]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdeModulePkg/StatusCodeHandlerRuntimeDxe: make global variable static
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
CommitLineData
a3bcde70
HT		 1/** @file\r
2 The implementation of policy entry operation function in IpSecConfig application.\r
3\r
f75a7f56 4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
a3bcde70 5\r
ecf98fbc 6 SPDX-License-Identifier: BSD-2-Clause-Patent\r
a3bcde70
HT		 7\r
8**/\r
9\r
10#include "IpSecConfig.h"\r
11#include "Indexer.h"\r
12#include "Match.h"\r
13#include "Helper.h"\r
14#include "ForEach.h"\r
15#include "PolicyEntryOperation.h"\r
16\r
17/**\r
18 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r
19\r
20 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
21 @param[in] ParamPackage The pointer to the ParamPackage list.\r
76389e18 22 @param[in, out] Mask The pointer to the Mask.\r
a3bcde70
HT		 23\r
24 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r
25 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
26\r
27**/\r
28EFI_STATUS\r
29CreateSpdSelector (\r
30 OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r
31 IN LIST_ENTRY *ParamPackage,\r
32 IN OUT UINT32 *Mask\r
33 )\r
34{\r
35 EFI_STATUS Status;\r
36 EFI_STATUS ReturnStatus;\r
37 CONST CHAR16 *ValueStr;\r
38\r
39 Status = EFI_SUCCESS;\r
40 ReturnStatus = EFI_SUCCESS;\r
41\r
42 //\r
43 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
44 //\r
45 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r
46 if (ValueStr != NULL) {\r
47 Selector->LocalAddressCount = 1;\r
48 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r
49 if (EFI_ERROR (Status)) {\r
50 ShellPrintHiiEx (\r
51 -1,\r
52 -1,\r
53 NULL,\r
54 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
55 mHiiHandle,\r
56 mAppName,\r
57 L"--local",\r
58 ValueStr\r
59 );\r
60 ReturnStatus = EFI_INVALID_PARAMETER;\r
61 } else {\r
62 *Mask |= LOCAL;\r
63 }\r
64 }\r
65\r
66 //\r
67 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
68 //\r
69 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r
70 if (ValueStr != NULL) {\r
71 Selector->RemoteAddressCount = 1;\r
72 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r
73 if (EFI_ERROR (Status)) {\r
74 ShellPrintHiiEx (\r
75 -1,\r
76 -1,\r
77 NULL,\r
78 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
79 mHiiHandle,\r
80 mAppName,\r
81 L"--remote",\r
82 ValueStr\r
83 );\r
84 ReturnStatus = EFI_INVALID_PARAMETER;\r
85 } else {\r
86 *Mask |= REMOTE;\r
87 }\r
88 }\r
89\r
90 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r
91\r
92 //\r
93 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
94 //\r
95 Status = GetNumber (\r
96 L"--proto",\r
97 (UINT16) -1,\r
98 &Selector->NextLayerProtocol,\r
99 sizeof (UINT16),\r
100 mMapIpProtocol,\r
101 ParamPackage,\r
102 FORMAT_NUMBER | FORMAT_STRING\r
103 );\r
104 if (!EFI_ERROR (Status)) {\r
105 *Mask |= PROTO;\r
106 }\r
107\r
108 if (Status == EFI_INVALID_PARAMETER) {\r
109 ReturnStatus = EFI_INVALID_PARAMETER;\r
110 }\r
111\r
112 Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r
113 Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r
114\r
115 //\r
116 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
117 //\r
118 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r
119 if (ValueStr != NULL) {\r
120 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r
121 if (EFI_ERROR (Status)) {\r
122 ShellPrintHiiEx (\r
123 -1,\r
124 -1,\r
125 NULL,\r
126 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
127 mHiiHandle,\r
128 mAppName,\r
129 L"--local-port",\r
130 ValueStr\r
131 );\r
132 ReturnStatus = EFI_INVALID_PARAMETER;\r
133 } else {\r
134 *Mask |= LOCAL_PORT;\r
135 }\r
136 }\r
137\r
138 //\r
139 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
140 //\r
141 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r
142 if (ValueStr != NULL) {\r
143 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r
144 if (EFI_ERROR (Status)) {\r
145 ShellPrintHiiEx (\r
146 -1,\r
147 -1,\r
148 NULL,\r
149 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
150 mHiiHandle,\r
151 mAppName,\r
152 L"--remote-port",\r
153 ValueStr\r
154 );\r
155 ReturnStatus = EFI_INVALID_PARAMETER;\r
156 } else {\r
157 *Mask |= REMOTE_PORT;\r
158 }\r
159 }\r
160\r
161 //\r
162 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
163 //\r
164 Status = GetNumber (\r
165 L"--icmp-type",\r
166 (UINT8) -1,\r
167 &Selector->LocalPort,\r
168 sizeof (UINT16),\r
169 NULL,\r
170 ParamPackage,\r
171 FORMAT_NUMBER\r
172 );\r
173 if (!EFI_ERROR (Status)) {\r
174 *Mask |= ICMP_TYPE;\r
175 }\r
176\r
177 if (Status == EFI_INVALID_PARAMETER) {\r
178 ReturnStatus = EFI_INVALID_PARAMETER;\r
179 }\r
180\r
181 //\r
182 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
183 //\r
184 Status = GetNumber (\r
185 L"--icmp-code",\r
186 (UINT8) -1,\r
187 &Selector->RemotePort,\r
188 sizeof (UINT16),\r
189 NULL,\r
190 ParamPackage,\r
191 FORMAT_NUMBER\r
192 );\r
193 if (!EFI_ERROR (Status)) {\r
194 *Mask |= ICMP_CODE;\r
195 }\r
196\r
197 if (Status == EFI_INVALID_PARAMETER) {\r
198 ReturnStatus = EFI_INVALID_PARAMETER;\r
199 }\r
200\r
201 return ReturnStatus;\r
202}\r
203\r
204/**\r
205 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r
206\r
207 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
208 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r
209 @param[in] ParamPackage The pointer to the ParamPackage list.\r
210 @param[out] Mask The pointer to the Mask.\r
211 @param[in] CreateNew The switch to create new.\r
212\r
213 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r
214 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
215\r
216**/\r
217EFI_STATUS\r
218CreateSpdEntry (\r
219 OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r
220 OUT EFI_IPSEC_SPD_DATA **Data,\r
221 IN LIST_ENTRY *ParamPackage,\r
222 OUT UINT32 *Mask,\r
223 IN BOOLEAN CreateNew\r
224 )\r
225{\r
226 EFI_STATUS Status;\r
227 EFI_STATUS ReturnStatus;\r
228 CONST CHAR16 *ValueStr;\r
229 UINTN DataSize;\r
230\r
231 Status = EFI_SUCCESS;\r
232 *Mask = 0;\r
233\r
234 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r
235 ASSERT (*Selector != NULL);\r
236\r
237 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r
238 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r
239\r
240 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r
241\r
242 //\r
243 // SPD DATA\r
244 // NOTE: Allocate enough memory and add padding for different arch.\r
245 //\r
246 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r
247 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r
248 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r
249\r
250 *Data = AllocateZeroPool (DataSize);\r
251 ASSERT (*Data != NULL);\r
252\r
253 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r
254 (*Data + 1),\r
255 sizeof (UINTN)\r
256 );\r
257 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r
258 ((*Data)->ProcessingPolicy + 1),\r
259 sizeof (UINTN)\r
260 );\r
261\r
262\r
263 //\r
264 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r
265 //\r
266 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r
267 if (ValueStr != NULL) {\r
b9679cd7 268 UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));\r
a3bcde70
HT		 269 *Mask |= NAME;\r
270 }\r
271\r
272 //\r
273 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r
274 //\r
275 Status = GetNumber (\r
276 L"--packet-flag",\r
277 (UINT8) -1,\r
278 &(*Data)->PackageFlag,\r
279 sizeof (UINT32),\r
280 NULL,\r
281 ParamPackage,\r
282 FORMAT_NUMBER\r
283 );\r
284 if (!EFI_ERROR (Status)) {\r
285 *Mask |= PACKET_FLAG;\r
286 }\r
287\r
288 if (Status == EFI_INVALID_PARAMETER) {\r
289 ReturnStatus = EFI_INVALID_PARAMETER;\r
290 }\r
291\r
292 //\r
293 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r
294 //\r
295 Status = GetNumber (\r
296 L"--action",\r
297 (UINT8) -1,\r
298 &(*Data)->Action,\r
299 sizeof (UINT32),\r
300 mMapIpSecAction,\r
301 ParamPackage,\r
302 FORMAT_STRING\r
303 );\r
304 if (!EFI_ERROR (Status)) {\r
305 *Mask |= ACTION;\r
306 }\r
307\r
308 if (Status == EFI_INVALID_PARAMETER) {\r
309 ReturnStatus = EFI_INVALID_PARAMETER;\r
310 }\r
311\r
312 //\r
313 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r
314 //\r
315 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r
316 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r
317 *Mask |= EXT_SEQUENCE;\r
318 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r
319 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r
320 *Mask |= EXT_SEQUENCE;\r
321 }\r
322\r
323 //\r
324 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r
325 //\r
326 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r
327 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r
328 *Mask |= SEQUENCE_OVERFLOW;\r
329 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r
330 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r
331 *Mask |= SEQUENCE_OVERFLOW;\r
332 }\r
333\r
334 //\r
335 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r
336 //\r
337 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r
338 (*Data)->ProcessingPolicy->FragCheck = TRUE;\r
339 *Mask |= FRAGMENT_CHECK;\r
340 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r
341 (*Data)->ProcessingPolicy->FragCheck = FALSE;\r
342 *Mask |= FRAGMENT_CHECK;\r
343 }\r
344\r
345 //\r
346 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r
347 //\r
348 Status = GetNumber (\r
349 L"--lifebyte",\r
350 (UINT64) -1,\r
351 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r
352 sizeof (UINT64),\r
353 NULL,\r
354 ParamPackage,\r
355 FORMAT_NUMBER\r
356 );\r
357 if (!EFI_ERROR (Status)) {\r
358 *Mask |= LIFEBYTE;\r
359 }\r
360\r
361 if (Status == EFI_INVALID_PARAMETER) {\r
362 ReturnStatus = EFI_INVALID_PARAMETER;\r
363 }\r
364\r
365 Status = GetNumber (\r
366 L"--lifetime",\r
367 (UINT64) -1,\r
368 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r
369 sizeof (UINT64),\r
370 NULL,\r
371 ParamPackage,\r
372 FORMAT_NUMBER\r
373 );\r
374 if (!EFI_ERROR (Status)) {\r
375 *Mask |= LIFETIME;\r
376 }\r
377 if (Status == EFI_INVALID_PARAMETER) {\r
378 ReturnStatus = EFI_INVALID_PARAMETER;\r
379 }\r
380\r
381 Status = GetNumber (\r
382 L"--lifetime-soft",\r
383 (UINT64) -1,\r
384 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r
385 sizeof (UINT64),\r
386 NULL,\r
387 ParamPackage,\r
388 FORMAT_NUMBER\r
389 );\r
390 if (!EFI_ERROR (Status)) {\r
391 *Mask |= LIFETIME_SOFT;\r
392 }\r
393\r
394 if (Status == EFI_INVALID_PARAMETER) {\r
395 ReturnStatus = EFI_INVALID_PARAMETER;\r
396 }\r
397\r
398 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r
399 Status = GetNumber (\r
400 L"--mode",\r
401 0,\r
402 &(*Data)->ProcessingPolicy->Mode,\r
403 sizeof (UINT32),\r
404 mMapIpSecMode,\r
405 ParamPackage,\r
406 FORMAT_STRING\r
407 );\r
408 if (!EFI_ERROR (Status)) {\r
409 *Mask |= MODE;\r
410 }\r
411\r
412 if (Status == EFI_INVALID_PARAMETER) {\r
413 ReturnStatus = EFI_INVALID_PARAMETER;\r
414 }\r
415\r
416 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r
417 if (ValueStr != NULL) {\r
418 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r
419 if (EFI_ERROR (Status)) {\r
420 ShellPrintHiiEx (\r
421 -1,\r
422 -1,\r
423 NULL,\r
424 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
425 mHiiHandle,\r
426 mAppName,\r
427 L"--tunnel-local",\r
428 ValueStr\r
429 );\r
430 ReturnStatus = EFI_INVALID_PARAMETER;\r
431 } else {\r
432 *Mask |= TUNNEL_LOCAL;\r
433 }\r
434 }\r
435\r
436 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r
437 if (ValueStr != NULL) {\r
438 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r
439 if (EFI_ERROR (Status)) {\r
440 ShellPrintHiiEx (\r
441 -1,\r
442 -1,\r
443 NULL,\r
444 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
445 mHiiHandle,\r
446 mAppName,\r
447 L"--tunnel-remote",\r
448 ValueStr\r
449 );\r
450 ReturnStatus = EFI_INVALID_PARAMETER;\r
451 } else {\r
452 *Mask |= TUNNEL_REMOTE;\r
453 }\r
454 }\r
455\r
456 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r
457 Status = GetNumber (\r
458 L"--dont-fragment",\r
459 0,\r
460 &(*Data)->ProcessingPolicy->TunnelOption->DF,\r
461 sizeof (UINT32),\r
462 mMapDfOption,\r
463 ParamPackage,\r
464 FORMAT_STRING\r
465 );\r
466 if (!EFI_ERROR (Status)) {\r
467 *Mask |= DONT_FRAGMENT;\r
468 }\r
469\r
470 if (Status == EFI_INVALID_PARAMETER) {\r
471 ReturnStatus = EFI_INVALID_PARAMETER;\r
472 }\r
473\r
474 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r
475 Status = GetNumber (\r
476 L"--ipsec-proto",\r
477 0,\r
478 &(*Data)->ProcessingPolicy->Proto,\r
479 sizeof (UINT32),\r
480 mMapIpSecProtocol,\r
481 ParamPackage,\r
482 FORMAT_STRING\r
483 );\r
484 if (!EFI_ERROR (Status)) {\r
485 *Mask |= IPSEC_PROTO;\r
486 }\r
487\r
488 if (Status == EFI_INVALID_PARAMETER) {\r
489 ReturnStatus = EFI_INVALID_PARAMETER;\r
490 }\r
491\r
492 Status = GetNumber (\r
493 L"--encrypt-algo",\r
494 0,\r
495 &(*Data)->ProcessingPolicy->EncAlgoId,\r
496 sizeof (UINT8),\r
497 mMapEncAlgo,\r
498 ParamPackage,\r
499 FORMAT_STRING\r
500 );\r
501 if (!EFI_ERROR (Status)) {\r
502 *Mask |= ENCRYPT_ALGO;\r
503 }\r
504\r
505 if (Status == EFI_INVALID_PARAMETER) {\r
506 ReturnStatus = EFI_INVALID_PARAMETER;\r
507 }\r
508\r
509 Status = GetNumber (\r
510 L"--auth-algo",\r
511 0,\r
512 &(*Data)->ProcessingPolicy->AuthAlgoId,\r
513 sizeof (UINT8),\r
514 mMapAuthAlgo,\r
515 ParamPackage,\r
516 FORMAT_STRING\r
517 );\r
518 if (!EFI_ERROR (Status)) {\r
519 *Mask |= AUTH_ALGO;\r
520 }\r
521\r
522 if (Status == EFI_INVALID_PARAMETER) {\r
523 ReturnStatus = EFI_INVALID_PARAMETER;\r
524 }\r
525\r
526 //\r
527 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r
528 //\r
529 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r
530 (*Data)->ProcessingPolicy->TunnelOption = NULL;\r
531 }\r
532\r
533 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r
534 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r
535 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r
536 if ((*Data)->Action != EfiIPsecActionProtect) {\r
537 //\r
538 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r
539 //\r
540 (*Data)->ProcessingPolicy = NULL;\r
541 }\r
542 }\r
543\r
544 if (CreateNew) {\r
545 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r
546 ShellPrintHiiEx (\r
547 -1,\r
548 -1,\r
549 NULL,\r
550 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
551 mHiiHandle,\r
552 mAppName,\r
553 L"--local --remote --proto --action"\r
554 );\r
555 ReturnStatus = EFI_INVALID_PARAMETER;\r
556 } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r
557 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r
558 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r
559 ShellPrintHiiEx (\r
560 -1,\r
561 -1,\r
562 NULL,\r
563 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
564 mHiiHandle,\r
565 mAppName,\r
566 L"--tunnel-local --tunnel-remote"\r
567 );\r
568 ReturnStatus = EFI_INVALID_PARAMETER;\r
569 }\r
570 }\r
571\r
572 return ReturnStatus;\r
573}\r
574\r
575/**\r
64b2d0e5 576 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.\r
a3bcde70
HT		 577\r
578 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 579 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70
HT		 580 @param[in] ParamPackage The pointer to the ParamPackage list.\r
581 @param[out] Mask The pointer to the Mask.\r
582 @param[in] CreateNew The switch to create new.\r
583\r
64b2d0e5 584 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.\r
a3bcde70
HT		 585 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
586\r
587**/\r
588EFI_STATUS\r
589CreateSadEntry (\r
590 OUT EFI_IPSEC_SA_ID **SaId,\r
64b2d0e5 591 OUT EFI_IPSEC_SA_DATA2 **Data,\r
a3bcde70
HT		 592 IN LIST_ENTRY *ParamPackage,\r
593 OUT UINT32 *Mask,\r
594 IN BOOLEAN CreateNew\r
595 )\r
596{\r
597 EFI_STATUS Status;\r
598 EFI_STATUS ReturnStatus;\r
599 UINTN AuthKeyLength;\r
600 UINTN EncKeyLength;\r
601 CONST CHAR16 *ValueStr;\r
64b2d0e5 602 CHAR8 *AsciiStr;\r
a3bcde70
HT		 603 UINTN DataSize;\r
604\r
605 Status = EFI_SUCCESS;\r
606 ReturnStatus = EFI_SUCCESS;\r
607 *Mask = 0;\r
608 AuthKeyLength = 0;\r
609 EncKeyLength = 0;\r
610\r
611 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r
612 ASSERT (*SaId != NULL);\r
613\r
614 //\r
615 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r
616 //\r
617 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r
618 if (!EFI_ERROR (Status)) {\r
619 *Mask |= SPI;\r
620 }\r
621\r
622 if (Status == EFI_INVALID_PARAMETER) {\r
623 ReturnStatus = EFI_INVALID_PARAMETER;\r
624 }\r
625\r
626 //\r
627 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r
628 //\r
629 Status = GetNumber (\r
630 L"--ipsec-proto",\r
631 0,\r
632 &(*SaId)->Proto,\r
633 sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r
634 mMapIpSecProtocol,\r
635 ParamPackage,\r
636 FORMAT_STRING\r
637 );\r
638 if (!EFI_ERROR (Status)) {\r
639 *Mask |= IPSEC_PROTO;\r
640 }\r
641\r
642 if (Status == EFI_INVALID_PARAMETER) {\r
643 ReturnStatus = EFI_INVALID_PARAMETER;\r
644 }\r
645\r
646 //\r
64b2d0e5 647 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.\r
a3bcde70
HT		 648 //\r
649 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
650 if (ValueStr != NULL) {\r
64b2d0e5 651 AuthKeyLength = StrLen (ValueStr);\r
a3bcde70
HT		 652 }\r
653\r
654 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
655 if (ValueStr != NULL) {\r
64b2d0e5 656 EncKeyLength = StrLen (ValueStr);\r
a3bcde70
HT		 657 }\r
658\r
659 //\r
64b2d0e5 660 // EFI_IPSEC_SA_DATA2:\r
a3bcde70 661 // +------------\r
64b2d0e5 662 // | EFI_IPSEC_SA_DATA2\r
a3bcde70
HT		 663 // +-----------------------\r
664 // | AuthKey\r
665 // +-------------------------\r
666 // | EncKey\r
667 // +-------------------------\r
668 // | SpdSelector\r
669 //\r
670 // Notes: To make sure the address alignment add padding after each data if needed.\r
671 //\r
64b2d0e5 672 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r
a3bcde70
HT		 673 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r
674 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r
675 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r
676 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r
677 DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r
678\r
679\r
680\r
681 *Data = AllocateZeroPool (DataSize);\r
682 ASSERT (*Data != NULL);\r
683\r
684 (*Data)->ManualSet = TRUE;\r
685 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r
686 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
687 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r
688 sizeof (UINTN)\r
689 );\r
690 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r
691 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r
692 sizeof (UINTN)\r
693 );\r
694 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
695 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r
696 sizeof (UINTN));\r
697 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
698 (*Data)->SpdSelector->LocalAddress + 1,\r
699 sizeof (UINTN)\r
700 );\r
701\r
702 (*Data)->Mode = EfiIPsecTransport;\r
703 Status = GetNumber (\r
704 L"--mode",\r
705 0,\r
706 &(*Data)->Mode,\r
707 sizeof (EFI_IPSEC_MODE),\r
708 mMapIpSecMode,\r
709 ParamPackage,\r
710 FORMAT_STRING\r
711 );\r
712 if (!EFI_ERROR (Status)) {\r
713 *Mask |= MODE;\r
714 }\r
715\r
716 if (Status == EFI_INVALID_PARAMETER) {\r
717 ReturnStatus = EFI_INVALID_PARAMETER;\r
718 }\r
719\r
720 //\r
721 // According to RFC 4303-3.3.3. The first packet sent using a given SA\r
722 // will contain a sequence number of 1.\r
723 //\r
724 (*Data)->SNCount = 1;\r
725 Status = GetNumber (\r
726 L"--sequence-number",\r
727 (UINT64) -1,\r
728 &(*Data)->SNCount,\r
729 sizeof (UINT64),\r
730 NULL,\r
731 ParamPackage,\r
732 FORMAT_NUMBER\r
733 );\r
734 if (!EFI_ERROR (Status)) {\r
735 *Mask |= SEQUENCE_NUMBER;\r
736 }\r
737\r
738 if (Status == EFI_INVALID_PARAMETER) {\r
739 ReturnStatus = EFI_INVALID_PARAMETER;\r
740 }\r
741\r
742 (*Data)->AntiReplayWindows = 0;\r
743 Status = GetNumber (\r
744 L"--antireplay-window",\r
745 (UINT8) -1,\r
746 &(*Data)->AntiReplayWindows,\r
747 sizeof (UINT8),\r
748 NULL,\r
749 ParamPackage,\r
750 FORMAT_NUMBER\r
751 );\r
752 if (!EFI_ERROR (Status)) {\r
753 *Mask |= SEQUENCE_NUMBER;\r
754 }\r
755\r
756 if (Status == EFI_INVALID_PARAMETER) {\r
757 ReturnStatus = EFI_INVALID_PARAMETER;\r
758 }\r
759\r
760 Status = GetNumber (\r
761 L"--encrypt-algo",\r
762 0,\r
763 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r
764 sizeof (UINT8),\r
765 mMapEncAlgo,\r
766 ParamPackage,\r
767 FORMAT_STRING\r
768 );\r
769 if (!EFI_ERROR (Status)) {\r
770 *Mask |= ENCRYPT_ALGO;\r
771 }\r
772\r
773 if (Status == EFI_INVALID_PARAMETER) {\r
774 ReturnStatus = EFI_INVALID_PARAMETER;\r
775 }\r
776\r
777 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
778 if (ValueStr != NULL ) {\r
779 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r
64b2d0e5 780 AsciiStr = AllocateZeroPool (EncKeyLength + 1);\r
7a49cd08 781 ASSERT (AsciiStr != NULL);\r
b9679cd7 782 UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);\r
64b2d0e5 783 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);\r
784 FreePool (AsciiStr);\r
a3bcde70
HT		 785 *Mask |= ENCRYPT_KEY;\r
786 } else {\r
787 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r
788 }\r
789\r
790 Status = GetNumber (\r
791 L"--auth-algo",\r
792 0,\r
793 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r
794 sizeof (UINT8),\r
795 mMapAuthAlgo,\r
796 ParamPackage,\r
797 FORMAT_STRING\r
798 );\r
799 if (!EFI_ERROR (Status)) {\r
800 *Mask |= AUTH_ALGO;\r
801 }\r
802\r
803 if (Status == EFI_INVALID_PARAMETER) {\r
804 ReturnStatus = EFI_INVALID_PARAMETER;\r
805 }\r
806\r
807 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
808 if (ValueStr != NULL) {\r
809 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r
64b2d0e5 810 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);\r
bef3fd0c 811 ASSERT (AsciiStr != NULL);\r
b9679cd7 812 UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);\r
64b2d0e5 813 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);\r
814 FreePool (AsciiStr);\r
a3bcde70
HT		 815 *Mask |= AUTH_KEY;\r
816 } else {\r
817 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r
818 }\r
819\r
820 Status = GetNumber (\r
821 L"--lifebyte",\r
822 (UINT64) -1,\r
823 &(*Data)->SaLifetime.ByteCount,\r
824 sizeof (UINT64),\r
825 NULL,\r
826 ParamPackage,\r
827 FORMAT_NUMBER\r
828 );\r
829 if (!EFI_ERROR (Status)) {\r
830 *Mask |= LIFEBYTE;\r
831 }\r
832\r
833 if (Status == EFI_INVALID_PARAMETER) {\r
834 ReturnStatus = EFI_INVALID_PARAMETER;\r
835 }\r
836\r
837 Status = GetNumber (\r
838 L"--lifetime",\r
839 (UINT64) -1,\r
840 &(*Data)->SaLifetime.HardLifetime,\r
841 sizeof (UINT64),\r
842 NULL,\r
843 ParamPackage,\r
844 FORMAT_NUMBER\r
845 );\r
846 if (!EFI_ERROR (Status)) {\r
847 *Mask |= LIFETIME;\r
848 }\r
849\r
850 if (Status == EFI_INVALID_PARAMETER) {\r
851 ReturnStatus = EFI_INVALID_PARAMETER;\r
852 }\r
853\r
854 Status = GetNumber (\r
855 L"--lifetime-soft",\r
856 (UINT64) -1,\r
857 &(*Data)->SaLifetime.SoftLifetime,\r
858 sizeof (UINT64),\r
859 NULL,\r
860 ParamPackage,\r
861 FORMAT_NUMBER\r
862 );\r
863 if (!EFI_ERROR (Status)) {\r
864 *Mask |= LIFETIME_SOFT;\r
865 }\r
866\r
867 if (Status == EFI_INVALID_PARAMETER) {\r
868 ReturnStatus = EFI_INVALID_PARAMETER;\r
869 }\r
870\r
871 Status = GetNumber (\r
872 L"--path-mtu",\r
873 (UINT32) -1,\r
874 &(*Data)->PathMTU,\r
875 sizeof (UINT32),\r
876 NULL,\r
877 ParamPackage,\r
878 FORMAT_NUMBER\r
879 );\r
880 if (!EFI_ERROR (Status)) {\r
881 *Mask |= PATH_MTU;\r
882 }\r
883\r
884 if (Status == EFI_INVALID_PARAMETER) {\r
885 ReturnStatus = EFI_INVALID_PARAMETER;\r
886 }\r
887\r
64b2d0e5 888 //\r
889 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
890 //\r
891 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");\r
892 if (ValueStr != NULL) {\r
893 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);\r
894 if (EFI_ERROR (Status)) {\r
895 ShellPrintHiiEx (\r
896 -1,\r
897 -1,\r
898 NULL,\r
899 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
900 mHiiHandle,\r
901 mAppName,\r
902 L"--tunnel-dest",\r
903 ValueStr\r
904 );\r
905 ReturnStatus = EFI_INVALID_PARAMETER;\r
906 } else {\r
907 *Mask |= DEST;\r
908 }\r
909 }\r
910\r
911 //\r
da7c529c 912 // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
64b2d0e5 913 //\r
914 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");\r
915 if (ValueStr != NULL) {\r
916 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);\r
917 if (EFI_ERROR (Status)) {\r
918 ShellPrintHiiEx (\r
919 -1,\r
920 -1,\r
921 NULL,\r
922 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
923 mHiiHandle,\r
924 mAppName,\r
925 L"--tunnel-source",\r
926 ValueStr\r
927 );\r
928 ReturnStatus = EFI_INVALID_PARAMETER;\r
929 } else {\r
930 *Mask |= SOURCE;\r
931 }\r
932 }\r
da7c529c 933\r
934 //\r
935 // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set\r
936 //\r
937 if ((*Data)->Mode == EfiIPsecTunnel) {\r
938 if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {\r
939 ShellPrintHiiEx (\r
940 -1,\r
941 -1,\r
942 NULL,\r
943 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
944 mHiiHandle,\r
945 mAppName,\r
946 L"--tunnel-source --tunnel-dest"\r
947 );\r
948 ReturnStatus = EFI_INVALID_PARAMETER;\r
949 }\r
950 }\r
a3bcde70
HT		 951 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r
952\r
953 if (CreateNew) {\r
da7c529c 954 if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {\r
a3bcde70
HT		 955 ShellPrintHiiEx (\r
956 -1,\r
957 -1,\r
958 NULL,\r
959 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
960 mHiiHandle,\r
961 mAppName,\r
da7c529c 962 L"--spi --ipsec-proto --local --remote"\r
a3bcde70
HT		 963 );\r
964 ReturnStatus = EFI_INVALID_PARAMETER;\r
965 } else {\r
966 if ((*SaId)->Proto == EfiIPsecAH) {\r
967 if ((*Mask & AUTH_ALGO) == 0) {\r
968 ShellPrintHiiEx (\r
969 -1,\r
970 -1,\r
971 NULL,\r
972 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
973 mHiiHandle,\r
974 mAppName,\r
975 L"--auth-algo"\r
976 );\r
977 ReturnStatus = EFI_INVALID_PARAMETER;\r
780847d1 978 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
a3bcde70
HT		 979 ShellPrintHiiEx (\r
980 -1,\r
981 -1,\r
982 NULL,\r
983 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
984 mHiiHandle,\r
985 mAppName,\r
986 L"--auth-key"\r
987 );\r
988 ReturnStatus = EFI_INVALID_PARAMETER;\r
989 }\r
990 } else {\r
da7c529c 991 if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {\r
a3bcde70
HT		 992 ShellPrintHiiEx (\r
993 -1,\r
994 -1,\r
995 NULL,\r
996 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
997 mHiiHandle,\r
998 mAppName,\r
da7c529c 999 L"--encrypt-algo --auth-algo"\r
a3bcde70
HT		 1000 );\r
1001 ReturnStatus = EFI_INVALID_PARAMETER;\r
780847d1 1002 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r
a3bcde70
HT		 1003 ShellPrintHiiEx (\r
1004 -1,\r
1005 -1,\r
1006 NULL,\r
1007 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1008 mHiiHandle,\r
1009 mAppName,\r
1010 L"--encrypt-key"\r
1011 );\r
1012 ReturnStatus = EFI_INVALID_PARAMETER;\r
da7c529c 1013 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
1014 ShellPrintHiiEx (\r
1015 -1,\r
1016 -1,\r
1017 NULL,\r
1018 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1019 mHiiHandle,\r
1020 mAppName,\r
1021 L"--auth-key"\r
1022 );\r
1023 ReturnStatus = EFI_INVALID_PARAMETER;\r
a3bcde70
HT		 1024 }\r
1025 }\r
1026 }\r
1027 }\r
1028\r
1029 return ReturnStatus;\r
1030}\r
1031\r
1032/**\r
1033 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r
1034\r
1035 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1036 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1037 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1038 @param[out] Mask The pointer to the Mask.\r
1039 @param[in] CreateNew The switch to create new.\r
1040\r
1041 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r
1042 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1043\r
1044**/\r
1045EFI_STATUS\r
1046CreatePadEntry (\r
1047 OUT EFI_IPSEC_PAD_ID **PadId,\r
1048 OUT EFI_IPSEC_PAD_DATA **Data,\r
1049 IN LIST_ENTRY *ParamPackage,\r
1050 OUT UINT32 *Mask,\r
1051 IN BOOLEAN CreateNew\r
1052 )\r
1053{\r
1054 EFI_STATUS Status;\r
1055 EFI_STATUS ReturnStatus;\r
780847d1 1056 SHELL_FILE_HANDLE FileHandle;\r
a3bcde70
HT		 1057 UINT64 FileSize;\r
1058 UINTN AuthDataLength;\r
1059 UINTN RevocationDataLength;\r
1060 UINTN DataLength;\r
1061 UINTN Index;\r
1062 CONST CHAR16 *ValueStr;\r
1063 UINTN DataSize;\r
1064\r
1065 Status = EFI_SUCCESS;\r
1066 ReturnStatus = EFI_SUCCESS;\r
1067 *Mask = 0;\r
1068 AuthDataLength = 0;\r
1069 RevocationDataLength = 0;\r
1070\r
1071 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r
1072 ASSERT (*PadId != NULL);\r
1073\r
1074 //\r
1075 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r
1076 //\r
1077 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r
1078 if (ValueStr != NULL) {\r
1079 (*PadId)->PeerIdValid = FALSE;\r
1080 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r
1081 if (EFI_ERROR (Status)) {\r
1082 ShellPrintHiiEx (\r
1083 -1,\r
1084 -1,\r
1085 NULL,\r
1086 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
1087 mHiiHandle,\r
1088 mAppName,\r
1089 L"--peer-address",\r
1090 ValueStr\r
1091 );\r
1092 ReturnStatus = EFI_INVALID_PARAMETER;\r
1093 } else {\r
1094 *Mask |= PEER_ADDRESS;\r
1095 }\r
1096 }\r
1097\r
1098 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r
1099 if (ValueStr != NULL) {\r
1100 (*PadId)->PeerIdValid = TRUE;\r
c960bdc2 1101 StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);\r
a3bcde70
HT		 1102 *Mask |= PEER_ID;\r
1103 }\r
1104\r
1105 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1106 if (ValueStr != NULL) {\r
1107 if (ValueStr[0] == L'@') {\r
1108 //\r
1109 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1110 //\r
1111 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1112 if (EFI_ERROR (Status)) {\r
1113 ShellPrintHiiEx (\r
1114 -1,\r
1115 -1,\r
1116 NULL,\r
1117 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1118 mHiiHandle,\r
1119 mAppName,\r
1120 &ValueStr[1]\r
1121 );\r
1122 ReturnStatus = EFI_INVALID_PARAMETER;\r
1123 } else {\r
1124 Status = ShellGetFileSize (FileHandle, &FileSize);\r
1125 ShellCloseFile (&FileHandle);\r
1126 if (EFI_ERROR (Status)) {\r
1127 ShellPrintHiiEx (\r
1128 -1,\r
1129 -1,\r
1130 NULL,\r
1131 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1132 mHiiHandle,\r
1133 mAppName,\r
1134 &ValueStr[1]\r
1135 );\r
1136 ReturnStatus = EFI_INVALID_PARAMETER;\r
1137 } else {\r
1138 AuthDataLength = (UINTN) FileSize;\r
1139 }\r
1140 }\r
1141 } else {\r
1142 AuthDataLength = StrLen (ValueStr);\r
1143 }\r
1144 }\r
1145\r
1146 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1147 if (ValueStr != NULL) {\r
1148 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
1149 }\r
1150\r
1151 //\r
1152 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r
1153 // in different Arch.\r
1154 //\r
1155 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r
1156 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r
1157 DataSize += RevocationDataLength;\r
1158\r
1159 *Data = AllocateZeroPool (DataSize);\r
1160 ASSERT (*Data != NULL);\r
1161\r
1162 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r
1163 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r
1164 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r
1165\r
1166 //\r
1167 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r
1168 //\r
1169 Status = GetNumber (\r
1170 L"--auth-proto",\r
1171 0,\r
1172 &(*Data)->AuthProtocol,\r
1173 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r
1174 mMapAuthProto,\r
1175 ParamPackage,\r
1176 FORMAT_STRING\r
1177 );\r
1178 if (!EFI_ERROR (Status)) {\r
1179 *Mask |= AUTH_PROTO;\r
1180 }\r
1181\r
1182 if (Status == EFI_INVALID_PARAMETER) {\r
1183 ReturnStatus = EFI_INVALID_PARAMETER;\r
1184 }\r
1185\r
1186 Status = GetNumber (\r
1187 L"--auth-method",\r
1188 0,\r
1189 &(*Data)->AuthMethod,\r
1190 sizeof (EFI_IPSEC_AUTH_METHOD),\r
1191 mMapAuthMethod,\r
1192 ParamPackage,\r
1193 FORMAT_STRING\r
1194 );\r
1195 if (!EFI_ERROR (Status)) {\r
1196 *Mask |= AUTH_METHOD;\r
1197 }\r
1198\r
1199 if (Status == EFI_INVALID_PARAMETER) {\r
1200 ReturnStatus = EFI_INVALID_PARAMETER;\r
1201 }\r
1202\r
1203 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r
1204 (*Data)->IkeIdFlag = TRUE;\r
1205 *Mask |= IKE_ID;\r
1206 }\r
1207\r
1208 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r
1209 (*Data)->IkeIdFlag = FALSE;\r
1210 *Mask |= IKE_ID;\r
1211 }\r
1212\r
1213 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1214 if (ValueStr != NULL) {\r
1215 if (ValueStr[0] == L'@') {\r
1216 //\r
1217 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1218 //\r
1219\r
1220 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1221 if (EFI_ERROR (Status)) {\r
1222 ShellPrintHiiEx (\r
1223 -1,\r
1224 -1,\r
1225 NULL,\r
1226 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1227 mHiiHandle,\r
1228 mAppName,\r
1229 &ValueStr[1]\r
1230 );\r
1231 ReturnStatus = EFI_INVALID_PARAMETER;\r
1232 (*Data)->AuthData = NULL;\r
1233 } else {\r
1234 DataLength = AuthDataLength;\r
64b2d0e5 1235 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r
a3bcde70
HT		 1236 ShellCloseFile (&FileHandle);\r
1237 if (EFI_ERROR (Status)) {\r
1238 ShellPrintHiiEx (\r
1239 -1,\r
1240 -1,\r
1241 NULL,\r
1242 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1243 mHiiHandle,\r
1244 mAppName,\r
1245 &ValueStr[1]\r
1246 );\r
1247 ReturnStatus = EFI_INVALID_PARAMETER;\r
1248 (*Data)->AuthData = NULL;\r
1249 } else {\r
1250 ASSERT (DataLength == AuthDataLength);\r
1251 *Mask |= AUTH_DATA;\r
1252 }\r
1253 }\r
1254 } else {\r
1255 for (Index = 0; Index < AuthDataLength; Index++) {\r
1256 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r
1257 }\r
1258 (*Data)->AuthDataSize = AuthDataLength;\r
1259 *Mask |= AUTH_DATA;\r
1260 }\r
1261 }\r
1262\r
1263 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1264 if (ValueStr != NULL) {\r
1265 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r
1266 (*Data)->RevocationDataSize = RevocationDataLength;\r
1267 *Mask |= REVOCATION_DATA;\r
1268 } else {\r
1269 (*Data)->RevocationData = NULL;\r
1270 }\r
1271\r
1272 if (CreateNew) {\r
1273 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1274 ShellPrintHiiEx (\r
1275 -1,\r
1276 -1,\r
1277 NULL,\r
1278 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1279 mHiiHandle,\r
1280 mAppName,\r
1281 L"--peer-id --peer-address"\r
1282 );\r
1283 ReturnStatus = EFI_INVALID_PARAMETER;\r
1284 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r
1285 ShellPrintHiiEx (\r
1286 -1,\r
1287 -1,\r
1288 NULL,\r
1289 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1290 mHiiHandle,\r
1291 mAppName,\r
1292 L"--auth-method --auth-data"\r
1293 );\r
1294 ReturnStatus = EFI_INVALID_PARAMETER;\r
1295 }\r
1296 }\r
1297\r
1298 return ReturnStatus;\r
1299}\r
1300\r
1301CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r
1302 (CREATE_POLICY_ENTRY) CreateSpdEntry,\r
1303 (CREATE_POLICY_ENTRY) CreateSadEntry,\r
1304 (CREATE_POLICY_ENTRY) CreatePadEntry\r
1305};\r
1306\r
1307/**\r
1308 Combine old SPD entry with new SPD entry.\r
1309\r
1310 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1311 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1312 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1313 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1314 @param[in] Mask The pointer to the Mask.\r
1315 @param[out] CreateNew The switch to create new.\r
1316\r
1317 @retval EFI_SUCCESS Combined successfully.\r
1318 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1319\r
1320**/\r
1321EFI_STATUS\r
1322CombineSpdEntry (\r
1323 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r
1324 IN OUT EFI_IPSEC_SPD_DATA *OldData,\r
1325 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r
1326 IN EFI_IPSEC_SPD_DATA *NewData,\r
1327 IN UINT32 Mask,\r
1328 OUT BOOLEAN *CreateNew\r
1329 )\r
1330{\r
1331\r
1332 //\r
1333 // Process Selector\r
1334 //\r
1335 *CreateNew = FALSE;\r
1336 if ((Mask & LOCAL) == 0) {\r
1337 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r
1338 NewSelector->LocalAddress = OldSelector->LocalAddress;\r
1339 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r
1340 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1341 *CreateNew = TRUE;\r
1342 }\r
1343\r
1344 if ((Mask & REMOTE) == 0) {\r
1345 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r
1346 NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r
1347 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r
1348 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1349 *CreateNew = TRUE;\r
1350 }\r
1351\r
1352 if ((Mask & PROTO) == 0) {\r
1353 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r
1354 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r
1355 *CreateNew = TRUE;\r
1356 }\r
1357\r
1358 switch (NewSelector->NextLayerProtocol) {\r
1359 case EFI_IP4_PROTO_TCP:\r
1360 case EFI_IP4_PROTO_UDP:\r
1361 if ((Mask & LOCAL_PORT) == 0) {\r
1362 NewSelector->LocalPort = OldSelector->LocalPort;\r
1363 NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r
1364 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r
1365 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r
1366 *CreateNew = TRUE;\r
1367 }\r
1368\r
1369 if ((Mask & REMOTE_PORT) == 0) {\r
1370 NewSelector->RemotePort = OldSelector->RemotePort;\r
1371 NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r
1372 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r
1373 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r
1374 *CreateNew = TRUE;\r
1375 }\r
1376 break;\r
1377\r
1378 case EFI_IP4_PROTO_ICMP:\r
1379 if ((Mask & ICMP_TYPE) == 0) {\r
1380 NewSelector->LocalPort = OldSelector->LocalPort;\r
1381 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r
1382 *CreateNew = TRUE;\r
1383 }\r
1384\r
1385 if ((Mask & ICMP_CODE) == 0) {\r
1386 NewSelector->RemotePort = OldSelector->RemotePort;\r
1387 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r
1388 *CreateNew = TRUE;\r
1389 }\r
1390 break;\r
1391 }\r
1392 //\r
1393 // Process Data\r
1394 //\r
a51896e4
JW		 1395 OldData->SaIdCount = 0;\r
1396\r
a3bcde70 1397 if ((Mask & NAME) != 0) {\r
c960bdc2 1398 AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);\r
a3bcde70
HT		 1399 }\r
1400\r
1401 if ((Mask & PACKET_FLAG) != 0) {\r
1402 OldData->PackageFlag = NewData->PackageFlag;\r
1403 }\r
1404\r
1405 if ((Mask & ACTION) != 0) {\r
1406 OldData->Action = NewData->Action;\r
1407 }\r
1408\r
1409 if (OldData->Action != EfiIPsecActionProtect) {\r
1410 OldData->ProcessingPolicy = NULL;\r
1411 } else {\r
1412 //\r
1413 // Protect\r
1414 //\r
1415 if (OldData->ProcessingPolicy == NULL) {\r
1416 //\r
1417 // Just point to new data if originally NULL.\r
1418 //\r
1419 OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r
1420 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r
1421 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r
1422 ) {\r
1423 //\r
1424 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r
1425 //\r
1426 ShellPrintHiiEx (\r
1427 -1,\r
1428 -1,\r
1429 NULL,\r
1430 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1431 mHiiHandle,\r
1432 mAppName,\r
1433 L"--tunnel-local --tunnel-remote"\r
1434 );\r
1435 return EFI_INVALID_PARAMETER;\r
1436 }\r
1437 } else {\r
1438 //\r
1439 // Modify some of the data.\r
1440 //\r
1441 if ((Mask & EXT_SEQUENCE) != 0) {\r
1442 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r
1443 }\r
1444\r
1445 if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r
1446 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r
1447 }\r
1448\r
1449 if ((Mask & FRAGMENT_CHECK) != 0) {\r
1450 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r
1451 }\r
1452\r
1453 if ((Mask & LIFEBYTE) != 0) {\r
1454 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r
1455 }\r
1456\r
1457 if ((Mask & LIFETIME_SOFT) != 0) {\r
1458 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r
1459 }\r
1460\r
1461 if ((Mask & LIFETIME) != 0) {\r
1462 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r
1463 }\r
1464\r
1465 if ((Mask & MODE) != 0) {\r
1466 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r
1467 }\r
1468\r
1469 if ((Mask & IPSEC_PROTO) != 0) {\r
1470 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r
1471 }\r
1472\r
1473 if ((Mask & AUTH_ALGO) != 0) {\r
1474 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r
1475 }\r
1476\r
1477 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1478 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r
1479 }\r
1480\r
1481 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r
1482 OldData->ProcessingPolicy->TunnelOption = NULL;\r
1483 } else {\r
1484 if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r
1485 //\r
1486 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r
1487 //\r
1488 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r
1489 ShellPrintHiiEx (\r
1490 -1,\r
1491 -1,\r
1492 NULL,\r
1493 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1494 mHiiHandle,\r
1495 mAppName,\r
1496 L"--tunnel-local --tunnel-remote"\r
1497 );\r
1498 return EFI_INVALID_PARAMETER;\r
1499 }\r
1500\r
1501 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r
1502 } else {\r
1503 if ((Mask & TUNNEL_LOCAL) != 0) {\r
1504 CopyMem (\r
1505 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1506 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1507 sizeof (EFI_IP_ADDRESS)\r
1508 );\r
1509 }\r
1510\r
1511 if ((Mask & TUNNEL_REMOTE) != 0) {\r
1512 CopyMem (\r
1513 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1514 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1515 sizeof (EFI_IP_ADDRESS)\r
1516 );\r
1517 }\r
1518\r
1519 if ((Mask & DONT_FRAGMENT) != 0) {\r
1520 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r
1521 }\r
1522 }\r
1523 }\r
1524 }\r
1525 }\r
1526\r
1527 return EFI_SUCCESS;\r
1528}\r
1529\r
1530/**\r
1531 Combine old SAD entry with new SAD entry.\r
1532\r
1533 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 1534 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70 1535 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
64b2d0e5 1536 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
a3bcde70
HT		 1537 @param[in] Mask The pointer to the Mask.\r
1538 @param[out] CreateNew The switch to create new.\r
1539\r
1540 @retval EFI_SUCCESS Combined successfully.\r
1541 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1542\r
1543**/\r
1544EFI_STATUS\r
1545CombineSadEntry (\r
1546 IN OUT EFI_IPSEC_SA_ID *OldSaId,\r
686d4d4a 1547 IN OUT EFI_IPSEC_SA_DATA2 *OldData,\r
a3bcde70 1548 IN EFI_IPSEC_SA_ID *NewSaId,\r
686d4d4a 1549 IN EFI_IPSEC_SA_DATA2 *NewData,\r
a3bcde70
HT		 1550 IN UINT32 Mask,\r
1551 OUT BOOLEAN *CreateNew\r
1552 )\r
1553{\r
1554\r
1555 *CreateNew = FALSE;\r
1556\r
1557 if ((Mask & SPI) == 0) {\r
1558 NewSaId->Spi = OldSaId->Spi;\r
1559 } else if (NewSaId->Spi != OldSaId->Spi) {\r
1560 *CreateNew = TRUE;\r
1561 }\r
1562\r
1563 if ((Mask & IPSEC_PROTO) == 0) {\r
1564 NewSaId->Proto = OldSaId->Proto;\r
1565 } else if (NewSaId->Proto != OldSaId->Proto) {\r
1566 *CreateNew = TRUE;\r
1567 }\r
1568\r
1569 if ((Mask & DEST) == 0) {\r
64b2d0e5 1570 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));\r
1571 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
a3bcde70
HT		 1572 *CreateNew = TRUE;\r
1573 }\r
1574\r
64b2d0e5 1575 if ((Mask & SOURCE) == 0) {\r
1576 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));\r
1577 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
1578 *CreateNew = TRUE;\r
1579 }\r
a3bcde70
HT		 1580 //\r
1581 // Process SA_DATA.\r
1582 //\r
1583 if ((Mask & MODE) != 0) {\r
1584 OldData->Mode = NewData->Mode;\r
1585 }\r
1586\r
1587 if ((Mask & SEQUENCE_NUMBER) != 0) {\r
1588 OldData->SNCount = NewData->SNCount;\r
1589 }\r
1590\r
1591 if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r
1592 OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r
1593 }\r
1594\r
1595 if ((Mask & AUTH_ALGO) != 0) {\r
1596 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
1597 }\r
1598\r
1599 if ((Mask & AUTH_KEY) != 0) {\r
1600 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r
1601 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
1602 }\r
1603\r
1604 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1605 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
1606 }\r
1607\r
1608 if ((Mask & ENCRYPT_KEY) != 0) {\r
1609 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r
1610 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
1611 }\r
1612\r
1613 if (NewSaId->Proto == EfiIPsecAH) {\r
1614 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r
1615 //\r
1616 // Should not provide encrypt_* if AH.\r
1617 //\r
1618 ShellPrintHiiEx (\r
1619 -1,\r
1620 -1,\r
1621 NULL,\r
1622 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r
1623 mHiiHandle,\r
1624 mAppName,\r
1625 L"--encrypt-algo --encrypt-key"\r
1626 );\r
1627 return EFI_INVALID_PARAMETER;\r
1628 }\r
1629 }\r
1630\r
1631 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r
1632 //\r
1633 // AH -> ESP\r
1634 // Should provide encrypt_algo at least.\r
1635 //\r
1636 if ((Mask & ENCRYPT_ALGO) == 0) {\r
1637 ShellPrintHiiEx (\r
1638 -1,\r
1639 -1,\r
1640 NULL,\r
1641 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1642 mHiiHandle,\r
1643 mAppName,\r
1644 L"--encrypt-algo"\r
1645 );\r
1646 return EFI_INVALID_PARAMETER;\r
1647 }\r
1648\r
1649 //\r
1650 // Encrypt_key should be provided if algorithm is not NONE.\r
1651 //\r
780847d1 1652 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r
a3bcde70
HT		 1653 ShellPrintHiiEx (\r
1654 -1,\r
1655 -1,\r
1656 NULL,\r
1657 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1658 mHiiHandle,\r
1659 mAppName,\r
1660 L"--encrypt-algo"\r
1661 );\r
1662 return EFI_INVALID_PARAMETER;\r
1663 }\r
1664 }\r
1665\r
1666 if ((Mask & LIFEBYTE) != 0) {\r
1667 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r
1668 }\r
1669\r
1670 if ((Mask & LIFETIME_SOFT) != 0) {\r
1671 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r
1672 }\r
1673\r
1674 if ((Mask & LIFETIME) != 0) {\r
1675 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r
1676 }\r
1677\r
1678 if ((Mask & PATH_MTU) != 0) {\r
1679 OldData->PathMTU = NewData->PathMTU;\r
1680 }\r
1681 //\r
1682 // Process SpdSelector.\r
1683 //\r
1684 if (OldData->SpdSelector == NULL) {\r
1685 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r
1686 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r
1687 ShellPrintHiiEx (\r
1688 -1,\r
1689 -1,\r
1690 NULL,\r
1691 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1692 mHiiHandle,\r
1693 mAppName,\r
1694 L"--local --remote --proto"\r
1695 );\r
1696 return EFI_INVALID_PARAMETER;\r
1697 }\r
1698\r
1699 OldData->SpdSelector = NewData->SpdSelector;\r
1700 }\r
1701 } else {\r
1702 if ((Mask & LOCAL) != 0) {\r
1703 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r
1704 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r
1705 }\r
1706\r
1707 if ((Mask & REMOTE) != 0) {\r
1708 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r
1709 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r
1710 }\r
1711\r
1712 if ((Mask & PROTO) != 0) {\r
1713 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r
1714 }\r
1715\r
1716 if (OldData->SpdSelector != NULL) {\r
1717 switch (OldData->SpdSelector->NextLayerProtocol) {\r
1718 case EFI_IP4_PROTO_TCP:\r
1719 case EFI_IP4_PROTO_UDP:\r
1720 if ((Mask & LOCAL_PORT) != 0) {\r
1721 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r
1722 }\r
1723\r
1724 if ((Mask & REMOTE_PORT) != 0) {\r
1725 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r
1726 }\r
1727 break;\r
1728\r
1729 case EFI_IP4_PROTO_ICMP:\r
1730 if ((Mask & ICMP_TYPE) != 0) {\r
1731 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r
1732 }\r
1733\r
1734 if ((Mask & ICMP_CODE) != 0) {\r
1735 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r
1736 }\r
1737 break;\r
1738 }\r
1739 }\r
1740 }\r
1741\r
1742 return EFI_SUCCESS;\r
1743}\r
1744\r
1745/**\r
1746 Combine old PAD entry with new PAD entry.\r
1747\r
1748 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1749 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1750 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1751 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1752 @param[in] Mask The pointer to the Mask.\r
1753 @param[out] CreateNew The switch to create new.\r
1754\r
1755 @retval EFI_SUCCESS Combined successfully.\r
1756 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1757\r
1758**/\r
1759EFI_STATUS\r
1760CombinePadEntry (\r
1761 IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r
1762 IN OUT EFI_IPSEC_PAD_DATA *OldData,\r
1763 IN EFI_IPSEC_PAD_ID *NewPadId,\r
1764 IN EFI_IPSEC_PAD_DATA *NewData,\r
1765 IN UINT32 Mask,\r
1766 OUT BOOLEAN *CreateNew\r
1767 )\r
1768{\r
1769\r
1770 *CreateNew = FALSE;\r
1771\r
1772 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1773 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r
1774 } else {\r
1775 if ((Mask & PEER_ID) != 0) {\r
1776 if (OldPadId->PeerIdValid) {\r
1777 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r
1778 *CreateNew = TRUE;\r
1779 }\r
1780 } else {\r
1781 *CreateNew = TRUE;\r
1782 }\r
1783 } else {\r
1784 //\r
1785 // MASK & PEER_ADDRESS\r
1786 //\r
1787 if (OldPadId->PeerIdValid) {\r
1788 *CreateNew = TRUE;\r
1789 } else {\r
1790 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r
1791 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r
1792 *CreateNew = TRUE;\r
1793 }\r
1794 }\r
1795 }\r
1796 }\r
1797\r
1798 if ((Mask & AUTH_PROTO) != 0) {\r
1799 OldData->AuthProtocol = NewData->AuthProtocol;\r
1800 }\r
1801\r
1802 if ((Mask & AUTH_METHOD) != 0) {\r
1803 OldData->AuthMethod = NewData->AuthMethod;\r
1804 }\r
1805\r
1806 if ((Mask & IKE_ID) != 0) {\r
1807 OldData->IkeIdFlag = NewData->IkeIdFlag;\r
1808 }\r
1809\r
1810 if ((Mask & AUTH_DATA) != 0) {\r
1811 OldData->AuthDataSize = NewData->AuthDataSize;\r
1812 OldData->AuthData = NewData->AuthData;\r
1813 }\r
1814\r
1815 if ((Mask & REVOCATION_DATA) != 0) {\r
1816 OldData->RevocationDataSize = NewData->RevocationDataSize;\r
1817 OldData->RevocationData = NewData->RevocationData;\r
1818 }\r
1819\r
1820 return EFI_SUCCESS;\r
1821}\r
1822\r
1823COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r
1824 (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r
1825 (COMBINE_POLICY_ENTRY) CombineSadEntry,\r
1826 (COMBINE_POLICY_ENTRY) CombinePadEntry\r
1827};\r
1828\r
1829/**\r
1830 Edit entry information in the database.\r
1831\r
1832 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1833 @param[in] Data The pointer to the data.\r
1834 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1835\r
1836 @retval EFI_SUCCESS Continue the iteration.\r
1837 @retval EFI_ABORTED Abort the iteration.\r
1838**/\r
1839EFI_STATUS\r
1840EditOperatePolicyEntry (\r
1841 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1842 IN VOID *Data,\r
1843 IN EDIT_POLICY_ENTRY_CONTEXT *Context\r
1844 )\r
1845{\r
1846 EFI_STATUS Status;\r
1847 BOOLEAN CreateNew;\r
1848\r
1849 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1850 ASSERT (Context->DataType < 3);\r
1851\r
1852 Status = mCombinePolicyEntry[Context->DataType] (\r
1853 Selector,\r
1854 Data,\r
1855 Context->Selector,\r
1856 Context->Data,\r
1857 Context->Mask,\r
1858 &CreateNew\r
1859 );\r
1860 if (!EFI_ERROR (Status)) {\r
a51896e4
JW		 1861 //\r
1862 // If the Selector already existed, this Entry will be updated by set data.\r
1863 //\r
1864 Status = mIpSecConfig->SetData (\r
1865 mIpSecConfig,\r
1866 Context->DataType,\r
1867 Context->Selector, /// New created selector.\r
1868 Data, /// Old date which has been modified, need to be set data.\r
1869 Selector\r
1870 );\r
1871 ASSERT_EFI_ERROR (Status);\r
f75a7f56 1872\r
a3bcde70
HT		 1873 if (CreateNew) {\r
1874 //\r
a51896e4 1875 // Edit the entry to a new one. So, we need delete the old entry.\r
a3bcde70
HT		 1876 //\r
1877 Status = mIpSecConfig->SetData (\r
1878 mIpSecConfig,\r
1879 Context->DataType,\r
a51896e4
JW		 1880 Selector, /// Old selector.\r
1881 NULL, /// NULL means to delete this Entry specified by Selector.\r
a3bcde70
HT		 1882 NULL\r
1883 );\r
1884 ASSERT_EFI_ERROR (Status);\r
a3bcde70
HT		 1885 }\r
1886 }\r
1887\r
1888 Context->Status = Status;\r
1889 return EFI_ABORTED;\r
1890 }\r
1891\r
1892 return EFI_SUCCESS;\r
1893}\r
1894\r
1895/**\r
1896 Edit entry information in database according to datatype.\r
1897\r
1898 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1899 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1900\r
1901 @retval EFI_SUCCESS Edit entry information successfully.\r
1902 @retval EFI_NOT_FOUND Can't find the specified entry.\r
1903 @retval Others Some mistaken case.\r
1904**/\r
1905EFI_STATUS\r
1906EditPolicyEntry (\r
1907 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
1908 IN LIST_ENTRY *ParamPackage\r
1909 )\r
1910{\r
1911 EFI_STATUS Status;\r
1912 EDIT_POLICY_ENTRY_CONTEXT Context;\r
1913 CONST CHAR16 *ValueStr;\r
1914\r
1915 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r
1916 if (ValueStr == NULL) {\r
1917 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
1918 return EFI_NOT_FOUND;\r
1919 }\r
1920\r
1921 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
1922 if (!EFI_ERROR (Status)) {\r
1923 Context.DataType = DataType;\r
1924 Context.Status = EFI_NOT_FOUND;\r
1925 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r
1926 if (!EFI_ERROR (Status)) {\r
1927 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r
1928 Status = Context.Status;\r
1929 }\r
1930\r
1931 if (Context.Selector != NULL) {\r
1932 gBS->FreePool (Context.Selector);\r
1933 }\r
1934\r
1935 if (Context.Data != NULL) {\r
1936 gBS->FreePool (Context.Data);\r
1937 }\r
1938 }\r
1939\r
1940 if (Status == EFI_NOT_FOUND) {\r
1941 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
1942 } else if (EFI_ERROR (Status)) {\r
1943 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r
1944 }\r
1945\r
1946 return Status;\r
1947\r
1948}\r
1949\r
1950/**\r
1951 Insert entry information in database.\r
1952\r
1953 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1954 @param[in] Data The pointer to the data.\r
1955 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1956\r
1957 @retval EFI_SUCCESS Continue the iteration.\r
1958 @retval EFI_ABORTED Abort the iteration.\r
1959**/\r
1960EFI_STATUS\r
1961InsertPolicyEntry (\r
1962 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1963 IN VOID *Data,\r
1964 IN INSERT_POLICY_ENTRY_CONTEXT *Context\r
1965 )\r
1966{\r
1967 //\r
1968 // Found the entry which we want to insert before.\r
1969 //\r
1970 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1971\r
1972 Context->Status = mIpSecConfig->SetData (\r
1973 mIpSecConfig,\r
1974 Context->DataType,\r
1975 Context->Selector,\r
1976 Context->Data,\r
1977 Selector\r
1978 );\r
1979 //\r
1980 // Abort the iteration after the insertion.\r
1981 //\r
1982 return EFI_ABORTED;\r
1983 }\r
1984\r
1985 return EFI_SUCCESS;\r
1986}\r
1987\r
1988/**\r
1989 Insert or add entry information in database according to datatype.\r
1990\r
1991 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1992 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1993\r
1994 @retval EFI_SUCCESS Insert or add entry information successfully.\r
1995 @retval EFI_NOT_FOUND Can't find the specified entry.\r
1996 @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r
1997 @retval EFI_UNSUPPORTED The operation is not supported.\r
1998 @retval Others Some mistaken case.\r
1999**/\r
2000EFI_STATUS\r
2001AddOrInsertPolicyEntry (\r
2002 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2003 IN LIST_ENTRY *ParamPackage\r
2004 )\r
2005{\r
2006 EFI_STATUS Status;\r
2007 EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
2008 VOID *Data;\r
2009 INSERT_POLICY_ENTRY_CONTEXT Context;\r
2010 UINT32 Mask;\r
2011 UINTN DataSize;\r
2012 CONST CHAR16 *ValueStr;\r
2013\r
2014 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r
2015 if (!EFI_ERROR (Status)) {\r
2016 //\r
2017 // Find if the Selector to be inserted already exists.\r
2018 //\r
2019 DataSize = 0;\r
2020 Status = mIpSecConfig->GetData (\r
2021 mIpSecConfig,\r
2022 DataType,\r
2023 Selector,\r
2024 &DataSize,\r
2025 NULL\r
2026 );\r
2027 if (Status == EFI_BUFFER_TOO_SMALL) {\r
2028 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r
2029 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
2030 Status = mIpSecConfig->SetData (\r
2031 mIpSecConfig,\r
2032 DataType,\r
2033 Selector,\r
2034 Data,\r
2035 NULL\r
2036 );\r
2037 } else {\r
2038 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r
2039 if (ValueStr == NULL) {\r
2040 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
2041 return EFI_NOT_FOUND;\r
2042 }\r
2043\r
2044 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
2045 if (!EFI_ERROR (Status)) {\r
2046 Context.DataType = DataType;\r
2047 Context.Status = EFI_NOT_FOUND;\r
2048 Context.Selector = Selector;\r
2049 Context.Data = Data;\r
2050\r
2051 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r
2052 Status = Context.Status;\r
2053 if (Status == EFI_NOT_FOUND) {\r
2054 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
2055 }\r
2056 }\r
2057 }\r
2058\r
2059 gBS->FreePool (Selector);\r
2060 gBS->FreePool (Data);\r
2061 }\r
2062\r
2063 if (Status == EFI_UNSUPPORTED) {\r
2064 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r
2065 } else if (EFI_ERROR (Status)) {\r
2066 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r
2067 }\r
2068\r
2069 return Status;\r
2070}\r
EFI Development Kit II mirror for PVE