]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Clean ISA_IO/ISA_IO_16 and VGA_IO/VGA_IO_16 attribute usage in PCI bus driver/PCI...
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
... / ...
CommitLineData
1/** @file\r
2 The implementation of policy entry operation function in IpSecConfig application.\r
3\r
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include "IpSecConfig.h"\r
17#include "Indexer.h"\r
18#include "Match.h"\r
19#include "Helper.h"\r
20#include "ForEach.h"\r
21#include "PolicyEntryOperation.h"\r
22\r
23/**\r
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r
25\r
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
27 @param[in] ParamPackage The pointer to the ParamPackage list.\r
28 @param[in, out] ParamPackage The pointer to the Mask.\r
29\r
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
32\r
33**/\r
34EFI_STATUS\r
35CreateSpdSelector (\r
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r
37 IN LIST_ENTRY *ParamPackage,\r
38 IN OUT UINT32 *Mask\r
39 )\r
40{\r
41 EFI_STATUS Status;\r
42 EFI_STATUS ReturnStatus;\r
43 CONST CHAR16 *ValueStr;\r
44\r
45 Status = EFI_SUCCESS;\r
46 ReturnStatus = EFI_SUCCESS;\r
47\r
48 //\r
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
50 //\r
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r
52 if (ValueStr != NULL) {\r
53 Selector->LocalAddressCount = 1;\r
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r
55 if (EFI_ERROR (Status)) {\r
56 ShellPrintHiiEx (\r
57 -1,\r
58 -1,\r
59 NULL,\r
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
61 mHiiHandle,\r
62 mAppName,\r
63 L"--local",\r
64 ValueStr\r
65 );\r
66 ReturnStatus = EFI_INVALID_PARAMETER;\r
67 } else {\r
68 *Mask |= LOCAL;\r
69 }\r
70 }\r
71\r
72 //\r
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
74 //\r
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r
76 if (ValueStr != NULL) {\r
77 Selector->RemoteAddressCount = 1;\r
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r
79 if (EFI_ERROR (Status)) {\r
80 ShellPrintHiiEx (\r
81 -1,\r
82 -1,\r
83 NULL,\r
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
85 mHiiHandle,\r
86 mAppName,\r
87 L"--remote",\r
88 ValueStr\r
89 );\r
90 ReturnStatus = EFI_INVALID_PARAMETER;\r
91 } else {\r
92 *Mask |= REMOTE;\r
93 }\r
94 }\r
95\r
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r
97\r
98 //\r
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
100 //\r
101 Status = GetNumber (\r
102 L"--proto",\r
103 (UINT16) -1,\r
104 &Selector->NextLayerProtocol,\r
105 sizeof (UINT16),\r
106 mMapIpProtocol,\r
107 ParamPackage,\r
108 FORMAT_NUMBER | FORMAT_STRING\r
109 );\r
110 if (!EFI_ERROR (Status)) {\r
111 *Mask |= PROTO;\r
112 }\r
113\r
114 if (Status == EFI_INVALID_PARAMETER) {\r
115 ReturnStatus = EFI_INVALID_PARAMETER;\r
116 }\r
117\r
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r
120\r
121 //\r
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
123 //\r
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r
125 if (ValueStr != NULL) {\r
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r
127 if (EFI_ERROR (Status)) {\r
128 ShellPrintHiiEx (\r
129 -1,\r
130 -1,\r
131 NULL,\r
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
133 mHiiHandle,\r
134 mAppName,\r
135 L"--local-port",\r
136 ValueStr\r
137 );\r
138 ReturnStatus = EFI_INVALID_PARAMETER;\r
139 } else {\r
140 *Mask |= LOCAL_PORT;\r
141 }\r
142 }\r
143\r
144 //\r
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
146 //\r
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r
148 if (ValueStr != NULL) {\r
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r
150 if (EFI_ERROR (Status)) {\r
151 ShellPrintHiiEx (\r
152 -1,\r
153 -1,\r
154 NULL,\r
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
156 mHiiHandle,\r
157 mAppName,\r
158 L"--remote-port",\r
159 ValueStr\r
160 );\r
161 ReturnStatus = EFI_INVALID_PARAMETER;\r
162 } else {\r
163 *Mask |= REMOTE_PORT;\r
164 }\r
165 }\r
166\r
167 //\r
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
169 //\r
170 Status = GetNumber (\r
171 L"--icmp-type",\r
172 (UINT8) -1,\r
173 &Selector->LocalPort,\r
174 sizeof (UINT16),\r
175 NULL,\r
176 ParamPackage,\r
177 FORMAT_NUMBER\r
178 );\r
179 if (!EFI_ERROR (Status)) {\r
180 *Mask |= ICMP_TYPE;\r
181 }\r
182\r
183 if (Status == EFI_INVALID_PARAMETER) {\r
184 ReturnStatus = EFI_INVALID_PARAMETER;\r
185 }\r
186\r
187 //\r
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
189 //\r
190 Status = GetNumber (\r
191 L"--icmp-code",\r
192 (UINT8) -1,\r
193 &Selector->RemotePort,\r
194 sizeof (UINT16),\r
195 NULL,\r
196 ParamPackage,\r
197 FORMAT_NUMBER\r
198 );\r
199 if (!EFI_ERROR (Status)) {\r
200 *Mask |= ICMP_CODE;\r
201 }\r
202\r
203 if (Status == EFI_INVALID_PARAMETER) {\r
204 ReturnStatus = EFI_INVALID_PARAMETER;\r
205 }\r
206\r
207 return ReturnStatus;\r
208}\r
209\r
210/**\r
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r
212\r
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r
215 @param[in] ParamPackage The pointer to the ParamPackage list.\r
216 @param[out] Mask The pointer to the Mask.\r
217 @param[in] CreateNew The switch to create new.\r
218\r
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
221\r
222**/\r
223EFI_STATUS\r
224CreateSpdEntry (\r
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r
226 OUT EFI_IPSEC_SPD_DATA **Data,\r
227 IN LIST_ENTRY *ParamPackage,\r
228 OUT UINT32 *Mask,\r
229 IN BOOLEAN CreateNew\r
230 )\r
231{\r
232 EFI_STATUS Status;\r
233 EFI_STATUS ReturnStatus;\r
234 CONST CHAR16 *ValueStr;\r
235 UINTN DataSize;\r
236\r
237 Status = EFI_SUCCESS;\r
238 *Mask = 0;\r
239\r
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r
241 ASSERT (*Selector != NULL);\r
242\r
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r
245\r
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r
247\r
248 //\r
249 // SPD DATA\r
250 // NOTE: Allocate enough memory and add padding for different arch.\r
251 //\r
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r
255\r
256 *Data = AllocateZeroPool (DataSize);\r
257 ASSERT (*Data != NULL);\r
258\r
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r
260 (*Data + 1),\r
261 sizeof (UINTN)\r
262 );\r
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r
264 ((*Data)->ProcessingPolicy + 1),\r
265 sizeof (UINTN)\r
266 );\r
267\r
268\r
269 //\r
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r
271 //\r
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r
273 if (ValueStr != NULL) {\r
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);\r
275 *Mask |= NAME;\r
276 }\r
277\r
278 //\r
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r
280 //\r
281 Status = GetNumber (\r
282 L"--packet-flag",\r
283 (UINT8) -1,\r
284 &(*Data)->PackageFlag,\r
285 sizeof (UINT32),\r
286 NULL,\r
287 ParamPackage,\r
288 FORMAT_NUMBER\r
289 );\r
290 if (!EFI_ERROR (Status)) {\r
291 *Mask |= PACKET_FLAG;\r
292 }\r
293\r
294 if (Status == EFI_INVALID_PARAMETER) {\r
295 ReturnStatus = EFI_INVALID_PARAMETER;\r
296 }\r
297\r
298 //\r
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r
300 //\r
301 Status = GetNumber (\r
302 L"--action",\r
303 (UINT8) -1,\r
304 &(*Data)->Action,\r
305 sizeof (UINT32),\r
306 mMapIpSecAction,\r
307 ParamPackage,\r
308 FORMAT_STRING\r
309 );\r
310 if (!EFI_ERROR (Status)) {\r
311 *Mask |= ACTION;\r
312 }\r
313\r
314 if (Status == EFI_INVALID_PARAMETER) {\r
315 ReturnStatus = EFI_INVALID_PARAMETER;\r
316 }\r
317\r
318 //\r
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r
320 //\r
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r
323 *Mask |= EXT_SEQUENCE;\r
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r
326 *Mask |= EXT_SEQUENCE;\r
327 }\r
328\r
329 //\r
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r
331 //\r
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r
334 *Mask |= SEQUENCE_OVERFLOW;\r
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r
337 *Mask |= SEQUENCE_OVERFLOW;\r
338 }\r
339\r
340 //\r
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r
342 //\r
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;\r
345 *Mask |= FRAGMENT_CHECK;\r
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;\r
348 *Mask |= FRAGMENT_CHECK;\r
349 }\r
350\r
351 //\r
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r
353 //\r
354 Status = GetNumber (\r
355 L"--lifebyte",\r
356 (UINT64) -1,\r
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r
358 sizeof (UINT64),\r
359 NULL,\r
360 ParamPackage,\r
361 FORMAT_NUMBER\r
362 );\r
363 if (!EFI_ERROR (Status)) {\r
364 *Mask |= LIFEBYTE;\r
365 }\r
366\r
367 if (Status == EFI_INVALID_PARAMETER) {\r
368 ReturnStatus = EFI_INVALID_PARAMETER;\r
369 }\r
370\r
371 Status = GetNumber (\r
372 L"--lifetime",\r
373 (UINT64) -1,\r
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r
375 sizeof (UINT64),\r
376 NULL,\r
377 ParamPackage,\r
378 FORMAT_NUMBER\r
379 );\r
380 if (!EFI_ERROR (Status)) {\r
381 *Mask |= LIFETIME;\r
382 }\r
383 if (Status == EFI_INVALID_PARAMETER) {\r
384 ReturnStatus = EFI_INVALID_PARAMETER;\r
385 }\r
386\r
387 Status = GetNumber (\r
388 L"--lifetime-soft",\r
389 (UINT64) -1,\r
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r
391 sizeof (UINT64),\r
392 NULL,\r
393 ParamPackage,\r
394 FORMAT_NUMBER\r
395 );\r
396 if (!EFI_ERROR (Status)) {\r
397 *Mask |= LIFETIME_SOFT;\r
398 }\r
399\r
400 if (Status == EFI_INVALID_PARAMETER) {\r
401 ReturnStatus = EFI_INVALID_PARAMETER;\r
402 }\r
403\r
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r
405 Status = GetNumber (\r
406 L"--mode",\r
407 0,\r
408 &(*Data)->ProcessingPolicy->Mode,\r
409 sizeof (UINT32),\r
410 mMapIpSecMode,\r
411 ParamPackage,\r
412 FORMAT_STRING\r
413 );\r
414 if (!EFI_ERROR (Status)) {\r
415 *Mask |= MODE;\r
416 }\r
417\r
418 if (Status == EFI_INVALID_PARAMETER) {\r
419 ReturnStatus = EFI_INVALID_PARAMETER;\r
420 }\r
421\r
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r
423 if (ValueStr != NULL) {\r
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r
425 if (EFI_ERROR (Status)) {\r
426 ShellPrintHiiEx (\r
427 -1,\r
428 -1,\r
429 NULL,\r
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
431 mHiiHandle,\r
432 mAppName,\r
433 L"--tunnel-local",\r
434 ValueStr\r
435 );\r
436 ReturnStatus = EFI_INVALID_PARAMETER;\r
437 } else {\r
438 *Mask |= TUNNEL_LOCAL;\r
439 }\r
440 }\r
441\r
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r
443 if (ValueStr != NULL) {\r
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r
445 if (EFI_ERROR (Status)) {\r
446 ShellPrintHiiEx (\r
447 -1,\r
448 -1,\r
449 NULL,\r
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
451 mHiiHandle,\r
452 mAppName,\r
453 L"--tunnel-remote",\r
454 ValueStr\r
455 );\r
456 ReturnStatus = EFI_INVALID_PARAMETER;\r
457 } else {\r
458 *Mask |= TUNNEL_REMOTE;\r
459 }\r
460 }\r
461\r
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r
463 Status = GetNumber (\r
464 L"--dont-fragment",\r
465 0,\r
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,\r
467 sizeof (UINT32),\r
468 mMapDfOption,\r
469 ParamPackage,\r
470 FORMAT_STRING\r
471 );\r
472 if (!EFI_ERROR (Status)) {\r
473 *Mask |= DONT_FRAGMENT;\r
474 }\r
475\r
476 if (Status == EFI_INVALID_PARAMETER) {\r
477 ReturnStatus = EFI_INVALID_PARAMETER;\r
478 }\r
479\r
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r
481 Status = GetNumber (\r
482 L"--ipsec-proto",\r
483 0,\r
484 &(*Data)->ProcessingPolicy->Proto,\r
485 sizeof (UINT32),\r
486 mMapIpSecProtocol,\r
487 ParamPackage,\r
488 FORMAT_STRING\r
489 );\r
490 if (!EFI_ERROR (Status)) {\r
491 *Mask |= IPSEC_PROTO;\r
492 }\r
493\r
494 if (Status == EFI_INVALID_PARAMETER) {\r
495 ReturnStatus = EFI_INVALID_PARAMETER;\r
496 }\r
497\r
498 Status = GetNumber (\r
499 L"--encrypt-algo",\r
500 0,\r
501 &(*Data)->ProcessingPolicy->EncAlgoId,\r
502 sizeof (UINT8),\r
503 mMapEncAlgo,\r
504 ParamPackage,\r
505 FORMAT_STRING\r
506 );\r
507 if (!EFI_ERROR (Status)) {\r
508 *Mask |= ENCRYPT_ALGO;\r
509 }\r
510\r
511 if (Status == EFI_INVALID_PARAMETER) {\r
512 ReturnStatus = EFI_INVALID_PARAMETER;\r
513 }\r
514\r
515 Status = GetNumber (\r
516 L"--auth-algo",\r
517 0,\r
518 &(*Data)->ProcessingPolicy->AuthAlgoId,\r
519 sizeof (UINT8),\r
520 mMapAuthAlgo,\r
521 ParamPackage,\r
522 FORMAT_STRING\r
523 );\r
524 if (!EFI_ERROR (Status)) {\r
525 *Mask |= AUTH_ALGO;\r
526 }\r
527\r
528 if (Status == EFI_INVALID_PARAMETER) {\r
529 ReturnStatus = EFI_INVALID_PARAMETER;\r
530 }\r
531\r
532 //\r
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r
534 //\r
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;\r
537 }\r
538\r
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r
542 if ((*Data)->Action != EfiIPsecActionProtect) {\r
543 //\r
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r
545 //\r
546 (*Data)->ProcessingPolicy = NULL;\r
547 }\r
548 }\r
549\r
550 if (CreateNew) {\r
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r
552 ShellPrintHiiEx (\r
553 -1,\r
554 -1,\r
555 NULL,\r
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
557 mHiiHandle,\r
558 mAppName,\r
559 L"--local --remote --proto --action"\r
560 );\r
561 ReturnStatus = EFI_INVALID_PARAMETER;\r
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r
565 ShellPrintHiiEx (\r
566 -1,\r
567 -1,\r
568 NULL,\r
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
570 mHiiHandle,\r
571 mAppName,\r
572 L"--tunnel-local --tunnel-remote"\r
573 );\r
574 ReturnStatus = EFI_INVALID_PARAMETER;\r
575 }\r
576 }\r
577\r
578 return ReturnStatus;\r
579}\r
580\r
581/**\r
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list.\r
583\r
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA structure.\r
586 @param[in] ParamPackage The pointer to the ParamPackage list.\r
587 @param[out] Mask The pointer to the Mask.\r
588 @param[in] CreateNew The switch to create new.\r
589\r
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully.\r
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
592\r
593**/\r
594EFI_STATUS\r
595CreateSadEntry (\r
596 OUT EFI_IPSEC_SA_ID **SaId,\r
597 OUT EFI_IPSEC_SA_DATA **Data,\r
598 IN LIST_ENTRY *ParamPackage,\r
599 OUT UINT32 *Mask,\r
600 IN BOOLEAN CreateNew\r
601 )\r
602{\r
603 EFI_STATUS Status;\r
604 EFI_STATUS ReturnStatus;\r
605 UINTN AuthKeyLength;\r
606 UINTN EncKeyLength;\r
607 CONST CHAR16 *ValueStr;\r
608 UINTN DataSize;\r
609\r
610 Status = EFI_SUCCESS;\r
611 ReturnStatus = EFI_SUCCESS;\r
612 *Mask = 0;\r
613 AuthKeyLength = 0;\r
614 EncKeyLength = 0;\r
615\r
616 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r
617 ASSERT (*SaId != NULL);\r
618\r
619 //\r
620 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r
621 //\r
622 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r
623 if (!EFI_ERROR (Status)) {\r
624 *Mask |= SPI;\r
625 }\r
626\r
627 if (Status == EFI_INVALID_PARAMETER) {\r
628 ReturnStatus = EFI_INVALID_PARAMETER;\r
629 }\r
630\r
631 //\r
632 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r
633 //\r
634 Status = GetNumber (\r
635 L"--ipsec-proto",\r
636 0,\r
637 &(*SaId)->Proto,\r
638 sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r
639 mMapIpSecProtocol,\r
640 ParamPackage,\r
641 FORMAT_STRING\r
642 );\r
643 if (!EFI_ERROR (Status)) {\r
644 *Mask |= IPSEC_PROTO;\r
645 }\r
646\r
647 if (Status == EFI_INVALID_PARAMETER) {\r
648 ReturnStatus = EFI_INVALID_PARAMETER;\r
649 }\r
650\r
651 //\r
652 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
653 //\r
654 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");\r
655 if (ValueStr != NULL) {\r
656 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);\r
657 if (EFI_ERROR (Status)) {\r
658 ShellPrintHiiEx (\r
659 -1,\r
660 -1,\r
661 NULL,\r
662 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
663 mHiiHandle,\r
664 mAppName,\r
665 L"--dest",\r
666 ValueStr\r
667 );\r
668 ReturnStatus = EFI_INVALID_PARAMETER;\r
669 } else {\r
670 *Mask |= DEST;\r
671 }\r
672 }\r
673\r
674 //\r
675 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.\r
676 //\r
677 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
678 if (ValueStr != NULL) {\r
679 AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
680 }\r
681\r
682 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
683 if (ValueStr != NULL) {\r
684 EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
685 }\r
686\r
687 //\r
688 // EFI_IPSEC_SA_DATA:\r
689 // +------------\r
690 // | EFI_IPSEC_SA_DATA\r
691 // +-----------------------\r
692 // | AuthKey\r
693 // +-------------------------\r
694 // | EncKey\r
695 // +-------------------------\r
696 // | SpdSelector\r
697 //\r
698 // Notes: To make sure the address alignment add padding after each data if needed.\r
699 //\r
700 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA));\r
701 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r
702 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r
703 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r
704 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r
705 DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r
706\r
707\r
708\r
709 *Data = AllocateZeroPool (DataSize);\r
710 ASSERT (*Data != NULL);\r
711\r
712 (*Data)->ManualSet = TRUE;\r
713 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r
714 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
715 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r
716 sizeof (UINTN)\r
717 );\r
718 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r
719 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r
720 sizeof (UINTN)\r
721 );\r
722 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
723 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r
724 sizeof (UINTN));\r
725 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
726 (*Data)->SpdSelector->LocalAddress + 1,\r
727 sizeof (UINTN)\r
728 );\r
729\r
730 (*Data)->Mode = EfiIPsecTransport;\r
731 Status = GetNumber (\r
732 L"--mode",\r
733 0,\r
734 &(*Data)->Mode,\r
735 sizeof (EFI_IPSEC_MODE),\r
736 mMapIpSecMode,\r
737 ParamPackage,\r
738 FORMAT_STRING\r
739 );\r
740 if (!EFI_ERROR (Status)) {\r
741 *Mask |= MODE;\r
742 }\r
743\r
744 if (Status == EFI_INVALID_PARAMETER) {\r
745 ReturnStatus = EFI_INVALID_PARAMETER;\r
746 }\r
747\r
748 //\r
749 // According to RFC 4303-3.3.3. The first packet sent using a given SA\r
750 // will contain a sequence number of 1.\r
751 //\r
752 (*Data)->SNCount = 1;\r
753 Status = GetNumber (\r
754 L"--sequence-number",\r
755 (UINT64) -1,\r
756 &(*Data)->SNCount,\r
757 sizeof (UINT64),\r
758 NULL,\r
759 ParamPackage,\r
760 FORMAT_NUMBER\r
761 );\r
762 if (!EFI_ERROR (Status)) {\r
763 *Mask |= SEQUENCE_NUMBER;\r
764 }\r
765\r
766 if (Status == EFI_INVALID_PARAMETER) {\r
767 ReturnStatus = EFI_INVALID_PARAMETER;\r
768 }\r
769\r
770 (*Data)->AntiReplayWindows = 0;\r
771 Status = GetNumber (\r
772 L"--antireplay-window",\r
773 (UINT8) -1,\r
774 &(*Data)->AntiReplayWindows,\r
775 sizeof (UINT8),\r
776 NULL,\r
777 ParamPackage,\r
778 FORMAT_NUMBER\r
779 );\r
780 if (!EFI_ERROR (Status)) {\r
781 *Mask |= SEQUENCE_NUMBER;\r
782 }\r
783\r
784 if (Status == EFI_INVALID_PARAMETER) {\r
785 ReturnStatus = EFI_INVALID_PARAMETER;\r
786 }\r
787\r
788 Status = GetNumber (\r
789 L"--encrypt-algo",\r
790 0,\r
791 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r
792 sizeof (UINT8),\r
793 mMapEncAlgo,\r
794 ParamPackage,\r
795 FORMAT_STRING\r
796 );\r
797 if (!EFI_ERROR (Status)) {\r
798 *Mask |= ENCRYPT_ALGO;\r
799 }\r
800\r
801 if (Status == EFI_INVALID_PARAMETER) {\r
802 ReturnStatus = EFI_INVALID_PARAMETER;\r
803 }\r
804\r
805 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
806 if (ValueStr != NULL ) {\r
807 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r
808 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength);\r
809 *Mask |= ENCRYPT_KEY;\r
810 } else {\r
811 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r
812 }\r
813\r
814 Status = GetNumber (\r
815 L"--auth-algo",\r
816 0,\r
817 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r
818 sizeof (UINT8),\r
819 mMapAuthAlgo,\r
820 ParamPackage,\r
821 FORMAT_STRING\r
822 );\r
823 if (!EFI_ERROR (Status)) {\r
824 *Mask |= AUTH_ALGO;\r
825 }\r
826\r
827 if (Status == EFI_INVALID_PARAMETER) {\r
828 ReturnStatus = EFI_INVALID_PARAMETER;\r
829 }\r
830\r
831 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
832 if (ValueStr != NULL) {\r
833 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r
834 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength);\r
835 *Mask |= AUTH_KEY;\r
836 } else {\r
837 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r
838 }\r
839\r
840 Status = GetNumber (\r
841 L"--lifebyte",\r
842 (UINT64) -1,\r
843 &(*Data)->SaLifetime.ByteCount,\r
844 sizeof (UINT64),\r
845 NULL,\r
846 ParamPackage,\r
847 FORMAT_NUMBER\r
848 );\r
849 if (!EFI_ERROR (Status)) {\r
850 *Mask |= LIFEBYTE;\r
851 }\r
852\r
853 if (Status == EFI_INVALID_PARAMETER) {\r
854 ReturnStatus = EFI_INVALID_PARAMETER;\r
855 }\r
856\r
857 Status = GetNumber (\r
858 L"--lifetime",\r
859 (UINT64) -1,\r
860 &(*Data)->SaLifetime.HardLifetime,\r
861 sizeof (UINT64),\r
862 NULL,\r
863 ParamPackage,\r
864 FORMAT_NUMBER\r
865 );\r
866 if (!EFI_ERROR (Status)) {\r
867 *Mask |= LIFETIME;\r
868 }\r
869\r
870 if (Status == EFI_INVALID_PARAMETER) {\r
871 ReturnStatus = EFI_INVALID_PARAMETER;\r
872 }\r
873\r
874 Status = GetNumber (\r
875 L"--lifetime-soft",\r
876 (UINT64) -1,\r
877 &(*Data)->SaLifetime.SoftLifetime,\r
878 sizeof (UINT64),\r
879 NULL,\r
880 ParamPackage,\r
881 FORMAT_NUMBER\r
882 );\r
883 if (!EFI_ERROR (Status)) {\r
884 *Mask |= LIFETIME_SOFT;\r
885 }\r
886\r
887 if (Status == EFI_INVALID_PARAMETER) {\r
888 ReturnStatus = EFI_INVALID_PARAMETER;\r
889 }\r
890\r
891 Status = GetNumber (\r
892 L"--path-mtu",\r
893 (UINT32) -1,\r
894 &(*Data)->PathMTU,\r
895 sizeof (UINT32),\r
896 NULL,\r
897 ParamPackage,\r
898 FORMAT_NUMBER\r
899 );\r
900 if (!EFI_ERROR (Status)) {\r
901 *Mask |= PATH_MTU;\r
902 }\r
903\r
904 if (Status == EFI_INVALID_PARAMETER) {\r
905 ReturnStatus = EFI_INVALID_PARAMETER;\r
906 }\r
907\r
908 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r
909\r
910 if (CreateNew) {\r
911 if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) {\r
912 ShellPrintHiiEx (\r
913 -1,\r
914 -1,\r
915 NULL,\r
916 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
917 mHiiHandle,\r
918 mAppName,\r
919 L"--spi --ipsec-proto --dest"\r
920 );\r
921 ReturnStatus = EFI_INVALID_PARAMETER;\r
922 } else {\r
923 if ((*SaId)->Proto == EfiIPsecAH) {\r
924 if ((*Mask & AUTH_ALGO) == 0) {\r
925 ShellPrintHiiEx (\r
926 -1,\r
927 -1,\r
928 NULL,\r
929 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
930 mHiiHandle,\r
931 mAppName,\r
932 L"--auth-algo"\r
933 );\r
934 ReturnStatus = EFI_INVALID_PARAMETER;\r
935 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
936 ShellPrintHiiEx (\r
937 -1,\r
938 -1,\r
939 NULL,\r
940 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
941 mHiiHandle,\r
942 mAppName,\r
943 L"--auth-key"\r
944 );\r
945 ReturnStatus = EFI_INVALID_PARAMETER;\r
946 }\r
947 } else {\r
948 if ((*Mask & ENCRYPT_ALGO) == 0) {\r
949 ShellPrintHiiEx (\r
950 -1,\r
951 -1,\r
952 NULL,\r
953 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
954 mHiiHandle,\r
955 mAppName,\r
956 L"--encrypt-algo"\r
957 );\r
958 ReturnStatus = EFI_INVALID_PARAMETER;\r
959 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r
960 ShellPrintHiiEx (\r
961 -1,\r
962 -1,\r
963 NULL,\r
964 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
965 mHiiHandle,\r
966 mAppName,\r
967 L"--encrypt-key"\r
968 );\r
969 ReturnStatus = EFI_INVALID_PARAMETER;\r
970 }\r
971 }\r
972 }\r
973 }\r
974\r
975 return ReturnStatus;\r
976}\r
977\r
978/**\r
979 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r
980\r
981 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
982 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r
983 @param[in] ParamPackage The pointer to the ParamPackage list.\r
984 @param[out] Mask The pointer to the Mask.\r
985 @param[in] CreateNew The switch to create new.\r
986\r
987 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r
988 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
989\r
990**/\r
991EFI_STATUS\r
992CreatePadEntry (\r
993 OUT EFI_IPSEC_PAD_ID **PadId,\r
994 OUT EFI_IPSEC_PAD_DATA **Data,\r
995 IN LIST_ENTRY *ParamPackage,\r
996 OUT UINT32 *Mask,\r
997 IN BOOLEAN CreateNew\r
998 )\r
999{\r
1000 EFI_STATUS Status;\r
1001 EFI_STATUS ReturnStatus;\r
1002 SHELL_FILE_HANDLE FileHandle;\r
1003 UINT64 FileSize;\r
1004 UINTN AuthDataLength;\r
1005 UINTN RevocationDataLength;\r
1006 UINTN DataLength;\r
1007 UINTN Index;\r
1008 CONST CHAR16 *ValueStr;\r
1009 UINTN DataSize;\r
1010\r
1011 Status = EFI_SUCCESS;\r
1012 ReturnStatus = EFI_SUCCESS;\r
1013 *Mask = 0;\r
1014 AuthDataLength = 0;\r
1015 RevocationDataLength = 0;\r
1016\r
1017 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r
1018 ASSERT (*PadId != NULL);\r
1019\r
1020 //\r
1021 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r
1022 //\r
1023 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r
1024 if (ValueStr != NULL) {\r
1025 (*PadId)->PeerIdValid = FALSE;\r
1026 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r
1027 if (EFI_ERROR (Status)) {\r
1028 ShellPrintHiiEx (\r
1029 -1,\r
1030 -1,\r
1031 NULL,\r
1032 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
1033 mHiiHandle,\r
1034 mAppName,\r
1035 L"--peer-address",\r
1036 ValueStr\r
1037 );\r
1038 ReturnStatus = EFI_INVALID_PARAMETER;\r
1039 } else {\r
1040 *Mask |= PEER_ADDRESS;\r
1041 }\r
1042 }\r
1043\r
1044 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r
1045 if (ValueStr != NULL) {\r
1046 (*PadId)->PeerIdValid = TRUE;\r
1047 StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);\r
1048 *Mask |= PEER_ID;\r
1049 }\r
1050\r
1051 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1052 if (ValueStr != NULL) {\r
1053 if (ValueStr[0] == L'@') {\r
1054 //\r
1055 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1056 //\r
1057 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1058 if (EFI_ERROR (Status)) {\r
1059 ShellPrintHiiEx (\r
1060 -1,\r
1061 -1,\r
1062 NULL,\r
1063 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1064 mHiiHandle,\r
1065 mAppName,\r
1066 &ValueStr[1]\r
1067 );\r
1068 ReturnStatus = EFI_INVALID_PARAMETER;\r
1069 } else {\r
1070 Status = ShellGetFileSize (FileHandle, &FileSize);\r
1071 ShellCloseFile (&FileHandle);\r
1072 if (EFI_ERROR (Status)) {\r
1073 ShellPrintHiiEx (\r
1074 -1,\r
1075 -1,\r
1076 NULL,\r
1077 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1078 mHiiHandle,\r
1079 mAppName,\r
1080 &ValueStr[1]\r
1081 );\r
1082 ReturnStatus = EFI_INVALID_PARAMETER;\r
1083 } else {\r
1084 AuthDataLength = (UINTN) FileSize;\r
1085 }\r
1086 }\r
1087 } else {\r
1088 AuthDataLength = StrLen (ValueStr);\r
1089 }\r
1090 }\r
1091\r
1092 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1093 if (ValueStr != NULL) {\r
1094 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
1095 }\r
1096\r
1097 //\r
1098 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r
1099 // in different Arch.\r
1100 //\r
1101 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r
1102 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r
1103 DataSize += RevocationDataLength;\r
1104\r
1105 *Data = AllocateZeroPool (DataSize);\r
1106 ASSERT (*Data != NULL);\r
1107\r
1108 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r
1109 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r
1110 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r
1111\r
1112 //\r
1113 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r
1114 //\r
1115 Status = GetNumber (\r
1116 L"--auth-proto",\r
1117 0,\r
1118 &(*Data)->AuthProtocol,\r
1119 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r
1120 mMapAuthProto,\r
1121 ParamPackage,\r
1122 FORMAT_STRING\r
1123 );\r
1124 if (!EFI_ERROR (Status)) {\r
1125 *Mask |= AUTH_PROTO;\r
1126 }\r
1127\r
1128 if (Status == EFI_INVALID_PARAMETER) {\r
1129 ReturnStatus = EFI_INVALID_PARAMETER;\r
1130 }\r
1131\r
1132 Status = GetNumber (\r
1133 L"--auth-method",\r
1134 0,\r
1135 &(*Data)->AuthMethod,\r
1136 sizeof (EFI_IPSEC_AUTH_METHOD),\r
1137 mMapAuthMethod,\r
1138 ParamPackage,\r
1139 FORMAT_STRING\r
1140 );\r
1141 if (!EFI_ERROR (Status)) {\r
1142 *Mask |= AUTH_METHOD;\r
1143 }\r
1144\r
1145 if (Status == EFI_INVALID_PARAMETER) {\r
1146 ReturnStatus = EFI_INVALID_PARAMETER;\r
1147 }\r
1148\r
1149 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r
1150 (*Data)->IkeIdFlag = TRUE;\r
1151 *Mask |= IKE_ID;\r
1152 }\r
1153\r
1154 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r
1155 (*Data)->IkeIdFlag = FALSE;\r
1156 *Mask |= IKE_ID;\r
1157 }\r
1158\r
1159 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
1160 if (ValueStr != NULL) {\r
1161 if (ValueStr[0] == L'@') {\r
1162 //\r
1163 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
1164 //\r
1165\r
1166 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
1167 if (EFI_ERROR (Status)) {\r
1168 ShellPrintHiiEx (\r
1169 -1,\r
1170 -1,\r
1171 NULL,\r
1172 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1173 mHiiHandle,\r
1174 mAppName,\r
1175 &ValueStr[1]\r
1176 );\r
1177 ReturnStatus = EFI_INVALID_PARAMETER;\r
1178 (*Data)->AuthData = NULL;\r
1179 } else {\r
1180 DataLength = AuthDataLength;\r
1181 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r
1182 ShellCloseFile (&FileHandle);\r
1183 if (EFI_ERROR (Status)) {\r
1184 ShellPrintHiiEx (\r
1185 -1,\r
1186 -1,\r
1187 NULL,\r
1188 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
1189 mHiiHandle,\r
1190 mAppName,\r
1191 &ValueStr[1]\r
1192 );\r
1193 ReturnStatus = EFI_INVALID_PARAMETER;\r
1194 (*Data)->AuthData = NULL;\r
1195 } else {\r
1196 ASSERT (DataLength == AuthDataLength);\r
1197 *Mask |= AUTH_DATA;\r
1198 }\r
1199 }\r
1200 } else {\r
1201 for (Index = 0; Index < AuthDataLength; Index++) {\r
1202 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r
1203 }\r
1204 (*Data)->AuthDataSize = AuthDataLength;\r
1205 *Mask |= AUTH_DATA;\r
1206 }\r
1207 }\r
1208\r
1209 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
1210 if (ValueStr != NULL) {\r
1211 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r
1212 (*Data)->RevocationDataSize = RevocationDataLength;\r
1213 *Mask |= REVOCATION_DATA;\r
1214 } else {\r
1215 (*Data)->RevocationData = NULL;\r
1216 }\r
1217\r
1218 if (CreateNew) {\r
1219 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1220 ShellPrintHiiEx (\r
1221 -1,\r
1222 -1,\r
1223 NULL,\r
1224 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1225 mHiiHandle,\r
1226 mAppName,\r
1227 L"--peer-id --peer-address"\r
1228 );\r
1229 ReturnStatus = EFI_INVALID_PARAMETER;\r
1230 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r
1231 ShellPrintHiiEx (\r
1232 -1,\r
1233 -1,\r
1234 NULL,\r
1235 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1236 mHiiHandle,\r
1237 mAppName,\r
1238 L"--auth-method --auth-data"\r
1239 );\r
1240 ReturnStatus = EFI_INVALID_PARAMETER;\r
1241 }\r
1242 }\r
1243\r
1244 return ReturnStatus;\r
1245}\r
1246\r
1247CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r
1248 (CREATE_POLICY_ENTRY) CreateSpdEntry,\r
1249 (CREATE_POLICY_ENTRY) CreateSadEntry,\r
1250 (CREATE_POLICY_ENTRY) CreatePadEntry\r
1251};\r
1252\r
1253/**\r
1254 Combine old SPD entry with new SPD entry.\r
1255\r
1256 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1257 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1258 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
1259 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
1260 @param[in] Mask The pointer to the Mask.\r
1261 @param[out] CreateNew The switch to create new.\r
1262\r
1263 @retval EFI_SUCCESS Combined successfully.\r
1264 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1265\r
1266**/\r
1267EFI_STATUS\r
1268CombineSpdEntry (\r
1269 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r
1270 IN OUT EFI_IPSEC_SPD_DATA *OldData,\r
1271 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r
1272 IN EFI_IPSEC_SPD_DATA *NewData,\r
1273 IN UINT32 Mask,\r
1274 OUT BOOLEAN *CreateNew\r
1275 )\r
1276{\r
1277\r
1278 //\r
1279 // Process Selector\r
1280 //\r
1281 *CreateNew = FALSE;\r
1282 if ((Mask & LOCAL) == 0) {\r
1283 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r
1284 NewSelector->LocalAddress = OldSelector->LocalAddress;\r
1285 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r
1286 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1287 *CreateNew = TRUE;\r
1288 }\r
1289\r
1290 if ((Mask & REMOTE) == 0) {\r
1291 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r
1292 NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r
1293 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r
1294 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
1295 *CreateNew = TRUE;\r
1296 }\r
1297\r
1298 if ((Mask & PROTO) == 0) {\r
1299 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r
1300 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r
1301 *CreateNew = TRUE;\r
1302 }\r
1303\r
1304 switch (NewSelector->NextLayerProtocol) {\r
1305 case EFI_IP4_PROTO_TCP:\r
1306 case EFI_IP4_PROTO_UDP:\r
1307 if ((Mask & LOCAL_PORT) == 0) {\r
1308 NewSelector->LocalPort = OldSelector->LocalPort;\r
1309 NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r
1310 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r
1311 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r
1312 *CreateNew = TRUE;\r
1313 }\r
1314\r
1315 if ((Mask & REMOTE_PORT) == 0) {\r
1316 NewSelector->RemotePort = OldSelector->RemotePort;\r
1317 NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r
1318 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r
1319 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r
1320 *CreateNew = TRUE;\r
1321 }\r
1322 break;\r
1323\r
1324 case EFI_IP4_PROTO_ICMP:\r
1325 if ((Mask & ICMP_TYPE) == 0) {\r
1326 NewSelector->LocalPort = OldSelector->LocalPort;\r
1327 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r
1328 *CreateNew = TRUE;\r
1329 }\r
1330\r
1331 if ((Mask & ICMP_CODE) == 0) {\r
1332 NewSelector->RemotePort = OldSelector->RemotePort;\r
1333 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r
1334 *CreateNew = TRUE;\r
1335 }\r
1336 break;\r
1337 }\r
1338 //\r
1339 // Process Data\r
1340 //\r
1341 if ((Mask & NAME) != 0) {\r
1342 AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);\r
1343 }\r
1344\r
1345 if ((Mask & PACKET_FLAG) != 0) {\r
1346 OldData->PackageFlag = NewData->PackageFlag;\r
1347 }\r
1348\r
1349 if ((Mask & ACTION) != 0) {\r
1350 OldData->Action = NewData->Action;\r
1351 }\r
1352\r
1353 if (OldData->Action != EfiIPsecActionProtect) {\r
1354 OldData->ProcessingPolicy = NULL;\r
1355 } else {\r
1356 //\r
1357 // Protect\r
1358 //\r
1359 if (OldData->ProcessingPolicy == NULL) {\r
1360 //\r
1361 // Just point to new data if originally NULL.\r
1362 //\r
1363 OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r
1364 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r
1365 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r
1366 ) {\r
1367 //\r
1368 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r
1369 //\r
1370 ShellPrintHiiEx (\r
1371 -1,\r
1372 -1,\r
1373 NULL,\r
1374 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1375 mHiiHandle,\r
1376 mAppName,\r
1377 L"--tunnel-local --tunnel-remote"\r
1378 );\r
1379 return EFI_INVALID_PARAMETER;\r
1380 }\r
1381 } else {\r
1382 //\r
1383 // Modify some of the data.\r
1384 //\r
1385 if ((Mask & EXT_SEQUENCE) != 0) {\r
1386 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r
1387 }\r
1388\r
1389 if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r
1390 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r
1391 }\r
1392\r
1393 if ((Mask & FRAGMENT_CHECK) != 0) {\r
1394 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r
1395 }\r
1396\r
1397 if ((Mask & LIFEBYTE) != 0) {\r
1398 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r
1399 }\r
1400\r
1401 if ((Mask & LIFETIME_SOFT) != 0) {\r
1402 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r
1403 }\r
1404\r
1405 if ((Mask & LIFETIME) != 0) {\r
1406 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r
1407 }\r
1408\r
1409 if ((Mask & MODE) != 0) {\r
1410 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r
1411 }\r
1412\r
1413 if ((Mask & IPSEC_PROTO) != 0) {\r
1414 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r
1415 }\r
1416\r
1417 if ((Mask & AUTH_ALGO) != 0) {\r
1418 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r
1419 }\r
1420\r
1421 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1422 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r
1423 }\r
1424\r
1425 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r
1426 OldData->ProcessingPolicy->TunnelOption = NULL;\r
1427 } else {\r
1428 if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r
1429 //\r
1430 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r
1431 //\r
1432 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r
1433 ShellPrintHiiEx (\r
1434 -1,\r
1435 -1,\r
1436 NULL,\r
1437 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1438 mHiiHandle,\r
1439 mAppName,\r
1440 L"--tunnel-local --tunnel-remote"\r
1441 );\r
1442 return EFI_INVALID_PARAMETER;\r
1443 }\r
1444\r
1445 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r
1446 } else {\r
1447 if ((Mask & TUNNEL_LOCAL) != 0) {\r
1448 CopyMem (\r
1449 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1450 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
1451 sizeof (EFI_IP_ADDRESS)\r
1452 );\r
1453 }\r
1454\r
1455 if ((Mask & TUNNEL_REMOTE) != 0) {\r
1456 CopyMem (\r
1457 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1458 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
1459 sizeof (EFI_IP_ADDRESS)\r
1460 );\r
1461 }\r
1462\r
1463 if ((Mask & DONT_FRAGMENT) != 0) {\r
1464 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r
1465 }\r
1466 }\r
1467 }\r
1468 }\r
1469 }\r
1470\r
1471 return EFI_SUCCESS;\r
1472}\r
1473\r
1474/**\r
1475 Combine old SAD entry with new SAD entry.\r
1476\r
1477 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
1478 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA structure.\r
1479 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
1480 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA structure.\r
1481 @param[in] Mask The pointer to the Mask.\r
1482 @param[out] CreateNew The switch to create new.\r
1483\r
1484 @retval EFI_SUCCESS Combined successfully.\r
1485 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1486\r
1487**/\r
1488EFI_STATUS\r
1489CombineSadEntry (\r
1490 IN OUT EFI_IPSEC_SA_ID *OldSaId,\r
1491 IN OUT EFI_IPSEC_SA_DATA *OldData,\r
1492 IN EFI_IPSEC_SA_ID *NewSaId,\r
1493 IN EFI_IPSEC_SA_DATA *NewData,\r
1494 IN UINT32 Mask,\r
1495 OUT BOOLEAN *CreateNew\r
1496 )\r
1497{\r
1498\r
1499 *CreateNew = FALSE;\r
1500\r
1501 if ((Mask & SPI) == 0) {\r
1502 NewSaId->Spi = OldSaId->Spi;\r
1503 } else if (NewSaId->Spi != OldSaId->Spi) {\r
1504 *CreateNew = TRUE;\r
1505 }\r
1506\r
1507 if ((Mask & IPSEC_PROTO) == 0) {\r
1508 NewSaId->Proto = OldSaId->Proto;\r
1509 } else if (NewSaId->Proto != OldSaId->Proto) {\r
1510 *CreateNew = TRUE;\r
1511 }\r
1512\r
1513 if ((Mask & DEST) == 0) {\r
1514 CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS));\r
1515 } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
1516 *CreateNew = TRUE;\r
1517 }\r
1518\r
1519 //\r
1520 // Process SA_DATA.\r
1521 //\r
1522 if ((Mask & MODE) != 0) {\r
1523 OldData->Mode = NewData->Mode;\r
1524 }\r
1525\r
1526 if ((Mask & SEQUENCE_NUMBER) != 0) {\r
1527 OldData->SNCount = NewData->SNCount;\r
1528 }\r
1529\r
1530 if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r
1531 OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r
1532 }\r
1533\r
1534 if ((Mask & AUTH_ALGO) != 0) {\r
1535 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
1536 }\r
1537\r
1538 if ((Mask & AUTH_KEY) != 0) {\r
1539 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r
1540 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
1541 }\r
1542\r
1543 if ((Mask & ENCRYPT_ALGO) != 0) {\r
1544 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
1545 }\r
1546\r
1547 if ((Mask & ENCRYPT_KEY) != 0) {\r
1548 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r
1549 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
1550 }\r
1551\r
1552 if (NewSaId->Proto == EfiIPsecAH) {\r
1553 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r
1554 //\r
1555 // Should not provide encrypt_* if AH.\r
1556 //\r
1557 ShellPrintHiiEx (\r
1558 -1,\r
1559 -1,\r
1560 NULL,\r
1561 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r
1562 mHiiHandle,\r
1563 mAppName,\r
1564 L"--encrypt-algo --encrypt-key"\r
1565 );\r
1566 return EFI_INVALID_PARAMETER;\r
1567 }\r
1568 }\r
1569\r
1570 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r
1571 //\r
1572 // AH -> ESP\r
1573 // Should provide encrypt_algo at least.\r
1574 //\r
1575 if ((Mask & ENCRYPT_ALGO) == 0) {\r
1576 ShellPrintHiiEx (\r
1577 -1,\r
1578 -1,\r
1579 NULL,\r
1580 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1581 mHiiHandle,\r
1582 mAppName,\r
1583 L"--encrypt-algo"\r
1584 );\r
1585 return EFI_INVALID_PARAMETER;\r
1586 }\r
1587\r
1588 //\r
1589 // Encrypt_key should be provided if algorithm is not NONE.\r
1590 //\r
1591 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r
1592 ShellPrintHiiEx (\r
1593 -1,\r
1594 -1,\r
1595 NULL,\r
1596 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
1597 mHiiHandle,\r
1598 mAppName,\r
1599 L"--encrypt-algo"\r
1600 );\r
1601 return EFI_INVALID_PARAMETER;\r
1602 }\r
1603 }\r
1604\r
1605 if ((Mask & LIFEBYTE) != 0) {\r
1606 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r
1607 }\r
1608\r
1609 if ((Mask & LIFETIME_SOFT) != 0) {\r
1610 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r
1611 }\r
1612\r
1613 if ((Mask & LIFETIME) != 0) {\r
1614 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r
1615 }\r
1616\r
1617 if ((Mask & PATH_MTU) != 0) {\r
1618 OldData->PathMTU = NewData->PathMTU;\r
1619 }\r
1620 //\r
1621 // Process SpdSelector.\r
1622 //\r
1623 if (OldData->SpdSelector == NULL) {\r
1624 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r
1625 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r
1626 ShellPrintHiiEx (\r
1627 -1,\r
1628 -1,\r
1629 NULL,\r
1630 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
1631 mHiiHandle,\r
1632 mAppName,\r
1633 L"--local --remote --proto"\r
1634 );\r
1635 return EFI_INVALID_PARAMETER;\r
1636 }\r
1637\r
1638 OldData->SpdSelector = NewData->SpdSelector;\r
1639 }\r
1640 } else {\r
1641 if ((Mask & LOCAL) != 0) {\r
1642 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r
1643 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r
1644 }\r
1645\r
1646 if ((Mask & REMOTE) != 0) {\r
1647 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r
1648 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r
1649 }\r
1650\r
1651 if ((Mask & PROTO) != 0) {\r
1652 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r
1653 }\r
1654\r
1655 if (OldData->SpdSelector != NULL) {\r
1656 switch (OldData->SpdSelector->NextLayerProtocol) {\r
1657 case EFI_IP4_PROTO_TCP:\r
1658 case EFI_IP4_PROTO_UDP:\r
1659 if ((Mask & LOCAL_PORT) != 0) {\r
1660 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r
1661 }\r
1662\r
1663 if ((Mask & REMOTE_PORT) != 0) {\r
1664 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r
1665 }\r
1666 break;\r
1667\r
1668 case EFI_IP4_PROTO_ICMP:\r
1669 if ((Mask & ICMP_TYPE) != 0) {\r
1670 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r
1671 }\r
1672\r
1673 if ((Mask & ICMP_CODE) != 0) {\r
1674 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r
1675 }\r
1676 break;\r
1677 }\r
1678 }\r
1679 }\r
1680\r
1681 return EFI_SUCCESS;\r
1682}\r
1683\r
1684/**\r
1685 Combine old PAD entry with new PAD entry.\r
1686\r
1687 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1688 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1689 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
1690 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
1691 @param[in] Mask The pointer to the Mask.\r
1692 @param[out] CreateNew The switch to create new.\r
1693\r
1694 @retval EFI_SUCCESS Combined successfully.\r
1695 @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
1696\r
1697**/\r
1698EFI_STATUS\r
1699CombinePadEntry (\r
1700 IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r
1701 IN OUT EFI_IPSEC_PAD_DATA *OldData,\r
1702 IN EFI_IPSEC_PAD_ID *NewPadId,\r
1703 IN EFI_IPSEC_PAD_DATA *NewData,\r
1704 IN UINT32 Mask,\r
1705 OUT BOOLEAN *CreateNew\r
1706 )\r
1707{\r
1708\r
1709 *CreateNew = FALSE;\r
1710\r
1711 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
1712 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r
1713 } else {\r
1714 if ((Mask & PEER_ID) != 0) {\r
1715 if (OldPadId->PeerIdValid) {\r
1716 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r
1717 *CreateNew = TRUE;\r
1718 }\r
1719 } else {\r
1720 *CreateNew = TRUE;\r
1721 }\r
1722 } else {\r
1723 //\r
1724 // MASK & PEER_ADDRESS\r
1725 //\r
1726 if (OldPadId->PeerIdValid) {\r
1727 *CreateNew = TRUE;\r
1728 } else {\r
1729 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r
1730 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r
1731 *CreateNew = TRUE;\r
1732 }\r
1733 }\r
1734 }\r
1735 }\r
1736\r
1737 if ((Mask & AUTH_PROTO) != 0) {\r
1738 OldData->AuthProtocol = NewData->AuthProtocol;\r
1739 }\r
1740\r
1741 if ((Mask & AUTH_METHOD) != 0) {\r
1742 OldData->AuthMethod = NewData->AuthMethod;\r
1743 }\r
1744\r
1745 if ((Mask & IKE_ID) != 0) {\r
1746 OldData->IkeIdFlag = NewData->IkeIdFlag;\r
1747 }\r
1748\r
1749 if ((Mask & AUTH_DATA) != 0) {\r
1750 OldData->AuthDataSize = NewData->AuthDataSize;\r
1751 OldData->AuthData = NewData->AuthData;\r
1752 }\r
1753\r
1754 if ((Mask & REVOCATION_DATA) != 0) {\r
1755 OldData->RevocationDataSize = NewData->RevocationDataSize;\r
1756 OldData->RevocationData = NewData->RevocationData;\r
1757 }\r
1758\r
1759 return EFI_SUCCESS;\r
1760}\r
1761\r
1762COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r
1763 (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r
1764 (COMBINE_POLICY_ENTRY) CombineSadEntry,\r
1765 (COMBINE_POLICY_ENTRY) CombinePadEntry\r
1766};\r
1767\r
1768/**\r
1769 Edit entry information in the database.\r
1770\r
1771 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1772 @param[in] Data The pointer to the data.\r
1773 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1774\r
1775 @retval EFI_SUCCESS Continue the iteration.\r
1776 @retval EFI_ABORTED Abort the iteration.\r
1777**/\r
1778EFI_STATUS\r
1779EditOperatePolicyEntry (\r
1780 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1781 IN VOID *Data,\r
1782 IN EDIT_POLICY_ENTRY_CONTEXT *Context\r
1783 )\r
1784{\r
1785 EFI_STATUS Status;\r
1786 BOOLEAN CreateNew;\r
1787\r
1788 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1789 ASSERT (Context->DataType < 3);\r
1790\r
1791 Status = mCombinePolicyEntry[Context->DataType] (\r
1792 Selector,\r
1793 Data,\r
1794 Context->Selector,\r
1795 Context->Data,\r
1796 Context->Mask,\r
1797 &CreateNew\r
1798 );\r
1799 if (!EFI_ERROR (Status)) {\r
1800 if (CreateNew) {\r
1801 //\r
1802 // Insert new entry before old entry\r
1803 //\r
1804 Status = mIpSecConfig->SetData (\r
1805 mIpSecConfig,\r
1806 Context->DataType,\r
1807 Context->Selector,\r
1808 Data,\r
1809 Selector\r
1810 );\r
1811 ASSERT_EFI_ERROR (Status);\r
1812 //\r
1813 // Delete old entry\r
1814 //\r
1815 Status = mIpSecConfig->SetData (\r
1816 mIpSecConfig,\r
1817 Context->DataType,\r
1818 Selector,\r
1819 NULL,\r
1820 NULL\r
1821 );\r
1822 ASSERT_EFI_ERROR (Status);\r
1823 } else {\r
1824 Status = mIpSecConfig->SetData (\r
1825 mIpSecConfig,\r
1826 Context->DataType,\r
1827 Context->Selector,\r
1828 Data,\r
1829 NULL\r
1830 );\r
1831 }\r
1832 }\r
1833\r
1834 Context->Status = Status;\r
1835 return EFI_ABORTED;\r
1836 }\r
1837\r
1838 return EFI_SUCCESS;\r
1839}\r
1840\r
1841/**\r
1842 Edit entry information in database according to datatype.\r
1843\r
1844 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1845 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1846\r
1847 @retval EFI_SUCCESS Edit entry information successfully.\r
1848 @retval EFI_NOT_FOUND Can't find the specified entry.\r
1849 @retval Others Some mistaken case.\r
1850**/\r
1851EFI_STATUS\r
1852EditPolicyEntry (\r
1853 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
1854 IN LIST_ENTRY *ParamPackage\r
1855 )\r
1856{\r
1857 EFI_STATUS Status;\r
1858 EDIT_POLICY_ENTRY_CONTEXT Context;\r
1859 CONST CHAR16 *ValueStr;\r
1860\r
1861 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r
1862 if (ValueStr == NULL) {\r
1863 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
1864 return EFI_NOT_FOUND;\r
1865 }\r
1866\r
1867 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
1868 if (!EFI_ERROR (Status)) {\r
1869 Context.DataType = DataType;\r
1870 Context.Status = EFI_NOT_FOUND;\r
1871 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r
1872 if (!EFI_ERROR (Status)) {\r
1873 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r
1874 Status = Context.Status;\r
1875 }\r
1876\r
1877 if (Context.Selector != NULL) {\r
1878 gBS->FreePool (Context.Selector);\r
1879 }\r
1880\r
1881 if (Context.Data != NULL) {\r
1882 gBS->FreePool (Context.Data);\r
1883 }\r
1884 }\r
1885\r
1886 if (Status == EFI_NOT_FOUND) {\r
1887 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
1888 } else if (EFI_ERROR (Status)) {\r
1889 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r
1890 }\r
1891\r
1892 return Status;\r
1893\r
1894}\r
1895\r
1896/**\r
1897 Insert entry information in database.\r
1898\r
1899 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
1900 @param[in] Data The pointer to the data.\r
1901 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
1902\r
1903 @retval EFI_SUCCESS Continue the iteration.\r
1904 @retval EFI_ABORTED Abort the iteration.\r
1905**/\r
1906EFI_STATUS\r
1907InsertPolicyEntry (\r
1908 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1909 IN VOID *Data,\r
1910 IN INSERT_POLICY_ENTRY_CONTEXT *Context\r
1911 )\r
1912{\r
1913 //\r
1914 // Found the entry which we want to insert before.\r
1915 //\r
1916 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
1917\r
1918 Context->Status = mIpSecConfig->SetData (\r
1919 mIpSecConfig,\r
1920 Context->DataType,\r
1921 Context->Selector,\r
1922 Context->Data,\r
1923 Selector\r
1924 );\r
1925 //\r
1926 // Abort the iteration after the insertion.\r
1927 //\r
1928 return EFI_ABORTED;\r
1929 }\r
1930\r
1931 return EFI_SUCCESS;\r
1932}\r
1933\r
1934/**\r
1935 Insert or add entry information in database according to datatype.\r
1936\r
1937 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
1938 @param[in] ParamPackage The pointer to the ParamPackage list.\r
1939\r
1940 @retval EFI_SUCCESS Insert or add entry information successfully.\r
1941 @retval EFI_NOT_FOUND Can't find the specified entry.\r
1942 @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r
1943 @retval EFI_UNSUPPORTED The operation is not supported.\r
1944 @retval Others Some mistaken case.\r
1945**/\r
1946EFI_STATUS\r
1947AddOrInsertPolicyEntry (\r
1948 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
1949 IN LIST_ENTRY *ParamPackage\r
1950 )\r
1951{\r
1952 EFI_STATUS Status;\r
1953 EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
1954 VOID *Data;\r
1955 INSERT_POLICY_ENTRY_CONTEXT Context;\r
1956 UINT32 Mask;\r
1957 UINTN DataSize;\r
1958 CONST CHAR16 *ValueStr;\r
1959\r
1960 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r
1961 if (!EFI_ERROR (Status)) {\r
1962 //\r
1963 // Find if the Selector to be inserted already exists.\r
1964 //\r
1965 DataSize = 0;\r
1966 Status = mIpSecConfig->GetData (\r
1967 mIpSecConfig,\r
1968 DataType,\r
1969 Selector,\r
1970 &DataSize,\r
1971 NULL\r
1972 );\r
1973 if (Status == EFI_BUFFER_TOO_SMALL) {\r
1974 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r
1975 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
1976 Status = mIpSecConfig->SetData (\r
1977 mIpSecConfig,\r
1978 DataType,\r
1979 Selector,\r
1980 Data,\r
1981 NULL\r
1982 );\r
1983 } else {\r
1984 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r
1985 if (ValueStr == NULL) {\r
1986 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
1987 return EFI_NOT_FOUND;\r
1988 }\r
1989\r
1990 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
1991 if (!EFI_ERROR (Status)) {\r
1992 Context.DataType = DataType;\r
1993 Context.Status = EFI_NOT_FOUND;\r
1994 Context.Selector = Selector;\r
1995 Context.Data = Data;\r
1996\r
1997 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r
1998 Status = Context.Status;\r
1999 if (Status == EFI_NOT_FOUND) {\r
2000 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
2001 }\r
2002 }\r
2003 }\r
2004\r
2005 gBS->FreePool (Selector);\r
2006 gBS->FreePool (Data);\r
2007 }\r
2008\r
2009 if (Status == EFI_UNSUPPORTED) {\r
2010 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r
2011 } else if (EFI_ERROR (Status)) {\r
2012 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r
2013 }\r
2014\r
2015 return Status;\r
2016}\r
EFI Development Kit II mirror for PVE