]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - NetworkPkg/IpSecDxe/IpSecConfigImpl.c
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
NetworkPkg: Fix IpSec run into infinite loop issue in some case
[mirror_edk2.git] / NetworkPkg / IpSecDxe / IpSecConfigImpl.c
... / ...
CommitLineData
1/** @file\r
2 The implementation of IPSEC_CONFIG_PROTOCOL.\r
3\r
4 Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include "IpSecConfigImpl.h"\r
17#include "IpSecDebug.h"\r
18\r
19LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];\r
20BOOLEAN mSetBySelf = FALSE;\r
21\r
22//\r
23// Common CompareSelector routine entry for SPD/SAD/PAD.\r
24//\r
25IPSEC_COMPARE_SELECTOR mCompareSelector[] = {\r
26 (IPSEC_COMPARE_SELECTOR) CompareSpdSelector,\r
27 (IPSEC_COMPARE_SELECTOR) CompareSaId,\r
28 (IPSEC_COMPARE_SELECTOR) ComparePadId\r
29};\r
30\r
31//\r
32// Common IsZeroSelector routine entry for SPD/SAD/PAD.\r
33//\r
34IPSEC_IS_ZERO_SELECTOR mIsZeroSelector[] = {\r
35 (IPSEC_IS_ZERO_SELECTOR) IsZeroSpdSelector,\r
36 (IPSEC_IS_ZERO_SELECTOR) IsZeroSaId,\r
37 (IPSEC_IS_ZERO_SELECTOR) IsZeroPadId\r
38};\r
39\r
40//\r
41// Common DuplicateSelector routine entry for SPD/SAD/PAD.\r
42//\r
43IPSEC_DUPLICATE_SELECTOR mDuplicateSelector[] = {\r
44 (IPSEC_DUPLICATE_SELECTOR) DuplicateSpdSelector,\r
45 (IPSEC_DUPLICATE_SELECTOR) DuplicateSaId,\r
46 (IPSEC_DUPLICATE_SELECTOR) DuplicatePadId\r
47};\r
48\r
49//\r
50// Common FixPolicyEntry routine entry for SPD/SAD/PAD.\r
51//\r
52IPSEC_FIX_POLICY_ENTRY mFixPolicyEntry[] = {\r
53 (IPSEC_FIX_POLICY_ENTRY) FixSpdEntry,\r
54 (IPSEC_FIX_POLICY_ENTRY) FixSadEntry,\r
55 (IPSEC_FIX_POLICY_ENTRY) FixPadEntry\r
56};\r
57\r
58//\r
59// Common UnfixPolicyEntry routine entry for SPD/SAD/PAD.\r
60//\r
61IPSEC_FIX_POLICY_ENTRY mUnfixPolicyEntry[] = {\r
62 (IPSEC_FIX_POLICY_ENTRY) UnfixSpdEntry,\r
63 (IPSEC_FIX_POLICY_ENTRY) UnfixSadEntry,\r
64 (IPSEC_FIX_POLICY_ENTRY) UnfixPadEntry\r
65};\r
66\r
67//\r
68// Common SetPolicyEntry routine entry for SPD/SAD/PAD.\r
69//\r
70IPSEC_SET_POLICY_ENTRY mSetPolicyEntry[] = {\r
71 (IPSEC_SET_POLICY_ENTRY) SetSpdEntry,\r
72 (IPSEC_SET_POLICY_ENTRY) SetSadEntry,\r
73 (IPSEC_SET_POLICY_ENTRY) SetPadEntry\r
74};\r
75\r
76//\r
77// Common GetPolicyEntry routine entry for SPD/SAD/PAD.\r
78//\r
79IPSEC_GET_POLICY_ENTRY mGetPolicyEntry[] = {\r
80 (IPSEC_GET_POLICY_ENTRY) GetSpdEntry,\r
81 (IPSEC_GET_POLICY_ENTRY) GetSadEntry,\r
82 (IPSEC_GET_POLICY_ENTRY) GetPadEntry\r
83};\r
84\r
85//\r
86// Routine entry for IpSecConfig protocol.\r
87//\r
88EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance = {\r
89 EfiIpSecConfigSetData,\r
90 EfiIpSecConfigGetData,\r
91 EfiIpSecConfigGetNextSelector,\r
92 EfiIpSecConfigRegisterNotify,\r
93 EfiIpSecConfigUnregisterNotify\r
94};\r
95\r
96/**\r
97 Get the all IPSec configuration variables and store those variables\r
98 to the internal data structure.\r
99\r
100 This founction is called by IpSecConfigInitialize() that is to intialize the \r
101 IPsecConfiguration Protocol.\r
102\r
103 @param[in] Private Point to IPSEC_PRIVATE_DATA.\r
104\r
105 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r
106 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.\r
107 @retval others Other errors is found during the variable getting.\r
108\r
109**/\r
110EFI_STATUS\r
111IpSecConfigRestore (\r
112 IN IPSEC_PRIVATE_DATA *Private\r
113 );\r
114\r
115/**\r
116 Check if the specified EFI_IP_ADDRESS_INFO is in EFI_IP_ADDRESS_INFO list.\r
117\r
118 @param[in] AddressInfo Pointer of IP_ADDRESS_INFO to be search in AddressInfo list.\r
119 @param[in] AddressInfoList A list that contains IP_ADDRESS_INFOs.\r
120 @param[in] AddressCount Point out how many IP_ADDRESS_INFO in the list.\r
121\r
122 @retval TRUE The specified AddressInfo is in the AddressInfoList.\r
123 @retval FALSE The specified AddressInfo is not in the AddressInfoList.\r
124 \r
125**/\r
126BOOLEAN\r
127IsInAddressInfoList(\r
128 IN EFI_IP_ADDRESS_INFO *AddressInfo,\r
129 IN EFI_IP_ADDRESS_INFO *AddressInfoList,\r
130 IN UINT32 AddressCount\r
131 )\r
132{\r
133 UINT8 Index;\r
134 EFI_IP_ADDRESS ZeroAddress;\r
135\r
136 ZeroMem(&ZeroAddress, sizeof (EFI_IP_ADDRESS));\r
137\r
138 //\r
139 // Zero Address means any address is matched.\r
140 //\r
141 if (AddressCount == 1) {\r
142 if (CompareMem (\r
143 &AddressInfoList[0].Address,\r
144 &ZeroAddress,\r
145 sizeof (EFI_IP_ADDRESS)\r
146 ) == 0) {\r
147 return TRUE;\r
148 }\r
149 }\r
150 for (Index = 0; Index < AddressCount ; Index++) {\r
151 if (CompareMem (\r
152 AddressInfo,\r
153 &AddressInfoList[Index].Address,\r
154 sizeof (EFI_IP_ADDRESS)\r
155 ) == 0 && \r
156 AddressInfo->PrefixLength == AddressInfoList[Index].PrefixLength\r
157 ) { \r
158 return TRUE;\r
159 }\r
160 }\r
161 return FALSE;\r
162}\r
163 \r
164/**\r
165 Compare two SPD Selectors.\r
166\r
167 Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/\r
168 NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the \r
169 Local Addresses and remote Addresses.\r
170\r
171 @param[in] Selector1 Pointer of first SPD Selector.\r
172 @param[in] Selector2 Pointer of second SPD Selector.\r
173\r
174 @retval TRUE This two Selector have the same value in above fields.\r
175 @retval FALSE Not all above fields have the same value in these two Selectors.\r
176 \r
177**/\r
178BOOLEAN\r
179CompareSpdSelector (\r
180 IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r
181 IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r
182 )\r
183{\r
184 EFI_IPSEC_SPD_SELECTOR *SpdSel1;\r
185 EFI_IPSEC_SPD_SELECTOR *SpdSel2;\r
186 BOOLEAN IsMatch;\r
187 UINTN Index;\r
188\r
189 SpdSel1 = &Selector1->SpdSelector;\r
190 SpdSel2 = &Selector2->SpdSelector;\r
191 IsMatch = TRUE;\r
192\r
193 //\r
194 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/\r
195 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the\r
196 // two Spdselectors. Since the SPD supports two directions, it needs to \r
197 // compare two directions.\r
198 //\r
199 if ((SpdSel1->LocalAddressCount != SpdSel2->LocalAddressCount &&\r
200 SpdSel1->LocalAddressCount != SpdSel2->RemoteAddressCount) ||\r
201 (SpdSel1->RemoteAddressCount != SpdSel2->RemoteAddressCount &&\r
202 SpdSel1->RemoteAddressCount != SpdSel2->LocalAddressCount) ||\r
203 SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol ||\r
204 SpdSel1->LocalPort != SpdSel2->LocalPort ||\r
205 SpdSel1->LocalPortRange != SpdSel2->LocalPortRange ||\r
206 SpdSel1->RemotePort != SpdSel2->RemotePort ||\r
207 SpdSel1->RemotePortRange != SpdSel2->RemotePortRange\r
208 ) {\r
209 IsMatch = FALSE;\r
210 return IsMatch;\r
211 }\r
212 \r
213 //\r
214 // Compare the all LocalAddress fields in the two Spdselectors.\r
215 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
216 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
217 // TRUE.\r
218 //\r
219 for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {\r
220 if (!IsInAddressInfoList (\r
221 &SpdSel1->LocalAddress[Index],\r
222 SpdSel2->LocalAddress,\r
223 SpdSel2->LocalAddressCount\r
224 )) {\r
225 IsMatch = FALSE;\r
226 break;\r
227 }\r
228 }\r
229 if (IsMatch) {\r
230 for (Index = 0; Index < SpdSel2->LocalAddressCount; Index++) {\r
231 if (!IsInAddressInfoList (\r
232 &SpdSel2->LocalAddress[Index],\r
233 SpdSel1->LocalAddress,\r
234 SpdSel1->LocalAddressCount\r
235 )) {\r
236 IsMatch = FALSE;\r
237 break;\r
238 }\r
239 }\r
240 }\r
241 if (IsMatch) {\r
242 for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {\r
243 if (!IsInAddressInfoList (\r
244 &SpdSel1->RemoteAddress[Index],\r
245 SpdSel2->RemoteAddress,\r
246 SpdSel2->RemoteAddressCount\r
247 )) {\r
248 IsMatch = FALSE;\r
249 break;\r
250 }\r
251 }\r
252 }\r
253 if (IsMatch) {\r
254 for (Index = 0; Index < SpdSel2->RemoteAddressCount; Index++) {\r
255 if (!IsInAddressInfoList (\r
256 &SpdSel2->RemoteAddress[Index],\r
257 SpdSel1->RemoteAddress,\r
258 SpdSel1->RemoteAddressCount\r
259 )) {\r
260 IsMatch = FALSE;\r
261 break;\r
262 }\r
263 }\r
264 }\r
265 //\r
266 // Finish the one direction compare. If it is matched, return; otherwise, \r
267 // compare the other direction.\r
268 //\r
269 if (IsMatch) {\r
270 return IsMatch;\r
271 }\r
272 //\r
273 // Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and \r
274 // SpdSel1->RemoteAddress doesn't equal to SpdSel2->RemoteAddress. Try to compare\r
275 // the RemoteAddress to LocalAddress.\r
276 //\r
277 IsMatch = TRUE;\r
278 for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {\r
279 if (!IsInAddressInfoList (\r
280 &SpdSel1->RemoteAddress[Index],\r
281 SpdSel2->LocalAddress,\r
282 SpdSel2->LocalAddressCount\r
283 )) {\r
284 IsMatch = FALSE;\r
285 break;\r
286 }\r
287 }\r
288 if (IsMatch) {\r
289 for (Index = 0; Index < SpdSel2->RemoteAddressCount; Index++) {\r
290 if (!IsInAddressInfoList (\r
291 &SpdSel2->RemoteAddress[Index],\r
292 SpdSel1->LocalAddress,\r
293 SpdSel1->LocalAddressCount\r
294 )) {\r
295 IsMatch = FALSE;\r
296 break;\r
297 }\r
298 }\r
299 }\r
300 if (IsMatch) {\r
301 for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {\r
302 if (!IsInAddressInfoList (\r
303 &SpdSel1->LocalAddress[Index],\r
304 SpdSel2->RemoteAddress,\r
305 SpdSel2->RemoteAddressCount\r
306 )) {\r
307 IsMatch = FALSE;\r
308 break;\r
309 }\r
310 }\r
311 }\r
312 if (IsMatch) {\r
313 for (Index = 0; Index < SpdSel2->LocalAddressCount; Index++) {\r
314 if (!IsInAddressInfoList (\r
315 &SpdSel2->LocalAddress[Index],\r
316 SpdSel1->RemoteAddress,\r
317 SpdSel1->RemoteAddressCount\r
318 )) {\r
319 IsMatch = FALSE;\r
320 break;\r
321 }\r
322 }\r
323 }\r
324 return IsMatch;\r
325}\r
326\r
327/**\r
328 Find if the two SPD Selectors has subordinative.\r
329\r
330 Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/\r
331 NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the \r
332 Local Addresses and remote Addresses.\r
333\r
334 @param[in] Selector1 Pointer of first SPD Selector.\r
335 @param[in] Selector2 Pointer of second SPD Selector.\r
336\r
337 @retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.\r
338 @retval FALSE The first SPD Selector is not subordinate Selector of second \r
339 SPD Selector.\r
340 \r
341**/\r
342BOOLEAN\r
343IsSubSpdSelector (\r
344 IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r
345 IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r
346 )\r
347{\r
348 EFI_IPSEC_SPD_SELECTOR *SpdSel1;\r
349 EFI_IPSEC_SPD_SELECTOR *SpdSel2;\r
350 BOOLEAN IsMatch;\r
351 UINTN Index;\r
352\r
353 SpdSel1 = &Selector1->SpdSelector;\r
354 SpdSel2 = &Selector2->SpdSelector;\r
355 IsMatch = TRUE;\r
356\r
357 //\r
358 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/\r
359 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the\r
360 // two Spdselectors. Since the SPD supports two directions, it needs to \r
361 // compare two directions.\r
362 //\r
363 if (SpdSel1->LocalAddressCount > SpdSel2->LocalAddressCount ||\r
364 SpdSel1->RemoteAddressCount > SpdSel2->RemoteAddressCount ||\r
365 (SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol && SpdSel2->NextLayerProtocol != 0xffff) ||\r
366 (SpdSel1->LocalPort > SpdSel2->LocalPort && SpdSel2->LocalPort != 0)||\r
367 (SpdSel1->LocalPortRange > SpdSel2->LocalPortRange && SpdSel1->LocalPort != 0)||\r
368 (SpdSel1->RemotePort > SpdSel2->RemotePort && SpdSel2->RemotePort != 0) ||\r
369 (SpdSel1->RemotePortRange > SpdSel2->RemotePortRange && SpdSel2->RemotePort != 0)\r
370 ) {\r
371 IsMatch = FALSE;\r
372 }\r
373 \r
374 //\r
375 // Compare the all LocalAddress fields in the two Spdselectors.\r
376 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
377 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
378 // TRUE.\r
379 //\r
380 if (IsMatch) {\r
381 for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {\r
382 if (!IsInAddressInfoList (\r
383 &SpdSel1->LocalAddress[Index],\r
384 SpdSel2->LocalAddress,\r
385 SpdSel2->LocalAddressCount\r
386 )) {\r
387 IsMatch = FALSE;\r
388 break;\r
389 }\r
390 }\r
391\r
392 if (IsMatch) {\r
393 for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {\r
394 if (!IsInAddressInfoList (\r
395 &SpdSel1->RemoteAddress[Index],\r
396 SpdSel2->RemoteAddress,\r
397 SpdSel2->RemoteAddressCount\r
398 )) {\r
399 IsMatch = FALSE;\r
400 break;\r
401 }\r
402 }\r
403 }\r
404 }\r
405 if (IsMatch) {\r
406 return IsMatch;\r
407 }\r
408 \r
409 //\r
410 //\r
411 // The SPD selector in SPD entry is two way.\r
412 //\r
413 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/\r
414 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the\r
415 // two Spdselectors. Since the SPD supports two directions, it needs to \r
416 // compare two directions.\r
417 //\r
418 IsMatch = TRUE;\r
419 if (SpdSel1->LocalAddressCount > SpdSel2->RemoteAddressCount ||\r
420 SpdSel1->RemoteAddressCount > SpdSel2->LocalAddressCount ||\r
421 (SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol && SpdSel2->NextLayerProtocol != 0xffff) ||\r
422 (SpdSel1->LocalPort > SpdSel2->RemotePort && SpdSel2->RemotePort != 0)||\r
423 (SpdSel1->LocalPortRange > SpdSel2->RemotePortRange && SpdSel1->RemotePort != 0)||\r
424 (SpdSel1->RemotePort > SpdSel2->LocalPort && SpdSel2->LocalPort != 0) ||\r
425 (SpdSel1->RemotePortRange > SpdSel2->LocalPortRange && SpdSel2->LocalPort != 0)\r
426 ) {\r
427 IsMatch = FALSE;\r
428 return IsMatch;\r
429 }\r
430 \r
431 //\r
432 // Compare the all LocalAddress fields in the two Spdselectors.\r
433 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare \r
434 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return\r
435 // TRUE.\r
436 //\r
437 for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {\r
438 if (!IsInAddressInfoList (\r
439 &SpdSel1->LocalAddress[Index],\r
440 SpdSel2->RemoteAddress,\r
441 SpdSel2->RemoteAddressCount\r
442 )) {\r
443 IsMatch = FALSE;\r
444 break;\r
445 }\r
446 }\r
447\r
448 if (IsMatch) {\r
449 for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {\r
450 if (!IsInAddressInfoList (\r
451 &SpdSel1->RemoteAddress[Index],\r
452 SpdSel2->LocalAddress,\r
453 SpdSel2->LocalAddressCount\r
454 )) {\r
455 IsMatch = FALSE;\r
456 break;\r
457 }\r
458 }\r
459 }\r
460 return IsMatch;\r
461 \r
462}\r
463\r
464/**\r
465 Compare two SA IDs.\r
466\r
467 @param[in] Selector1 Pointer of first SA ID.\r
468 @param[in] Selector2 Pointer of second SA ID.\r
469\r
470 @retval TRUE This two Selectors have the same SA ID.\r
471 @retval FALSE This two Selecotrs don't have the same SA ID.\r
472 \r
473**/\r
474BOOLEAN\r
475CompareSaId (\r
476 IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r
477 IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r
478 )\r
479{\r
480 EFI_IPSEC_SA_ID *SaId1;\r
481 EFI_IPSEC_SA_ID *SaId2;\r
482 BOOLEAN IsMatch;\r
483\r
484 SaId1 = &Selector1->SaId;\r
485 SaId2 = &Selector2->SaId;\r
486 IsMatch = TRUE;\r
487\r
488 if (CompareMem (SaId1, SaId2, sizeof (EFI_IPSEC_SA_ID)) != 0) {\r
489 IsMatch = FALSE;\r
490 }\r
491\r
492 return IsMatch;\r
493}\r
494\r
495/**\r
496 Compare two PAD IDs.\r
497\r
498 @param[in] Selector1 Pointer of first PAD ID.\r
499 @param[in] Selector2 Pointer of second PAD ID.\r
500\r
501 @retval TRUE This two Selectors have the same PAD ID.\r
502 @retval FALSE This two Selecotrs don't have the same PAD ID.\r
503 \r
504**/\r
505BOOLEAN\r
506ComparePadId (\r
507 IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,\r
508 IN EFI_IPSEC_CONFIG_SELECTOR *Selector2\r
509 )\r
510{\r
511 EFI_IPSEC_PAD_ID *PadId1;\r
512 EFI_IPSEC_PAD_ID *PadId2;\r
513 BOOLEAN IsMatch;\r
514\r
515 PadId1 = &Selector1->PadId;\r
516 PadId2 = &Selector2->PadId;\r
517 IsMatch = TRUE;\r
518\r
519 //\r
520 // Compare the PeerIdValid fields in PadId.\r
521 //\r
522 if (PadId1->PeerIdValid != PadId2->PeerIdValid) {\r
523 IsMatch = FALSE;\r
524 }\r
525 //\r
526 // Compare the PeerId fields in PadId if PeerIdValid is true.\r
527 //\r
528 if (IsMatch &&\r
529 PadId1->PeerIdValid &&\r
530 AsciiStriCmp ((CONST CHAR8 *) PadId1->Id.PeerId, (CONST CHAR8 *) PadId2->Id.PeerId) != 0\r
531 ) {\r
532 IsMatch = FALSE;\r
533 }\r
534 //\r
535 // Compare the IpAddress fields in PadId if PeerIdValid is false.\r
536 //\r
537 if (IsMatch &&\r
538 !PadId1->PeerIdValid &&\r
539 (PadId1->Id.IpAddress.PrefixLength != PadId2->Id.IpAddress.PrefixLength ||\r
540 CompareMem (&PadId1->Id.IpAddress.Address, &PadId2->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0)\r
541 ) {\r
542 IsMatch = FALSE;\r
543 }\r
544\r
545 return IsMatch;\r
546}\r
547\r
548/**\r
549 Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount\r
550 fields.\r
551\r
552 @param[in] Selector Pointer of the SPD Selector.\r
553\r
554 @retval TRUE If the SPD Selector is Zero.\r
555 @retval FALSE If the SPD Selector is not Zero.\r
556\r
557**/\r
558BOOLEAN\r
559IsZeroSpdSelector (\r
560 IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r
561 )\r
562{\r
563 EFI_IPSEC_SPD_SELECTOR *SpdSel;\r
564 BOOLEAN IsZero;\r
565\r
566 SpdSel = &Selector->SpdSelector;\r
567 IsZero = FALSE;\r
568\r
569 if (SpdSel->LocalAddressCount == 0 && SpdSel->RemoteAddressCount == 0) {\r
570 IsZero = TRUE;\r
571 }\r
572\r
573 return IsZero;\r
574}\r
575\r
576/**\r
577 Check if the SA ID is Zero by its DestAddress.\r
578\r
579 @param[in] Selector Pointer of the SA ID.\r
580\r
581 @retval TRUE If the SA ID is Zero.\r
582 @retval FALSE If the SA ID is not Zero.\r
583\r
584**/\r
585BOOLEAN\r
586IsZeroSaId (\r
587 IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r
588 )\r
589{\r
590 BOOLEAN IsZero;\r
591 EFI_IPSEC_CONFIG_SELECTOR ZeroSelector;\r
592 \r
593 IsZero = FALSE;\r
594\r
595 ZeroMem (&ZeroSelector, sizeof (EFI_IPSEC_CONFIG_SELECTOR));\r
596\r
597 if (CompareMem (&ZeroSelector, Selector, sizeof (EFI_IPSEC_CONFIG_SELECTOR)) == 0) {\r
598 IsZero = TRUE;\r
599 }\r
600\r
601 return IsZero;\r
602}\r
603\r
604/**\r
605 Check if the PAD ID is Zero.\r
606\r
607 @param[in] Selector Pointer of the PAD ID.\r
608\r
609 @retval TRUE If the PAD ID is Zero.\r
610 @retval FALSE If the PAD ID is not Zero.\r
611\r
612**/\r
613BOOLEAN\r
614IsZeroPadId (\r
615 IN EFI_IPSEC_CONFIG_SELECTOR *Selector\r
616 )\r
617{\r
618 EFI_IPSEC_PAD_ID *PadId;\r
619 EFI_IPSEC_PAD_ID ZeroId;\r
620 BOOLEAN IsZero;\r
621\r
622 PadId = &Selector->PadId;\r
623 IsZero = FALSE;\r
624\r
625 ZeroMem (&ZeroId, sizeof (EFI_IPSEC_PAD_ID));\r
626\r
627 if (CompareMem (PadId, &ZeroId, sizeof (EFI_IPSEC_PAD_ID)) == 0) {\r
628 IsZero = TRUE;\r
629 }\r
630\r
631 return IsZero;\r
632}\r
633\r
634/**\r
635 Copy Source SPD Selector to the Destination SPD Selector.\r
636\r
637 @param[in, out] DstSel Pointer of Destination SPD Selector.\r
638 @param[in] SrcSel Pointer of Source SPD Selector.\r
639 @param[in, out] Size The size of the Destination SPD Selector. If it \r
640 not NULL and its value less than the size of \r
641 Source SPD Selector, the value of Source SPD \r
642 Selector's size will be passed to caller by this\r
643 parameter.\r
644\r
645 @retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL\r
646 @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector. \r
647 @retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD\r
648 Selector successfully.\r
649\r
650**/\r
651EFI_STATUS\r
652DuplicateSpdSelector (\r
653 IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r
654 IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r
655 IN OUT UINTN *Size\r
656 )\r
657{\r
658 EFI_IPSEC_SPD_SELECTOR *Dst;\r
659 EFI_IPSEC_SPD_SELECTOR *Src;\r
660\r
661 Dst = &DstSel->SpdSelector;\r
662 Src = &SrcSel->SpdSelector;\r
663\r
664 if (Dst == NULL || Src == NULL) {\r
665 return EFI_INVALID_PARAMETER;\r
666 }\r
667\r
668 if (Size != NULL && (*Size) < SIZE_OF_SPD_SELECTOR (Src)) {\r
669 *Size = SIZE_OF_SPD_SELECTOR (Src);\r
670 return EFI_BUFFER_TOO_SMALL;\r
671 }\r
672 //\r
673 // Copy the base structure of SPD selector.\r
674 //\r
675 CopyMem (Dst, Src, sizeof (EFI_IPSEC_SPD_SELECTOR));\r
676\r
677 //\r
678 // Copy the local address array of SPD selector.\r
679 //\r
680 Dst->LocalAddress = (EFI_IP_ADDRESS_INFO *) (Dst + 1);\r
681 CopyMem (\r
682 Dst->LocalAddress,\r
683 Src->LocalAddress,\r
684 sizeof (EFI_IP_ADDRESS_INFO) * Dst->LocalAddressCount\r
685 );\r
686\r
687 //\r
688 // Copy the remote address array of SPD selector.\r
689 //\r
690 Dst->RemoteAddress = Dst->LocalAddress + Dst->LocalAddressCount;\r
691 CopyMem (\r
692 Dst->RemoteAddress,\r
693 Src->RemoteAddress,\r
694 sizeof (EFI_IP_ADDRESS_INFO) * Dst->RemoteAddressCount\r
695 );\r
696\r
697 return EFI_SUCCESS;\r
698}\r
699\r
700/**\r
701 Copy Source SA ID to the Destination SA ID.\r
702\r
703 @param[in, out] DstSel Pointer of Destination SA ID.\r
704 @param[in] SrcSel Pointer of Source SA ID.\r
705 @param[in, out] Size The size of the Destination SA ID. If it \r
706 not NULL and its value less than the size of \r
707 Source SA ID, the value of Source SA ID's size \r
708 will be passed to caller by this parameter.\r
709\r
710 @retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.\r
711 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID. \r
712 @retval EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.\r
713\r
714**/\r
715EFI_STATUS\r
716DuplicateSaId (\r
717 IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r
718 IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r
719 IN OUT UINTN *Size\r
720 )\r
721{\r
722 EFI_IPSEC_SA_ID *Dst;\r
723 EFI_IPSEC_SA_ID *Src;\r
724\r
725 Dst = &DstSel->SaId;\r
726 Src = &SrcSel->SaId;\r
727\r
728 if (Dst == NULL || Src == NULL) {\r
729 return EFI_INVALID_PARAMETER;\r
730 }\r
731\r
732 if (Size != NULL && *Size < sizeof (EFI_IPSEC_SA_ID)) {\r
733 *Size = sizeof (EFI_IPSEC_SA_ID);\r
734 return EFI_BUFFER_TOO_SMALL;\r
735 }\r
736\r
737 CopyMem (Dst, Src, sizeof (EFI_IPSEC_SA_ID));\r
738\r
739 return EFI_SUCCESS;\r
740}\r
741\r
742/**\r
743 Copy Source PAD ID to the Destination PAD ID.\r
744\r
745 @param[in, out] DstSel Pointer of Destination PAD ID.\r
746 @param[in] SrcSel Pointer of Source PAD ID.\r
747 @param[in, out] Size The size of the Destination PAD ID. If it \r
748 not NULL and its value less than the size of \r
749 Source PAD ID, the value of Source PAD ID's size \r
750 will be passed to caller by this parameter.\r
751\r
752 @retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.\r
753 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID .\r
754 @retval EFI_SUCCESS Copy Source PAD ID to the Destination PAD ID successfully.\r
755\r
756**/\r
757EFI_STATUS\r
758DuplicatePadId (\r
759 IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,\r
760 IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,\r
761 IN OUT UINTN *Size\r
762 )\r
763{\r
764 EFI_IPSEC_PAD_ID *Dst;\r
765 EFI_IPSEC_PAD_ID *Src;\r
766\r
767 Dst = &DstSel->PadId;\r
768 Src = &SrcSel->PadId;\r
769\r
770 if (Dst == NULL || Src == NULL) {\r
771 return EFI_INVALID_PARAMETER;\r
772 }\r
773\r
774 if (Size != NULL && *Size < sizeof (EFI_IPSEC_PAD_ID)) {\r
775 *Size = sizeof (EFI_IPSEC_PAD_ID);\r
776 return EFI_BUFFER_TOO_SMALL;\r
777 }\r
778\r
779 CopyMem (Dst, Src, sizeof (EFI_IPSEC_PAD_ID));\r
780\r
781 return EFI_SUCCESS;\r
782}\r
783\r
784/**\r
785 Fix the value of some members of SPD Selector. \r
786\r
787 This function is called by IpSecCopyPolicyEntry()which copy the Policy \r
788 Entry into the Variable. Since some members in SPD Selector are pointers, \r
789 a physical address to relative address convertion is required before copying \r
790 this SPD entry into the variable.\r
791\r
792 @param[in] Selector Pointer of SPD Selector.\r
793 @param[in, out] Data Pointer of SPD Data.\r
794\r
795**/\r
796VOID\r
797FixSpdEntry (\r
798 IN EFI_IPSEC_SPD_SELECTOR *Selector,\r
799 IN OUT EFI_IPSEC_SPD_DATA *Data\r
800 )\r
801{\r
802 //\r
803 // It assumes that all ref buffers in SPD selector and data are\r
804 // stored in the continous memory and close to the base structure.\r
805 //\r
806 FIX_REF_BUF_ADDR (Selector->LocalAddress, Selector);\r
807 FIX_REF_BUF_ADDR (Selector->RemoteAddress, Selector);\r
808\r
809 if (Data->ProcessingPolicy != NULL) {\r
810 if (Data->ProcessingPolicy->TunnelOption != NULL) {\r
811 FIX_REF_BUF_ADDR (Data->ProcessingPolicy->TunnelOption, Data);\r
812 }\r
813\r
814 FIX_REF_BUF_ADDR (Data->ProcessingPolicy, Data);\r
815 }\r
816\r
817}\r
818\r
819/**\r
820 Fix the value of some members of SA ID. \r
821\r
822 This function is called by IpSecCopyPolicyEntry()which copy the Policy \r
823 Entry into the Variable. Since some members in SA ID are pointers, \r
824 a physical address to relative address conversion is required before copying \r
825 this SAD into the variable.\r
826\r
827 @param[in] SaId Pointer of SA ID\r
828 @param[in, out] Data Pointer of SA Data.\r
829\r
830**/\r
831VOID\r
832FixSadEntry (\r
833 IN EFI_IPSEC_SA_ID *SaId,\r
834 IN OUT EFI_IPSEC_SA_DATA2 *Data\r
835 )\r
836{\r
837 //\r
838 // It assumes that all ref buffers in SAD selector and data are\r
839 // stored in the continous memory and close to the base structure.\r
840 //\r
841 if (Data->AlgoInfo.EspAlgoInfo.AuthKey != NULL) {\r
842 FIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.AuthKey, Data);\r
843 }\r
844\r
845 if (SaId->Proto == EfiIPsecESP && Data->AlgoInfo.EspAlgoInfo.EncKey != NULL) {\r
846 FIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.EncKey, Data);\r
847 }\r
848\r
849 if (Data->SpdSelector != NULL) {\r
850 if (Data->SpdSelector->LocalAddress != NULL) {\r
851 FIX_REF_BUF_ADDR (Data->SpdSelector->LocalAddress, Data);\r
852 }\r
853\r
854 FIX_REF_BUF_ADDR (Data->SpdSelector->RemoteAddress, Data);\r
855 FIX_REF_BUF_ADDR (Data->SpdSelector, Data);\r
856 }\r
857\r
858}\r
859\r
860/**\r
861 Fix the value of some members of PAD ID. \r
862\r
863 This function is called by IpSecCopyPolicyEntry()which copy the Policy \r
864 Entry into the Variable. Since some members in PAD ID are pointers, \r
865 a physical address to relative address conversion is required before copying\r
866 this PAD into the variable.\r
867\r
868 @param[in] PadId Pointer of PAD ID.\r
869 @param[in, out] Data Pointer of PAD Data.\r
870\r
871**/\r
872VOID\r
873FixPadEntry (\r
874 IN EFI_IPSEC_PAD_ID *PadId,\r
875 IN OUT EFI_IPSEC_PAD_DATA *Data\r
876 )\r
877{\r
878 //\r
879 // It assumes that all ref buffers in pad selector and data are\r
880 // stored in the continous memory and close to the base structure.\r
881 //\r
882 if (Data->AuthData != NULL) {\r
883 FIX_REF_BUF_ADDR (Data->AuthData, Data);\r
884 }\r
885\r
886 if (Data->RevocationData != NULL) {\r
887 FIX_REF_BUF_ADDR (Data->RevocationData, Data);\r
888 }\r
889\r
890}\r
891\r
892/**\r
893 Recover the value of some members of SPD Selector. \r
894\r
895 This function is corresponding to FixSpdEntry(). It recovers the value of members\r
896 of SPD Selector that are fixed by FixSpdEntry().\r
897\r
898 @param[in, out] Selector Pointer of SPD Selector.\r
899 @param[in, out] Data Pointer of SPD Data.\r
900\r
901**/\r
902VOID\r
903UnfixSpdEntry (\r
904 IN OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r
905 IN OUT EFI_IPSEC_SPD_DATA *Data\r
906 )\r
907{\r
908 //\r
909 // It assumes that all ref buffers in SPD selector and data are\r
910 // stored in the continous memory and close to the base structure.\r
911 //\r
912 UNFIX_REF_BUF_ADDR (Selector->LocalAddress, Selector);\r
913 UNFIX_REF_BUF_ADDR (Selector->RemoteAddress, Selector);\r
914\r
915 if (Data->ProcessingPolicy != NULL) {\r
916 UNFIX_REF_BUF_ADDR (Data->ProcessingPolicy, Data);\r
917 if (Data->ProcessingPolicy->TunnelOption != NULL) {\r
918 UNFIX_REF_BUF_ADDR (Data->ProcessingPolicy->TunnelOption, Data);\r
919 }\r
920 }\r
921 \r
922}\r
923\r
924/**\r
925 Recover the value of some members of SA ID. \r
926\r
927 This function is corresponding to FixSadEntry(). It recovers the value of members\r
928 of SAD ID that are fixed by FixSadEntry().\r
929\r
930 @param[in, out] SaId Pointer of SAD ID.\r
931 @param[in, out] Data Pointer of SAD Data.\r
932\r
933**/\r
934VOID\r
935UnfixSadEntry (\r
936 IN OUT EFI_IPSEC_SA_ID *SaId,\r
937 IN OUT EFI_IPSEC_SA_DATA2 *Data\r
938 )\r
939{\r
940 //\r
941 // It assumes that all ref buffers in SAD selector and data are\r
942 // stored in the continous memory and close to the base structure.\r
943 //\r
944 if (Data->AlgoInfo.EspAlgoInfo.AuthKey != NULL) {\r
945 UNFIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.AuthKey, Data);\r
946 }\r
947\r
948 if (SaId->Proto == EfiIPsecESP && Data->AlgoInfo.EspAlgoInfo.EncKey != NULL) {\r
949 UNFIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.EncKey, Data);\r
950 }\r
951\r
952 if (Data->SpdSelector != NULL) {\r
953 UNFIX_REF_BUF_ADDR (Data->SpdSelector, Data);\r
954 if (Data->SpdSelector->LocalAddress != NULL) {\r
955 UNFIX_REF_BUF_ADDR (Data->SpdSelector->LocalAddress, Data);\r
956 }\r
957\r
958 UNFIX_REF_BUF_ADDR (Data->SpdSelector->RemoteAddress, Data);\r
959 }\r
960\r
961}\r
962\r
963/**\r
964 Recover the value of some members of PAD ID. \r
965\r
966 This function is corresponding to FixPadEntry(). It recovers the value of members\r
967 of PAD ID that are fixed by FixPadEntry().\r
968\r
969 @param[in] PadId Pointer of PAD ID.\r
970 @param[in, out] Data Pointer of PAD Data.\r
971\r
972**/\r
973VOID\r
974UnfixPadEntry (\r
975 IN EFI_IPSEC_PAD_ID *PadId,\r
976 IN OUT EFI_IPSEC_PAD_DATA *Data\r
977 )\r
978{\r
979 //\r
980 // It assumes that all ref buffers in pad selector and data are\r
981 // stored in the continous memory and close to the base structure.\r
982 //\r
983 if (Data->AuthData != NULL) {\r
984 UNFIX_REF_BUF_ADDR (Data->AuthData, Data);\r
985 }\r
986\r
987 if (Data->RevocationData != NULL) {\r
988 UNFIX_REF_BUF_ADDR (Data->RevocationData, Data);\r
989 }\r
990\r
991}\r
992\r
993/**\r
994 Set the security policy information for the EFI IPsec driver.\r
995\r
996 The IPsec configuration data has a unique selector/identifier separately to \r
997 identify a data entry.\r
998\r
999 @param[in] Selector Pointer to an entry selector on operated \r
1000 configuration data specified by DataType. \r
1001 A NULL Selector causes the entire specified-type \r
1002 configuration information to be flushed.\r
1003 @param[in] Data The data buffer to be set. The structure \r
1004 of the data buffer should be EFI_IPSEC_SPD_DATA.\r
1005 @param[in] Context Pointer to one entry selector that describes \r
1006 the expected position the new data entry will \r
1007 be added. If Context is NULL, the new entry will\r
1008 be appended the end of database.\r
1009\r
1010 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:\r
1011 - Selector is not NULL and its LocalAddress \r
1012 is NULL or its RemoteAddress is NULL.\r
1013 - Data is not NULL and its Action is Protected \r
1014 and its plolicy is NULL.\r
1015 - Data is not NULL, its Action is not protected,\r
1016 and its policy is not NULL.\r
1017 - The Action of Data is Protected, its policy \r
1018 mode is Tunnel, and its tunnel option is NULL.\r
1019 - The Action of Data is protected and its policy \r
1020 mode is not Tunnel and it tunnel option is not NULL.\r
1021 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r
1022 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1023\r
1024**/\r
1025EFI_STATUS\r
1026SetSpdEntry (\r
1027 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1028 IN VOID *Data,\r
1029 IN VOID *Context OPTIONAL\r
1030 )\r
1031{\r
1032 EFI_IPSEC_SPD_SELECTOR *SpdSel;\r
1033 EFI_IPSEC_SPD_DATA *SpdData;\r
1034 EFI_IPSEC_SPD_SELECTOR *InsertBefore;\r
1035 LIST_ENTRY *SpdList;\r
1036 LIST_ENTRY *SadList;\r
1037 LIST_ENTRY *SpdSas;\r
1038 LIST_ENTRY *EntryInsertBefore;\r
1039 LIST_ENTRY *Entry;\r
1040 LIST_ENTRY *Entry2;\r
1041 LIST_ENTRY *NextEntry;\r
1042 IPSEC_SPD_ENTRY *SpdEntry;\r
1043 IPSEC_SAD_ENTRY *SadEntry;\r
1044 UINTN SpdEntrySize;\r
1045 UINTN Index;\r
1046\r
1047 SpdSel = (Selector == NULL) ? NULL : &Selector->SpdSelector;\r
1048 SpdData = (Data == NULL) ? NULL : (EFI_IPSEC_SPD_DATA *) Data;\r
1049 InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->SpdSelector;\r
1050 SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
1051\r
1052 if (SpdSel != NULL) {\r
1053 if (SpdSel->LocalAddress == NULL || SpdSel->RemoteAddress == NULL) {\r
1054 return EFI_INVALID_PARAMETER;\r
1055 }\r
1056 }\r
1057\r
1058 if (SpdData != NULL) {\r
1059 if ((SpdData->Action == EfiIPsecActionProtect && SpdData->ProcessingPolicy == NULL) ||\r
1060 (SpdData->Action != EfiIPsecActionProtect && SpdData->ProcessingPolicy != NULL)\r
1061 ) {\r
1062 return EFI_INVALID_PARAMETER;\r
1063 }\r
1064\r
1065 if (SpdData->Action == EfiIPsecActionProtect) {\r
1066 if ((SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel && SpdData->ProcessingPolicy->TunnelOption == NULL) ||\r
1067 (SpdData->ProcessingPolicy->Mode != EfiIPsecTunnel && SpdData->ProcessingPolicy->TunnelOption != NULL)\r
1068 ) {\r
1069 return EFI_INVALID_PARAMETER;\r
1070 }\r
1071 }\r
1072 }\r
1073 //\r
1074 // The default behavior is to insert the node ahead of the header.\r
1075 //\r
1076 EntryInsertBefore = SpdList;\r
1077\r
1078 //\r
1079 // Remove the existed SPD entry.\r
1080 //\r
1081 NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, SpdList) {\r
1082\r
1083 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
1084\r
1085 if (SpdSel == NULL || \r
1086 CompareSpdSelector ((EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector, (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel)\r
1087 ) {\r
1088 //\r
1089 // Record the existed entry position to keep the original order.\r
1090 //\r
1091 EntryInsertBefore = SpdEntry->List.ForwardLink;\r
1092 RemoveEntryList (&SpdEntry->List);\r
1093\r
1094 //\r
1095 // Update the reverse ref of SAD entry in the SPD.sas list.\r
1096 //\r
1097 SpdSas = &SpdEntry->Data->Sas;\r
1098 \r
1099 //\r
1100 // TODO: Deleted the related SAs.\r
1101 //\r
1102 NET_LIST_FOR_EACH (Entry2, SpdSas) {\r
1103 SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry2);\r
1104 SadEntry->Data->SpdEntry = NULL;\r
1105 }\r
1106 \r
1107 //\r
1108 // Free the existed SPD entry\r
1109 //\r
1110 FreePool (SpdEntry);\r
1111 }\r
1112 }\r
1113 //\r
1114 // Return success here if only want to remove the SPD entry.\r
1115 //\r
1116 if (SpdData == NULL || SpdSel == NULL) {\r
1117 return EFI_SUCCESS;\r
1118 }\r
1119 //\r
1120 // Search the appointed entry position if InsertBefore is not NULL.\r
1121 //\r
1122 if (InsertBefore != NULL) {\r
1123\r
1124 NET_LIST_FOR_EACH (Entry, SpdList) {\r
1125 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
1126\r
1127 if (CompareSpdSelector (\r
1128 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector,\r
1129 (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore\r
1130 )) {\r
1131 EntryInsertBefore = Entry;\r
1132 break;\r
1133 }\r
1134 }\r
1135 }\r
1136\r
1137 //\r
1138 // Do Padding for the different Arch.\r
1139 //\r
1140 SpdEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SPD_ENTRY));\r
1141 SpdEntrySize = ALIGN_VARIABLE (SpdEntrySize + (UINTN)SIZE_OF_SPD_SELECTOR (SpdSel));\r
1142 SpdEntrySize += IpSecGetSizeOfEfiSpdData (SpdData);\r
1143\r
1144 SpdEntry = AllocateZeroPool (SpdEntrySize);\r
1145\r
1146 if (SpdEntry == NULL) {\r
1147 return EFI_OUT_OF_RESOURCES;\r
1148 }\r
1149 //\r
1150 // Fix the address of Selector and Data buffer and copy them, which is\r
1151 // continous memory and close to the base structure of SPD entry.\r
1152 //\r
1153 SpdEntry->Selector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER ((SpdEntry + 1), sizeof (UINTN));\r
1154 SpdEntry->Data = (IPSEC_SPD_DATA *) ALIGN_POINTER (\r
1155 ((UINT8 *) SpdEntry->Selector + SIZE_OF_SPD_SELECTOR (SpdSel)),\r
1156 sizeof (UINTN)\r
1157 );\r
1158\r
1159 DuplicateSpdSelector (\r
1160 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector,\r
1161 (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
1162 NULL\r
1163 );\r
1164\r
1165 CopyMem (\r
1166 SpdEntry->Data->Name,\r
1167 SpdData->Name,\r
1168 sizeof (SpdData->Name)\r
1169 );\r
1170 SpdEntry->Data->PackageFlag = SpdData->PackageFlag;\r
1171 SpdEntry->Data->Action = SpdData->Action;\r
1172\r
1173 //\r
1174 // Fix the address of ProcessingPolicy and copy it if need, which is continous\r
1175 // memory and close to the base structure of SAD data.\r
1176 //\r
1177 if (SpdData->Action != EfiIPsecActionProtect) {\r
1178 SpdEntry->Data->ProcessingPolicy = NULL;\r
1179 } else {\r
1180 SpdEntry->Data->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r
1181 SpdEntry->Data + 1,\r
1182 sizeof (UINTN)\r
1183 );\r
1184 IpSecDuplicateProcessPolicy (SpdEntry->Data->ProcessingPolicy, SpdData->ProcessingPolicy);\r
1185 }\r
1186 //\r
1187 // Update the sas list of the new SPD entry.\r
1188 //\r
1189 InitializeListHead (&SpdEntry->Data->Sas);\r
1190\r
1191 SadList = &mConfigData[IPsecConfigDataTypeSad];\r
1192\r
1193 NET_LIST_FOR_EACH (Entry, SadList) {\r
1194 SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);\r
1195\r
1196 for (Index = 0; Index < SpdData->SaIdCount; Index++) {\r
1197\r
1198 if (CompareSaId (\r
1199 (EFI_IPSEC_CONFIG_SELECTOR *) &SpdData->SaId[Index],\r
1200 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id\r
1201 )) {\r
1202 if (SadEntry->Data->SpdEntry != NULL) { \r
1203 RemoveEntryList (&SadEntry->BySpd);\r
1204 }\r
1205 InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);\r
1206 SadEntry->Data->SpdEntry = SpdEntry;\r
1207 DuplicateSpdSelector (\r
1208 (EFI_IPSEC_CONFIG_SELECTOR *)SadEntry->Data->SpdSelector,\r
1209 (EFI_IPSEC_CONFIG_SELECTOR *)SpdEntry->Selector,\r
1210 NULL\r
1211 ); \r
1212 }\r
1213 }\r
1214 }\r
1215 //\r
1216 // Insert the new SPD entry.\r
1217 //\r
1218 InsertTailList (EntryInsertBefore, &SpdEntry->List);\r
1219\r
1220 return EFI_SUCCESS;\r
1221}\r
1222\r
1223/**\r
1224 Set the security association information for the EFI IPsec driver.\r
1225\r
1226 The IPsec configuration data has a unique selector/identifier separately to \r
1227 identify a data entry.\r
1228\r
1229 @param[in] Selector Pointer to an entry selector on operated \r
1230 configuration data specified by DataType. \r
1231 A NULL Selector causes the entire specified-type \r
1232 configuration information to be flushed.\r
1233 @param[in] Data The data buffer to be set. The structure \r
1234 of the data buffer should be EFI_IPSEC_SA_DATA.\r
1235 @param[in] Context Pointer to one entry selector which describes \r
1236 the expected position the new data entry will \r
1237 be added. If Context is NULL,the new entry will\r
1238 be appended the end of database.\r
1239\r
1240 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r
1241 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1242\r
1243**/\r
1244EFI_STATUS\r
1245SetSadEntry (\r
1246 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1247 IN VOID *Data,\r
1248 IN VOID *Context OPTIONAL\r
1249 )\r
1250{\r
1251 IPSEC_SAD_ENTRY *SadEntry;\r
1252 IPSEC_SPD_ENTRY *SpdEntry;\r
1253 LIST_ENTRY *Entry;\r
1254 LIST_ENTRY *NextEntry;\r
1255 LIST_ENTRY *SadList;\r
1256 LIST_ENTRY *SpdList;\r
1257 EFI_IPSEC_SA_ID *SaId;\r
1258 EFI_IPSEC_SA_DATA2 *SaData;\r
1259 EFI_IPSEC_SA_ID *InsertBefore;\r
1260 LIST_ENTRY *EntryInsertBefore;\r
1261 UINTN SadEntrySize;\r
1262 \r
1263 SaId = (Selector == NULL) ? NULL : &Selector->SaId;\r
1264 SaData = (Data == NULL) ? NULL : (EFI_IPSEC_SA_DATA2 *) Data;\r
1265 InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->SaId;\r
1266 SadList = &mConfigData[IPsecConfigDataTypeSad];\r
1267\r
1268 //\r
1269 // The default behavior is to insert the node ahead of the header.\r
1270 //\r
1271 EntryInsertBefore = SadList;\r
1272\r
1273 //\r
1274 // Remove the existed SAD entry.\r
1275 //\r
1276 NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, SadList) {\r
1277\r
1278 SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);\r
1279\r
1280 if (SaId == NULL || \r
1281 CompareSaId (\r
1282 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id,\r
1283 (EFI_IPSEC_CONFIG_SELECTOR *) SaId\r
1284 )) {\r
1285 //\r
1286 // Record the existed entry position to keep the original order.\r
1287 //\r
1288 EntryInsertBefore = SadEntry->List.ForwardLink;\r
1289\r
1290 //\r
1291 // Update the related SAD.byspd field.\r
1292 //\r
1293 if (SadEntry->Data->SpdEntry != NULL) {\r
1294 RemoveEntryList (&SadEntry->BySpd);\r
1295 }\r
1296\r
1297 RemoveEntryList (&SadEntry->List);\r
1298 FreePool (SadEntry);\r
1299 }\r
1300 }\r
1301 //\r
1302 // Return success here if only want to remove the SAD entry\r
1303 //\r
1304 if (SaData == NULL || SaId == NULL) {\r
1305 return EFI_SUCCESS;\r
1306 }\r
1307 //\r
1308 // Search the appointed entry position if InsertBefore is not NULL.\r
1309 //\r
1310 if (InsertBefore != NULL) {\r
1311\r
1312 NET_LIST_FOR_EACH (Entry, SadList) {\r
1313 SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);\r
1314\r
1315 if (CompareSaId (\r
1316 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id,\r
1317 (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore\r
1318 )) {\r
1319 EntryInsertBefore = Entry;\r
1320 break;\r
1321 }\r
1322 }\r
1323 }\r
1324\r
1325 //\r
1326 // Do Padding for different Arch.\r
1327 //\r
1328 SadEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SAD_ENTRY));\r
1329 SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (EFI_IPSEC_SA_ID));\r
1330 SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (IPSEC_SAD_DATA));\r
1331 \r
1332 if (SaId->Proto == EfiIPsecAH) {\r
1333 SadEntrySize += SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength;\r
1334 } else {\r
1335 SadEntrySize = ALIGN_VARIABLE (SadEntrySize + SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength);\r
1336 SadEntrySize += ALIGN_VARIABLE (SaData->AlgoInfo.EspAlgoInfo.EncKeyLength);\r
1337 }\r
1338\r
1339 if (SaData->SpdSelector != NULL) {\r
1340 SadEntrySize += SadEntrySize + (UINTN)SIZE_OF_SPD_SELECTOR (SaData->SpdSelector);\r
1341 }\r
1342 SadEntry = AllocateZeroPool (SadEntrySize);\r
1343\r
1344 if (SadEntry == NULL) {\r
1345 return EFI_OUT_OF_RESOURCES;\r
1346 }\r
1347 //\r
1348 // Fix the address of Id and Data buffer and copy them, which is\r
1349 // continous memory and close to the base structure of SAD entry.\r
1350 //\r
1351 SadEntry->Id = (EFI_IPSEC_SA_ID *) ALIGN_POINTER ((SadEntry + 1), sizeof (UINTN));\r
1352 SadEntry->Data = (IPSEC_SAD_DATA *) ALIGN_POINTER ((SadEntry->Id + 1), sizeof (UINTN));\r
1353\r
1354 CopyMem (SadEntry->Id, SaId, sizeof (EFI_IPSEC_SA_ID));\r
1355\r
1356 SadEntry->Data->Mode = SaData->Mode;\r
1357 SadEntry->Data->SequenceNumber = SaData->SNCount;\r
1358 SadEntry->Data->AntiReplayWindowSize = SaData->AntiReplayWindows;\r
1359\r
1360 ZeroMem (\r
1361 &SadEntry->Data->AntiReplayBitmap,\r
1362 sizeof (SadEntry->Data->AntiReplayBitmap)\r
1363 );\r
1364\r
1365 ZeroMem (\r
1366 &SadEntry->Data->AlgoInfo,\r
1367 sizeof (EFI_IPSEC_ALGO_INFO)\r
1368 );\r
1369\r
1370 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId = SaData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
1371 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength = SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
1372\r
1373 if (SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength != 0) {\r
1374 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SadEntry->Data + 1), sizeof (UINTN));\r
1375 CopyMem (\r
1376 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey,\r
1377 SaData->AlgoInfo.EspAlgoInfo.AuthKey,\r
1378 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength\r
1379 );\r
1380 }\r
1381\r
1382 if (SaId->Proto == EfiIPsecESP) {\r
1383 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId = SaData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
1384 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength = SaData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
1385\r
1386 if (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength != 0) {\r
1387 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
1388 ((UINT8 *) (SadEntry->Data + 1) + \r
1389 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength),\r
1390 sizeof (UINTN)\r
1391 );\r
1392 CopyMem (\r
1393 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey,\r
1394 SaData->AlgoInfo.EspAlgoInfo.EncKey,\r
1395 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength\r
1396 );\r
1397 }\r
1398 }\r
1399\r
1400 CopyMem (\r
1401 &SadEntry->Data->SaLifetime,\r
1402 &SaData->SaLifetime,\r
1403 sizeof (EFI_IPSEC_SA_LIFETIME)\r
1404 );\r
1405\r
1406 SadEntry->Data->PathMTU = SaData->PathMTU;\r
1407 SadEntry->Data->SpdSelector = NULL;\r
1408 SadEntry->Data->ESNEnabled = FALSE;\r
1409 SadEntry->Data->ManualSet = SaData->ManualSet;\r
1410\r
1411 //\r
1412 // Copy Tunnel Source/Destination Address\r
1413 //\r
1414 if (SaData->Mode == EfiIPsecTunnel) {\r
1415 CopyMem (\r
1416 &SadEntry->Data->TunnelDestAddress,\r
1417 &SaData->TunnelDestinationAddress,\r
1418 sizeof (EFI_IP_ADDRESS)\r
1419 );\r
1420 CopyMem (\r
1421 &SadEntry->Data->TunnelSourceAddress,\r
1422 &SaData->TunnelSourceAddress,\r
1423 sizeof (EFI_IP_ADDRESS)\r
1424 );\r
1425 }\r
1426 //\r
1427 // Update the spd.sas list of the spd entry specified by SAD selector\r
1428 //\r
1429 SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
1430\r
1431 for (Entry = SpdList->ForwardLink; Entry != SpdList && SaData->SpdSelector != NULL; Entry = Entry->ForwardLink) {\r
1432\r
1433 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
1434 if (IsSubSpdSelector (\r
1435 (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,\r
1436 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
1437 ) && SpdEntry->Data->Action == EfiIPsecActionProtect) {\r
1438 SadEntry->Data->SpdEntry = SpdEntry;\r
1439 SadEntry->Data->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *)((UINT8 *)SadEntry +\r
1440 SadEntrySize -\r
1441 (UINTN)SIZE_OF_SPD_SELECTOR (SaData->SpdSelector)\r
1442 );\r
1443 DuplicateSpdSelector (\r
1444 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,\r
1445 (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,\r
1446 NULL\r
1447 );\r
1448 InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);\r
1449 }\r
1450 }\r
1451 //\r
1452 // Insert the new SAD entry.\r
1453 //\r
1454 InsertTailList (EntryInsertBefore, &SadEntry->List);\r
1455\r
1456 return EFI_SUCCESS;\r
1457}\r
1458\r
1459/**\r
1460 Set the peer authorization configuration information for the EFI IPsec driver.\r
1461\r
1462 The IPsec configuration data has a unique selector/identifier separately to \r
1463 identify a data entry.\r
1464\r
1465 @param[in] Selector Pointer to an entry selector on operated \r
1466 configuration data specified by DataType. \r
1467 A NULL Selector causes the entire specified-type \r
1468 configuration information to be flushed.\r
1469 @param[in] Data The data buffer to be set. The structure \r
1470 of the data buffer should be EFI_IPSEC_PAD_DATA.\r
1471 @param[in] Context Pointer to one entry selector that describes \r
1472 the expected position the new data entry will \r
1473 be added. If Context is NULL, the new entry will\r
1474 be appended the end of database.\r
1475\r
1476 @retval EFI_OUT_OF_RESOURCES The required system resources could not be allocated.\r
1477 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1478\r
1479**/\r
1480EFI_STATUS\r
1481SetPadEntry (\r
1482 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1483 IN VOID *Data,\r
1484 IN VOID *Context OPTIONAL\r
1485 )\r
1486{\r
1487 IPSEC_PAD_ENTRY *PadEntry;\r
1488 EFI_IPSEC_PAD_ID *PadId;\r
1489 EFI_IPSEC_PAD_DATA *PadData;\r
1490 LIST_ENTRY *PadList;\r
1491 LIST_ENTRY *Entry;\r
1492 LIST_ENTRY *NextEntry;\r
1493 EFI_IPSEC_PAD_ID *InsertBefore;\r
1494 LIST_ENTRY *EntryInsertBefore;\r
1495 UINTN PadEntrySize;\r
1496 \r
1497 PadId = (Selector == NULL) ? NULL : &Selector->PadId;\r
1498 PadData = (Data == NULL) ? NULL : (EFI_IPSEC_PAD_DATA *) Data;\r
1499 InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->PadId;\r
1500 PadList = &mConfigData[IPsecConfigDataTypePad];\r
1501\r
1502 //\r
1503 // The default behavior is to insert the node ahead of the header.\r
1504 //\r
1505 EntryInsertBefore = PadList;\r
1506\r
1507 //\r
1508 // Remove the existed pad entry.\r
1509 //\r
1510 NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, PadList) {\r
1511\r
1512 PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);\r
1513\r
1514 if (PadId == NULL || \r
1515 ComparePadId ((EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id, (EFI_IPSEC_CONFIG_SELECTOR *) PadId)\r
1516 ) {\r
1517 //\r
1518 // Record the existed entry position to keep the original order.\r
1519 //\r
1520 EntryInsertBefore = PadEntry->List.ForwardLink;\r
1521 RemoveEntryList (&PadEntry->List);\r
1522\r
1523 FreePool (PadEntry);\r
1524 }\r
1525 }\r
1526 //\r
1527 // Return success here if only want to remove the pad entry\r
1528 //\r
1529 if (PadData == NULL || PadId == NULL) {\r
1530 return EFI_SUCCESS;\r
1531 }\r
1532 //\r
1533 // Search the appointed entry position if InsertBefore is not NULL.\r
1534 //\r
1535 if (InsertBefore != NULL) {\r
1536\r
1537 NET_LIST_FOR_EACH (Entry, PadList) {\r
1538 PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);\r
1539\r
1540 if (ComparePadId (\r
1541 (EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id,\r
1542 (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore\r
1543 )) {\r
1544 EntryInsertBefore = Entry;\r
1545 break;\r
1546 }\r
1547 }\r
1548 }\r
1549\r
1550 //\r
1551 // Do PADDING for different arch.\r
1552 //\r
1553 PadEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_PAD_ENTRY));\r
1554 PadEntrySize = ALIGN_VARIABLE (PadEntrySize + sizeof (EFI_IPSEC_PAD_ID));\r
1555 PadEntrySize = ALIGN_VARIABLE (PadEntrySize + sizeof (EFI_IPSEC_PAD_DATA));\r
1556 PadEntrySize = ALIGN_VARIABLE (PadEntrySize + (PadData->AuthData != NULL ? PadData->AuthDataSize : 0));\r
1557 PadEntrySize += PadData->RevocationData != NULL ? PadData->RevocationDataSize : 0;\r
1558\r
1559 PadEntry = AllocateZeroPool (PadEntrySize);\r
1560\r
1561 if (PadEntry == NULL) {\r
1562 return EFI_OUT_OF_RESOURCES;\r
1563 }\r
1564 //\r
1565 // Fix the address of Id and Data buffer and copy them, which is\r
1566 // continous memory and close to the base structure of pad entry.\r
1567 //\r
1568 PadEntry->Id = (EFI_IPSEC_PAD_ID *) ALIGN_POINTER ((PadEntry + 1), sizeof (UINTN));\r
1569 PadEntry->Data = (EFI_IPSEC_PAD_DATA *) ALIGN_POINTER ((PadEntry->Id + 1), sizeof (UINTN));\r
1570\r
1571 CopyMem (PadEntry->Id, PadId, sizeof (EFI_IPSEC_PAD_ID));\r
1572\r
1573 PadEntry->Data->AuthProtocol = PadData->AuthProtocol;\r
1574 PadEntry->Data->AuthMethod = PadData->AuthMethod;\r
1575 PadEntry->Data->IkeIdFlag = PadData->IkeIdFlag;\r
1576\r
1577 if (PadData->AuthData != NULL) {\r
1578 PadEntry->Data->AuthDataSize = PadData->AuthDataSize;\r
1579 PadEntry->Data->AuthData = (VOID *) ALIGN_POINTER (PadEntry->Data + 1, sizeof (UINTN));\r
1580 CopyMem (\r
1581 PadEntry->Data->AuthData,\r
1582 PadData->AuthData,\r
1583 PadData->AuthDataSize\r
1584 );\r
1585 } else {\r
1586 PadEntry->Data->AuthDataSize = 0;\r
1587 PadEntry->Data->AuthData = NULL;\r
1588 }\r
1589\r
1590 if (PadData->RevocationData != NULL) {\r
1591 PadEntry->Data->RevocationDataSize = PadData->RevocationDataSize;\r
1592 PadEntry->Data->RevocationData = (VOID *) ALIGN_POINTER (\r
1593 ((UINT8 *) (PadEntry->Data + 1) + PadData->AuthDataSize),\r
1594 sizeof (UINTN)\r
1595 );\r
1596 CopyMem (\r
1597 PadEntry->Data->RevocationData,\r
1598 PadData->RevocationData,\r
1599 PadData->RevocationDataSize\r
1600 );\r
1601 } else {\r
1602 PadEntry->Data->RevocationDataSize = 0;\r
1603 PadEntry->Data->RevocationData = NULL;\r
1604 }\r
1605 //\r
1606 // Insert the new pad entry.\r
1607 //\r
1608 InsertTailList (EntryInsertBefore, &PadEntry->List);\r
1609\r
1610 return EFI_SUCCESS;\r
1611}\r
1612\r
1613/**\r
1614 This function lookup the data entry from IPsec SPD. Return the configuration \r
1615 value of the specified SPD Entry.\r
1616\r
1617 @param[in] Selector Pointer to an entry selector which is an identifier \r
1618 of the SPD entry.\r
1619 @param[in, out] DataSize On output the size of data returned in Data.\r
1620 @param[out] Data The buffer to return the contents of the IPsec \r
1621 configuration data. The type of the data buffer \r
1622 is associated with the DataType. \r
1623 \r
1624 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1625 @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.\r
1626 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r
1627 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r
1628 updated with the size needed to complete the request.\r
1629\r
1630**/\r
1631EFI_STATUS\r
1632GetSpdEntry (\r
1633 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1634 IN OUT UINTN *DataSize,\r
1635 OUT VOID *Data\r
1636 )\r
1637{\r
1638 IPSEC_SPD_ENTRY *SpdEntry;\r
1639 IPSEC_SAD_ENTRY *SadEntry;\r
1640 EFI_IPSEC_SPD_SELECTOR *SpdSel;\r
1641 EFI_IPSEC_SPD_DATA *SpdData;\r
1642 LIST_ENTRY *SpdList;\r
1643 LIST_ENTRY *SpdSas;\r
1644 LIST_ENTRY *Entry;\r
1645 UINTN RequiredSize;\r
1646\r
1647 SpdSel = &Selector->SpdSelector;\r
1648 SpdData = (EFI_IPSEC_SPD_DATA *) Data;\r
1649 SpdList = &mConfigData[IPsecConfigDataTypeSpd];\r
1650\r
1651 NET_LIST_FOR_EACH (Entry, SpdList) {\r
1652 SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);\r
1653\r
1654 //\r
1655 // Find the required SPD entry\r
1656 //\r
1657 if (CompareSpdSelector (\r
1658 (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,\r
1659 (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector\r
1660 )) {\r
1661\r
1662 RequiredSize = IpSecGetSizeOfSpdData (SpdEntry->Data);\r
1663 if (*DataSize < RequiredSize) {\r
1664 *DataSize = RequiredSize;\r
1665 return EFI_BUFFER_TOO_SMALL;\r
1666 }\r
1667\r
1668 if (SpdData == NULL) {\r
1669 return EFI_INVALID_PARAMETER;\r
1670 }\r
1671\r
1672 *DataSize = RequiredSize;\r
1673\r
1674 //\r
1675 // Extract and fill all SaId array from the SPD.sas list\r
1676 //\r
1677 SpdSas = &SpdEntry->Data->Sas;\r
1678 SpdData->SaIdCount = 0;\r
1679\r
1680 NET_LIST_FOR_EACH (Entry, SpdSas) {\r
1681 SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry);\r
1682 CopyMem (\r
1683 &SpdData->SaId[SpdData->SaIdCount++],\r
1684 SadEntry->Id,\r
1685 sizeof (EFI_IPSEC_SA_ID)\r
1686 );\r
1687 }\r
1688 //\r
1689 // Fill the other fields in SPD data.\r
1690 //\r
1691 CopyMem (SpdData->Name, SpdEntry->Data->Name, sizeof (SpdData->Name));\r
1692\r
1693 SpdData->PackageFlag = SpdEntry->Data->PackageFlag;\r
1694 SpdData->Action = SpdEntry->Data->Action;\r
1695\r
1696 if (SpdData->Action != EfiIPsecActionProtect) {\r
1697 SpdData->ProcessingPolicy = NULL;\r
1698 } else {\r
1699 SpdData->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ((UINT8 *) SpdData + sizeof (EFI_IPSEC_SPD_DATA) + (SpdData->SaIdCount - 1) * sizeof (EFI_IPSEC_SA_ID));\r
1700\r
1701 IpSecDuplicateProcessPolicy (\r
1702 SpdData->ProcessingPolicy,\r
1703 SpdEntry->Data->ProcessingPolicy\r
1704 );\r
1705 }\r
1706\r
1707 return EFI_SUCCESS;\r
1708 }\r
1709 }\r
1710\r
1711 return EFI_NOT_FOUND;\r
1712}\r
1713\r
1714/**\r
1715 This function lookup the data entry from IPsec SAD. Return the configuration \r
1716 value of the specified SAD Entry.\r
1717\r
1718 @param[in] Selector Pointer to an entry selector which is an identifier \r
1719 of the SAD entry.\r
1720 @param[in, out] DataSize On output, the size of data returned in Data.\r
1721 @param[out] Data The buffer to return the contents of the IPsec \r
1722 configuration data. The type of the data buffer \r
1723 is associated with the DataType. \r
1724 \r
1725 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1726 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r
1727 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r
1728 updated with the size needed to complete the request.\r
1729\r
1730**/\r
1731EFI_STATUS\r
1732GetSadEntry (\r
1733 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1734 IN OUT UINTN *DataSize,\r
1735 OUT VOID *Data\r
1736 )\r
1737{\r
1738 IPSEC_SAD_ENTRY *SadEntry;\r
1739 LIST_ENTRY *Entry;\r
1740 LIST_ENTRY *SadList;\r
1741 EFI_IPSEC_SA_ID *SaId;\r
1742 EFI_IPSEC_SA_DATA2 *SaData;\r
1743 UINTN RequiredSize;\r
1744\r
1745 SaId = &Selector->SaId;\r
1746 SaData = (EFI_IPSEC_SA_DATA2 *) Data;\r
1747 SadList = &mConfigData[IPsecConfigDataTypeSad];\r
1748\r
1749 NET_LIST_FOR_EACH (Entry, SadList) {\r
1750 SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);\r
1751\r
1752 //\r
1753 // Find the required SAD entry.\r
1754 //\r
1755 if (CompareSaId (\r
1756 (EFI_IPSEC_CONFIG_SELECTOR *) SaId,\r
1757 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id\r
1758 )) {\r
1759 //\r
1760 // Calculate the required size of the SAD entry.\r
1761 // Data Layout is follows:\r
1762 // |EFI_IPSEC_SA_DATA\r
1763 // |AuthKey\r
1764 // |EncryptKey (Optional)\r
1765 // |SpdSelector (Optional) \r
1766 // \r
1767 RequiredSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r
1768\r
1769 if (SaId->Proto == EfiIPsecAH) {\r
1770 RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKeyLength);\r
1771 } else {\r
1772 RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);\r
1773 RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength);\r
1774 }\r
1775\r
1776 if (SadEntry->Data->SpdSelector != NULL) {\r
1777 RequiredSize += SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector);\r
1778 }\r
1779 \r
1780 if (*DataSize < RequiredSize) {\r
1781 *DataSize = RequiredSize;\r
1782 return EFI_BUFFER_TOO_SMALL;\r
1783 }\r
1784 \r
1785 //\r
1786 // Fill the data fields of SAD entry.\r
1787 //\r
1788 *DataSize = RequiredSize;\r
1789 SaData->Mode = SadEntry->Data->Mode;\r
1790 SaData->SNCount = SadEntry->Data->SequenceNumber;\r
1791 SaData->AntiReplayWindows = SadEntry->Data->AntiReplayWindowSize;\r
1792\r
1793 CopyMem (\r
1794 &SaData->SaLifetime,\r
1795 &SadEntry->Data->SaLifetime,\r
1796 sizeof (EFI_IPSEC_SA_LIFETIME)\r
1797 );\r
1798\r
1799 ZeroMem (\r
1800 &SaData->AlgoInfo,\r
1801 sizeof (EFI_IPSEC_ALGO_INFO)\r
1802 );\r
1803\r
1804 if (SaId->Proto == EfiIPsecAH) {\r
1805 //\r
1806 // Copy AH alogrithm INFO to SaData\r
1807 //\r
1808 SaData->AlgoInfo.AhAlgoInfo.AuthAlgoId = SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthAlgoId;\r
1809 SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength = SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKeyLength;\r
1810 if (SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength != 0) {\r
1811 SaData->AlgoInfo.AhAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SaData + 1), sizeof (UINTN));\r
1812 CopyMem (\r
1813 SaData->AlgoInfo.AhAlgoInfo.AuthKey,\r
1814 SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKey,\r
1815 SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength\r
1816 );\r
1817 }\r
1818 } else if (SaId->Proto == EfiIPsecESP) {\r
1819 //\r
1820 // Copy ESP alogrithem INFO to SaData\r
1821 //\r
1822 SaData->AlgoInfo.EspAlgoInfo.AuthAlgoId = SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
1823 SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength = SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
1824 if (SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength != 0) {\r
1825 SaData->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SaData + 1), sizeof (UINTN));\r
1826 CopyMem (\r
1827 SaData->AlgoInfo.EspAlgoInfo.AuthKey,\r
1828 SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey,\r
1829 SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength\r
1830 );\r
1831 }\r
1832\r
1833 SaData->AlgoInfo.EspAlgoInfo.EncAlgoId = SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
1834 SaData->AlgoInfo.EspAlgoInfo.EncKeyLength = SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
1835\r
1836 if (SaData->AlgoInfo.EspAlgoInfo.EncKeyLength != 0) {\r
1837 SaData->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
1838 ((UINT8 *) (SaData + 1) +\r
1839 SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength),\r
1840 sizeof (UINTN)\r
1841 );\r
1842 CopyMem (\r
1843 SaData->AlgoInfo.EspAlgoInfo.EncKey,\r
1844 SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey,\r
1845 SaData->AlgoInfo.EspAlgoInfo.EncKeyLength\r
1846 );\r
1847 }\r
1848 }\r
1849\r
1850 SaData->PathMTU = SadEntry->Data->PathMTU;\r
1851\r
1852 //\r
1853 // Fill Tunnel Address if it is Tunnel Mode\r
1854 //\r
1855 if (SadEntry->Data->Mode == EfiIPsecTunnel) {\r
1856 CopyMem (\r
1857 &SaData->TunnelDestinationAddress,\r
1858 &SadEntry->Data->TunnelDestAddress,\r
1859 sizeof (EFI_IP_ADDRESS)\r
1860 );\r
1861 CopyMem (\r
1862 &SaData->TunnelSourceAddress,\r
1863 &SadEntry->Data->TunnelSourceAddress,\r
1864 sizeof (EFI_IP_ADDRESS)\r
1865 );\r
1866 }\r
1867 //\r
1868 // Fill the spd selector field of SAD data\r
1869 //\r
1870 if (SadEntry->Data->SpdSelector != NULL) {\r
1871\r
1872 SaData->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) (\r
1873 (UINT8 *)SaData +\r
1874 RequiredSize -\r
1875 SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector)\r
1876 );\r
1877 \r
1878 DuplicateSpdSelector (\r
1879 (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,\r
1880 (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,\r
1881 NULL\r
1882 );\r
1883\r
1884 } else {\r
1885\r
1886 SaData->SpdSelector = NULL;\r
1887 }\r
1888\r
1889 SaData->ManualSet = SadEntry->Data->ManualSet;\r
1890\r
1891 return EFI_SUCCESS;\r
1892 }\r
1893 }\r
1894\r
1895 return EFI_NOT_FOUND;\r
1896}\r
1897\r
1898/**\r
1899 This function lookup the data entry from IPsec PAD. Return the configuration \r
1900 value of the specified PAD Entry.\r
1901\r
1902 @param[in] Selector Pointer to an entry selector which is an identifier \r
1903 of the PAD entry.\r
1904 @param[in, out] DataSize On output the size of data returned in Data.\r
1905 @param[out] Data The buffer to return the contents of the IPsec \r
1906 configuration data. The type of the data buffer \r
1907 is associated with the DataType. \r
1908 \r
1909 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
1910 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r
1911 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r
1912 updated with the size needed to complete the request.\r
1913\r
1914**/\r
1915EFI_STATUS\r
1916GetPadEntry (\r
1917 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
1918 IN OUT UINTN *DataSize,\r
1919 OUT VOID *Data\r
1920 )\r
1921{\r
1922 IPSEC_PAD_ENTRY *PadEntry;\r
1923 LIST_ENTRY *PadList;\r
1924 LIST_ENTRY *Entry;\r
1925 EFI_IPSEC_PAD_ID *PadId;\r
1926 EFI_IPSEC_PAD_DATA *PadData;\r
1927 UINTN RequiredSize;\r
1928\r
1929 PadId = &Selector->PadId;\r
1930 PadData = (EFI_IPSEC_PAD_DATA *) Data;\r
1931 PadList = &mConfigData[IPsecConfigDataTypePad];\r
1932\r
1933 NET_LIST_FOR_EACH (Entry, PadList) {\r
1934 PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);\r
1935\r
1936 //\r
1937 // Find the required pad entry.\r
1938 //\r
1939 if (ComparePadId (\r
1940 (EFI_IPSEC_CONFIG_SELECTOR *) PadId,\r
1941 (EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id\r
1942 )) {\r
1943 //\r
1944 // Calculate the required size of the pad entry.\r
1945 //\r
1946 RequiredSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r
1947 RequiredSize = ALIGN_VARIABLE (RequiredSize + PadEntry->Data->AuthDataSize);\r
1948 RequiredSize += PadEntry->Data->RevocationDataSize;\r
1949\r
1950 if (*DataSize < RequiredSize) {\r
1951 *DataSize = RequiredSize;\r
1952 return EFI_BUFFER_TOO_SMALL;\r
1953 }\r
1954 //\r
1955 // Fill the data fields of pad entry\r
1956 //\r
1957 *DataSize = RequiredSize;\r
1958 PadData->AuthProtocol = PadEntry->Data->AuthProtocol;\r
1959 PadData->AuthMethod = PadEntry->Data->AuthMethod;\r
1960 PadData->IkeIdFlag = PadEntry->Data->IkeIdFlag;\r
1961\r
1962 //\r
1963 // Copy Authentication data.\r
1964 //\r
1965 if (PadEntry->Data->AuthData != NULL) {\r
1966\r
1967 PadData->AuthDataSize = PadEntry->Data->AuthDataSize;\r
1968 PadData->AuthData = (VOID *) ALIGN_POINTER ((PadData + 1), sizeof (UINTN));\r
1969 CopyMem (\r
1970 PadData->AuthData,\r
1971 PadEntry->Data->AuthData,\r
1972 PadData->AuthDataSize\r
1973 );\r
1974 } else {\r
1975\r
1976 PadData->AuthDataSize = 0;\r
1977 PadData->AuthData = NULL;\r
1978 }\r
1979 //\r
1980 // Copy Revocation Data.\r
1981 //\r
1982 if (PadEntry->Data->RevocationData != NULL) {\r
1983\r
1984 PadData->RevocationDataSize = PadEntry->Data->RevocationDataSize;\r
1985 PadData->RevocationData = (VOID *) ALIGN_POINTER (\r
1986 ((UINT8 *) (PadData + 1) + PadData->AuthDataSize),\r
1987 sizeof (UINTN)\r
1988 );\r
1989 CopyMem (\r
1990 PadData->RevocationData,\r
1991 PadEntry->Data->RevocationData,\r
1992 PadData->RevocationDataSize\r
1993 );\r
1994 } else {\r
1995\r
1996 PadData->RevocationDataSize = 0;\r
1997 PadData->RevocationData = NULL;\r
1998 }\r
1999\r
2000 return EFI_SUCCESS;\r
2001 }\r
2002 }\r
2003\r
2004 return EFI_NOT_FOUND;\r
2005}\r
2006\r
2007/**\r
2008 Copy Source Process Policy to the Destination Process Policy.\r
2009\r
2010 @param[in] Dst Pointer to the Source Process Policy.\r
2011 @param[in] Src Pointer to the Destination Process Policy.\r
2012\r
2013**/\r
2014VOID\r
2015IpSecDuplicateProcessPolicy (\r
2016 IN EFI_IPSEC_PROCESS_POLICY *Dst,\r
2017 IN EFI_IPSEC_PROCESS_POLICY *Src\r
2018 )\r
2019{\r
2020 //\r
2021 // Firstly copy the structure content itself.\r
2022 //\r
2023 CopyMem (Dst, Src, sizeof (EFI_IPSEC_PROCESS_POLICY));\r
2024\r
2025 //\r
2026 // Recursively copy the tunnel option if needed.\r
2027 //\r
2028 if (Dst->Mode != EfiIPsecTunnel) {\r
2029 ASSERT (Dst->TunnelOption == NULL);\r
2030 } else {\r
2031 Dst->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER ((Dst + 1), sizeof (UINTN));\r
2032 CopyMem (\r
2033 Dst->TunnelOption,\r
2034 Src->TunnelOption,\r
2035 sizeof (EFI_IPSEC_TUNNEL_OPTION)\r
2036 );\r
2037 }\r
2038}\r
2039\r
2040/**\r
2041 Calculate the a whole size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed\r
2042 to by the pointer members.\r
2043\r
2044 @param[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.\r
2045\r
2046 @return the whole size the specified EFI_IPSEC_SPD_DATA.\r
2047\r
2048**/\r
2049UINTN\r
2050IpSecGetSizeOfEfiSpdData (\r
2051 IN EFI_IPSEC_SPD_DATA *SpdData\r
2052 )\r
2053{\r
2054 UINTN Size;\r
2055\r
2056 Size = ALIGN_VARIABLE (sizeof (IPSEC_SPD_DATA));\r
2057\r
2058 if (SpdData->Action == EfiIPsecActionProtect) {\r
2059 Size = ALIGN_VARIABLE (Size + sizeof (EFI_IPSEC_PROCESS_POLICY));\r
2060\r
2061 if (SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
2062 Size = ALIGN_VARIABLE (Size + sizeof (EFI_IPSEC_TUNNEL_OPTION));\r
2063 }\r
2064 }\r
2065\r
2066 return Size;\r
2067}\r
2068\r
2069/**\r
2070 Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed\r
2071 to by the pointer members and the buffer size used by the Sa List. \r
2072\r
2073 @param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.\r
2074\r
2075 @return the whole size of IPSEC_SPD_DATA.\r
2076\r
2077**/\r
2078UINTN\r
2079IpSecGetSizeOfSpdData (\r
2080 IN IPSEC_SPD_DATA *SpdData\r
2081 )\r
2082{\r
2083 UINTN Size;\r
2084 LIST_ENTRY *Link;\r
2085\r
2086 Size = sizeof (EFI_IPSEC_SPD_DATA) - sizeof (EFI_IPSEC_SA_ID);\r
2087\r
2088 if (SpdData->Action == EfiIPsecActionProtect) {\r
2089 Size += sizeof (EFI_IPSEC_PROCESS_POLICY);\r
2090\r
2091 if (SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
2092 Size += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r
2093 }\r
2094 }\r
2095\r
2096 NET_LIST_FOR_EACH (Link, &SpdData->Sas) {\r
2097 Size += sizeof (EFI_IPSEC_SA_ID);\r
2098 }\r
2099\r
2100 return Size;\r
2101}\r
2102\r
2103/**\r
2104 Get the IPsec Variable.\r
2105\r
2106 Get the all variables which start with the string contained in VaraiableName.\r
2107 Since all IPsec related variable store in continual space, those kinds of \r
2108 variable can be searched by the EfiGetNextVariableName. Those variables also are \r
2109 returned in a continual buffer.\r
2110 \r
2111 @param[in] VariableName Pointer to a specified Variable Name.\r
2112 @param[in] VendorGuid Pointer to a specified Vendor Guid.\r
2113 @param[in] Attributes Point to memory location to return the attributes \r
2114 of variable. If the point is NULL, the parameter \r
2115 would be ignored.\r
2116 @param[in, out] DataSize As input, point to the maximum size of return \r
2117 Data-Buffer. As output, point to the actual \r
2118 size of the returned Data-Buffer.\r
2119 @param[in] Data Point to return Data-Buffer.\r
2120 \r
2121 @retval EFI_ABORTED If the Variable size which contained in the variable\r
2122 structure doesn't match the variable size obtained \r
2123 from the EFIGetVariable.\r
2124 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has\r
2125 been updated with the size needed to complete the request. \r
2126 @retval EFI_SUCCESS The function completed successfully.\r
2127 @retval others Other errors found during the variable getting.\r
2128**/\r
2129EFI_STATUS\r
2130IpSecGetVariable (\r
2131 IN CHAR16 *VariableName,\r
2132 IN EFI_GUID *VendorGuid,\r
2133 IN UINT32 *Attributes, OPTIONAL\r
2134 IN OUT UINTN *DataSize,\r
2135 IN VOID *Data\r
2136 )\r
2137{\r
2138 EFI_STATUS Status;\r
2139 EFI_GUID VendorGuidI;\r
2140 UINTN VariableNameLength;\r
2141 CHAR16 *VariableNameI;\r
2142 UINTN VariableNameISize;\r
2143 UINTN VariableNameISizeNew;\r
2144 UINTN VariableIndex;\r
2145 UINTN VariableCount;\r
2146 IP_SEC_VARIABLE_INFO IpSecVariableInfo;\r
2147 UINTN DataSizeI;\r
2148\r
2149 //\r
2150 // The variable name constructor is "VariableName + Info/0001/0002/... + NULL".\r
2151 // So the varialbe name is like "VariableNameInfo", "VariableName0001", ...\r
2152 // "VariableNameNULL".\r
2153 //\r
2154 VariableNameLength = StrLen (VariableName);\r
2155 VariableNameISize = (VariableNameLength + 5) * sizeof (CHAR16);\r
2156 VariableNameI = AllocateZeroPool (VariableNameISize);\r
2157 ASSERT (VariableNameI != NULL);\r
2158 \r
2159 //\r
2160 // Construct the varible name of ipsecconfig meta data.\r
2161 //\r
2162 UnicodeSPrint (VariableNameI, VariableNameISize, L"%s%s", VariableName, L"Info");\r
2163\r
2164 DataSizeI = sizeof (IpSecVariableInfo);\r
2165\r
2166 Status = gRT->GetVariable (\r
2167 VariableNameI,\r
2168 VendorGuid,\r
2169 Attributes,\r
2170 &DataSizeI,\r
2171 &IpSecVariableInfo\r
2172 );\r
2173 if (EFI_ERROR (Status)) {\r
2174 goto ON_EXIT;\r
2175 }\r
2176\r
2177 if (*DataSize < IpSecVariableInfo.VariableSize) {\r
2178 *DataSize = IpSecVariableInfo.VariableSize;\r
2179 Status = EFI_BUFFER_TOO_SMALL;\r
2180 goto ON_EXIT;\r
2181 }\r
2182\r
2183 VariableCount = IpSecVariableInfo.VariableCount;\r
2184 VariableNameI[0] = L'\0';\r
2185\r
2186 while (VariableCount != 0) {\r
2187 //\r
2188 // Get the variable name one by one in the variable database.\r
2189 //\r
2190 VariableNameISizeNew = VariableNameISize;\r
2191 Status = gRT->GetNextVariableName (\r
2192 &VariableNameISizeNew,\r
2193 VariableNameI,\r
2194 &VendorGuidI\r
2195 );\r
2196 if (Status == EFI_BUFFER_TOO_SMALL) {\r
2197 VariableNameI = ReallocatePool (\r
2198 VariableNameISize,\r
2199 VariableNameISizeNew,\r
2200 VariableNameI\r
2201 );\r
2202 if (VariableNameI == NULL) {\r
2203 Status = EFI_OUT_OF_RESOURCES;\r
2204 break;\r
2205 }\r
2206 VariableNameISize = VariableNameISizeNew;\r
2207\r
2208 Status = gRT->GetNextVariableName (\r
2209 &VariableNameISizeNew,\r
2210 VariableNameI,\r
2211 &VendorGuidI\r
2212 );\r
2213 }\r
2214\r
2215 if (EFI_ERROR (Status)) {\r
2216 break;\r
2217 }\r
2218 //\r
2219 // Check whether the current variable is the required "ipsecconfig".\r
2220 //\r
2221 if (StrnCmp (VariableNameI, VariableName, VariableNameLength) == 0 ||\r
2222 CompareGuid (VendorGuid, &VendorGuidI)\r
2223 ) {\r
2224 //\r
2225 // Parse the variable count of the current ipsecconfig data.\r
2226 //\r
2227 VariableIndex = StrDecimalToUintn (VariableNameI + VariableNameLength);\r
2228 if (VariableIndex!= 0 && VariableIndex <= IpSecVariableInfo.VariableCount) {\r
2229 //\r
2230 // Get the variable size of the current ipsecconfig data.\r
2231 //\r
2232 DataSizeI = 0;\r
2233 Status = gRT->GetVariable (\r
2234 VariableNameI,\r
2235 VendorGuid,\r
2236 Attributes,\r
2237 &DataSizeI,\r
2238 NULL\r
2239 );\r
2240 ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
2241 //\r
2242 // Validate the variable count and variable size.\r
2243 //\r
2244 if (VariableIndex != IpSecVariableInfo.VariableCount) {\r
2245 //\r
2246 // If the varaibe is not the last one, its size should be the max\r
2247 // size of the single variable.\r
2248 //\r
2249 if (DataSizeI != IpSecVariableInfo.SingleVariableSize) {\r
2250 return EFI_ABORTED;\r
2251 }\r
2252 } else {\r
2253 if (DataSizeI != IpSecVariableInfo.VariableSize % IpSecVariableInfo.SingleVariableSize) {\r
2254 return EFI_ABORTED;\r
2255 }\r
2256 }\r
2257 //\r
2258 // Get the variable data of the current ipsecconfig data and\r
2259 // store it into user buffer continously.\r
2260 //\r
2261 Status = gRT->GetVariable (\r
2262 VariableNameI,\r
2263 VendorGuid,\r
2264 Attributes,\r
2265 &DataSizeI,\r
2266 (UINT8 *) Data + (VariableIndex - 1) * IpSecVariableInfo.SingleVariableSize\r
2267 );\r
2268 ASSERT_EFI_ERROR (Status);\r
2269 VariableCount--;\r
2270 }\r
2271 }\r
2272 }\r
2273 //\r
2274 // The VariableCount in "VariableNameInfo" varaible should have the correct\r
2275 // numbers of variables which name starts with VariableName.\r
2276 //\r
2277 if (VariableCount != 0) {\r
2278 Status = EFI_ABORTED;\r
2279 }\r
2280\r
2281ON_EXIT:\r
2282 if (VariableNameI != NULL) {\r
2283 FreePool (VariableNameI);\r
2284 }\r
2285 return Status;\r
2286}\r
2287\r
2288/**\r
2289 Set the IPsec variables.\r
2290\r
2291 Set all IPsec variables which start with the specified variable name. Those variables\r
2292 are set one by one.\r
2293\r
2294 @param[in] VariableName The name of the vendor's variable. It is a\r
2295 Null-Terminated Unicode String.\r
2296 @param[in] VendorGuid Unify identifier for vendor.\r
2297 @param[in] Attributes Point to memory location to return the attributes of \r
2298 variable. If the point is NULL, the parameter would be ignored.\r
2299 @param[in] DataSize The size in bytes of Data-Buffer.\r
2300 @param[in] Data Points to the content of the variable.\r
2301\r
2302 @retval EFI_SUCCESS The firmware successfully stored the variable and its data, as\r
2303 defined by the Attributes.\r
2304 @retval others Storing the variables failed. \r
2305\r
2306**/\r
2307EFI_STATUS\r
2308IpSecSetVariable (\r
2309 IN CHAR16 *VariableName,\r
2310 IN EFI_GUID *VendorGuid,\r
2311 IN UINT32 Attributes,\r
2312 IN UINTN DataSize,\r
2313 IN VOID *Data\r
2314 )\r
2315{\r
2316 EFI_STATUS Status;\r
2317 CHAR16 *VariableNameI;\r
2318 UINTN VariableNameSize;\r
2319 UINTN VariableIndex;\r
2320 IP_SEC_VARIABLE_INFO IpSecVariableInfo;\r
2321 UINT64 MaximumVariableStorageSize;\r
2322 UINT64 RemainingVariableStorageSize;\r
2323 UINT64 MaximumVariableSize;\r
2324\r
2325 Status = gRT->QueryVariableInfo (\r
2326 Attributes,\r
2327 &MaximumVariableStorageSize,\r
2328 &RemainingVariableStorageSize,\r
2329 &MaximumVariableSize\r
2330 );\r
2331 if (EFI_ERROR (Status)) {\r
2332 return Status;\r
2333 }\r
2334 \r
2335 //\r
2336 // "VariableName + Info/0001/0002/... + NULL"\r
2337 //\r
2338 VariableNameSize = (StrLen (VariableName) + 5) * sizeof (CHAR16);\r
2339 VariableNameI = AllocateZeroPool (VariableNameSize);\r
2340\r
2341 if (VariableNameI == NULL) {\r
2342 Status = EFI_OUT_OF_RESOURCES;\r
2343 goto ON_EXIT;\r
2344 }\r
2345 //\r
2346 // Construct the variable of ipsecconfig general information. Like the total\r
2347 // numbers of the Ipsecconfig variables, the total size of all ipsecconfig variables.\r
2348 //\r
2349 UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%s", VariableName, L"Info");\r
2350 MaximumVariableSize -= VariableNameSize;\r
2351 \r
2352 IpSecVariableInfo.VariableCount = (UINT32) ((DataSize + (UINTN) MaximumVariableSize - 1) / (UINTN) MaximumVariableSize);\r
2353 IpSecVariableInfo.VariableSize = (UINT32) DataSize;\r
2354 IpSecVariableInfo.SingleVariableSize = (UINT32) MaximumVariableSize;\r
2355\r
2356 //\r
2357 // Set the variable of ipsecconfig general information.\r
2358 //\r
2359 Status = gRT->SetVariable (\r
2360 VariableNameI,\r
2361 VendorGuid,\r
2362 Attributes,\r
2363 sizeof (IpSecVariableInfo),\r
2364 &IpSecVariableInfo\r
2365 );\r
2366 if (EFI_ERROR (Status)) {\r
2367 DEBUG ((DEBUG_ERROR, "Error set ipsecconfig meta data with %r\n", Status));\r
2368 goto ON_EXIT;\r
2369 }\r
2370\r
2371 for (VariableIndex = 0; VariableIndex < IpSecVariableInfo.VariableCount; VariableIndex++) {\r
2372 //\r
2373 // Construct and set the variable of ipsecconfig data one by one.\r
2374 // The index of variable name begin from 0001, and the varaible name\r
2375 // likes "VariableName0001", "VaraiableName0002"....\r
2376 // \r
2377 UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%04d", VariableName, VariableIndex + 1);\r
2378 Status = gRT->SetVariable (\r
2379 VariableNameI,\r
2380 VendorGuid,\r
2381 Attributes,\r
2382 (VariableIndex == IpSecVariableInfo.VariableCount - 1) ?\r
2383 (DataSize % (UINTN) MaximumVariableSize) :\r
2384 (UINTN) MaximumVariableSize,\r
2385 (UINT8 *) Data + VariableIndex * (UINTN) MaximumVariableSize\r
2386 );\r
2387\r
2388 if (EFI_ERROR (Status)) {\r
2389 DEBUG ((DEBUG_ERROR, "Error set ipsecconfig variable data with %r\n", Status));\r
2390 goto ON_EXIT;\r
2391 }\r
2392 }\r
2393\r
2394ON_EXIT:\r
2395 if (VariableNameI != NULL) {\r
2396 FreePool (VariableNameI);\r
2397 }\r
2398\r
2399 return Status;\r
2400}\r
2401\r
2402/**\r
2403 Return the configuration value for the EFI IPsec driver. \r
2404\r
2405 This function lookup the data entry from IPsec database or IKEv2 configuration\r
2406 information. The expected data type and unique identification are described in\r
2407 DataType and Selector parameters. \r
2408\r
2409 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
2410 @param[in] DataType The type of data to retrieve.\r
2411 @param[in] Selector Pointer to an entry selector that is an identifier of the IPsec \r
2412 configuration data entry.\r
2413 @param[in, out] DataSize On output the size of data returned in Data.\r
2414 @param[out] Data The buffer to return the contents of the IPsec configuration data. \r
2415 The type of the data buffer associated with the DataType. \r
2416 \r
2417 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
2418 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r
2419 - This is NULL.\r
2420 - Selector is NULL.\r
2421 - DataSize is NULL.\r
2422 - Data is NULL and *DataSize is not zero\r
2423 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.\r
2424 @retval EFI_UNSUPPORTED The specified DataType is not supported.\r
2425 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been\r
2426 updated with the size needed to complete the request.\r
2427\r
2428**/\r
2429EFI_STATUS\r
2430EFIAPI\r
2431EfiIpSecConfigGetData (\r
2432 IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
2433 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2434 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
2435 IN OUT UINTN *DataSize,\r
2436 OUT VOID *Data\r
2437 )\r
2438{\r
2439 if (This == NULL || Selector == NULL || DataSize == NULL) {\r
2440 return EFI_INVALID_PARAMETER;\r
2441 }\r
2442\r
2443 if (*DataSize != 0 && Data == NULL) {\r
2444 return EFI_INVALID_PARAMETER;\r
2445 }\r
2446\r
2447 if (DataType >= IPsecConfigDataTypeMaximum) {\r
2448 return EFI_UNSUPPORTED;\r
2449 }\r
2450\r
2451 return mGetPolicyEntry[DataType](Selector, DataSize, Data);\r
2452}\r
2453\r
2454/**\r
2455 Set the security association, security policy and peer authorization configuration\r
2456 information for the EFI IPsec driver. \r
2457\r
2458 This function is used to set the IPsec configuration information of type DataType for\r
2459 the EFI IPsec driver.\r
2460 The IPsec configuration data has a unique selector/identifier separately to identify\r
2461 a data entry. The selector structure depends on DataType's definition.\r
2462 Using SetData() with a Data of NULL causes the IPsec configuration data entry identified\r
2463 by DataType and Selector to be deleted. \r
2464\r
2465 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
2466 @param[in] DataType The type of data to be set.\r
2467 @param[in] Selector Pointer to an entry selector on operated configuration data \r
2468 specified by DataType. A NULL Selector causes the entire \r
2469 specified-type configuration information to be flushed.\r
2470 @param[in] Data The data buffer to be set. The structure of the data buffer is \r
2471 associated with the DataType.\r
2472 @param[in] InsertBefore Pointer to one entry selector which describes the expected\r
2473 position the new data entry will be added. If InsertBefore is NULL,\r
2474 the new entry will be appended to the end of the database.\r
2475 \r
2476 @retval EFI_SUCCESS The specified configuration entry data was set successfully.\r
2477 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:\r
2478 - This is NULL.\r
2479 @retval EFI_UNSUPPORTED The specified DataType is not supported.\r
2480 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.\r
2481\r
2482**/\r
2483EFI_STATUS\r
2484EFIAPI\r
2485EfiIpSecConfigSetData (\r
2486 IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
2487 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2488 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
2489 IN VOID *Data,\r
2490 IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore OPTIONAL\r
2491 )\r
2492{\r
2493 EFI_STATUS Status;\r
2494\r
2495 if (This == NULL) {\r
2496 return EFI_INVALID_PARAMETER;\r
2497 }\r
2498\r
2499 if (DataType >= IPsecConfigDataTypeMaximum) {\r
2500 return EFI_UNSUPPORTED;\r
2501 }\r
2502 \r
2503 Status = mSetPolicyEntry[DataType](Selector, Data, InsertBefore);\r
2504\r
2505 if (!EFI_ERROR (Status) && !mSetBySelf) {\r
2506 //\r
2507 // Save the updated config data into variable.\r
2508 //\r
2509 IpSecConfigSave ();\r
2510 }\r
2511\r
2512 return Status;\r
2513}\r
2514\r
2515/**\r
2516 Enumerates the current selector for IPsec configuration data entry. \r
2517\r
2518 This function is called multiple times to retrieve the entry Selector in IPsec\r
2519 configuration database. On each call to GetNextSelector(), the next entry \r
2520 Selector are retrieved into the output interface.\r
2521 \r
2522 If the entire IPsec configuration database has been iterated, the error \r
2523 EFI_NOT_FOUND is returned.\r
2524 If the Selector buffer is too small for the next Selector copy, an \r
2525 EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect \r
2526 the size of buffer needed.\r
2527\r
2528 On the initial call to GetNextSelector() to start the IPsec configuration database\r
2529 search, a pointer to the buffer with all zero value is passed in Selector. Calls \r
2530 to SetData() between calls to GetNextSelector may produce unpredictable results. \r
2531\r
2532 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
2533 @param[in] DataType The type of IPsec configuration data to retrieve.\r
2534 @param[in, out] SelectorSize The size of the Selector buffer.\r
2535 @param[in, out] Selector On input, supplies the pointer to last Selector that was \r
2536 returned by GetNextSelector().\r
2537 On output, returns one copy of the current entry Selector\r
2538 of a given DataType. \r
2539 \r
2540 @retval EFI_SUCCESS The specified configuration data was obtained successfully.\r
2541 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:\r
2542 - This is NULL.\r
2543 - SelectorSize is NULL.\r
2544 - Selector is NULL.\r
2545 @retval EFI_NOT_FOUND The next configuration data entry was not found.\r
2546 @retval EFI_UNSUPPORTED The specified DataType is not supported.\r
2547 @retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter\r
2548 has been updated with the size needed to complete the search \r
2549 request.\r
2550\r
2551**/\r
2552EFI_STATUS\r
2553EFIAPI\r
2554EfiIpSecConfigGetNextSelector (\r
2555 IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
2556 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2557 IN OUT UINTN *SelectorSize,\r
2558 IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector\r
2559 )\r
2560{\r
2561 LIST_ENTRY *Link;\r
2562 IPSEC_COMMON_POLICY_ENTRY *CommonEntry;\r
2563 BOOLEAN IsFound;\r
2564\r
2565 if (This == NULL || Selector == NULL || SelectorSize == NULL) {\r
2566 return EFI_INVALID_PARAMETER;\r
2567 }\r
2568\r
2569 if (DataType >= IPsecConfigDataTypeMaximum) {\r
2570 return EFI_UNSUPPORTED;\r
2571 }\r
2572\r
2573 IsFound = FALSE;\r
2574\r
2575 NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {\r
2576 CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);\r
2577\r
2578 if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {\r
2579 //\r
2580 // If found the appointed entry, then duplicate the next one and return,\r
2581 // or if the appointed entry is zero, then return the first one directly.\r
2582 //\r
2583 return mDuplicateSelector[DataType](Selector, CommonEntry->Selector, SelectorSize);\r
2584 } else {\r
2585 //\r
2586 // Set the flag if find the appointed entry.\r
2587 //\r
2588 IsFound = mCompareSelector[DataType](Selector, CommonEntry->Selector);\r
2589 }\r
2590 }\r
2591\r
2592 return EFI_NOT_FOUND;\r
2593}\r
2594\r
2595/**\r
2596 Register an event that is to be signaled whenever a configuration process on the\r
2597 specified IPsec configuration information is done. \r
2598\r
2599 The register function is not surpport now and always returns EFI_UNSUPPORTED.\r
2600 \r
2601 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
2602 @param[in] DataType The type of data to be registered the event for.\r
2603 @param[in] Event The event to be registered.\r
2604 \r
2605 @retval EFI_SUCCESS The event is registered successfully.\r
2606 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.\r
2607 @retval EFI_ACCESS_DENIED The Event is already registered for the DataType.\r
2608 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified\r
2609 DataType is not supported.\r
2610\r
2611**/\r
2612EFI_STATUS\r
2613EFIAPI\r
2614EfiIpSecConfigRegisterNotify (\r
2615 IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
2616 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2617 IN EFI_EVENT Event\r
2618 )\r
2619{\r
2620 return EFI_UNSUPPORTED;\r
2621}\r
2622\r
2623/**\r
2624 Remove the specified event that was previously registered on the specified IPsec\r
2625 configuration data. \r
2626\r
2627 This function is not support now and alwasy return EFI_UNSUPPORTED.\r
2628\r
2629 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.\r
2630 @param[in] DataType The configuration data type to remove the registered event for.\r
2631 @param[in] Event The event to be unregistered.\r
2632 \r
2633 @retval EFI_SUCCESS The event was removed successfully.\r
2634 @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the \r
2635 database.\r
2636 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.\r
2637 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified\r
2638 DataType is not supported.\r
2639\r
2640**/\r
2641EFI_STATUS\r
2642EFIAPI\r
2643EfiIpSecConfigUnregisterNotify (\r
2644 IN EFI_IPSEC_CONFIG_PROTOCOL *This,\r
2645 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2646 IN EFI_EVENT Event\r
2647 )\r
2648{\r
2649 return EFI_UNSUPPORTED;\r
2650}\r
2651\r
2652/**\r
2653 Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.\r
2654\r
2655 This function is a caller defined function, and it is called by the IpSecVisitConfigData().\r
2656 The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to \r
2657 copy all types of IPsec Config datas into one buffer and store this buffer into firmware in\r
2658 the form of several variables.\r
2659 \r
2660 @param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.\r
2661 @param[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied\r
2662 to the buffer.\r
2663 @param[in] Data Points to data to be copied to the buffer. The\r
2664 Data type is related to the Type.\r
2665 @param[in] SelectorSize The size of the Selector.\r
2666 @param[in] DataSize The size of the Data.\r
2667 @param[in, out] Buffer The buffer to store the Selector and Data.\r
2668\r
2669 @retval EFI_SUCCESS Copy the Selector and Data to a buffer successfully.\r
2670 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r
2671\r
2672**/\r
2673EFI_STATUS\r
2674IpSecCopyPolicyEntry (\r
2675 IN EFI_IPSEC_CONFIG_DATA_TYPE Type,\r
2676 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
2677 IN VOID *Data,\r
2678 IN UINTN SelectorSize,\r
2679 IN UINTN DataSize,\r
2680 IN OUT IPSEC_VARIABLE_BUFFER *Buffer\r
2681 )\r
2682{\r
2683 IPSEC_VAR_ITEM_HEADER SelectorHeader;\r
2684 IPSEC_VAR_ITEM_HEADER DataHeader;\r
2685 UINTN EntrySize;\r
2686 UINT8 *TempPoint;\r
2687 \r
2688 if (Type == IPsecConfigDataTypeSad) {\r
2689 //\r
2690 // Don't save automatically-generated SA entry into variable.\r
2691 //\r
2692 if (((EFI_IPSEC_SA_DATA2 *) Data)->ManualSet == FALSE) {\r
2693 return EFI_SUCCESS;\r
2694 }\r
2695 }\r
2696 //\r
2697 // Increase the capacity size of the buffer if needed.\r
2698 //\r
2699 EntrySize = ALIGN_VARIABLE (sizeof (SelectorHeader));\r
2700 EntrySize = ALIGN_VARIABLE (EntrySize + SelectorSize);\r
2701 EntrySize = ALIGN_VARIABLE (EntrySize + sizeof (SelectorHeader));\r
2702 EntrySize = ALIGN_VARIABLE (EntrySize + DataSize);\r
2703 \r
2704 //EntrySize = SelectorSize + DataSize + 2 * sizeof (SelectorHeader);\r
2705 if (Buffer->Capacity - Buffer->Size < EntrySize) {\r
2706 //\r
2707 // Calculate the required buffer\r
2708 //\r
2709 Buffer->Capacity += EntrySize;\r
2710 TempPoint = AllocatePool (Buffer->Capacity);\r
2711 \r
2712 if (TempPoint == NULL) {\r
2713 return EFI_OUT_OF_RESOURCES;\r
2714 }\r
2715 //\r
2716 // Copy the old Buffer to new buffer and free the old one.\r
2717 //\r
2718 CopyMem (TempPoint, Buffer->Ptr, Buffer->Size);\r
2719 FreePool (Buffer->Ptr);\r
2720 \r
2721 Buffer->Ptr = TempPoint; \r
2722 }\r
2723\r
2724 mFixPolicyEntry[Type](Selector, Data);\r
2725\r
2726 //\r
2727 // Fill the selector header and copy it into buffer.\r
2728 //\r
2729 SelectorHeader.Type = (UINT8) (Type | IPSEC_VAR_ITEM_HEADER_LOGO_BIT);\r
2730 SelectorHeader.Size = (UINT16) SelectorSize;\r
2731\r
2732 CopyMem (\r
2733 Buffer->Ptr + Buffer->Size,\r
2734 &SelectorHeader,\r
2735 sizeof (SelectorHeader)\r
2736 );\r
2737 Buffer->Size = ALIGN_VARIABLE (Buffer->Size + sizeof (SelectorHeader));\r
2738 \r
2739 //\r
2740 // Copy the selector into buffer.\r
2741 //\r
2742 CopyMem (\r
2743 Buffer->Ptr + Buffer->Size,\r
2744 Selector,\r
2745 SelectorSize\r
2746 );\r
2747 Buffer->Size = ALIGN_VARIABLE (Buffer->Size + SelectorSize);\r
2748\r
2749 //\r
2750 // Fill the data header and copy it into buffer.\r
2751 //\r
2752 DataHeader.Type = (UINT8) Type;\r
2753 DataHeader.Size = (UINT16) DataSize;\r
2754\r
2755 CopyMem (\r
2756 Buffer->Ptr + Buffer->Size,\r
2757 &DataHeader,\r
2758 sizeof (DataHeader)\r
2759 );\r
2760 Buffer->Size = ALIGN_VARIABLE (Buffer->Size + sizeof (DataHeader));\r
2761 //\r
2762 // Copy the data into buffer.\r
2763 //\r
2764 CopyMem (\r
2765 Buffer->Ptr + Buffer->Size,\r
2766 Data,\r
2767 DataSize\r
2768 );\r
2769 Buffer->Size = ALIGN_VARIABLE (Buffer->Size + DataSize);\r
2770 \r
2771 mUnfixPolicyEntry[Type](Selector, Data);\r
2772\r
2773 return EFI_SUCCESS;\r
2774}\r
2775\r
2776/**\r
2777 Visit all IPsec Configurations of specified Type and call the caller defined\r
2778 interface.\r
2779\r
2780 @param[in] DataType The specified IPsec Config Data Type.\r
2781 @param[in] Routine The function defined by the caller.\r
2782 @param[in] Context The data passed to the Routine.\r
2783\r
2784 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated\r
2785 @retval EFI_SUCCESS This function completed successfully.\r
2786\r
2787**/\r
2788EFI_STATUS\r
2789IpSecVisitConfigData (\r
2790 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
2791 IN IPSEC_COPY_POLICY_ENTRY Routine,\r
2792 IN VOID *Context\r
2793 )\r
2794{\r
2795 EFI_STATUS GetNextStatus;\r
2796 EFI_STATUS GetDataStatus;\r
2797 EFI_STATUS RoutineStatus;\r
2798 EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
2799 VOID *Data;\r
2800 UINTN SelectorSize;\r
2801 UINTN DataSize;\r
2802 UINTN SelectorBufferSize;\r
2803 UINTN DataBufferSize;\r
2804 BOOLEAN FirstGetNext;\r
2805\r
2806 FirstGetNext = TRUE;\r
2807 DataBufferSize = 0;\r
2808 Data = NULL;\r
2809 SelectorBufferSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);\r
2810 Selector = AllocateZeroPool (SelectorBufferSize);\r
2811\r
2812 if (Selector == NULL) {\r
2813 return EFI_OUT_OF_RESOURCES;\r
2814 }\r
2815\r
2816 while (TRUE) {\r
2817 //\r
2818 // Get the real size of the selector.\r
2819 //\r
2820 SelectorSize = SelectorBufferSize;\r
2821 GetNextStatus = EfiIpSecConfigGetNextSelector (\r
2822 &mIpSecConfigInstance,\r
2823 DataType,\r
2824 &SelectorSize,\r
2825 Selector\r
2826 );\r
2827 if (GetNextStatus == EFI_BUFFER_TOO_SMALL) {\r
2828 FreePool (Selector);\r
2829 SelectorBufferSize = SelectorSize;\r
2830 //\r
2831 // Allocate zero pool for the first selector, while store the last\r
2832 // selector content for the other selectors.\r
2833 //\r
2834 if (FirstGetNext) {\r
2835 Selector = AllocateZeroPool (SelectorBufferSize);\r
2836 } else {\r
2837 Selector = AllocateCopyPool (SelectorBufferSize, Selector);\r
2838 }\r
2839\r
2840 if (Selector == NULL) {\r
2841 return EFI_OUT_OF_RESOURCES;\r
2842 }\r
2843 //\r
2844 // Get the content of the selector.\r
2845 //\r
2846 GetNextStatus = EfiIpSecConfigGetNextSelector (\r
2847 &mIpSecConfigInstance,\r
2848 DataType,\r
2849 &SelectorSize,\r
2850 Selector\r
2851 );\r
2852 }\r
2853\r
2854 if (EFI_ERROR (GetNextStatus)) {\r
2855 break;\r
2856 }\r
2857\r
2858 FirstGetNext = FALSE;\r
2859\r
2860 //\r
2861 // Get the real size of the policy entry according to the selector.\r
2862 //\r
2863 DataSize = DataBufferSize;\r
2864 GetDataStatus = EfiIpSecConfigGetData (\r
2865 &mIpSecConfigInstance,\r
2866 DataType,\r
2867 Selector,\r
2868 &DataSize,\r
2869 Data\r
2870 );\r
2871 if (GetDataStatus == EFI_BUFFER_TOO_SMALL) {\r
2872 if (Data != NULL) {\r
2873 FreePool (Data);\r
2874 }\r
2875\r
2876 DataBufferSize = DataSize;\r
2877 Data = AllocateZeroPool (DataBufferSize);\r
2878\r
2879 if (Data == NULL) {\r
2880 return EFI_OUT_OF_RESOURCES;\r
2881 }\r
2882 //\r
2883 // Get the content of the policy entry according to the selector.\r
2884 //\r
2885 GetDataStatus = EfiIpSecConfigGetData (\r
2886 &mIpSecConfigInstance,\r
2887 DataType,\r
2888 Selector,\r
2889 &DataSize,\r
2890 Data\r
2891 );\r
2892 }\r
2893\r
2894 if (EFI_ERROR (GetDataStatus)) {\r
2895 break;\r
2896 }\r
2897 //\r
2898 // Prepare the buffer of updated policy entry, which is stored in\r
2899 // the continous memory, and then save into variable later.\r
2900 //\r
2901 RoutineStatus = Routine (\r
2902 DataType,\r
2903 Selector,\r
2904 Data,\r
2905 SelectorSize,\r
2906 DataSize,\r
2907 Context\r
2908 );\r
2909 if (EFI_ERROR (RoutineStatus)) {\r
2910 break;\r
2911 }\r
2912 }\r
2913\r
2914 if (Data != NULL) {\r
2915 FreePool (Data);\r
2916 }\r
2917\r
2918 if (Selector != NULL) {\r
2919 FreePool (Selector);\r
2920 }\r
2921\r
2922 return EFI_SUCCESS;\r
2923}\r
2924\r
2925/**\r
2926 This function is the subfunction of EFIIpSecConfigSetData.\r
2927\r
2928 This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.\r
2929\r
2930 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.\r
2931 @retval EFI_SUCCESS Saved the configration successfully.\r
2932 @retval Others Other errors were found while obtaining the variable.\r
2933\r
2934**/\r
2935EFI_STATUS\r
2936IpSecConfigSave (\r
2937 VOID\r
2938 )\r
2939{\r
2940 IPSEC_VARIABLE_BUFFER Buffer;\r
2941 EFI_STATUS Status;\r
2942 EFI_IPSEC_CONFIG_DATA_TYPE Type;\r
2943\r
2944 Buffer.Size = 0;\r
2945 Buffer.Capacity = IPSEC_DEFAULT_VARIABLE_SIZE;\r
2946 Buffer.Ptr = AllocateZeroPool (Buffer.Capacity);\r
2947\r
2948 if (Buffer.Ptr == NULL) {\r
2949 return EFI_OUT_OF_RESOURCES;\r
2950 }\r
2951 //\r
2952 // For each policy database, prepare the contious buffer to save into variable.\r
2953 //\r
2954 for (Type = IPsecConfigDataTypeSpd; Type < IPsecConfigDataTypeMaximum; Type++) {\r
2955 IpSecVisitConfigData (\r
2956 Type,\r
2957 (IPSEC_COPY_POLICY_ENTRY) IpSecCopyPolicyEntry,\r
2958 &Buffer\r
2959 );\r
2960 }\r
2961 //\r
2962 // Save the updated policy database into variable.\r
2963 //\r
2964 Status = IpSecSetVariable (\r
2965 IPSECCONFIG_VARIABLE_NAME,\r
2966 &gEfiIpSecConfigProtocolGuid,\r
2967 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
2968 Buffer.Size,\r
2969 Buffer.Ptr\r
2970 );\r
2971\r
2972 FreePool (Buffer.Ptr);\r
2973\r
2974 return Status;\r
2975}\r
2976\r
2977/**\r
2978 Get the all IPSec configuration variables and store those variables\r
2979 to the internal data structure.\r
2980\r
2981 This founction is called by IpSecConfigInitialize() which is to intialize the \r
2982 IPsecConfiguration Protocol.\r
2983\r
2984 @param[in] Private Point to IPSEC_PRIVATE_DATA.\r
2985\r
2986 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated\r
2987 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.\r
2988 @retval others Other errors is found while obtaining the variable.\r
2989\r
2990**/\r
2991EFI_STATUS\r
2992IpSecConfigRestore (\r
2993 IN IPSEC_PRIVATE_DATA *Private\r
2994 )\r
2995{\r
2996 EFI_STATUS Status;\r
2997 UINTN BufferSize;\r
2998 UINT8 *Buffer;\r
2999 IPSEC_VAR_ITEM_HEADER *Header;\r
3000 UINT8 *Ptr;\r
3001 EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
3002 EFI_IPSEC_CONFIG_DATA_TYPE Type;\r
3003 VOID *Data;\r
3004 UINT8 Value;\r
3005 UINTN Size;\r
3006\r
3007 Value = 0;\r
3008 Size = sizeof (Value);\r
3009 BufferSize = 0;\r
3010 Buffer = NULL;\r
3011\r
3012 Status = gRT->GetVariable (\r
3013 IPSECCONFIG_STATUS_NAME,\r
3014 &gEfiIpSecConfigProtocolGuid,\r
3015 NULL,\r
3016 &Size,\r
3017 &Value\r
3018 );\r
3019\r
3020 if (!EFI_ERROR (Status) && Value == IPSEC_STATUS_ENABLED) {\r
3021 Private->IpSec.DisabledFlag = FALSE;\r
3022 }\r
3023 //\r
3024 // Get the real size of policy database in variable.\r
3025 //\r
3026 Status = IpSecGetVariable (\r
3027 IPSECCONFIG_VARIABLE_NAME,\r
3028 &gEfiIpSecConfigProtocolGuid,\r
3029 NULL,\r
3030 &BufferSize,\r
3031 Buffer\r
3032 );\r
3033 if (Status == EFI_BUFFER_TOO_SMALL) {\r
3034\r
3035 Buffer = AllocateZeroPool (BufferSize);\r
3036 if (Buffer == NULL) {\r
3037 return EFI_OUT_OF_RESOURCES;\r
3038 }\r
3039 //\r
3040 // Get the content of policy database in variable.\r
3041 //\r
3042 Status = IpSecGetVariable (\r
3043 IPSECCONFIG_VARIABLE_NAME,\r
3044 &gEfiIpSecConfigProtocolGuid,\r
3045 NULL,\r
3046 &BufferSize,\r
3047 Buffer\r
3048 );\r
3049 if (EFI_ERROR (Status)) {\r
3050 FreePool (Buffer);\r
3051 return Status;\r
3052 }\r
3053\r
3054 for (Ptr = Buffer; Ptr < Buffer + BufferSize;) {\r
3055\r
3056 Header = (IPSEC_VAR_ITEM_HEADER *) Ptr;\r
3057 Type = (EFI_IPSEC_CONFIG_DATA_TYPE) (Header->Type & IPSEC_VAR_ITEM_HEADER_CONTENT_BIT);\r
3058 ASSERT (((Header->Type & 0x80) == IPSEC_VAR_ITEM_HEADER_LOGO_BIT) && (Type < IPsecConfigDataTypeMaximum));\r
3059 \r
3060 Selector = (EFI_IPSEC_CONFIG_SELECTOR *) ALIGN_POINTER (Header + 1, sizeof (UINTN));\r
3061 Header = (IPSEC_VAR_ITEM_HEADER *) ALIGN_POINTER (\r
3062 (UINT8 *) Selector + Header->Size, \r
3063 sizeof (UINTN)\r
3064 );\r
3065 ASSERT (Header->Type == Type);\r
3066\r
3067 Data = ALIGN_POINTER (Header + 1, sizeof (UINTN));\r
3068\r
3069 mUnfixPolicyEntry[Type](Selector, Data);\r
3070\r
3071 //\r
3072 // Update each policy entry according to the content in variable.\r
3073 //\r
3074 mSetBySelf = TRUE;\r
3075 Status = EfiIpSecConfigSetData (\r
3076 &Private->IpSecConfig,\r
3077 Type,\r
3078 Selector,\r
3079 Data,\r
3080 NULL\r
3081 );\r
3082 mSetBySelf = FALSE;\r
3083\r
3084 if (EFI_ERROR (Status)) {\r
3085 FreePool (Buffer);\r
3086 return Status;\r
3087 }\r
3088\r
3089 Ptr = ALIGN_POINTER ((UINT8 *) Data + Header->Size, sizeof (UINTN));\r
3090 }\r
3091\r
3092 FreePool (Buffer);\r
3093 }\r
3094\r
3095 return EFI_SUCCESS;\r
3096}\r
3097\r
3098/**\r
3099 Install and Initialize IPsecConfig protocol\r
3100\r
3101 @param[in, out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish,\r
3102 the pointer of IPsecConfig Protocol implementation will copy\r
3103 into its IPsecConfig member.\r
3104\r
3105 @retval EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.\r
3106 @retval Others Initializing the IPsecConfig Protocol failed.\r
3107**/\r
3108EFI_STATUS\r
3109IpSecConfigInitialize (\r
3110 IN OUT IPSEC_PRIVATE_DATA *Private\r
3111 )\r
3112{\r
3113 EFI_IPSEC_CONFIG_DATA_TYPE Type;\r
3114\r
3115 CopyMem (\r
3116 &Private->IpSecConfig,\r
3117 &mIpSecConfigInstance,\r
3118 sizeof (EFI_IPSEC_CONFIG_PROTOCOL)\r
3119 );\r
3120\r
3121 //\r
3122 // Initialize the list head of policy database.\r
3123 //\r
3124 for (Type = IPsecConfigDataTypeSpd; Type < IPsecConfigDataTypeMaximum; Type++) {\r
3125 InitializeListHead (&mConfigData[Type]);\r
3126 }\r
3127 //\r
3128 // Restore the content of policy database according to the variable.\r
3129 //\r
3130 IpSecConfigRestore (Private);\r
3131\r
3132 return gBS->InstallMultipleProtocolInterfaces (\r
3133 &Private->Handle,\r
3134 &gEfiIpSecConfigProtocolGuid,\r
3135 &Private->IpSecConfig,\r
3136 NULL\r
3137 );\r
3138}\r
EFI Development Kit II mirror for PVE