05df9fa9198ee1e839a4907d017930cec8630f8e
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
1 /** @file
2 The implementation of policy entry operation function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 #include "Helper.h"
20 #include "ForEach.h"
21 #include "PolicyEntryOperation.h"
22
23 /**
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
25
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
27 @param[in] ParamPackage The pointer to the ParamPackage list.
28 @param[in, out] Mask The pointer to the Mask.
29
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
32
33 **/
34 EFI_STATUS
35 CreateSpdSelector (
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,
37 IN LIST_ENTRY *ParamPackage,
38 IN OUT UINT32 *Mask
39 )
40 {
41 EFI_STATUS Status;
42 EFI_STATUS ReturnStatus;
43 CONST CHAR16 *ValueStr;
44
45 Status = EFI_SUCCESS;
46 ReturnStatus = EFI_SUCCESS;
47
48 //
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
50 //
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
52 if (ValueStr != NULL) {
53 Selector->LocalAddressCount = 1;
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
55 if (EFI_ERROR (Status)) {
56 ShellPrintHiiEx (
57 -1,
58 -1,
59 NULL,
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
61 mHiiHandle,
62 mAppName,
63 L"--local",
64 ValueStr
65 );
66 ReturnStatus = EFI_INVALID_PARAMETER;
67 } else {
68 *Mask |= LOCAL;
69 }
70 }
71
72 //
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
74 //
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
76 if (ValueStr != NULL) {
77 Selector->RemoteAddressCount = 1;
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
79 if (EFI_ERROR (Status)) {
80 ShellPrintHiiEx (
81 -1,
82 -1,
83 NULL,
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
85 mHiiHandle,
86 mAppName,
87 L"--remote",
88 ValueStr
89 );
90 ReturnStatus = EFI_INVALID_PARAMETER;
91 } else {
92 *Mask |= REMOTE;
93 }
94 }
95
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
97
98 //
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
100 //
101 Status = GetNumber (
102 L"--proto",
103 (UINT16) -1,
104 &Selector->NextLayerProtocol,
105 sizeof (UINT16),
106 mMapIpProtocol,
107 ParamPackage,
108 FORMAT_NUMBER | FORMAT_STRING
109 );
110 if (!EFI_ERROR (Status)) {
111 *Mask |= PROTO;
112 }
113
114 if (Status == EFI_INVALID_PARAMETER) {
115 ReturnStatus = EFI_INVALID_PARAMETER;
116 }
117
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;
120
121 //
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
123 //
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
125 if (ValueStr != NULL) {
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
127 if (EFI_ERROR (Status)) {
128 ShellPrintHiiEx (
129 -1,
130 -1,
131 NULL,
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
133 mHiiHandle,
134 mAppName,
135 L"--local-port",
136 ValueStr
137 );
138 ReturnStatus = EFI_INVALID_PARAMETER;
139 } else {
140 *Mask |= LOCAL_PORT;
141 }
142 }
143
144 //
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
146 //
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
148 if (ValueStr != NULL) {
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
150 if (EFI_ERROR (Status)) {
151 ShellPrintHiiEx (
152 -1,
153 -1,
154 NULL,
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
156 mHiiHandle,
157 mAppName,
158 L"--remote-port",
159 ValueStr
160 );
161 ReturnStatus = EFI_INVALID_PARAMETER;
162 } else {
163 *Mask |= REMOTE_PORT;
164 }
165 }
166
167 //
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
169 //
170 Status = GetNumber (
171 L"--icmp-type",
172 (UINT8) -1,
173 &Selector->LocalPort,
174 sizeof (UINT16),
175 NULL,
176 ParamPackage,
177 FORMAT_NUMBER
178 );
179 if (!EFI_ERROR (Status)) {
180 *Mask |= ICMP_TYPE;
181 }
182
183 if (Status == EFI_INVALID_PARAMETER) {
184 ReturnStatus = EFI_INVALID_PARAMETER;
185 }
186
187 //
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
189 //
190 Status = GetNumber (
191 L"--icmp-code",
192 (UINT8) -1,
193 &Selector->RemotePort,
194 sizeof (UINT16),
195 NULL,
196 ParamPackage,
197 FORMAT_NUMBER
198 );
199 if (!EFI_ERROR (Status)) {
200 *Mask |= ICMP_CODE;
201 }
202
203 if (Status == EFI_INVALID_PARAMETER) {
204 ReturnStatus = EFI_INVALID_PARAMETER;
205 }
206
207 return ReturnStatus;
208 }
209
210 /**
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
212
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
215 @param[in] ParamPackage The pointer to the ParamPackage list.
216 @param[out] Mask The pointer to the Mask.
217 @param[in] CreateNew The switch to create new.
218
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
221
222 **/
223 EFI_STATUS
224 CreateSpdEntry (
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,
226 OUT EFI_IPSEC_SPD_DATA **Data,
227 IN LIST_ENTRY *ParamPackage,
228 OUT UINT32 *Mask,
229 IN BOOLEAN CreateNew
230 )
231 {
232 EFI_STATUS Status;
233 EFI_STATUS ReturnStatus;
234 CONST CHAR16 *ValueStr;
235 UINTN DataSize;
236
237 Status = EFI_SUCCESS;
238 *Mask = 0;
239
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
241 ASSERT (*Selector != NULL);
242
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
245
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
247
248 //
249 // SPD DATA
250 // NOTE: Allocate enough memory and add padding for different arch.
251 //
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
255
256 *Data = AllocateZeroPool (DataSize);
257 ASSERT (*Data != NULL);
258
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
260 (*Data + 1),
261 sizeof (UINTN)
262 );
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
264 ((*Data)->ProcessingPolicy + 1),
265 sizeof (UINTN)
266 );
267
268
269 //
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
271 //
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
273 if (ValueStr != NULL) {
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);
275 *Mask |= NAME;
276 }
277
278 //
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
280 //
281 Status = GetNumber (
282 L"--packet-flag",
283 (UINT8) -1,
284 &(*Data)->PackageFlag,
285 sizeof (UINT32),
286 NULL,
287 ParamPackage,
288 FORMAT_NUMBER
289 );
290 if (!EFI_ERROR (Status)) {
291 *Mask |= PACKET_FLAG;
292 }
293
294 if (Status == EFI_INVALID_PARAMETER) {
295 ReturnStatus = EFI_INVALID_PARAMETER;
296 }
297
298 //
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
300 //
301 Status = GetNumber (
302 L"--action",
303 (UINT8) -1,
304 &(*Data)->Action,
305 sizeof (UINT32),
306 mMapIpSecAction,
307 ParamPackage,
308 FORMAT_STRING
309 );
310 if (!EFI_ERROR (Status)) {
311 *Mask |= ACTION;
312 }
313
314 if (Status == EFI_INVALID_PARAMETER) {
315 ReturnStatus = EFI_INVALID_PARAMETER;
316 }
317
318 //
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
320 //
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
323 *Mask |= EXT_SEQUENCE;
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
326 *Mask |= EXT_SEQUENCE;
327 }
328
329 //
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
331 //
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
334 *Mask |= SEQUENCE_OVERFLOW;
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
337 *Mask |= SEQUENCE_OVERFLOW;
338 }
339
340 //
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
342 //
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;
345 *Mask |= FRAGMENT_CHECK;
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;
348 *Mask |= FRAGMENT_CHECK;
349 }
350
351 //
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
353 //
354 Status = GetNumber (
355 L"--lifebyte",
356 (UINT64) -1,
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
358 sizeof (UINT64),
359 NULL,
360 ParamPackage,
361 FORMAT_NUMBER
362 );
363 if (!EFI_ERROR (Status)) {
364 *Mask |= LIFEBYTE;
365 }
366
367 if (Status == EFI_INVALID_PARAMETER) {
368 ReturnStatus = EFI_INVALID_PARAMETER;
369 }
370
371 Status = GetNumber (
372 L"--lifetime",
373 (UINT64) -1,
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
375 sizeof (UINT64),
376 NULL,
377 ParamPackage,
378 FORMAT_NUMBER
379 );
380 if (!EFI_ERROR (Status)) {
381 *Mask |= LIFETIME;
382 }
383 if (Status == EFI_INVALID_PARAMETER) {
384 ReturnStatus = EFI_INVALID_PARAMETER;
385 }
386
387 Status = GetNumber (
388 L"--lifetime-soft",
389 (UINT64) -1,
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
391 sizeof (UINT64),
392 NULL,
393 ParamPackage,
394 FORMAT_NUMBER
395 );
396 if (!EFI_ERROR (Status)) {
397 *Mask |= LIFETIME_SOFT;
398 }
399
400 if (Status == EFI_INVALID_PARAMETER) {
401 ReturnStatus = EFI_INVALID_PARAMETER;
402 }
403
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
405 Status = GetNumber (
406 L"--mode",
407 0,
408 &(*Data)->ProcessingPolicy->Mode,
409 sizeof (UINT32),
410 mMapIpSecMode,
411 ParamPackage,
412 FORMAT_STRING
413 );
414 if (!EFI_ERROR (Status)) {
415 *Mask |= MODE;
416 }
417
418 if (Status == EFI_INVALID_PARAMETER) {
419 ReturnStatus = EFI_INVALID_PARAMETER;
420 }
421
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
423 if (ValueStr != NULL) {
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
425 if (EFI_ERROR (Status)) {
426 ShellPrintHiiEx (
427 -1,
428 -1,
429 NULL,
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
431 mHiiHandle,
432 mAppName,
433 L"--tunnel-local",
434 ValueStr
435 );
436 ReturnStatus = EFI_INVALID_PARAMETER;
437 } else {
438 *Mask |= TUNNEL_LOCAL;
439 }
440 }
441
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
443 if (ValueStr != NULL) {
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
445 if (EFI_ERROR (Status)) {
446 ShellPrintHiiEx (
447 -1,
448 -1,
449 NULL,
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
451 mHiiHandle,
452 mAppName,
453 L"--tunnel-remote",
454 ValueStr
455 );
456 ReturnStatus = EFI_INVALID_PARAMETER;
457 } else {
458 *Mask |= TUNNEL_REMOTE;
459 }
460 }
461
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
463 Status = GetNumber (
464 L"--dont-fragment",
465 0,
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,
467 sizeof (UINT32),
468 mMapDfOption,
469 ParamPackage,
470 FORMAT_STRING
471 );
472 if (!EFI_ERROR (Status)) {
473 *Mask |= DONT_FRAGMENT;
474 }
475
476 if (Status == EFI_INVALID_PARAMETER) {
477 ReturnStatus = EFI_INVALID_PARAMETER;
478 }
479
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
481 Status = GetNumber (
482 L"--ipsec-proto",
483 0,
484 &(*Data)->ProcessingPolicy->Proto,
485 sizeof (UINT32),
486 mMapIpSecProtocol,
487 ParamPackage,
488 FORMAT_STRING
489 );
490 if (!EFI_ERROR (Status)) {
491 *Mask |= IPSEC_PROTO;
492 }
493
494 if (Status == EFI_INVALID_PARAMETER) {
495 ReturnStatus = EFI_INVALID_PARAMETER;
496 }
497
498 Status = GetNumber (
499 L"--encrypt-algo",
500 0,
501 &(*Data)->ProcessingPolicy->EncAlgoId,
502 sizeof (UINT8),
503 mMapEncAlgo,
504 ParamPackage,
505 FORMAT_STRING
506 );
507 if (!EFI_ERROR (Status)) {
508 *Mask |= ENCRYPT_ALGO;
509 }
510
511 if (Status == EFI_INVALID_PARAMETER) {
512 ReturnStatus = EFI_INVALID_PARAMETER;
513 }
514
515 Status = GetNumber (
516 L"--auth-algo",
517 0,
518 &(*Data)->ProcessingPolicy->AuthAlgoId,
519 sizeof (UINT8),
520 mMapAuthAlgo,
521 ParamPackage,
522 FORMAT_STRING
523 );
524 if (!EFI_ERROR (Status)) {
525 *Mask |= AUTH_ALGO;
526 }
527
528 if (Status == EFI_INVALID_PARAMETER) {
529 ReturnStatus = EFI_INVALID_PARAMETER;
530 }
531
532 //
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
534 //
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;
537 }
538
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
542 if ((*Data)->Action != EfiIPsecActionProtect) {
543 //
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
545 //
546 (*Data)->ProcessingPolicy = NULL;
547 }
548 }
549
550 if (CreateNew) {
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
552 ShellPrintHiiEx (
553 -1,
554 -1,
555 NULL,
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
557 mHiiHandle,
558 mAppName,
559 L"--local --remote --proto --action"
560 );
561 ReturnStatus = EFI_INVALID_PARAMETER;
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
565 ShellPrintHiiEx (
566 -1,
567 -1,
568 NULL,
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
570 mHiiHandle,
571 mAppName,
572 L"--tunnel-local --tunnel-remote"
573 );
574 ReturnStatus = EFI_INVALID_PARAMETER;
575 }
576 }
577
578 return ReturnStatus;
579 }
580
581 /**
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
583
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
586 @param[in] ParamPackage The pointer to the ParamPackage list.
587 @param[out] Mask The pointer to the Mask.
588 @param[in] CreateNew The switch to create new.
589
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
592
593 **/
594 EFI_STATUS
595 CreateSadEntry (
596 OUT EFI_IPSEC_SA_ID **SaId,
597 OUT EFI_IPSEC_SA_DATA2 **Data,
598 IN LIST_ENTRY *ParamPackage,
599 OUT UINT32 *Mask,
600 IN BOOLEAN CreateNew
601 )
602 {
603 EFI_STATUS Status;
604 EFI_STATUS ReturnStatus;
605 UINTN AuthKeyLength;
606 UINTN EncKeyLength;
607 CONST CHAR16 *ValueStr;
608 CHAR8 *AsciiStr;
609 UINTN DataSize;
610
611 Status = EFI_SUCCESS;
612 ReturnStatus = EFI_SUCCESS;
613 *Mask = 0;
614 AuthKeyLength = 0;
615 EncKeyLength = 0;
616
617 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
618 ASSERT (*SaId != NULL);
619
620 //
621 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
622 //
623 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
624 if (!EFI_ERROR (Status)) {
625 *Mask |= SPI;
626 }
627
628 if (Status == EFI_INVALID_PARAMETER) {
629 ReturnStatus = EFI_INVALID_PARAMETER;
630 }
631
632 //
633 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
634 //
635 Status = GetNumber (
636 L"--ipsec-proto",
637 0,
638 &(*SaId)->Proto,
639 sizeof (EFI_IPSEC_PROTOCOL_TYPE),
640 mMapIpSecProtocol,
641 ParamPackage,
642 FORMAT_STRING
643 );
644 if (!EFI_ERROR (Status)) {
645 *Mask |= IPSEC_PROTO;
646 }
647
648 if (Status == EFI_INVALID_PARAMETER) {
649 ReturnStatus = EFI_INVALID_PARAMETER;
650 }
651
652 //
653 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
654 //
655 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
656 if (ValueStr != NULL) {
657 AuthKeyLength = StrLen (ValueStr);
658 }
659
660 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
661 if (ValueStr != NULL) {
662 EncKeyLength = StrLen (ValueStr);
663 }
664
665 //
666 // EFI_IPSEC_SA_DATA2:
667 // +------------
668 // | EFI_IPSEC_SA_DATA2
669 // +-----------------------
670 // | AuthKey
671 // +-------------------------
672 // | EncKey
673 // +-------------------------
674 // | SpdSelector
675 //
676 // Notes: To make sure the address alignment add padding after each data if needed.
677 //
678 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
679 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
680 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
681 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
682 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
683 DataSize += sizeof (EFI_IP_ADDRESS_INFO);
684
685
686
687 *Data = AllocateZeroPool (DataSize);
688 ASSERT (*Data != NULL);
689
690 (*Data)->ManualSet = TRUE;
691 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
692 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
693 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
694 sizeof (UINTN)
695 );
696 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
697 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
698 sizeof (UINTN)
699 );
700 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
701 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
702 sizeof (UINTN));
703 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
704 (*Data)->SpdSelector->LocalAddress + 1,
705 sizeof (UINTN)
706 );
707
708 (*Data)->Mode = EfiIPsecTransport;
709 Status = GetNumber (
710 L"--mode",
711 0,
712 &(*Data)->Mode,
713 sizeof (EFI_IPSEC_MODE),
714 mMapIpSecMode,
715 ParamPackage,
716 FORMAT_STRING
717 );
718 if (!EFI_ERROR (Status)) {
719 *Mask |= MODE;
720 }
721
722 if (Status == EFI_INVALID_PARAMETER) {
723 ReturnStatus = EFI_INVALID_PARAMETER;
724 }
725
726 //
727 // According to RFC 4303-3.3.3. The first packet sent using a given SA
728 // will contain a sequence number of 1.
729 //
730 (*Data)->SNCount = 1;
731 Status = GetNumber (
732 L"--sequence-number",
733 (UINT64) -1,
734 &(*Data)->SNCount,
735 sizeof (UINT64),
736 NULL,
737 ParamPackage,
738 FORMAT_NUMBER
739 );
740 if (!EFI_ERROR (Status)) {
741 *Mask |= SEQUENCE_NUMBER;
742 }
743
744 if (Status == EFI_INVALID_PARAMETER) {
745 ReturnStatus = EFI_INVALID_PARAMETER;
746 }
747
748 (*Data)->AntiReplayWindows = 0;
749 Status = GetNumber (
750 L"--antireplay-window",
751 (UINT8) -1,
752 &(*Data)->AntiReplayWindows,
753 sizeof (UINT8),
754 NULL,
755 ParamPackage,
756 FORMAT_NUMBER
757 );
758 if (!EFI_ERROR (Status)) {
759 *Mask |= SEQUENCE_NUMBER;
760 }
761
762 if (Status == EFI_INVALID_PARAMETER) {
763 ReturnStatus = EFI_INVALID_PARAMETER;
764 }
765
766 Status = GetNumber (
767 L"--encrypt-algo",
768 0,
769 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
770 sizeof (UINT8),
771 mMapEncAlgo,
772 ParamPackage,
773 FORMAT_STRING
774 );
775 if (!EFI_ERROR (Status)) {
776 *Mask |= ENCRYPT_ALGO;
777 }
778
779 if (Status == EFI_INVALID_PARAMETER) {
780 ReturnStatus = EFI_INVALID_PARAMETER;
781 }
782
783 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
784 if (ValueStr != NULL ) {
785 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
786 AsciiStr = AllocateZeroPool (EncKeyLength + 1);
787 ASSERT (AsciiStr != NULL);
788 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
789 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
790 FreePool (AsciiStr);
791 *Mask |= ENCRYPT_KEY;
792 } else {
793 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
794 }
795
796 Status = GetNumber (
797 L"--auth-algo",
798 0,
799 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
800 sizeof (UINT8),
801 mMapAuthAlgo,
802 ParamPackage,
803 FORMAT_STRING
804 );
805 if (!EFI_ERROR (Status)) {
806 *Mask |= AUTH_ALGO;
807 }
808
809 if (Status == EFI_INVALID_PARAMETER) {
810 ReturnStatus = EFI_INVALID_PARAMETER;
811 }
812
813 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
814 if (ValueStr != NULL) {
815 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
816 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
817 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
818 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
819 FreePool (AsciiStr);
820 *Mask |= AUTH_KEY;
821 } else {
822 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
823 }
824
825 Status = GetNumber (
826 L"--lifebyte",
827 (UINT64) -1,
828 &(*Data)->SaLifetime.ByteCount,
829 sizeof (UINT64),
830 NULL,
831 ParamPackage,
832 FORMAT_NUMBER
833 );
834 if (!EFI_ERROR (Status)) {
835 *Mask |= LIFEBYTE;
836 }
837
838 if (Status == EFI_INVALID_PARAMETER) {
839 ReturnStatus = EFI_INVALID_PARAMETER;
840 }
841
842 Status = GetNumber (
843 L"--lifetime",
844 (UINT64) -1,
845 &(*Data)->SaLifetime.HardLifetime,
846 sizeof (UINT64),
847 NULL,
848 ParamPackage,
849 FORMAT_NUMBER
850 );
851 if (!EFI_ERROR (Status)) {
852 *Mask |= LIFETIME;
853 }
854
855 if (Status == EFI_INVALID_PARAMETER) {
856 ReturnStatus = EFI_INVALID_PARAMETER;
857 }
858
859 Status = GetNumber (
860 L"--lifetime-soft",
861 (UINT64) -1,
862 &(*Data)->SaLifetime.SoftLifetime,
863 sizeof (UINT64),
864 NULL,
865 ParamPackage,
866 FORMAT_NUMBER
867 );
868 if (!EFI_ERROR (Status)) {
869 *Mask |= LIFETIME_SOFT;
870 }
871
872 if (Status == EFI_INVALID_PARAMETER) {
873 ReturnStatus = EFI_INVALID_PARAMETER;
874 }
875
876 Status = GetNumber (
877 L"--path-mtu",
878 (UINT32) -1,
879 &(*Data)->PathMTU,
880 sizeof (UINT32),
881 NULL,
882 ParamPackage,
883 FORMAT_NUMBER
884 );
885 if (!EFI_ERROR (Status)) {
886 *Mask |= PATH_MTU;
887 }
888
889 if (Status == EFI_INVALID_PARAMETER) {
890 ReturnStatus = EFI_INVALID_PARAMETER;
891 }
892
893 //
894 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
895 //
896 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
897 if (ValueStr != NULL) {
898 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
899 if (EFI_ERROR (Status)) {
900 ShellPrintHiiEx (
901 -1,
902 -1,
903 NULL,
904 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
905 mHiiHandle,
906 mAppName,
907 L"--tunnel-dest",
908 ValueStr
909 );
910 ReturnStatus = EFI_INVALID_PARAMETER;
911 } else {
912 *Mask |= DEST;
913 }
914 }
915
916 //
917 // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
918 //
919 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
920 if (ValueStr != NULL) {
921 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
922 if (EFI_ERROR (Status)) {
923 ShellPrintHiiEx (
924 -1,
925 -1,
926 NULL,
927 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
928 mHiiHandle,
929 mAppName,
930 L"--tunnel-source",
931 ValueStr
932 );
933 ReturnStatus = EFI_INVALID_PARAMETER;
934 } else {
935 *Mask |= SOURCE;
936 }
937 }
938
939 //
940 // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
941 //
942 if ((*Data)->Mode == EfiIPsecTunnel) {
943 if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
944 ShellPrintHiiEx (
945 -1,
946 -1,
947 NULL,
948 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
949 mHiiHandle,
950 mAppName,
951 L"--tunnel-source --tunnel-dest"
952 );
953 ReturnStatus = EFI_INVALID_PARAMETER;
954 }
955 }
956 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
957
958 if (CreateNew) {
959 if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
960 ShellPrintHiiEx (
961 -1,
962 -1,
963 NULL,
964 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
965 mHiiHandle,
966 mAppName,
967 L"--spi --ipsec-proto --local --remote"
968 );
969 ReturnStatus = EFI_INVALID_PARAMETER;
970 } else {
971 if ((*SaId)->Proto == EfiIPsecAH) {
972 if ((*Mask & AUTH_ALGO) == 0) {
973 ShellPrintHiiEx (
974 -1,
975 -1,
976 NULL,
977 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
978 mHiiHandle,
979 mAppName,
980 L"--auth-algo"
981 );
982 ReturnStatus = EFI_INVALID_PARAMETER;
983 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
984 ShellPrintHiiEx (
985 -1,
986 -1,
987 NULL,
988 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
989 mHiiHandle,
990 mAppName,
991 L"--auth-key"
992 );
993 ReturnStatus = EFI_INVALID_PARAMETER;
994 }
995 } else {
996 if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
997 ShellPrintHiiEx (
998 -1,
999 -1,
1000 NULL,
1001 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1002 mHiiHandle,
1003 mAppName,
1004 L"--encrypt-algo --auth-algo"
1005 );
1006 ReturnStatus = EFI_INVALID_PARAMETER;
1007 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
1008 ShellPrintHiiEx (
1009 -1,
1010 -1,
1011 NULL,
1012 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1013 mHiiHandle,
1014 mAppName,
1015 L"--encrypt-key"
1016 );
1017 ReturnStatus = EFI_INVALID_PARAMETER;
1018 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
1019 ShellPrintHiiEx (
1020 -1,
1021 -1,
1022 NULL,
1023 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1024 mHiiHandle,
1025 mAppName,
1026 L"--auth-key"
1027 );
1028 ReturnStatus = EFI_INVALID_PARAMETER;
1029 }
1030 }
1031 }
1032 }
1033
1034 return ReturnStatus;
1035 }
1036
1037 /**
1038 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
1039
1040 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
1041 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
1042 @param[in] ParamPackage The pointer to the ParamPackage list.
1043 @param[out] Mask The pointer to the Mask.
1044 @param[in] CreateNew The switch to create new.
1045
1046 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
1047 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1048
1049 **/
1050 EFI_STATUS
1051 CreatePadEntry (
1052 OUT EFI_IPSEC_PAD_ID **PadId,
1053 OUT EFI_IPSEC_PAD_DATA **Data,
1054 IN LIST_ENTRY *ParamPackage,
1055 OUT UINT32 *Mask,
1056 IN BOOLEAN CreateNew
1057 )
1058 {
1059 EFI_STATUS Status;
1060 EFI_STATUS ReturnStatus;
1061 SHELL_FILE_HANDLE FileHandle;
1062 UINT64 FileSize;
1063 UINTN AuthDataLength;
1064 UINTN RevocationDataLength;
1065 UINTN DataLength;
1066 UINTN Index;
1067 CONST CHAR16 *ValueStr;
1068 UINTN DataSize;
1069
1070 Status = EFI_SUCCESS;
1071 ReturnStatus = EFI_SUCCESS;
1072 *Mask = 0;
1073 AuthDataLength = 0;
1074 RevocationDataLength = 0;
1075
1076 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
1077 ASSERT (*PadId != NULL);
1078
1079 //
1080 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
1081 //
1082 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
1083 if (ValueStr != NULL) {
1084 (*PadId)->PeerIdValid = FALSE;
1085 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
1086 if (EFI_ERROR (Status)) {
1087 ShellPrintHiiEx (
1088 -1,
1089 -1,
1090 NULL,
1091 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
1092 mHiiHandle,
1093 mAppName,
1094 L"--peer-address",
1095 ValueStr
1096 );
1097 ReturnStatus = EFI_INVALID_PARAMETER;
1098 } else {
1099 *Mask |= PEER_ADDRESS;
1100 }
1101 }
1102
1103 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
1104 if (ValueStr != NULL) {
1105 (*PadId)->PeerIdValid = TRUE;
1106 StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);
1107 *Mask |= PEER_ID;
1108 }
1109
1110 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1111 if (ValueStr != NULL) {
1112 if (ValueStr[0] == L'@') {
1113 //
1114 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1115 //
1116 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1117 if (EFI_ERROR (Status)) {
1118 ShellPrintHiiEx (
1119 -1,
1120 -1,
1121 NULL,
1122 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1123 mHiiHandle,
1124 mAppName,
1125 &ValueStr[1]
1126 );
1127 ReturnStatus = EFI_INVALID_PARAMETER;
1128 } else {
1129 Status = ShellGetFileSize (FileHandle, &FileSize);
1130 ShellCloseFile (&FileHandle);
1131 if (EFI_ERROR (Status)) {
1132 ShellPrintHiiEx (
1133 -1,
1134 -1,
1135 NULL,
1136 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1137 mHiiHandle,
1138 mAppName,
1139 &ValueStr[1]
1140 );
1141 ReturnStatus = EFI_INVALID_PARAMETER;
1142 } else {
1143 AuthDataLength = (UINTN) FileSize;
1144 }
1145 }
1146 } else {
1147 AuthDataLength = StrLen (ValueStr);
1148 }
1149 }
1150
1151 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1152 if (ValueStr != NULL) {
1153 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
1154 }
1155
1156 //
1157 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
1158 // in different Arch.
1159 //
1160 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
1161 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
1162 DataSize += RevocationDataLength;
1163
1164 *Data = AllocateZeroPool (DataSize);
1165 ASSERT (*Data != NULL);
1166
1167 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
1168 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
1169 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
1170
1171 //
1172 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
1173 //
1174 Status = GetNumber (
1175 L"--auth-proto",
1176 0,
1177 &(*Data)->AuthProtocol,
1178 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
1179 mMapAuthProto,
1180 ParamPackage,
1181 FORMAT_STRING
1182 );
1183 if (!EFI_ERROR (Status)) {
1184 *Mask |= AUTH_PROTO;
1185 }
1186
1187 if (Status == EFI_INVALID_PARAMETER) {
1188 ReturnStatus = EFI_INVALID_PARAMETER;
1189 }
1190
1191 Status = GetNumber (
1192 L"--auth-method",
1193 0,
1194 &(*Data)->AuthMethod,
1195 sizeof (EFI_IPSEC_AUTH_METHOD),
1196 mMapAuthMethod,
1197 ParamPackage,
1198 FORMAT_STRING
1199 );
1200 if (!EFI_ERROR (Status)) {
1201 *Mask |= AUTH_METHOD;
1202 }
1203
1204 if (Status == EFI_INVALID_PARAMETER) {
1205 ReturnStatus = EFI_INVALID_PARAMETER;
1206 }
1207
1208 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
1209 (*Data)->IkeIdFlag = TRUE;
1210 *Mask |= IKE_ID;
1211 }
1212
1213 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
1214 (*Data)->IkeIdFlag = FALSE;
1215 *Mask |= IKE_ID;
1216 }
1217
1218 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1219 if (ValueStr != NULL) {
1220 if (ValueStr[0] == L'@') {
1221 //
1222 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1223 //
1224
1225 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1226 if (EFI_ERROR (Status)) {
1227 ShellPrintHiiEx (
1228 -1,
1229 -1,
1230 NULL,
1231 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1232 mHiiHandle,
1233 mAppName,
1234 &ValueStr[1]
1235 );
1236 ReturnStatus = EFI_INVALID_PARAMETER;
1237 (*Data)->AuthData = NULL;
1238 } else {
1239 DataLength = AuthDataLength;
1240 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
1241 ShellCloseFile (&FileHandle);
1242 if (EFI_ERROR (Status)) {
1243 ShellPrintHiiEx (
1244 -1,
1245 -1,
1246 NULL,
1247 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1248 mHiiHandle,
1249 mAppName,
1250 &ValueStr[1]
1251 );
1252 ReturnStatus = EFI_INVALID_PARAMETER;
1253 (*Data)->AuthData = NULL;
1254 } else {
1255 ASSERT (DataLength == AuthDataLength);
1256 *Mask |= AUTH_DATA;
1257 }
1258 }
1259 } else {
1260 for (Index = 0; Index < AuthDataLength; Index++) {
1261 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
1262 }
1263 (*Data)->AuthDataSize = AuthDataLength;
1264 *Mask |= AUTH_DATA;
1265 }
1266 }
1267
1268 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1269 if (ValueStr != NULL) {
1270 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
1271 (*Data)->RevocationDataSize = RevocationDataLength;
1272 *Mask |= REVOCATION_DATA;
1273 } else {
1274 (*Data)->RevocationData = NULL;
1275 }
1276
1277 if (CreateNew) {
1278 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1279 ShellPrintHiiEx (
1280 -1,
1281 -1,
1282 NULL,
1283 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1284 mHiiHandle,
1285 mAppName,
1286 L"--peer-id --peer-address"
1287 );
1288 ReturnStatus = EFI_INVALID_PARAMETER;
1289 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
1290 ShellPrintHiiEx (
1291 -1,
1292 -1,
1293 NULL,
1294 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1295 mHiiHandle,
1296 mAppName,
1297 L"--auth-method --auth-data"
1298 );
1299 ReturnStatus = EFI_INVALID_PARAMETER;
1300 }
1301 }
1302
1303 return ReturnStatus;
1304 }
1305
1306 CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
1307 (CREATE_POLICY_ENTRY) CreateSpdEntry,
1308 (CREATE_POLICY_ENTRY) CreateSadEntry,
1309 (CREATE_POLICY_ENTRY) CreatePadEntry
1310 };
1311
1312 /**
1313 Combine old SPD entry with new SPD entry.
1314
1315 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1316 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
1317 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1318 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
1319 @param[in] Mask The pointer to the Mask.
1320 @param[out] CreateNew The switch to create new.
1321
1322 @retval EFI_SUCCESS Combined successfully.
1323 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1324
1325 **/
1326 EFI_STATUS
1327 CombineSpdEntry (
1328 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
1329 IN OUT EFI_IPSEC_SPD_DATA *OldData,
1330 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
1331 IN EFI_IPSEC_SPD_DATA *NewData,
1332 IN UINT32 Mask,
1333 OUT BOOLEAN *CreateNew
1334 )
1335 {
1336
1337 //
1338 // Process Selector
1339 //
1340 *CreateNew = FALSE;
1341 if ((Mask & LOCAL) == 0) {
1342 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
1343 NewSelector->LocalAddress = OldSelector->LocalAddress;
1344 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
1345 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1346 *CreateNew = TRUE;
1347 }
1348
1349 if ((Mask & REMOTE) == 0) {
1350 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
1351 NewSelector->RemoteAddress = OldSelector->RemoteAddress;
1352 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
1353 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1354 *CreateNew = TRUE;
1355 }
1356
1357 if ((Mask & PROTO) == 0) {
1358 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
1359 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
1360 *CreateNew = TRUE;
1361 }
1362
1363 switch (NewSelector->NextLayerProtocol) {
1364 case EFI_IP4_PROTO_TCP:
1365 case EFI_IP4_PROTO_UDP:
1366 if ((Mask & LOCAL_PORT) == 0) {
1367 NewSelector->LocalPort = OldSelector->LocalPort;
1368 NewSelector->LocalPortRange = OldSelector->LocalPortRange;
1369 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
1370 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
1371 *CreateNew = TRUE;
1372 }
1373
1374 if ((Mask & REMOTE_PORT) == 0) {
1375 NewSelector->RemotePort = OldSelector->RemotePort;
1376 NewSelector->RemotePortRange = OldSelector->RemotePortRange;
1377 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
1378 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
1379 *CreateNew = TRUE;
1380 }
1381 break;
1382
1383 case EFI_IP4_PROTO_ICMP:
1384 if ((Mask & ICMP_TYPE) == 0) {
1385 NewSelector->LocalPort = OldSelector->LocalPort;
1386 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
1387 *CreateNew = TRUE;
1388 }
1389
1390 if ((Mask & ICMP_CODE) == 0) {
1391 NewSelector->RemotePort = OldSelector->RemotePort;
1392 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
1393 *CreateNew = TRUE;
1394 }
1395 break;
1396 }
1397 //
1398 // Process Data
1399 //
1400 if ((Mask & NAME) != 0) {
1401 AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);
1402 }
1403
1404 if ((Mask & PACKET_FLAG) != 0) {
1405 OldData->PackageFlag = NewData->PackageFlag;
1406 }
1407
1408 if ((Mask & ACTION) != 0) {
1409 OldData->Action = NewData->Action;
1410 }
1411
1412 if (OldData->Action != EfiIPsecActionProtect) {
1413 OldData->ProcessingPolicy = NULL;
1414 } else {
1415 //
1416 // Protect
1417 //
1418 if (OldData->ProcessingPolicy == NULL) {
1419 //
1420 // Just point to new data if originally NULL.
1421 //
1422 OldData->ProcessingPolicy = NewData->ProcessingPolicy;
1423 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
1424 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
1425 ) {
1426 //
1427 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
1428 //
1429 ShellPrintHiiEx (
1430 -1,
1431 -1,
1432 NULL,
1433 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1434 mHiiHandle,
1435 mAppName,
1436 L"--tunnel-local --tunnel-remote"
1437 );
1438 return EFI_INVALID_PARAMETER;
1439 }
1440 } else {
1441 //
1442 // Modify some of the data.
1443 //
1444 if ((Mask & EXT_SEQUENCE) != 0) {
1445 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
1446 }
1447
1448 if ((Mask & SEQUENCE_OVERFLOW) != 0) {
1449 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
1450 }
1451
1452 if ((Mask & FRAGMENT_CHECK) != 0) {
1453 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
1454 }
1455
1456 if ((Mask & LIFEBYTE) != 0) {
1457 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
1458 }
1459
1460 if ((Mask & LIFETIME_SOFT) != 0) {
1461 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
1462 }
1463
1464 if ((Mask & LIFETIME) != 0) {
1465 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
1466 }
1467
1468 if ((Mask & MODE) != 0) {
1469 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
1470 }
1471
1472 if ((Mask & IPSEC_PROTO) != 0) {
1473 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
1474 }
1475
1476 if ((Mask & AUTH_ALGO) != 0) {
1477 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
1478 }
1479
1480 if ((Mask & ENCRYPT_ALGO) != 0) {
1481 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
1482 }
1483
1484 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
1485 OldData->ProcessingPolicy->TunnelOption = NULL;
1486 } else {
1487 if (OldData->ProcessingPolicy->TunnelOption == NULL) {
1488 //
1489 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
1490 //
1491 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
1492 ShellPrintHiiEx (
1493 -1,
1494 -1,
1495 NULL,
1496 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1497 mHiiHandle,
1498 mAppName,
1499 L"--tunnel-local --tunnel-remote"
1500 );
1501 return EFI_INVALID_PARAMETER;
1502 }
1503
1504 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
1505 } else {
1506 if ((Mask & TUNNEL_LOCAL) != 0) {
1507 CopyMem (
1508 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1509 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1510 sizeof (EFI_IP_ADDRESS)
1511 );
1512 }
1513
1514 if ((Mask & TUNNEL_REMOTE) != 0) {
1515 CopyMem (
1516 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1517 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1518 sizeof (EFI_IP_ADDRESS)
1519 );
1520 }
1521
1522 if ((Mask & DONT_FRAGMENT) != 0) {
1523 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
1524 }
1525 }
1526 }
1527 }
1528 }
1529
1530 return EFI_SUCCESS;
1531 }
1532
1533 /**
1534 Combine old SAD entry with new SAD entry.
1535
1536 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
1537 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1538 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
1539 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1540 @param[in] Mask The pointer to the Mask.
1541 @param[out] CreateNew The switch to create new.
1542
1543 @retval EFI_SUCCESS Combined successfully.
1544 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1545
1546 **/
1547 EFI_STATUS
1548 CombineSadEntry (
1549 IN OUT EFI_IPSEC_SA_ID *OldSaId,
1550 IN OUT EFI_IPSEC_SA_DATA2 *OldData,
1551 IN EFI_IPSEC_SA_ID *NewSaId,
1552 IN EFI_IPSEC_SA_DATA2 *NewData,
1553 IN UINT32 Mask,
1554 OUT BOOLEAN *CreateNew
1555 )
1556 {
1557
1558 *CreateNew = FALSE;
1559
1560 if ((Mask & SPI) == 0) {
1561 NewSaId->Spi = OldSaId->Spi;
1562 } else if (NewSaId->Spi != OldSaId->Spi) {
1563 *CreateNew = TRUE;
1564 }
1565
1566 if ((Mask & IPSEC_PROTO) == 0) {
1567 NewSaId->Proto = OldSaId->Proto;
1568 } else if (NewSaId->Proto != OldSaId->Proto) {
1569 *CreateNew = TRUE;
1570 }
1571
1572 if ((Mask & DEST) == 0) {
1573 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
1574 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1575 *CreateNew = TRUE;
1576 }
1577
1578 if ((Mask & SOURCE) == 0) {
1579 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
1580 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1581 *CreateNew = TRUE;
1582 }
1583 //
1584 // Process SA_DATA.
1585 //
1586 if ((Mask & MODE) != 0) {
1587 OldData->Mode = NewData->Mode;
1588 }
1589
1590 if ((Mask & SEQUENCE_NUMBER) != 0) {
1591 OldData->SNCount = NewData->SNCount;
1592 }
1593
1594 if ((Mask & ANTIREPLAY_WINDOW) != 0) {
1595 OldData->AntiReplayWindows = NewData->AntiReplayWindows;
1596 }
1597
1598 if ((Mask & AUTH_ALGO) != 0) {
1599 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
1600 }
1601
1602 if ((Mask & AUTH_KEY) != 0) {
1603 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
1604 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
1605 }
1606
1607 if ((Mask & ENCRYPT_ALGO) != 0) {
1608 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
1609 }
1610
1611 if ((Mask & ENCRYPT_KEY) != 0) {
1612 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
1613 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
1614 }
1615
1616 if (NewSaId->Proto == EfiIPsecAH) {
1617 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
1618 //
1619 // Should not provide encrypt_* if AH.
1620 //
1621 ShellPrintHiiEx (
1622 -1,
1623 -1,
1624 NULL,
1625 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
1626 mHiiHandle,
1627 mAppName,
1628 L"--encrypt-algo --encrypt-key"
1629 );
1630 return EFI_INVALID_PARAMETER;
1631 }
1632 }
1633
1634 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
1635 //
1636 // AH -> ESP
1637 // Should provide encrypt_algo at least.
1638 //
1639 if ((Mask & ENCRYPT_ALGO) == 0) {
1640 ShellPrintHiiEx (
1641 -1,
1642 -1,
1643 NULL,
1644 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1645 mHiiHandle,
1646 mAppName,
1647 L"--encrypt-algo"
1648 );
1649 return EFI_INVALID_PARAMETER;
1650 }
1651
1652 //
1653 // Encrypt_key should be provided if algorithm is not NONE.
1654 //
1655 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
1656 ShellPrintHiiEx (
1657 -1,
1658 -1,
1659 NULL,
1660 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1661 mHiiHandle,
1662 mAppName,
1663 L"--encrypt-algo"
1664 );
1665 return EFI_INVALID_PARAMETER;
1666 }
1667 }
1668
1669 if ((Mask & LIFEBYTE) != 0) {
1670 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
1671 }
1672
1673 if ((Mask & LIFETIME_SOFT) != 0) {
1674 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
1675 }
1676
1677 if ((Mask & LIFETIME) != 0) {
1678 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
1679 }
1680
1681 if ((Mask & PATH_MTU) != 0) {
1682 OldData->PathMTU = NewData->PathMTU;
1683 }
1684 //
1685 // Process SpdSelector.
1686 //
1687 if (OldData->SpdSelector == NULL) {
1688 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
1689 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
1690 ShellPrintHiiEx (
1691 -1,
1692 -1,
1693 NULL,
1694 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1695 mHiiHandle,
1696 mAppName,
1697 L"--local --remote --proto"
1698 );
1699 return EFI_INVALID_PARAMETER;
1700 }
1701
1702 OldData->SpdSelector = NewData->SpdSelector;
1703 }
1704 } else {
1705 if ((Mask & LOCAL) != 0) {
1706 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
1707 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
1708 }
1709
1710 if ((Mask & REMOTE) != 0) {
1711 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
1712 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
1713 }
1714
1715 if ((Mask & PROTO) != 0) {
1716 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
1717 }
1718
1719 if (OldData->SpdSelector != NULL) {
1720 switch (OldData->SpdSelector->NextLayerProtocol) {
1721 case EFI_IP4_PROTO_TCP:
1722 case EFI_IP4_PROTO_UDP:
1723 if ((Mask & LOCAL_PORT) != 0) {
1724 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
1725 }
1726
1727 if ((Mask & REMOTE_PORT) != 0) {
1728 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
1729 }
1730 break;
1731
1732 case EFI_IP4_PROTO_ICMP:
1733 if ((Mask & ICMP_TYPE) != 0) {
1734 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
1735 }
1736
1737 if ((Mask & ICMP_CODE) != 0) {
1738 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
1739 }
1740 break;
1741 }
1742 }
1743 }
1744
1745 return EFI_SUCCESS;
1746 }
1747
1748 /**
1749 Combine old PAD entry with new PAD entry.
1750
1751 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1752 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
1753 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1754 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
1755 @param[in] Mask The pointer to the Mask.
1756 @param[out] CreateNew The switch to create new.
1757
1758 @retval EFI_SUCCESS Combined successfully.
1759 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1760
1761 **/
1762 EFI_STATUS
1763 CombinePadEntry (
1764 IN OUT EFI_IPSEC_PAD_ID *OldPadId,
1765 IN OUT EFI_IPSEC_PAD_DATA *OldData,
1766 IN EFI_IPSEC_PAD_ID *NewPadId,
1767 IN EFI_IPSEC_PAD_DATA *NewData,
1768 IN UINT32 Mask,
1769 OUT BOOLEAN *CreateNew
1770 )
1771 {
1772
1773 *CreateNew = FALSE;
1774
1775 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1776 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
1777 } else {
1778 if ((Mask & PEER_ID) != 0) {
1779 if (OldPadId->PeerIdValid) {
1780 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
1781 *CreateNew = TRUE;
1782 }
1783 } else {
1784 *CreateNew = TRUE;
1785 }
1786 } else {
1787 //
1788 // MASK & PEER_ADDRESS
1789 //
1790 if (OldPadId->PeerIdValid) {
1791 *CreateNew = TRUE;
1792 } else {
1793 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
1794 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
1795 *CreateNew = TRUE;
1796 }
1797 }
1798 }
1799 }
1800
1801 if ((Mask & AUTH_PROTO) != 0) {
1802 OldData->AuthProtocol = NewData->AuthProtocol;
1803 }
1804
1805 if ((Mask & AUTH_METHOD) != 0) {
1806 OldData->AuthMethod = NewData->AuthMethod;
1807 }
1808
1809 if ((Mask & IKE_ID) != 0) {
1810 OldData->IkeIdFlag = NewData->IkeIdFlag;
1811 }
1812
1813 if ((Mask & AUTH_DATA) != 0) {
1814 OldData->AuthDataSize = NewData->AuthDataSize;
1815 OldData->AuthData = NewData->AuthData;
1816 }
1817
1818 if ((Mask & REVOCATION_DATA) != 0) {
1819 OldData->RevocationDataSize = NewData->RevocationDataSize;
1820 OldData->RevocationData = NewData->RevocationData;
1821 }
1822
1823 return EFI_SUCCESS;
1824 }
1825
1826 COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
1827 (COMBINE_POLICY_ENTRY) CombineSpdEntry,
1828 (COMBINE_POLICY_ENTRY) CombineSadEntry,
1829 (COMBINE_POLICY_ENTRY) CombinePadEntry
1830 };
1831
1832 /**
1833 Edit entry information in the database.
1834
1835 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1836 @param[in] Data The pointer to the data.
1837 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1838
1839 @retval EFI_SUCCESS Continue the iteration.
1840 @retval EFI_ABORTED Abort the iteration.
1841 **/
1842 EFI_STATUS
1843 EditOperatePolicyEntry (
1844 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1845 IN VOID *Data,
1846 IN EDIT_POLICY_ENTRY_CONTEXT *Context
1847 )
1848 {
1849 EFI_STATUS Status;
1850 BOOLEAN CreateNew;
1851
1852 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1853 ASSERT (Context->DataType < 3);
1854
1855 Status = mCombinePolicyEntry[Context->DataType] (
1856 Selector,
1857 Data,
1858 Context->Selector,
1859 Context->Data,
1860 Context->Mask,
1861 &CreateNew
1862 );
1863 if (!EFI_ERROR (Status)) {
1864 if (CreateNew) {
1865 //
1866 // Insert new entry before old entry
1867 //
1868 Status = mIpSecConfig->SetData (
1869 mIpSecConfig,
1870 Context->DataType,
1871 Context->Selector,
1872 Data,
1873 Selector
1874 );
1875 ASSERT_EFI_ERROR (Status);
1876 //
1877 // Delete old entry
1878 //
1879 Status = mIpSecConfig->SetData (
1880 mIpSecConfig,
1881 Context->DataType,
1882 Selector,
1883 NULL,
1884 NULL
1885 );
1886 ASSERT_EFI_ERROR (Status);
1887 } else {
1888 Status = mIpSecConfig->SetData (
1889 mIpSecConfig,
1890 Context->DataType,
1891 Context->Selector,
1892 Data,
1893 NULL
1894 );
1895 }
1896 }
1897
1898 Context->Status = Status;
1899 return EFI_ABORTED;
1900 }
1901
1902 return EFI_SUCCESS;
1903 }
1904
1905 /**
1906 Edit entry information in database according to datatype.
1907
1908 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1909 @param[in] ParamPackage The pointer to the ParamPackage list.
1910
1911 @retval EFI_SUCCESS Edit entry information successfully.
1912 @retval EFI_NOT_FOUND Can't find the specified entry.
1913 @retval Others Some mistaken case.
1914 **/
1915 EFI_STATUS
1916 EditPolicyEntry (
1917 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1918 IN LIST_ENTRY *ParamPackage
1919 )
1920 {
1921 EFI_STATUS Status;
1922 EDIT_POLICY_ENTRY_CONTEXT Context;
1923 CONST CHAR16 *ValueStr;
1924
1925 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
1926 if (ValueStr == NULL) {
1927 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1928 return EFI_NOT_FOUND;
1929 }
1930
1931 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1932 if (!EFI_ERROR (Status)) {
1933 Context.DataType = DataType;
1934 Context.Status = EFI_NOT_FOUND;
1935 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
1936 if (!EFI_ERROR (Status)) {
1937 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
1938 Status = Context.Status;
1939 }
1940
1941 if (Context.Selector != NULL) {
1942 gBS->FreePool (Context.Selector);
1943 }
1944
1945 if (Context.Data != NULL) {
1946 gBS->FreePool (Context.Data);
1947 }
1948 }
1949
1950 if (Status == EFI_NOT_FOUND) {
1951 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
1952 } else if (EFI_ERROR (Status)) {
1953 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
1954 }
1955
1956 return Status;
1957
1958 }
1959
1960 /**
1961 Insert entry information in database.
1962
1963 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1964 @param[in] Data The pointer to the data.
1965 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1966
1967 @retval EFI_SUCCESS Continue the iteration.
1968 @retval EFI_ABORTED Abort the iteration.
1969 **/
1970 EFI_STATUS
1971 InsertPolicyEntry (
1972 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1973 IN VOID *Data,
1974 IN INSERT_POLICY_ENTRY_CONTEXT *Context
1975 )
1976 {
1977 //
1978 // Found the entry which we want to insert before.
1979 //
1980 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1981
1982 Context->Status = mIpSecConfig->SetData (
1983 mIpSecConfig,
1984 Context->DataType,
1985 Context->Selector,
1986 Context->Data,
1987 Selector
1988 );
1989 //
1990 // Abort the iteration after the insertion.
1991 //
1992 return EFI_ABORTED;
1993 }
1994
1995 return EFI_SUCCESS;
1996 }
1997
1998 /**
1999 Insert or add entry information in database according to datatype.
2000
2001 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
2002 @param[in] ParamPackage The pointer to the ParamPackage list.
2003
2004 @retval EFI_SUCCESS Insert or add entry information successfully.
2005 @retval EFI_NOT_FOUND Can't find the specified entry.
2006 @retval EFI_BUFFER_TOO_SMALL The entry already existed.
2007 @retval EFI_UNSUPPORTED The operation is not supported.
2008 @retval Others Some mistaken case.
2009 **/
2010 EFI_STATUS
2011 AddOrInsertPolicyEntry (
2012 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
2013 IN LIST_ENTRY *ParamPackage
2014 )
2015 {
2016 EFI_STATUS Status;
2017 EFI_IPSEC_CONFIG_SELECTOR *Selector;
2018 VOID *Data;
2019 INSERT_POLICY_ENTRY_CONTEXT Context;
2020 UINT32 Mask;
2021 UINTN DataSize;
2022 CONST CHAR16 *ValueStr;
2023
2024 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
2025 if (!EFI_ERROR (Status)) {
2026 //
2027 // Find if the Selector to be inserted already exists.
2028 //
2029 DataSize = 0;
2030 Status = mIpSecConfig->GetData (
2031 mIpSecConfig,
2032 DataType,
2033 Selector,
2034 &DataSize,
2035 NULL
2036 );
2037 if (Status == EFI_BUFFER_TOO_SMALL) {
2038 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
2039 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
2040 Status = mIpSecConfig->SetData (
2041 mIpSecConfig,
2042 DataType,
2043 Selector,
2044 Data,
2045 NULL
2046 );
2047 } else {
2048 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
2049 if (ValueStr == NULL) {
2050 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
2051 return EFI_NOT_FOUND;
2052 }
2053
2054 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
2055 if (!EFI_ERROR (Status)) {
2056 Context.DataType = DataType;
2057 Context.Status = EFI_NOT_FOUND;
2058 Context.Selector = Selector;
2059 Context.Data = Data;
2060
2061 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
2062 Status = Context.Status;
2063 if (Status == EFI_NOT_FOUND) {
2064 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
2065 }
2066 }
2067 }
2068
2069 gBS->FreePool (Selector);
2070 gBS->FreePool (Data);
2071 }
2072
2073 if (Status == EFI_UNSUPPORTED) {
2074 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
2075 } else if (EFI_ERROR (Status)) {
2076 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
2077 }
2078
2079 return Status;
2080 }