]>
Commit | Line | Data |
---|---|---|
a3bcde70 HT |
1 | /** @file\r |
2 | Definitions related to IPSEC_CONFIG_PROTOCOL implementations.\r | |
3 | \r | |
f75a7f56 | 4 | Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r |
a3bcde70 | 5 | \r |
ecf98fbc | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
a3bcde70 HT |
7 | \r |
8 | **/\r | |
9 | \r | |
10 | #ifndef _IPSEC_CONFIG_IMPL_H_\r | |
11 | #define _IPSEC_CONFIG_IMPL_H_\r | |
12 | \r | |
13 | #include <Protocol/IpSec.h>\r | |
14 | #include <Protocol/IpSecConfig.h>\r | |
15 | \r | |
16 | #include <Library/BaseLib.h>\r | |
17 | #include <Library/BaseMemoryLib.h>\r | |
18 | #include <Library/PrintLib.h>\r | |
19 | #include <Library/MemoryAllocationLib.h>\r | |
20 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
21 | #include <Library/UefiBootServicesTableLib.h>\r | |
22 | #include <Library/DebugLib.h>\r | |
23 | \r | |
24 | #include "IpSecImpl.h"\r | |
25 | \r | |
26 | #define EFI_IPSEC_ANY_PROTOCOL 0xFFFF\r | |
27 | #define EFI_IPSEC_ANY_PORT 0\r | |
28 | \r | |
29 | #define IPSEC_VAR_ITEM_HEADER_LOGO_BIT 0x80\r | |
30 | #define IPSEC_VAR_ITEM_HEADER_CONTENT_BIT 0x7F\r | |
31 | \r | |
32 | #define IPSECCONFIG_VARIABLE_NAME L"IpSecConfig"\r | |
33 | #define IPSECCONFIG_STATUS_NAME L"IpSecStatus"\r | |
34 | \r | |
ce5c3273 | 35 | #define SIZE_OF_SPD_SELECTOR(x) (sizeof (EFI_IPSEC_SPD_SELECTOR) \\r |
a3bcde70 HT |
36 | + sizeof (EFI_IP_ADDRESS_INFO) * ((x)->LocalAddressCount + (x)->RemoteAddressCount))\r |
37 | \r | |
38 | #define FIX_REF_BUF_ADDR(addr, base) addr = (VOID *) ((UINTN) (addr) - (UINTN) (base))\r | |
39 | #define UNFIX_REF_BUF_ADDR(addr, base) addr = (VOID *) ((UINTN) (addr) + (UINTN) (base))\r | |
40 | \r | |
41 | //\r | |
42 | // The data structure used to store the genernall information of IPsec configuration.\r | |
43 | //\r | |
44 | typedef struct {\r | |
45 | UINT32 VariableCount; // the total number of the IPsecConfig variables.\r | |
46 | UINT32 VariableSize; // The total size of all IpsecConfig variables.\r | |
47 | UINT32 SingleVariableSize; // The max size of single variable\r | |
48 | } IP_SEC_VARIABLE_INFO;\r | |
49 | \r | |
50 | typedef struct {\r | |
51 | EFI_IPSEC_CONFIG_SELECTOR *Selector;\r | |
52 | VOID *Data;\r | |
53 | LIST_ENTRY List;\r | |
54 | } IPSEC_COMMON_POLICY_ENTRY;\r | |
55 | \r | |
56 | typedef struct {\r | |
57 | UINT8 *Ptr;\r | |
58 | UINTN Size;\r | |
59 | UINTN Capacity;\r | |
60 | } IPSEC_VARIABLE_BUFFER;\r | |
61 | \r | |
62 | #pragma pack(1)\r | |
63 | typedef struct {\r | |
64 | UINT8 Type;\r | |
65 | UINT16 Size;\r | |
66 | } IPSEC_VAR_ITEM_HEADER;\r | |
67 | #pragma pack()\r | |
68 | \r | |
69 | /**\r | |
70 | The prototype of Copy Source Selector to the Destination Selector.\r | |
71 | \r | |
76389e18 | 72 | @param[in, out] DstSel Pointer of Destination Selector. It would be\r |
a3bcde70 HT |
73 | SPD Selector, or SAD Selector or PAD Selector.\r |
74 | @param[in] SrcSel Pointer of Source Selector. It would be\r | |
75 | SPD Selector, or SAD Selector or PAD Selector.\r | |
76389e18 | 76 | @param[in, out] Size The size of the Destination Selector. If it\r |
a3bcde70 HT |
77 | is not NULL and its value is less than the size of\r |
78 | Source Selector, the value of Source Selector's\r | |
79 | size will be passed to the caller by this parameter.\r | |
80 | \r | |
81 | @retval EFI_INVALID_PARAMETER If the Destination or Source Selector is NULL.\r | |
82 | @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of Source Selector.\r | |
83 | @retval EFI_SUCCESS Copy Source Selector to the Destination\r | |
84 | Selector successfully.\r | |
85 | \r | |
86 | **/\r | |
87 | typedef\r | |
88 | EFI_STATUS\r | |
89 | (*IPSEC_DUPLICATE_SELECTOR) (\r | |
90 | IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r | |
91 | IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r | |
92 | IN OUT UINTN *Size\r | |
93 | );\r | |
94 | \r | |
95 | /**\r | |
96 | It is prototype of compare two Selectors. The Selector would be SPD Selector,\r | |
97 | or SAD Selector, or PAD selector.\r | |
98 | \r | |
99 | @param[in] Selector1 Pointer of the first Selector.\r | |
100 | @param[in] Selector2 Pointer of the second Selector.\r | |
101 | \r | |
102 | @retval TRUE These two Selectors have the same value in certain fields.\r | |
103 | @retval FALSE Not all fields have the same value in these two Selectors.\r | |
104 | \r | |
105 | **/\r | |
106 | typedef\r | |
107 | BOOLEAN\r | |
108 | (*IPSEC_COMPARE_SELECTOR) (\r | |
109 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r | |
110 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r | |
111 | );\r | |
112 | \r | |
113 | /**\r | |
114 | The prototype of a function to check if the Selector is Zero by its certain fields.\r | |
115 | \r | |
116 | @param[in] Selector Pointer of the Selector.\r | |
117 | \r | |
118 | @retval TRUE If the Selector is Zero.\r | |
119 | @retval FALSE If the Selector is not Zero.\r | |
120 | \r | |
121 | **/\r | |
122 | typedef\r | |
123 | BOOLEAN\r | |
124 | (*IPSEC_IS_ZERO_SELECTOR) (\r | |
125 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r | |
126 | );\r | |
127 | \r | |
128 | /**\r | |
129 | The prototype of a function to fix the value of particular members of the Selector.\r | |
130 | \r | |
131 | @param[in] Selector Pointer of Selector.\r | |
132 | @param[in] Data Pointer of Data.\r | |
133 | \r | |
134 | **/\r | |
135 | typedef\r | |
136 | VOID\r | |
137 | (*IPSEC_FIX_POLICY_ENTRY) (\r | |
138 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
139 | IN VOID *Data\r | |
140 | );\r | |
141 | \r | |
142 | /**\r | |
143 | It is prototype function to define a routine function by the caller of IpSecVisitConfigData().\r | |
144 | \r | |
145 | @param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.\r | |
146 | @param[in] Selector Points to EFI_IPSEC_CONFIG_SELECTOR to be copied\r | |
147 | to the buffer.\r | |
148 | @param[in] Data Points to data to be copied to the buffer. The\r | |
149 | Data type is related to the Type.\r | |
150 | @param[in] SelectorSize The size of the Selector.\r | |
151 | @param[in] DataSize The size of the Data.\r | |
76389e18 | 152 | @param[in, out] Buffer The buffer to store the Selector and Data.\r |
a3bcde70 HT |
153 | \r |
154 | @retval EFI_SUCCESS Copied the Selector and Data to a buffer successfully.\r | |
155 | @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r | |
156 | \r | |
157 | **/\r | |
158 | typedef\r | |
159 | EFI_STATUS\r | |
160 | (*IPSEC_COPY_POLICY_ENTRY) (\r | |
161 | IN EFI_IPSEC_CONFIG_DATA_TYPE Type,\r | |
162 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
163 | IN VOID *Data,\r | |
164 | IN UINTN SelectorSize,\r | |
165 | IN UINTN DataSize,\r | |
166 | IN OUT VOID *Context\r | |
167 | );\r | |
168 | \r | |
169 | /**\r | |
170 | Set the security policy information for the EFI IPsec driver.\r | |
171 | \r | |
172 | The IPsec configuration data has a unique selector/identifier separately to\r | |
173 | identify a data entry.\r | |
174 | \r | |
175 | @param[in] Selector Pointer to an entry selector on operated\r | |
176 | configuration data specified by DataType.\r | |
177 | A NULL Selector causes the entire specified-type\r | |
178 | configuration information to be flushed.\r | |
179 | @param[in] Data The data buffer to be set.\r | |
180 | @param[in] Context Pointer to one entry selector that describes\r | |
181 | the expected position the new data entry will\r | |
182 | be added. If Context is NULL, the new entry will\r | |
183 | be appended to the end of the database.\r | |
184 | \r | |
185 | @retval EFI_INVALID_PARAMETER Certain Parameters are not correct. The Parameter\r | |
186 | requiring a check depends on the Selector type.\r | |
187 | @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r | |
188 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
189 | \r | |
190 | **/\r | |
191 | typedef\r | |
192 | EFI_STATUS\r | |
193 | (*IPSEC_SET_POLICY_ENTRY) (\r | |
194 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
195 | IN VOID *Data,\r | |
196 | IN VOID *Context OPTIONAL\r | |
197 | );\r | |
198 | \r | |
199 | /**\r | |
200 | A prototype function definition to lookup the data entry from IPsec. Return the configuration\r | |
201 | value of the specified Entry.\r | |
202 | \r | |
203 | @param[in] Selector Pointer to an entry selector that is an identifier\r | |
204 | of the entry.\r | |
205 | @param[in, out] DataSize On output, the size of data returned in Data.\r | |
206 | @param[out] Data The buffer to return the contents of the IPsec\r | |
207 | configuration data. The type of the data buffer\r | |
208 | is associated with the DataType.\r | |
209 | \r | |
210 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
211 | @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.\r | |
212 | @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r | |
213 | @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r | |
214 | updated with the size needed to complete the request.\r | |
215 | \r | |
216 | **/\r | |
217 | typedef\r | |
218 | EFI_STATUS\r | |
219 | (*IPSEC_GET_POLICY_ENTRY) (\r | |
220 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
221 | IN OUT UINTN *DataSize,\r | |
222 | IN VOID *Data\r | |
223 | );\r | |
224 | \r | |
225 | /**\r | |
226 | Compare two SPD Selectors.\r | |
227 | \r | |
228 | Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/\r | |
229 | NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the\r | |
230 | Local Addresses and remote Addresses.\r | |
231 | \r | |
232 | @param[in] Selector1 Pointer of the first SPD Selector.\r | |
233 | @param[in] Selector2 Pointer of the second SPD Selector.\r | |
234 | \r | |
235 | @retval TRUE These two Selectors have the same value in above fields.\r | |
236 | @retval FALSE Not all of the above fields have the same value in these two Selectors.\r | |
237 | \r | |
238 | **/\r | |
239 | BOOLEAN\r | |
240 | CompareSpdSelector (\r | |
241 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r | |
242 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r | |
243 | );\r | |
244 | \r | |
245 | \r | |
246 | /**\r | |
247 | Visit all IPsec Configurations of specified Type and call the caller defined\r | |
248 | interface.\r | |
249 | \r | |
250 | @param[in] DataType The specified IPsec Config Data Type.\r | |
251 | @param[in] Routine The function caller defined.\r | |
252 | @param[in] Context The data passed to the Routine.\r | |
253 | \r | |
254 | @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r | |
255 | @retval EFI_SUCCESS This function complete successfully.\r | |
256 | \r | |
257 | **/\r | |
258 | EFI_STATUS\r | |
259 | IpSecVisitConfigData (\r | |
260 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
261 | IN IPSEC_COPY_POLICY_ENTRY Routine,\r | |
262 | IN VOID *Context\r | |
263 | );\r | |
264 | \r | |
265 | \r | |
266 | /**\r | |
267 | This function is the subfunction of the EFIIpSecConfigSetData.\r | |
268 | \r | |
269 | This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.\r | |
270 | \r | |
271 | @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r | |
272 | @retval EFI_SUCCESS Saved the configration successfully.\r | |
273 | @retval Others Other errors were found while obtaining the variable.\r | |
274 | \r | |
275 | **/\r | |
276 | EFI_STATUS\r | |
277 | IpSecConfigSave (\r | |
278 | VOID\r | |
279 | );\r | |
280 | \r | |
281 | /**\r | |
282 | Initialize IPsecConfig protocol\r | |
283 | \r | |
284 | @param[in, out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish,\r | |
285 | the pointer of IPsecConfig Protocol implementation will copy\r | |
286 | into its IPsecConfig member.\r | |
287 | \r | |
288 | @retval EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.\r | |
289 | @retval Others Initializing the IPsecConfig Protocol failed.\r | |
290 | \r | |
291 | **/\r | |
292 | EFI_STATUS\r | |
293 | IpSecConfigInitialize (\r | |
294 | IN OUT IPSEC_PRIVATE_DATA *Private\r | |
295 | );\r | |
296 | \r | |
297 | /**\r | |
298 | Calculate the entire size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed\r | |
299 | by the pointer members.\r | |
300 | \r | |
301 | @param[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.\r | |
302 | \r | |
303 | @return The entire size of the specified EFI_IPSEC_SPD_DATA.\r | |
304 | \r | |
305 | **/\r | |
306 | UINTN\r | |
307 | IpSecGetSizeOfEfiSpdData (\r | |
308 | IN EFI_IPSEC_SPD_DATA *SpdData\r | |
309 | );\r | |
310 | \r | |
311 | /**\r | |
312 | Calculate the a entire size of IPSEC_SPD_DATA, which includes the buffer size pointed\r | |
313 | by the pointer members and the buffer size used by Sa List.\r | |
314 | \r | |
315 | @param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.\r | |
316 | \r | |
317 | @return The entire size of IPSEC_SPD_DATA.\r | |
318 | \r | |
319 | **/\r | |
320 | UINTN\r | |
321 | IpSecGetSizeOfSpdData (\r | |
322 | IN IPSEC_SPD_DATA *SpdData\r | |
323 | );\r | |
324 | \r | |
325 | /**\r | |
326 | Copy Source Process Policy to the Destination Process Policy.\r | |
327 | \r | |
328 | @param[in] Dst Pointer to the Source Process Policy.\r | |
329 | @param[in] Src Pointer to the Destination Process Policy.\r | |
330 | \r | |
331 | **/\r | |
332 | VOID\r | |
333 | IpSecDuplicateProcessPolicy (\r | |
334 | IN EFI_IPSEC_PROCESS_POLICY *Dst,\r | |
335 | IN EFI_IPSEC_PROCESS_POLICY *Src\r | |
336 | );\r | |
337 | \r | |
338 | /**\r | |
9166f840 | 339 | Find if the two SPD Selectors has subordinative.\r |
a3bcde70 HT |
340 | \r |
341 | Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/\r | |
f75a7f56 | 342 | NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the\r |
a3bcde70 HT |
343 | Local Addresses and remote Addresses.\r |
344 | \r | |
9166f840 | 345 | @param[in] Selector1 Pointer of first SPD Selector.\r |
346 | @param[in] Selector2 Pointer of second SPD Selector.\r | |
a3bcde70 | 347 | \r |
9166f840 | 348 | @retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.\r |
f75a7f56 | 349 | @retval FALSE The first SPD Selector is not subordinate Selector of second\r |
9166f840 | 350 | SPD Selector.\r |
f75a7f56 | 351 | \r |
a3bcde70 HT |
352 | **/\r |
353 | BOOLEAN\r | |
9166f840 | 354 | IsSubSpdSelector (\r |
a3bcde70 HT |
355 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r |
356 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r | |
357 | );\r | |
358 | \r | |
359 | /**\r | |
360 | Compare two SA IDs.\r | |
361 | \r | |
362 | @param[in] Selector1 Pointer of the first SA ID.\r | |
363 | @param[in] Selector2 Pointer of the second SA ID.\r | |
364 | \r | |
365 | @retval TRUE This two Selectors have the same SA ID.\r | |
366 | @retval FALSE This two Selecotrs don't have the same SA ID.\r | |
367 | \r | |
368 | **/\r | |
369 | BOOLEAN\r | |
370 | CompareSaId (\r | |
371 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r | |
372 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r | |
373 | );\r | |
374 | \r | |
375 | /**\r | |
376 | Compare two PAD IDs.\r | |
377 | \r | |
378 | @param[in] Selector1 Pointer of the first PAD ID.\r | |
379 | @param[in] Selector2 Pointer of the second PAD ID.\r | |
380 | \r | |
381 | @retval TRUE This two Selectors have the same PAD ID.\r | |
382 | @retval FALSE This two Selecotrs don't have the same PAD ID.\r | |
383 | \r | |
384 | **/\r | |
385 | BOOLEAN\r | |
386 | ComparePadId (\r | |
387 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r | |
388 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r | |
389 | );\r | |
390 | \r | |
391 | /**\r | |
392 | Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount\r | |
393 | fields.\r | |
394 | \r | |
395 | @param[in] Selector Pointer of the SPD Selector.\r | |
396 | \r | |
397 | @retval TRUE If the SPD Selector is Zero.\r | |
398 | @retval FALSE If the SPD Selector is not Zero.\r | |
399 | \r | |
400 | **/\r | |
401 | BOOLEAN\r | |
402 | IsZeroSpdSelector (\r | |
403 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r | |
404 | );\r | |
405 | \r | |
406 | /**\r | |
407 | Check if the SA ID is Zero by its DestAddress.\r | |
408 | \r | |
409 | @param[in] Selector Pointer of the SA ID.\r | |
410 | \r | |
411 | @retval TRUE If the SA ID is Zero.\r | |
412 | @retval FALSE If the SA ID is not Zero.\r | |
413 | \r | |
414 | **/\r | |
415 | BOOLEAN\r | |
416 | IsZeroSaId (\r | |
417 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r | |
418 | );\r | |
419 | \r | |
420 | /**\r | |
421 | Check if the PAD ID is Zero.\r | |
422 | \r | |
423 | @param[in] Selector Pointer of the PAD ID.\r | |
424 | \r | |
425 | @retval TRUE If the PAD ID is Zero.\r | |
426 | @retval FALSE If the PAD ID is not Zero.\r | |
427 | \r | |
428 | **/\r | |
429 | BOOLEAN\r | |
430 | IsZeroPadId (\r | |
431 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r | |
432 | );\r | |
433 | \r | |
434 | /**\r | |
435 | Copy Source SPD Selector to the Destination SPD Selector.\r | |
436 | \r | |
437 | @param[in, out] DstSel Pointer of Destination SPD Selector.\r | |
438 | @param[in] SrcSel Pointer of Source SPD Selector.\r | |
439 | @param[in, out] Size The size of the Destination SPD Selector. If\r | |
440 | it is not NULL and its value is less than the\r | |
441 | size of Source SPD Selector, the value of\r | |
442 | Source SPD Selector's size will be passed to\r | |
443 | the caller by this parameter.\r | |
444 | \r | |
445 | @retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL.\r | |
446 | @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of Source SPD Selector.\r | |
447 | @retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD\r | |
448 | Selector successfully.\r | |
449 | \r | |
450 | **/\r | |
451 | EFI_STATUS\r | |
452 | DuplicateSpdSelector (\r | |
453 | IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r | |
454 | IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r | |
455 | IN OUT UINTN *Size\r | |
456 | );\r | |
457 | \r | |
458 | /**\r | |
459 | Copy Source SA ID to the Destination SA ID.\r | |
460 | \r | |
461 | @param[in, out] DstSel Pointer of the Destination SA ID.\r | |
462 | @param[in] SrcSel Pointer of the Source SA ID.\r | |
463 | @param[in, out] Size The size of the Destination SA ID. If it\r | |
464 | not NULL, and its value is less than the size of\r | |
465 | Source SA ID, the value of Source SA ID's size\r | |
466 | will be passed to the caller by this parameter.\r | |
467 | \r | |
468 | @retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.\r | |
469 | @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.\r | |
470 | @retval EFI_SUCCESS Copied Source SA ID to the Destination SA ID successfully.\r | |
471 | \r | |
472 | **/\r | |
473 | EFI_STATUS\r | |
474 | DuplicateSaId (\r | |
475 | IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r | |
476 | IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r | |
477 | IN OUT UINTN *Size\r | |
478 | );\r | |
479 | \r | |
480 | /**\r | |
481 | Copy Source PAD ID to the Destination PAD ID.\r | |
482 | \r | |
483 | @param[in, out] DstSel Pointer of Destination PAD ID.\r | |
484 | @param[in] SrcSel Pointer of Source PAD ID.\r | |
485 | @param[in, out] Size The size of the Destination PAD ID. If it\r | |
486 | not NULL, and its value less than the size of\r | |
487 | Source PAD ID, the value of Source PAD ID's size\r | |
488 | will be passed to the caller by this parameter.\r | |
489 | \r | |
490 | @retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.\r | |
491 | @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID.\r | |
492 | @retval EFI_SUCCESS Copied Source PAD ID to the Destination PAD ID successfully.\r | |
493 | \r | |
494 | **/\r | |
495 | EFI_STATUS\r | |
496 | DuplicatePadId (\r | |
497 | IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r | |
498 | IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r | |
499 | IN OUT UINTN *Size\r | |
500 | );\r | |
501 | \r | |
502 | /**\r | |
503 | Fix the value of some members of the SPD Selector.\r | |
504 | \r | |
505 | This function is called by IpSecCopyPolicyEntry(), which copies the Policy\r | |
506 | Entry into the Variable. Since some members in SPD Selector are pointers,\r | |
507 | a physical address to relative address conversion is required before copying\r | |
508 | this SPD entry into the variable.\r | |
509 | \r | |
510 | @param[in] Selector Pointer of SPD Selector.\r | |
511 | @param[in, out] Data Pointer of SPD Data.\r | |
512 | \r | |
513 | **/\r | |
514 | VOID\r | |
515 | FixSpdEntry (\r | |
516 | IN EFI_IPSEC_SPD_SELECTOR *Selector,\r | |
517 | IN OUT EFI_IPSEC_SPD_DATA *Data\r | |
518 | );\r | |
519 | \r | |
520 | /**\r | |
521 | Fix the value of some members of SA ID.\r | |
522 | \r | |
523 | This function is called by IpSecCopyPolicyEntry(), which copies the Policy\r | |
524 | Entry into the Variable. Since some members in SA ID are pointers,\r | |
525 | a physical address to relative address conversion is required before copying\r | |
526 | this SAD into the variable.\r | |
527 | \r | |
528 | @param[in] SaId Pointer of SA ID.\r | |
529 | @param[in, out] Data Pointer of SA Data.\r | |
530 | \r | |
531 | **/\r | |
532 | VOID\r | |
533 | FixSadEntry (\r | |
534 | IN EFI_IPSEC_SA_ID *SaId,\r | |
9166f840 | 535 | IN OUT EFI_IPSEC_SA_DATA2 *Data\r |
a3bcde70 HT |
536 | );\r |
537 | \r | |
538 | /**\r | |
539 | Fix the value of some members of PAD ID.\r | |
540 | \r | |
541 | This function is called by IpSecCopyPolicyEntry(), which copy the Policy\r | |
542 | Entry into the Variable. Since some members in PAD ID are pointers,\r | |
543 | a physical address to relative address conversion is required before copying\r | |
544 | this PAD into the variable.\r | |
545 | \r | |
546 | @param[in] PadId Pointer of PAD ID.\r | |
547 | @param[in, out] Data Pointer of PAD Data.\r | |
548 | \r | |
549 | **/\r | |
550 | VOID\r | |
551 | FixPadEntry (\r | |
552 | IN EFI_IPSEC_PAD_ID *PadId,\r | |
553 | IN OUT EFI_IPSEC_PAD_DATA *Data\r | |
554 | );\r | |
555 | \r | |
556 | /**\r | |
557 | Recover the value of some members of SPD Selector.\r | |
558 | \r | |
559 | This function is corresponding to FixSpdEntry(). It recovers the value of members\r | |
560 | of SPD Selector which fix by the FixSpdEntry().\r | |
561 | \r | |
562 | @param[in, out] Selector Pointer of SPD Selector.\r | |
563 | @param[in, out] Data Pointer of SPD Data.\r | |
564 | \r | |
565 | **/\r | |
566 | VOID\r | |
567 | UnfixSpdEntry (\r | |
568 | IN OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r | |
569 | IN OUT EFI_IPSEC_SPD_DATA *Data\r | |
570 | );\r | |
571 | \r | |
572 | \r | |
573 | /**\r | |
574 | Recover the value of some members of SA ID.\r | |
575 | \r | |
576 | This function is corresponding to FixSadEntry(). It recovers the value of members\r | |
577 | of SAD ID which fix by the FixSadEntry().\r | |
578 | \r | |
579 | @param[in, out] SaId Pointer of SAD ID\r | |
580 | @param[in, out] Data Pointer of SAD Data.\r | |
581 | \r | |
582 | **/\r | |
583 | VOID\r | |
584 | UnfixSadEntry (\r | |
585 | IN OUT EFI_IPSEC_SA_ID *SaId,\r | |
9166f840 | 586 | IN OUT EFI_IPSEC_SA_DATA2 *Data\r |
a3bcde70 HT |
587 | );\r |
588 | \r | |
589 | /**\r | |
590 | Recover the value of some members of PAD ID.\r | |
591 | \r | |
592 | This function is corresponding to FixPadEntry(). It recovers the value of members\r | |
593 | of PAD ID which fix by the FixPadEntry().\r | |
594 | \r | |
595 | @param[in] PadId Pointer of PAD ID\r | |
596 | @param[in, out] Data Pointer of PAD Data.\r | |
597 | \r | |
598 | **/\r | |
599 | VOID\r | |
600 | UnfixPadEntry (\r | |
601 | IN EFI_IPSEC_PAD_ID *PadId,\r | |
602 | IN OUT EFI_IPSEC_PAD_DATA *Data\r | |
603 | );\r | |
604 | \r | |
605 | /**\r | |
606 | Set the security policy information for the EFI IPsec driver.\r | |
607 | \r | |
608 | The IPsec configuration data has a unique selector/identifier separately to\r | |
609 | identify a data entry.\r | |
610 | \r | |
611 | @param[in] Selector Pointer to an entry selector on operated\r | |
612 | configuration data specified by DataType.\r | |
613 | A NULL Selector causes the entire specified-type\r | |
614 | configuration information to be flushed.\r | |
615 | @param[in] Data The data buffer to be set. The structure\r | |
616 | of the data buffer should be EFI_IPSEC_SPD_DATA.\r | |
617 | @param[in] Context Pointer to one entry selector that describes\r | |
618 | the expected position the new data entry will\r | |
619 | be added. If Context is NULL,the new entry will\r | |
620 | be appended the end of database.\r | |
621 | \r | |
622 | @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:\r | |
623 | - Selector is not NULL and its LocalAddress\r | |
624 | is NULL or its RemoteAddress is NULL.\r | |
625 | - Data is not NULL, its Action is Protected,\r | |
626 | and its policy is NULL.\r | |
627 | - Data is not NULL and its Action is not protected\r | |
628 | and its policy is not NULL.\r | |
629 | - The Action of Data is Protected, its policy\r | |
630 | mode is Tunnel, and its tunnel option is NULL.\r | |
631 | - The Action of Data is protected, its policy\r | |
632 | mode is not Tunnel, and it tunnel option is not NULL.\r | |
633 | @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r | |
634 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
635 | \r | |
636 | **/\r | |
637 | EFI_STATUS\r | |
638 | SetSpdEntry (\r | |
639 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
640 | IN VOID *Data,\r | |
641 | IN VOID *Context OPTIONAL\r | |
642 | );\r | |
643 | \r | |
644 | /**\r | |
645 | Set the security association information for the EFI IPsec driver.\r | |
646 | \r | |
647 | The IPsec configuration data has a unique selector/identifier separately to\r | |
648 | identify a data entry.\r | |
649 | \r | |
650 | @param[in] Selector Pointer to an entry selector on operated\r | |
651 | configuration data specified by DataType.\r | |
652 | A NULL Selector causes the entire specified-type\r | |
653 | configuration information to be flushed.\r | |
654 | @param[in] Data The data buffer to be set. The structure\r | |
655 | of the data buffer should be EFI_IPSEC_SA_DATA.\r | |
656 | @param[in] Context Pointer to one entry selector which describes\r | |
657 | the expected position the new data entry will\r | |
658 | be added. If Context is NULL,the new entry will\r | |
659 | be appended to the end of database.\r | |
660 | \r | |
661 | @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r | |
662 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
663 | \r | |
664 | **/\r | |
665 | EFI_STATUS\r | |
666 | SetSadEntry (\r | |
667 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
668 | IN VOID *Data,\r | |
669 | IN VOID *Context OPTIONAL\r | |
670 | );\r | |
671 | \r | |
672 | /**\r | |
673 | Set the peer authorization configuration information for the EFI IPsec driver.\r | |
674 | \r | |
675 | The IPsec configuration data has a unique selector/identifier separately to\r | |
676 | identify a data entry.\r | |
677 | \r | |
678 | @param[in] Selector Pointer to an entry selector on operated\r | |
679 | configuration data specified by DataType.\r | |
680 | A NULL Selector causes the entire specified-type\r | |
681 | configuration information to be flushed.\r | |
682 | @param[in] Data The data buffer to be set. The structure\r | |
683 | of the data buffer should be EFI_IPSEC_PAD_DATA.\r | |
684 | @param[in] Context Pointer to one entry selector that describes\r | |
685 | the expected position where the new data entry will\r | |
686 | be added. If Context is NULL, the new entry will\r | |
687 | be appended the end of database.\r | |
688 | \r | |
689 | @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r | |
690 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
691 | \r | |
692 | **/\r | |
693 | EFI_STATUS\r | |
694 | SetPadEntry (\r | |
695 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
696 | IN VOID *Data,\r | |
697 | IN VOID *Context OPTIONAL\r | |
698 | );\r | |
699 | \r | |
700 | /**\r | |
701 | This function looks up the data entry from IPsec SPD, and returns the configuration\r | |
702 | value of the specified SPD Entry.\r | |
703 | \r | |
704 | @param[in] Selector Pointer to an entry selector which is an identifier\r | |
705 | of the SPD entry.\r | |
706 | @param[in, out] DataSize On output the size of data returned in Data.\r | |
707 | @param[out] Data The buffer to return the contents of the IPsec\r | |
708 | configuration data. The type of the data buffer\r | |
709 | is associated with the DataType.\r | |
710 | \r | |
711 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
712 | @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.\r | |
713 | @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r | |
714 | @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r | |
715 | updated with the size needed to complete the request.\r | |
716 | \r | |
717 | **/\r | |
718 | EFI_STATUS\r | |
719 | GetSpdEntry (\r | |
720 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
721 | IN OUT UINTN *DataSize,\r | |
722 | OUT VOID *Data\r | |
723 | );\r | |
724 | \r | |
725 | /**\r | |
726 | This function looks up the data entry from IPsec SAD and returns the configuration\r | |
727 | value of the specified SAD Entry.\r | |
728 | \r | |
729 | @param[in] Selector Pointer to an entry selector that is an identifier\r | |
730 | of the SAD entry.\r | |
731 | @param[in, out] DataSize On output, the size of data returned in Data.\r | |
732 | @param[out] Data The buffer to return the contents of the IPsec\r | |
733 | configuration data. This type of the data buffer\r | |
734 | is associated with the DataType.\r | |
735 | \r | |
736 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
737 | @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r | |
738 | @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r | |
739 | updated with the size needed to complete the request.\r | |
740 | \r | |
741 | **/\r | |
742 | EFI_STATUS\r | |
743 | GetSadEntry (\r | |
744 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
745 | IN OUT UINTN *DataSize,\r | |
746 | OUT VOID *Data\r | |
747 | );\r | |
748 | \r | |
749 | /**\r | |
750 | This function looks up the data entry from IPsec PADand returns the configuration\r | |
751 | value of the specified PAD Entry.\r | |
752 | \r | |
753 | @param[in] Selector Pointer to an entry selector that is an identifier\r | |
754 | of the PAD entry.\r | |
755 | @param[in, out] DataSize On output the size of data returned in Data.\r | |
756 | @param[out] Data The buffer to return the contents of the IPsec\r | |
757 | configuration data. This type of the data buffer\r | |
758 | is associated with the DataType.\r | |
759 | \r | |
760 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
761 | @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r | |
762 | @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r | |
763 | updated with the size needed to complete the request.\r | |
764 | \r | |
765 | **/\r | |
766 | EFI_STATUS\r | |
767 | GetPadEntry (\r | |
768 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
769 | IN OUT UINTN *DataSize,\r | |
770 | OUT VOID *Data\r | |
771 | );\r | |
772 | \r | |
773 | /**\r | |
774 | Return the configuration value for the EFI IPsec driver.\r | |
775 | \r | |
776 | This function lookup the data entry from IPsec database or IKEv2 configuration\r | |
777 | information. The expected data type and unique identification are described in\r | |
778 | DataType and Selector parameters.\r | |
779 | \r | |
780 | @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r | |
781 | @param[in] DataType The type of data to retrieve.\r | |
782 | @param[in] Selector Pointer to an entry selector that is an identifier of the IPsec\r | |
783 | configuration data entry.\r | |
784 | @param[in, out] DataSize On output the size of data returned in Data.\r | |
785 | @param[out] Data The buffer to return the contents of the IPsec configuration data.\r | |
786 | The type of the data buffer is associated with the DataType.\r | |
787 | \r | |
788 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
789 | @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r | |
790 | - This is NULL.\r | |
791 | - Selector is NULL.\r | |
792 | - DataSize is NULL.\r | |
793 | - Data is NULL and *DataSize is not zero\r | |
794 | @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r | |
795 | @retval EFI_UNSUPPORTED The specified DataType is not supported.\r | |
796 | @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r | |
797 | updated with the size needed to complete the request.\r | |
798 | \r | |
799 | **/\r | |
800 | EFI_STATUS\r | |
801 | EFIAPI\r | |
802 | EfiIpSecConfigGetData (\r | |
803 | IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r | |
804 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
805 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
806 | IN OUT UINTN *DataSize,\r | |
807 | OUT VOID *Data\r | |
808 | );\r | |
809 | \r | |
810 | /**\r | |
811 | Set the security association, security policy and peer authorization configuration\r | |
812 | information for the EFI IPsec driver.\r | |
813 | \r | |
814 | This function is used to set the IPsec configuration information of type DataType for\r | |
815 | the EFI IPsec driver.\r | |
816 | The IPsec configuration data has a unique selector/identifier separately to identify\r | |
817 | a data entry. The selector structure depends on DataType's definition.\r | |
818 | Using SetData() with a Data of NULL causes the IPsec configuration data entry identified\r | |
819 | by DataType and Selector to be deleted.\r | |
820 | \r | |
821 | @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r | |
822 | @param[in] DataType The type of data to be set.\r | |
823 | @param[in] Selector Pointer to an entry selector on operated configuration data\r | |
824 | specified by DataType. A NULL Selector causes the entire\r | |
825 | specified-type configuration information to be flushed.\r | |
826 | @param[in] Data The data buffer to be set. The structure of the data buffer is\r | |
827 | associated with the DataType.\r | |
828 | @param[in] InsertBefore Pointer to one entry selector which describes the expected\r | |
829 | position the new data entry will be added. If InsertBefore is NULL,\r | |
830 | the new entry will be appended the end of database.\r | |
831 | \r | |
832 | @retval EFI_SUCCESS The specified configuration entry data was set successfully.\r | |
833 | @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:\r | |
834 | - This is NULL.\r | |
835 | @retval EFI_UNSUPPORTED The specified DataType is not supported.\r | |
836 | @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r | |
837 | \r | |
838 | **/\r | |
839 | EFI_STATUS\r | |
840 | EFIAPI\r | |
841 | EfiIpSecConfigSetData (\r | |
842 | IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r | |
843 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
844 | IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r | |
845 | IN VOID *Data,\r | |
846 | IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore OPTIONAL\r | |
847 | );\r | |
848 | \r | |
849 | /**\r | |
850 | Enumerates the current selector for IPsec configuration data entry.\r | |
851 | \r | |
852 | This function is called multiple times to retrieve the entry Selector in IPsec\r | |
853 | configuration database. On each call to GetNextSelector(), the next entry\r | |
854 | Selector are retrieved into the output interface.\r | |
855 | \r | |
856 | If the entire IPsec configuration database has been iterated, the error\r | |
857 | EFI_NOT_FOUND is returned.\r | |
858 | If the Selector buffer is too small for the next Selector copy, an\r | |
859 | EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect\r | |
860 | the size of buffer needed.\r | |
861 | \r | |
862 | On the initial call to GetNextSelector() to start the IPsec configuration database\r | |
863 | search, a pointer to the buffer with all zero value is passed in Selector. Calls\r | |
864 | to SetData() between calls to GetNextSelector may produce unpredictable results.\r | |
865 | \r | |
866 | @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r | |
867 | @param[in] DataType The type of IPsec configuration data to retrieve.\r | |
868 | @param[in, out] SelectorSize The size of the Selector buffer.\r | |
869 | @param[in, out] Selector On input, supplies the pointer to last Selector that was\r | |
870 | returned by GetNextSelector().\r | |
871 | On output, returns one copy of the current entry Selector\r | |
872 | of a given DataType.\r | |
873 | \r | |
874 | @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r | |
875 | @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r | |
876 | - This is NULL.\r | |
877 | - SelectorSize is NULL.\r | |
878 | - Selector is NULL.\r | |
879 | @retval EFI_NOT_FOUND The next configuration data entry was not found.\r | |
880 | @retval EFI_UNSUPPORTED The specified DataType is not supported.\r | |
881 | @retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter\r | |
882 | has been updated with the size needed to complete the search\r | |
883 | request.\r | |
884 | \r | |
885 | **/\r | |
886 | EFI_STATUS\r | |
887 | EFIAPI\r | |
888 | EfiIpSecConfigGetNextSelector (\r | |
889 | IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r | |
890 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
891 | IN OUT UINTN *SelectorSize,\r | |
892 | IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector\r | |
893 | );\r | |
894 | \r | |
895 | /**\r | |
896 | Register an event that is to be signaled whenever a configuration process on the\r | |
897 | specified IPsec configuration information is done.\r | |
898 | \r | |
899 | The register function is not surpport now and always returns EFI_UNSUPPORTED.\r | |
900 | \r | |
901 | @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r | |
902 | @param[in] DataType The type of data to be registered the event for.\r | |
903 | @param[in] Event The event to be registered.\r | |
904 | \r | |
905 | @retval EFI_SUCCESS The event is registered successfully.\r | |
906 | @retval EFI_INVALID_PARAMETER This is NULL, or Event is NULL.\r | |
907 | @retval EFI_ACCESS_DENIED The Event is already registered for the DataType.\r | |
908 | @retval EFI_UNSUPPORTED The notify registration unsupported, or the specified\r | |
909 | DataType is not supported.\r | |
910 | \r | |
911 | **/\r | |
912 | EFI_STATUS\r | |
913 | EFIAPI\r | |
914 | EfiIpSecConfigRegisterNotify (\r | |
915 | IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r | |
916 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
917 | IN EFI_EVENT Event\r | |
918 | );\r | |
919 | \r | |
920 | \r | |
921 | /**\r | |
922 | Remove the specified event that was previously registered on the specified IPsec\r | |
923 | configuration data.\r | |
924 | \r | |
925 | This function is not supported now and always returns EFI_UNSUPPORTED.\r | |
926 | \r | |
927 | @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r | |
928 | @param[in] DataType The configuration data type to remove the registered event for.\r | |
929 | @param[in] Event The event to be unregistered.\r | |
930 | \r | |
931 | @retval EFI_SUCCESS The event was removed successfully.\r | |
932 | @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the\r | |
933 | database.\r | |
934 | @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.\r | |
935 | @retval EFI_UNSUPPORTED The notify registration unsupported or the specified\r | |
936 | DataType is not supported.\r | |
937 | \r | |
938 | **/\r | |
939 | EFI_STATUS\r | |
940 | EFIAPI\r | |
941 | EfiIpSecConfigUnregisterNotify (\r | |
942 | IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r | |
943 | IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r | |
944 | IN EFI_EVENT Event\r | |
945 | );\r | |
946 | \r | |
9166f840 | 947 | extern LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];\r |
948 | \r | |
a3bcde70 | 949 | #endif\r |