]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ArmPlatformPkg: Coding style changes (tab and line endings) - Minor changes
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / PolicyEntryOperation.c
1 /** @file
2 The implementation of policy entry operation function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 #include "Helper.h"
20 #include "ForEach.h"
21 #include "PolicyEntryOperation.h"
22
23 /**
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
25
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
27 @param[in] ParamPackage The pointer to the ParamPackage list.
28 @param[in, out] Mask The pointer to the Mask.
29
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
32
33 **/
34 EFI_STATUS
35 CreateSpdSelector (
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,
37 IN LIST_ENTRY *ParamPackage,
38 IN OUT UINT32 *Mask
39 )
40 {
41 EFI_STATUS Status;
42 EFI_STATUS ReturnStatus;
43 CONST CHAR16 *ValueStr;
44
45 Status = EFI_SUCCESS;
46 ReturnStatus = EFI_SUCCESS;
47
48 //
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
50 //
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
52 if (ValueStr != NULL) {
53 Selector->LocalAddressCount = 1;
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
55 if (EFI_ERROR (Status)) {
56 ShellPrintHiiEx (
57 -1,
58 -1,
59 NULL,
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
61 mHiiHandle,
62 mAppName,
63 L"--local",
64 ValueStr
65 );
66 ReturnStatus = EFI_INVALID_PARAMETER;
67 } else {
68 *Mask |= LOCAL;
69 }
70 }
71
72 //
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
74 //
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
76 if (ValueStr != NULL) {
77 Selector->RemoteAddressCount = 1;
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
79 if (EFI_ERROR (Status)) {
80 ShellPrintHiiEx (
81 -1,
82 -1,
83 NULL,
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
85 mHiiHandle,
86 mAppName,
87 L"--remote",
88 ValueStr
89 );
90 ReturnStatus = EFI_INVALID_PARAMETER;
91 } else {
92 *Mask |= REMOTE;
93 }
94 }
95
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
97
98 //
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
100 //
101 Status = GetNumber (
102 L"--proto",
103 (UINT16) -1,
104 &Selector->NextLayerProtocol,
105 sizeof (UINT16),
106 mMapIpProtocol,
107 ParamPackage,
108 FORMAT_NUMBER | FORMAT_STRING
109 );
110 if (!EFI_ERROR (Status)) {
111 *Mask |= PROTO;
112 }
113
114 if (Status == EFI_INVALID_PARAMETER) {
115 ReturnStatus = EFI_INVALID_PARAMETER;
116 }
117
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;
120
121 //
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
123 //
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
125 if (ValueStr != NULL) {
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
127 if (EFI_ERROR (Status)) {
128 ShellPrintHiiEx (
129 -1,
130 -1,
131 NULL,
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
133 mHiiHandle,
134 mAppName,
135 L"--local-port",
136 ValueStr
137 );
138 ReturnStatus = EFI_INVALID_PARAMETER;
139 } else {
140 *Mask |= LOCAL_PORT;
141 }
142 }
143
144 //
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
146 //
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
148 if (ValueStr != NULL) {
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
150 if (EFI_ERROR (Status)) {
151 ShellPrintHiiEx (
152 -1,
153 -1,
154 NULL,
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
156 mHiiHandle,
157 mAppName,
158 L"--remote-port",
159 ValueStr
160 );
161 ReturnStatus = EFI_INVALID_PARAMETER;
162 } else {
163 *Mask |= REMOTE_PORT;
164 }
165 }
166
167 //
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
169 //
170 Status = GetNumber (
171 L"--icmp-type",
172 (UINT8) -1,
173 &Selector->LocalPort,
174 sizeof (UINT16),
175 NULL,
176 ParamPackage,
177 FORMAT_NUMBER
178 );
179 if (!EFI_ERROR (Status)) {
180 *Mask |= ICMP_TYPE;
181 }
182
183 if (Status == EFI_INVALID_PARAMETER) {
184 ReturnStatus = EFI_INVALID_PARAMETER;
185 }
186
187 //
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
189 //
190 Status = GetNumber (
191 L"--icmp-code",
192 (UINT8) -1,
193 &Selector->RemotePort,
194 sizeof (UINT16),
195 NULL,
196 ParamPackage,
197 FORMAT_NUMBER
198 );
199 if (!EFI_ERROR (Status)) {
200 *Mask |= ICMP_CODE;
201 }
202
203 if (Status == EFI_INVALID_PARAMETER) {
204 ReturnStatus = EFI_INVALID_PARAMETER;
205 }
206
207 return ReturnStatus;
208 }
209
210 /**
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
212
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
215 @param[in] ParamPackage The pointer to the ParamPackage list.
216 @param[out] Mask The pointer to the Mask.
217 @param[in] CreateNew The switch to create new.
218
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
221
222 **/
223 EFI_STATUS
224 CreateSpdEntry (
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,
226 OUT EFI_IPSEC_SPD_DATA **Data,
227 IN LIST_ENTRY *ParamPackage,
228 OUT UINT32 *Mask,
229 IN BOOLEAN CreateNew
230 )
231 {
232 EFI_STATUS Status;
233 EFI_STATUS ReturnStatus;
234 CONST CHAR16 *ValueStr;
235 UINTN DataSize;
236
237 Status = EFI_SUCCESS;
238 *Mask = 0;
239
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
241 ASSERT (*Selector != NULL);
242
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
245
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
247
248 //
249 // SPD DATA
250 // NOTE: Allocate enough memory and add padding for different arch.
251 //
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
255
256 *Data = AllocateZeroPool (DataSize);
257 ASSERT (*Data != NULL);
258
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
260 (*Data + 1),
261 sizeof (UINTN)
262 );
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
264 ((*Data)->ProcessingPolicy + 1),
265 sizeof (UINTN)
266 );
267
268
269 //
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
271 //
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
273 if (ValueStr != NULL) {
274 UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);
275 *Mask |= NAME;
276 }
277
278 //
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
280 //
281 Status = GetNumber (
282 L"--packet-flag",
283 (UINT8) -1,
284 &(*Data)->PackageFlag,
285 sizeof (UINT32),
286 NULL,
287 ParamPackage,
288 FORMAT_NUMBER
289 );
290 if (!EFI_ERROR (Status)) {
291 *Mask |= PACKET_FLAG;
292 }
293
294 if (Status == EFI_INVALID_PARAMETER) {
295 ReturnStatus = EFI_INVALID_PARAMETER;
296 }
297
298 //
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
300 //
301 Status = GetNumber (
302 L"--action",
303 (UINT8) -1,
304 &(*Data)->Action,
305 sizeof (UINT32),
306 mMapIpSecAction,
307 ParamPackage,
308 FORMAT_STRING
309 );
310 if (!EFI_ERROR (Status)) {
311 *Mask |= ACTION;
312 }
313
314 if (Status == EFI_INVALID_PARAMETER) {
315 ReturnStatus = EFI_INVALID_PARAMETER;
316 }
317
318 //
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
320 //
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
323 *Mask |= EXT_SEQUENCE;
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
326 *Mask |= EXT_SEQUENCE;
327 }
328
329 //
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
331 //
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
334 *Mask |= SEQUENCE_OVERFLOW;
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
337 *Mask |= SEQUENCE_OVERFLOW;
338 }
339
340 //
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
342 //
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;
345 *Mask |= FRAGMENT_CHECK;
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;
348 *Mask |= FRAGMENT_CHECK;
349 }
350
351 //
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
353 //
354 Status = GetNumber (
355 L"--lifebyte",
356 (UINT64) -1,
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
358 sizeof (UINT64),
359 NULL,
360 ParamPackage,
361 FORMAT_NUMBER
362 );
363 if (!EFI_ERROR (Status)) {
364 *Mask |= LIFEBYTE;
365 }
366
367 if (Status == EFI_INVALID_PARAMETER) {
368 ReturnStatus = EFI_INVALID_PARAMETER;
369 }
370
371 Status = GetNumber (
372 L"--lifetime",
373 (UINT64) -1,
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
375 sizeof (UINT64),
376 NULL,
377 ParamPackage,
378 FORMAT_NUMBER
379 );
380 if (!EFI_ERROR (Status)) {
381 *Mask |= LIFETIME;
382 }
383 if (Status == EFI_INVALID_PARAMETER) {
384 ReturnStatus = EFI_INVALID_PARAMETER;
385 }
386
387 Status = GetNumber (
388 L"--lifetime-soft",
389 (UINT64) -1,
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
391 sizeof (UINT64),
392 NULL,
393 ParamPackage,
394 FORMAT_NUMBER
395 );
396 if (!EFI_ERROR (Status)) {
397 *Mask |= LIFETIME_SOFT;
398 }
399
400 if (Status == EFI_INVALID_PARAMETER) {
401 ReturnStatus = EFI_INVALID_PARAMETER;
402 }
403
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
405 Status = GetNumber (
406 L"--mode",
407 0,
408 &(*Data)->ProcessingPolicy->Mode,
409 sizeof (UINT32),
410 mMapIpSecMode,
411 ParamPackage,
412 FORMAT_STRING
413 );
414 if (!EFI_ERROR (Status)) {
415 *Mask |= MODE;
416 }
417
418 if (Status == EFI_INVALID_PARAMETER) {
419 ReturnStatus = EFI_INVALID_PARAMETER;
420 }
421
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
423 if (ValueStr != NULL) {
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
425 if (EFI_ERROR (Status)) {
426 ShellPrintHiiEx (
427 -1,
428 -1,
429 NULL,
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
431 mHiiHandle,
432 mAppName,
433 L"--tunnel-local",
434 ValueStr
435 );
436 ReturnStatus = EFI_INVALID_PARAMETER;
437 } else {
438 *Mask |= TUNNEL_LOCAL;
439 }
440 }
441
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
443 if (ValueStr != NULL) {
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
445 if (EFI_ERROR (Status)) {
446 ShellPrintHiiEx (
447 -1,
448 -1,
449 NULL,
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
451 mHiiHandle,
452 mAppName,
453 L"--tunnel-remote",
454 ValueStr
455 );
456 ReturnStatus = EFI_INVALID_PARAMETER;
457 } else {
458 *Mask |= TUNNEL_REMOTE;
459 }
460 }
461
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
463 Status = GetNumber (
464 L"--dont-fragment",
465 0,
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,
467 sizeof (UINT32),
468 mMapDfOption,
469 ParamPackage,
470 FORMAT_STRING
471 );
472 if (!EFI_ERROR (Status)) {
473 *Mask |= DONT_FRAGMENT;
474 }
475
476 if (Status == EFI_INVALID_PARAMETER) {
477 ReturnStatus = EFI_INVALID_PARAMETER;
478 }
479
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
481 Status = GetNumber (
482 L"--ipsec-proto",
483 0,
484 &(*Data)->ProcessingPolicy->Proto,
485 sizeof (UINT32),
486 mMapIpSecProtocol,
487 ParamPackage,
488 FORMAT_STRING
489 );
490 if (!EFI_ERROR (Status)) {
491 *Mask |= IPSEC_PROTO;
492 }
493
494 if (Status == EFI_INVALID_PARAMETER) {
495 ReturnStatus = EFI_INVALID_PARAMETER;
496 }
497
498 Status = GetNumber (
499 L"--encrypt-algo",
500 0,
501 &(*Data)->ProcessingPolicy->EncAlgoId,
502 sizeof (UINT8),
503 mMapEncAlgo,
504 ParamPackage,
505 FORMAT_STRING
506 );
507 if (!EFI_ERROR (Status)) {
508 *Mask |= ENCRYPT_ALGO;
509 }
510
511 if (Status == EFI_INVALID_PARAMETER) {
512 ReturnStatus = EFI_INVALID_PARAMETER;
513 }
514
515 Status = GetNumber (
516 L"--auth-algo",
517 0,
518 &(*Data)->ProcessingPolicy->AuthAlgoId,
519 sizeof (UINT8),
520 mMapAuthAlgo,
521 ParamPackage,
522 FORMAT_STRING
523 );
524 if (!EFI_ERROR (Status)) {
525 *Mask |= AUTH_ALGO;
526 }
527
528 if (Status == EFI_INVALID_PARAMETER) {
529 ReturnStatus = EFI_INVALID_PARAMETER;
530 }
531
532 //
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
534 //
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;
537 }
538
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
542 if ((*Data)->Action != EfiIPsecActionProtect) {
543 //
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
545 //
546 (*Data)->ProcessingPolicy = NULL;
547 }
548 }
549
550 if (CreateNew) {
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
552 ShellPrintHiiEx (
553 -1,
554 -1,
555 NULL,
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
557 mHiiHandle,
558 mAppName,
559 L"--local --remote --proto --action"
560 );
561 ReturnStatus = EFI_INVALID_PARAMETER;
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
565 ShellPrintHiiEx (
566 -1,
567 -1,
568 NULL,
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
570 mHiiHandle,
571 mAppName,
572 L"--tunnel-local --tunnel-remote"
573 );
574 ReturnStatus = EFI_INVALID_PARAMETER;
575 }
576 }
577
578 return ReturnStatus;
579 }
580
581 /**
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
583
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
586 @param[in] ParamPackage The pointer to the ParamPackage list.
587 @param[out] Mask The pointer to the Mask.
588 @param[in] CreateNew The switch to create new.
589
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
592
593 **/
594 EFI_STATUS
595 CreateSadEntry (
596 OUT EFI_IPSEC_SA_ID **SaId,
597 OUT EFI_IPSEC_SA_DATA2 **Data,
598 IN LIST_ENTRY *ParamPackage,
599 OUT UINT32 *Mask,
600 IN BOOLEAN CreateNew
601 )
602 {
603 EFI_STATUS Status;
604 EFI_STATUS ReturnStatus;
605 UINTN AuthKeyLength;
606 UINTN EncKeyLength;
607 CONST CHAR16 *ValueStr;
608 CHAR8 *AsciiStr;
609 UINTN DataSize;
610
611 Status = EFI_SUCCESS;
612 ReturnStatus = EFI_SUCCESS;
613 *Mask = 0;
614 AuthKeyLength = 0;
615 EncKeyLength = 0;
616
617 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
618 ASSERT (*SaId != NULL);
619
620 //
621 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
622 //
623 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
624 if (!EFI_ERROR (Status)) {
625 *Mask |= SPI;
626 }
627
628 if (Status == EFI_INVALID_PARAMETER) {
629 ReturnStatus = EFI_INVALID_PARAMETER;
630 }
631
632 //
633 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
634 //
635 Status = GetNumber (
636 L"--ipsec-proto",
637 0,
638 &(*SaId)->Proto,
639 sizeof (EFI_IPSEC_PROTOCOL_TYPE),
640 mMapIpSecProtocol,
641 ParamPackage,
642 FORMAT_STRING
643 );
644 if (!EFI_ERROR (Status)) {
645 *Mask |= IPSEC_PROTO;
646 }
647
648 if (Status == EFI_INVALID_PARAMETER) {
649 ReturnStatus = EFI_INVALID_PARAMETER;
650 }
651
652 //
653 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
654 //
655 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
656 if (ValueStr != NULL) {
657 AuthKeyLength = StrLen (ValueStr);
658 }
659
660 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
661 if (ValueStr != NULL) {
662 EncKeyLength = StrLen (ValueStr);
663 }
664
665 //
666 // EFI_IPSEC_SA_DATA2:
667 // +------------
668 // | EFI_IPSEC_SA_DATA2
669 // +-----------------------
670 // | AuthKey
671 // +-------------------------
672 // | EncKey
673 // +-------------------------
674 // | SpdSelector
675 //
676 // Notes: To make sure the address alignment add padding after each data if needed.
677 //
678 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
679 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
680 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
681 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
682 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
683 DataSize += sizeof (EFI_IP_ADDRESS_INFO);
684
685
686
687 *Data = AllocateZeroPool (DataSize);
688 ASSERT (*Data != NULL);
689
690 (*Data)->ManualSet = TRUE;
691 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
692 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
693 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
694 sizeof (UINTN)
695 );
696 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
697 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
698 sizeof (UINTN)
699 );
700 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
701 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
702 sizeof (UINTN));
703 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
704 (*Data)->SpdSelector->LocalAddress + 1,
705 sizeof (UINTN)
706 );
707
708 (*Data)->Mode = EfiIPsecTransport;
709 Status = GetNumber (
710 L"--mode",
711 0,
712 &(*Data)->Mode,
713 sizeof (EFI_IPSEC_MODE),
714 mMapIpSecMode,
715 ParamPackage,
716 FORMAT_STRING
717 );
718 if (!EFI_ERROR (Status)) {
719 *Mask |= MODE;
720 }
721
722 if (Status == EFI_INVALID_PARAMETER) {
723 ReturnStatus = EFI_INVALID_PARAMETER;
724 }
725
726 //
727 // According to RFC 4303-3.3.3. The first packet sent using a given SA
728 // will contain a sequence number of 1.
729 //
730 (*Data)->SNCount = 1;
731 Status = GetNumber (
732 L"--sequence-number",
733 (UINT64) -1,
734 &(*Data)->SNCount,
735 sizeof (UINT64),
736 NULL,
737 ParamPackage,
738 FORMAT_NUMBER
739 );
740 if (!EFI_ERROR (Status)) {
741 *Mask |= SEQUENCE_NUMBER;
742 }
743
744 if (Status == EFI_INVALID_PARAMETER) {
745 ReturnStatus = EFI_INVALID_PARAMETER;
746 }
747
748 (*Data)->AntiReplayWindows = 0;
749 Status = GetNumber (
750 L"--antireplay-window",
751 (UINT8) -1,
752 &(*Data)->AntiReplayWindows,
753 sizeof (UINT8),
754 NULL,
755 ParamPackage,
756 FORMAT_NUMBER
757 );
758 if (!EFI_ERROR (Status)) {
759 *Mask |= SEQUENCE_NUMBER;
760 }
761
762 if (Status == EFI_INVALID_PARAMETER) {
763 ReturnStatus = EFI_INVALID_PARAMETER;
764 }
765
766 Status = GetNumber (
767 L"--encrypt-algo",
768 0,
769 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
770 sizeof (UINT8),
771 mMapEncAlgo,
772 ParamPackage,
773 FORMAT_STRING
774 );
775 if (!EFI_ERROR (Status)) {
776 *Mask |= ENCRYPT_ALGO;
777 }
778
779 if (Status == EFI_INVALID_PARAMETER) {
780 ReturnStatus = EFI_INVALID_PARAMETER;
781 }
782
783 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
784 if (ValueStr != NULL ) {
785 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
786 AsciiStr = AllocateZeroPool (EncKeyLength + 1);
787 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
788 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
789 FreePool (AsciiStr);
790 *Mask |= ENCRYPT_KEY;
791 } else {
792 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
793 }
794
795 Status = GetNumber (
796 L"--auth-algo",
797 0,
798 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
799 sizeof (UINT8),
800 mMapAuthAlgo,
801 ParamPackage,
802 FORMAT_STRING
803 );
804 if (!EFI_ERROR (Status)) {
805 *Mask |= AUTH_ALGO;
806 }
807
808 if (Status == EFI_INVALID_PARAMETER) {
809 ReturnStatus = EFI_INVALID_PARAMETER;
810 }
811
812 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
813 if (ValueStr != NULL) {
814 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
815 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
816 UnicodeStrToAsciiStr (ValueStr, AsciiStr);
817 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
818 FreePool (AsciiStr);
819 *Mask |= AUTH_KEY;
820 } else {
821 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
822 }
823
824 Status = GetNumber (
825 L"--lifebyte",
826 (UINT64) -1,
827 &(*Data)->SaLifetime.ByteCount,
828 sizeof (UINT64),
829 NULL,
830 ParamPackage,
831 FORMAT_NUMBER
832 );
833 if (!EFI_ERROR (Status)) {
834 *Mask |= LIFEBYTE;
835 }
836
837 if (Status == EFI_INVALID_PARAMETER) {
838 ReturnStatus = EFI_INVALID_PARAMETER;
839 }
840
841 Status = GetNumber (
842 L"--lifetime",
843 (UINT64) -1,
844 &(*Data)->SaLifetime.HardLifetime,
845 sizeof (UINT64),
846 NULL,
847 ParamPackage,
848 FORMAT_NUMBER
849 );
850 if (!EFI_ERROR (Status)) {
851 *Mask |= LIFETIME;
852 }
853
854 if (Status == EFI_INVALID_PARAMETER) {
855 ReturnStatus = EFI_INVALID_PARAMETER;
856 }
857
858 Status = GetNumber (
859 L"--lifetime-soft",
860 (UINT64) -1,
861 &(*Data)->SaLifetime.SoftLifetime,
862 sizeof (UINT64),
863 NULL,
864 ParamPackage,
865 FORMAT_NUMBER
866 );
867 if (!EFI_ERROR (Status)) {
868 *Mask |= LIFETIME_SOFT;
869 }
870
871 if (Status == EFI_INVALID_PARAMETER) {
872 ReturnStatus = EFI_INVALID_PARAMETER;
873 }
874
875 Status = GetNumber (
876 L"--path-mtu",
877 (UINT32) -1,
878 &(*Data)->PathMTU,
879 sizeof (UINT32),
880 NULL,
881 ParamPackage,
882 FORMAT_NUMBER
883 );
884 if (!EFI_ERROR (Status)) {
885 *Mask |= PATH_MTU;
886 }
887
888 if (Status == EFI_INVALID_PARAMETER) {
889 ReturnStatus = EFI_INVALID_PARAMETER;
890 }
891
892 //
893 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
894 //
895 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
896 if (ValueStr != NULL) {
897 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
898 if (EFI_ERROR (Status)) {
899 ShellPrintHiiEx (
900 -1,
901 -1,
902 NULL,
903 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
904 mHiiHandle,
905 mAppName,
906 L"--tunnel-dest",
907 ValueStr
908 );
909 ReturnStatus = EFI_INVALID_PARAMETER;
910 } else {
911 *Mask |= DEST;
912 }
913 }
914
915 //
916 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
917 //
918 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
919 if (ValueStr != NULL) {
920 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
921 if (EFI_ERROR (Status)) {
922 ShellPrintHiiEx (
923 -1,
924 -1,
925 NULL,
926 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
927 mHiiHandle,
928 mAppName,
929 L"--tunnel-source",
930 ValueStr
931 );
932 ReturnStatus = EFI_INVALID_PARAMETER;
933 } else {
934 *Mask |= SOURCE;
935 }
936 }
937 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
938
939 if (CreateNew) {
940 if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
941 ShellPrintHiiEx (
942 -1,
943 -1,
944 NULL,
945 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
946 mHiiHandle,
947 mAppName,
948 L"--spi --ipsec-proto --dest"
949 );
950 ReturnStatus = EFI_INVALID_PARAMETER;
951 } else {
952 if ((*SaId)->Proto == EfiIPsecAH) {
953 if ((*Mask & AUTH_ALGO) == 0) {
954 ShellPrintHiiEx (
955 -1,
956 -1,
957 NULL,
958 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
959 mHiiHandle,
960 mAppName,
961 L"--auth-algo"
962 );
963 ReturnStatus = EFI_INVALID_PARAMETER;
964 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
965 ShellPrintHiiEx (
966 -1,
967 -1,
968 NULL,
969 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
970 mHiiHandle,
971 mAppName,
972 L"--auth-key"
973 );
974 ReturnStatus = EFI_INVALID_PARAMETER;
975 }
976 } else {
977 if ((*Mask & ENCRYPT_ALGO) == 0) {
978 ShellPrintHiiEx (
979 -1,
980 -1,
981 NULL,
982 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
983 mHiiHandle,
984 mAppName,
985 L"--encrypt-algo"
986 );
987 ReturnStatus = EFI_INVALID_PARAMETER;
988 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
989 ShellPrintHiiEx (
990 -1,
991 -1,
992 NULL,
993 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
994 mHiiHandle,
995 mAppName,
996 L"--encrypt-key"
997 );
998 ReturnStatus = EFI_INVALID_PARAMETER;
999 }
1000 }
1001 }
1002 }
1003
1004 return ReturnStatus;
1005 }
1006
1007 /**
1008 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
1009
1010 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
1011 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
1012 @param[in] ParamPackage The pointer to the ParamPackage list.
1013 @param[out] Mask The pointer to the Mask.
1014 @param[in] CreateNew The switch to create new.
1015
1016 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
1017 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1018
1019 **/
1020 EFI_STATUS
1021 CreatePadEntry (
1022 OUT EFI_IPSEC_PAD_ID **PadId,
1023 OUT EFI_IPSEC_PAD_DATA **Data,
1024 IN LIST_ENTRY *ParamPackage,
1025 OUT UINT32 *Mask,
1026 IN BOOLEAN CreateNew
1027 )
1028 {
1029 EFI_STATUS Status;
1030 EFI_STATUS ReturnStatus;
1031 SHELL_FILE_HANDLE FileHandle;
1032 UINT64 FileSize;
1033 UINTN AuthDataLength;
1034 UINTN RevocationDataLength;
1035 UINTN DataLength;
1036 UINTN Index;
1037 CONST CHAR16 *ValueStr;
1038 UINTN DataSize;
1039
1040 Status = EFI_SUCCESS;
1041 ReturnStatus = EFI_SUCCESS;
1042 *Mask = 0;
1043 AuthDataLength = 0;
1044 RevocationDataLength = 0;
1045
1046 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
1047 ASSERT (*PadId != NULL);
1048
1049 //
1050 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
1051 //
1052 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
1053 if (ValueStr != NULL) {
1054 (*PadId)->PeerIdValid = FALSE;
1055 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
1056 if (EFI_ERROR (Status)) {
1057 ShellPrintHiiEx (
1058 -1,
1059 -1,
1060 NULL,
1061 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
1062 mHiiHandle,
1063 mAppName,
1064 L"--peer-address",
1065 ValueStr
1066 );
1067 ReturnStatus = EFI_INVALID_PARAMETER;
1068 } else {
1069 *Mask |= PEER_ADDRESS;
1070 }
1071 }
1072
1073 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
1074 if (ValueStr != NULL) {
1075 (*PadId)->PeerIdValid = TRUE;
1076 StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);
1077 *Mask |= PEER_ID;
1078 }
1079
1080 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1081 if (ValueStr != NULL) {
1082 if (ValueStr[0] == L'@') {
1083 //
1084 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1085 //
1086 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1087 if (EFI_ERROR (Status)) {
1088 ShellPrintHiiEx (
1089 -1,
1090 -1,
1091 NULL,
1092 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1093 mHiiHandle,
1094 mAppName,
1095 &ValueStr[1]
1096 );
1097 ReturnStatus = EFI_INVALID_PARAMETER;
1098 } else {
1099 Status = ShellGetFileSize (FileHandle, &FileSize);
1100 ShellCloseFile (&FileHandle);
1101 if (EFI_ERROR (Status)) {
1102 ShellPrintHiiEx (
1103 -1,
1104 -1,
1105 NULL,
1106 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1107 mHiiHandle,
1108 mAppName,
1109 &ValueStr[1]
1110 );
1111 ReturnStatus = EFI_INVALID_PARAMETER;
1112 } else {
1113 AuthDataLength = (UINTN) FileSize;
1114 }
1115 }
1116 } else {
1117 AuthDataLength = StrLen (ValueStr);
1118 }
1119 }
1120
1121 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1122 if (ValueStr != NULL) {
1123 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
1124 }
1125
1126 //
1127 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
1128 // in different Arch.
1129 //
1130 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
1131 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
1132 DataSize += RevocationDataLength;
1133
1134 *Data = AllocateZeroPool (DataSize);
1135 ASSERT (*Data != NULL);
1136
1137 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
1138 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
1139 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
1140
1141 //
1142 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
1143 //
1144 Status = GetNumber (
1145 L"--auth-proto",
1146 0,
1147 &(*Data)->AuthProtocol,
1148 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
1149 mMapAuthProto,
1150 ParamPackage,
1151 FORMAT_STRING
1152 );
1153 if (!EFI_ERROR (Status)) {
1154 *Mask |= AUTH_PROTO;
1155 }
1156
1157 if (Status == EFI_INVALID_PARAMETER) {
1158 ReturnStatus = EFI_INVALID_PARAMETER;
1159 }
1160
1161 Status = GetNumber (
1162 L"--auth-method",
1163 0,
1164 &(*Data)->AuthMethod,
1165 sizeof (EFI_IPSEC_AUTH_METHOD),
1166 mMapAuthMethod,
1167 ParamPackage,
1168 FORMAT_STRING
1169 );
1170 if (!EFI_ERROR (Status)) {
1171 *Mask |= AUTH_METHOD;
1172 }
1173
1174 if (Status == EFI_INVALID_PARAMETER) {
1175 ReturnStatus = EFI_INVALID_PARAMETER;
1176 }
1177
1178 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
1179 (*Data)->IkeIdFlag = TRUE;
1180 *Mask |= IKE_ID;
1181 }
1182
1183 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
1184 (*Data)->IkeIdFlag = FALSE;
1185 *Mask |= IKE_ID;
1186 }
1187
1188 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1189 if (ValueStr != NULL) {
1190 if (ValueStr[0] == L'@') {
1191 //
1192 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1193 //
1194
1195 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1196 if (EFI_ERROR (Status)) {
1197 ShellPrintHiiEx (
1198 -1,
1199 -1,
1200 NULL,
1201 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1202 mHiiHandle,
1203 mAppName,
1204 &ValueStr[1]
1205 );
1206 ReturnStatus = EFI_INVALID_PARAMETER;
1207 (*Data)->AuthData = NULL;
1208 } else {
1209 DataLength = AuthDataLength;
1210 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
1211 ShellCloseFile (&FileHandle);
1212 if (EFI_ERROR (Status)) {
1213 ShellPrintHiiEx (
1214 -1,
1215 -1,
1216 NULL,
1217 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1218 mHiiHandle,
1219 mAppName,
1220 &ValueStr[1]
1221 );
1222 ReturnStatus = EFI_INVALID_PARAMETER;
1223 (*Data)->AuthData = NULL;
1224 } else {
1225 ASSERT (DataLength == AuthDataLength);
1226 *Mask |= AUTH_DATA;
1227 }
1228 }
1229 } else {
1230 for (Index = 0; Index < AuthDataLength; Index++) {
1231 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
1232 }
1233 (*Data)->AuthDataSize = AuthDataLength;
1234 *Mask |= AUTH_DATA;
1235 }
1236 }
1237
1238 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1239 if (ValueStr != NULL) {
1240 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
1241 (*Data)->RevocationDataSize = RevocationDataLength;
1242 *Mask |= REVOCATION_DATA;
1243 } else {
1244 (*Data)->RevocationData = NULL;
1245 }
1246
1247 if (CreateNew) {
1248 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1249 ShellPrintHiiEx (
1250 -1,
1251 -1,
1252 NULL,
1253 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1254 mHiiHandle,
1255 mAppName,
1256 L"--peer-id --peer-address"
1257 );
1258 ReturnStatus = EFI_INVALID_PARAMETER;
1259 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
1260 ShellPrintHiiEx (
1261 -1,
1262 -1,
1263 NULL,
1264 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1265 mHiiHandle,
1266 mAppName,
1267 L"--auth-method --auth-data"
1268 );
1269 ReturnStatus = EFI_INVALID_PARAMETER;
1270 }
1271 }
1272
1273 return ReturnStatus;
1274 }
1275
1276 CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
1277 (CREATE_POLICY_ENTRY) CreateSpdEntry,
1278 (CREATE_POLICY_ENTRY) CreateSadEntry,
1279 (CREATE_POLICY_ENTRY) CreatePadEntry
1280 };
1281
1282 /**
1283 Combine old SPD entry with new SPD entry.
1284
1285 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1286 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
1287 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1288 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
1289 @param[in] Mask The pointer to the Mask.
1290 @param[out] CreateNew The switch to create new.
1291
1292 @retval EFI_SUCCESS Combined successfully.
1293 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1294
1295 **/
1296 EFI_STATUS
1297 CombineSpdEntry (
1298 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
1299 IN OUT EFI_IPSEC_SPD_DATA *OldData,
1300 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
1301 IN EFI_IPSEC_SPD_DATA *NewData,
1302 IN UINT32 Mask,
1303 OUT BOOLEAN *CreateNew
1304 )
1305 {
1306
1307 //
1308 // Process Selector
1309 //
1310 *CreateNew = FALSE;
1311 if ((Mask & LOCAL) == 0) {
1312 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
1313 NewSelector->LocalAddress = OldSelector->LocalAddress;
1314 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
1315 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1316 *CreateNew = TRUE;
1317 }
1318
1319 if ((Mask & REMOTE) == 0) {
1320 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
1321 NewSelector->RemoteAddress = OldSelector->RemoteAddress;
1322 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
1323 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1324 *CreateNew = TRUE;
1325 }
1326
1327 if ((Mask & PROTO) == 0) {
1328 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
1329 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
1330 *CreateNew = TRUE;
1331 }
1332
1333 switch (NewSelector->NextLayerProtocol) {
1334 case EFI_IP4_PROTO_TCP:
1335 case EFI_IP4_PROTO_UDP:
1336 if ((Mask & LOCAL_PORT) == 0) {
1337 NewSelector->LocalPort = OldSelector->LocalPort;
1338 NewSelector->LocalPortRange = OldSelector->LocalPortRange;
1339 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
1340 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
1341 *CreateNew = TRUE;
1342 }
1343
1344 if ((Mask & REMOTE_PORT) == 0) {
1345 NewSelector->RemotePort = OldSelector->RemotePort;
1346 NewSelector->RemotePortRange = OldSelector->RemotePortRange;
1347 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
1348 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
1349 *CreateNew = TRUE;
1350 }
1351 break;
1352
1353 case EFI_IP4_PROTO_ICMP:
1354 if ((Mask & ICMP_TYPE) == 0) {
1355 NewSelector->LocalPort = OldSelector->LocalPort;
1356 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
1357 *CreateNew = TRUE;
1358 }
1359
1360 if ((Mask & ICMP_CODE) == 0) {
1361 NewSelector->RemotePort = OldSelector->RemotePort;
1362 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
1363 *CreateNew = TRUE;
1364 }
1365 break;
1366 }
1367 //
1368 // Process Data
1369 //
1370 if ((Mask & NAME) != 0) {
1371 AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);
1372 }
1373
1374 if ((Mask & PACKET_FLAG) != 0) {
1375 OldData->PackageFlag = NewData->PackageFlag;
1376 }
1377
1378 if ((Mask & ACTION) != 0) {
1379 OldData->Action = NewData->Action;
1380 }
1381
1382 if (OldData->Action != EfiIPsecActionProtect) {
1383 OldData->ProcessingPolicy = NULL;
1384 } else {
1385 //
1386 // Protect
1387 //
1388 if (OldData->ProcessingPolicy == NULL) {
1389 //
1390 // Just point to new data if originally NULL.
1391 //
1392 OldData->ProcessingPolicy = NewData->ProcessingPolicy;
1393 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
1394 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
1395 ) {
1396 //
1397 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
1398 //
1399 ShellPrintHiiEx (
1400 -1,
1401 -1,
1402 NULL,
1403 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1404 mHiiHandle,
1405 mAppName,
1406 L"--tunnel-local --tunnel-remote"
1407 );
1408 return EFI_INVALID_PARAMETER;
1409 }
1410 } else {
1411 //
1412 // Modify some of the data.
1413 //
1414 if ((Mask & EXT_SEQUENCE) != 0) {
1415 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
1416 }
1417
1418 if ((Mask & SEQUENCE_OVERFLOW) != 0) {
1419 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
1420 }
1421
1422 if ((Mask & FRAGMENT_CHECK) != 0) {
1423 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
1424 }
1425
1426 if ((Mask & LIFEBYTE) != 0) {
1427 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
1428 }
1429
1430 if ((Mask & LIFETIME_SOFT) != 0) {
1431 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
1432 }
1433
1434 if ((Mask & LIFETIME) != 0) {
1435 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
1436 }
1437
1438 if ((Mask & MODE) != 0) {
1439 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
1440 }
1441
1442 if ((Mask & IPSEC_PROTO) != 0) {
1443 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
1444 }
1445
1446 if ((Mask & AUTH_ALGO) != 0) {
1447 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
1448 }
1449
1450 if ((Mask & ENCRYPT_ALGO) != 0) {
1451 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
1452 }
1453
1454 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
1455 OldData->ProcessingPolicy->TunnelOption = NULL;
1456 } else {
1457 if (OldData->ProcessingPolicy->TunnelOption == NULL) {
1458 //
1459 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
1460 //
1461 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
1462 ShellPrintHiiEx (
1463 -1,
1464 -1,
1465 NULL,
1466 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1467 mHiiHandle,
1468 mAppName,
1469 L"--tunnel-local --tunnel-remote"
1470 );
1471 return EFI_INVALID_PARAMETER;
1472 }
1473
1474 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
1475 } else {
1476 if ((Mask & TUNNEL_LOCAL) != 0) {
1477 CopyMem (
1478 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1479 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1480 sizeof (EFI_IP_ADDRESS)
1481 );
1482 }
1483
1484 if ((Mask & TUNNEL_REMOTE) != 0) {
1485 CopyMem (
1486 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1487 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1488 sizeof (EFI_IP_ADDRESS)
1489 );
1490 }
1491
1492 if ((Mask & DONT_FRAGMENT) != 0) {
1493 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
1494 }
1495 }
1496 }
1497 }
1498 }
1499
1500 return EFI_SUCCESS;
1501 }
1502
1503 /**
1504 Combine old SAD entry with new SAD entry.
1505
1506 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
1507 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1508 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
1509 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1510 @param[in] Mask The pointer to the Mask.
1511 @param[out] CreateNew The switch to create new.
1512
1513 @retval EFI_SUCCESS Combined successfully.
1514 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1515
1516 **/
1517 EFI_STATUS
1518 CombineSadEntry (
1519 IN OUT EFI_IPSEC_SA_ID *OldSaId,
1520 IN OUT EFI_IPSEC_SA_DATA2 *OldData,
1521 IN EFI_IPSEC_SA_ID *NewSaId,
1522 IN EFI_IPSEC_SA_DATA2 *NewData,
1523 IN UINT32 Mask,
1524 OUT BOOLEAN *CreateNew
1525 )
1526 {
1527
1528 *CreateNew = FALSE;
1529
1530 if ((Mask & SPI) == 0) {
1531 NewSaId->Spi = OldSaId->Spi;
1532 } else if (NewSaId->Spi != OldSaId->Spi) {
1533 *CreateNew = TRUE;
1534 }
1535
1536 if ((Mask & IPSEC_PROTO) == 0) {
1537 NewSaId->Proto = OldSaId->Proto;
1538 } else if (NewSaId->Proto != OldSaId->Proto) {
1539 *CreateNew = TRUE;
1540 }
1541
1542 if ((Mask & DEST) == 0) {
1543 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
1544 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1545 *CreateNew = TRUE;
1546 }
1547
1548 if ((Mask & SOURCE) == 0) {
1549 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
1550 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1551 *CreateNew = TRUE;
1552 }
1553 //
1554 // Process SA_DATA.
1555 //
1556 if ((Mask & MODE) != 0) {
1557 OldData->Mode = NewData->Mode;
1558 }
1559
1560 if ((Mask & SEQUENCE_NUMBER) != 0) {
1561 OldData->SNCount = NewData->SNCount;
1562 }
1563
1564 if ((Mask & ANTIREPLAY_WINDOW) != 0) {
1565 OldData->AntiReplayWindows = NewData->AntiReplayWindows;
1566 }
1567
1568 if ((Mask & AUTH_ALGO) != 0) {
1569 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
1570 }
1571
1572 if ((Mask & AUTH_KEY) != 0) {
1573 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
1574 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
1575 }
1576
1577 if ((Mask & ENCRYPT_ALGO) != 0) {
1578 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
1579 }
1580
1581 if ((Mask & ENCRYPT_KEY) != 0) {
1582 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
1583 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
1584 }
1585
1586 if (NewSaId->Proto == EfiIPsecAH) {
1587 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
1588 //
1589 // Should not provide encrypt_* if AH.
1590 //
1591 ShellPrintHiiEx (
1592 -1,
1593 -1,
1594 NULL,
1595 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
1596 mHiiHandle,
1597 mAppName,
1598 L"--encrypt-algo --encrypt-key"
1599 );
1600 return EFI_INVALID_PARAMETER;
1601 }
1602 }
1603
1604 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
1605 //
1606 // AH -> ESP
1607 // Should provide encrypt_algo at least.
1608 //
1609 if ((Mask & ENCRYPT_ALGO) == 0) {
1610 ShellPrintHiiEx (
1611 -1,
1612 -1,
1613 NULL,
1614 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1615 mHiiHandle,
1616 mAppName,
1617 L"--encrypt-algo"
1618 );
1619 return EFI_INVALID_PARAMETER;
1620 }
1621
1622 //
1623 // Encrypt_key should be provided if algorithm is not NONE.
1624 //
1625 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
1626 ShellPrintHiiEx (
1627 -1,
1628 -1,
1629 NULL,
1630 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1631 mHiiHandle,
1632 mAppName,
1633 L"--encrypt-algo"
1634 );
1635 return EFI_INVALID_PARAMETER;
1636 }
1637 }
1638
1639 if ((Mask & LIFEBYTE) != 0) {
1640 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
1641 }
1642
1643 if ((Mask & LIFETIME_SOFT) != 0) {
1644 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
1645 }
1646
1647 if ((Mask & LIFETIME) != 0) {
1648 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
1649 }
1650
1651 if ((Mask & PATH_MTU) != 0) {
1652 OldData->PathMTU = NewData->PathMTU;
1653 }
1654 //
1655 // Process SpdSelector.
1656 //
1657 if (OldData->SpdSelector == NULL) {
1658 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
1659 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
1660 ShellPrintHiiEx (
1661 -1,
1662 -1,
1663 NULL,
1664 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1665 mHiiHandle,
1666 mAppName,
1667 L"--local --remote --proto"
1668 );
1669 return EFI_INVALID_PARAMETER;
1670 }
1671
1672 OldData->SpdSelector = NewData->SpdSelector;
1673 }
1674 } else {
1675 if ((Mask & LOCAL) != 0) {
1676 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
1677 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
1678 }
1679
1680 if ((Mask & REMOTE) != 0) {
1681 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
1682 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
1683 }
1684
1685 if ((Mask & PROTO) != 0) {
1686 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
1687 }
1688
1689 if (OldData->SpdSelector != NULL) {
1690 switch (OldData->SpdSelector->NextLayerProtocol) {
1691 case EFI_IP4_PROTO_TCP:
1692 case EFI_IP4_PROTO_UDP:
1693 if ((Mask & LOCAL_PORT) != 0) {
1694 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
1695 }
1696
1697 if ((Mask & REMOTE_PORT) != 0) {
1698 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
1699 }
1700 break;
1701
1702 case EFI_IP4_PROTO_ICMP:
1703 if ((Mask & ICMP_TYPE) != 0) {
1704 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
1705 }
1706
1707 if ((Mask & ICMP_CODE) != 0) {
1708 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
1709 }
1710 break;
1711 }
1712 }
1713 }
1714
1715 return EFI_SUCCESS;
1716 }
1717
1718 /**
1719 Combine old PAD entry with new PAD entry.
1720
1721 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1722 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
1723 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1724 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
1725 @param[in] Mask The pointer to the Mask.
1726 @param[out] CreateNew The switch to create new.
1727
1728 @retval EFI_SUCCESS Combined successfully.
1729 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1730
1731 **/
1732 EFI_STATUS
1733 CombinePadEntry (
1734 IN OUT EFI_IPSEC_PAD_ID *OldPadId,
1735 IN OUT EFI_IPSEC_PAD_DATA *OldData,
1736 IN EFI_IPSEC_PAD_ID *NewPadId,
1737 IN EFI_IPSEC_PAD_DATA *NewData,
1738 IN UINT32 Mask,
1739 OUT BOOLEAN *CreateNew
1740 )
1741 {
1742
1743 *CreateNew = FALSE;
1744
1745 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1746 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
1747 } else {
1748 if ((Mask & PEER_ID) != 0) {
1749 if (OldPadId->PeerIdValid) {
1750 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
1751 *CreateNew = TRUE;
1752 }
1753 } else {
1754 *CreateNew = TRUE;
1755 }
1756 } else {
1757 //
1758 // MASK & PEER_ADDRESS
1759 //
1760 if (OldPadId->PeerIdValid) {
1761 *CreateNew = TRUE;
1762 } else {
1763 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
1764 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
1765 *CreateNew = TRUE;
1766 }
1767 }
1768 }
1769 }
1770
1771 if ((Mask & AUTH_PROTO) != 0) {
1772 OldData->AuthProtocol = NewData->AuthProtocol;
1773 }
1774
1775 if ((Mask & AUTH_METHOD) != 0) {
1776 OldData->AuthMethod = NewData->AuthMethod;
1777 }
1778
1779 if ((Mask & IKE_ID) != 0) {
1780 OldData->IkeIdFlag = NewData->IkeIdFlag;
1781 }
1782
1783 if ((Mask & AUTH_DATA) != 0) {
1784 OldData->AuthDataSize = NewData->AuthDataSize;
1785 OldData->AuthData = NewData->AuthData;
1786 }
1787
1788 if ((Mask & REVOCATION_DATA) != 0) {
1789 OldData->RevocationDataSize = NewData->RevocationDataSize;
1790 OldData->RevocationData = NewData->RevocationData;
1791 }
1792
1793 return EFI_SUCCESS;
1794 }
1795
1796 COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
1797 (COMBINE_POLICY_ENTRY) CombineSpdEntry,
1798 (COMBINE_POLICY_ENTRY) CombineSadEntry,
1799 (COMBINE_POLICY_ENTRY) CombinePadEntry
1800 };
1801
1802 /**
1803 Edit entry information in the database.
1804
1805 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1806 @param[in] Data The pointer to the data.
1807 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1808
1809 @retval EFI_SUCCESS Continue the iteration.
1810 @retval EFI_ABORTED Abort the iteration.
1811 **/
1812 EFI_STATUS
1813 EditOperatePolicyEntry (
1814 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1815 IN VOID *Data,
1816 IN EDIT_POLICY_ENTRY_CONTEXT *Context
1817 )
1818 {
1819 EFI_STATUS Status;
1820 BOOLEAN CreateNew;
1821
1822 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1823 ASSERT (Context->DataType < 3);
1824
1825 Status = mCombinePolicyEntry[Context->DataType] (
1826 Selector,
1827 Data,
1828 Context->Selector,
1829 Context->Data,
1830 Context->Mask,
1831 &CreateNew
1832 );
1833 if (!EFI_ERROR (Status)) {
1834 if (CreateNew) {
1835 //
1836 // Insert new entry before old entry
1837 //
1838 Status = mIpSecConfig->SetData (
1839 mIpSecConfig,
1840 Context->DataType,
1841 Context->Selector,
1842 Data,
1843 Selector
1844 );
1845 ASSERT_EFI_ERROR (Status);
1846 //
1847 // Delete old entry
1848 //
1849 Status = mIpSecConfig->SetData (
1850 mIpSecConfig,
1851 Context->DataType,
1852 Selector,
1853 NULL,
1854 NULL
1855 );
1856 ASSERT_EFI_ERROR (Status);
1857 } else {
1858 Status = mIpSecConfig->SetData (
1859 mIpSecConfig,
1860 Context->DataType,
1861 Context->Selector,
1862 Data,
1863 NULL
1864 );
1865 }
1866 }
1867
1868 Context->Status = Status;
1869 return EFI_ABORTED;
1870 }
1871
1872 return EFI_SUCCESS;
1873 }
1874
1875 /**
1876 Edit entry information in database according to datatype.
1877
1878 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1879 @param[in] ParamPackage The pointer to the ParamPackage list.
1880
1881 @retval EFI_SUCCESS Edit entry information successfully.
1882 @retval EFI_NOT_FOUND Can't find the specified entry.
1883 @retval Others Some mistaken case.
1884 **/
1885 EFI_STATUS
1886 EditPolicyEntry (
1887 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1888 IN LIST_ENTRY *ParamPackage
1889 )
1890 {
1891 EFI_STATUS Status;
1892 EDIT_POLICY_ENTRY_CONTEXT Context;
1893 CONST CHAR16 *ValueStr;
1894
1895 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
1896 if (ValueStr == NULL) {
1897 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1898 return EFI_NOT_FOUND;
1899 }
1900
1901 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1902 if (!EFI_ERROR (Status)) {
1903 Context.DataType = DataType;
1904 Context.Status = EFI_NOT_FOUND;
1905 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
1906 if (!EFI_ERROR (Status)) {
1907 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
1908 Status = Context.Status;
1909 }
1910
1911 if (Context.Selector != NULL) {
1912 gBS->FreePool (Context.Selector);
1913 }
1914
1915 if (Context.Data != NULL) {
1916 gBS->FreePool (Context.Data);
1917 }
1918 }
1919
1920 if (Status == EFI_NOT_FOUND) {
1921 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
1922 } else if (EFI_ERROR (Status)) {
1923 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
1924 }
1925
1926 return Status;
1927
1928 }
1929
1930 /**
1931 Insert entry information in database.
1932
1933 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1934 @param[in] Data The pointer to the data.
1935 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1936
1937 @retval EFI_SUCCESS Continue the iteration.
1938 @retval EFI_ABORTED Abort the iteration.
1939 **/
1940 EFI_STATUS
1941 InsertPolicyEntry (
1942 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1943 IN VOID *Data,
1944 IN INSERT_POLICY_ENTRY_CONTEXT *Context
1945 )
1946 {
1947 //
1948 // Found the entry which we want to insert before.
1949 //
1950 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1951
1952 Context->Status = mIpSecConfig->SetData (
1953 mIpSecConfig,
1954 Context->DataType,
1955 Context->Selector,
1956 Context->Data,
1957 Selector
1958 );
1959 //
1960 // Abort the iteration after the insertion.
1961 //
1962 return EFI_ABORTED;
1963 }
1964
1965 return EFI_SUCCESS;
1966 }
1967
1968 /**
1969 Insert or add entry information in database according to datatype.
1970
1971 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1972 @param[in] ParamPackage The pointer to the ParamPackage list.
1973
1974 @retval EFI_SUCCESS Insert or add entry information successfully.
1975 @retval EFI_NOT_FOUND Can't find the specified entry.
1976 @retval EFI_BUFFER_TOO_SMALL The entry already existed.
1977 @retval EFI_UNSUPPORTED The operation is not supported.
1978 @retval Others Some mistaken case.
1979 **/
1980 EFI_STATUS
1981 AddOrInsertPolicyEntry (
1982 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1983 IN LIST_ENTRY *ParamPackage
1984 )
1985 {
1986 EFI_STATUS Status;
1987 EFI_IPSEC_CONFIG_SELECTOR *Selector;
1988 VOID *Data;
1989 INSERT_POLICY_ENTRY_CONTEXT Context;
1990 UINT32 Mask;
1991 UINTN DataSize;
1992 CONST CHAR16 *ValueStr;
1993
1994 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
1995 if (!EFI_ERROR (Status)) {
1996 //
1997 // Find if the Selector to be inserted already exists.
1998 //
1999 DataSize = 0;
2000 Status = mIpSecConfig->GetData (
2001 mIpSecConfig,
2002 DataType,
2003 Selector,
2004 &DataSize,
2005 NULL
2006 );
2007 if (Status == EFI_BUFFER_TOO_SMALL) {
2008 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
2009 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
2010 Status = mIpSecConfig->SetData (
2011 mIpSecConfig,
2012 DataType,
2013 Selector,
2014 Data,
2015 NULL
2016 );
2017 } else {
2018 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
2019 if (ValueStr == NULL) {
2020 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
2021 return EFI_NOT_FOUND;
2022 }
2023
2024 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
2025 if (!EFI_ERROR (Status)) {
2026 Context.DataType = DataType;
2027 Context.Status = EFI_NOT_FOUND;
2028 Context.Selector = Selector;
2029 Context.Data = Data;
2030
2031 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
2032 Status = Context.Status;
2033 if (Status == EFI_NOT_FOUND) {
2034 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
2035 }
2036 }
2037 }
2038
2039 gBS->FreePool (Selector);
2040 gBS->FreePool (Data);
2041 }
2042
2043 if (Status == EFI_UNSUPPORTED) {
2044 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
2045 } else if (EFI_ERROR (Status)) {
2046 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
2047 }
2048
2049 return Status;
2050 }
EFI Development Kit II mirror for PVE