2 The implementation of IPSEC_CONFIG_PROTOCOL.
4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include "IpSecConfigImpl.h"
11 #include "IpSecDebug.h"
13 LIST_ENTRY mConfigData
[IPsecConfigDataTypeMaximum
];
14 BOOLEAN mSetBySelf
= FALSE
;
17 // Common CompareSelector routine entry for SPD/SAD/PAD.
19 IPSEC_COMPARE_SELECTOR mCompareSelector
[] = {
20 (IPSEC_COMPARE_SELECTOR
) CompareSpdSelector
,
21 (IPSEC_COMPARE_SELECTOR
) CompareSaId
,
22 (IPSEC_COMPARE_SELECTOR
) ComparePadId
26 // Common IsZeroSelector routine entry for SPD/SAD/PAD.
28 IPSEC_IS_ZERO_SELECTOR mIsZeroSelector
[] = {
29 (IPSEC_IS_ZERO_SELECTOR
) IsZeroSpdSelector
,
30 (IPSEC_IS_ZERO_SELECTOR
) IsZeroSaId
,
31 (IPSEC_IS_ZERO_SELECTOR
) IsZeroPadId
35 // Common DuplicateSelector routine entry for SPD/SAD/PAD.
37 IPSEC_DUPLICATE_SELECTOR mDuplicateSelector
[] = {
38 (IPSEC_DUPLICATE_SELECTOR
) DuplicateSpdSelector
,
39 (IPSEC_DUPLICATE_SELECTOR
) DuplicateSaId
,
40 (IPSEC_DUPLICATE_SELECTOR
) DuplicatePadId
44 // Common FixPolicyEntry routine entry for SPD/SAD/PAD.
46 IPSEC_FIX_POLICY_ENTRY mFixPolicyEntry
[] = {
47 (IPSEC_FIX_POLICY_ENTRY
) FixSpdEntry
,
48 (IPSEC_FIX_POLICY_ENTRY
) FixSadEntry
,
49 (IPSEC_FIX_POLICY_ENTRY
) FixPadEntry
53 // Common UnfixPolicyEntry routine entry for SPD/SAD/PAD.
55 IPSEC_FIX_POLICY_ENTRY mUnfixPolicyEntry
[] = {
56 (IPSEC_FIX_POLICY_ENTRY
) UnfixSpdEntry
,
57 (IPSEC_FIX_POLICY_ENTRY
) UnfixSadEntry
,
58 (IPSEC_FIX_POLICY_ENTRY
) UnfixPadEntry
62 // Common SetPolicyEntry routine entry for SPD/SAD/PAD.
64 IPSEC_SET_POLICY_ENTRY mSetPolicyEntry
[] = {
65 (IPSEC_SET_POLICY_ENTRY
) SetSpdEntry
,
66 (IPSEC_SET_POLICY_ENTRY
) SetSadEntry
,
67 (IPSEC_SET_POLICY_ENTRY
) SetPadEntry
71 // Common GetPolicyEntry routine entry for SPD/SAD/PAD.
73 IPSEC_GET_POLICY_ENTRY mGetPolicyEntry
[] = {
74 (IPSEC_GET_POLICY_ENTRY
) GetSpdEntry
,
75 (IPSEC_GET_POLICY_ENTRY
) GetSadEntry
,
76 (IPSEC_GET_POLICY_ENTRY
) GetPadEntry
80 // Routine entry for IpSecConfig protocol.
82 EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance
= {
83 EfiIpSecConfigSetData
,
84 EfiIpSecConfigGetData
,
85 EfiIpSecConfigGetNextSelector
,
86 EfiIpSecConfigRegisterNotify
,
87 EfiIpSecConfigUnregisterNotify
91 Get the all IPSec configuration variables and store those variables
92 to the internal data structure.
94 This founction is called by IpSecConfigInitialize() that is to intialize the
95 IPsecConfiguration Protocol.
97 @param[in] Private Point to IPSEC_PRIVATE_DATA.
99 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
100 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
101 @retval others Other errors is found during the variable getting.
106 IN IPSEC_PRIVATE_DATA
*Private
110 Check if the specified EFI_IP_ADDRESS_INFO is in EFI_IP_ADDRESS_INFO list.
112 @param[in] AddressInfo Pointer of IP_ADDRESS_INFO to be search in AddressInfo list.
113 @param[in] AddressInfoList A list that contains IP_ADDRESS_INFOs.
114 @param[in] AddressCount Point out how many IP_ADDRESS_INFO in the list.
116 @retval TRUE The specified AddressInfo is in the AddressInfoList.
117 @retval FALSE The specified AddressInfo is not in the AddressInfoList.
122 IN EFI_IP_ADDRESS_INFO
*AddressInfo
,
123 IN EFI_IP_ADDRESS_INFO
*AddressInfoList
,
124 IN UINT32 AddressCount
128 EFI_IP_ADDRESS ZeroAddress
;
130 ZeroMem(&ZeroAddress
, sizeof (EFI_IP_ADDRESS
));
133 // Zero Address means any address is matched.
135 if (AddressCount
== 1) {
137 &AddressInfoList
[0].Address
,
139 sizeof (EFI_IP_ADDRESS
)
144 for (Index
= 0; Index
< AddressCount
; Index
++) {
147 &AddressInfoList
[Index
].Address
,
148 sizeof (EFI_IP_ADDRESS
)
150 AddressInfo
->PrefixLength
== AddressInfoList
[Index
].PrefixLength
159 Compare two SPD Selectors.
161 Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
162 NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
163 Local Addresses and remote Addresses.
165 @param[in] Selector1 Pointer of first SPD Selector.
166 @param[in] Selector2 Pointer of second SPD Selector.
168 @retval TRUE This two Selector have the same value in above fields.
169 @retval FALSE Not all above fields have the same value in these two Selectors.
174 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
175 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
178 EFI_IPSEC_SPD_SELECTOR
*SpdSel1
;
179 EFI_IPSEC_SPD_SELECTOR
*SpdSel2
;
183 SpdSel1
= &Selector1
->SpdSelector
;
184 SpdSel2
= &Selector2
->SpdSelector
;
188 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
189 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
190 // two Spdselectors. Since the SPD supports two directions, it needs to
191 // compare two directions.
193 if ((SpdSel1
->LocalAddressCount
!= SpdSel2
->LocalAddressCount
&&
194 SpdSel1
->LocalAddressCount
!= SpdSel2
->RemoteAddressCount
) ||
195 (SpdSel1
->RemoteAddressCount
!= SpdSel2
->RemoteAddressCount
&&
196 SpdSel1
->RemoteAddressCount
!= SpdSel2
->LocalAddressCount
) ||
197 SpdSel1
->NextLayerProtocol
!= SpdSel2
->NextLayerProtocol
||
198 SpdSel1
->LocalPort
!= SpdSel2
->LocalPort
||
199 SpdSel1
->LocalPortRange
!= SpdSel2
->LocalPortRange
||
200 SpdSel1
->RemotePort
!= SpdSel2
->RemotePort
||
201 SpdSel1
->RemotePortRange
!= SpdSel2
->RemotePortRange
208 // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
209 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
210 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
213 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
214 if (!IsInAddressInfoList (
215 &SpdSel1
->LocalAddress
[Index
],
216 SpdSel2
->LocalAddress
,
217 SpdSel2
->LocalAddressCount
224 for (Index
= 0; Index
< SpdSel2
->LocalAddressCount
; Index
++) {
225 if (!IsInAddressInfoList (
226 &SpdSel2
->LocalAddress
[Index
],
227 SpdSel1
->LocalAddress
,
228 SpdSel1
->LocalAddressCount
236 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
237 if (!IsInAddressInfoList (
238 &SpdSel1
->RemoteAddress
[Index
],
239 SpdSel2
->RemoteAddress
,
240 SpdSel2
->RemoteAddressCount
248 for (Index
= 0; Index
< SpdSel2
->RemoteAddressCount
; Index
++) {
249 if (!IsInAddressInfoList (
250 &SpdSel2
->RemoteAddress
[Index
],
251 SpdSel1
->RemoteAddress
,
252 SpdSel1
->RemoteAddressCount
260 // Finish the one direction compare. If it is matched, return; otherwise,
261 // compare the other direction.
267 // Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and
268 // SpdSel1->RemoteAddress doesn't equal to SpdSel2->RemoteAddress. Try to compare
269 // the RemoteAddress to LocalAddress.
272 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
273 if (!IsInAddressInfoList (
274 &SpdSel1
->RemoteAddress
[Index
],
275 SpdSel2
->LocalAddress
,
276 SpdSel2
->LocalAddressCount
283 for (Index
= 0; Index
< SpdSel2
->RemoteAddressCount
; Index
++) {
284 if (!IsInAddressInfoList (
285 &SpdSel2
->RemoteAddress
[Index
],
286 SpdSel1
->LocalAddress
,
287 SpdSel1
->LocalAddressCount
295 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
296 if (!IsInAddressInfoList (
297 &SpdSel1
->LocalAddress
[Index
],
298 SpdSel2
->RemoteAddress
,
299 SpdSel2
->RemoteAddressCount
307 for (Index
= 0; Index
< SpdSel2
->LocalAddressCount
; Index
++) {
308 if (!IsInAddressInfoList (
309 &SpdSel2
->LocalAddress
[Index
],
310 SpdSel1
->RemoteAddress
,
311 SpdSel1
->RemoteAddressCount
322 Find if the two SPD Selectors has subordinative.
324 Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
325 NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
326 Local Addresses and remote Addresses.
328 @param[in] Selector1 Pointer of first SPD Selector.
329 @param[in] Selector2 Pointer of second SPD Selector.
331 @retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.
332 @retval FALSE The first SPD Selector is not subordinate Selector of second
338 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
339 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
342 EFI_IPSEC_SPD_SELECTOR
*SpdSel1
;
343 EFI_IPSEC_SPD_SELECTOR
*SpdSel2
;
347 SpdSel1
= &Selector1
->SpdSelector
;
348 SpdSel2
= &Selector2
->SpdSelector
;
352 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
353 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
354 // two Spdselectors. Since the SPD supports two directions, it needs to
355 // compare two directions.
357 if (SpdSel1
->LocalAddressCount
> SpdSel2
->LocalAddressCount
||
358 SpdSel1
->RemoteAddressCount
> SpdSel2
->RemoteAddressCount
||
359 (SpdSel1
->NextLayerProtocol
!= SpdSel2
->NextLayerProtocol
&& SpdSel2
->NextLayerProtocol
!= 0xffff) ||
360 (SpdSel1
->LocalPort
> SpdSel2
->LocalPort
&& SpdSel2
->LocalPort
!= 0)||
361 (SpdSel1
->LocalPortRange
> SpdSel2
->LocalPortRange
&& SpdSel1
->LocalPort
!= 0)||
362 (SpdSel1
->RemotePort
> SpdSel2
->RemotePort
&& SpdSel2
->RemotePort
!= 0) ||
363 (SpdSel1
->RemotePortRange
> SpdSel2
->RemotePortRange
&& SpdSel2
->RemotePort
!= 0)
369 // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
370 // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
371 // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
375 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
376 if (!IsInAddressInfoList (
377 &SpdSel1
->LocalAddress
[Index
],
378 SpdSel2
->LocalAddress
,
379 SpdSel2
->LocalAddressCount
387 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
388 if (!IsInAddressInfoList (
389 &SpdSel1
->RemoteAddress
[Index
],
390 SpdSel2
->RemoteAddress
,
391 SpdSel2
->RemoteAddressCount
405 // The SPD selector in SPD entry is two way.
407 // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
408 // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
409 // two Spdselectors. Since the SPD supports two directions, it needs to
410 // compare two directions.
413 if (SpdSel1
->LocalAddressCount
> SpdSel2
->RemoteAddressCount
||
414 SpdSel1
->RemoteAddressCount
> SpdSel2
->LocalAddressCount
||
415 (SpdSel1
->NextLayerProtocol
!= SpdSel2
->NextLayerProtocol
&& SpdSel2
->NextLayerProtocol
!= 0xffff) ||
416 (SpdSel1
->LocalPort
> SpdSel2
->RemotePort
&& SpdSel2
->RemotePort
!= 0)||
417 (SpdSel1
->LocalPortRange
> SpdSel2
->RemotePortRange
&& SpdSel1
->RemotePort
!= 0)||
418 (SpdSel1
->RemotePort
> SpdSel2
->LocalPort
&& SpdSel2
->LocalPort
!= 0) ||
419 (SpdSel1
->RemotePortRange
> SpdSel2
->LocalPortRange
&& SpdSel2
->LocalPort
!= 0)
426 // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
427 // First, SpdSel1->LocalAddress to SpdSel2->RemoteAddress && Compare
428 // SpdSel1->RemoteAddress to SpdSel2->LocalAddress. If all match, return
431 for (Index
= 0; Index
< SpdSel1
->LocalAddressCount
; Index
++) {
432 if (!IsInAddressInfoList (
433 &SpdSel1
->LocalAddress
[Index
],
434 SpdSel2
->RemoteAddress
,
435 SpdSel2
->RemoteAddressCount
443 for (Index
= 0; Index
< SpdSel1
->RemoteAddressCount
; Index
++) {
444 if (!IsInAddressInfoList (
445 &SpdSel1
->RemoteAddress
[Index
],
446 SpdSel2
->LocalAddress
,
447 SpdSel2
->LocalAddressCount
461 @param[in] Selector1 Pointer of first SA ID.
462 @param[in] Selector2 Pointer of second SA ID.
464 @retval TRUE This two Selectors have the same SA ID.
465 @retval FALSE This two Selecotrs don't have the same SA ID.
470 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
471 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
474 EFI_IPSEC_SA_ID
*SaId1
;
475 EFI_IPSEC_SA_ID
*SaId2
;
478 SaId1
= &Selector1
->SaId
;
479 SaId2
= &Selector2
->SaId
;
482 if (CompareMem (SaId1
, SaId2
, sizeof (EFI_IPSEC_SA_ID
)) != 0) {
492 @param[in] Selector1 Pointer of first PAD ID.
493 @param[in] Selector2 Pointer of second PAD ID.
495 @retval TRUE This two Selectors have the same PAD ID.
496 @retval FALSE This two Selecotrs don't have the same PAD ID.
501 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector1
,
502 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector2
505 EFI_IPSEC_PAD_ID
*PadId1
;
506 EFI_IPSEC_PAD_ID
*PadId2
;
509 PadId1
= &Selector1
->PadId
;
510 PadId2
= &Selector2
->PadId
;
514 // Compare the PeerIdValid fields in PadId.
516 if (PadId1
->PeerIdValid
!= PadId2
->PeerIdValid
) {
520 // Compare the PeerId fields in PadId if PeerIdValid is true.
523 PadId1
->PeerIdValid
&&
524 AsciiStriCmp ((CONST CHAR8
*) PadId1
->Id
.PeerId
, (CONST CHAR8
*) PadId2
->Id
.PeerId
) != 0
529 // Compare the IpAddress fields in PadId if PeerIdValid is false.
532 !PadId1
->PeerIdValid
&&
533 (PadId1
->Id
.IpAddress
.PrefixLength
!= PadId2
->Id
.IpAddress
.PrefixLength
||
534 CompareMem (&PadId1
->Id
.IpAddress
.Address
, &PadId2
->Id
.IpAddress
.Address
, sizeof (EFI_IP_ADDRESS
)) != 0)
543 Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount
546 @param[in] Selector Pointer of the SPD Selector.
548 @retval TRUE If the SPD Selector is Zero.
549 @retval FALSE If the SPD Selector is not Zero.
554 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
557 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
560 SpdSel
= &Selector
->SpdSelector
;
563 if (SpdSel
->LocalAddressCount
== 0 && SpdSel
->RemoteAddressCount
== 0) {
571 Check if the SA ID is Zero by its DestAddress.
573 @param[in] Selector Pointer of the SA ID.
575 @retval TRUE If the SA ID is Zero.
576 @retval FALSE If the SA ID is not Zero.
581 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
585 EFI_IPSEC_CONFIG_SELECTOR ZeroSelector
;
589 ZeroMem (&ZeroSelector
, sizeof (EFI_IPSEC_CONFIG_SELECTOR
));
591 if (CompareMem (&ZeroSelector
, Selector
, sizeof (EFI_IPSEC_CONFIG_SELECTOR
)) == 0) {
599 Check if the PAD ID is Zero.
601 @param[in] Selector Pointer of the PAD ID.
603 @retval TRUE If the PAD ID is Zero.
604 @retval FALSE If the PAD ID is not Zero.
609 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
612 EFI_IPSEC_PAD_ID
*PadId
;
613 EFI_IPSEC_PAD_ID ZeroId
;
616 PadId
= &Selector
->PadId
;
619 ZeroMem (&ZeroId
, sizeof (EFI_IPSEC_PAD_ID
));
621 if (CompareMem (PadId
, &ZeroId
, sizeof (EFI_IPSEC_PAD_ID
)) == 0) {
629 Copy Source SPD Selector to the Destination SPD Selector.
631 @param[in, out] DstSel Pointer of Destination SPD Selector.
632 @param[in] SrcSel Pointer of Source SPD Selector.
633 @param[in, out] Size The size of the Destination SPD Selector. If it
634 not NULL and its value less than the size of
635 Source SPD Selector, the value of Source SPD
636 Selector's size will be passed to caller by this
639 @retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL
640 @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
641 @retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD
642 Selector successfully.
646 DuplicateSpdSelector (
647 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
648 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
652 EFI_IPSEC_SPD_SELECTOR
*Dst
;
653 EFI_IPSEC_SPD_SELECTOR
*Src
;
655 Dst
= &DstSel
->SpdSelector
;
656 Src
= &SrcSel
->SpdSelector
;
658 if (Dst
== NULL
|| Src
== NULL
) {
659 return EFI_INVALID_PARAMETER
;
662 if (Size
!= NULL
&& (*Size
) < SIZE_OF_SPD_SELECTOR (Src
)) {
663 *Size
= SIZE_OF_SPD_SELECTOR (Src
);
664 return EFI_BUFFER_TOO_SMALL
;
667 // Copy the base structure of SPD selector.
669 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_SPD_SELECTOR
));
672 // Copy the local address array of SPD selector.
674 Dst
->LocalAddress
= (EFI_IP_ADDRESS_INFO
*) (Dst
+ 1);
678 sizeof (EFI_IP_ADDRESS_INFO
) * Dst
->LocalAddressCount
682 // Copy the remote address array of SPD selector.
684 Dst
->RemoteAddress
= Dst
->LocalAddress
+ Dst
->LocalAddressCount
;
688 sizeof (EFI_IP_ADDRESS_INFO
) * Dst
->RemoteAddressCount
695 Copy Source SA ID to the Destination SA ID.
697 @param[in, out] DstSel Pointer of Destination SA ID.
698 @param[in] SrcSel Pointer of Source SA ID.
699 @param[in, out] Size The size of the Destination SA ID. If it
700 not NULL and its value less than the size of
701 Source SA ID, the value of Source SA ID's size
702 will be passed to caller by this parameter.
704 @retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.
705 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
706 @retval EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.
711 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
712 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
716 EFI_IPSEC_SA_ID
*Dst
;
717 EFI_IPSEC_SA_ID
*Src
;
722 if (Dst
== NULL
|| Src
== NULL
) {
723 return EFI_INVALID_PARAMETER
;
726 if (Size
!= NULL
&& *Size
< sizeof (EFI_IPSEC_SA_ID
)) {
727 *Size
= sizeof (EFI_IPSEC_SA_ID
);
728 return EFI_BUFFER_TOO_SMALL
;
731 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_SA_ID
));
737 Copy Source PAD ID to the Destination PAD ID.
739 @param[in, out] DstSel Pointer of Destination PAD ID.
740 @param[in] SrcSel Pointer of Source PAD ID.
741 @param[in, out] Size The size of the Destination PAD ID. If it
742 not NULL and its value less than the size of
743 Source PAD ID, the value of Source PAD ID's size
744 will be passed to caller by this parameter.
746 @retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.
747 @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID .
748 @retval EFI_SUCCESS Copy Source PAD ID to the Destination PAD ID successfully.
753 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*DstSel
,
754 IN EFI_IPSEC_CONFIG_SELECTOR
*SrcSel
,
758 EFI_IPSEC_PAD_ID
*Dst
;
759 EFI_IPSEC_PAD_ID
*Src
;
761 Dst
= &DstSel
->PadId
;
762 Src
= &SrcSel
->PadId
;
764 if (Dst
== NULL
|| Src
== NULL
) {
765 return EFI_INVALID_PARAMETER
;
768 if (Size
!= NULL
&& *Size
< sizeof (EFI_IPSEC_PAD_ID
)) {
769 *Size
= sizeof (EFI_IPSEC_PAD_ID
);
770 return EFI_BUFFER_TOO_SMALL
;
773 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_PAD_ID
));
779 Fix the value of some members of SPD Selector.
781 This function is called by IpSecCopyPolicyEntry()which copy the Policy
782 Entry into the Variable. Since some members in SPD Selector are pointers,
783 a physical address to relative address convertion is required before copying
784 this SPD entry into the variable.
786 @param[in] Selector Pointer of SPD Selector.
787 @param[in, out] Data Pointer of SPD Data.
792 IN EFI_IPSEC_SPD_SELECTOR
*Selector
,
793 IN OUT EFI_IPSEC_SPD_DATA
*Data
797 // It assumes that all ref buffers in SPD selector and data are
798 // stored in the continous memory and close to the base structure.
800 FIX_REF_BUF_ADDR (Selector
->LocalAddress
, Selector
);
801 FIX_REF_BUF_ADDR (Selector
->RemoteAddress
, Selector
);
803 if (Data
->ProcessingPolicy
!= NULL
) {
804 if (Data
->ProcessingPolicy
->TunnelOption
!= NULL
) {
805 FIX_REF_BUF_ADDR (Data
->ProcessingPolicy
->TunnelOption
, Data
);
808 FIX_REF_BUF_ADDR (Data
->ProcessingPolicy
, Data
);
814 Fix the value of some members of SA ID.
816 This function is called by IpSecCopyPolicyEntry()which copy the Policy
817 Entry into the Variable. Since some members in SA ID are pointers,
818 a physical address to relative address conversion is required before copying
819 this SAD into the variable.
821 @param[in] SaId Pointer of SA ID
822 @param[in, out] Data Pointer of SA Data.
827 IN EFI_IPSEC_SA_ID
*SaId
,
828 IN OUT EFI_IPSEC_SA_DATA2
*Data
832 // It assumes that all ref buffers in SAD selector and data are
833 // stored in the continous memory and close to the base structure.
835 if (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
!= NULL
) {
836 FIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
, Data
);
839 if (SaId
->Proto
== EfiIPsecESP
&& Data
->AlgoInfo
.EspAlgoInfo
.EncKey
!= NULL
) {
840 FIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.EncKey
, Data
);
843 if (Data
->SpdSelector
!= NULL
) {
844 if (Data
->SpdSelector
->LocalAddress
!= NULL
) {
845 FIX_REF_BUF_ADDR (Data
->SpdSelector
->LocalAddress
, Data
);
848 FIX_REF_BUF_ADDR (Data
->SpdSelector
->RemoteAddress
, Data
);
849 FIX_REF_BUF_ADDR (Data
->SpdSelector
, Data
);
855 Fix the value of some members of PAD ID.
857 This function is called by IpSecCopyPolicyEntry()which copy the Policy
858 Entry into the Variable. Since some members in PAD ID are pointers,
859 a physical address to relative address conversion is required before copying
860 this PAD into the variable.
862 @param[in] PadId Pointer of PAD ID.
863 @param[in, out] Data Pointer of PAD Data.
868 IN EFI_IPSEC_PAD_ID
*PadId
,
869 IN OUT EFI_IPSEC_PAD_DATA
*Data
873 // It assumes that all ref buffers in pad selector and data are
874 // stored in the continous memory and close to the base structure.
876 if (Data
->AuthData
!= NULL
) {
877 FIX_REF_BUF_ADDR (Data
->AuthData
, Data
);
880 if (Data
->RevocationData
!= NULL
) {
881 FIX_REF_BUF_ADDR (Data
->RevocationData
, Data
);
887 Recover the value of some members of SPD Selector.
889 This function is corresponding to FixSpdEntry(). It recovers the value of members
890 of SPD Selector that are fixed by FixSpdEntry().
892 @param[in, out] Selector Pointer of SPD Selector.
893 @param[in, out] Data Pointer of SPD Data.
898 IN OUT EFI_IPSEC_SPD_SELECTOR
*Selector
,
899 IN OUT EFI_IPSEC_SPD_DATA
*Data
903 // It assumes that all ref buffers in SPD selector and data are
904 // stored in the continous memory and close to the base structure.
906 UNFIX_REF_BUF_ADDR (Selector
->LocalAddress
, Selector
);
907 UNFIX_REF_BUF_ADDR (Selector
->RemoteAddress
, Selector
);
909 if (Data
->ProcessingPolicy
!= NULL
) {
910 UNFIX_REF_BUF_ADDR (Data
->ProcessingPolicy
, Data
);
911 if (Data
->ProcessingPolicy
->TunnelOption
!= NULL
) {
912 UNFIX_REF_BUF_ADDR (Data
->ProcessingPolicy
->TunnelOption
, Data
);
919 Recover the value of some members of SA ID.
921 This function is corresponding to FixSadEntry(). It recovers the value of members
922 of SAD ID that are fixed by FixSadEntry().
924 @param[in, out] SaId Pointer of SAD ID.
925 @param[in, out] Data Pointer of SAD Data.
930 IN OUT EFI_IPSEC_SA_ID
*SaId
,
931 IN OUT EFI_IPSEC_SA_DATA2
*Data
935 // It assumes that all ref buffers in SAD selector and data are
936 // stored in the continous memory and close to the base structure.
938 if (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
!= NULL
) {
939 UNFIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
, Data
);
942 if (SaId
->Proto
== EfiIPsecESP
&& Data
->AlgoInfo
.EspAlgoInfo
.EncKey
!= NULL
) {
943 UNFIX_REF_BUF_ADDR (Data
->AlgoInfo
.EspAlgoInfo
.EncKey
, Data
);
946 if (Data
->SpdSelector
!= NULL
) {
947 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
, Data
);
948 if (Data
->SpdSelector
->LocalAddress
!= NULL
) {
949 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
->LocalAddress
, Data
);
952 UNFIX_REF_BUF_ADDR (Data
->SpdSelector
->RemoteAddress
, Data
);
958 Recover the value of some members of PAD ID.
960 This function is corresponding to FixPadEntry(). It recovers the value of members
961 of PAD ID that are fixed by FixPadEntry().
963 @param[in] PadId Pointer of PAD ID.
964 @param[in, out] Data Pointer of PAD Data.
969 IN EFI_IPSEC_PAD_ID
*PadId
,
970 IN OUT EFI_IPSEC_PAD_DATA
*Data
974 // It assumes that all ref buffers in pad selector and data are
975 // stored in the continous memory and close to the base structure.
977 if (Data
->AuthData
!= NULL
) {
978 UNFIX_REF_BUF_ADDR (Data
->AuthData
, Data
);
981 if (Data
->RevocationData
!= NULL
) {
982 UNFIX_REF_BUF_ADDR (Data
->RevocationData
, Data
);
988 Set the security policy information for the EFI IPsec driver.
990 The IPsec configuration data has a unique selector/identifier separately to
991 identify a data entry.
993 @param[in] Selector Pointer to an entry selector on operated
994 configuration data specified by DataType.
995 A NULL Selector causes the entire specified-type
996 configuration information to be flushed.
997 @param[in] Data The data buffer to be set. The structure
998 of the data buffer should be EFI_IPSEC_SPD_DATA.
999 @param[in] Context Pointer to one entry selector that describes
1000 the expected position the new data entry will
1001 be added. If Context is NULL, the new entry will
1002 be appended the end of database.
1004 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
1005 - Selector is not NULL and its LocalAddress
1006 is NULL or its RemoteAddress is NULL.
1007 - Data is not NULL and its Action is Protected
1008 and its plolicy is NULL.
1009 - Data is not NULL, its Action is not protected,
1010 and its policy is not NULL.
1011 - The Action of Data is Protected, its policy
1012 mode is Tunnel, and its tunnel option is NULL.
1013 - The Action of Data is protected and its policy
1014 mode is not Tunnel and it tunnel option is not NULL.
1015 - SadEntry requied to be set into new SpdEntry's Sas has
1016 been found but it is invalid.
1017 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
1018 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1023 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1025 IN VOID
*Context OPTIONAL
1028 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
1029 EFI_IPSEC_SPD_DATA
*SpdData
;
1030 EFI_IPSEC_SPD_SELECTOR
*InsertBefore
;
1031 LIST_ENTRY
*SpdList
;
1032 LIST_ENTRY
*SadList
;
1034 LIST_ENTRY
*EntryInsertBefore
;
1037 LIST_ENTRY
*NextEntry
;
1038 LIST_ENTRY
*NextEntry2
;
1039 IPSEC_SPD_ENTRY
*SpdEntry
;
1040 IPSEC_SAD_ENTRY
*SadEntry
;
1044 SpdSel
= (Selector
== NULL
) ? NULL
: &Selector
->SpdSelector
;
1045 SpdData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_SPD_DATA
*) Data
;
1046 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->SpdSelector
;
1047 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
1049 if (SpdSel
!= NULL
) {
1050 if (SpdSel
->LocalAddress
== NULL
|| SpdSel
->RemoteAddress
== NULL
) {
1051 return EFI_INVALID_PARAMETER
;
1055 if (SpdData
!= NULL
) {
1056 if ((SpdData
->Action
== EfiIPsecActionProtect
&& SpdData
->ProcessingPolicy
== NULL
) ||
1057 (SpdData
->Action
!= EfiIPsecActionProtect
&& SpdData
->ProcessingPolicy
!= NULL
)
1059 return EFI_INVALID_PARAMETER
;
1062 if (SpdData
->Action
== EfiIPsecActionProtect
) {
1063 if ((SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
&& SpdData
->ProcessingPolicy
->TunnelOption
== NULL
) ||
1064 (SpdData
->ProcessingPolicy
->Mode
!= EfiIPsecTunnel
&& SpdData
->ProcessingPolicy
->TunnelOption
!= NULL
)
1066 return EFI_INVALID_PARAMETER
;
1071 // The default behavior is to insert the node ahead of the header.
1073 EntryInsertBefore
= SpdList
;
1076 // Remove the existed SPD entry.
1078 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, SpdList
) {
1080 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1082 if (SpdSel
== NULL
||
1083 CompareSpdSelector ((EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
, (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
)
1086 // Record the existed entry position to keep the original order.
1088 EntryInsertBefore
= SpdEntry
->List
.ForwardLink
;
1089 RemoveEntryList (&SpdEntry
->List
);
1092 // Update the reverse ref of SAD entry in the SPD.sas list.
1094 SpdSas
= &SpdEntry
->Data
->Sas
;
1097 // Remove the related SAs from Sas(SadEntry->BySpd). If the SA entry is established by
1098 // IKE, remove from mConfigData list(SadEntry->List) and then free it directly since its
1099 // SpdEntry will be freed later.
1101 NET_LIST_FOR_EACH_SAFE (Entry2
, NextEntry2
, SpdSas
) {
1102 SadEntry
= IPSEC_SAD_ENTRY_FROM_SPD (Entry2
);
1104 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1105 RemoveEntryList (&SadEntry
->BySpd
);
1106 SadEntry
->Data
->SpdEntry
= NULL
;
1109 if (!(SadEntry
->Data
->ManualSet
)) {
1110 RemoveEntryList (&SadEntry
->List
);
1111 FreePool (SadEntry
);
1116 // Free the existed SPD entry
1118 FreePool (SpdEntry
);
1122 // Return success here if only want to remove the SPD entry.
1124 if (SpdData
== NULL
|| SpdSel
== NULL
) {
1128 // Search the appointed entry position if InsertBefore is not NULL.
1130 if (InsertBefore
!= NULL
) {
1132 NET_LIST_FOR_EACH (Entry
, SpdList
) {
1133 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1135 if (CompareSpdSelector (
1136 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
,
1137 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
1139 EntryInsertBefore
= Entry
;
1146 // Do Padding for the different Arch.
1148 SpdEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_SPD_ENTRY
));
1149 SpdEntrySize
= ALIGN_VARIABLE (SpdEntrySize
+ SIZE_OF_SPD_SELECTOR (SpdSel
));
1150 SpdEntrySize
+= IpSecGetSizeOfEfiSpdData (SpdData
);
1152 SpdEntry
= AllocateZeroPool (SpdEntrySize
);
1154 if (SpdEntry
== NULL
) {
1155 return EFI_OUT_OF_RESOURCES
;
1158 // Fix the address of Selector and Data buffer and copy them, which is
1159 // continous memory and close to the base structure of SPD entry.
1161 SpdEntry
->Selector
= (EFI_IPSEC_SPD_SELECTOR
*) ALIGN_POINTER ((SpdEntry
+ 1), sizeof (UINTN
));
1162 SpdEntry
->Data
= (IPSEC_SPD_DATA
*) ALIGN_POINTER (
1163 ((UINT8
*) SpdEntry
->Selector
+ SIZE_OF_SPD_SELECTOR (SpdSel
)),
1167 DuplicateSpdSelector (
1168 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
,
1169 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
1174 SpdEntry
->Data
->Name
,
1176 sizeof (SpdData
->Name
)
1178 SpdEntry
->Data
->PackageFlag
= SpdData
->PackageFlag
;
1179 SpdEntry
->Data
->TrafficDirection
= SpdData
->TrafficDirection
;
1180 SpdEntry
->Data
->Action
= SpdData
->Action
;
1183 // Fix the address of ProcessingPolicy and copy it if need, which is continous
1184 // memory and close to the base structure of SAD data.
1186 if (SpdData
->Action
!= EfiIPsecActionProtect
) {
1187 SpdEntry
->Data
->ProcessingPolicy
= NULL
;
1189 SpdEntry
->Data
->ProcessingPolicy
= (EFI_IPSEC_PROCESS_POLICY
*) ALIGN_POINTER (
1193 IpSecDuplicateProcessPolicy (SpdEntry
->Data
->ProcessingPolicy
, SpdData
->ProcessingPolicy
);
1196 // Update the sas list of the new SPD entry.
1198 InitializeListHead (&SpdEntry
->Data
->Sas
);
1200 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1202 NET_LIST_FOR_EACH (Entry
, SadList
) {
1203 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1205 for (Index
= 0; Index
< SpdData
->SaIdCount
; Index
++) {
1207 (EFI_IPSEC_CONFIG_SELECTOR
*) &SpdData
->SaId
[Index
],
1208 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
1211 // Check whether the found SadEntry is vaild.
1213 if (IsSubSpdSelector (
1214 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Data
->SpdSelector
,
1215 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
1217 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1218 RemoveEntryList (&SadEntry
->BySpd
);
1220 InsertTailList (&SpdEntry
->Data
->Sas
, &SadEntry
->BySpd
);
1221 SadEntry
->Data
->SpdEntry
= SpdEntry
;
1223 return EFI_INVALID_PARAMETER
;
1230 // Insert the new SPD entry.
1232 InsertTailList (EntryInsertBefore
, &SpdEntry
->List
);
1238 Set the security association information for the EFI IPsec driver.
1240 The IPsec configuration data has a unique selector/identifier separately to
1241 identify a data entry.
1243 @param[in] Selector Pointer to an entry selector on operated
1244 configuration data specified by DataType.
1245 A NULL Selector causes the entire specified-type
1246 configuration information to be flushed.
1247 @param[in] Data The data buffer to be set. The structure
1248 of the data buffer should be EFI_IPSEC_SA_DATA.
1249 @param[in] Context Pointer to one entry selector which describes
1250 the expected position the new data entry will
1251 be added. If Context is NULL,the new entry will
1252 be appended the end of database.
1254 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
1255 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1260 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1262 IN VOID
*Context OPTIONAL
1265 IPSEC_SAD_ENTRY
*SadEntry
;
1266 IPSEC_SPD_ENTRY
*SpdEntry
;
1268 LIST_ENTRY
*NextEntry
;
1269 LIST_ENTRY
*SadList
;
1270 LIST_ENTRY
*SpdList
;
1271 EFI_IPSEC_SA_ID
*SaId
;
1272 EFI_IPSEC_SA_DATA2
*SaData
;
1273 EFI_IPSEC_SA_ID
*InsertBefore
;
1274 LIST_ENTRY
*EntryInsertBefore
;
1277 SaId
= (Selector
== NULL
) ? NULL
: &Selector
->SaId
;
1278 SaData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_SA_DATA2
*) Data
;
1279 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->SaId
;
1280 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1283 // The default behavior is to insert the node ahead of the header.
1285 EntryInsertBefore
= SadList
;
1288 // Remove the existed SAD entry.
1290 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, SadList
) {
1292 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1296 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
,
1297 (EFI_IPSEC_CONFIG_SELECTOR
*) SaId
1300 // Record the existed entry position to keep the original order.
1302 EntryInsertBefore
= SadEntry
->List
.ForwardLink
;
1305 // Update the related SAD.byspd field.
1307 if (SadEntry
->Data
->SpdEntry
!= NULL
) {
1308 RemoveEntryList (&SadEntry
->BySpd
);
1311 RemoveEntryList (&SadEntry
->List
);
1312 FreePool (SadEntry
);
1316 // Return success here if only want to remove the SAD entry
1318 if (SaData
== NULL
|| SaId
== NULL
) {
1322 // Search the appointed entry position if InsertBefore is not NULL.
1324 if (InsertBefore
!= NULL
) {
1326 NET_LIST_FOR_EACH (Entry
, SadList
) {
1327 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1330 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
,
1331 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
1333 EntryInsertBefore
= Entry
;
1340 // Do Padding for different Arch.
1342 SadEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_SAD_ENTRY
));
1343 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ sizeof (EFI_IPSEC_SA_ID
));
1344 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ sizeof (IPSEC_SAD_DATA
));
1346 if (SaId
->Proto
== EfiIPsecAH
) {
1347 SadEntrySize
+= SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
;
1349 SadEntrySize
= ALIGN_VARIABLE (SadEntrySize
+ SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
1350 SadEntrySize
+= ALIGN_VARIABLE (SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
);
1353 if (SaData
->SpdSelector
!= NULL
) {
1354 SadEntrySize
+= SadEntrySize
+ SIZE_OF_SPD_SELECTOR (SaData
->SpdSelector
);
1356 SadEntry
= AllocateZeroPool (SadEntrySize
);
1358 if (SadEntry
== NULL
) {
1359 return EFI_OUT_OF_RESOURCES
;
1362 // Fix the address of Id and Data buffer and copy them, which is
1363 // continous memory and close to the base structure of SAD entry.
1365 SadEntry
->Id
= (EFI_IPSEC_SA_ID
*) ALIGN_POINTER ((SadEntry
+ 1), sizeof (UINTN
));
1366 SadEntry
->Data
= (IPSEC_SAD_DATA
*) ALIGN_POINTER ((SadEntry
->Id
+ 1), sizeof (UINTN
));
1368 CopyMem (SadEntry
->Id
, SaId
, sizeof (EFI_IPSEC_SA_ID
));
1370 SadEntry
->Data
->Mode
= SaData
->Mode
;
1371 SadEntry
->Data
->SequenceNumber
= SaData
->SNCount
;
1372 SadEntry
->Data
->AntiReplayWindowSize
= SaData
->AntiReplayWindows
;
1375 &SadEntry
->Data
->AntiReplayBitmap
,
1376 sizeof (SadEntry
->Data
->AntiReplayBitmap
)
1380 &SadEntry
->Data
->AlgoInfo
,
1381 sizeof (EFI_IPSEC_ALGO_INFO
)
1384 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
= SaData
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
;
1385 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
= SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
;
1387 if (SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
!= 0) {
1388 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SadEntry
->Data
+ 1), sizeof (UINTN
));
1390 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1391 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1392 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
1396 if (SaId
->Proto
== EfiIPsecESP
) {
1397 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
= SaData
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
;
1398 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
= SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
;
1400 if (SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
!= 0) {
1401 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
= (VOID
*) ALIGN_POINTER (
1402 ((UINT8
*) (SadEntry
->Data
+ 1) +
1403 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
),
1407 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1408 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1409 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
1415 &SadEntry
->Data
->SaLifetime
,
1416 &SaData
->SaLifetime
,
1417 sizeof (EFI_IPSEC_SA_LIFETIME
)
1420 SadEntry
->Data
->PathMTU
= SaData
->PathMTU
;
1421 SadEntry
->Data
->SpdSelector
= NULL
;
1422 SadEntry
->Data
->ESNEnabled
= FALSE
;
1423 SadEntry
->Data
->ManualSet
= SaData
->ManualSet
;
1426 // Copy Tunnel Source/Destination Address
1428 if (SaData
->Mode
== EfiIPsecTunnel
) {
1430 &SadEntry
->Data
->TunnelDestAddress
,
1431 &SaData
->TunnelDestinationAddress
,
1432 sizeof (EFI_IP_ADDRESS
)
1435 &SadEntry
->Data
->TunnelSourceAddress
,
1436 &SaData
->TunnelSourceAddress
,
1437 sizeof (EFI_IP_ADDRESS
)
1441 // Update the spd.sas list of the spd entry specified by SAD selector
1443 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
1445 for (Entry
= SpdList
->ForwardLink
; Entry
!= SpdList
&& SaData
->SpdSelector
!= NULL
; Entry
= Entry
->ForwardLink
) {
1447 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1448 if (IsSubSpdSelector (
1449 (EFI_IPSEC_CONFIG_SELECTOR
*) SaData
->SpdSelector
,
1450 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
1451 ) && SpdEntry
->Data
->Action
== EfiIPsecActionProtect
) {
1452 SadEntry
->Data
->SpdEntry
= SpdEntry
;
1453 SadEntry
->Data
->SpdSelector
= (EFI_IPSEC_SPD_SELECTOR
*)((UINT8
*)SadEntry
+
1455 SIZE_OF_SPD_SELECTOR (SaData
->SpdSelector
)
1457 DuplicateSpdSelector (
1458 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Data
->SpdSelector
,
1459 (EFI_IPSEC_CONFIG_SELECTOR
*) SaData
->SpdSelector
,
1462 InsertTailList (&SpdEntry
->Data
->Sas
, &SadEntry
->BySpd
);
1466 // Insert the new SAD entry.
1468 InsertTailList (EntryInsertBefore
, &SadEntry
->List
);
1474 Set the peer authorization configuration information for the EFI IPsec driver.
1476 The IPsec configuration data has a unique selector/identifier separately to
1477 identify a data entry.
1479 @param[in] Selector Pointer to an entry selector on operated
1480 configuration data specified by DataType.
1481 A NULL Selector causes the entire specified-type
1482 configuration information to be flushed.
1483 @param[in] Data The data buffer to be set. The structure
1484 of the data buffer should be EFI_IPSEC_PAD_DATA.
1485 @param[in] Context Pointer to one entry selector that describes
1486 the expected position the new data entry will
1487 be added. If Context is NULL, the new entry will
1488 be appended the end of database.
1490 @retval EFI_OUT_OF_RESOURCES The required system resources could not be allocated.
1491 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1496 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1498 IN VOID
*Context OPTIONAL
1501 IPSEC_PAD_ENTRY
*PadEntry
;
1502 EFI_IPSEC_PAD_ID
*PadId
;
1503 EFI_IPSEC_PAD_DATA
*PadData
;
1504 LIST_ENTRY
*PadList
;
1506 LIST_ENTRY
*NextEntry
;
1507 EFI_IPSEC_PAD_ID
*InsertBefore
;
1508 LIST_ENTRY
*EntryInsertBefore
;
1511 PadId
= (Selector
== NULL
) ? NULL
: &Selector
->PadId
;
1512 PadData
= (Data
== NULL
) ? NULL
: (EFI_IPSEC_PAD_DATA
*) Data
;
1513 InsertBefore
= (Context
== NULL
) ? NULL
: &((EFI_IPSEC_CONFIG_SELECTOR
*) Context
)->PadId
;
1514 PadList
= &mConfigData
[IPsecConfigDataTypePad
];
1517 // The default behavior is to insert the node ahead of the header.
1519 EntryInsertBefore
= PadList
;
1522 // Remove the existed pad entry.
1524 NET_LIST_FOR_EACH_SAFE (Entry
, NextEntry
, PadList
) {
1526 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1528 if (PadId
== NULL
||
1529 ComparePadId ((EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
, (EFI_IPSEC_CONFIG_SELECTOR
*) PadId
)
1532 // Record the existed entry position to keep the original order.
1534 EntryInsertBefore
= PadEntry
->List
.ForwardLink
;
1535 RemoveEntryList (&PadEntry
->List
);
1537 FreePool (PadEntry
);
1541 // Return success here if only want to remove the pad entry
1543 if (PadData
== NULL
|| PadId
== NULL
) {
1547 // Search the appointed entry position if InsertBefore is not NULL.
1549 if (InsertBefore
!= NULL
) {
1551 NET_LIST_FOR_EACH (Entry
, PadList
) {
1552 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1555 (EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
,
1556 (EFI_IPSEC_CONFIG_SELECTOR
*) InsertBefore
1558 EntryInsertBefore
= Entry
;
1565 // Do PADDING for different arch.
1567 PadEntrySize
= ALIGN_VARIABLE (sizeof (IPSEC_PAD_ENTRY
));
1568 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ sizeof (EFI_IPSEC_PAD_ID
));
1569 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ sizeof (EFI_IPSEC_PAD_DATA
));
1570 PadEntrySize
= ALIGN_VARIABLE (PadEntrySize
+ (PadData
->AuthData
!= NULL
? PadData
->AuthDataSize
: 0));
1571 PadEntrySize
+= PadData
->RevocationData
!= NULL
? PadData
->RevocationDataSize
: 0;
1573 PadEntry
= AllocateZeroPool (PadEntrySize
);
1575 if (PadEntry
== NULL
) {
1576 return EFI_OUT_OF_RESOURCES
;
1579 // Fix the address of Id and Data buffer and copy them, which is
1580 // continous memory and close to the base structure of pad entry.
1582 PadEntry
->Id
= (EFI_IPSEC_PAD_ID
*) ALIGN_POINTER ((PadEntry
+ 1), sizeof (UINTN
));
1583 PadEntry
->Data
= (EFI_IPSEC_PAD_DATA
*) ALIGN_POINTER ((PadEntry
->Id
+ 1), sizeof (UINTN
));
1585 CopyMem (PadEntry
->Id
, PadId
, sizeof (EFI_IPSEC_PAD_ID
));
1587 PadEntry
->Data
->AuthProtocol
= PadData
->AuthProtocol
;
1588 PadEntry
->Data
->AuthMethod
= PadData
->AuthMethod
;
1589 PadEntry
->Data
->IkeIdFlag
= PadData
->IkeIdFlag
;
1591 if (PadData
->AuthData
!= NULL
) {
1592 PadEntry
->Data
->AuthDataSize
= PadData
->AuthDataSize
;
1593 PadEntry
->Data
->AuthData
= (VOID
*) ALIGN_POINTER (PadEntry
->Data
+ 1, sizeof (UINTN
));
1595 PadEntry
->Data
->AuthData
,
1597 PadData
->AuthDataSize
1600 PadEntry
->Data
->AuthDataSize
= 0;
1601 PadEntry
->Data
->AuthData
= NULL
;
1604 if (PadData
->RevocationData
!= NULL
) {
1605 PadEntry
->Data
->RevocationDataSize
= PadData
->RevocationDataSize
;
1606 PadEntry
->Data
->RevocationData
= (VOID
*) ALIGN_POINTER (
1607 ((UINT8
*) (PadEntry
->Data
+ 1) + PadData
->AuthDataSize
),
1611 PadEntry
->Data
->RevocationData
,
1612 PadData
->RevocationData
,
1613 PadData
->RevocationDataSize
1616 PadEntry
->Data
->RevocationDataSize
= 0;
1617 PadEntry
->Data
->RevocationData
= NULL
;
1620 // Insert the new pad entry.
1622 InsertTailList (EntryInsertBefore
, &PadEntry
->List
);
1628 This function lookup the data entry from IPsec SPD. Return the configuration
1629 value of the specified SPD Entry.
1631 @param[in] Selector Pointer to an entry selector which is an identifier
1633 @param[in, out] DataSize On output the size of data returned in Data.
1634 @param[out] Data The buffer to return the contents of the IPsec
1635 configuration data. The type of the data buffer
1636 is associated with the DataType.
1638 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1639 @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.
1640 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1641 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1642 updated with the size needed to complete the request.
1647 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1648 IN OUT UINTN
*DataSize
,
1652 IPSEC_SPD_ENTRY
*SpdEntry
;
1653 IPSEC_SAD_ENTRY
*SadEntry
;
1654 EFI_IPSEC_SPD_SELECTOR
*SpdSel
;
1655 EFI_IPSEC_SPD_DATA
*SpdData
;
1656 LIST_ENTRY
*SpdList
;
1661 SpdSel
= &Selector
->SpdSelector
;
1662 SpdData
= (EFI_IPSEC_SPD_DATA
*) Data
;
1663 SpdList
= &mConfigData
[IPsecConfigDataTypeSpd
];
1665 NET_LIST_FOR_EACH (Entry
, SpdList
) {
1666 SpdEntry
= IPSEC_SPD_ENTRY_FROM_LIST (Entry
);
1669 // Find the required SPD entry
1671 if (CompareSpdSelector (
1672 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdSel
,
1673 (EFI_IPSEC_CONFIG_SELECTOR
*) SpdEntry
->Selector
1676 RequiredSize
= IpSecGetSizeOfSpdData (SpdEntry
->Data
);
1677 if (*DataSize
< RequiredSize
) {
1678 *DataSize
= RequiredSize
;
1679 return EFI_BUFFER_TOO_SMALL
;
1682 if (SpdData
== NULL
) {
1683 return EFI_INVALID_PARAMETER
;
1686 *DataSize
= RequiredSize
;
1689 // Extract and fill all SaId array from the SPD.sas list
1691 SpdSas
= &SpdEntry
->Data
->Sas
;
1692 SpdData
->SaIdCount
= 0;
1694 NET_LIST_FOR_EACH (Entry
, SpdSas
) {
1695 SadEntry
= IPSEC_SAD_ENTRY_FROM_SPD (Entry
);
1697 &SpdData
->SaId
[SpdData
->SaIdCount
++],
1699 sizeof (EFI_IPSEC_SA_ID
)
1703 // Fill the other fields in SPD data.
1705 CopyMem (SpdData
->Name
, SpdEntry
->Data
->Name
, sizeof (SpdData
->Name
));
1707 SpdData
->PackageFlag
= SpdEntry
->Data
->PackageFlag
;
1708 SpdData
->TrafficDirection
= SpdEntry
->Data
->TrafficDirection
;
1709 SpdData
->Action
= SpdEntry
->Data
->Action
;
1711 if (SpdData
->Action
!= EfiIPsecActionProtect
) {
1712 SpdData
->ProcessingPolicy
= NULL
;
1714 SpdData
->ProcessingPolicy
= (EFI_IPSEC_PROCESS_POLICY
*) ((UINT8
*) SpdData
+ sizeof (EFI_IPSEC_SPD_DATA
) + (SpdData
->SaIdCount
- 1) * sizeof (EFI_IPSEC_SA_ID
));
1716 IpSecDuplicateProcessPolicy (
1717 SpdData
->ProcessingPolicy
,
1718 SpdEntry
->Data
->ProcessingPolicy
1726 return EFI_NOT_FOUND
;
1730 This function lookup the data entry from IPsec SAD. Return the configuration
1731 value of the specified SAD Entry.
1733 @param[in] Selector Pointer to an entry selector which is an identifier
1735 @param[in, out] DataSize On output, the size of data returned in Data.
1736 @param[out] Data The buffer to return the contents of the IPsec
1737 configuration data. The type of the data buffer
1738 is associated with the DataType.
1740 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1741 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1742 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1743 updated with the size needed to complete the request.
1748 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1749 IN OUT UINTN
*DataSize
,
1753 IPSEC_SAD_ENTRY
*SadEntry
;
1755 LIST_ENTRY
*SadList
;
1756 EFI_IPSEC_SA_ID
*SaId
;
1757 EFI_IPSEC_SA_DATA2
*SaData
;
1760 SaId
= &Selector
->SaId
;
1761 SaData
= (EFI_IPSEC_SA_DATA2
*) Data
;
1762 SadList
= &mConfigData
[IPsecConfigDataTypeSad
];
1764 NET_LIST_FOR_EACH (Entry
, SadList
) {
1765 SadEntry
= IPSEC_SAD_ENTRY_FROM_LIST (Entry
);
1768 // Find the required SAD entry.
1771 (EFI_IPSEC_CONFIG_SELECTOR
*) SaId
,
1772 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Id
1775 // Calculate the required size of the SAD entry.
1776 // Data Layout is follows:
1777 // |EFI_IPSEC_SA_DATA
1779 // |EncryptKey (Optional)
1780 // |SpdSelector (Optional)
1782 RequiredSize
= ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2
));
1784 if (SaId
->Proto
== EfiIPsecAH
) {
1785 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
);
1787 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
1788 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
);
1791 if (SadEntry
->Data
->SpdSelector
!= NULL
) {
1792 RequiredSize
+= SIZE_OF_SPD_SELECTOR (SadEntry
->Data
->SpdSelector
);
1795 if (*DataSize
< RequiredSize
) {
1796 *DataSize
= RequiredSize
;
1797 return EFI_BUFFER_TOO_SMALL
;
1801 // Fill the data fields of SAD entry.
1803 *DataSize
= RequiredSize
;
1804 SaData
->Mode
= SadEntry
->Data
->Mode
;
1805 SaData
->SNCount
= SadEntry
->Data
->SequenceNumber
;
1806 SaData
->AntiReplayWindows
= SadEntry
->Data
->AntiReplayWindowSize
;
1809 &SaData
->SaLifetime
,
1810 &SadEntry
->Data
->SaLifetime
,
1811 sizeof (EFI_IPSEC_SA_LIFETIME
)
1816 sizeof (EFI_IPSEC_ALGO_INFO
)
1819 if (SaId
->Proto
== EfiIPsecAH
) {
1821 // Copy AH alogrithm INFO to SaData
1823 SaData
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
= SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
;
1824 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
= SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
;
1825 if (SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
!= 0) {
1826 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SaData
+ 1), sizeof (UINTN
));
1828 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKey
,
1829 SadEntry
->Data
->AlgoInfo
.AhAlgoInfo
.AuthKey
,
1830 SaData
->AlgoInfo
.AhAlgoInfo
.AuthKeyLength
1833 } else if (SaId
->Proto
== EfiIPsecESP
) {
1835 // Copy ESP alogrithem INFO to SaData
1837 SaData
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
;
1838 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
;
1839 if (SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
!= 0) {
1840 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
= (VOID
*) ALIGN_POINTER ((SaData
+ 1), sizeof (UINTN
));
1842 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1843 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
,
1844 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
1848 SaData
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
;
1849 SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
= SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
;
1851 if (SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
!= 0) {
1852 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
= (VOID
*) ALIGN_POINTER (
1853 ((UINT8
*) (SaData
+ 1) +
1854 SaData
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
),
1858 SaData
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1859 SadEntry
->Data
->AlgoInfo
.EspAlgoInfo
.EncKey
,
1860 SaData
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
1865 SaData
->PathMTU
= SadEntry
->Data
->PathMTU
;
1868 // Fill Tunnel Address if it is Tunnel Mode
1870 if (SadEntry
->Data
->Mode
== EfiIPsecTunnel
) {
1872 &SaData
->TunnelDestinationAddress
,
1873 &SadEntry
->Data
->TunnelDestAddress
,
1874 sizeof (EFI_IP_ADDRESS
)
1877 &SaData
->TunnelSourceAddress
,
1878 &SadEntry
->Data
->TunnelSourceAddress
,
1879 sizeof (EFI_IP_ADDRESS
)
1883 // Fill the spd selector field of SAD data
1885 if (SadEntry
->Data
->SpdSelector
!= NULL
) {
1887 SaData
->SpdSelector
= (EFI_IPSEC_SPD_SELECTOR
*) (
1890 SIZE_OF_SPD_SELECTOR (SadEntry
->Data
->SpdSelector
)
1893 DuplicateSpdSelector (
1894 (EFI_IPSEC_CONFIG_SELECTOR
*) SaData
->SpdSelector
,
1895 (EFI_IPSEC_CONFIG_SELECTOR
*) SadEntry
->Data
->SpdSelector
,
1901 SaData
->SpdSelector
= NULL
;
1904 SaData
->ManualSet
= SadEntry
->Data
->ManualSet
;
1910 return EFI_NOT_FOUND
;
1914 This function lookup the data entry from IPsec PAD. Return the configuration
1915 value of the specified PAD Entry.
1917 @param[in] Selector Pointer to an entry selector which is an identifier
1919 @param[in, out] DataSize On output the size of data returned in Data.
1920 @param[out] Data The buffer to return the contents of the IPsec
1921 configuration data. The type of the data buffer
1922 is associated with the DataType.
1924 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
1925 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
1926 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
1927 updated with the size needed to complete the request.
1932 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
1933 IN OUT UINTN
*DataSize
,
1937 IPSEC_PAD_ENTRY
*PadEntry
;
1938 LIST_ENTRY
*PadList
;
1940 EFI_IPSEC_PAD_ID
*PadId
;
1941 EFI_IPSEC_PAD_DATA
*PadData
;
1944 PadId
= &Selector
->PadId
;
1945 PadData
= (EFI_IPSEC_PAD_DATA
*) Data
;
1946 PadList
= &mConfigData
[IPsecConfigDataTypePad
];
1948 NET_LIST_FOR_EACH (Entry
, PadList
) {
1949 PadEntry
= IPSEC_PAD_ENTRY_FROM_LIST (Entry
);
1952 // Find the required pad entry.
1955 (EFI_IPSEC_CONFIG_SELECTOR
*) PadId
,
1956 (EFI_IPSEC_CONFIG_SELECTOR
*) PadEntry
->Id
1959 // Calculate the required size of the pad entry.
1961 RequiredSize
= ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA
));
1962 RequiredSize
= ALIGN_VARIABLE (RequiredSize
+ PadEntry
->Data
->AuthDataSize
);
1963 RequiredSize
+= PadEntry
->Data
->RevocationDataSize
;
1965 if (*DataSize
< RequiredSize
) {
1966 *DataSize
= RequiredSize
;
1967 return EFI_BUFFER_TOO_SMALL
;
1970 // Fill the data fields of pad entry
1972 *DataSize
= RequiredSize
;
1973 PadData
->AuthProtocol
= PadEntry
->Data
->AuthProtocol
;
1974 PadData
->AuthMethod
= PadEntry
->Data
->AuthMethod
;
1975 PadData
->IkeIdFlag
= PadEntry
->Data
->IkeIdFlag
;
1978 // Copy Authentication data.
1980 if (PadEntry
->Data
->AuthData
!= NULL
) {
1982 PadData
->AuthDataSize
= PadEntry
->Data
->AuthDataSize
;
1983 PadData
->AuthData
= (VOID
*) ALIGN_POINTER ((PadData
+ 1), sizeof (UINTN
));
1986 PadEntry
->Data
->AuthData
,
1987 PadData
->AuthDataSize
1991 PadData
->AuthDataSize
= 0;
1992 PadData
->AuthData
= NULL
;
1995 // Copy Revocation Data.
1997 if (PadEntry
->Data
->RevocationData
!= NULL
) {
1999 PadData
->RevocationDataSize
= PadEntry
->Data
->RevocationDataSize
;
2000 PadData
->RevocationData
= (VOID
*) ALIGN_POINTER (
2001 ((UINT8
*) (PadData
+ 1) + PadData
->AuthDataSize
),
2005 PadData
->RevocationData
,
2006 PadEntry
->Data
->RevocationData
,
2007 PadData
->RevocationDataSize
2011 PadData
->RevocationDataSize
= 0;
2012 PadData
->RevocationData
= NULL
;
2019 return EFI_NOT_FOUND
;
2023 Copy Source Process Policy to the Destination Process Policy.
2025 @param[in] Dst Pointer to the Source Process Policy.
2026 @param[in] Src Pointer to the Destination Process Policy.
2030 IpSecDuplicateProcessPolicy (
2031 IN EFI_IPSEC_PROCESS_POLICY
*Dst
,
2032 IN EFI_IPSEC_PROCESS_POLICY
*Src
2036 // Firstly copy the structure content itself.
2038 CopyMem (Dst
, Src
, sizeof (EFI_IPSEC_PROCESS_POLICY
));
2041 // Recursively copy the tunnel option if needed.
2043 if (Dst
->Mode
!= EfiIPsecTunnel
) {
2044 ASSERT (Dst
->TunnelOption
== NULL
);
2046 Dst
->TunnelOption
= (EFI_IPSEC_TUNNEL_OPTION
*) ALIGN_POINTER ((Dst
+ 1), sizeof (UINTN
));
2050 sizeof (EFI_IPSEC_TUNNEL_OPTION
)
2056 Calculate the a whole size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed
2057 to by the pointer members.
2059 @param[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.
2061 @return the whole size the specified EFI_IPSEC_SPD_DATA.
2065 IpSecGetSizeOfEfiSpdData (
2066 IN EFI_IPSEC_SPD_DATA
*SpdData
2071 Size
= ALIGN_VARIABLE (sizeof (IPSEC_SPD_DATA
));
2073 if (SpdData
->Action
== EfiIPsecActionProtect
) {
2074 Size
= ALIGN_VARIABLE (Size
+ sizeof (EFI_IPSEC_PROCESS_POLICY
));
2076 if (SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
2077 Size
= ALIGN_VARIABLE (Size
+ sizeof (EFI_IPSEC_TUNNEL_OPTION
));
2085 Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed
2086 to by the pointer members and the buffer size used by the Sa List.
2088 @param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.
2090 @return the whole size of IPSEC_SPD_DATA.
2094 IpSecGetSizeOfSpdData (
2095 IN IPSEC_SPD_DATA
*SpdData
2101 Size
= sizeof (EFI_IPSEC_SPD_DATA
) - sizeof (EFI_IPSEC_SA_ID
);
2103 if (SpdData
->Action
== EfiIPsecActionProtect
) {
2104 Size
+= sizeof (EFI_IPSEC_PROCESS_POLICY
);
2106 if (SpdData
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
2107 Size
+= sizeof (EFI_IPSEC_TUNNEL_OPTION
);
2111 NET_LIST_FOR_EACH (Link
, &SpdData
->Sas
) {
2112 Size
+= sizeof (EFI_IPSEC_SA_ID
);
2119 Get the IPsec Variable.
2121 Get the all variables which start with the string contained in VaraiableName.
2122 Since all IPsec related variable store in continual space, those kinds of
2123 variable can be searched by the EfiGetNextVariableName. Those variables also are
2124 returned in a continual buffer.
2126 @param[in] VariableName Pointer to a specified Variable Name.
2127 @param[in] VendorGuid Pointer to a specified Vendor Guid.
2128 @param[in] Attributes Point to memory location to return the attributes
2129 of variable. If the point is NULL, the parameter
2131 @param[in, out] DataSize As input, point to the maximum size of return
2132 Data-Buffer. As output, point to the actual
2133 size of the returned Data-Buffer.
2134 @param[in] Data Point to return Data-Buffer.
2136 @retval EFI_ABORTED If the Variable size which contained in the variable
2137 structure doesn't match the variable size obtained
2138 from the EFIGetVariable.
2139 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
2140 been updated with the size needed to complete the request.
2141 @retval EFI_SUCCESS The function completed successfully.
2142 @retval others Other errors found during the variable getting.
2146 IN CHAR16
*VariableName
,
2147 IN EFI_GUID
*VendorGuid
,
2148 IN UINT32
*Attributes
, OPTIONAL
2149 IN OUT UINTN
*DataSize
,
2154 EFI_GUID VendorGuidI
;
2155 UINTN VariableNameLength
;
2156 CHAR16
*VariableNameI
;
2157 UINTN VariableNameISize
;
2158 UINTN VariableNameISizeNew
;
2159 UINTN VariableIndex
;
2160 UINTN VariableCount
;
2161 IP_SEC_VARIABLE_INFO IpSecVariableInfo
;
2165 // The variable name constructor is "VariableName + Info/0001/0002/... + NULL".
2166 // So the varialbe name is like "VariableNameInfo", "VariableName0001", ...
2167 // "VariableNameNULL".
2169 VariableNameLength
= StrLen (VariableName
);
2170 VariableNameISize
= (VariableNameLength
+ 5) * sizeof (CHAR16
);
2171 VariableNameI
= AllocateZeroPool (VariableNameISize
);
2172 if (VariableNameI
== NULL
) {
2173 Status
= EFI_OUT_OF_RESOURCES
;
2178 // Construct the varible name of ipsecconfig meta data.
2180 UnicodeSPrint (VariableNameI
, VariableNameISize
, L
"%s%s", VariableName
, L
"Info");
2182 DataSizeI
= sizeof (IpSecVariableInfo
);
2184 Status
= gRT
->GetVariable (
2191 if (EFI_ERROR (Status
)) {
2195 if (*DataSize
< IpSecVariableInfo
.VariableSize
) {
2196 *DataSize
= IpSecVariableInfo
.VariableSize
;
2197 Status
= EFI_BUFFER_TOO_SMALL
;
2201 VariableCount
= IpSecVariableInfo
.VariableCount
;
2202 VariableNameI
[0] = L
'\0';
2204 while (VariableCount
!= 0) {
2206 // Get the variable name one by one in the variable database.
2208 VariableNameISizeNew
= VariableNameISize
;
2209 Status
= gRT
->GetNextVariableName (
2210 &VariableNameISizeNew
,
2214 if (Status
== EFI_BUFFER_TOO_SMALL
) {
2215 VariableNameI
= ReallocatePool (
2217 VariableNameISizeNew
,
2220 if (VariableNameI
== NULL
) {
2221 Status
= EFI_OUT_OF_RESOURCES
;
2224 VariableNameISize
= VariableNameISizeNew
;
2226 Status
= gRT
->GetNextVariableName (
2227 &VariableNameISizeNew
,
2233 if (EFI_ERROR (Status
)) {
2237 // Check whether the current variable is the required "ipsecconfig".
2239 if (StrnCmp (VariableNameI
, VariableName
, VariableNameLength
) == 0 ||
2240 CompareGuid (VendorGuid
, &VendorGuidI
)
2243 // Parse the variable count of the current ipsecconfig data.
2245 VariableIndex
= StrDecimalToUintn (VariableNameI
+ VariableNameLength
);
2246 if (VariableIndex
!= 0 && VariableIndex
<= IpSecVariableInfo
.VariableCount
) {
2248 // Get the variable size of the current ipsecconfig data.
2251 Status
= gRT
->GetVariable (
2258 ASSERT (Status
== EFI_BUFFER_TOO_SMALL
);
2260 // Validate the variable count and variable size.
2262 if (VariableIndex
!= IpSecVariableInfo
.VariableCount
) {
2264 // If the varaibe is not the last one, its size should be the max
2265 // size of the single variable.
2267 if (DataSizeI
!= IpSecVariableInfo
.SingleVariableSize
) {
2271 if (DataSizeI
!= IpSecVariableInfo
.VariableSize
% IpSecVariableInfo
.SingleVariableSize
) {
2276 // Get the variable data of the current ipsecconfig data and
2277 // store it into user buffer continously.
2279 Status
= gRT
->GetVariable (
2284 (UINT8
*) Data
+ (VariableIndex
- 1) * IpSecVariableInfo
.SingleVariableSize
2286 ASSERT_EFI_ERROR (Status
);
2292 // The VariableCount in "VariableNameInfo" varaible should have the correct
2293 // numbers of variables which name starts with VariableName.
2295 if (VariableCount
!= 0) {
2296 Status
= EFI_ABORTED
;
2300 if (VariableNameI
!= NULL
) {
2301 FreePool (VariableNameI
);
2307 Set the IPsec variables.
2309 Set all IPsec variables which start with the specified variable name. Those variables
2312 @param[in] VariableName The name of the vendor's variable. It is a
2313 Null-Terminated Unicode String.
2314 @param[in] VendorGuid Unify identifier for vendor.
2315 @param[in] Attributes Point to memory location to return the attributes of
2316 variable. If the point is NULL, the parameter would be ignored.
2317 @param[in] DataSize The size in bytes of Data-Buffer.
2318 @param[in] Data Points to the content of the variable.
2320 @retval EFI_SUCCESS The firmware successfully stored the variable and its data, as
2321 defined by the Attributes.
2322 @retval others Storing the variables failed.
2327 IN CHAR16
*VariableName
,
2328 IN EFI_GUID
*VendorGuid
,
2329 IN UINT32 Attributes
,
2335 CHAR16
*VariableNameI
;
2336 UINTN VariableNameSize
;
2337 UINTN VariableIndex
;
2338 IP_SEC_VARIABLE_INFO IpSecVariableInfo
;
2339 UINT64 MaximumVariableStorageSize
;
2340 UINT64 RemainingVariableStorageSize
;
2341 UINT64 MaximumVariableSize
;
2343 Status
= gRT
->QueryVariableInfo (
2345 &MaximumVariableStorageSize
,
2346 &RemainingVariableStorageSize
,
2347 &MaximumVariableSize
2349 if (EFI_ERROR (Status
)) {
2354 // "VariableName + Info/0001/0002/... + NULL"
2356 VariableNameSize
= (StrLen (VariableName
) + 5) * sizeof (CHAR16
);
2357 VariableNameI
= AllocateZeroPool (VariableNameSize
);
2359 if (VariableNameI
== NULL
) {
2360 Status
= EFI_OUT_OF_RESOURCES
;
2364 // Construct the variable of ipsecconfig general information. Like the total
2365 // numbers of the Ipsecconfig variables, the total size of all ipsecconfig variables.
2367 UnicodeSPrint (VariableNameI
, VariableNameSize
, L
"%s%s", VariableName
, L
"Info");
2368 MaximumVariableSize
-= VariableNameSize
;
2370 IpSecVariableInfo
.VariableCount
= (UINT32
) ((DataSize
+ (UINTN
) MaximumVariableSize
- 1) / (UINTN
) MaximumVariableSize
);
2371 IpSecVariableInfo
.VariableSize
= (UINT32
) DataSize
;
2372 IpSecVariableInfo
.SingleVariableSize
= (UINT32
) MaximumVariableSize
;
2375 // Set the variable of ipsecconfig general information.
2377 Status
= gRT
->SetVariable (
2381 sizeof (IpSecVariableInfo
),
2384 if (EFI_ERROR (Status
)) {
2385 DEBUG ((DEBUG_ERROR
, "Error set ipsecconfig meta data with %r\n", Status
));
2389 for (VariableIndex
= 0; VariableIndex
< IpSecVariableInfo
.VariableCount
; VariableIndex
++) {
2391 // Construct and set the variable of ipsecconfig data one by one.
2392 // The index of variable name begin from 0001, and the varaible name
2393 // likes "VariableName0001", "VaraiableName0002"....
2395 UnicodeSPrint (VariableNameI
, VariableNameSize
, L
"%s%04d", VariableName
, VariableIndex
+ 1);
2396 Status
= gRT
->SetVariable (
2400 (VariableIndex
== IpSecVariableInfo
.VariableCount
- 1) ?
2401 (DataSize
% (UINTN
) MaximumVariableSize
) :
2402 (UINTN
) MaximumVariableSize
,
2403 (UINT8
*) Data
+ VariableIndex
* (UINTN
) MaximumVariableSize
2406 if (EFI_ERROR (Status
)) {
2407 DEBUG ((DEBUG_ERROR
, "Error set ipsecconfig variable data with %r\n", Status
));
2413 if (VariableNameI
!= NULL
) {
2414 FreePool (VariableNameI
);
2421 Return the configuration value for the EFI IPsec driver.
2423 This function lookup the data entry from IPsec database or IKEv2 configuration
2424 information. The expected data type and unique identification are described in
2425 DataType and Selector parameters.
2427 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2428 @param[in] DataType The type of data to retrieve.
2429 @param[in] Selector Pointer to an entry selector that is an identifier of the IPsec
2430 configuration data entry.
2431 @param[in, out] DataSize On output the size of data returned in Data.
2432 @param[out] Data The buffer to return the contents of the IPsec configuration data.
2433 The type of the data buffer associated with the DataType.
2435 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
2436 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
2440 - Data is NULL and *DataSize is not zero
2441 @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
2442 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2443 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
2444 updated with the size needed to complete the request.
2449 EfiIpSecConfigGetData (
2450 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2451 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2452 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2453 IN OUT UINTN
*DataSize
,
2457 if (This
== NULL
|| Selector
== NULL
|| DataSize
== NULL
) {
2458 return EFI_INVALID_PARAMETER
;
2461 if (*DataSize
!= 0 && Data
== NULL
) {
2462 return EFI_INVALID_PARAMETER
;
2465 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2466 return EFI_UNSUPPORTED
;
2469 return mGetPolicyEntry
[DataType
](Selector
, DataSize
, Data
);
2473 Set the security association, security policy and peer authorization configuration
2474 information for the EFI IPsec driver.
2476 This function is used to set the IPsec configuration information of type DataType for
2477 the EFI IPsec driver.
2478 The IPsec configuration data has a unique selector/identifier separately to identify
2479 a data entry. The selector structure depends on DataType's definition.
2480 Using SetData() with a Data of NULL causes the IPsec configuration data entry identified
2481 by DataType and Selector to be deleted.
2483 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2484 @param[in] DataType The type of data to be set.
2485 @param[in] Selector Pointer to an entry selector on operated configuration data
2486 specified by DataType. A NULL Selector causes the entire
2487 specified-type configuration information to be flushed.
2488 @param[in] Data The data buffer to be set. The structure of the data buffer is
2489 associated with the DataType.
2490 @param[in] InsertBefore Pointer to one entry selector which describes the expected
2491 position the new data entry will be added. If InsertBefore is NULL,
2492 the new entry will be appended to the end of the database.
2494 @retval EFI_SUCCESS The specified configuration entry data was set successfully.
2495 @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
2497 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2498 @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
2503 EfiIpSecConfigSetData (
2504 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2505 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2506 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2508 IN EFI_IPSEC_CONFIG_SELECTOR
*InsertBefore OPTIONAL
2514 return EFI_INVALID_PARAMETER
;
2517 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2518 return EFI_UNSUPPORTED
;
2521 Status
= mSetPolicyEntry
[DataType
](Selector
, Data
, InsertBefore
);
2523 if (!EFI_ERROR (Status
) && !mSetBySelf
) {
2525 // Save the updated config data into variable.
2534 Enumerates the current selector for IPsec configuration data entry.
2536 This function is called multiple times to retrieve the entry Selector in IPsec
2537 configuration database. On each call to GetNextSelector(), the next entry
2538 Selector are retrieved into the output interface.
2540 If the entire IPsec configuration database has been iterated, the error
2541 EFI_NOT_FOUND is returned.
2542 If the Selector buffer is too small for the next Selector copy, an
2543 EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect
2544 the size of buffer needed.
2546 On the initial call to GetNextSelector() to start the IPsec configuration database
2547 search, a pointer to the buffer with all zero value is passed in Selector. Calls
2548 to SetData() between calls to GetNextSelector may produce unpredictable results.
2550 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2551 @param[in] DataType The type of IPsec configuration data to retrieve.
2552 @param[in, out] SelectorSize The size of the Selector buffer.
2553 @param[in, out] Selector On input, supplies the pointer to last Selector that was
2554 returned by GetNextSelector().
2555 On output, returns one copy of the current entry Selector
2556 of a given DataType.
2558 @retval EFI_SUCCESS The specified configuration data was obtained successfully.
2559 @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
2561 - SelectorSize is NULL.
2563 @retval EFI_NOT_FOUND The next configuration data entry was not found.
2564 @retval EFI_UNSUPPORTED The specified DataType is not supported.
2565 @retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter
2566 has been updated with the size needed to complete the search
2572 EfiIpSecConfigGetNextSelector (
2573 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2574 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2575 IN OUT UINTN
*SelectorSize
,
2576 IN OUT EFI_IPSEC_CONFIG_SELECTOR
*Selector
2580 IPSEC_COMMON_POLICY_ENTRY
*CommonEntry
;
2583 if (This
== NULL
|| Selector
== NULL
|| SelectorSize
== NULL
) {
2584 return EFI_INVALID_PARAMETER
;
2587 if (DataType
>= IPsecConfigDataTypeMaximum
) {
2588 return EFI_UNSUPPORTED
;
2593 NET_LIST_FOR_EACH (Link
, &mConfigData
[DataType
]) {
2594 CommonEntry
= BASE_CR (Link
, IPSEC_COMMON_POLICY_ENTRY
, List
);
2596 if (IsFound
|| (BOOLEAN
)(mIsZeroSelector
[DataType
](Selector
))) {
2598 // If found the appointed entry, then duplicate the next one and return,
2599 // or if the appointed entry is zero, then return the first one directly.
2601 return mDuplicateSelector
[DataType
](Selector
, CommonEntry
->Selector
, SelectorSize
);
2604 // Set the flag if find the appointed entry.
2606 IsFound
= mCompareSelector
[DataType
](Selector
, CommonEntry
->Selector
);
2610 return EFI_NOT_FOUND
;
2614 Register an event that is to be signaled whenever a configuration process on the
2615 specified IPsec configuration information is done.
2617 The register function is not surpport now and always returns EFI_UNSUPPORTED.
2619 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2620 @param[in] DataType The type of data to be registered the event for.
2621 @param[in] Event The event to be registered.
2623 @retval EFI_SUCCESS The event is registered successfully.
2624 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
2625 @retval EFI_ACCESS_DENIED The Event is already registered for the DataType.
2626 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
2627 DataType is not supported.
2632 EfiIpSecConfigRegisterNotify (
2633 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2634 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2638 return EFI_UNSUPPORTED
;
2642 Remove the specified event that was previously registered on the specified IPsec
2645 This function is not support now and alwasy return EFI_UNSUPPORTED.
2647 @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
2648 @param[in] DataType The configuration data type to remove the registered event for.
2649 @param[in] Event The event to be unregistered.
2651 @retval EFI_SUCCESS The event was removed successfully.
2652 @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the
2654 @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
2655 @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
2656 DataType is not supported.
2661 EfiIpSecConfigUnregisterNotify (
2662 IN EFI_IPSEC_CONFIG_PROTOCOL
*This
,
2663 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2667 return EFI_UNSUPPORTED
;
2671 Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.
2673 This function is a caller defined function, and it is called by the IpSecVisitConfigData().
2674 The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to
2675 copy all types of IPsec Config datas into one buffer and store this buffer into firmware in
2676 the form of several variables.
2678 @param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.
2679 @param[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied
2681 @param[in] Data Points to data to be copied to the buffer. The
2682 Data type is related to the Type.
2683 @param[in] SelectorSize The size of the Selector.
2684 @param[in] DataSize The size of the Data.
2685 @param[in, out] Buffer The buffer to store the Selector and Data.
2687 @retval EFI_SUCCESS Copy the Selector and Data to a buffer successfully.
2688 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
2692 IpSecCopyPolicyEntry (
2693 IN EFI_IPSEC_CONFIG_DATA_TYPE Type
,
2694 IN EFI_IPSEC_CONFIG_SELECTOR
*Selector
,
2696 IN UINTN SelectorSize
,
2698 IN OUT IPSEC_VARIABLE_BUFFER
*Buffer
2701 IPSEC_VAR_ITEM_HEADER SelectorHeader
;
2702 IPSEC_VAR_ITEM_HEADER DataHeader
;
2706 if (Type
== IPsecConfigDataTypeSad
) {
2708 // Don't save automatically-generated SA entry into variable.
2710 if (((EFI_IPSEC_SA_DATA2
*) Data
)->ManualSet
== FALSE
) {
2715 // Increase the capacity size of the buffer if needed.
2717 EntrySize
= ALIGN_VARIABLE (sizeof (SelectorHeader
));
2718 EntrySize
= ALIGN_VARIABLE (EntrySize
+ SelectorSize
);
2719 EntrySize
= ALIGN_VARIABLE (EntrySize
+ sizeof (SelectorHeader
));
2720 EntrySize
= ALIGN_VARIABLE (EntrySize
+ DataSize
);
2722 //EntrySize = SelectorSize + DataSize + 2 * sizeof (SelectorHeader);
2723 if (Buffer
->Capacity
- Buffer
->Size
< EntrySize
) {
2725 // Calculate the required buffer
2727 Buffer
->Capacity
+= EntrySize
;
2728 TempPoint
= AllocatePool (Buffer
->Capacity
);
2730 if (TempPoint
== NULL
) {
2731 return EFI_OUT_OF_RESOURCES
;
2734 // Copy the old Buffer to new buffer and free the old one.
2736 CopyMem (TempPoint
, Buffer
->Ptr
, Buffer
->Size
);
2737 FreePool (Buffer
->Ptr
);
2739 Buffer
->Ptr
= TempPoint
;
2742 mFixPolicyEntry
[Type
](Selector
, Data
);
2745 // Fill the selector header and copy it into buffer.
2747 SelectorHeader
.Type
= (UINT8
) (Type
| IPSEC_VAR_ITEM_HEADER_LOGO_BIT
);
2748 SelectorHeader
.Size
= (UINT16
) SelectorSize
;
2751 Buffer
->Ptr
+ Buffer
->Size
,
2753 sizeof (SelectorHeader
)
2755 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ sizeof (SelectorHeader
));
2758 // Copy the selector into buffer.
2761 Buffer
->Ptr
+ Buffer
->Size
,
2765 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ SelectorSize
);
2768 // Fill the data header and copy it into buffer.
2770 DataHeader
.Type
= (UINT8
) Type
;
2771 DataHeader
.Size
= (UINT16
) DataSize
;
2774 Buffer
->Ptr
+ Buffer
->Size
,
2778 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ sizeof (DataHeader
));
2780 // Copy the data into buffer.
2783 Buffer
->Ptr
+ Buffer
->Size
,
2787 Buffer
->Size
= ALIGN_VARIABLE (Buffer
->Size
+ DataSize
);
2789 mUnfixPolicyEntry
[Type
](Selector
, Data
);
2795 Visit all IPsec Configurations of specified Type and call the caller defined
2798 @param[in] DataType The specified IPsec Config Data Type.
2799 @param[in] Routine The function defined by the caller.
2800 @param[in] Context The data passed to the Routine.
2802 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
2803 @retval EFI_SUCCESS This function completed successfully.
2807 IpSecVisitConfigData (
2808 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
2809 IN IPSEC_COPY_POLICY_ENTRY Routine
,
2813 EFI_STATUS GetNextStatus
;
2814 EFI_STATUS GetDataStatus
;
2815 EFI_STATUS RoutineStatus
;
2816 EFI_IPSEC_CONFIG_SELECTOR
*Selector
;
2820 UINTN SelectorBufferSize
;
2821 UINTN DataBufferSize
;
2822 BOOLEAN FirstGetNext
;
2824 FirstGetNext
= TRUE
;
2827 SelectorBufferSize
= sizeof (EFI_IPSEC_CONFIG_SELECTOR
);
2828 Selector
= AllocateZeroPool (SelectorBufferSize
);
2830 if (Selector
== NULL
) {
2831 return EFI_OUT_OF_RESOURCES
;
2836 // Get the real size of the selector.
2838 SelectorSize
= SelectorBufferSize
;
2839 GetNextStatus
= EfiIpSecConfigGetNextSelector (
2840 &mIpSecConfigInstance
,
2845 if (GetNextStatus
== EFI_BUFFER_TOO_SMALL
) {
2846 FreePool (Selector
);
2847 SelectorBufferSize
= SelectorSize
;
2849 // Allocate zero pool for the first selector, while store the last
2850 // selector content for the other selectors.
2853 Selector
= AllocateZeroPool (SelectorBufferSize
);
2855 Selector
= AllocateCopyPool (SelectorBufferSize
, Selector
);
2858 if (Selector
== NULL
) {
2859 return EFI_OUT_OF_RESOURCES
;
2862 // Get the content of the selector.
2864 GetNextStatus
= EfiIpSecConfigGetNextSelector (
2865 &mIpSecConfigInstance
,
2872 if (EFI_ERROR (GetNextStatus
)) {
2876 FirstGetNext
= FALSE
;
2879 // Get the real size of the policy entry according to the selector.
2881 DataSize
= DataBufferSize
;
2882 GetDataStatus
= EfiIpSecConfigGetData (
2883 &mIpSecConfigInstance
,
2889 if (GetDataStatus
== EFI_BUFFER_TOO_SMALL
) {
2894 DataBufferSize
= DataSize
;
2895 Data
= AllocateZeroPool (DataBufferSize
);
2898 return EFI_OUT_OF_RESOURCES
;
2901 // Get the content of the policy entry according to the selector.
2903 GetDataStatus
= EfiIpSecConfigGetData (
2904 &mIpSecConfigInstance
,
2912 if (EFI_ERROR (GetDataStatus
)) {
2916 // Prepare the buffer of updated policy entry, which is stored in
2917 // the continous memory, and then save into variable later.
2919 RoutineStatus
= Routine (
2927 if (EFI_ERROR (RoutineStatus
)) {
2936 if (Selector
!= NULL
) {
2937 FreePool (Selector
);
2944 This function is the subfunction of EFIIpSecConfigSetData.
2946 This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.
2948 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
2949 @retval EFI_SUCCESS Saved the configration successfully.
2950 @retval Others Other errors were found while obtaining the variable.
2958 IPSEC_VARIABLE_BUFFER Buffer
;
2960 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
2963 Buffer
.Capacity
= IPSEC_DEFAULT_VARIABLE_SIZE
;
2964 Buffer
.Ptr
= AllocateZeroPool (Buffer
.Capacity
);
2966 if (Buffer
.Ptr
== NULL
) {
2967 return EFI_OUT_OF_RESOURCES
;
2970 // For each policy database, prepare the contious buffer to save into variable.
2972 for (Type
= IPsecConfigDataTypeSpd
; Type
< IPsecConfigDataTypeMaximum
; Type
++) {
2973 IpSecVisitConfigData (
2975 (IPSEC_COPY_POLICY_ENTRY
) IpSecCopyPolicyEntry
,
2980 // Save the updated policy database into variable.
2982 Status
= IpSecSetVariable (
2983 IPSECCONFIG_VARIABLE_NAME
,
2984 &gEfiIpSecConfigProtocolGuid
,
2985 EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_NON_VOLATILE
,
2990 FreePool (Buffer
.Ptr
);
2996 Get the all IPSec configuration variables and store those variables
2997 to the internal data structure.
2999 This founction is called by IpSecConfigInitialize() which is to intialize the
3000 IPsecConfiguration Protocol.
3002 @param[in] Private Point to IPSEC_PRIVATE_DATA.
3004 @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
3005 @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
3006 @retval others Other errors is found while obtaining the variable.
3010 IpSecConfigRestore (
3011 IN IPSEC_PRIVATE_DATA
*Private
3017 IPSEC_VAR_ITEM_HEADER
*Header
;
3019 EFI_IPSEC_CONFIG_SELECTOR
*Selector
;
3020 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
3026 Size
= sizeof (Value
);
3030 Status
= gRT
->GetVariable (
3031 IPSECCONFIG_STATUS_NAME
,
3032 &gEfiIpSecConfigProtocolGuid
,
3038 if (!EFI_ERROR (Status
) && Value
== IPSEC_STATUS_ENABLED
) {
3039 Private
->IpSec
.DisabledFlag
= FALSE
;
3042 // Get the real size of policy database in variable.
3044 Status
= IpSecGetVariable (
3045 IPSECCONFIG_VARIABLE_NAME
,
3046 &gEfiIpSecConfigProtocolGuid
,
3051 if (Status
== EFI_BUFFER_TOO_SMALL
) {
3053 Buffer
= AllocateZeroPool (BufferSize
);
3054 if (Buffer
== NULL
) {
3055 return EFI_OUT_OF_RESOURCES
;
3058 // Get the content of policy database in variable.
3060 Status
= IpSecGetVariable (
3061 IPSECCONFIG_VARIABLE_NAME
,
3062 &gEfiIpSecConfigProtocolGuid
,
3067 if (EFI_ERROR (Status
)) {
3072 for (Ptr
= Buffer
; Ptr
< Buffer
+ BufferSize
;) {
3074 Header
= (IPSEC_VAR_ITEM_HEADER
*) Ptr
;
3075 Type
= (EFI_IPSEC_CONFIG_DATA_TYPE
) (Header
->Type
& IPSEC_VAR_ITEM_HEADER_CONTENT_BIT
);
3076 ASSERT (((Header
->Type
& 0x80) == IPSEC_VAR_ITEM_HEADER_LOGO_BIT
) && (Type
< IPsecConfigDataTypeMaximum
));
3078 Selector
= (EFI_IPSEC_CONFIG_SELECTOR
*) ALIGN_POINTER (Header
+ 1, sizeof (UINTN
));
3079 Header
= (IPSEC_VAR_ITEM_HEADER
*) ALIGN_POINTER (
3080 (UINT8
*) Selector
+ Header
->Size
,
3083 ASSERT (Header
->Type
== Type
);
3085 Data
= ALIGN_POINTER (Header
+ 1, sizeof (UINTN
));
3087 mUnfixPolicyEntry
[Type
](Selector
, Data
);
3090 // Update each policy entry according to the content in variable.
3093 Status
= EfiIpSecConfigSetData (
3094 &Private
->IpSecConfig
,
3102 if (EFI_ERROR (Status
)) {
3107 Ptr
= ALIGN_POINTER ((UINT8
*) Data
+ Header
->Size
, sizeof (UINTN
));
3117 Install and Initialize IPsecConfig protocol
3119 @param[in, out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish,
3120 the pointer of IPsecConfig Protocol implementation will copy
3121 into its IPsecConfig member.
3123 @retval EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.
3124 @retval Others Initializing the IPsecConfig Protocol failed.
3127 IpSecConfigInitialize (
3128 IN OUT IPSEC_PRIVATE_DATA
*Private
3131 EFI_IPSEC_CONFIG_DATA_TYPE Type
;
3134 &Private
->IpSecConfig
,
3135 &mIpSecConfigInstance
,
3136 sizeof (EFI_IPSEC_CONFIG_PROTOCOL
)
3140 // Initialize the list head of policy database.
3142 for (Type
= IPsecConfigDataTypeSpd
; Type
< IPsecConfigDataTypeMaximum
; Type
++) {
3143 InitializeListHead (&mConfigData
[Type
]);
3146 // Restore the content of policy database according to the variable.
3148 IpSecConfigRestore (Private
);
3150 return gBS
->InstallMultipleProtocolInterfaces (
3152 &gEfiIpSecConfigProtocolGuid
,
3153 &Private
->IpSecConfig
,