]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
projects / mirror_edk2.git / blob
? search:


67209f6247f660df39d952266d251d95413ca06c
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
1 /** @file
2 The implementation of policy entry operation function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 #include "Helper.h"
20 #include "ForEach.h"
21 #include "PolicyEntryOperation.h"
22
23 /**
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
25
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
27 @param[in] ParamPackage The pointer to the ParamPackage list.
28 @param[in, out] Mask The pointer to the Mask.
29
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
32
33 **/
34 EFI_STATUS
35 CreateSpdSelector (
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,
37 IN LIST_ENTRY *ParamPackage,
38 IN OUT UINT32 *Mask
39 )
40 {
41 EFI_STATUS Status;
42 EFI_STATUS ReturnStatus;
43 CONST CHAR16 *ValueStr;
44
45 Status = EFI_SUCCESS;
46 ReturnStatus = EFI_SUCCESS;
47
48 //
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
50 //
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
52 if (ValueStr != NULL) {
53 Selector->LocalAddressCount = 1;
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
55 if (EFI_ERROR (Status)) {
56 ShellPrintHiiEx (
57 -1,
58 -1,
59 NULL,
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
61 mHiiHandle,
62 mAppName,
63 L"--local",
64 ValueStr
65 );
66 ReturnStatus = EFI_INVALID_PARAMETER;
67 } else {
68 *Mask |= LOCAL;
69 }
70 }
71
72 //
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
74 //
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
76 if (ValueStr != NULL) {
77 Selector->RemoteAddressCount = 1;
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
79 if (EFI_ERROR (Status)) {
80 ShellPrintHiiEx (
81 -1,
82 -1,
83 NULL,
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
85 mHiiHandle,
86 mAppName,
87 L"--remote",
88 ValueStr
89 );
90 ReturnStatus = EFI_INVALID_PARAMETER;
91 } else {
92 *Mask |= REMOTE;
93 }
94 }
95
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
97
98 //
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
100 //
101 Status = GetNumber (
102 L"--proto",
103 (UINT16) -1,
104 &Selector->NextLayerProtocol,
105 sizeof (UINT16),
106 mMapIpProtocol,
107 ParamPackage,
108 FORMAT_NUMBER | FORMAT_STRING
109 );
110 if (!EFI_ERROR (Status)) {
111 *Mask |= PROTO;
112 }
113
114 if (Status == EFI_INVALID_PARAMETER) {
115 ReturnStatus = EFI_INVALID_PARAMETER;
116 }
117
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;
120
121 //
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
123 //
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
125 if (ValueStr != NULL) {
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
127 if (EFI_ERROR (Status)) {
128 ShellPrintHiiEx (
129 -1,
130 -1,
131 NULL,
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
133 mHiiHandle,
134 mAppName,
135 L"--local-port",
136 ValueStr
137 );
138 ReturnStatus = EFI_INVALID_PARAMETER;
139 } else {
140 *Mask |= LOCAL_PORT;
141 }
142 }
143
144 //
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
146 //
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
148 if (ValueStr != NULL) {
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
150 if (EFI_ERROR (Status)) {
151 ShellPrintHiiEx (
152 -1,
153 -1,
154 NULL,
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
156 mHiiHandle,
157 mAppName,
158 L"--remote-port",
159 ValueStr
160 );
161 ReturnStatus = EFI_INVALID_PARAMETER;
162 } else {
163 *Mask |= REMOTE_PORT;
164 }
165 }
166
167 //
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
169 //
170 Status = GetNumber (
171 L"--icmp-type",
172 (UINT8) -1,
173 &Selector->LocalPort,
174 sizeof (UINT16),
175 NULL,
176 ParamPackage,
177 FORMAT_NUMBER
178 );
179 if (!EFI_ERROR (Status)) {
180 *Mask |= ICMP_TYPE;
181 }
182
183 if (Status == EFI_INVALID_PARAMETER) {
184 ReturnStatus = EFI_INVALID_PARAMETER;
185 }
186
187 //
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
189 //
190 Status = GetNumber (
191 L"--icmp-code",
192 (UINT8) -1,
193 &Selector->RemotePort,
194 sizeof (UINT16),
195 NULL,
196 ParamPackage,
197 FORMAT_NUMBER
198 );
199 if (!EFI_ERROR (Status)) {
200 *Mask |= ICMP_CODE;
201 }
202
203 if (Status == EFI_INVALID_PARAMETER) {
204 ReturnStatus = EFI_INVALID_PARAMETER;
205 }
206
207 return ReturnStatus;
208 }
209
210 /**
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
212
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
215 @param[in] ParamPackage The pointer to the ParamPackage list.
216 @param[out] Mask The pointer to the Mask.
217 @param[in] CreateNew The switch to create new.
218
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
221
222 **/
223 EFI_STATUS
224 CreateSpdEntry (
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,
226 OUT EFI_IPSEC_SPD_DATA **Data,
227 IN LIST_ENTRY *ParamPackage,
228 OUT UINT32 *Mask,
229 IN BOOLEAN CreateNew
230 )
231 {
232 EFI_STATUS Status;
233 EFI_STATUS ReturnStatus;
234 CONST CHAR16 *ValueStr;
235 UINTN DataSize;
236
237 Status = EFI_SUCCESS;
238 *Mask = 0;
239
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
241 ASSERT (*Selector != NULL);
242
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
245
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
247
248 //
249 // SPD DATA
250 // NOTE: Allocate enough memory and add padding for different arch.
251 //
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
255
256 *Data = AllocateZeroPool (DataSize);
257 ASSERT (*Data != NULL);
258
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
260 (*Data + 1),
261 sizeof (UINTN)
262 );
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
264 ((*Data)->ProcessingPolicy + 1),
265 sizeof (UINTN)
266 );
267
268
269 //
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
271 //
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
273 if (ValueStr != NULL) {
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);
275 *Mask |= NAME;
276 }
277
278 //
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
280 //
281 Status = GetNumber (
282 L"--packet-flag",
283 (UINT8) -1,
284 &(*Data)->PackageFlag,
285 sizeof (UINT32),
286 NULL,
287 ParamPackage,
288 FORMAT_NUMBER
289 );
290 if (!EFI_ERROR (Status)) {
291 *Mask |= PACKET_FLAG;
292 }
293
294 if (Status == EFI_INVALID_PARAMETER) {
295 ReturnStatus = EFI_INVALID_PARAMETER;
296 }
297
298 //
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
300 //
301 Status = GetNumber (
302 L"--action",
303 (UINT8) -1,
304 &(*Data)->Action,
305 sizeof (UINT32),
306 mMapIpSecAction,
307 ParamPackage,
308 FORMAT_STRING
309 );
310 if (!EFI_ERROR (Status)) {
311 *Mask |= ACTION;
312 }
313
314 if (Status == EFI_INVALID_PARAMETER) {
315 ReturnStatus = EFI_INVALID_PARAMETER;
316 }
317
318 //
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
320 //
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
323 *Mask |= EXT_SEQUENCE;
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
326 *Mask |= EXT_SEQUENCE;
327 }
328
329 //
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
331 //
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
334 *Mask |= SEQUENCE_OVERFLOW;
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
337 *Mask |= SEQUENCE_OVERFLOW;
338 }
339
340 //
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
342 //
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;
345 *Mask |= FRAGMENT_CHECK;
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;
348 *Mask |= FRAGMENT_CHECK;
349 }
350
351 //
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
353 //
354 Status = GetNumber (
355 L"--lifebyte",
356 (UINT64) -1,
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
358 sizeof (UINT64),
359 NULL,
360 ParamPackage,
361 FORMAT_NUMBER
362 );
363 if (!EFI_ERROR (Status)) {
364 *Mask |= LIFEBYTE;
365 }
366
367 if (Status == EFI_INVALID_PARAMETER) {
368 ReturnStatus = EFI_INVALID_PARAMETER;
369 }
370
371 Status = GetNumber (
372 L"--lifetime",
373 (UINT64) -1,
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
375 sizeof (UINT64),
376 NULL,
377 ParamPackage,
378 FORMAT_NUMBER
379 );
380 if (!EFI_ERROR (Status)) {
381 *Mask |= LIFETIME;
382 }
383 if (Status == EFI_INVALID_PARAMETER) {
384 ReturnStatus = EFI_INVALID_PARAMETER;
385 }
386
387 Status = GetNumber (
388 L"--lifetime-soft",
389 (UINT64) -1,
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
391 sizeof (UINT64),
392 NULL,
393 ParamPackage,
394 FORMAT_NUMBER
395 );
396 if (!EFI_ERROR (Status)) {
397 *Mask |= LIFETIME_SOFT;
398 }
399
400 if (Status == EFI_INVALID_PARAMETER) {
401 ReturnStatus = EFI_INVALID_PARAMETER;
402 }
403
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
405 Status = GetNumber (
406 L"--mode",
407 0,
408 &(*Data)->ProcessingPolicy->Mode,
409 sizeof (UINT32),
410 mMapIpSecMode,
411 ParamPackage,
412 FORMAT_STRING
413 );
414 if (!EFI_ERROR (Status)) {
415 *Mask |= MODE;
416 }
417
418 if (Status == EFI_INVALID_PARAMETER) {
419 ReturnStatus = EFI_INVALID_PARAMETER;
420 }
421
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
423 if (ValueStr != NULL) {
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
425 if (EFI_ERROR (Status)) {
426 ShellPrintHiiEx (
427 -1,
428 -1,
429 NULL,
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
431 mHiiHandle,
432 mAppName,
433 L"--tunnel-local",
434 ValueStr
435 );
436 ReturnStatus = EFI_INVALID_PARAMETER;
437 } else {
438 *Mask |= TUNNEL_LOCAL;
439 }
440 }
441
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
443 if (ValueStr != NULL) {
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
445 if (EFI_ERROR (Status)) {
446 ShellPrintHiiEx (
447 -1,
448 -1,
449 NULL,
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
451 mHiiHandle,
452 mAppName,
453 L"--tunnel-remote",
454 ValueStr
455 );
456 ReturnStatus = EFI_INVALID_PARAMETER;
457 } else {
458 *Mask |= TUNNEL_REMOTE;
459 }
460 }
461
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
463 Status = GetNumber (
464 L"--dont-fragment",
465 0,
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,
467 sizeof (UINT32),
468 mMapDfOption,
469 ParamPackage,
470 FORMAT_STRING
471 );
472 if (!EFI_ERROR (Status)) {
473 *Mask |= DONT_FRAGMENT;
474 }
475
476 if (Status == EFI_INVALID_PARAMETER) {
477 ReturnStatus = EFI_INVALID_PARAMETER;
478 }
479
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
481 Status = GetNumber (
482 L"--ipsec-proto",
483 0,
484 &(*Data)->ProcessingPolicy->Proto,
485 sizeof (UINT32),
486 mMapIpSecProtocol,
487 ParamPackage,
488 FORMAT_STRING
489 );
490 if (!EFI_ERROR (Status)) {
491 *Mask |= IPSEC_PROTO;
492 }
493
494 if (Status == EFI_INVALID_PARAMETER) {
495 ReturnStatus = EFI_INVALID_PARAMETER;
496 }
497
498 Status = GetNumber (
499 L"--encrypt-algo",
500 0,
501 &(*Data)->ProcessingPolicy->EncAlgoId,
502 sizeof (UINT8),
503 mMapEncAlgo,
504 ParamPackage,
505 FORMAT_STRING
506 );
507 if (!EFI_ERROR (Status)) {
508 *Mask |= ENCRYPT_ALGO;
509 }
510
511 if (Status == EFI_INVALID_PARAMETER) {
512 ReturnStatus = EFI_INVALID_PARAMETER;
513 }
514
515 Status = GetNumber (
516 L"--auth-algo",
517 0,
518 &(*Data)->ProcessingPolicy->AuthAlgoId,
519 sizeof (UINT8),
520 mMapAuthAlgo,
521 ParamPackage,
522 FORMAT_STRING
523 );
524 if (!EFI_ERROR (Status)) {
525 *Mask |= AUTH_ALGO;
526 }
527
528 if (Status == EFI_INVALID_PARAMETER) {
529 ReturnStatus = EFI_INVALID_PARAMETER;
530 }
531
532 //
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
534 //
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;
537 }
538
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
542 if ((*Data)->Action != EfiIPsecActionProtect) {
543 //
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
545 //
546 (*Data)->ProcessingPolicy = NULL;
547 }
548 }
549
550 if (CreateNew) {
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
552 ShellPrintHiiEx (
553 -1,
554 -1,
555 NULL,
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
557 mHiiHandle,
558 mAppName,
559 L"--local --remote --proto --action"
560 );
561 ReturnStatus = EFI_INVALID_PARAMETER;
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
565 ShellPrintHiiEx (
566 -1,
567 -1,
568 NULL,
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
570 mHiiHandle,
571 mAppName,
572 L"--tunnel-local --tunnel-remote"
573 );
574 ReturnStatus = EFI_INVALID_PARAMETER;
575 }
576 }
577
578 return ReturnStatus;
579 }
580
581 /**
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
583
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
586 @param[in] ParamPackage The pointer to the ParamPackage list.
587 @param[out] Mask The pointer to the Mask.
588 @param[in] CreateNew The switch to create new.
589
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
592
593 **/
594 EFI_STATUS
595 CreateSadEntry (
596 OUT EFI_IPSEC_SA_ID **SaId,
597 OUT EFI_IPSEC_SA_DATA2 **Data,
598 IN LIST_ENTRY *ParamPackage,
599 OUT UINT32 *Mask,
600 IN BOOLEAN CreateNew
601 )
602 {
603 EFI_STATUS Status;
604 EFI_STATUS ReturnStatus;
605 UINTN AuthKeyLength;
606 UINTN EncKeyLength;
607 CONST CHAR16 *ValueStr;
608 CHAR8 *AsciiStr;
609 UINTN DataSize;
610
611 Status = EFI_SUCCESS;
612 ReturnStatus = EFI_SUCCESS;
613 *Mask = 0;
614 AuthKeyLength = 0;
615 EncKeyLength = 0;
616
617 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
618 ASSERT (*SaId != NULL);
619
620 //
621 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
622 //
623 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
624 if (!EFI_ERROR (Status)) {
625 *Mask |= SPI;
626 }
627
628 if (Status == EFI_INVALID_PARAMETER) {
629 ReturnStatus = EFI_INVALID_PARAMETER;
630 }
631
632 //
633 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
634 //
635 Status = GetNumber (
636 L"--ipsec-proto",
637 0,
638 &(*SaId)->Proto,
639 sizeof (EFI_IPSEC_PROTOCOL_TYPE),
640 mMapIpSecProtocol,
641 ParamPackage,
642 FORMAT_STRING
643 );
644 if (!EFI_ERROR (Status)) {
645 *Mask |= IPSEC_PROTO;
646 }
647
648 if (Status == EFI_INVALID_PARAMETER) {
649 ReturnStatus = EFI_INVALID_PARAMETER;
650 }
651
652 //
653 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
654 //
655 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
656 if (ValueStr != NULL) {
657 AuthKeyLength = StrLen (ValueStr);
658 }
659
660 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
661 if (ValueStr != NULL) {
662 EncKeyLength = StrLen (ValueStr);
663 }
664
665 //
666 // EFI_IPSEC_SA_DATA2:
667 // +------------
668 // | EFI_IPSEC_SA_DATA2
669 // +-----------------------
670 // | AuthKey
671 // +-------------------------
672 // | EncKey
673 // +-------------------------
674 // | SpdSelector
675 //
676 // Notes: To make sure the address alignment add padding after each data if needed.
677 //
678 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
679 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
680 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
681 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
682 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
683 DataSize += sizeof (EFI_IP_ADDRESS_INFO);
684
685
686
687 *Data = AllocateZeroPool (DataSize);
688 ASSERT (*Data != NULL);
689
690 (*Data)->ManualSet = TRUE;
691 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
692 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
693 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
694 sizeof (UINTN)
695 );
696 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
697 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
698 sizeof (UINTN)
699 );
700 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
701 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
702 sizeof (UINTN));
703 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
704 (*Data)->SpdSelector->LocalAddress + 1,
705 sizeof (UINTN)
706 );
707
708 (*Data)->Mode = EfiIPsecTransport;
709 Status = GetNumber (
710 L"--mode",
711 0,
712 &(*Data)->Mode,
713 sizeof (EFI_IPSEC_MODE),
714 mMapIpSecMode,
715 ParamPackage,
716 FORMAT_STRING
717 );
718 if (!EFI_ERROR (Status)) {
719 *Mask |= MODE;
720 }
721
722 if (Status == EFI_INVALID_PARAMETER) {
723 ReturnStatus = EFI_INVALID_PARAMETER;
724 }
725
726 //
727 // According to RFC 4303-3.3.3. The first packet sent using a given SA
728 // will contain a sequence number of 1.
729 //
730 (*Data)->SNCount = 1;
731 Status = GetNumber (
732 L"--sequence-number",
733 (UINT64) -1,
734 &(*Data)->SNCount,
735 sizeof (UINT64),
736 NULL,
737 ParamPackage,
738 FORMAT_NUMBER
739 );
740 if (!EFI_ERROR (Status)) {
741 *Mask |= SEQUENCE_NUMBER;
742 }
743
744 if (Status == EFI_INVALID_PARAMETER) {
745 ReturnStatus = EFI_INVALID_PARAMETER;
746 }
747
748 (*Data)->AntiReplayWindows = 0;
749 Status = GetNumber (
750 L"--antireplay-window",
751 (UINT8) -1,
752 &(*Data)->AntiReplayWindows,
753 sizeof (UINT8),
754 NULL,
755 ParamPackage,
756 FORMAT_NUMBER
757 );
758 if (!EFI_ERROR (Status)) {
759 *Mask |= SEQUENCE_NUMBER;
760 }
761
762 if (Status == EFI_INVALID_PARAMETER) {
763 ReturnStatus = EFI_INVALID_PARAMETER;
764 }
765
766 Status = GetNumber (
767 L"--encrypt-algo",
768 0,
769 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
770 sizeof (UINT8),
771 mMapEncAlgo,
772 ParamPackage,
773 FORMAT_STRING
774 );
775 if (!EFI_ERROR (Status)) {
776 *Mask |= ENCRYPT_ALGO;
777 }
778
779 if (Status == EFI_INVALID_PARAMETER) {
780 ReturnStatus = EFI_INVALID_PARAMETER;
781 }
782
783 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
784 if (ValueStr != NULL ) {
785 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
786 AsciiStr = AllocateZeroPool (EncKeyLength + 1);
787 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
788 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
789 FreePool (AsciiStr);
790 *Mask |= ENCRYPT_KEY;
791 } else {
792 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
793 }
794
795 Status = GetNumber (
796 L"--auth-algo",
797 0,
798 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
799 sizeof (UINT8),
800 mMapAuthAlgo,
801 ParamPackage,
802 FORMAT_STRING
803 );
804 if (!EFI_ERROR (Status)) {
805 *Mask |= AUTH_ALGO;
806 }
807
808 if (Status == EFI_INVALID_PARAMETER) {
809 ReturnStatus = EFI_INVALID_PARAMETER;
810 }
811
812 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
813 if (ValueStr != NULL) {
814 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
815 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
816 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
817 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
818 FreePool (AsciiStr);
819 *Mask |= AUTH_KEY;
820 } else {
821 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
822 }
823
824 Status = GetNumber (
825 L"--lifebyte",
826 (UINT64) -1,
827 &(*Data)->SaLifetime.ByteCount,
828 sizeof (UINT64),
829 NULL,
830 ParamPackage,
831 FORMAT_NUMBER
832 );
833 if (!EFI_ERROR (Status)) {
834 *Mask |= LIFEBYTE;
835 }
836
837 if (Status == EFI_INVALID_PARAMETER) {
838 ReturnStatus = EFI_INVALID_PARAMETER;
839 }
840
841 Status = GetNumber (
842 L"--lifetime",
843 (UINT64) -1,
844 &(*Data)->SaLifetime.HardLifetime,
845 sizeof (UINT64),
846 NULL,
847 ParamPackage,
848 FORMAT_NUMBER
849 );
850 if (!EFI_ERROR (Status)) {
851 *Mask |= LIFETIME;
852 }
853
854 if (Status == EFI_INVALID_PARAMETER) {
855 ReturnStatus = EFI_INVALID_PARAMETER;
856 }
857
858 Status = GetNumber (
859 L"--lifetime-soft",
860 (UINT64) -1,
861 &(*Data)->SaLifetime.SoftLifetime,
862 sizeof (UINT64),
863 NULL,
864 ParamPackage,
865 FORMAT_NUMBER
866 );
867 if (!EFI_ERROR (Status)) {
868 *Mask |= LIFETIME_SOFT;
869 }
870
871 if (Status == EFI_INVALID_PARAMETER) {
872 ReturnStatus = EFI_INVALID_PARAMETER;
873 }
874
875 Status = GetNumber (
876 L"--path-mtu",
877 (UINT32) -1,
878 &(*Data)->PathMTU,
879 sizeof (UINT32),
880 NULL,
881 ParamPackage,
882 FORMAT_NUMBER
883 );
884 if (!EFI_ERROR (Status)) {
885 *Mask |= PATH_MTU;
886 }
887
888 if (Status == EFI_INVALID_PARAMETER) {
889 ReturnStatus = EFI_INVALID_PARAMETER;
890 }
891
892 //
893 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
894 //
895 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
896 if (ValueStr != NULL) {
897 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
898 if (EFI_ERROR (Status)) {
899 ShellPrintHiiEx (
900 -1,
901 -1,
902 NULL,
903 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
904 mHiiHandle,
905 mAppName,
906 L"--tunnel-dest",
907 ValueStr
908 );
909 ReturnStatus = EFI_INVALID_PARAMETER;
910 } else {
911 *Mask |= DEST;
912 }
913 }
914
915 //
916 // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
917 //
918 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
919 if (ValueStr != NULL) {
920 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
921 if (EFI_ERROR (Status)) {
922 ShellPrintHiiEx (
923 -1,
924 -1,
925 NULL,
926 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
927 mHiiHandle,
928 mAppName,
929 L"--tunnel-source",
930 ValueStr
931 );
932 ReturnStatus = EFI_INVALID_PARAMETER;
933 } else {
934 *Mask |= SOURCE;
935 }
936 }
937
938 //
939 // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
940 //
941 if ((*Data)->Mode == EfiIPsecTunnel) {
942 if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
943 ShellPrintHiiEx (
944 -1,
945 -1,
946 NULL,
947 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
948 mHiiHandle,
949 mAppName,
950 L"--tunnel-source --tunnel-dest"
951 );
952 ReturnStatus = EFI_INVALID_PARAMETER;
953 }
954 }
955 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
956
957 if (CreateNew) {
958 if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
959 ShellPrintHiiEx (
960 -1,
961 -1,
962 NULL,
963 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
964 mHiiHandle,
965 mAppName,
966 L"--spi --ipsec-proto --local --remote"
967 );
968 ReturnStatus = EFI_INVALID_PARAMETER;
969 } else {
970 if ((*SaId)->Proto == EfiIPsecAH) {
971 if ((*Mask & AUTH_ALGO) == 0) {
972 ShellPrintHiiEx (
973 -1,
974 -1,
975 NULL,
976 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
977 mHiiHandle,
978 mAppName,
979 L"--auth-algo"
980 );
981 ReturnStatus = EFI_INVALID_PARAMETER;
982 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
983 ShellPrintHiiEx (
984 -1,
985 -1,
986 NULL,
987 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
988 mHiiHandle,
989 mAppName,
990 L"--auth-key"
991 );
992 ReturnStatus = EFI_INVALID_PARAMETER;
993 }
994 } else {
995 if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
996 ShellPrintHiiEx (
997 -1,
998 -1,
999 NULL,
1000 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1001 mHiiHandle,
1002 mAppName,
1003 L"--encrypt-algo --auth-algo"
1004 );
1005 ReturnStatus = EFI_INVALID_PARAMETER;
1006 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
1007 ShellPrintHiiEx (
1008 -1,
1009 -1,
1010 NULL,
1011 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1012 mHiiHandle,
1013 mAppName,
1014 L"--encrypt-key"
1015 );
1016 ReturnStatus = EFI_INVALID_PARAMETER;
1017 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
1018 ShellPrintHiiEx (
1019 -1,
1020 -1,
1021 NULL,
1022 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1023 mHiiHandle,
1024 mAppName,
1025 L"--auth-key"
1026 );
1027 ReturnStatus = EFI_INVALID_PARAMETER;
1028 }
1029 }
1030 }
1031 }
1032
1033 return ReturnStatus;
1034 }
1035
1036 /**
1037 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
1038
1039 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
1040 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
1041 @param[in] ParamPackage The pointer to the ParamPackage list.
1042 @param[out] Mask The pointer to the Mask.
1043 @param[in] CreateNew The switch to create new.
1044
1045 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
1046 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1047
1048 **/
1049 EFI_STATUS
1050 CreatePadEntry (
1051 OUT EFI_IPSEC_PAD_ID **PadId,
1052 OUT EFI_IPSEC_PAD_DATA **Data,
1053 IN LIST_ENTRY *ParamPackage,
1054 OUT UINT32 *Mask,
1055 IN BOOLEAN CreateNew
1056 )
1057 {
1058 EFI_STATUS Status;
1059 EFI_STATUS ReturnStatus;
1060 SHELL_FILE_HANDLE FileHandle;
1061 UINT64 FileSize;
1062 UINTN AuthDataLength;
1063 UINTN RevocationDataLength;
1064 UINTN DataLength;
1065 UINTN Index;
1066 CONST CHAR16 *ValueStr;
1067 UINTN DataSize;
1068
1069 Status = EFI_SUCCESS;
1070 ReturnStatus = EFI_SUCCESS;
1071 *Mask = 0;
1072 AuthDataLength = 0;
1073 RevocationDataLength = 0;
1074
1075 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
1076 ASSERT (*PadId != NULL);
1077
1078 //
1079 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
1080 //
1081 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
1082 if (ValueStr != NULL) {
1083 (*PadId)->PeerIdValid = FALSE;
1084 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
1085 if (EFI_ERROR (Status)) {
1086 ShellPrintHiiEx (
1087 -1,
1088 -1,
1089 NULL,
1090 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
1091 mHiiHandle,
1092 mAppName,
1093 L"--peer-address",
1094 ValueStr
1095 );
1096 ReturnStatus = EFI_INVALID_PARAMETER;
1097 } else {
1098 *Mask |= PEER_ADDRESS;
1099 }
1100 }
1101
1102 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
1103 if (ValueStr != NULL) {
1104 (*PadId)->PeerIdValid = TRUE;
1105 StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);
1106 *Mask |= PEER_ID;
1107 }
1108
1109 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1110 if (ValueStr != NULL) {
1111 if (ValueStr[0] == L'@') {
1112 //
1113 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1114 //
1115 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1116 if (EFI_ERROR (Status)) {
1117 ShellPrintHiiEx (
1118 -1,
1119 -1,
1120 NULL,
1121 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1122 mHiiHandle,
1123 mAppName,
1124 &ValueStr[1]
1125 );
1126 ReturnStatus = EFI_INVALID_PARAMETER;
1127 } else {
1128 Status = ShellGetFileSize (FileHandle, &FileSize);
1129 ShellCloseFile (&FileHandle);
1130 if (EFI_ERROR (Status)) {
1131 ShellPrintHiiEx (
1132 -1,
1133 -1,
1134 NULL,
1135 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1136 mHiiHandle,
1137 mAppName,
1138 &ValueStr[1]
1139 );
1140 ReturnStatus = EFI_INVALID_PARAMETER;
1141 } else {
1142 AuthDataLength = (UINTN) FileSize;
1143 }
1144 }
1145 } else {
1146 AuthDataLength = StrLen (ValueStr);
1147 }
1148 }
1149
1150 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1151 if (ValueStr != NULL) {
1152 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
1153 }
1154
1155 //
1156 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
1157 // in different Arch.
1158 //
1159 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
1160 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
1161 DataSize += RevocationDataLength;
1162
1163 *Data = AllocateZeroPool (DataSize);
1164 ASSERT (*Data != NULL);
1165
1166 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
1167 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
1168 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
1169
1170 //
1171 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
1172 //
1173 Status = GetNumber (
1174 L"--auth-proto",
1175 0,
1176 &(*Data)->AuthProtocol,
1177 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
1178 mMapAuthProto,
1179 ParamPackage,
1180 FORMAT_STRING
1181 );
1182 if (!EFI_ERROR (Status)) {
1183 *Mask |= AUTH_PROTO;
1184 }
1185
1186 if (Status == EFI_INVALID_PARAMETER) {
1187 ReturnStatus = EFI_INVALID_PARAMETER;
1188 }
1189
1190 Status = GetNumber (
1191 L"--auth-method",
1192 0,
1193 &(*Data)->AuthMethod,
1194 sizeof (EFI_IPSEC_AUTH_METHOD),
1195 mMapAuthMethod,
1196 ParamPackage,
1197 FORMAT_STRING
1198 );
1199 if (!EFI_ERROR (Status)) {
1200 *Mask |= AUTH_METHOD;
1201 }
1202
1203 if (Status == EFI_INVALID_PARAMETER) {
1204 ReturnStatus = EFI_INVALID_PARAMETER;
1205 }
1206
1207 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
1208 (*Data)->IkeIdFlag = TRUE;
1209 *Mask |= IKE_ID;
1210 }
1211
1212 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
1213 (*Data)->IkeIdFlag = FALSE;
1214 *Mask |= IKE_ID;
1215 }
1216
1217 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1218 if (ValueStr != NULL) {
1219 if (ValueStr[0] == L'@') {
1220 //
1221 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1222 //
1223
1224 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1225 if (EFI_ERROR (Status)) {
1226 ShellPrintHiiEx (
1227 -1,
1228 -1,
1229 NULL,
1230 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1231 mHiiHandle,
1232 mAppName,
1233 &ValueStr[1]
1234 );
1235 ReturnStatus = EFI_INVALID_PARAMETER;
1236 (*Data)->AuthData = NULL;
1237 } else {
1238 DataLength = AuthDataLength;
1239 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
1240 ShellCloseFile (&FileHandle);
1241 if (EFI_ERROR (Status)) {
1242 ShellPrintHiiEx (
1243 -1,
1244 -1,
1245 NULL,
1246 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1247 mHiiHandle,
1248 mAppName,
1249 &ValueStr[1]
1250 );
1251 ReturnStatus = EFI_INVALID_PARAMETER;
1252 (*Data)->AuthData = NULL;
1253 } else {
1254 ASSERT (DataLength == AuthDataLength);
1255 *Mask |= AUTH_DATA;
1256 }
1257 }
1258 } else {
1259 for (Index = 0; Index < AuthDataLength; Index++) {
1260 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
1261 }
1262 (*Data)->AuthDataSize = AuthDataLength;
1263 *Mask |= AUTH_DATA;
1264 }
1265 }
1266
1267 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1268 if (ValueStr != NULL) {
1269 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
1270 (*Data)->RevocationDataSize = RevocationDataLength;
1271 *Mask |= REVOCATION_DATA;
1272 } else {
1273 (*Data)->RevocationData = NULL;
1274 }
1275
1276 if (CreateNew) {
1277 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1278 ShellPrintHiiEx (
1279 -1,
1280 -1,
1281 NULL,
1282 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1283 mHiiHandle,
1284 mAppName,
1285 L"--peer-id --peer-address"
1286 );
1287 ReturnStatus = EFI_INVALID_PARAMETER;
1288 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
1289 ShellPrintHiiEx (
1290 -1,
1291 -1,
1292 NULL,
1293 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1294 mHiiHandle,
1295 mAppName,
1296 L"--auth-method --auth-data"
1297 );
1298 ReturnStatus = EFI_INVALID_PARAMETER;
1299 }
1300 }
1301
1302 return ReturnStatus;
1303 }
1304
1305 CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
1306 (CREATE_POLICY_ENTRY) CreateSpdEntry,
1307 (CREATE_POLICY_ENTRY) CreateSadEntry,
1308 (CREATE_POLICY_ENTRY) CreatePadEntry
1309 };
1310
1311 /**
1312 Combine old SPD entry with new SPD entry.
1313
1314 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1315 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
1316 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1317 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
1318 @param[in] Mask The pointer to the Mask.
1319 @param[out] CreateNew The switch to create new.
1320
1321 @retval EFI_SUCCESS Combined successfully.
1322 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1323
1324 **/
1325 EFI_STATUS
1326 CombineSpdEntry (
1327 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
1328 IN OUT EFI_IPSEC_SPD_DATA *OldData,
1329 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
1330 IN EFI_IPSEC_SPD_DATA *NewData,
1331 IN UINT32 Mask,
1332 OUT BOOLEAN *CreateNew
1333 )
1334 {
1335
1336 //
1337 // Process Selector
1338 //
1339 *CreateNew = FALSE;
1340 if ((Mask & LOCAL) == 0) {
1341 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
1342 NewSelector->LocalAddress = OldSelector->LocalAddress;
1343 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
1344 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1345 *CreateNew = TRUE;
1346 }
1347
1348 if ((Mask & REMOTE) == 0) {
1349 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
1350 NewSelector->RemoteAddress = OldSelector->RemoteAddress;
1351 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
1352 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1353 *CreateNew = TRUE;
1354 }
1355
1356 if ((Mask & PROTO) == 0) {
1357 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
1358 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
1359 *CreateNew = TRUE;
1360 }
1361
1362 switch (NewSelector->NextLayerProtocol) {
1363 case EFI_IP4_PROTO_TCP:
1364 case EFI_IP4_PROTO_UDP:
1365 if ((Mask & LOCAL_PORT) == 0) {
1366 NewSelector->LocalPort = OldSelector->LocalPort;
1367 NewSelector->LocalPortRange = OldSelector->LocalPortRange;
1368 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
1369 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
1370 *CreateNew = TRUE;
1371 }
1372
1373 if ((Mask & REMOTE_PORT) == 0) {
1374 NewSelector->RemotePort = OldSelector->RemotePort;
1375 NewSelector->RemotePortRange = OldSelector->RemotePortRange;
1376 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
1377 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
1378 *CreateNew = TRUE;
1379 }
1380 break;
1381
1382 case EFI_IP4_PROTO_ICMP:
1383 if ((Mask & ICMP_TYPE) == 0) {
1384 NewSelector->LocalPort = OldSelector->LocalPort;
1385 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
1386 *CreateNew = TRUE;
1387 }
1388
1389 if ((Mask & ICMP_CODE) == 0) {
1390 NewSelector->RemotePort = OldSelector->RemotePort;
1391 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
1392 *CreateNew = TRUE;
1393 }
1394 break;
1395 }
1396 //
1397 // Process Data
1398 //
1399 if ((Mask & NAME) != 0) {
1400 AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);
1401 }
1402
1403 if ((Mask & PACKET_FLAG) != 0) {
1404 OldData->PackageFlag = NewData->PackageFlag;
1405 }
1406
1407 if ((Mask & ACTION) != 0) {
1408 OldData->Action = NewData->Action;
1409 }
1410
1411 if (OldData->Action != EfiIPsecActionProtect) {
1412 OldData->ProcessingPolicy = NULL;
1413 } else {
1414 //
1415 // Protect
1416 //
1417 if (OldData->ProcessingPolicy == NULL) {
1418 //
1419 // Just point to new data if originally NULL.
1420 //
1421 OldData->ProcessingPolicy = NewData->ProcessingPolicy;
1422 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
1423 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
1424 ) {
1425 //
1426 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
1427 //
1428 ShellPrintHiiEx (
1429 -1,
1430 -1,
1431 NULL,
1432 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1433 mHiiHandle,
1434 mAppName,
1435 L"--tunnel-local --tunnel-remote"
1436 );
1437 return EFI_INVALID_PARAMETER;
1438 }
1439 } else {
1440 //
1441 // Modify some of the data.
1442 //
1443 if ((Mask & EXT_SEQUENCE) != 0) {
1444 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
1445 }
1446
1447 if ((Mask & SEQUENCE_OVERFLOW) != 0) {
1448 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
1449 }
1450
1451 if ((Mask & FRAGMENT_CHECK) != 0) {
1452 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
1453 }
1454
1455 if ((Mask & LIFEBYTE) != 0) {
1456 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
1457 }
1458
1459 if ((Mask & LIFETIME_SOFT) != 0) {
1460 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
1461 }
1462
1463 if ((Mask & LIFETIME) != 0) {
1464 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
1465 }
1466
1467 if ((Mask & MODE) != 0) {
1468 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
1469 }
1470
1471 if ((Mask & IPSEC_PROTO) != 0) {
1472 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
1473 }
1474
1475 if ((Mask & AUTH_ALGO) != 0) {
1476 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
1477 }
1478
1479 if ((Mask & ENCRYPT_ALGO) != 0) {
1480 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
1481 }
1482
1483 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
1484 OldData->ProcessingPolicy->TunnelOption = NULL;
1485 } else {
1486 if (OldData->ProcessingPolicy->TunnelOption == NULL) {
1487 //
1488 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
1489 //
1490 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
1491 ShellPrintHiiEx (
1492 -1,
1493 -1,
1494 NULL,
1495 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1496 mHiiHandle,
1497 mAppName,
1498 L"--tunnel-local --tunnel-remote"
1499 );
1500 return EFI_INVALID_PARAMETER;
1501 }
1502
1503 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
1504 } else {
1505 if ((Mask & TUNNEL_LOCAL) != 0) {
1506 CopyMem (
1507 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1508 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1509 sizeof (EFI_IP_ADDRESS)
1510 );
1511 }
1512
1513 if ((Mask & TUNNEL_REMOTE) != 0) {
1514 CopyMem (
1515 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1516 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1517 sizeof (EFI_IP_ADDRESS)
1518 );
1519 }
1520
1521 if ((Mask & DONT_FRAGMENT) != 0) {
1522 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
1523 }
1524 }
1525 }
1526 }
1527 }
1528
1529 return EFI_SUCCESS;
1530 }
1531
1532 /**
1533 Combine old SAD entry with new SAD entry.
1534
1535 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
1536 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1537 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
1538 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1539 @param[in] Mask The pointer to the Mask.
1540 @param[out] CreateNew The switch to create new.
1541
1542 @retval EFI_SUCCESS Combined successfully.
1543 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1544
1545 **/
1546 EFI_STATUS
1547 CombineSadEntry (
1548 IN OUT EFI_IPSEC_SA_ID *OldSaId,
1549 IN OUT EFI_IPSEC_SA_DATA2 *OldData,
1550 IN EFI_IPSEC_SA_ID *NewSaId,
1551 IN EFI_IPSEC_SA_DATA2 *NewData,
1552 IN UINT32 Mask,
1553 OUT BOOLEAN *CreateNew
1554 )
1555 {
1556
1557 *CreateNew = FALSE;
1558
1559 if ((Mask & SPI) == 0) {
1560 NewSaId->Spi = OldSaId->Spi;
1561 } else if (NewSaId->Spi != OldSaId->Spi) {
1562 *CreateNew = TRUE;
1563 }
1564
1565 if ((Mask & IPSEC_PROTO) == 0) {
1566 NewSaId->Proto = OldSaId->Proto;
1567 } else if (NewSaId->Proto != OldSaId->Proto) {
1568 *CreateNew = TRUE;
1569 }
1570
1571 if ((Mask & DEST) == 0) {
1572 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
1573 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1574 *CreateNew = TRUE;
1575 }
1576
1577 if ((Mask & SOURCE) == 0) {
1578 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
1579 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1580 *CreateNew = TRUE;
1581 }
1582 //
1583 // Process SA_DATA.
1584 //
1585 if ((Mask & MODE) != 0) {
1586 OldData->Mode = NewData->Mode;
1587 }
1588
1589 if ((Mask & SEQUENCE_NUMBER) != 0) {
1590 OldData->SNCount = NewData->SNCount;
1591 }
1592
1593 if ((Mask & ANTIREPLAY_WINDOW) != 0) {
1594 OldData->AntiReplayWindows = NewData->AntiReplayWindows;
1595 }
1596
1597 if ((Mask & AUTH_ALGO) != 0) {
1598 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
1599 }
1600
1601 if ((Mask & AUTH_KEY) != 0) {
1602 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
1603 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
1604 }
1605
1606 if ((Mask & ENCRYPT_ALGO) != 0) {
1607 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
1608 }
1609
1610 if ((Mask & ENCRYPT_KEY) != 0) {
1611 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
1612 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
1613 }
1614
1615 if (NewSaId->Proto == EfiIPsecAH) {
1616 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
1617 //
1618 // Should not provide encrypt_* if AH.
1619 //
1620 ShellPrintHiiEx (
1621 -1,
1622 -1,
1623 NULL,
1624 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
1625 mHiiHandle,
1626 mAppName,
1627 L"--encrypt-algo --encrypt-key"
1628 );
1629 return EFI_INVALID_PARAMETER;
1630 }
1631 }
1632
1633 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
1634 //
1635 // AH -> ESP
1636 // Should provide encrypt_algo at least.
1637 //
1638 if ((Mask & ENCRYPT_ALGO) == 0) {
1639 ShellPrintHiiEx (
1640 -1,
1641 -1,
1642 NULL,
1643 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1644 mHiiHandle,
1645 mAppName,
1646 L"--encrypt-algo"
1647 );
1648 return EFI_INVALID_PARAMETER;
1649 }
1650
1651 //
1652 // Encrypt_key should be provided if algorithm is not NONE.
1653 //
1654 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
1655 ShellPrintHiiEx (
1656 -1,
1657 -1,
1658 NULL,
1659 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1660 mHiiHandle,
1661 mAppName,
1662 L"--encrypt-algo"
1663 );
1664 return EFI_INVALID_PARAMETER;
1665 }
1666 }
1667
1668 if ((Mask & LIFEBYTE) != 0) {
1669 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
1670 }
1671
1672 if ((Mask & LIFETIME_SOFT) != 0) {
1673 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
1674 }
1675
1676 if ((Mask & LIFETIME) != 0) {
1677 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
1678 }
1679
1680 if ((Mask & PATH_MTU) != 0) {
1681 OldData->PathMTU = NewData->PathMTU;
1682 }
1683 //
1684 // Process SpdSelector.
1685 //
1686 if (OldData->SpdSelector == NULL) {
1687 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
1688 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
1689 ShellPrintHiiEx (
1690 -1,
1691 -1,
1692 NULL,
1693 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1694 mHiiHandle,
1695 mAppName,
1696 L"--local --remote --proto"
1697 );
1698 return EFI_INVALID_PARAMETER;
1699 }
1700
1701 OldData->SpdSelector = NewData->SpdSelector;
1702 }
1703 } else {
1704 if ((Mask & LOCAL) != 0) {
1705 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
1706 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
1707 }
1708
1709 if ((Mask & REMOTE) != 0) {
1710 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
1711 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
1712 }
1713
1714 if ((Mask & PROTO) != 0) {
1715 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
1716 }
1717
1718 if (OldData->SpdSelector != NULL) {
1719 switch (OldData->SpdSelector->NextLayerProtocol) {
1720 case EFI_IP4_PROTO_TCP:
1721 case EFI_IP4_PROTO_UDP:
1722 if ((Mask & LOCAL_PORT) != 0) {
1723 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
1724 }
1725
1726 if ((Mask & REMOTE_PORT) != 0) {
1727 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
1728 }
1729 break;
1730
1731 case EFI_IP4_PROTO_ICMP:
1732 if ((Mask & ICMP_TYPE) != 0) {
1733 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
1734 }
1735
1736 if ((Mask & ICMP_CODE) != 0) {
1737 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
1738 }
1739 break;
1740 }
1741 }
1742 }
1743
1744 return EFI_SUCCESS;
1745 }
1746
1747 /**
1748 Combine old PAD entry with new PAD entry.
1749
1750 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1751 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
1752 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1753 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
1754 @param[in] Mask The pointer to the Mask.
1755 @param[out] CreateNew The switch to create new.
1756
1757 @retval EFI_SUCCESS Combined successfully.
1758 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1759
1760 **/
1761 EFI_STATUS
1762 CombinePadEntry (
1763 IN OUT EFI_IPSEC_PAD_ID *OldPadId,
1764 IN OUT EFI_IPSEC_PAD_DATA *OldData,
1765 IN EFI_IPSEC_PAD_ID *NewPadId,
1766 IN EFI_IPSEC_PAD_DATA *NewData,
1767 IN UINT32 Mask,
1768 OUT BOOLEAN *CreateNew
1769 )
1770 {
1771
1772 *CreateNew = FALSE;
1773
1774 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1775 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
1776 } else {
1777 if ((Mask & PEER_ID) != 0) {
1778 if (OldPadId->PeerIdValid) {
1779 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
1780 *CreateNew = TRUE;
1781 }
1782 } else {
1783 *CreateNew = TRUE;
1784 }
1785 } else {
1786 //
1787 // MASK & PEER_ADDRESS
1788 //
1789 if (OldPadId->PeerIdValid) {
1790 *CreateNew = TRUE;
1791 } else {
1792 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
1793 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
1794 *CreateNew = TRUE;
1795 }
1796 }
1797 }
1798 }
1799
1800 if ((Mask & AUTH_PROTO) != 0) {
1801 OldData->AuthProtocol = NewData->AuthProtocol;
1802 }
1803
1804 if ((Mask & AUTH_METHOD) != 0) {
1805 OldData->AuthMethod = NewData->AuthMethod;
1806 }
1807
1808 if ((Mask & IKE_ID) != 0) {
1809 OldData->IkeIdFlag = NewData->IkeIdFlag;
1810 }
1811
1812 if ((Mask & AUTH_DATA) != 0) {
1813 OldData->AuthDataSize = NewData->AuthDataSize;
1814 OldData->AuthData = NewData->AuthData;
1815 }
1816
1817 if ((Mask & REVOCATION_DATA) != 0) {
1818 OldData->RevocationDataSize = NewData->RevocationDataSize;
1819 OldData->RevocationData = NewData->RevocationData;
1820 }
1821
1822 return EFI_SUCCESS;
1823 }
1824
1825 COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
1826 (COMBINE_POLICY_ENTRY) CombineSpdEntry,
1827 (COMBINE_POLICY_ENTRY) CombineSadEntry,
1828 (COMBINE_POLICY_ENTRY) CombinePadEntry
1829 };
1830
1831 /**
1832 Edit entry information in the database.
1833
1834 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1835 @param[in] Data The pointer to the data.
1836 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1837
1838 @retval EFI_SUCCESS Continue the iteration.
1839 @retval EFI_ABORTED Abort the iteration.
1840 **/
1841 EFI_STATUS
1842 EditOperatePolicyEntry (
1843 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1844 IN VOID *Data,
1845 IN EDIT_POLICY_ENTRY_CONTEXT *Context
1846 )
1847 {
1848 EFI_STATUS Status;
1849 BOOLEAN CreateNew;
1850
1851 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1852 ASSERT (Context->DataType < 3);
1853
1854 Status = mCombinePolicyEntry[Context->DataType] (
1855 Selector,
1856 Data,
1857 Context->Selector,
1858 Context->Data,
1859 Context->Mask,
1860 &CreateNew
1861 );
1862 if (!EFI_ERROR (Status)) {
1863 if (CreateNew) {
1864 //
1865 // Insert new entry before old entry
1866 //
1867 Status = mIpSecConfig->SetData (
1868 mIpSecConfig,
1869 Context->DataType,
1870 Context->Selector,
1871 Data,
1872 Selector
1873 );
1874 ASSERT_EFI_ERROR (Status);
1875 //
1876 // Delete old entry
1877 //
1878 Status = mIpSecConfig->SetData (
1879 mIpSecConfig,
1880 Context->DataType,
1881 Selector,
1882 NULL,
1883 NULL
1884 );
1885 ASSERT_EFI_ERROR (Status);
1886 } else {
1887 Status = mIpSecConfig->SetData (
1888 mIpSecConfig,
1889 Context->DataType,
1890 Context->Selector,
1891 Data,
1892 NULL
1893 );
1894 }
1895 }
1896
1897 Context->Status = Status;
1898 return EFI_ABORTED;
1899 }
1900
1901 return EFI_SUCCESS;
1902 }
1903
1904 /**
1905 Edit entry information in database according to datatype.
1906
1907 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1908 @param[in] ParamPackage The pointer to the ParamPackage list.
1909
1910 @retval EFI_SUCCESS Edit entry information successfully.
1911 @retval EFI_NOT_FOUND Can't find the specified entry.
1912 @retval Others Some mistaken case.
1913 **/
1914 EFI_STATUS
1915 EditPolicyEntry (
1916 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1917 IN LIST_ENTRY *ParamPackage
1918 )
1919 {
1920 EFI_STATUS Status;
1921 EDIT_POLICY_ENTRY_CONTEXT Context;
1922 CONST CHAR16 *ValueStr;
1923
1924 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
1925 if (ValueStr == NULL) {
1926 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1927 return EFI_NOT_FOUND;
1928 }
1929
1930 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1931 if (!EFI_ERROR (Status)) {
1932 Context.DataType = DataType;
1933 Context.Status = EFI_NOT_FOUND;
1934 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
1935 if (!EFI_ERROR (Status)) {
1936 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
1937 Status = Context.Status;
1938 }
1939
1940 if (Context.Selector != NULL) {
1941 gBS->FreePool (Context.Selector);
1942 }
1943
1944 if (Context.Data != NULL) {
1945 gBS->FreePool (Context.Data);
1946 }
1947 }
1948
1949 if (Status == EFI_NOT_FOUND) {
1950 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
1951 } else if (EFI_ERROR (Status)) {
1952 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
1953 }
1954
1955 return Status;
1956
1957 }
1958
1959 /**
1960 Insert entry information in database.
1961
1962 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1963 @param[in] Data The pointer to the data.
1964 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1965
1966 @retval EFI_SUCCESS Continue the iteration.
1967 @retval EFI_ABORTED Abort the iteration.
1968 **/
1969 EFI_STATUS
1970 InsertPolicyEntry (
1971 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1972 IN VOID *Data,
1973 IN INSERT_POLICY_ENTRY_CONTEXT *Context
1974 )
1975 {
1976 //
1977 // Found the entry which we want to insert before.
1978 //
1979 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1980
1981 Context->Status = mIpSecConfig->SetData (
1982 mIpSecConfig,
1983 Context->DataType,
1984 Context->Selector,
1985 Context->Data,
1986 Selector
1987 );
1988 //
1989 // Abort the iteration after the insertion.
1990 //
1991 return EFI_ABORTED;
1992 }
1993
1994 return EFI_SUCCESS;
1995 }
1996
1997 /**
1998 Insert or add entry information in database according to datatype.
1999
2000 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
2001 @param[in] ParamPackage The pointer to the ParamPackage list.
2002
2003 @retval EFI_SUCCESS Insert or add entry information successfully.
2004 @retval EFI_NOT_FOUND Can't find the specified entry.
2005 @retval EFI_BUFFER_TOO_SMALL The entry already existed.
2006 @retval EFI_UNSUPPORTED The operation is not supported.
2007 @retval Others Some mistaken case.
2008 **/
2009 EFI_STATUS
2010 AddOrInsertPolicyEntry (
2011 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
2012 IN LIST_ENTRY *ParamPackage
2013 )
2014 {
2015 EFI_STATUS Status;
2016 EFI_IPSEC_CONFIG_SELECTOR *Selector;
2017 VOID *Data;
2018 INSERT_POLICY_ENTRY_CONTEXT Context;
2019 UINT32 Mask;
2020 UINTN DataSize;
2021 CONST CHAR16 *ValueStr;
2022
2023 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
2024 if (!EFI_ERROR (Status)) {
2025 //
2026 // Find if the Selector to be inserted already exists.
2027 //
2028 DataSize = 0;
2029 Status = mIpSecConfig->GetData (
2030 mIpSecConfig,
2031 DataType,
2032 Selector,
2033 &DataSize,
2034 NULL
2035 );
2036 if (Status == EFI_BUFFER_TOO_SMALL) {
2037 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
2038 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
2039 Status = mIpSecConfig->SetData (
2040 mIpSecConfig,
2041 DataType,
2042 Selector,
2043 Data,
2044 NULL
2045 );
2046 } else {
2047 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
2048 if (ValueStr == NULL) {
2049 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
2050 return EFI_NOT_FOUND;
2051 }
2052
2053 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
2054 if (!EFI_ERROR (Status)) {
2055 Context.DataType = DataType;
2056 Context.Status = EFI_NOT_FOUND;
2057 Context.Selector = Selector;
2058 Context.Data = Data;
2059
2060 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
2061 Status = Context.Status;
2062 if (Status == EFI_NOT_FOUND) {
2063 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
2064 }
2065 }
2066 }
2067
2068 gBS->FreePool (Selector);
2069 gBS->FreePool (Data);
2070 }
2071
2072 if (Status == EFI_UNSUPPORTED) {
2073 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
2074 } else if (EFI_ERROR (Status)) {
2075 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
2076 }
2077
2078 return Status;
2079 }
EFI Development Kit II mirror for PVE