Commit | Line | Data |
---|---|---|
a3bcde70 HT |
1 | /** @file\r |
2 | The implementation of policy entry operation function in IpSecConfig application.\r | |
3 | \r | |
f75a7f56 | 4 | Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r |
a3bcde70 | 5 | \r |
ecf98fbc | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
a3bcde70 HT |
7 | \r |
8 | **/\r | |
9 | \r | |
10 | #include "IpSecConfig.h"\r | |
11 | #include "Indexer.h"\r | |
12 | #include "Match.h"\r | |
13 | #include "Helper.h"\r | |
14 | #include "ForEach.h"\r | |
15 | #include "PolicyEntryOperation.h"\r | |
16 | \r | |
17 | /**\r | |
18 | Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r | |
19 | \r | |
20 | @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
21 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
76389e18 | 22 | @param[in, out] Mask The pointer to the Mask.\r |
a3bcde70 HT |
23 | \r |
24 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r | |
25 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
26 | \r | |
27 | **/\r | |
28 | EFI_STATUS\r | |
29 | CreateSpdSelector (\r | |
30 | OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r | |
31 | IN LIST_ENTRY *ParamPackage,\r | |
32 | IN OUT UINT32 *Mask\r | |
33 | )\r | |
34 | {\r | |
35 | EFI_STATUS Status;\r | |
36 | EFI_STATUS ReturnStatus;\r | |
37 | CONST CHAR16 *ValueStr;\r | |
38 | \r | |
39 | Status = EFI_SUCCESS;\r | |
40 | ReturnStatus = EFI_SUCCESS;\r | |
41 | \r | |
42 | //\r | |
43 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
44 | //\r | |
45 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r | |
46 | if (ValueStr != NULL) {\r | |
47 | Selector->LocalAddressCount = 1;\r | |
48 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r | |
49 | if (EFI_ERROR (Status)) {\r | |
50 | ShellPrintHiiEx (\r | |
51 | -1,\r | |
52 | -1,\r | |
53 | NULL,\r | |
54 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
55 | mHiiHandle,\r | |
56 | mAppName,\r | |
57 | L"--local",\r | |
58 | ValueStr\r | |
59 | );\r | |
60 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
61 | } else {\r | |
62 | *Mask |= LOCAL;\r | |
63 | }\r | |
64 | }\r | |
65 | \r | |
66 | //\r | |
67 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
68 | //\r | |
69 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r | |
70 | if (ValueStr != NULL) {\r | |
71 | Selector->RemoteAddressCount = 1;\r | |
72 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r | |
73 | if (EFI_ERROR (Status)) {\r | |
74 | ShellPrintHiiEx (\r | |
75 | -1,\r | |
76 | -1,\r | |
77 | NULL,\r | |
78 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
79 | mHiiHandle,\r | |
80 | mAppName,\r | |
81 | L"--remote",\r | |
82 | ValueStr\r | |
83 | );\r | |
84 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
85 | } else {\r | |
86 | *Mask |= REMOTE;\r | |
87 | }\r | |
88 | }\r | |
89 | \r | |
90 | Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r | |
91 | \r | |
92 | //\r | |
93 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
94 | //\r | |
95 | Status = GetNumber (\r | |
96 | L"--proto",\r | |
97 | (UINT16) -1,\r | |
98 | &Selector->NextLayerProtocol,\r | |
99 | sizeof (UINT16),\r | |
100 | mMapIpProtocol,\r | |
101 | ParamPackage,\r | |
102 | FORMAT_NUMBER | FORMAT_STRING\r | |
103 | );\r | |
104 | if (!EFI_ERROR (Status)) {\r | |
105 | *Mask |= PROTO;\r | |
106 | }\r | |
107 | \r | |
108 | if (Status == EFI_INVALID_PARAMETER) {\r | |
109 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
110 | }\r | |
111 | \r | |
112 | Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r | |
113 | Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r | |
114 | \r | |
115 | //\r | |
116 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
117 | //\r | |
118 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r | |
119 | if (ValueStr != NULL) {\r | |
120 | Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r | |
121 | if (EFI_ERROR (Status)) {\r | |
122 | ShellPrintHiiEx (\r | |
123 | -1,\r | |
124 | -1,\r | |
125 | NULL,\r | |
126 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
127 | mHiiHandle,\r | |
128 | mAppName,\r | |
129 | L"--local-port",\r | |
130 | ValueStr\r | |
131 | );\r | |
132 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
133 | } else {\r | |
134 | *Mask |= LOCAL_PORT;\r | |
135 | }\r | |
136 | }\r | |
137 | \r | |
138 | //\r | |
139 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
140 | //\r | |
141 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r | |
142 | if (ValueStr != NULL) {\r | |
143 | Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r | |
144 | if (EFI_ERROR (Status)) {\r | |
145 | ShellPrintHiiEx (\r | |
146 | -1,\r | |
147 | -1,\r | |
148 | NULL,\r | |
149 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
150 | mHiiHandle,\r | |
151 | mAppName,\r | |
152 | L"--remote-port",\r | |
153 | ValueStr\r | |
154 | );\r | |
155 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
156 | } else {\r | |
157 | *Mask |= REMOTE_PORT;\r | |
158 | }\r | |
159 | }\r | |
160 | \r | |
161 | //\r | |
162 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
163 | //\r | |
164 | Status = GetNumber (\r | |
165 | L"--icmp-type",\r | |
166 | (UINT8) -1,\r | |
167 | &Selector->LocalPort,\r | |
168 | sizeof (UINT16),\r | |
169 | NULL,\r | |
170 | ParamPackage,\r | |
171 | FORMAT_NUMBER\r | |
172 | );\r | |
173 | if (!EFI_ERROR (Status)) {\r | |
174 | *Mask |= ICMP_TYPE;\r | |
175 | }\r | |
176 | \r | |
177 | if (Status == EFI_INVALID_PARAMETER) {\r | |
178 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
179 | }\r | |
180 | \r | |
181 | //\r | |
182 | // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r | |
183 | //\r | |
184 | Status = GetNumber (\r | |
185 | L"--icmp-code",\r | |
186 | (UINT8) -1,\r | |
187 | &Selector->RemotePort,\r | |
188 | sizeof (UINT16),\r | |
189 | NULL,\r | |
190 | ParamPackage,\r | |
191 | FORMAT_NUMBER\r | |
192 | );\r | |
193 | if (!EFI_ERROR (Status)) {\r | |
194 | *Mask |= ICMP_CODE;\r | |
195 | }\r | |
196 | \r | |
197 | if (Status == EFI_INVALID_PARAMETER) {\r | |
198 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
199 | }\r | |
200 | \r | |
201 | return ReturnStatus;\r | |
202 | }\r | |
203 | \r | |
204 | /**\r | |
205 | Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r | |
206 | \r | |
207 | @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
208 | @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
209 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
210 | @param[out] Mask The pointer to the Mask.\r | |
211 | @param[in] CreateNew The switch to create new.\r | |
212 | \r | |
213 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r | |
214 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
215 | \r | |
216 | **/\r | |
217 | EFI_STATUS\r | |
218 | CreateSpdEntry (\r | |
219 | OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r | |
220 | OUT EFI_IPSEC_SPD_DATA **Data,\r | |
221 | IN LIST_ENTRY *ParamPackage,\r | |
222 | OUT UINT32 *Mask,\r | |
223 | IN BOOLEAN CreateNew\r | |
224 | )\r | |
225 | {\r | |
226 | EFI_STATUS Status;\r | |
227 | EFI_STATUS ReturnStatus;\r | |
228 | CONST CHAR16 *ValueStr;\r | |
229 | UINTN DataSize;\r | |
230 | \r | |
231 | Status = EFI_SUCCESS;\r | |
232 | *Mask = 0;\r | |
233 | \r | |
234 | *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r | |
235 | ASSERT (*Selector != NULL);\r | |
236 | \r | |
237 | (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r | |
238 | (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r | |
239 | \r | |
240 | ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r | |
241 | \r | |
242 | //\r | |
243 | // SPD DATA\r | |
244 | // NOTE: Allocate enough memory and add padding for different arch.\r | |
245 | //\r | |
246 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r | |
247 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r | |
248 | DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r | |
249 | \r | |
250 | *Data = AllocateZeroPool (DataSize);\r | |
251 | ASSERT (*Data != NULL);\r | |
252 | \r | |
253 | (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r | |
254 | (*Data + 1),\r | |
255 | sizeof (UINTN)\r | |
256 | );\r | |
257 | (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r | |
258 | ((*Data)->ProcessingPolicy + 1),\r | |
259 | sizeof (UINTN)\r | |
260 | );\r | |
261 | \r | |
262 | \r | |
263 | //\r | |
264 | // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r | |
265 | //\r | |
266 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r | |
267 | if (ValueStr != NULL) {\r | |
b9679cd7 | 268 | UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));\r |
a3bcde70 HT |
269 | *Mask |= NAME;\r |
270 | }\r | |
271 | \r | |
272 | //\r | |
273 | // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r | |
274 | //\r | |
275 | Status = GetNumber (\r | |
276 | L"--packet-flag",\r | |
277 | (UINT8) -1,\r | |
278 | &(*Data)->PackageFlag,\r | |
279 | sizeof (UINT32),\r | |
280 | NULL,\r | |
281 | ParamPackage,\r | |
282 | FORMAT_NUMBER\r | |
283 | );\r | |
284 | if (!EFI_ERROR (Status)) {\r | |
285 | *Mask |= PACKET_FLAG;\r | |
286 | }\r | |
287 | \r | |
288 | if (Status == EFI_INVALID_PARAMETER) {\r | |
289 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
290 | }\r | |
291 | \r | |
292 | //\r | |
293 | // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r | |
294 | //\r | |
295 | Status = GetNumber (\r | |
296 | L"--action",\r | |
297 | (UINT8) -1,\r | |
298 | &(*Data)->Action,\r | |
299 | sizeof (UINT32),\r | |
300 | mMapIpSecAction,\r | |
301 | ParamPackage,\r | |
302 | FORMAT_STRING\r | |
303 | );\r | |
304 | if (!EFI_ERROR (Status)) {\r | |
305 | *Mask |= ACTION;\r | |
306 | }\r | |
307 | \r | |
308 | if (Status == EFI_INVALID_PARAMETER) {\r | |
309 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
310 | }\r | |
311 | \r | |
312 | //\r | |
313 | // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r | |
314 | //\r | |
315 | if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r | |
316 | (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r | |
317 | *Mask |= EXT_SEQUENCE;\r | |
318 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r | |
319 | (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r | |
320 | *Mask |= EXT_SEQUENCE;\r | |
321 | }\r | |
322 | \r | |
323 | //\r | |
324 | // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r | |
325 | //\r | |
326 | if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r | |
327 | (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r | |
328 | *Mask |= SEQUENCE_OVERFLOW;\r | |
329 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r | |
330 | (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r | |
331 | *Mask |= SEQUENCE_OVERFLOW;\r | |
332 | }\r | |
333 | \r | |
334 | //\r | |
335 | // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r | |
336 | //\r | |
337 | if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r | |
338 | (*Data)->ProcessingPolicy->FragCheck = TRUE;\r | |
339 | *Mask |= FRAGMENT_CHECK;\r | |
340 | } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r | |
341 | (*Data)->ProcessingPolicy->FragCheck = FALSE;\r | |
342 | *Mask |= FRAGMENT_CHECK;\r | |
343 | }\r | |
344 | \r | |
345 | //\r | |
346 | // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r | |
347 | //\r | |
348 | Status = GetNumber (\r | |
349 | L"--lifebyte",\r | |
350 | (UINT64) -1,\r | |
351 | &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r | |
352 | sizeof (UINT64),\r | |
353 | NULL,\r | |
354 | ParamPackage,\r | |
355 | FORMAT_NUMBER\r | |
356 | );\r | |
357 | if (!EFI_ERROR (Status)) {\r | |
358 | *Mask |= LIFEBYTE;\r | |
359 | }\r | |
360 | \r | |
361 | if (Status == EFI_INVALID_PARAMETER) {\r | |
362 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
363 | }\r | |
364 | \r | |
365 | Status = GetNumber (\r | |
366 | L"--lifetime",\r | |
367 | (UINT64) -1,\r | |
368 | &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r | |
369 | sizeof (UINT64),\r | |
370 | NULL,\r | |
371 | ParamPackage,\r | |
372 | FORMAT_NUMBER\r | |
373 | );\r | |
374 | if (!EFI_ERROR (Status)) {\r | |
375 | *Mask |= LIFETIME;\r | |
376 | }\r | |
377 | if (Status == EFI_INVALID_PARAMETER) {\r | |
378 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
379 | }\r | |
380 | \r | |
381 | Status = GetNumber (\r | |
382 | L"--lifetime-soft",\r | |
383 | (UINT64) -1,\r | |
384 | &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r | |
385 | sizeof (UINT64),\r | |
386 | NULL,\r | |
387 | ParamPackage,\r | |
388 | FORMAT_NUMBER\r | |
389 | );\r | |
390 | if (!EFI_ERROR (Status)) {\r | |
391 | *Mask |= LIFETIME_SOFT;\r | |
392 | }\r | |
393 | \r | |
394 | if (Status == EFI_INVALID_PARAMETER) {\r | |
395 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
396 | }\r | |
397 | \r | |
398 | (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r | |
399 | Status = GetNumber (\r | |
400 | L"--mode",\r | |
401 | 0,\r | |
402 | &(*Data)->ProcessingPolicy->Mode,\r | |
403 | sizeof (UINT32),\r | |
404 | mMapIpSecMode,\r | |
405 | ParamPackage,\r | |
406 | FORMAT_STRING\r | |
407 | );\r | |
408 | if (!EFI_ERROR (Status)) {\r | |
409 | *Mask |= MODE;\r | |
410 | }\r | |
411 | \r | |
412 | if (Status == EFI_INVALID_PARAMETER) {\r | |
413 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
414 | }\r | |
415 | \r | |
416 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r | |
417 | if (ValueStr != NULL) {\r | |
418 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r | |
419 | if (EFI_ERROR (Status)) {\r | |
420 | ShellPrintHiiEx (\r | |
421 | -1,\r | |
422 | -1,\r | |
423 | NULL,\r | |
424 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
425 | mHiiHandle,\r | |
426 | mAppName,\r | |
427 | L"--tunnel-local",\r | |
428 | ValueStr\r | |
429 | );\r | |
430 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
431 | } else {\r | |
432 | *Mask |= TUNNEL_LOCAL;\r | |
433 | }\r | |
434 | }\r | |
435 | \r | |
436 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r | |
437 | if (ValueStr != NULL) {\r | |
438 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r | |
439 | if (EFI_ERROR (Status)) {\r | |
440 | ShellPrintHiiEx (\r | |
441 | -1,\r | |
442 | -1,\r | |
443 | NULL,\r | |
444 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
445 | mHiiHandle,\r | |
446 | mAppName,\r | |
447 | L"--tunnel-remote",\r | |
448 | ValueStr\r | |
449 | );\r | |
450 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
451 | } else {\r | |
452 | *Mask |= TUNNEL_REMOTE;\r | |
453 | }\r | |
454 | }\r | |
455 | \r | |
456 | (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r | |
457 | Status = GetNumber (\r | |
458 | L"--dont-fragment",\r | |
459 | 0,\r | |
460 | &(*Data)->ProcessingPolicy->TunnelOption->DF,\r | |
461 | sizeof (UINT32),\r | |
462 | mMapDfOption,\r | |
463 | ParamPackage,\r | |
464 | FORMAT_STRING\r | |
465 | );\r | |
466 | if (!EFI_ERROR (Status)) {\r | |
467 | *Mask |= DONT_FRAGMENT;\r | |
468 | }\r | |
469 | \r | |
470 | if (Status == EFI_INVALID_PARAMETER) {\r | |
471 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
472 | }\r | |
473 | \r | |
474 | (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r | |
475 | Status = GetNumber (\r | |
476 | L"--ipsec-proto",\r | |
477 | 0,\r | |
478 | &(*Data)->ProcessingPolicy->Proto,\r | |
479 | sizeof (UINT32),\r | |
480 | mMapIpSecProtocol,\r | |
481 | ParamPackage,\r | |
482 | FORMAT_STRING\r | |
483 | );\r | |
484 | if (!EFI_ERROR (Status)) {\r | |
485 | *Mask |= IPSEC_PROTO;\r | |
486 | }\r | |
487 | \r | |
488 | if (Status == EFI_INVALID_PARAMETER) {\r | |
489 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
490 | }\r | |
491 | \r | |
492 | Status = GetNumber (\r | |
493 | L"--encrypt-algo",\r | |
494 | 0,\r | |
495 | &(*Data)->ProcessingPolicy->EncAlgoId,\r | |
496 | sizeof (UINT8),\r | |
497 | mMapEncAlgo,\r | |
498 | ParamPackage,\r | |
499 | FORMAT_STRING\r | |
500 | );\r | |
501 | if (!EFI_ERROR (Status)) {\r | |
502 | *Mask |= ENCRYPT_ALGO;\r | |
503 | }\r | |
504 | \r | |
505 | if (Status == EFI_INVALID_PARAMETER) {\r | |
506 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
507 | }\r | |
508 | \r | |
509 | Status = GetNumber (\r | |
510 | L"--auth-algo",\r | |
511 | 0,\r | |
512 | &(*Data)->ProcessingPolicy->AuthAlgoId,\r | |
513 | sizeof (UINT8),\r | |
514 | mMapAuthAlgo,\r | |
515 | ParamPackage,\r | |
516 | FORMAT_STRING\r | |
517 | );\r | |
518 | if (!EFI_ERROR (Status)) {\r | |
519 | *Mask |= AUTH_ALGO;\r | |
520 | }\r | |
521 | \r | |
522 | if (Status == EFI_INVALID_PARAMETER) {\r | |
523 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
524 | }\r | |
525 | \r | |
526 | //\r | |
527 | // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r | |
528 | //\r | |
529 | if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r | |
530 | (*Data)->ProcessingPolicy->TunnelOption = NULL;\r | |
531 | }\r | |
532 | \r | |
533 | if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r | |
534 | LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r | |
535 | DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r | |
536 | if ((*Data)->Action != EfiIPsecActionProtect) {\r | |
537 | //\r | |
538 | // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r | |
539 | //\r | |
540 | (*Data)->ProcessingPolicy = NULL;\r | |
541 | }\r | |
542 | }\r | |
543 | \r | |
544 | if (CreateNew) {\r | |
545 | if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r | |
546 | ShellPrintHiiEx (\r | |
547 | -1,\r | |
548 | -1,\r | |
549 | NULL,\r | |
550 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
551 | mHiiHandle,\r | |
552 | mAppName,\r | |
553 | L"--local --remote --proto --action"\r | |
554 | );\r | |
555 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
556 | } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r | |
557 | ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r | |
558 | ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r | |
559 | ShellPrintHiiEx (\r | |
560 | -1,\r | |
561 | -1,\r | |
562 | NULL,\r | |
563 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
564 | mHiiHandle,\r | |
565 | mAppName,\r | |
566 | L"--tunnel-local --tunnel-remote"\r | |
567 | );\r | |
568 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
569 | }\r | |
570 | }\r | |
571 | \r | |
572 | return ReturnStatus;\r | |
573 | }\r | |
574 | \r | |
575 | /**\r | |
64b2d0e5 | 576 | Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.\r |
a3bcde70 HT |
577 | \r |
578 | @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r | |
64b2d0e5 | 579 | @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 HT |
580 | @param[in] ParamPackage The pointer to the ParamPackage list.\r |
581 | @param[out] Mask The pointer to the Mask.\r | |
582 | @param[in] CreateNew The switch to create new.\r | |
583 | \r | |
64b2d0e5 | 584 | @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.\r |
a3bcde70 HT |
585 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r |
586 | \r | |
587 | **/\r | |
588 | EFI_STATUS\r | |
589 | CreateSadEntry (\r | |
590 | OUT EFI_IPSEC_SA_ID **SaId,\r | |
64b2d0e5 | 591 | OUT EFI_IPSEC_SA_DATA2 **Data,\r |
a3bcde70 HT |
592 | IN LIST_ENTRY *ParamPackage,\r |
593 | OUT UINT32 *Mask,\r | |
594 | IN BOOLEAN CreateNew\r | |
595 | )\r | |
596 | {\r | |
597 | EFI_STATUS Status;\r | |
598 | EFI_STATUS ReturnStatus;\r | |
599 | UINTN AuthKeyLength;\r | |
600 | UINTN EncKeyLength;\r | |
601 | CONST CHAR16 *ValueStr;\r | |
64b2d0e5 | 602 | CHAR8 *AsciiStr;\r |
a3bcde70 HT |
603 | UINTN DataSize;\r |
604 | \r | |
605 | Status = EFI_SUCCESS;\r | |
606 | ReturnStatus = EFI_SUCCESS;\r | |
607 | *Mask = 0;\r | |
608 | AuthKeyLength = 0;\r | |
609 | EncKeyLength = 0;\r | |
610 | \r | |
611 | *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r | |
612 | ASSERT (*SaId != NULL);\r | |
613 | \r | |
614 | //\r | |
615 | // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r | |
616 | //\r | |
617 | Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r | |
618 | if (!EFI_ERROR (Status)) {\r | |
619 | *Mask |= SPI;\r | |
620 | }\r | |
621 | \r | |
622 | if (Status == EFI_INVALID_PARAMETER) {\r | |
623 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
624 | }\r | |
625 | \r | |
626 | //\r | |
627 | // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r | |
628 | //\r | |
629 | Status = GetNumber (\r | |
630 | L"--ipsec-proto",\r | |
631 | 0,\r | |
632 | &(*SaId)->Proto,\r | |
633 | sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r | |
634 | mMapIpSecProtocol,\r | |
635 | ParamPackage,\r | |
636 | FORMAT_STRING\r | |
637 | );\r | |
638 | if (!EFI_ERROR (Status)) {\r | |
639 | *Mask |= IPSEC_PROTO;\r | |
640 | }\r | |
641 | \r | |
642 | if (Status == EFI_INVALID_PARAMETER) {\r | |
643 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
644 | }\r | |
645 | \r | |
646 | //\r | |
64b2d0e5 | 647 | // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.\r |
a3bcde70 HT |
648 | //\r |
649 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r | |
650 | if (ValueStr != NULL) {\r | |
64b2d0e5 | 651 | AuthKeyLength = StrLen (ValueStr);\r |
a3bcde70 HT |
652 | }\r |
653 | \r | |
654 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r | |
655 | if (ValueStr != NULL) {\r | |
64b2d0e5 | 656 | EncKeyLength = StrLen (ValueStr);\r |
a3bcde70 HT |
657 | }\r |
658 | \r | |
659 | //\r | |
64b2d0e5 | 660 | // EFI_IPSEC_SA_DATA2:\r |
a3bcde70 | 661 | // +------------\r |
64b2d0e5 | 662 | // | EFI_IPSEC_SA_DATA2\r |
a3bcde70 HT |
663 | // +-----------------------\r |
664 | // | AuthKey\r | |
665 | // +-------------------------\r | |
666 | // | EncKey\r | |
667 | // +-------------------------\r | |
668 | // | SpdSelector\r | |
669 | //\r | |
670 | // Notes: To make sure the address alignment add padding after each data if needed.\r | |
671 | //\r | |
64b2d0e5 | 672 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r |
a3bcde70 HT |
673 | DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r |
674 | DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r | |
675 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r | |
676 | DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r | |
677 | DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r | |
678 | \r | |
679 | \r | |
680 | \r | |
681 | *Data = AllocateZeroPool (DataSize);\r | |
682 | ASSERT (*Data != NULL);\r | |
683 | \r | |
684 | (*Data)->ManualSet = TRUE;\r | |
685 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r | |
686 | (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r | |
687 | ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r | |
688 | sizeof (UINTN)\r | |
689 | );\r | |
690 | (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r | |
691 | ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r | |
692 | sizeof (UINTN)\r | |
693 | );\r | |
694 | (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r | |
695 | ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r | |
696 | sizeof (UINTN));\r | |
697 | (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r | |
698 | (*Data)->SpdSelector->LocalAddress + 1,\r | |
699 | sizeof (UINTN)\r | |
700 | );\r | |
701 | \r | |
702 | (*Data)->Mode = EfiIPsecTransport;\r | |
703 | Status = GetNumber (\r | |
704 | L"--mode",\r | |
705 | 0,\r | |
706 | &(*Data)->Mode,\r | |
707 | sizeof (EFI_IPSEC_MODE),\r | |
708 | mMapIpSecMode,\r | |
709 | ParamPackage,\r | |
710 | FORMAT_STRING\r | |
711 | );\r | |
712 | if (!EFI_ERROR (Status)) {\r | |
713 | *Mask |= MODE;\r | |
714 | }\r | |
715 | \r | |
716 | if (Status == EFI_INVALID_PARAMETER) {\r | |
717 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
718 | }\r | |
719 | \r | |
720 | //\r | |
721 | // According to RFC 4303-3.3.3. The first packet sent using a given SA\r | |
722 | // will contain a sequence number of 1.\r | |
723 | //\r | |
724 | (*Data)->SNCount = 1;\r | |
725 | Status = GetNumber (\r | |
726 | L"--sequence-number",\r | |
727 | (UINT64) -1,\r | |
728 | &(*Data)->SNCount,\r | |
729 | sizeof (UINT64),\r | |
730 | NULL,\r | |
731 | ParamPackage,\r | |
732 | FORMAT_NUMBER\r | |
733 | );\r | |
734 | if (!EFI_ERROR (Status)) {\r | |
735 | *Mask |= SEQUENCE_NUMBER;\r | |
736 | }\r | |
737 | \r | |
738 | if (Status == EFI_INVALID_PARAMETER) {\r | |
739 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
740 | }\r | |
741 | \r | |
742 | (*Data)->AntiReplayWindows = 0;\r | |
743 | Status = GetNumber (\r | |
744 | L"--antireplay-window",\r | |
745 | (UINT8) -1,\r | |
746 | &(*Data)->AntiReplayWindows,\r | |
747 | sizeof (UINT8),\r | |
748 | NULL,\r | |
749 | ParamPackage,\r | |
750 | FORMAT_NUMBER\r | |
751 | );\r | |
752 | if (!EFI_ERROR (Status)) {\r | |
753 | *Mask |= SEQUENCE_NUMBER;\r | |
754 | }\r | |
755 | \r | |
756 | if (Status == EFI_INVALID_PARAMETER) {\r | |
757 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
758 | }\r | |
759 | \r | |
760 | Status = GetNumber (\r | |
761 | L"--encrypt-algo",\r | |
762 | 0,\r | |
763 | &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r | |
764 | sizeof (UINT8),\r | |
765 | mMapEncAlgo,\r | |
766 | ParamPackage,\r | |
767 | FORMAT_STRING\r | |
768 | );\r | |
769 | if (!EFI_ERROR (Status)) {\r | |
770 | *Mask |= ENCRYPT_ALGO;\r | |
771 | }\r | |
772 | \r | |
773 | if (Status == EFI_INVALID_PARAMETER) {\r | |
774 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
775 | }\r | |
776 | \r | |
777 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r | |
778 | if (ValueStr != NULL ) {\r | |
779 | (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r | |
64b2d0e5 | 780 | AsciiStr = AllocateZeroPool (EncKeyLength + 1);\r |
7a49cd08 | 781 | ASSERT (AsciiStr != NULL);\r |
b9679cd7 | 782 | UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);\r |
64b2d0e5 | 783 | CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);\r |
784 | FreePool (AsciiStr);\r | |
a3bcde70 HT |
785 | *Mask |= ENCRYPT_KEY;\r |
786 | } else {\r | |
787 | (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r | |
788 | }\r | |
789 | \r | |
790 | Status = GetNumber (\r | |
791 | L"--auth-algo",\r | |
792 | 0,\r | |
793 | &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r | |
794 | sizeof (UINT8),\r | |
795 | mMapAuthAlgo,\r | |
796 | ParamPackage,\r | |
797 | FORMAT_STRING\r | |
798 | );\r | |
799 | if (!EFI_ERROR (Status)) {\r | |
800 | *Mask |= AUTH_ALGO;\r | |
801 | }\r | |
802 | \r | |
803 | if (Status == EFI_INVALID_PARAMETER) {\r | |
804 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
805 | }\r | |
806 | \r | |
807 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r | |
808 | if (ValueStr != NULL) {\r | |
809 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r | |
64b2d0e5 | 810 | AsciiStr = AllocateZeroPool (AuthKeyLength + 1);\r |
bef3fd0c | 811 | ASSERT (AsciiStr != NULL);\r |
b9679cd7 | 812 | UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);\r |
64b2d0e5 | 813 | CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);\r |
814 | FreePool (AsciiStr);\r | |
a3bcde70 HT |
815 | *Mask |= AUTH_KEY;\r |
816 | } else {\r | |
817 | (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r | |
818 | }\r | |
819 | \r | |
820 | Status = GetNumber (\r | |
821 | L"--lifebyte",\r | |
822 | (UINT64) -1,\r | |
823 | &(*Data)->SaLifetime.ByteCount,\r | |
824 | sizeof (UINT64),\r | |
825 | NULL,\r | |
826 | ParamPackage,\r | |
827 | FORMAT_NUMBER\r | |
828 | );\r | |
829 | if (!EFI_ERROR (Status)) {\r | |
830 | *Mask |= LIFEBYTE;\r | |
831 | }\r | |
832 | \r | |
833 | if (Status == EFI_INVALID_PARAMETER) {\r | |
834 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
835 | }\r | |
836 | \r | |
837 | Status = GetNumber (\r | |
838 | L"--lifetime",\r | |
839 | (UINT64) -1,\r | |
840 | &(*Data)->SaLifetime.HardLifetime,\r | |
841 | sizeof (UINT64),\r | |
842 | NULL,\r | |
843 | ParamPackage,\r | |
844 | FORMAT_NUMBER\r | |
845 | );\r | |
846 | if (!EFI_ERROR (Status)) {\r | |
847 | *Mask |= LIFETIME;\r | |
848 | }\r | |
849 | \r | |
850 | if (Status == EFI_INVALID_PARAMETER) {\r | |
851 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
852 | }\r | |
853 | \r | |
854 | Status = GetNumber (\r | |
855 | L"--lifetime-soft",\r | |
856 | (UINT64) -1,\r | |
857 | &(*Data)->SaLifetime.SoftLifetime,\r | |
858 | sizeof (UINT64),\r | |
859 | NULL,\r | |
860 | ParamPackage,\r | |
861 | FORMAT_NUMBER\r | |
862 | );\r | |
863 | if (!EFI_ERROR (Status)) {\r | |
864 | *Mask |= LIFETIME_SOFT;\r | |
865 | }\r | |
866 | \r | |
867 | if (Status == EFI_INVALID_PARAMETER) {\r | |
868 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
869 | }\r | |
870 | \r | |
871 | Status = GetNumber (\r | |
872 | L"--path-mtu",\r | |
873 | (UINT32) -1,\r | |
874 | &(*Data)->PathMTU,\r | |
875 | sizeof (UINT32),\r | |
876 | NULL,\r | |
877 | ParamPackage,\r | |
878 | FORMAT_NUMBER\r | |
879 | );\r | |
880 | if (!EFI_ERROR (Status)) {\r | |
881 | *Mask |= PATH_MTU;\r | |
882 | }\r | |
883 | \r | |
884 | if (Status == EFI_INVALID_PARAMETER) {\r | |
885 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
886 | }\r | |
887 | \r | |
64b2d0e5 | 888 | //\r |
889 | // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r | |
890 | //\r | |
891 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");\r | |
892 | if (ValueStr != NULL) {\r | |
893 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);\r | |
894 | if (EFI_ERROR (Status)) {\r | |
895 | ShellPrintHiiEx (\r | |
896 | -1,\r | |
897 | -1,\r | |
898 | NULL,\r | |
899 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
900 | mHiiHandle,\r | |
901 | mAppName,\r | |
902 | L"--tunnel-dest",\r | |
903 | ValueStr\r | |
904 | );\r | |
905 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
906 | } else {\r | |
907 | *Mask |= DEST;\r | |
908 | }\r | |
909 | }\r | |
910 | \r | |
911 | //\r | |
da7c529c | 912 | // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r |
64b2d0e5 | 913 | //\r |
914 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");\r | |
915 | if (ValueStr != NULL) {\r | |
916 | Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);\r | |
917 | if (EFI_ERROR (Status)) {\r | |
918 | ShellPrintHiiEx (\r | |
919 | -1,\r | |
920 | -1,\r | |
921 | NULL,\r | |
922 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
923 | mHiiHandle,\r | |
924 | mAppName,\r | |
925 | L"--tunnel-source",\r | |
926 | ValueStr\r | |
927 | );\r | |
928 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
929 | } else {\r | |
930 | *Mask |= SOURCE;\r | |
931 | }\r | |
932 | }\r | |
da7c529c | 933 | \r |
934 | //\r | |
935 | // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set\r | |
936 | //\r | |
937 | if ((*Data)->Mode == EfiIPsecTunnel) {\r | |
938 | if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {\r | |
939 | ShellPrintHiiEx (\r | |
940 | -1,\r | |
941 | -1,\r | |
942 | NULL,\r | |
943 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
944 | mHiiHandle,\r | |
945 | mAppName,\r | |
946 | L"--tunnel-source --tunnel-dest"\r | |
947 | );\r | |
948 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
949 | }\r | |
950 | }\r | |
a3bcde70 HT |
951 | ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r |
952 | \r | |
953 | if (CreateNew) {\r | |
da7c529c | 954 | if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {\r |
a3bcde70 HT |
955 | ShellPrintHiiEx (\r |
956 | -1,\r | |
957 | -1,\r | |
958 | NULL,\r | |
959 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
960 | mHiiHandle,\r | |
961 | mAppName,\r | |
da7c529c | 962 | L"--spi --ipsec-proto --local --remote"\r |
a3bcde70 HT |
963 | );\r |
964 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
965 | } else {\r | |
966 | if ((*SaId)->Proto == EfiIPsecAH) {\r | |
967 | if ((*Mask & AUTH_ALGO) == 0) {\r | |
968 | ShellPrintHiiEx (\r | |
969 | -1,\r | |
970 | -1,\r | |
971 | NULL,\r | |
972 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
973 | mHiiHandle,\r | |
974 | mAppName,\r | |
975 | L"--auth-algo"\r | |
976 | );\r | |
977 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
780847d1 | 978 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r |
a3bcde70 HT |
979 | ShellPrintHiiEx (\r |
980 | -1,\r | |
981 | -1,\r | |
982 | NULL,\r | |
983 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
984 | mHiiHandle,\r | |
985 | mAppName,\r | |
986 | L"--auth-key"\r | |
987 | );\r | |
988 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
989 | }\r | |
990 | } else {\r | |
da7c529c | 991 | if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {\r |
a3bcde70 HT |
992 | ShellPrintHiiEx (\r |
993 | -1,\r | |
994 | -1,\r | |
995 | NULL,\r | |
996 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
997 | mHiiHandle,\r | |
998 | mAppName,\r | |
da7c529c | 999 | L"--encrypt-algo --auth-algo"\r |
a3bcde70 HT |
1000 | );\r |
1001 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
780847d1 | 1002 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r |
a3bcde70 HT |
1003 | ShellPrintHiiEx (\r |
1004 | -1,\r | |
1005 | -1,\r | |
1006 | NULL,\r | |
1007 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1008 | mHiiHandle,\r | |
1009 | mAppName,\r | |
1010 | L"--encrypt-key"\r | |
1011 | );\r | |
1012 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
da7c529c | 1013 | } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r |
1014 | ShellPrintHiiEx (\r | |
1015 | -1,\r | |
1016 | -1,\r | |
1017 | NULL,\r | |
1018 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1019 | mHiiHandle,\r | |
1020 | mAppName,\r | |
1021 | L"--auth-key"\r | |
1022 | );\r | |
1023 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
a3bcde70 HT |
1024 | }\r |
1025 | }\r | |
1026 | }\r | |
1027 | }\r | |
1028 | \r | |
1029 | return ReturnStatus;\r | |
1030 | }\r | |
1031 | \r | |
1032 | /**\r | |
1033 | Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r | |
1034 | \r | |
1035 | @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1036 | @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1037 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
1038 | @param[out] Mask The pointer to the Mask.\r | |
1039 | @param[in] CreateNew The switch to create new.\r | |
1040 | \r | |
1041 | @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r | |
1042 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1043 | \r | |
1044 | **/\r | |
1045 | EFI_STATUS\r | |
1046 | CreatePadEntry (\r | |
1047 | OUT EFI_IPSEC_PAD_ID **PadId,\r | |
1048 | OUT EFI_IPSEC_PAD_DATA **Data,\r | |
1049 | IN LIST_ENTRY *ParamPackage,\r | |
1050 | OUT UINT32 *Mask,\r | |
1051 | IN BOOLEAN CreateNew\r | |
1052 | )\r | |
1053 | {\r | |
1054 | EFI_STATUS Status;\r | |
1055 | EFI_STATUS ReturnStatus;\r | |
780847d1 | 1056 | SHELL_FILE_HANDLE FileHandle;\r |
a3bcde70 HT |
1057 | UINT64 FileSize;\r |
1058 | UINTN AuthDataLength;\r | |
1059 | UINTN RevocationDataLength;\r | |
1060 | UINTN DataLength;\r | |
1061 | UINTN Index;\r | |
1062 | CONST CHAR16 *ValueStr;\r | |
1063 | UINTN DataSize;\r | |
1064 | \r | |
1065 | Status = EFI_SUCCESS;\r | |
1066 | ReturnStatus = EFI_SUCCESS;\r | |
1067 | *Mask = 0;\r | |
1068 | AuthDataLength = 0;\r | |
1069 | RevocationDataLength = 0;\r | |
1070 | \r | |
1071 | *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r | |
1072 | ASSERT (*PadId != NULL);\r | |
1073 | \r | |
1074 | //\r | |
1075 | // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r | |
1076 | //\r | |
1077 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r | |
1078 | if (ValueStr != NULL) {\r | |
1079 | (*PadId)->PeerIdValid = FALSE;\r | |
1080 | Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r | |
1081 | if (EFI_ERROR (Status)) {\r | |
1082 | ShellPrintHiiEx (\r | |
1083 | -1,\r | |
1084 | -1,\r | |
1085 | NULL,\r | |
1086 | STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r | |
1087 | mHiiHandle,\r | |
1088 | mAppName,\r | |
1089 | L"--peer-address",\r | |
1090 | ValueStr\r | |
1091 | );\r | |
1092 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1093 | } else {\r | |
1094 | *Mask |= PEER_ADDRESS;\r | |
1095 | }\r | |
1096 | }\r | |
1097 | \r | |
1098 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r | |
1099 | if (ValueStr != NULL) {\r | |
1100 | (*PadId)->PeerIdValid = TRUE;\r | |
c960bdc2 | 1101 | StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);\r |
a3bcde70 HT |
1102 | *Mask |= PEER_ID;\r |
1103 | }\r | |
1104 | \r | |
1105 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r | |
1106 | if (ValueStr != NULL) {\r | |
1107 | if (ValueStr[0] == L'@') {\r | |
1108 | //\r | |
1109 | // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r | |
1110 | //\r | |
1111 | Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r | |
1112 | if (EFI_ERROR (Status)) {\r | |
1113 | ShellPrintHiiEx (\r | |
1114 | -1,\r | |
1115 | -1,\r | |
1116 | NULL,\r | |
1117 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1118 | mHiiHandle,\r | |
1119 | mAppName,\r | |
1120 | &ValueStr[1]\r | |
1121 | );\r | |
1122 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1123 | } else {\r | |
1124 | Status = ShellGetFileSize (FileHandle, &FileSize);\r | |
1125 | ShellCloseFile (&FileHandle);\r | |
1126 | if (EFI_ERROR (Status)) {\r | |
1127 | ShellPrintHiiEx (\r | |
1128 | -1,\r | |
1129 | -1,\r | |
1130 | NULL,\r | |
1131 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1132 | mHiiHandle,\r | |
1133 | mAppName,\r | |
1134 | &ValueStr[1]\r | |
1135 | );\r | |
1136 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1137 | } else {\r | |
1138 | AuthDataLength = (UINTN) FileSize;\r | |
1139 | }\r | |
1140 | }\r | |
1141 | } else {\r | |
1142 | AuthDataLength = StrLen (ValueStr);\r | |
1143 | }\r | |
1144 | }\r | |
1145 | \r | |
1146 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r | |
1147 | if (ValueStr != NULL) {\r | |
1148 | RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r | |
1149 | }\r | |
1150 | \r | |
1151 | //\r | |
1152 | // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r | |
1153 | // in different Arch.\r | |
1154 | //\r | |
1155 | DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r | |
1156 | DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r | |
1157 | DataSize += RevocationDataLength;\r | |
1158 | \r | |
1159 | *Data = AllocateZeroPool (DataSize);\r | |
1160 | ASSERT (*Data != NULL);\r | |
1161 | \r | |
1162 | (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r | |
1163 | (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r | |
1164 | (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r | |
1165 | \r | |
1166 | //\r | |
1167 | // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r | |
1168 | //\r | |
1169 | Status = GetNumber (\r | |
1170 | L"--auth-proto",\r | |
1171 | 0,\r | |
1172 | &(*Data)->AuthProtocol,\r | |
1173 | sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r | |
1174 | mMapAuthProto,\r | |
1175 | ParamPackage,\r | |
1176 | FORMAT_STRING\r | |
1177 | );\r | |
1178 | if (!EFI_ERROR (Status)) {\r | |
1179 | *Mask |= AUTH_PROTO;\r | |
1180 | }\r | |
1181 | \r | |
1182 | if (Status == EFI_INVALID_PARAMETER) {\r | |
1183 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1184 | }\r | |
1185 | \r | |
1186 | Status = GetNumber (\r | |
1187 | L"--auth-method",\r | |
1188 | 0,\r | |
1189 | &(*Data)->AuthMethod,\r | |
1190 | sizeof (EFI_IPSEC_AUTH_METHOD),\r | |
1191 | mMapAuthMethod,\r | |
1192 | ParamPackage,\r | |
1193 | FORMAT_STRING\r | |
1194 | );\r | |
1195 | if (!EFI_ERROR (Status)) {\r | |
1196 | *Mask |= AUTH_METHOD;\r | |
1197 | }\r | |
1198 | \r | |
1199 | if (Status == EFI_INVALID_PARAMETER) {\r | |
1200 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1201 | }\r | |
1202 | \r | |
1203 | if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r | |
1204 | (*Data)->IkeIdFlag = TRUE;\r | |
1205 | *Mask |= IKE_ID;\r | |
1206 | }\r | |
1207 | \r | |
1208 | if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r | |
1209 | (*Data)->IkeIdFlag = FALSE;\r | |
1210 | *Mask |= IKE_ID;\r | |
1211 | }\r | |
1212 | \r | |
1213 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r | |
1214 | if (ValueStr != NULL) {\r | |
1215 | if (ValueStr[0] == L'@') {\r | |
1216 | //\r | |
1217 | // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r | |
1218 | //\r | |
1219 | \r | |
1220 | Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r | |
1221 | if (EFI_ERROR (Status)) {\r | |
1222 | ShellPrintHiiEx (\r | |
1223 | -1,\r | |
1224 | -1,\r | |
1225 | NULL,\r | |
1226 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1227 | mHiiHandle,\r | |
1228 | mAppName,\r | |
1229 | &ValueStr[1]\r | |
1230 | );\r | |
1231 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1232 | (*Data)->AuthData = NULL;\r | |
1233 | } else {\r | |
1234 | DataLength = AuthDataLength;\r | |
64b2d0e5 | 1235 | Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r |
a3bcde70 HT |
1236 | ShellCloseFile (&FileHandle);\r |
1237 | if (EFI_ERROR (Status)) {\r | |
1238 | ShellPrintHiiEx (\r | |
1239 | -1,\r | |
1240 | -1,\r | |
1241 | NULL,\r | |
1242 | STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r | |
1243 | mHiiHandle,\r | |
1244 | mAppName,\r | |
1245 | &ValueStr[1]\r | |
1246 | );\r | |
1247 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1248 | (*Data)->AuthData = NULL;\r | |
1249 | } else {\r | |
1250 | ASSERT (DataLength == AuthDataLength);\r | |
1251 | *Mask |= AUTH_DATA;\r | |
1252 | }\r | |
1253 | }\r | |
1254 | } else {\r | |
1255 | for (Index = 0; Index < AuthDataLength; Index++) {\r | |
1256 | ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r | |
1257 | }\r | |
1258 | (*Data)->AuthDataSize = AuthDataLength;\r | |
1259 | *Mask |= AUTH_DATA;\r | |
1260 | }\r | |
1261 | }\r | |
1262 | \r | |
1263 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r | |
1264 | if (ValueStr != NULL) {\r | |
1265 | CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r | |
1266 | (*Data)->RevocationDataSize = RevocationDataLength;\r | |
1267 | *Mask |= REVOCATION_DATA;\r | |
1268 | } else {\r | |
1269 | (*Data)->RevocationData = NULL;\r | |
1270 | }\r | |
1271 | \r | |
1272 | if (CreateNew) {\r | |
1273 | if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r | |
1274 | ShellPrintHiiEx (\r | |
1275 | -1,\r | |
1276 | -1,\r | |
1277 | NULL,\r | |
1278 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1279 | mHiiHandle,\r | |
1280 | mAppName,\r | |
1281 | L"--peer-id --peer-address"\r | |
1282 | );\r | |
1283 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1284 | } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r | |
1285 | ShellPrintHiiEx (\r | |
1286 | -1,\r | |
1287 | -1,\r | |
1288 | NULL,\r | |
1289 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1290 | mHiiHandle,\r | |
1291 | mAppName,\r | |
1292 | L"--auth-method --auth-data"\r | |
1293 | );\r | |
1294 | ReturnStatus = EFI_INVALID_PARAMETER;\r | |
1295 | }\r | |
1296 | }\r | |
1297 | \r | |
1298 | return ReturnStatus;\r | |
1299 | }\r | |
1300 | \r | |
1301 | CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r | |
1302 | (CREATE_POLICY_ENTRY) CreateSpdEntry,\r | |
1303 | (CREATE_POLICY_ENTRY) CreateSadEntry,\r | |
1304 | (CREATE_POLICY_ENTRY) CreatePadEntry\r | |
1305 | };\r | |
1306 | \r | |
1307 | /**\r | |
1308 | Combine old SPD entry with new SPD entry.\r | |
1309 | \r | |
1310 | @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
1311 | @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
1312 | @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r | |
1313 | @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r | |
1314 | @param[in] Mask The pointer to the Mask.\r | |
1315 | @param[out] CreateNew The switch to create new.\r | |
1316 | \r | |
1317 | @retval EFI_SUCCESS Combined successfully.\r | |
1318 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1319 | \r | |
1320 | **/\r | |
1321 | EFI_STATUS\r | |
1322 | CombineSpdEntry (\r | |
1323 | IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r | |
1324 | IN OUT EFI_IPSEC_SPD_DATA *OldData,\r | |
1325 | IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r | |
1326 | IN EFI_IPSEC_SPD_DATA *NewData,\r | |
1327 | IN UINT32 Mask,\r | |
1328 | OUT BOOLEAN *CreateNew\r | |
1329 | )\r | |
1330 | {\r | |
1331 | \r | |
1332 | //\r | |
1333 | // Process Selector\r | |
1334 | //\r | |
1335 | *CreateNew = FALSE;\r | |
1336 | if ((Mask & LOCAL) == 0) {\r | |
1337 | NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r | |
1338 | NewSelector->LocalAddress = OldSelector->LocalAddress;\r | |
1339 | } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r | |
1340 | (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r | |
1341 | *CreateNew = TRUE;\r | |
1342 | }\r | |
1343 | \r | |
1344 | if ((Mask & REMOTE) == 0) {\r | |
1345 | NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r | |
1346 | NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r | |
1347 | } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r | |
1348 | (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r | |
1349 | *CreateNew = TRUE;\r | |
1350 | }\r | |
1351 | \r | |
1352 | if ((Mask & PROTO) == 0) {\r | |
1353 | NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r | |
1354 | } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r | |
1355 | *CreateNew = TRUE;\r | |
1356 | }\r | |
1357 | \r | |
1358 | switch (NewSelector->NextLayerProtocol) {\r | |
1359 | case EFI_IP4_PROTO_TCP:\r | |
1360 | case EFI_IP4_PROTO_UDP:\r | |
1361 | if ((Mask & LOCAL_PORT) == 0) {\r | |
1362 | NewSelector->LocalPort = OldSelector->LocalPort;\r | |
1363 | NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r | |
1364 | } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r | |
1365 | (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r | |
1366 | *CreateNew = TRUE;\r | |
1367 | }\r | |
1368 | \r | |
1369 | if ((Mask & REMOTE_PORT) == 0) {\r | |
1370 | NewSelector->RemotePort = OldSelector->RemotePort;\r | |
1371 | NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r | |
1372 | } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r | |
1373 | (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r | |
1374 | *CreateNew = TRUE;\r | |
1375 | }\r | |
1376 | break;\r | |
1377 | \r | |
1378 | case EFI_IP4_PROTO_ICMP:\r | |
1379 | if ((Mask & ICMP_TYPE) == 0) {\r | |
1380 | NewSelector->LocalPort = OldSelector->LocalPort;\r | |
1381 | } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r | |
1382 | *CreateNew = TRUE;\r | |
1383 | }\r | |
1384 | \r | |
1385 | if ((Mask & ICMP_CODE) == 0) {\r | |
1386 | NewSelector->RemotePort = OldSelector->RemotePort;\r | |
1387 | } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r | |
1388 | *CreateNew = TRUE;\r | |
1389 | }\r | |
1390 | break;\r | |
1391 | }\r | |
1392 | //\r | |
1393 | // Process Data\r | |
1394 | //\r | |
a51896e4 JW |
1395 | OldData->SaIdCount = 0;\r |
1396 | \r | |
a3bcde70 | 1397 | if ((Mask & NAME) != 0) {\r |
c960bdc2 | 1398 | AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);\r |
a3bcde70 HT |
1399 | }\r |
1400 | \r | |
1401 | if ((Mask & PACKET_FLAG) != 0) {\r | |
1402 | OldData->PackageFlag = NewData->PackageFlag;\r | |
1403 | }\r | |
1404 | \r | |
1405 | if ((Mask & ACTION) != 0) {\r | |
1406 | OldData->Action = NewData->Action;\r | |
1407 | }\r | |
1408 | \r | |
1409 | if (OldData->Action != EfiIPsecActionProtect) {\r | |
1410 | OldData->ProcessingPolicy = NULL;\r | |
1411 | } else {\r | |
1412 | //\r | |
1413 | // Protect\r | |
1414 | //\r | |
1415 | if (OldData->ProcessingPolicy == NULL) {\r | |
1416 | //\r | |
1417 | // Just point to new data if originally NULL.\r | |
1418 | //\r | |
1419 | OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r | |
1420 | if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r | |
1421 | (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r | |
1422 | ) {\r | |
1423 | //\r | |
1424 | // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r | |
1425 | //\r | |
1426 | ShellPrintHiiEx (\r | |
1427 | -1,\r | |
1428 | -1,\r | |
1429 | NULL,\r | |
1430 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1431 | mHiiHandle,\r | |
1432 | mAppName,\r | |
1433 | L"--tunnel-local --tunnel-remote"\r | |
1434 | );\r | |
1435 | return EFI_INVALID_PARAMETER;\r | |
1436 | }\r | |
1437 | } else {\r | |
1438 | //\r | |
1439 | // Modify some of the data.\r | |
1440 | //\r | |
1441 | if ((Mask & EXT_SEQUENCE) != 0) {\r | |
1442 | OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r | |
1443 | }\r | |
1444 | \r | |
1445 | if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r | |
1446 | OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r | |
1447 | }\r | |
1448 | \r | |
1449 | if ((Mask & FRAGMENT_CHECK) != 0) {\r | |
1450 | OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r | |
1451 | }\r | |
1452 | \r | |
1453 | if ((Mask & LIFEBYTE) != 0) {\r | |
1454 | OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r | |
1455 | }\r | |
1456 | \r | |
1457 | if ((Mask & LIFETIME_SOFT) != 0) {\r | |
1458 | OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r | |
1459 | }\r | |
1460 | \r | |
1461 | if ((Mask & LIFETIME) != 0) {\r | |
1462 | OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r | |
1463 | }\r | |
1464 | \r | |
1465 | if ((Mask & MODE) != 0) {\r | |
1466 | OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r | |
1467 | }\r | |
1468 | \r | |
1469 | if ((Mask & IPSEC_PROTO) != 0) {\r | |
1470 | OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r | |
1471 | }\r | |
1472 | \r | |
1473 | if ((Mask & AUTH_ALGO) != 0) {\r | |
1474 | OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r | |
1475 | }\r | |
1476 | \r | |
1477 | if ((Mask & ENCRYPT_ALGO) != 0) {\r | |
1478 | OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r | |
1479 | }\r | |
1480 | \r | |
1481 | if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r | |
1482 | OldData->ProcessingPolicy->TunnelOption = NULL;\r | |
1483 | } else {\r | |
1484 | if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r | |
1485 | //\r | |
1486 | // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r | |
1487 | //\r | |
1488 | if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r | |
1489 | ShellPrintHiiEx (\r | |
1490 | -1,\r | |
1491 | -1,\r | |
1492 | NULL,\r | |
1493 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1494 | mHiiHandle,\r | |
1495 | mAppName,\r | |
1496 | L"--tunnel-local --tunnel-remote"\r | |
1497 | );\r | |
1498 | return EFI_INVALID_PARAMETER;\r | |
1499 | }\r | |
1500 | \r | |
1501 | OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r | |
1502 | } else {\r | |
1503 | if ((Mask & TUNNEL_LOCAL) != 0) {\r | |
1504 | CopyMem (\r | |
1505 | &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r | |
1506 | &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r | |
1507 | sizeof (EFI_IP_ADDRESS)\r | |
1508 | );\r | |
1509 | }\r | |
1510 | \r | |
1511 | if ((Mask & TUNNEL_REMOTE) != 0) {\r | |
1512 | CopyMem (\r | |
1513 | &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r | |
1514 | &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r | |
1515 | sizeof (EFI_IP_ADDRESS)\r | |
1516 | );\r | |
1517 | }\r | |
1518 | \r | |
1519 | if ((Mask & DONT_FRAGMENT) != 0) {\r | |
1520 | OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r | |
1521 | }\r | |
1522 | }\r | |
1523 | }\r | |
1524 | }\r | |
1525 | }\r | |
1526 | \r | |
1527 | return EFI_SUCCESS;\r | |
1528 | }\r | |
1529 | \r | |
1530 | /**\r | |
1531 | Combine old SAD entry with new SAD entry.\r | |
1532 | \r | |
1533 | @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r | |
64b2d0e5 | 1534 | @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 | 1535 | @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r |
64b2d0e5 | 1536 | @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r |
a3bcde70 HT |
1537 | @param[in] Mask The pointer to the Mask.\r |
1538 | @param[out] CreateNew The switch to create new.\r | |
1539 | \r | |
1540 | @retval EFI_SUCCESS Combined successfully.\r | |
1541 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1542 | \r | |
1543 | **/\r | |
1544 | EFI_STATUS\r | |
1545 | CombineSadEntry (\r | |
1546 | IN OUT EFI_IPSEC_SA_ID *OldSaId,\r | |
686d4d4a | 1547 | IN OUT EFI_IPSEC_SA_DATA2 *OldData,\r |
a3bcde70 | 1548 | IN EFI_IPSEC_SA_ID *NewSaId,\r |
686d4d4a | 1549 | IN EFI_IPSEC_SA_DATA2 *NewData,\r |
a3bcde70 HT |
1550 | IN UINT32 Mask,\r |
1551 | OUT BOOLEAN *CreateNew\r | |
1552 | )\r | |
1553 | {\r | |
1554 | \r | |
1555 | *CreateNew = FALSE;\r | |
1556 | \r | |
1557 | if ((Mask & SPI) == 0) {\r | |
1558 | NewSaId->Spi = OldSaId->Spi;\r | |
1559 | } else if (NewSaId->Spi != OldSaId->Spi) {\r | |
1560 | *CreateNew = TRUE;\r | |
1561 | }\r | |
1562 | \r | |
1563 | if ((Mask & IPSEC_PROTO) == 0) {\r | |
1564 | NewSaId->Proto = OldSaId->Proto;\r | |
1565 | } else if (NewSaId->Proto != OldSaId->Proto) {\r | |
1566 | *CreateNew = TRUE;\r | |
1567 | }\r | |
1568 | \r | |
1569 | if ((Mask & DEST) == 0) {\r | |
64b2d0e5 | 1570 | CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));\r |
1571 | } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r | |
a3bcde70 HT |
1572 | *CreateNew = TRUE;\r |
1573 | }\r | |
1574 | \r | |
64b2d0e5 | 1575 | if ((Mask & SOURCE) == 0) {\r |
1576 | CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));\r | |
1577 | } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r | |
1578 | *CreateNew = TRUE;\r | |
1579 | }\r | |
a3bcde70 HT |
1580 | //\r |
1581 | // Process SA_DATA.\r | |
1582 | //\r | |
1583 | if ((Mask & MODE) != 0) {\r | |
1584 | OldData->Mode = NewData->Mode;\r | |
1585 | }\r | |
1586 | \r | |
1587 | if ((Mask & SEQUENCE_NUMBER) != 0) {\r | |
1588 | OldData->SNCount = NewData->SNCount;\r | |
1589 | }\r | |
1590 | \r | |
1591 | if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r | |
1592 | OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r | |
1593 | }\r | |
1594 | \r | |
1595 | if ((Mask & AUTH_ALGO) != 0) {\r | |
1596 | OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r | |
1597 | }\r | |
1598 | \r | |
1599 | if ((Mask & AUTH_KEY) != 0) {\r | |
1600 | OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r | |
1601 | OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r | |
1602 | }\r | |
1603 | \r | |
1604 | if ((Mask & ENCRYPT_ALGO) != 0) {\r | |
1605 | OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r | |
1606 | }\r | |
1607 | \r | |
1608 | if ((Mask & ENCRYPT_KEY) != 0) {\r | |
1609 | OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r | |
1610 | OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r | |
1611 | }\r | |
1612 | \r | |
1613 | if (NewSaId->Proto == EfiIPsecAH) {\r | |
1614 | if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r | |
1615 | //\r | |
1616 | // Should not provide encrypt_* if AH.\r | |
1617 | //\r | |
1618 | ShellPrintHiiEx (\r | |
1619 | -1,\r | |
1620 | -1,\r | |
1621 | NULL,\r | |
1622 | STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r | |
1623 | mHiiHandle,\r | |
1624 | mAppName,\r | |
1625 | L"--encrypt-algo --encrypt-key"\r | |
1626 | );\r | |
1627 | return EFI_INVALID_PARAMETER;\r | |
1628 | }\r | |
1629 | }\r | |
1630 | \r | |
1631 | if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r | |
1632 | //\r | |
1633 | // AH -> ESP\r | |
1634 | // Should provide encrypt_algo at least.\r | |
1635 | //\r | |
1636 | if ((Mask & ENCRYPT_ALGO) == 0) {\r | |
1637 | ShellPrintHiiEx (\r | |
1638 | -1,\r | |
1639 | -1,\r | |
1640 | NULL,\r | |
1641 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1642 | mHiiHandle,\r | |
1643 | mAppName,\r | |
1644 | L"--encrypt-algo"\r | |
1645 | );\r | |
1646 | return EFI_INVALID_PARAMETER;\r | |
1647 | }\r | |
1648 | \r | |
1649 | //\r | |
1650 | // Encrypt_key should be provided if algorithm is not NONE.\r | |
1651 | //\r | |
780847d1 | 1652 | if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r |
a3bcde70 HT |
1653 | ShellPrintHiiEx (\r |
1654 | -1,\r | |
1655 | -1,\r | |
1656 | NULL,\r | |
1657 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r | |
1658 | mHiiHandle,\r | |
1659 | mAppName,\r | |
1660 | L"--encrypt-algo"\r | |
1661 | );\r | |
1662 | return EFI_INVALID_PARAMETER;\r | |
1663 | }\r | |
1664 | }\r | |
1665 | \r | |
1666 | if ((Mask & LIFEBYTE) != 0) {\r | |
1667 | OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r | |
1668 | }\r | |
1669 | \r | |
1670 | if ((Mask & LIFETIME_SOFT) != 0) {\r | |
1671 | OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r | |
1672 | }\r | |
1673 | \r | |
1674 | if ((Mask & LIFETIME) != 0) {\r | |
1675 | OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r | |
1676 | }\r | |
1677 | \r | |
1678 | if ((Mask & PATH_MTU) != 0) {\r | |
1679 | OldData->PathMTU = NewData->PathMTU;\r | |
1680 | }\r | |
1681 | //\r | |
1682 | // Process SpdSelector.\r | |
1683 | //\r | |
1684 | if (OldData->SpdSelector == NULL) {\r | |
1685 | if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r | |
1686 | if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r | |
1687 | ShellPrintHiiEx (\r | |
1688 | -1,\r | |
1689 | -1,\r | |
1690 | NULL,\r | |
1691 | STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r | |
1692 | mHiiHandle,\r | |
1693 | mAppName,\r | |
1694 | L"--local --remote --proto"\r | |
1695 | );\r | |
1696 | return EFI_INVALID_PARAMETER;\r | |
1697 | }\r | |
1698 | \r | |
1699 | OldData->SpdSelector = NewData->SpdSelector;\r | |
1700 | }\r | |
1701 | } else {\r | |
1702 | if ((Mask & LOCAL) != 0) {\r | |
1703 | OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r | |
1704 | OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r | |
1705 | }\r | |
1706 | \r | |
1707 | if ((Mask & REMOTE) != 0) {\r | |
1708 | OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r | |
1709 | OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r | |
1710 | }\r | |
1711 | \r | |
1712 | if ((Mask & PROTO) != 0) {\r | |
1713 | OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r | |
1714 | }\r | |
1715 | \r | |
1716 | if (OldData->SpdSelector != NULL) {\r | |
1717 | switch (OldData->SpdSelector->NextLayerProtocol) {\r | |
1718 | case EFI_IP4_PROTO_TCP:\r | |
1719 | case EFI_IP4_PROTO_UDP:\r | |
1720 | if ((Mask & LOCAL_PORT) != 0) {\r | |
1721 | OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r | |
1722 | }\r | |
1723 | \r | |
1724 | if ((Mask & REMOTE_PORT) != 0) {\r | |
1725 | OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r | |
1726 | }\r | |
1727 | break;\r | |
1728 | \r | |
1729 | case EFI_IP4_PROTO_ICMP:\r | |
1730 | if ((Mask & ICMP_TYPE) != 0) {\r | |
1731 | OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r | |
1732 | }\r | |
1733 | \r | |
1734 | if ((Mask & ICMP_CODE) != 0) {\r | |
1735 | OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r | |
1736 | }\r | |
1737 | break;\r | |
1738 | }\r | |
1739 | }\r | |
1740 | }\r | |
1741 | \r | |
1742 | return EFI_SUCCESS;\r | |
1743 | }\r | |
1744 | \r | |
1745 | /**\r | |
1746 | Combine old PAD entry with new PAD entry.\r | |
1747 | \r | |
1748 | @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1749 | @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1750 | @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r | |
1751 | @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r | |
1752 | @param[in] Mask The pointer to the Mask.\r | |
1753 | @param[out] CreateNew The switch to create new.\r | |
1754 | \r | |
1755 | @retval EFI_SUCCESS Combined successfully.\r | |
1756 | @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r | |
1757 | \r | |
1758 | **/\r | |
1759 | EFI_STATUS\r | |
1760 | CombinePadEntry (\r | |
1761 | IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r | |
1762 | IN OUT EFI_IPSEC_PAD_DATA *OldData,\r | |
1763 | IN EFI_IPSEC_PAD_ID *NewPadId,\r | |
1764 | IN EFI_IPSEC_PAD_DATA *NewData,\r | |
1765 | IN UINT32 Mask,\r | |
1766 | OUT BOOLEAN *CreateNew\r | |
1767 | )\r | |
1768 | {\r | |
1769 | \r | |
1770 | *CreateNew = FALSE;\r | |
1771 | \r | |
1772 | if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r | |
1773 | CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r | |
1774 | } else {\r | |
1775 | if ((Mask & PEER_ID) != 0) {\r | |
1776 | if (OldPadId->PeerIdValid) {\r | |
1777 | if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r | |
1778 | *CreateNew = TRUE;\r | |
1779 | }\r | |
1780 | } else {\r | |
1781 | *CreateNew = TRUE;\r | |
1782 | }\r | |
1783 | } else {\r | |
1784 | //\r | |
1785 | // MASK & PEER_ADDRESS\r | |
1786 | //\r | |
1787 | if (OldPadId->PeerIdValid) {\r | |
1788 | *CreateNew = TRUE;\r | |
1789 | } else {\r | |
1790 | if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r | |
1791 | (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r | |
1792 | *CreateNew = TRUE;\r | |
1793 | }\r | |
1794 | }\r | |
1795 | }\r | |
1796 | }\r | |
1797 | \r | |
1798 | if ((Mask & AUTH_PROTO) != 0) {\r | |
1799 | OldData->AuthProtocol = NewData->AuthProtocol;\r | |
1800 | }\r | |
1801 | \r | |
1802 | if ((Mask & AUTH_METHOD) != 0) {\r | |
1803 | OldData->AuthMethod = NewData->AuthMethod;\r | |
1804 | }\r | |
1805 | \r | |
1806 | if ((Mask & IKE_ID) != 0) {\r | |
1807 | OldData->IkeIdFlag = NewData->IkeIdFlag;\r | |
1808 | }\r | |
1809 | \r | |
1810 | if ((Mask & AUTH_DATA) != 0) {\r | |
1811 | OldData->AuthDataSize = NewData->AuthDataSize;\r | |
1812 | OldData->AuthData = NewData->AuthData;\r | |
1813 | }\r | |
1814 | \r | |
1815 | if ((Mask & REVOCATION_DATA) != 0) {\r | |
1816 | OldData->RevocationDataSize = NewData->RevocationDataSize;\r | |
1817 | OldData->RevocationData = NewData->RevocationData;\r | |
1818 | }\r | |
1819 | \r | |
1820 | return EFI_SUCCESS;\r | |
1821 | }\r | |
1822 | \r | |
1823 | COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r | |
1824 | (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r | |
1825 | (COMBINE_POLICY_ENTRY) CombineSadEntry,\r | |
1826 | (COMBINE_POLICY_ENTRY) CombinePadEntry\r | |
1827 | };\r | |
1828 | \r | |
1829 | /**\r | |
1830 | Edit entry information in the database.\r | |
1831 | \r | |
1832 | @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r | |
1833 | @param[in] Data The pointer to the data.\r | |
1834 | @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r | |
1835 | \r | |
1836 | @retval EFI_SUCCESS Continue the iteration.\r | |
1837 | @retval EFI_ABORTED Abort the iteration.\r | |
1838 | **/\r | |
1839 | EFI_STATUS\r | |
1840 | EditOperatePolicyEntry (\r | |
1841 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
1842 | IN VOID *Data,\r | |
1843 | IN EDIT_POLICY_ENTRY_CONTEXT *Context\r | |
1844 | )\r | |
1845 | {\r | |
1846 | EFI_STATUS Status;\r | |
1847 | BOOLEAN CreateNew;\r | |
1848 | \r | |
1849 | if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r | |
1850 | ASSERT (Context->DataType < 3);\r | |
1851 | \r | |
1852 | Status = mCombinePolicyEntry[Context->DataType] (\r | |
1853 | Selector,\r | |
1854 | Data,\r | |
1855 | Context->Selector,\r | |
1856 | Context->Data,\r | |
1857 | Context->Mask,\r | |
1858 | &CreateNew\r | |
1859 | );\r | |
1860 | if (!EFI_ERROR (Status)) {\r | |
a51896e4 JW |
1861 | //\r |
1862 | // If the Selector already existed, this Entry will be updated by set data.\r | |
1863 | //\r | |
1864 | Status = mIpSecConfig->SetData (\r | |
1865 | mIpSecConfig,\r | |
1866 | Context->DataType,\r | |
1867 | Context->Selector, /// New created selector.\r | |
1868 | Data, /// Old date which has been modified, need to be set data.\r | |
1869 | Selector\r | |
1870 | );\r | |
1871 | ASSERT_EFI_ERROR (Status);\r | |
f75a7f56 | 1872 | \r |
a3bcde70 HT |
1873 | if (CreateNew) {\r |
1874 | //\r | |
a51896e4 | 1875 | // Edit the entry to a new one. So, we need delete the old entry.\r |
a3bcde70 HT |
1876 | //\r |
1877 | Status = mIpSecConfig->SetData (\r | |
1878 | mIpSecConfig,\r | |
1879 | Context->DataType,\r | |
a51896e4 JW |
1880 | Selector, /// Old selector.\r |
1881 | NULL, /// NULL means to delete this Entry specified by Selector.\r | |
a3bcde70 HT |
1882 | NULL\r |
1883 | );\r | |
1884 | ASSERT_EFI_ERROR (Status);\r | |
a3bcde70 HT |
1885 | }\r |
1886 | }\r | |
1887 | \r | |
1888 | Context->Status = Status;\r | |
1889 | return EFI_ABORTED;\r | |
1890 | }\r | |
1891 | \r | |
1892 | return EFI_SUCCESS;\r | |
1893 | }\r | |
1894 | \r | |
1895 | /**\r | |
1896 | Edit entry information in database according to datatype.\r | |
1897 | \r | |
1898 | @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r | |
1899 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
1900 | \r | |
1901 | @retval EFI_SUCCESS Edit entry information successfully.\r | |
1902 | @retval EFI_NOT_FOUND Can't find the specified entry.\r | |
1903 | @retval Others Some mistaken case.\r | |
1904 | **/\r | |
1905 | EFI_STATUS\r | |
1906 | EditPolicyEntry (\r | |
1907 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
1908 | IN LIST_ENTRY *ParamPackage\r | |
1909 | )\r | |
1910 | {\r | |
1911 | EFI_STATUS Status;\r | |
1912 | EDIT_POLICY_ENTRY_CONTEXT Context;\r | |
1913 | CONST CHAR16 *ValueStr;\r | |
1914 | \r | |
1915 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r | |
1916 | if (ValueStr == NULL) {\r | |
1917 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r | |
1918 | return EFI_NOT_FOUND;\r | |
1919 | }\r | |
1920 | \r | |
1921 | Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r | |
1922 | if (!EFI_ERROR (Status)) {\r | |
1923 | Context.DataType = DataType;\r | |
1924 | Context.Status = EFI_NOT_FOUND;\r | |
1925 | Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r | |
1926 | if (!EFI_ERROR (Status)) {\r | |
1927 | ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r | |
1928 | Status = Context.Status;\r | |
1929 | }\r | |
1930 | \r | |
1931 | if (Context.Selector != NULL) {\r | |
1932 | gBS->FreePool (Context.Selector);\r | |
1933 | }\r | |
1934 | \r | |
1935 | if (Context.Data != NULL) {\r | |
1936 | gBS->FreePool (Context.Data);\r | |
1937 | }\r | |
1938 | }\r | |
1939 | \r | |
1940 | if (Status == EFI_NOT_FOUND) {\r | |
1941 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r | |
1942 | } else if (EFI_ERROR (Status)) {\r | |
1943 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r | |
1944 | }\r | |
1945 | \r | |
1946 | return Status;\r | |
1947 | \r | |
1948 | }\r | |
1949 | \r | |
1950 | /**\r | |
1951 | Insert entry information in database.\r | |
1952 | \r | |
1953 | @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r | |
1954 | @param[in] Data The pointer to the data.\r | |
1955 | @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r | |
1956 | \r | |
1957 | @retval EFI_SUCCESS Continue the iteration.\r | |
1958 | @retval EFI_ABORTED Abort the iteration.\r | |
1959 | **/\r | |
1960 | EFI_STATUS\r | |
1961 | InsertPolicyEntry (\r | |
1962 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
1963 | IN VOID *Data,\r | |
1964 | IN INSERT_POLICY_ENTRY_CONTEXT *Context\r | |
1965 | )\r | |
1966 | {\r | |
1967 | //\r | |
1968 | // Found the entry which we want to insert before.\r | |
1969 | //\r | |
1970 | if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r | |
1971 | \r | |
1972 | Context->Status = mIpSecConfig->SetData (\r | |
1973 | mIpSecConfig,\r | |
1974 | Context->DataType,\r | |
1975 | Context->Selector,\r | |
1976 | Context->Data,\r | |
1977 | Selector\r | |
1978 | );\r | |
1979 | //\r | |
1980 | // Abort the iteration after the insertion.\r | |
1981 | //\r | |
1982 | return EFI_ABORTED;\r | |
1983 | }\r | |
1984 | \r | |
1985 | return EFI_SUCCESS;\r | |
1986 | }\r | |
1987 | \r | |
1988 | /**\r | |
1989 | Insert or add entry information in database according to datatype.\r | |
1990 | \r | |
1991 | @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r | |
1992 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
1993 | \r | |
1994 | @retval EFI_SUCCESS Insert or add entry information successfully.\r | |
1995 | @retval EFI_NOT_FOUND Can't find the specified entry.\r | |
1996 | @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r | |
1997 | @retval EFI_UNSUPPORTED The operation is not supported.\r | |
1998 | @retval Others Some mistaken case.\r | |
1999 | **/\r | |
2000 | EFI_STATUS\r | |
2001 | AddOrInsertPolicyEntry (\r | |
2002 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
2003 | IN LIST_ENTRY *ParamPackage\r | |
2004 | )\r | |
2005 | {\r | |
2006 | EFI_STATUS Status;\r | |
2007 | EFI_IPSEC_CONFIG_SELECTOR *Selector;\r | |
2008 | VOID *Data;\r | |
2009 | INSERT_POLICY_ENTRY_CONTEXT Context;\r | |
2010 | UINT32 Mask;\r | |
2011 | UINTN DataSize;\r | |
2012 | CONST CHAR16 *ValueStr;\r | |
2013 | \r | |
2014 | Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r | |
2015 | if (!EFI_ERROR (Status)) {\r | |
2016 | //\r | |
2017 | // Find if the Selector to be inserted already exists.\r | |
2018 | //\r | |
2019 | DataSize = 0;\r | |
2020 | Status = mIpSecConfig->GetData (\r | |
2021 | mIpSecConfig,\r | |
2022 | DataType,\r | |
2023 | Selector,\r | |
2024 | &DataSize,\r | |
2025 | NULL\r | |
2026 | );\r | |
2027 | if (Status == EFI_BUFFER_TOO_SMALL) {\r | |
2028 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r | |
2029 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r | |
2030 | Status = mIpSecConfig->SetData (\r | |
2031 | mIpSecConfig,\r | |
2032 | DataType,\r | |
2033 | Selector,\r | |
2034 | Data,\r | |
2035 | NULL\r | |
2036 | );\r | |
2037 | } else {\r | |
2038 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r | |
2039 | if (ValueStr == NULL) {\r | |
2040 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r | |
2041 | return EFI_NOT_FOUND;\r | |
2042 | }\r | |
2043 | \r | |
2044 | Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r | |
2045 | if (!EFI_ERROR (Status)) {\r | |
2046 | Context.DataType = DataType;\r | |
2047 | Context.Status = EFI_NOT_FOUND;\r | |
2048 | Context.Selector = Selector;\r | |
2049 | Context.Data = Data;\r | |
2050 | \r | |
2051 | ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r | |
2052 | Status = Context.Status;\r | |
2053 | if (Status == EFI_NOT_FOUND) {\r | |
2054 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r | |
2055 | }\r | |
2056 | }\r | |
2057 | }\r | |
2058 | \r | |
2059 | gBS->FreePool (Selector);\r | |
2060 | gBS->FreePool (Data);\r | |
2061 | }\r | |
2062 | \r | |
2063 | if (Status == EFI_UNSUPPORTED) {\r | |
2064 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r | |
2065 | } else if (EFI_ERROR (Status)) {\r | |
2066 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r | |
2067 | }\r | |
2068 | \r | |
2069 | return Status;\r | |
2070 | }\r |