = 1;\r
731 Status = GetNumber (\r
732 L"--sequence-number",\r
733 (UINT64) -1,\r
734 &(*Data)->SNCount,\r
735 sizeof (UINT64),\r
736 NULL,\r
737 ParamPackage,\r
738 FORMAT_NUMBER\r
739 );\r
740 if (!EFI_ERROR (Status)) {\r
741 *Mask |= SEQUENCE_NUMBER;\r
742 }\r
743\r
744 if (Status == EFI_INVALID_PARAMETER) {\r
745 ReturnStatus = EFI_INVALID_PARAMETER;\r
746 }\r
747\r
748 (*Data)->AntiReplayWindows = 0;\r
749 Status = GetNumber (\r
750 L"--antireplay-window",\r
751 (UINT8) -1,\r
752 &(*Data)->AntiReplayWindows,\r
753 sizeof (UINT8),\r
754 NULL,\r
755 ParamPackage,\r
756 FORMAT_NUMBER\r
757 );\r
758 if (!EFI_ERROR (Status)) {\r
759 *Mask |= SEQUENCE_NUMBER;\r
760 }\r
761\r
762 if (Status == EFI_INVALID_PARAMETER) {\r
763 ReturnStatus = EFI_INVALID_PARAMETER;\r
764 }\r
765\r
766 Status = GetNumber (\r
767 L"--encrypt-algo",\r
768 0,\r
769 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r
770 sizeof (UINT8),\r
771 mMapEncAlgo,\r
772 ParamPackage,\r
773 FORMAT_STRING\r
774 );\r
775 if (!EFI_ERROR (Status)) {\r
776 *Mask |= ENCRYPT_ALGO;\r
777 }\r
778\r
779 if (Status == EFI_INVALID_PARAMETER) {\r
780 ReturnStatus = EFI_INVALID_PARAMETER;\r
781 }\r
782\r
783 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
784 if (ValueStr != NULL ) {\r
785 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r
64b2d0e5 786 AsciiStr = AllocateZeroPool (EncKeyLength + 1);\r
7a49cd08 787 ASSERT (AsciiStr != NULL);\r
64b2d0e5 788 UnicodeStrToAsciiStr (ValueStr, AsciiStr);\r
789 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);\r
790 FreePool (AsciiStr);\r
a3bcde70
HT
791 *Mask |= ENCRYPT_KEY;\r
792 } else {\r
793 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r
794 }\r
795\r
796 Status = GetNumber (\r
797 L"--auth-algo",\r
798 0,\r
799 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r
800 sizeof (UINT8),\r
801 mMapAuthAlgo,\r
802 ParamPackage,\r
803 FORMAT_STRING\r
804 );\r
805 if (!EFI_ERROR (Status)) {\r
806 *Mask |= AUTH_ALGO;\r
807 }\r
808\r
809 if (Status == EFI_INVALID_PARAMETER) {\r
810 ReturnStatus = EFI_INVALID_PARAMETER;\r
811 }\r
812\r
813 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
814 if (ValueStr != NULL) {\r
815 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r
64b2d0e5 816 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);\r
bef3fd0c 817 ASSERT (AsciiStr != NULL);\r
64b2d0e5 818 UnicodeStrToAsciiStr (ValueStr, AsciiStr);\r
819 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);\r
820 FreePool (AsciiStr);\r
a3bcde70
HT
821 *Mask |= AUTH_KEY;\r
822 } else {\r
823 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r
824 }\r
825\r
826 Status = GetNumber (\r
827 L"--lifebyte",\r
828 (UINT64) -1,\r
829 &(*Data)->SaLifetime.ByteCount,\r
830 sizeof (UINT64),\r
831 NULL,\r
832 ParamPackage,\r
833 FORMAT_NUMBER\r
834 );\r
835 if (!EFI_ERROR (Status)) {\r
836 *Mask |= LIFEBYTE;\r
837 }\r
838\r
839 if (Status == EFI_INVALID_PARAMETER) {\r
840 ReturnStatus = EFI_INVALID_PARAMETER;\r
841 }\r
842\r
843 Status = GetNumber (\r
844 L"--lifetime",\r
845 (UINT64) -1,\r
846 &(*Data)->SaLifetime.HardLifetime,\r
847 sizeof (UINT64),\r
848 NULL,\r
849 ParamPackage,\r
850 FORMAT_NUMBER\r
851 );\r
852 if (!EFI_ERROR (Status)) {\r
853 *Mask |= LIFETIME;\r
854 }\r
855\r
856 if (Status == EFI_INVALID_PARAMETER) {\r
857 ReturnStatus = EFI_INVALID_PARAMETER;\r
858 }\r
859\r
860 Status = GetNumber (\r
861 L"--lifetime-soft",\r
862 (UINT64) -1,\r
863 &(*Data)->SaLifetime.SoftLifetime,\r
864 sizeof (UINT64),\r
865 NULL,\r
866 ParamPackage,\r
867 FORMAT_NUMBER\r
868 );\r
869 if (!EFI_ERROR (Status)) {\r
870 *Mask |= LIFETIME_SOFT;\r
871 }\r
872\r
873 if (Status == EFI_INVALID_PARAMETER) {\r
874 ReturnStatus = EFI_INVALID_PARAMETER;\r
875 }\r
876\r
877 Status = GetNumber (\r
878 L"--path-mtu",\r
879 (UINT32) -1,\r
880 &(*Data)->PathMTU,\r
881 sizeof (UINT32),\r
882 NULL,\r
883 ParamPackage,\r
884 FORMAT_NUMBER\r
885 );\r
886 if (!EFI_ERROR (Status)) {\r
887 *Mask |= PATH_MTU;\r
888 }\r
889\r
890 if (Status == EFI_INVALID_PARAMETER) {\r
891 ReturnStatus = EFI_INVALID_PARAMETER;\r
892 }\r
893\r
64b2d0e5 894 //\r
895 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
896 //\r
897 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");\r
898 if (ValueStr != NULL) {\r
899 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);\r
900 if (EFI_ERROR (Status)) {\r
901 ShellPrintHiiEx (\r
902 -1,\r
903 -1,\r
904 NULL,\r
905 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
906 mHiiHandle,\r
907 mAppName,\r
908 L"--tunnel-dest",\r
909 ValueStr\r
910 );\r
911 ReturnStatus = EFI_INVALID_PARAMETER;\r
912 } else {\r
913 *Mask |= DEST;\r
914 }\r
915 }\r
916\r
917 //\r
da7c529c 918 // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
64b2d0e5 919 //\r
920 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");\r
921 if (ValueStr != NULL) {\r
922 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);\r
923 if (EFI_ERROR (Status)) {\r
924 ShellPrintHiiEx (\r
925 -1,\r
926 -1,\r
927 NULL,\r
928 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
929 mHiiHandle,\r
930 mAppName,\r
931 L"--tunnel-source",\r
932 ValueStr\r
933 );\r
934 ReturnStatus = EFI_INVALID_PARAMETER;\r
935 } else {\r
936 *Mask |= SOURCE;\r
937 }\r
938 }\r
da7c529c 939\r
940 //\r
941 // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set\r
942 //\r
943 if ((*Data)->Mode == EfiIPsecTunnel) {\r
944 if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {\r
945 ShellPrintHiiEx (\r
946 -1,\r
947 -1,\r
948 NULL,\r
949 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
950 mHiiHandle,\r
951 mAppName,\r
952 L"--tunnel-source --tunnel-dest"\r
953 );\r
954 ReturnStatus = EFI_INVALID_PARAMETER;\r
955 }\r
956 }\r
a3bcde70
HT
957 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r
958\r
959 if (CreateNew) {\r
da7c529c 960 if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {\r
a3bcde70
HT
961 ShellPrintHiiEx (\r
962 -1,\r
963 -1,\r
964 NULL,\r
965 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
966 mHiiHandle,\r
967 mAppName,\r
da7c529c 968 L"--spi --ipsec-proto --local --remote"\r
a3bcde70
HT
969 );\r
970 ReturnStatus = EFI_INVALID_PARAMETER;\r
971 } else {\r
972 if ((*SaId)->Proto == EfiIPsecAH) {\r
973 if ((*Mask & AUTH_ALGO) == 0) {\r
974 ShellPrintHiiEx (\r
975 -1,\r
976 -1,\r
977 NULL,\r
978 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
979 mHiiHandle,\r
980 mAppName,\r
981 L"--auth-algo"\r
982 );\r
983 ReturnStatus = EFI_INVALID_PARAMETER;\r
780847d1 984 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
a3bcde70
HT
985 ShellPrintHiiEx (\r
986 -1,\r
987 -1,\r
988 NULL,\r
989 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
990 mHiiHandle,\r
991 mAppName,\r
992 L"--auth-key"\r
993 );\r
994 ReturnStatus = EFI_INVALID_PARAMETER;\r
995 }\r
996 } else {\r
da7c529c 997 if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {\r
a3bcde70
HT
998 ShellPrintHiiEx (\r
999 -1,\r
1000 -1,\r
1001 NULL,\r
1002 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1003 mHiiHandle,\r
1004 mAppName,\r
da7c529c 1005 L"--encrypt-algo --auth-algo"\r
a3bcde70
HT
1006 );\r
1007 ReturnStatus = EFI_INVALID_PARAMETER;\r
780847d1 1008 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r
a3bcde70
HT
1009 ShellPrintHiiEx (\r
1010 -1,\r
1011 -1,\r
1012 NULL,\r
1013 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1014 mHiiHandle,\r
1015 mAppName,\r
1016 L"--encrypt-key"\r
1017 );\r
1018 ReturnStatus = EFI_INVALID_PARAMETER;\r
da7c529c 1019 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
1020 ShellPrintHiiEx (\r
1021 -1,\r
1022 -1,\r
1023 NULL,\r
1024 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1025 mHiiHandle,\r
1026 mAppName,\r
1027 L"--auth-key"\r
1028 );\r
1029 ReturnStatus = EFI_INVALID_PARAMETER;\r
a3bcde70
HT
1030 }\r
1031 }\r
1032 }\r
1033 }\r
1034\r
1035 return ReturnStatus;\r
1036}\r
1037\r
1038/**\r
1039 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r
1040\r
1041 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1042 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1043 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1044 @param[out] Mask The pointer to the Mask.\r
1045 @param[in] CreateNew The switch to create new.\r
1046\r
1047 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r
1048 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1049\r
1050**/\r
1051EFI_STATUS\r
1052CreatePadEntry (\r
1053 OUT EFI_IPSEC_PAD_ID **PadId,\r
1054 OUT EFI_IPSEC_PAD_DATA **Data,\r
1055 IN LIST_ENTRY *ParamPackage,\r
1056 OUT UINT32 *Mask,\r
1057 IN BOOLEAN CreateNew\r
1058 )\r
1059{\r
1060 EFI_STATUS Status;\r
1061 EFI_STATUS ReturnStatus;\r
780847d1 1062 SHELL_FILE_HANDLE FileHandle;\r
a3bcde70
HT
1063 UINT64 FileSize;\r
1064 UINTN AuthDataLength;\r
1065 UINTN RevocationDataLength;\r
1066 UINTN DataLength;\r
1067 UINTN Index;\r
1068 CONST CHAR16 *ValueStr;\r
1069 UINTN DataSize;\r
1070\r
1071 Status = EFI_SUCCESS;\r
1072 ReturnStatus = EFI_SUCCESS;\r
1073 *Mask = 0;\r
1074 AuthDataLength = 0;\r
1075 RevocationDataLength = 0;\r
1076\r
1077 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r
1078 ASSERT (*PadId != NULL);\r
1079\r
1080 //\r
1081 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r
1082 //\r
1083 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r
1084 if (ValueStr != NULL) {\r
1085 (*PadId)->PeerIdValid = FALSE;\r
1086 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r
1087 if (EFI_ERROR (Status)) {\r
1088 ShellPrintHiiEx (\r
1089 -1,\r
1090 -1,\r
1091 NULL,\r
1092 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
1093 mHiiHandle,\r
1094 mAppName,\r
1095 L"--peer-address",\r
1096 ValueStr\r
1097 );\r
1098 ReturnStatus = EFI_INVALID_PARAMETER;\r
1099 } else {\r
1100 *Mask |= PEER_ADDRESS;\r
1101 }\r
1102 }\r
1103\r
1104 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r
1105 if (ValueStr != NULL) {\r
1106 (*PadId)->PeerIdValid = TRUE;\r
c960bdc2 1107 StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);\r
a3bcde70
HT
1108 *Mask |= PEER_ID;\r
1109 }\r
1110\r
1111 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1112 if (ValueStr != NULL) {\r
1113 if (ValueStr[0] == L'@') {\r
1114 //\r
1115 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1116 //\r
1117 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1118 if (EFI_ERROR (Status)) {\r
1119 ShellPrintHiiEx (\r
1120 -1,\r
1121 -1,\r
1122 NULL,\r
1123 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1124 mHiiHandle,\r
1125 mAppName,\r
1126 &ValueStr[1]\r
1127 );\r
1128 ReturnStatus = EFI_INVALID_PARAMETER;\r
1129 } else {\r
1130 Status = ShellGetFileSize (FileHandle, &FileSize);\r
1131 ShellCloseFile (&FileHandle);\r
1132 if (EFI_ERROR (Status)) {\r
1133 ShellPrintHiiEx (\r
1134 -1,\r
1135 -1,\r
1136 NULL,\r
1137 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1138 mHiiHandle,\r
1139 mAppName,\r
1140 &ValueStr[1]\r
1141 );\r
1142 ReturnStatus = EFI_INVALID_PARAMETER;\r
1143 } else {\r
1144 AuthDataLength = (UINTN) FileSize;\r
1145 }\r
1146 }\r
1147 } else {\r
1148 AuthDataLength = StrLen (ValueStr);\r
1149 }\r
1150 }\r
1151\r
1152 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1153 if (ValueStr != NULL) {\r
1154 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
1155 }\r
1156\r
1157 //\r
1158 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r
1159 // in different Arch.\r
1160 //\r
1161 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r
1162 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r
1163 DataSize += RevocationDataLength;\r
1164\r
1165 *Data = AllocateZeroPool (DataSize);\r
1166 ASSERT (*Data != NULL);\r
1167\r
1168 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r
1169 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r
1170 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r
1171\r
1172 //\r
1173 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r
1174 //\r
1175 Status = GetNumber (\r
1176 L"--auth-proto",\r
1177 0,\r
1178 &(*Data)->AuthProtocol,\r
1179 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r
1180 mMapAuthProto,\r
1181 ParamPackage,\r
1182 FORMAT_STRING\r
1183 );\r
1184 if (!EFI_ERROR (Status)) {\r
1185 *Mask |= AUTH_PROTO;\r
1186 }\r
1187\r
1188 if (Status == EFI_INVALID_PARAMETER) {\r
1189 ReturnStatus = EFI_INVALID_PARAMETER;\r
1190 }\r
1191\r
1192 Status = GetNumber (\r
1193 L"--auth-method",\r
1194 0,\r
1195 &(*Data)->AuthMethod,\r
1196 sizeof (EFI_IPSEC_AUTH_METHOD),\r
1197 mMapAuthMethod,\r
1198 ParamPackage,\r
1199 FORMAT_STRING\r
1200 );\r
1201 if (!EFI_ERROR (Status)) {\r
1202 *Mask |= AUTH_METHOD;\r
1203 }\r
1204\r
1205 if (Status == EFI_INVALID_PARAMETER) {\r
1206 ReturnStatus = EFI_INVALID_PARAMETER;\r
1207 }\r
1208\r
1209 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r
1210 (*Data)->IkeIdFlag = TRUE;\r
1211 *Mask |= IKE_ID;\r
1212 }\r
1213\r
1214 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r
1215 (*Data)->IkeIdFlag = FALSE;\r
1216 *Mask |= IKE_ID;\r
1217 }\r
1218\r
1219 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1220 if (ValueStr != NULL) {\r
1221 if (ValueStr[0] == L'@') {\r
1222 //\r
1223 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1224 //\r
1225\r
1226 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1227 if (EFI_ERROR (Status)) {\r
1228 ShellPrintHiiEx (\r
1229 -1,\r
1230 -1,\r
1231 NULL,\r
1232 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1233 mHiiHandle,\r
1234 mAppName,\r
1235 &ValueStr[1]\r
1236 );\r
1237 ReturnStatus = EFI_INVALID_PARAMETER;\r
1238 (*Data)->AuthData = NULL;\r
1239 } else {\r
1240 DataLength = AuthDataLength;\r
64b2d0e5 1241 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r
a3bcde70
HT
1242 ShellCloseFile (&FileHandle);\r
1243 if (EFI_ERROR (Status)) {\r
1244 ShellPrintHiiEx (\r
1245 -1,\r
1246 -1,\r
1247 NULL,\r
1248 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1249 mHiiHandle,\r
1250 mAppName,\r
1251 &ValueStr[1]\r
1252 );\r
1253 ReturnStatus = EFI_INVALID_PARAMETER;\r
1254 (*Data)->AuthData = NULL;\r
1255 } else {\r
1256 ASSERT (DataLength == AuthDataLength);\r
1257 *Mask |= AUTH_DATA;\r
1258 }\r
1259 }\r
1260 } else {\r
1261 for (Index = 0; Index < AuthDataLength; Index++) {\r
1262 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r
1263 }\r
1264 (*Data)->AuthDataSize = AuthDataLength;\r
1265 *Mask |= AUTH_DATA;\r
1266 }\r
1267 }\r
1268\r
1269 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1270 if (ValueStr != NULL) {\r
1271 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r
1272 (*Data)->RevocationDataSize = RevocationDataLength;\r
1273 *Mask |= REVOCATION_DATA;\r
1274 } else {\r
1275 (*Data)->RevocationData = NULL;\r
1276 }\r
1277\r
1278 if (CreateNew) {\r
1279 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1280 ShellPrintHiiEx (\r
1281 -1,\r
1282 -1,\r
1283 NULL,\r
1284 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1285 mHiiHandle,\r
1286 mAppName,\r
1287 L"--peer-id --peer-address"\r
1288 );\r
1289 ReturnStatus = EFI_INVALID_PARAMETER;\r
1290 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r
1291 ShellPrintHiiEx (\r
1292 -1,\r
1293 -1,\r
1294 NULL,\r
1295 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1296 mHiiHandle,\r
1297 mAppName,\r
1298 L"--auth-method --auth-data"\r
1299 );\r
1300 ReturnStatus = EFI_INVALID_PARAMETER;\r
1301 }\r
1302 }\r
1303\r
1304 return ReturnStatus;\r
1305}\r
1306\r
1307CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r
1308 (CREATE_POLICY_ENTRY) CreateSpdEntry,\r
1309 (CREATE_POLICY_ENTRY) CreateSadEntry,\r
1310 (CREATE_POLICY_ENTRY) CreatePadEntry\r
1311};\r
1312\r
1313/**\r
1314 Combine old SPD entry with new SPD entry.\r
1315\r
1316 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1317 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1318 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1319 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1320 @param[in] Mask The pointer to the Mask.\r
1321 @param[out] CreateNew The switch to create new.\r
1322\r
1323 @retval EFI_SUCCESS Combined successfully.\r
1324 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1325\r
1326**/\r
1327EFI_STATUS\r
1328CombineSpdEntry (\r
1329 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r
1330 IN OUT EFI_IPSEC_SPD_DATA *OldData,\r
1331 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r
1332 IN EFI_IPSEC_SPD_DATA *NewData,\r
1333 IN UINT32 Mask,\r
1334 OUT BOOLEAN *CreateNew\r
1335 )\r
1336{\r
1337\r
1338 //\r
1339 // Process Selector\r
1340 //\r
1341 *CreateNew = FALSE;\r
1342 if ((Mask & LOCAL) == 0) {\r
1343 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r
1344 NewSelector->LocalAddress = OldSelector->LocalAddress;\r
1345 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r
1346 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1347 *CreateNew = TRUE;\r
1348 }\r
1349\r
1350 if ((Mask & REMOTE) == 0) {\r
1351 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r
1352 NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r
1353 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r
1354 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1355 *CreateNew = TRUE;\r
1356 }\r
1357\r
1358 if ((Mask & PROTO) == 0) {\r
1359 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r
1360 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r
1361 *CreateNew = TRUE;\r
1362 }\r
1363\r
1364 switch (NewSelector->NextLayerProtocol) {\r
1365 case EFI_IP4_PROTO_TCP:\r
1366 case EFI_IP4_PROTO_UDP:\r
1367 if ((Mask & LOCAL_PORT) == 0) {\r
1368 NewSelector->LocalPort = OldSelector->LocalPort;\r
1369 NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r
1370 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r
1371 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r
1372 *CreateNew = TRUE;\r
1373 }\r
1374\r
1375 if ((Mask & REMOTE_PORT) == 0) {\r
1376 NewSelector->RemotePort = OldSelector->RemotePort;\r
1377 NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r
1378 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r
1379 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r
1380 *CreateNew = TRUE;\r
1381 }\r
1382 break;\r
1383\r
1384 case EFI_IP4_PROTO_ICMP:\r
1385 if ((Mask & ICMP_TYPE) == 0) {\r
1386 NewSelector->LocalPort = OldSelector->LocalPort;\r
1387 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r
1388 *CreateNew = TRUE;\r
1389 }\r
1390\r
1391 if ((Mask & ICMP_CODE) == 0) {\r
1392 NewSelector->RemotePort = OldSelector->RemotePort;\r
1393 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r
1394 *CreateNew = TRUE;\r
1395 }\r
1396 break;\r
1397 }\r
1398 //\r
1399 // Process Data\r
1400 //\r
a51896e4
JW
1401 OldData->SaIdCount = 0;\r
1402\r
a3bcde70 1403 if ((Mask & NAME) != 0) {\r
c960bdc2 1404 AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);\r
a3bcde70
HT
1405 }\r
1406\r
1407 if ((Mask & PACKET_FLAG) != 0) {\r
1408 OldData->PackageFlag = NewData->PackageFlag;\r
1409 }\r
1410\r
1411 if ((Mask & ACTION) != 0) {\r
1412 OldData->Action = NewData->Action;\r
1413 }\r
1414\r
1415 if (OldData->Action != EfiIPsecActionProtect) {\r
1416 OldData->ProcessingPolicy = NULL;\r
1417 } else {\r
1418 //\r
1419 // Protect\r
1420 //\r
1421 if (OldData->ProcessingPolicy == NULL) {\r
1422 //\r
1423 // Just point to new data if originally NULL.\r
1424 //\r
1425 OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r
1426 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r
1427 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r
1428 ) {\r
1429 //\r
1430 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r
1431 //\r
1432 ShellPrintHiiEx (\r
1433 -1,\r
1434 -1,\r
1435 NULL,\r
1436 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1437 mHiiHandle,\r
1438 mAppName,\r
1439 L"--tunnel-local --tunnel-remote"\r
1440 );\r
1441 return EFI_INVALID_PARAMETER;\r
1442 }\r
1443 } else {\r
1444 //\r
1445 // Modify some of the data.\r
1446 //\r
1447 if ((Mask & EXT_SEQUENCE) != 0) {\r
1448 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r
1449 }\r
1450\r
1451 if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r
1452 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r
1453 }\r
1454\r
1455 if ((Mask & FRAGMENT_CHECK) != 0) {\r
1456 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r
1457 }\r
1458\r
1459 if ((Mask & LIFEBYTE) != 0) {\r
1460 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r
1461 }\r
1462\r
1463 if ((Mask & LIFETIME_SOFT) != 0) {\r
1464 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r
1465 }\r
1466\r
1467 if ((Mask & LIFETIME) != 0) {\r
1468 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r
1469 }\r
1470\r
1471 if ((Mask & MODE) != 0) {\r
1472 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r
1473 }\r
1474\r
1475 if ((Mask & IPSEC_PROTO) != 0) {\r
1476 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r
1477 }\r
1478\r
1479 if ((Mask & AUTH_ALGO) != 0) {\r
1480 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r
1481 }\r
1482\r
1483 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1484 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r
1485 }\r
1486\r
1487 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r
1488 OldData->ProcessingPolicy->TunnelOption = NULL;\r
1489 } else {\r
1490 if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r
1491 //\r
1492 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r
1493 //\r
1494 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r
1495 ShellPrintHiiEx (\r
1496 -1,\r
1497 -1,\r
1498 NULL,\r
1499 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1500 mHiiHandle,\r
1501 mAppName,\r
1502 L"--tunnel-local --tunnel-remote"\r
1503 );\r
1504 return EFI_INVALID_PARAMETER;\r
1505 }\r
1506\r
1507 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r
1508 } else {\r
1509 if ((Mask & TUNNEL_LOCAL) != 0) {\r
1510 CopyMem (\r
1511 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1512 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1513 sizeof (EFI_IP_ADDRESS)\r
1514 );\r
1515 }\r
1516\r
1517 if ((Mask & TUNNEL_REMOTE) != 0) {\r
1518 CopyMem (\r
1519 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1520 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1521 sizeof (EFI_IP_ADDRESS)\r
1522 );\r
1523 }\r
1524\r
1525 if ((Mask & DONT_FRAGMENT) != 0) {\r
1526 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r
1527 }\r
1528 }\r
1529 }\r
1530 }\r
1531 }\r
1532\r
1533 return EFI_SUCCESS;\r
1534}\r
1535\r
1536/**\r
1537 Combine old SAD entry with new SAD entry.\r
1538\r
1539 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 1540 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70 1541 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 1542 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70
HT
1543 @param[in] Mask The pointer to the Mask.\r
1544 @param[out] CreateNew The switch to create new.\r
1545\r
1546 @retval EFI_SUCCESS Combined successfully.\r
1547 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1548\r
1549**/\r
1550EFI_STATUS\r
1551CombineSadEntry (\r
1552 IN OUT EFI_IPSEC_SA_ID *OldSaId,\r
686d4d4a 1553 IN OUT EFI_IPSEC_SA_DATA2 *OldData,\r
a3bcde70 1554 IN EFI_IPSEC_SA_ID *NewSaId,\r
686d4d4a 1555 IN EFI_IPSEC_SA_DATA2 *NewData,\r
a3bcde70
HT
1556 IN UINT32 Mask,\r
1557 OUT BOOLEAN *CreateNew\r
1558 )\r
1559{\r
1560\r
1561 *CreateNew = FALSE;\r
1562\r
1563 if ((Mask & SPI) == 0) {\r
1564 NewSaId->Spi = OldSaId->Spi;\r
1565 } else if (NewSaId->Spi != OldSaId->Spi) {\r
1566 *CreateNew = TRUE;\r
1567 }\r
1568\r
1569 if ((Mask & IPSEC_PROTO) == 0) {\r
1570 NewSaId->Proto = OldSaId->Proto;\r
1571 } else if (NewSaId->Proto != OldSaId->Proto) {\r
1572 *CreateNew = TRUE;\r
1573 }\r
1574\r
1575 if ((Mask & DEST) == 0) {\r
64b2d0e5 1576 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));\r
1577 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
a3bcde70
HT
1578 *CreateNew = TRUE;\r
1579 }\r
1580\r
64b2d0e5 1581 if ((Mask & SOURCE) == 0) {\r
1582 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));\r
1583 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
1584 *CreateNew = TRUE;\r
1585 }\r
a3bcde70
HT
1586 //\r
1587 // Process SA_DATA.\r
1588 //\r
1589 if ((Mask & MODE) != 0) {\r
1590 OldData->Mode = NewData->Mode;\r
1591 }\r
1592\r
1593 if ((Mask & SEQUENCE_NUMBER) != 0) {\r
1594 OldData->SNCount = NewData->SNCount;\r
1595 }\r
1596\r
1597 if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r
1598 OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r
1599 }\r
1600\r
1601 if ((Mask & AUTH_ALGO) != 0) {\r
1602 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
1603 }\r
1604\r
1605 if ((Mask & AUTH_KEY) != 0) {\r
1606 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r
1607 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
1608 }\r
1609\r
1610 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1611 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
1612 }\r
1613\r
1614 if ((Mask & ENCRYPT_KEY) != 0) {\r
1615 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r
1616 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
1617 }\r
1618\r
1619 if (NewSaId->Proto == EfiIPsecAH) {\r
1620 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r
1621 //\r
1622 // Should not provide encrypt_* if AH.\r
1623 //\r
1624 ShellPrintHiiEx (\r
1625 -1,\r
1626 -1,\r
1627 NULL,\r
1628 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r
1629 mHiiHandle,\r
1630 mAppName,\r
1631 L"--encrypt-algo --encrypt-key"\r
1632 );\r
1633 return EFI_INVALID_PARAMETER;\r
1634 }\r
1635 }\r
1636\r
1637 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r
1638 //\r
1639 // AH -> ESP\r
1640 // Should provide encrypt_algo at least.\r
1641 //\r
1642 if ((Mask & ENCRYPT_ALGO) == 0) {\r
1643 ShellPrintHiiEx (\r
1644 -1,\r
1645 -1,\r
1646 NULL,\r
1647 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1648 mHiiHandle,\r
1649 mAppName,\r
1650 L"--encrypt-algo"\r
1651 );\r
1652 return EFI_INVALID_PARAMETER;\r
1653 }\r
1654\r
1655 //\r
1656 // Encrypt_key should be provided if algorithm is not NONE.\r
1657 //\r
780847d1 1658 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r
a3bcde70
HT
1659 ShellPrintHiiEx (\r
1660 -1,\r
1661 -1,\r
1662 NULL,\r
1663 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1664 mHiiHandle,\r
1665 mAppName,\r
1666 L"--encrypt-algo"\r
1667 );\r
1668 return EFI_INVALID_PARAMETER;\r
1669 }\r
1670 }\r
1671\r
1672 if ((Mask & LIFEBYTE) != 0) {\r
1673 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r
1674 }\r
1675\r
1676 if ((Mask & LIFETIME_SOFT) != 0) {\r
1677 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r
1678 }\r
1679\r
1680 if ((Mask & LIFETIME) != 0) {\r
1681 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r
1682 }\r
1683\r
1684 if ((Mask & PATH_MTU) != 0) {\r
1685 OldData->PathMTU = NewData->PathMTU;\r
1686 }\r
1687 //\r
1688 // Process SpdSelector.\r
1689 //\r
1690 if (OldData->SpdSelector == NULL) {\r
1691 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r
1692 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r
1693 ShellPrintHiiEx (\r
1694 -1,\r
1695 -1,\r
1696 NULL,\r
1697 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1698 mHiiHandle,\r
1699 mAppName,\r
1700 L"--local --remote --proto"\r
1701 );\r
1702 return EFI_INVALID_PARAMETER;\r
1703 }\r
1704\r
1705 OldData->SpdSelector = NewData->SpdSelector;\r
1706 }\r
1707 } else {\r
1708 if ((Mask & LOCAL) != 0) {\r
1709 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r
1710 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r
1711 }\r
1712\r
1713 if ((Mask & REMOTE) != 0) {\r
1714 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r
1715 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r
1716 }\r
1717\r
1718 if ((Mask & PROTO) != 0) {\r
1719 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r
1720 }\r
1721\r
1722 if (OldData->SpdSelector != NULL) {\r
1723 switch (OldData->SpdSelector->NextLayerProtocol) {\r
1724 case EFI_IP4_PROTO_TCP:\r
1725 case EFI_IP4_PROTO_UDP:\r
1726 if ((Mask & LOCAL_PORT) != 0) {\r
1727 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r
1728 }\r
1729\r
1730 if ((Mask & REMOTE_PORT) != 0) {\r
1731 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r
1732 }\r
1733 break;\r
1734\r
1735 case EFI_IP4_PROTO_ICMP:\r
1736 if ((Mask & ICMP_TYPE) != 0) {\r
1737 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r
1738 }\r
1739\r
1740 if ((Mask & ICMP_CODE) != 0) {\r
1741 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r
1742 }\r
1743 break;\r
1744 }\r
1745 }\r
1746 }\r
1747\r
1748 return EFI_SUCCESS;\r
1749}\r
1750\r
1751/**\r
1752 Combine old PAD entry with new PAD entry.\r
1753\r
1754 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1755 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1756 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1757 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1758 @param[in] Mask The pointer to the Mask.\r
1759 @param[out] CreateNew The switch to create new.\r
1760\r
1761 @retval EFI_SUCCESS Combined successfully.\r
1762 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1763\r
1764**/\r
1765EFI_STATUS\r
1766CombinePadEntry (\r
1767 IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r
1768 IN OUT EFI_IPSEC_PAD_DATA *OldData,\r
1769 IN EFI_IPSEC_PAD_ID *NewPadId,\r
1770 IN EFI_IPSEC_PAD_DATA *NewData,\r
1771 IN UINT32 Mask,\r
1772 OUT BOOLEAN *CreateNew\r
1773 )\r
1774{\r
1775\r
1776 *CreateNew = FALSE;\r
1777\r
1778 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1779 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r
1780 } else {\r
1781 if ((Mask & PEER_ID) != 0) {\r
1782 if (OldPadId->PeerIdValid) {\r
1783 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r
1784 *CreateNew = TRUE;\r
1785 }\r
1786 } else {\r
1787 *CreateNew = TRUE;\r
1788 }\r
1789 } else {\r
1790 //\r
1791 // MASK & PEER_ADDRESS\r
1792 //\r
1793 if (OldPadId->PeerIdValid) {\r
1794 *CreateNew = TRUE;\r
1795 } else {\r
1796 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r
1797 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r
1798 *CreateNew = TRUE;\r
1799 }\r
1800 }\r
1801 }\r
1802 }\r
1803\r
1804 if ((Mask & AUTH_PROTO) != 0) {\r
1805 OldData->AuthProtocol = NewData->AuthProtocol;\r
1806 }\r
1807\r
1808 if ((Mask & AUTH_METHOD) != 0) {\r
1809 OldData->AuthMethod = NewData->AuthMethod;\r
1810 }\r
1811\r
1812 if ((Mask & IKE_ID) != 0) {\r
1813 OldData->IkeIdFlag = NewData->IkeIdFlag;\r
1814 }\r
1815\r
1816 if ((Mask & AUTH_DATA) != 0) {\r
1817 OldData->AuthDataSize = NewData->AuthDataSize;\r
1818 OldData->AuthData = NewData->AuthData;\r
1819 }\r
1820\r
1821 if ((Mask & REVOCATION_DATA) != 0) {\r
1822 OldData->RevocationDataSize = NewData->RevocationDataSize;\r
1823 OldData->RevocationData = NewData->RevocationData;\r
1824 }\r
1825\r
1826 return EFI_SUCCESS;\r
1827}\r
1828\r
1829COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r
1830 (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r
1831 (COMBINE_POLICY_ENTRY) CombineSadEntry,\r
1832 (COMBINE_POLICY_ENTRY) CombinePadEntry\r
1833};\r
1834\r
1835/**\r
1836 Edit entry information in the database.\r
1837\r
1838 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1839 @param[in] Data The pointer to the data.\r
1840 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1841\r
1842 @retval EFI_SUCCESS Continue the iteration.\r
1843 @retval EFI_ABORTED Abort the iteration.\r
1844**/\r
1845EFI_STATUS\r
1846EditOperatePolicyEntry (\r
1847 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1848 IN VOID *Data,\r
1849 IN EDIT_POLICY_ENTRY_CONTEXT *Context\r
1850 )\r
1851{\r
1852 EFI_STATUS Status;\r
1853 BOOLEAN CreateNew;\r
1854\r
1855 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1856 ASSERT (Context->DataType < 3);\r
1857\r
1858 Status = mCombinePolicyEntry[Context->DataType] (\r
1859 Selector,\r
1860 Data,\r
1861 Context->Selector,\r
1862 Context->Data,\r
1863 Context->Mask,\r
1864 &CreateNew\r
1865 );\r
1866 if (!EFI_ERROR (Status)) {\r
a51896e4
JW
1867 //\r
1868 // If the Selector already existed, this Entry will be updated by set data.\r
1869 //\r
1870 Status = mIpSecConfig->SetData (\r
1871 mIpSecConfig,\r
1872 Context->DataType,\r
1873 Context->Selector, /// New created selector.\r
1874 Data, /// Old date which has been modified, need to be set data.\r
1875 Selector\r
1876 );\r
1877 ASSERT_EFI_ERROR (Status);\r
1878 \r
a3bcde70
HT
1879 if (CreateNew) {\r
1880 //\r
a51896e4 1881 // Edit the entry to a new one. So, we need delete the old entry.\r
a3bcde70
HT
1882 //\r
1883 Status = mIpSecConfig->SetData (\r
1884 mIpSecConfig,\r
1885 Context->DataType,\r
a51896e4
JW
1886 Selector, /// Old selector.\r
1887 NULL, /// NULL means to delete this Entry specified by Selector.\r
a3bcde70
HT
1888 NULL\r
1889 );\r
1890 ASSERT_EFI_ERROR (Status);\r
a3bcde70
HT
1891 }\r
1892 }\r
1893\r
1894 Context->Status = Status;\r
1895 return EFI_ABORTED;\r
1896 }\r
1897\r
1898 return EFI_SUCCESS;\r
1899}\r
1900\r
1901/**\r
1902 Edit entry information in database according to datatype.\r
1903\r
1904 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1905 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1906\r
1907 @retval EFI_SUCCESS Edit entry information successfully.\r
1908 @retval EFI_NOT_FOUND Can't find the specified entry.\r
1909 @retval Others Some mistaken case.\r
1910**/\r
1911EFI_STATUS\r
1912EditPolicyEntry (\r
1913 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
1914 IN LIST_ENTRY *ParamPackage\r
1915 )\r
1916{\r
1917 EFI_STATUS Status;\r
1918 EDIT_POLICY_ENTRY_CONTEXT Context;\r
1919 CONST CHAR16 *ValueStr;\r
1920\r
1921 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r
1922 if (ValueStr == NULL) {\r
1923 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
1924 return EFI_NOT_FOUND;\r
1925 }\r
1926\r
1927 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
1928 if (!EFI_ERROR (Status)) {\r
1929 Context.DataType = DataType;\r
1930 Context.Status = EFI_NOT_FOUND;\r
1931 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r
1932 if (!EFI_ERROR (Status)) {\r
1933 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r
1934 Status = Context.Status;\r
1935 }\r
1936\r
1937 if (Context.Selector != NULL) {\r
1938 gBS->FreePool (Context.Selector);\r
1939 }\r
1940\r
1941 if (Context.Data != NULL) {\r
1942 gBS->FreePool (Context.Data);\r
1943 }\r
1944 }\r
1945\r
1946 if (Status == EFI_NOT_FOUND) {\r
1947 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
1948 } else if (EFI_ERROR (Status)) {\r
1949 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r
1950 }\r
1951\r
1952 return Status;\r
1953\r
1954}\r
1955\r
1956/**\r
1957 Insert entry information in database.\r
1958\r
1959 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1960 @param[in] Data The pointer to the data.\r
1961 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1962\r
1963 @retval EFI_SUCCESS Continue the iteration.\r
1964 @retval EFI_ABORTED Abort the iteration.\r
1965**/\r
1966EFI_STATUS\r
1967InsertPolicyEntry (\r
1968 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1969 IN VOID *Data,\r
1970 IN INSERT_POLICY_ENTRY_CONTEXT *Context\r
1971 )\r
1972{\r
1973 //\r
1974 // Found the entry which we want to insert before.\r
1975 //\r
1976 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1977\r
1978 Context->Status = mIpSecConfig->SetData (\r
1979 mIpSecConfig,\r
1980 Context->DataType,\r
1981 Context->Selector,\r
1982 Context->Data,\r
1983 Selector\r
1984 );\r
1985 //\r
1986 // Abort the iteration after the insertion.\r
1987 //\r
1988 return EFI_ABORTED;\r
1989 }\r
1990\r
1991 return EFI_SUCCESS;\r
1992}\r
1993\r
1994/**\r
1995 Insert or add entry information in database according to datatype.\r
1996\r
1997 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1998 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1999\r
2000 @retval EFI_SUCCESS Insert or add entry information successfully.\r
2001 @retval EFI_NOT_FOUND Can't find the specified entry.\r
2002 @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r
2003 @retval EFI_UNSUPPORTED The operation is not supported.\r
2004 @retval Others Some mistaken case.\r
2005**/\r
2006EFI_STATUS\r
2007AddOrInsertPolicyEntry (\r
2008 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2009 IN LIST_ENTRY *ParamPackage\r
2010 )\r
2011{\r
2012 EFI_STATUS Status;\r
2013 EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
2014 VOID *Data;\r
2015 INSERT_POLICY_ENTRY_CONTEXT Context;\r
2016 UINT32 Mask;\r
2017 UINTN DataSize;\r
2018 CONST CHAR16 *ValueStr;\r
2019\r
2020 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r
2021 if (!EFI_ERROR (Status)) {\r
2022 //\r
2023 // Find if the Selector to be inserted already exists.\r
2024 //\r
2025 DataSize = 0;\r
2026 Status = mIpSecConfig->GetData (\r
2027 mIpSecConfig,\r
2028 DataType,\r
2029 Selector,\r
2030 &DataSize,\r
2031 NULL\r
2032 );\r
2033 if (Status == EFI_BUFFER_TOO_SMALL) {\r
2034 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r
2035 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
2036 Status = mIpSecConfig->SetData (\r
2037 mIpSecConfig,\r
2038 DataType,\r
2039 Selector,\r
2040 Data,\r
2041 NULL\r
2042 );\r
2043 } else {\r
2044 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r
2045 if (ValueStr == NULL) {\r
2046 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
2047 return EFI_NOT_FOUND;\r
2048 }\r
2049\r
2050 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
2051 if (!EFI_ERROR (Status)) {\r
2052 Context.DataType = DataType;\r
2053 Context.Status = EFI_NOT_FOUND;\r
2054 Context.Selector = Selector;\r
2055 Context.Data = Data;\r
2056\r
2057 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r
2058 Status = Context.Status;\r
2059 if (Status == EFI_NOT_FOUND) {\r
2060 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
2061 }\r
2062 }\r
2063 }\r
2064\r
2065 gBS->FreePool (Selector);\r
2066 gBS->FreePool (Data);\r
2067 }\r
2068\r
2069 if (Status == EFI_UNSUPPORTED) {\r
2070 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r
2071 } else if (EFI_ERROR (Status)) {\r
2072 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r
2073 }\r
2074\r
2075 return Status;\r
2076}\r