]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update ipsecconfig and ping6 due to ShellLib update.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
1 /** @file
2 The implementation of policy entry operation function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 #include "Helper.h"
20 #include "ForEach.h"
21 #include "PolicyEntryOperation.h"
22
23 /**
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
25
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
27 @param[in] ParamPackage The pointer to the ParamPackage list.
28 @param[in, out] ParamPackage The pointer to the Mask.
29
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
32
33 **/
34 EFI_STATUS
35 CreateSpdSelector (
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,
37 IN LIST_ENTRY *ParamPackage,
38 IN OUT UINT32 *Mask
39 )
40 {
41 EFI_STATUS Status;
42 EFI_STATUS ReturnStatus;
43 CONST CHAR16 *ValueStr;
44
45 Status = EFI_SUCCESS;
46 ReturnStatus = EFI_SUCCESS;
47
48 //
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
50 //
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
52 if (ValueStr != NULL) {
53 Selector->LocalAddressCount = 1;
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
55 if (EFI_ERROR (Status)) {
56 ShellPrintHiiEx (
57 -1,
58 -1,
59 NULL,
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
61 mHiiHandle,
62 mAppName,
63 L"--local",
64 ValueStr
65 );
66 ReturnStatus = EFI_INVALID_PARAMETER;
67 } else {
68 *Mask |= LOCAL;
69 }
70 }
71
72 //
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
74 //
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
76 if (ValueStr != NULL) {
77 Selector->RemoteAddressCount = 1;
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
79 if (EFI_ERROR (Status)) {
80 ShellPrintHiiEx (
81 -1,
82 -1,
83 NULL,
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
85 mHiiHandle,
86 mAppName,
87 L"--remote",
88 ValueStr
89 );
90 ReturnStatus = EFI_INVALID_PARAMETER;
91 } else {
92 *Mask |= REMOTE;
93 }
94 }
95
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
97
98 //
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
100 //
101 Status = GetNumber (
102 L"--proto",
103 (UINT16) -1,
104 &Selector->NextLayerProtocol,
105 sizeof (UINT16),
106 mMapIpProtocol,
107 ParamPackage,
108 FORMAT_NUMBER | FORMAT_STRING
109 );
110 if (!EFI_ERROR (Status)) {
111 *Mask |= PROTO;
112 }
113
114 if (Status == EFI_INVALID_PARAMETER) {
115 ReturnStatus = EFI_INVALID_PARAMETER;
116 }
117
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;
120
121 //
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
123 //
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
125 if (ValueStr != NULL) {
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
127 if (EFI_ERROR (Status)) {
128 ShellPrintHiiEx (
129 -1,
130 -1,
131 NULL,
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
133 mHiiHandle,
134 mAppName,
135 L"--local-port",
136 ValueStr
137 );
138 ReturnStatus = EFI_INVALID_PARAMETER;
139 } else {
140 *Mask |= LOCAL_PORT;
141 }
142 }
143
144 //
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
146 //
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
148 if (ValueStr != NULL) {
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
150 if (EFI_ERROR (Status)) {
151 ShellPrintHiiEx (
152 -1,
153 -1,
154 NULL,
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
156 mHiiHandle,
157 mAppName,
158 L"--remote-port",
159 ValueStr
160 );
161 ReturnStatus = EFI_INVALID_PARAMETER;
162 } else {
163 *Mask |= REMOTE_PORT;
164 }
165 }
166
167 //
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
169 //
170 Status = GetNumber (
171 L"--icmp-type",
172 (UINT8) -1,
173 &Selector->LocalPort,
174 sizeof (UINT16),
175 NULL,
176 ParamPackage,
177 FORMAT_NUMBER
178 );
179 if (!EFI_ERROR (Status)) {
180 *Mask |= ICMP_TYPE;
181 }
182
183 if (Status == EFI_INVALID_PARAMETER) {
184 ReturnStatus = EFI_INVALID_PARAMETER;
185 }
186
187 //
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
189 //
190 Status = GetNumber (
191 L"--icmp-code",
192 (UINT8) -1,
193 &Selector->RemotePort,
194 sizeof (UINT16),
195 NULL,
196 ParamPackage,
197 FORMAT_NUMBER
198 );
199 if (!EFI_ERROR (Status)) {
200 *Mask |= ICMP_CODE;
201 }
202
203 if (Status == EFI_INVALID_PARAMETER) {
204 ReturnStatus = EFI_INVALID_PARAMETER;
205 }
206
207 return ReturnStatus;
208 }
209
210 /**
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
212
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
215 @param[in] ParamPackage The pointer to the ParamPackage list.
216 @param[out] Mask The pointer to the Mask.
217 @param[in] CreateNew The switch to create new.
218
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
221
222 **/
223 EFI_STATUS
224 CreateSpdEntry (
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,
226 OUT EFI_IPSEC_SPD_DATA **Data,
227 IN LIST_ENTRY *ParamPackage,
228 OUT UINT32 *Mask,
229 IN BOOLEAN CreateNew
230 )
231 {
232 EFI_STATUS Status;
233 EFI_STATUS ReturnStatus;
234 CONST CHAR16 *ValueStr;
235 UINTN DataSize;
236
237 Status = EFI_SUCCESS;
238 *Mask = 0;
239
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
241 ASSERT (*Selector != NULL);
242
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
245
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
247
248 //
249 // SPD DATA
250 // NOTE: Allocate enough memory and add padding for different arch.
251 //
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
255
256 *Data = AllocateZeroPool (DataSize);
257 ASSERT (*Data != NULL);
258
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
260 (*Data + 1),
261 sizeof (UINTN)
262 );
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
264 ((*Data)->ProcessingPolicy + 1),
265 sizeof (UINTN)
266 );
267
268
269 //
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
271 //
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
273 if (ValueStr != NULL) {
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);
275 *Mask |= NAME;
276 }
277
278 //
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
280 //
281 Status = GetNumber (
282 L"--packet-flag",
283 (UINT8) -1,
284 &(*Data)->PackageFlag,
285 sizeof (UINT32),
286 NULL,
287 ParamPackage,
288 FORMAT_NUMBER
289 );
290 if (!EFI_ERROR (Status)) {
291 *Mask |= PACKET_FLAG;
292 }
293
294 if (Status == EFI_INVALID_PARAMETER) {
295 ReturnStatus = EFI_INVALID_PARAMETER;
296 }
297
298 //
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
300 //
301 Status = GetNumber (
302 L"--action",
303 (UINT8) -1,
304 &(*Data)->Action,
305 sizeof (UINT32),
306 mMapIpSecAction,
307 ParamPackage,
308 FORMAT_STRING
309 );
310 if (!EFI_ERROR (Status)) {
311 *Mask |= ACTION;
312 }
313
314 if (Status == EFI_INVALID_PARAMETER) {
315 ReturnStatus = EFI_INVALID_PARAMETER;
316 }
317
318 //
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
320 //
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
323 *Mask |= EXT_SEQUENCE;
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
326 *Mask |= EXT_SEQUENCE;
327 }
328
329 //
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
331 //
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
334 *Mask |= SEQUENCE_OVERFLOW;
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
337 *Mask |= SEQUENCE_OVERFLOW;
338 }
339
340 //
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
342 //
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;
345 *Mask |= FRAGMENT_CHECK;
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;
348 *Mask |= FRAGMENT_CHECK;
349 }
350
351 //
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
353 //
354 Status = GetNumber (
355 L"--lifebyte",
356 (UINT64) -1,
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
358 sizeof (UINT64),
359 NULL,
360 ParamPackage,
361 FORMAT_NUMBER
362 );
363 if (!EFI_ERROR (Status)) {
364 *Mask |= LIFEBYTE;
365 }
366
367 if (Status == EFI_INVALID_PARAMETER) {
368 ReturnStatus = EFI_INVALID_PARAMETER;
369 }
370
371 Status = GetNumber (
372 L"--lifetime",
373 (UINT64) -1,
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
375 sizeof (UINT64),
376 NULL,
377 ParamPackage,
378 FORMAT_NUMBER
379 );
380 if (!EFI_ERROR (Status)) {
381 *Mask |= LIFETIME;
382 }
383 if (Status == EFI_INVALID_PARAMETER) {
384 ReturnStatus = EFI_INVALID_PARAMETER;
385 }
386
387 Status = GetNumber (
388 L"--lifetime-soft",
389 (UINT64) -1,
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
391 sizeof (UINT64),
392 NULL,
393 ParamPackage,
394 FORMAT_NUMBER
395 );
396 if (!EFI_ERROR (Status)) {
397 *Mask |= LIFETIME_SOFT;
398 }
399
400 if (Status == EFI_INVALID_PARAMETER) {
401 ReturnStatus = EFI_INVALID_PARAMETER;
402 }
403
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
405 Status = GetNumber (
406 L"--mode",
407 0,
408 &(*Data)->ProcessingPolicy->Mode,
409 sizeof (UINT32),
410 mMapIpSecMode,
411 ParamPackage,
412 FORMAT_STRING
413 );
414 if (!EFI_ERROR (Status)) {
415 *Mask |= MODE;
416 }
417
418 if (Status == EFI_INVALID_PARAMETER) {
419 ReturnStatus = EFI_INVALID_PARAMETER;
420 }
421
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
423 if (ValueStr != NULL) {
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
425 if (EFI_ERROR (Status)) {
426 ShellPrintHiiEx (
427 -1,
428 -1,
429 NULL,
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
431 mHiiHandle,
432 mAppName,
433 L"--tunnel-local",
434 ValueStr
435 );
436 ReturnStatus = EFI_INVALID_PARAMETER;
437 } else {
438 *Mask |= TUNNEL_LOCAL;
439 }
440 }
441
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
443 if (ValueStr != NULL) {
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
445 if (EFI_ERROR (Status)) {
446 ShellPrintHiiEx (
447 -1,
448 -1,
449 NULL,
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
451 mHiiHandle,
452 mAppName,
453 L"--tunnel-remote",
454 ValueStr
455 );
456 ReturnStatus = EFI_INVALID_PARAMETER;
457 } else {
458 *Mask |= TUNNEL_REMOTE;
459 }
460 }
461
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
463 Status = GetNumber (
464 L"--dont-fragment",
465 0,
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,
467 sizeof (UINT32),
468 mMapDfOption,
469 ParamPackage,
470 FORMAT_STRING
471 );
472 if (!EFI_ERROR (Status)) {
473 *Mask |= DONT_FRAGMENT;
474 }
475
476 if (Status == EFI_INVALID_PARAMETER) {
477 ReturnStatus = EFI_INVALID_PARAMETER;
478 }
479
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
481 Status = GetNumber (
482 L"--ipsec-proto",
483 0,
484 &(*Data)->ProcessingPolicy->Proto,
485 sizeof (UINT32),
486 mMapIpSecProtocol,
487 ParamPackage,
488 FORMAT_STRING
489 );
490 if (!EFI_ERROR (Status)) {
491 *Mask |= IPSEC_PROTO;
492 }
493
494 if (Status == EFI_INVALID_PARAMETER) {
495 ReturnStatus = EFI_INVALID_PARAMETER;
496 }
497
498 Status = GetNumber (
499 L"--encrypt-algo",
500 0,
501 &(*Data)->ProcessingPolicy->EncAlgoId,
502 sizeof (UINT8),
503 mMapEncAlgo,
504 ParamPackage,
505 FORMAT_STRING
506 );
507 if (!EFI_ERROR (Status)) {
508 *Mask |= ENCRYPT_ALGO;
509 }
510
511 if (Status == EFI_INVALID_PARAMETER) {
512 ReturnStatus = EFI_INVALID_PARAMETER;
513 }
514
515 Status = GetNumber (
516 L"--auth-algo",
517 0,
518 &(*Data)->ProcessingPolicy->AuthAlgoId,
519 sizeof (UINT8),
520 mMapAuthAlgo,
521 ParamPackage,
522 FORMAT_STRING
523 );
524 if (!EFI_ERROR (Status)) {
525 *Mask |= AUTH_ALGO;
526 }
527
528 if (Status == EFI_INVALID_PARAMETER) {
529 ReturnStatus = EFI_INVALID_PARAMETER;
530 }
531
532 //
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
534 //
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;
537 }
538
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
542 if ((*Data)->Action != EfiIPsecActionProtect) {
543 //
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
545 //
546 (*Data)->ProcessingPolicy = NULL;
547 }
548 }
549
550 if (CreateNew) {
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
552 ShellPrintHiiEx (
553 -1,
554 -1,
555 NULL,
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
557 mHiiHandle,
558 mAppName,
559 L"--local --remote --proto --action"
560 );
561 ReturnStatus = EFI_INVALID_PARAMETER;
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
565 ShellPrintHiiEx (
566 -1,
567 -1,
568 NULL,
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
570 mHiiHandle,
571 mAppName,
572 L"--tunnel-local --tunnel-remote"
573 );
574 ReturnStatus = EFI_INVALID_PARAMETER;
575 }
576 }
577
578 return ReturnStatus;
579 }
580
581 /**
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list.
583
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA structure.
586 @param[in] ParamPackage The pointer to the ParamPackage list.
587 @param[out] Mask The pointer to the Mask.
588 @param[in] CreateNew The switch to create new.
589
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully.
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
592
593 **/
594 EFI_STATUS
595 CreateSadEntry (
596 OUT EFI_IPSEC_SA_ID **SaId,
597 OUT EFI_IPSEC_SA_DATA **Data,
598 IN LIST_ENTRY *ParamPackage,
599 OUT UINT32 *Mask,
600 IN BOOLEAN CreateNew
601 )
602 {
603 EFI_STATUS Status;
604 EFI_STATUS ReturnStatus;
605 UINTN AuthKeyLength;
606 UINTN EncKeyLength;
607 CONST CHAR16 *ValueStr;
608 UINTN DataSize;
609
610 Status = EFI_SUCCESS;
611 ReturnStatus = EFI_SUCCESS;
612 *Mask = 0;
613 AuthKeyLength = 0;
614 EncKeyLength = 0;
615
616 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
617 ASSERT (*SaId != NULL);
618
619 //
620 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
621 //
622 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
623 if (!EFI_ERROR (Status)) {
624 *Mask |= SPI;
625 }
626
627 if (Status == EFI_INVALID_PARAMETER) {
628 ReturnStatus = EFI_INVALID_PARAMETER;
629 }
630
631 //
632 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
633 //
634 Status = GetNumber (
635 L"--ipsec-proto",
636 0,
637 &(*SaId)->Proto,
638 sizeof (EFI_IPSEC_PROTOCOL_TYPE),
639 mMapIpSecProtocol,
640 ParamPackage,
641 FORMAT_STRING
642 );
643 if (!EFI_ERROR (Status)) {
644 *Mask |= IPSEC_PROTO;
645 }
646
647 if (Status == EFI_INVALID_PARAMETER) {
648 ReturnStatus = EFI_INVALID_PARAMETER;
649 }
650
651 //
652 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
653 //
654 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");
655 if (ValueStr != NULL) {
656 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);
657 if (EFI_ERROR (Status)) {
658 ShellPrintHiiEx (
659 -1,
660 -1,
661 NULL,
662 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
663 mHiiHandle,
664 mAppName,
665 L"--dest",
666 ValueStr
667 );
668 ReturnStatus = EFI_INVALID_PARAMETER;
669 } else {
670 *Mask |= DEST;
671 }
672 }
673
674 //
675 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.
676 //
677 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
678 if (ValueStr != NULL) {
679 AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
680 }
681
682 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
683 if (ValueStr != NULL) {
684 EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
685 }
686
687 //
688 // EFI_IPSEC_SA_DATA:
689 // +------------
690 // | EFI_IPSEC_SA_DATA
691 // +-----------------------
692 // | AuthKey
693 // +-------------------------
694 // | EncKey
695 // +-------------------------
696 // | SpdSelector
697 //
698 // Notes: To make sure the address alignment add padding after each data if needed.
699 //
700 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA));
701 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
702 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
703 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
704 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
705 DataSize += sizeof (EFI_IP_ADDRESS_INFO);
706
707
708
709 *Data = AllocateZeroPool (DataSize);
710 ASSERT (*Data != NULL);
711
712 (*Data)->ManualSet = TRUE;
713 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
714 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
715 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
716 sizeof (UINTN)
717 );
718 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
719 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
720 sizeof (UINTN)
721 );
722 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
723 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
724 sizeof (UINTN));
725 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
726 (*Data)->SpdSelector->LocalAddress + 1,
727 sizeof (UINTN)
728 );
729
730 (*Data)->Mode = EfiIPsecTransport;
731 Status = GetNumber (
732 L"--mode",
733 0,
734 &(*Data)->Mode,
735 sizeof (EFI_IPSEC_MODE),
736 mMapIpSecMode,
737 ParamPackage,
738 FORMAT_STRING
739 );
740 if (!EFI_ERROR (Status)) {
741 *Mask |= MODE;
742 }
743
744 if (Status == EFI_INVALID_PARAMETER) {
745 ReturnStatus = EFI_INVALID_PARAMETER;
746 }
747
748 //
749 // According to RFC 4303-3.3.3. The first packet sent using a given SA
750 // will contain a sequence number of 1.
751 //
752 (*Data)->SNCount = 1;
753 Status = GetNumber (
754 L"--sequence-number",
755 (UINT64) -1,
756 &(*Data)->SNCount,
757 sizeof (UINT64),
758 NULL,
759 ParamPackage,
760 FORMAT_NUMBER
761 );
762 if (!EFI_ERROR (Status)) {
763 *Mask |= SEQUENCE_NUMBER;
764 }
765
766 if (Status == EFI_INVALID_PARAMETER) {
767 ReturnStatus = EFI_INVALID_PARAMETER;
768 }
769
770 (*Data)->AntiReplayWindows = 0;
771 Status = GetNumber (
772 L"--antireplay-window",
773 (UINT8) -1,
774 &(*Data)->AntiReplayWindows,
775 sizeof (UINT8),
776 NULL,
777 ParamPackage,
778 FORMAT_NUMBER
779 );
780 if (!EFI_ERROR (Status)) {
781 *Mask |= SEQUENCE_NUMBER;
782 }
783
784 if (Status == EFI_INVALID_PARAMETER) {
785 ReturnStatus = EFI_INVALID_PARAMETER;
786 }
787
788 Status = GetNumber (
789 L"--encrypt-algo",
790 0,
791 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
792 sizeof (UINT8),
793 mMapEncAlgo,
794 ParamPackage,
795 FORMAT_STRING
796 );
797 if (!EFI_ERROR (Status)) {
798 *Mask |= ENCRYPT_ALGO;
799 }
800
801 if (Status == EFI_INVALID_PARAMETER) {
802 ReturnStatus = EFI_INVALID_PARAMETER;
803 }
804
805 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
806 if (ValueStr != NULL ) {
807 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
808 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength);
809 *Mask |= ENCRYPT_KEY;
810 } else {
811 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
812 }
813
814 Status = GetNumber (
815 L"--auth-algo",
816 0,
817 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
818 sizeof (UINT8),
819 mMapAuthAlgo,
820 ParamPackage,
821 FORMAT_STRING
822 );
823 if (!EFI_ERROR (Status)) {
824 *Mask |= AUTH_ALGO;
825 }
826
827 if (Status == EFI_INVALID_PARAMETER) {
828 ReturnStatus = EFI_INVALID_PARAMETER;
829 }
830
831 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
832 if (ValueStr != NULL) {
833 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
834 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength);
835 *Mask |= AUTH_KEY;
836 } else {
837 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
838 }
839
840 Status = GetNumber (
841 L"--lifebyte",
842 (UINT64) -1,
843 &(*Data)->SaLifetime.ByteCount,
844 sizeof (UINT64),
845 NULL,
846 ParamPackage,
847 FORMAT_NUMBER
848 );
849 if (!EFI_ERROR (Status)) {
850 *Mask |= LIFEBYTE;
851 }
852
853 if (Status == EFI_INVALID_PARAMETER) {
854 ReturnStatus = EFI_INVALID_PARAMETER;
855 }
856
857 Status = GetNumber (
858 L"--lifetime",
859 (UINT64) -1,
860 &(*Data)->SaLifetime.HardLifetime,
861 sizeof (UINT64),
862 NULL,
863 ParamPackage,
864 FORMAT_NUMBER
865 );
866 if (!EFI_ERROR (Status)) {
867 *Mask |= LIFETIME;
868 }
869
870 if (Status == EFI_INVALID_PARAMETER) {
871 ReturnStatus = EFI_INVALID_PARAMETER;
872 }
873
874 Status = GetNumber (
875 L"--lifetime-soft",
876 (UINT64) -1,
877 &(*Data)->SaLifetime.SoftLifetime,
878 sizeof (UINT64),
879 NULL,
880 ParamPackage,
881 FORMAT_NUMBER
882 );
883 if (!EFI_ERROR (Status)) {
884 *Mask |= LIFETIME_SOFT;
885 }
886
887 if (Status == EFI_INVALID_PARAMETER) {
888 ReturnStatus = EFI_INVALID_PARAMETER;
889 }
890
891 Status = GetNumber (
892 L"--path-mtu",
893 (UINT32) -1,
894 &(*Data)->PathMTU,
895 sizeof (UINT32),
896 NULL,
897 ParamPackage,
898 FORMAT_NUMBER
899 );
900 if (!EFI_ERROR (Status)) {
901 *Mask |= PATH_MTU;
902 }
903
904 if (Status == EFI_INVALID_PARAMETER) {
905 ReturnStatus = EFI_INVALID_PARAMETER;
906 }
907
908 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
909
910 if (CreateNew) {
911 if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) {
912 ShellPrintHiiEx (
913 -1,
914 -1,
915 NULL,
916 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
917 mHiiHandle,
918 mAppName,
919 L"--spi --ipsec-proto --dest"
920 );
921 ReturnStatus = EFI_INVALID_PARAMETER;
922 } else {
923 if ((*SaId)->Proto == EfiIPsecAH) {
924 if ((*Mask & AUTH_ALGO) == 0) {
925 ShellPrintHiiEx (
926 -1,
927 -1,
928 NULL,
929 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
930 mHiiHandle,
931 mAppName,
932 L"--auth-algo"
933 );
934 ReturnStatus = EFI_INVALID_PARAMETER;
935 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
936 ShellPrintHiiEx (
937 -1,
938 -1,
939 NULL,
940 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
941 mHiiHandle,
942 mAppName,
943 L"--auth-key"
944 );
945 ReturnStatus = EFI_INVALID_PARAMETER;
946 }
947 } else {
948 if ((*Mask & ENCRYPT_ALGO) == 0) {
949 ShellPrintHiiEx (
950 -1,
951 -1,
952 NULL,
953 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
954 mHiiHandle,
955 mAppName,
956 L"--encrypt-algo"
957 );
958 ReturnStatus = EFI_INVALID_PARAMETER;
959 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
960 ShellPrintHiiEx (
961 -1,
962 -1,
963 NULL,
964 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
965 mHiiHandle,
966 mAppName,
967 L"--encrypt-key"
968 );
969 ReturnStatus = EFI_INVALID_PARAMETER;
970 }
971 }
972 }
973 }
974
975 return ReturnStatus;
976 }
977
978 /**
979 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
980
981 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
982 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
983 @param[in] ParamPackage The pointer to the ParamPackage list.
984 @param[out] Mask The pointer to the Mask.
985 @param[in] CreateNew The switch to create new.
986
987 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
988 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
989
990 **/
991 EFI_STATUS
992 CreatePadEntry (
993 OUT EFI_IPSEC_PAD_ID **PadId,
994 OUT EFI_IPSEC_PAD_DATA **Data,
995 IN LIST_ENTRY *ParamPackage,
996 OUT UINT32 *Mask,
997 IN BOOLEAN CreateNew
998 )
999 {
1000 EFI_STATUS Status;
1001 EFI_STATUS ReturnStatus;
1002 SHELL_FILE_HANDLE FileHandle;
1003 UINT64 FileSize;
1004 UINTN AuthDataLength;
1005 UINTN RevocationDataLength;
1006 UINTN DataLength;
1007 UINTN Index;
1008 CONST CHAR16 *ValueStr;
1009 UINTN DataSize;
1010
1011 Status = EFI_SUCCESS;
1012 ReturnStatus = EFI_SUCCESS;
1013 *Mask = 0;
1014 AuthDataLength = 0;
1015 RevocationDataLength = 0;
1016
1017 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
1018 ASSERT (*PadId != NULL);
1019
1020 //
1021 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
1022 //
1023 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
1024 if (ValueStr != NULL) {
1025 (*PadId)->PeerIdValid = FALSE;
1026 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
1027 if (EFI_ERROR (Status)) {
1028 ShellPrintHiiEx (
1029 -1,
1030 -1,
1031 NULL,
1032 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
1033 mHiiHandle,
1034 mAppName,
1035 L"--peer-address",
1036 ValueStr
1037 );
1038 ReturnStatus = EFI_INVALID_PARAMETER;
1039 } else {
1040 *Mask |= PEER_ADDRESS;
1041 }
1042 }
1043
1044 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
1045 if (ValueStr != NULL) {
1046 (*PadId)->PeerIdValid = TRUE;
1047 StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);
1048 *Mask |= PEER_ID;
1049 }
1050
1051 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1052 if (ValueStr != NULL) {
1053 if (ValueStr[0] == L'@') {
1054 //
1055 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1056 //
1057 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1058 if (EFI_ERROR (Status)) {
1059 ShellPrintHiiEx (
1060 -1,
1061 -1,
1062 NULL,
1063 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1064 mHiiHandle,
1065 mAppName,
1066 &ValueStr[1]
1067 );
1068 ReturnStatus = EFI_INVALID_PARAMETER;
1069 } else {
1070 Status = ShellGetFileSize (FileHandle, &FileSize);
1071 ShellCloseFile (&FileHandle);
1072 if (EFI_ERROR (Status)) {
1073 ShellPrintHiiEx (
1074 -1,
1075 -1,
1076 NULL,
1077 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1078 mHiiHandle,
1079 mAppName,
1080 &ValueStr[1]
1081 );
1082 ReturnStatus = EFI_INVALID_PARAMETER;
1083 } else {
1084 AuthDataLength = (UINTN) FileSize;
1085 }
1086 }
1087 } else {
1088 AuthDataLength = StrLen (ValueStr);
1089 }
1090 }
1091
1092 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1093 if (ValueStr != NULL) {
1094 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
1095 }
1096
1097 //
1098 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
1099 // in different Arch.
1100 //
1101 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
1102 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
1103 DataSize += RevocationDataLength;
1104
1105 *Data = AllocateZeroPool (DataSize);
1106 ASSERT (*Data != NULL);
1107
1108 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
1109 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
1110 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
1111
1112 //
1113 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
1114 //
1115 Status = GetNumber (
1116 L"--auth-proto",
1117 0,
1118 &(*Data)->AuthProtocol,
1119 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
1120 mMapAuthProto,
1121 ParamPackage,
1122 FORMAT_STRING
1123 );
1124 if (!EFI_ERROR (Status)) {
1125 *Mask |= AUTH_PROTO;
1126 }
1127
1128 if (Status == EFI_INVALID_PARAMETER) {
1129 ReturnStatus = EFI_INVALID_PARAMETER;
1130 }
1131
1132 Status = GetNumber (
1133 L"--auth-method",
1134 0,
1135 &(*Data)->AuthMethod,
1136 sizeof (EFI_IPSEC_AUTH_METHOD),
1137 mMapAuthMethod,
1138 ParamPackage,
1139 FORMAT_STRING
1140 );
1141 if (!EFI_ERROR (Status)) {
1142 *Mask |= AUTH_METHOD;
1143 }
1144
1145 if (Status == EFI_INVALID_PARAMETER) {
1146 ReturnStatus = EFI_INVALID_PARAMETER;
1147 }
1148
1149 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
1150 (*Data)->IkeIdFlag = TRUE;
1151 *Mask |= IKE_ID;
1152 }
1153
1154 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
1155 (*Data)->IkeIdFlag = FALSE;
1156 *Mask |= IKE_ID;
1157 }
1158
1159 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1160 if (ValueStr != NULL) {
1161 if (ValueStr[0] == L'@') {
1162 //
1163 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1164 //
1165
1166 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1167 if (EFI_ERROR (Status)) {
1168 ShellPrintHiiEx (
1169 -1,
1170 -1,
1171 NULL,
1172 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1173 mHiiHandle,
1174 mAppName,
1175 &ValueStr[1]
1176 );
1177 ReturnStatus = EFI_INVALID_PARAMETER;
1178 (*Data)->AuthData = NULL;
1179 } else {
1180 DataLength = AuthDataLength;
1181 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
1182 ShellCloseFile (&FileHandle);
1183 if (EFI_ERROR (Status)) {
1184 ShellPrintHiiEx (
1185 -1,
1186 -1,
1187 NULL,
1188 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1189 mHiiHandle,
1190 mAppName,
1191 &ValueStr[1]
1192 );
1193 ReturnStatus = EFI_INVALID_PARAMETER;
1194 (*Data)->AuthData = NULL;
1195 } else {
1196 ASSERT (DataLength == AuthDataLength);
1197 *Mask |= AUTH_DATA;
1198 }
1199 }
1200 } else {
1201 for (Index = 0; Index < AuthDataLength; Index++) {
1202 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
1203 }
1204 (*Data)->AuthDataSize = AuthDataLength;
1205 *Mask |= AUTH_DATA;
1206 }
1207 }
1208
1209 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1210 if (ValueStr != NULL) {
1211 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
1212 (*Data)->RevocationDataSize = RevocationDataLength;
1213 *Mask |= REVOCATION_DATA;
1214 } else {
1215 (*Data)->RevocationData = NULL;
1216 }
1217
1218 if (CreateNew) {
1219 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1220 ShellPrintHiiEx (
1221 -1,
1222 -1,
1223 NULL,
1224 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1225 mHiiHandle,
1226 mAppName,
1227 L"--peer-id --peer-address"
1228 );
1229 ReturnStatus = EFI_INVALID_PARAMETER;
1230 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
1231 ShellPrintHiiEx (
1232 -1,
1233 -1,
1234 NULL,
1235 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1236 mHiiHandle,
1237 mAppName,
1238 L"--auth-method --auth-data"
1239 );
1240 ReturnStatus = EFI_INVALID_PARAMETER;
1241 }
1242 }
1243
1244 return ReturnStatus;
1245 }
1246
1247 CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
1248 (CREATE_POLICY_ENTRY) CreateSpdEntry,
1249 (CREATE_POLICY_ENTRY) CreateSadEntry,
1250 (CREATE_POLICY_ENTRY) CreatePadEntry
1251 };
1252
1253 /**
1254 Combine old SPD entry with new SPD entry.
1255
1256 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1257 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
1258 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1259 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
1260 @param[in] Mask The pointer to the Mask.
1261 @param[out] CreateNew The switch to create new.
1262
1263 @retval EFI_SUCCESS Combined successfully.
1264 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1265
1266 **/
1267 EFI_STATUS
1268 CombineSpdEntry (
1269 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
1270 IN OUT EFI_IPSEC_SPD_DATA *OldData,
1271 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
1272 IN EFI_IPSEC_SPD_DATA *NewData,
1273 IN UINT32 Mask,
1274 OUT BOOLEAN *CreateNew
1275 )
1276 {
1277
1278 //
1279 // Process Selector
1280 //
1281 *CreateNew = FALSE;
1282 if ((Mask & LOCAL) == 0) {
1283 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
1284 NewSelector->LocalAddress = OldSelector->LocalAddress;
1285 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
1286 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1287 *CreateNew = TRUE;
1288 }
1289
1290 if ((Mask & REMOTE) == 0) {
1291 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
1292 NewSelector->RemoteAddress = OldSelector->RemoteAddress;
1293 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
1294 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1295 *CreateNew = TRUE;
1296 }
1297
1298 if ((Mask & PROTO) == 0) {
1299 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
1300 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
1301 *CreateNew = TRUE;
1302 }
1303
1304 switch (NewSelector->NextLayerProtocol) {
1305 case EFI_IP4_PROTO_TCP:
1306 case EFI_IP4_PROTO_UDP:
1307 if ((Mask & LOCAL_PORT) == 0) {
1308 NewSelector->LocalPort = OldSelector->LocalPort;
1309 NewSelector->LocalPortRange = OldSelector->LocalPortRange;
1310 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
1311 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
1312 *CreateNew = TRUE;
1313 }
1314
1315 if ((Mask & REMOTE_PORT) == 0) {
1316 NewSelector->RemotePort = OldSelector->RemotePort;
1317 NewSelector->RemotePortRange = OldSelector->RemotePortRange;
1318 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
1319 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
1320 *CreateNew = TRUE;
1321 }
1322 break;
1323
1324 case EFI_IP4_PROTO_ICMP:
1325 if ((Mask & ICMP_TYPE) == 0) {
1326 NewSelector->LocalPort = OldSelector->LocalPort;
1327 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
1328 *CreateNew = TRUE;
1329 }
1330
1331 if ((Mask & ICMP_CODE) == 0) {
1332 NewSelector->RemotePort = OldSelector->RemotePort;
1333 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
1334 *CreateNew = TRUE;
1335 }
1336 break;
1337 }
1338 //
1339 // Process Data
1340 //
1341 if ((Mask & NAME) != 0) {
1342 AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);
1343 }
1344
1345 if ((Mask & PACKET_FLAG) != 0) {
1346 OldData->PackageFlag = NewData->PackageFlag;
1347 }
1348
1349 if ((Mask & ACTION) != 0) {
1350 OldData->Action = NewData->Action;
1351 }
1352
1353 if (OldData->Action != EfiIPsecActionProtect) {
1354 OldData->ProcessingPolicy = NULL;
1355 } else {
1356 //
1357 // Protect
1358 //
1359 if (OldData->ProcessingPolicy == NULL) {
1360 //
1361 // Just point to new data if originally NULL.
1362 //
1363 OldData->ProcessingPolicy = NewData->ProcessingPolicy;
1364 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
1365 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
1366 ) {
1367 //
1368 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
1369 //
1370 ShellPrintHiiEx (
1371 -1,
1372 -1,
1373 NULL,
1374 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1375 mHiiHandle,
1376 mAppName,
1377 L"--tunnel-local --tunnel-remote"
1378 );
1379 return EFI_INVALID_PARAMETER;
1380 }
1381 } else {
1382 //
1383 // Modify some of the data.
1384 //
1385 if ((Mask & EXT_SEQUENCE) != 0) {
1386 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
1387 }
1388
1389 if ((Mask & SEQUENCE_OVERFLOW) != 0) {
1390 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
1391 }
1392
1393 if ((Mask & FRAGMENT_CHECK) != 0) {
1394 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
1395 }
1396
1397 if ((Mask & LIFEBYTE) != 0) {
1398 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
1399 }
1400
1401 if ((Mask & LIFETIME_SOFT) != 0) {
1402 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
1403 }
1404
1405 if ((Mask & LIFETIME) != 0) {
1406 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
1407 }
1408
1409 if ((Mask & MODE) != 0) {
1410 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
1411 }
1412
1413 if ((Mask & IPSEC_PROTO) != 0) {
1414 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
1415 }
1416
1417 if ((Mask & AUTH_ALGO) != 0) {
1418 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
1419 }
1420
1421 if ((Mask & ENCRYPT_ALGO) != 0) {
1422 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
1423 }
1424
1425 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
1426 OldData->ProcessingPolicy->TunnelOption = NULL;
1427 } else {
1428 if (OldData->ProcessingPolicy->TunnelOption == NULL) {
1429 //
1430 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
1431 //
1432 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
1433 ShellPrintHiiEx (
1434 -1,
1435 -1,
1436 NULL,
1437 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1438 mHiiHandle,
1439 mAppName,
1440 L"--tunnel-local --tunnel-remote"
1441 );
1442 return EFI_INVALID_PARAMETER;
1443 }
1444
1445 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
1446 } else {
1447 if ((Mask & TUNNEL_LOCAL) != 0) {
1448 CopyMem (
1449 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1450 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1451 sizeof (EFI_IP_ADDRESS)
1452 );
1453 }
1454
1455 if ((Mask & TUNNEL_REMOTE) != 0) {
1456 CopyMem (
1457 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1458 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1459 sizeof (EFI_IP_ADDRESS)
1460 );
1461 }
1462
1463 if ((Mask & DONT_FRAGMENT) != 0) {
1464 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
1465 }
1466 }
1467 }
1468 }
1469 }
1470
1471 return EFI_SUCCESS;
1472 }
1473
1474 /**
1475 Combine old SAD entry with new SAD entry.
1476
1477 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
1478 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA structure.
1479 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
1480 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA structure.
1481 @param[in] Mask The pointer to the Mask.
1482 @param[out] CreateNew The switch to create new.
1483
1484 @retval EFI_SUCCESS Combined successfully.
1485 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1486
1487 **/
1488 EFI_STATUS
1489 CombineSadEntry (
1490 IN OUT EFI_IPSEC_SA_ID *OldSaId,
1491 IN OUT EFI_IPSEC_SA_DATA *OldData,
1492 IN EFI_IPSEC_SA_ID *NewSaId,
1493 IN EFI_IPSEC_SA_DATA *NewData,
1494 IN UINT32 Mask,
1495 OUT BOOLEAN *CreateNew
1496 )
1497 {
1498
1499 *CreateNew = FALSE;
1500
1501 if ((Mask & SPI) == 0) {
1502 NewSaId->Spi = OldSaId->Spi;
1503 } else if (NewSaId->Spi != OldSaId->Spi) {
1504 *CreateNew = TRUE;
1505 }
1506
1507 if ((Mask & IPSEC_PROTO) == 0) {
1508 NewSaId->Proto = OldSaId->Proto;
1509 } else if (NewSaId->Proto != OldSaId->Proto) {
1510 *CreateNew = TRUE;
1511 }
1512
1513 if ((Mask & DEST) == 0) {
1514 CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS));
1515 } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1516 *CreateNew = TRUE;
1517 }
1518
1519 //
1520 // Process SA_DATA.
1521 //
1522 if ((Mask & MODE) != 0) {
1523 OldData->Mode = NewData->Mode;
1524 }
1525
1526 if ((Mask & SEQUENCE_NUMBER) != 0) {
1527 OldData->SNCount = NewData->SNCount;
1528 }
1529
1530 if ((Mask & ANTIREPLAY_WINDOW) != 0) {
1531 OldData->AntiReplayWindows = NewData->AntiReplayWindows;
1532 }
1533
1534 if ((Mask & AUTH_ALGO) != 0) {
1535 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
1536 }
1537
1538 if ((Mask & AUTH_KEY) != 0) {
1539 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
1540 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
1541 }
1542
1543 if ((Mask & ENCRYPT_ALGO) != 0) {
1544 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
1545 }
1546
1547 if ((Mask & ENCRYPT_KEY) != 0) {
1548 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
1549 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
1550 }
1551
1552 if (NewSaId->Proto == EfiIPsecAH) {
1553 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
1554 //
1555 // Should not provide encrypt_* if AH.
1556 //
1557 ShellPrintHiiEx (
1558 -1,
1559 -1,
1560 NULL,
1561 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
1562 mHiiHandle,
1563 mAppName,
1564 L"--encrypt-algo --encrypt-key"
1565 );
1566 return EFI_INVALID_PARAMETER;
1567 }
1568 }
1569
1570 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
1571 //
1572 // AH -> ESP
1573 // Should provide encrypt_algo at least.
1574 //
1575 if ((Mask & ENCRYPT_ALGO) == 0) {
1576 ShellPrintHiiEx (
1577 -1,
1578 -1,
1579 NULL,
1580 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1581 mHiiHandle,
1582 mAppName,
1583 L"--encrypt-algo"
1584 );
1585 return EFI_INVALID_PARAMETER;
1586 }
1587
1588 //
1589 // Encrypt_key should be provided if algorithm is not NONE.
1590 //
1591 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
1592 ShellPrintHiiEx (
1593 -1,
1594 -1,
1595 NULL,
1596 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1597 mHiiHandle,
1598 mAppName,
1599 L"--encrypt-algo"
1600 );
1601 return EFI_INVALID_PARAMETER;
1602 }
1603 }
1604
1605 if ((Mask & LIFEBYTE) != 0) {
1606 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
1607 }
1608
1609 if ((Mask & LIFETIME_SOFT) != 0) {
1610 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
1611 }
1612
1613 if ((Mask & LIFETIME) != 0) {
1614 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
1615 }
1616
1617 if ((Mask & PATH_MTU) != 0) {
1618 OldData->PathMTU = NewData->PathMTU;
1619 }
1620 //
1621 // Process SpdSelector.
1622 //
1623 if (OldData->SpdSelector == NULL) {
1624 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
1625 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
1626 ShellPrintHiiEx (
1627 -1,
1628 -1,
1629 NULL,
1630 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1631 mHiiHandle,
1632 mAppName,
1633 L"--local --remote --proto"
1634 );
1635 return EFI_INVALID_PARAMETER;
1636 }
1637
1638 OldData->SpdSelector = NewData->SpdSelector;
1639 }
1640 } else {
1641 if ((Mask & LOCAL) != 0) {
1642 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
1643 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
1644 }
1645
1646 if ((Mask & REMOTE) != 0) {
1647 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
1648 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
1649 }
1650
1651 if ((Mask & PROTO) != 0) {
1652 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
1653 }
1654
1655 if (OldData->SpdSelector != NULL) {
1656 switch (OldData->SpdSelector->NextLayerProtocol) {
1657 case EFI_IP4_PROTO_TCP:
1658 case EFI_IP4_PROTO_UDP:
1659 if ((Mask & LOCAL_PORT) != 0) {
1660 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
1661 }
1662
1663 if ((Mask & REMOTE_PORT) != 0) {
1664 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
1665 }
1666 break;
1667
1668 case EFI_IP4_PROTO_ICMP:
1669 if ((Mask & ICMP_TYPE) != 0) {
1670 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
1671 }
1672
1673 if ((Mask & ICMP_CODE) != 0) {
1674 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
1675 }
1676 break;
1677 }
1678 }
1679 }
1680
1681 return EFI_SUCCESS;
1682 }
1683
1684 /**
1685 Combine old PAD entry with new PAD entry.
1686
1687 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1688 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
1689 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1690 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
1691 @param[in] Mask The pointer to the Mask.
1692 @param[out] CreateNew The switch to create new.
1693
1694 @retval EFI_SUCCESS Combined successfully.
1695 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1696
1697 **/
1698 EFI_STATUS
1699 CombinePadEntry (
1700 IN OUT EFI_IPSEC_PAD_ID *OldPadId,
1701 IN OUT EFI_IPSEC_PAD_DATA *OldData,
1702 IN EFI_IPSEC_PAD_ID *NewPadId,
1703 IN EFI_IPSEC_PAD_DATA *NewData,
1704 IN UINT32 Mask,
1705 OUT BOOLEAN *CreateNew
1706 )
1707 {
1708
1709 *CreateNew = FALSE;
1710
1711 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1712 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
1713 } else {
1714 if ((Mask & PEER_ID) != 0) {
1715 if (OldPadId->PeerIdValid) {
1716 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
1717 *CreateNew = TRUE;
1718 }
1719 } else {
1720 *CreateNew = TRUE;
1721 }
1722 } else {
1723 //
1724 // MASK & PEER_ADDRESS
1725 //
1726 if (OldPadId->PeerIdValid) {
1727 *CreateNew = TRUE;
1728 } else {
1729 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
1730 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
1731 *CreateNew = TRUE;
1732 }
1733 }
1734 }
1735 }
1736
1737 if ((Mask & AUTH_PROTO) != 0) {
1738 OldData->AuthProtocol = NewData->AuthProtocol;
1739 }
1740
1741 if ((Mask & AUTH_METHOD) != 0) {
1742 OldData->AuthMethod = NewData->AuthMethod;
1743 }
1744
1745 if ((Mask & IKE_ID) != 0) {
1746 OldData->IkeIdFlag = NewData->IkeIdFlag;
1747 }
1748
1749 if ((Mask & AUTH_DATA) != 0) {
1750 OldData->AuthDataSize = NewData->AuthDataSize;
1751 OldData->AuthData = NewData->AuthData;
1752 }
1753
1754 if ((Mask & REVOCATION_DATA) != 0) {
1755 OldData->RevocationDataSize = NewData->RevocationDataSize;
1756 OldData->RevocationData = NewData->RevocationData;
1757 }
1758
1759 return EFI_SUCCESS;
1760 }
1761
1762 COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
1763 (COMBINE_POLICY_ENTRY) CombineSpdEntry,
1764 (COMBINE_POLICY_ENTRY) CombineSadEntry,
1765 (COMBINE_POLICY_ENTRY) CombinePadEntry
1766 };
1767
1768 /**
1769 Edit entry information in the database.
1770
1771 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1772 @param[in] Data The pointer to the data.
1773 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1774
1775 @retval EFI_SUCCESS Continue the iteration.
1776 @retval EFI_ABORTED Abort the iteration.
1777 **/
1778 EFI_STATUS
1779 EditOperatePolicyEntry (
1780 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1781 IN VOID *Data,
1782 IN EDIT_POLICY_ENTRY_CONTEXT *Context
1783 )
1784 {
1785 EFI_STATUS Status;
1786 BOOLEAN CreateNew;
1787
1788 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1789 ASSERT (Context->DataType < 3);
1790
1791 Status = mCombinePolicyEntry[Context->DataType] (
1792 Selector,
1793 Data,
1794 Context->Selector,
1795 Context->Data,
1796 Context->Mask,
1797 &CreateNew
1798 );
1799 if (!EFI_ERROR (Status)) {
1800 if (CreateNew) {
1801 //
1802 // Insert new entry before old entry
1803 //
1804 Status = mIpSecConfig->SetData (
1805 mIpSecConfig,
1806 Context->DataType,
1807 Context->Selector,
1808 Data,
1809 Selector
1810 );
1811 ASSERT_EFI_ERROR (Status);
1812 //
1813 // Delete old entry
1814 //
1815 Status = mIpSecConfig->SetData (
1816 mIpSecConfig,
1817 Context->DataType,
1818 Selector,
1819 NULL,
1820 NULL
1821 );
1822 ASSERT_EFI_ERROR (Status);
1823 } else {
1824 Status = mIpSecConfig->SetData (
1825 mIpSecConfig,
1826 Context->DataType,
1827 Context->Selector,
1828 Data,
1829 NULL
1830 );
1831 }
1832 }
1833
1834 Context->Status = Status;
1835 return EFI_ABORTED;
1836 }
1837
1838 return EFI_SUCCESS;
1839 }
1840
1841 /**
1842 Edit entry information in database according to datatype.
1843
1844 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1845 @param[in] ParamPackage The pointer to the ParamPackage list.
1846
1847 @retval EFI_SUCCESS Edit entry information successfully.
1848 @retval EFI_NOT_FOUND Can't find the specified entry.
1849 @retval Others Some mistaken case.
1850 **/
1851 EFI_STATUS
1852 EditPolicyEntry (
1853 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1854 IN LIST_ENTRY *ParamPackage
1855 )
1856 {
1857 EFI_STATUS Status;
1858 EDIT_POLICY_ENTRY_CONTEXT Context;
1859 CONST CHAR16 *ValueStr;
1860
1861 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
1862 if (ValueStr == NULL) {
1863 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1864 return EFI_NOT_FOUND;
1865 }
1866
1867 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1868 if (!EFI_ERROR (Status)) {
1869 Context.DataType = DataType;
1870 Context.Status = EFI_NOT_FOUND;
1871 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
1872 if (!EFI_ERROR (Status)) {
1873 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
1874 Status = Context.Status;
1875 }
1876
1877 if (Context.Selector != NULL) {
1878 gBS->FreePool (Context.Selector);
1879 }
1880
1881 if (Context.Data != NULL) {
1882 gBS->FreePool (Context.Data);
1883 }
1884 }
1885
1886 if (Status == EFI_NOT_FOUND) {
1887 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
1888 } else if (EFI_ERROR (Status)) {
1889 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
1890 }
1891
1892 return Status;
1893
1894 }
1895
1896 /**
1897 Insert entry information in database.
1898
1899 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1900 @param[in] Data The pointer to the data.
1901 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1902
1903 @retval EFI_SUCCESS Continue the iteration.
1904 @retval EFI_ABORTED Abort the iteration.
1905 **/
1906 EFI_STATUS
1907 InsertPolicyEntry (
1908 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1909 IN VOID *Data,
1910 IN INSERT_POLICY_ENTRY_CONTEXT *Context
1911 )
1912 {
1913 //
1914 // Found the entry which we want to insert before.
1915 //
1916 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1917
1918 Context->Status = mIpSecConfig->SetData (
1919 mIpSecConfig,
1920 Context->DataType,
1921 Context->Selector,
1922 Context->Data,
1923 Selector
1924 );
1925 //
1926 // Abort the iteration after the insertion.
1927 //
1928 return EFI_ABORTED;
1929 }
1930
1931 return EFI_SUCCESS;
1932 }
1933
1934 /**
1935 Insert or add entry information in database according to datatype.
1936
1937 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1938 @param[in] ParamPackage The pointer to the ParamPackage list.
1939
1940 @retval EFI_SUCCESS Insert or add entry information successfully.
1941 @retval EFI_NOT_FOUND Can't find the specified entry.
1942 @retval EFI_BUFFER_TOO_SMALL The entry already existed.
1943 @retval EFI_UNSUPPORTED The operation is not supported.
1944 @retval Others Some mistaken case.
1945 **/
1946 EFI_STATUS
1947 AddOrInsertPolicyEntry (
1948 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1949 IN LIST_ENTRY *ParamPackage
1950 )
1951 {
1952 EFI_STATUS Status;
1953 EFI_IPSEC_CONFIG_SELECTOR *Selector;
1954 VOID *Data;
1955 INSERT_POLICY_ENTRY_CONTEXT Context;
1956 UINT32 Mask;
1957 UINTN DataSize;
1958 CONST CHAR16 *ValueStr;
1959
1960 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
1961 if (!EFI_ERROR (Status)) {
1962 //
1963 // Find if the Selector to be inserted already exists.
1964 //
1965 DataSize = 0;
1966 Status = mIpSecConfig->GetData (
1967 mIpSecConfig,
1968 DataType,
1969 Selector,
1970 &DataSize,
1971 NULL
1972 );
1973 if (Status == EFI_BUFFER_TOO_SMALL) {
1974 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
1975 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
1976 Status = mIpSecConfig->SetData (
1977 mIpSecConfig,
1978 DataType,
1979 Selector,
1980 Data,
1981 NULL
1982 );
1983 } else {
1984 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
1985 if (ValueStr == NULL) {
1986 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1987 return EFI_NOT_FOUND;
1988 }
1989
1990 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1991 if (!EFI_ERROR (Status)) {
1992 Context.DataType = DataType;
1993 Context.Status = EFI_NOT_FOUND;
1994 Context.Selector = Selector;
1995 Context.Data = Data;
1996
1997 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
1998 Status = Context.Status;
1999 if (Status == EFI_NOT_FOUND) {
2000 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
2001 }
2002 }
2003 }
2004
2005 gBS->FreePool (Selector);
2006 gBS->FreePool (Data);
2007 }
2008
2009 if (Status == EFI_UNSUPPORTED) {
2010 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
2011 } else if (EFI_ERROR (Status)) {
2012 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
2013 }
2014
2015 return Status;
2016 }
EFI Development Kit II mirror for PVE