+++ /dev/null
-/** @file\r
- The implementation of policy entry operation function in IpSecConfig application.\r
-\r
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include "IpSecConfig.h"\r
-#include "Indexer.h"\r
-#include "Match.h"\r
-#include "Helper.h"\r
-#include "ForEach.h"\r
-#include "PolicyEntryOperation.h"\r
-\r
-/**\r
- Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.\r
-\r
- @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
- @param[in, out] Mask The pointer to the Mask.\r
-\r
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CreateSpdSelector (\r
- OUT EFI_IPSEC_SPD_SELECTOR *Selector,\r
- IN LIST_ENTRY *ParamPackage,\r
- IN OUT UINT32 *Mask\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_STATUS ReturnStatus;\r
- CONST CHAR16 *ValueStr;\r
-\r
- Status = EFI_SUCCESS;\r
- ReturnStatus = EFI_SUCCESS;\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");\r
- if (ValueStr != NULL) {\r
- Selector->LocalAddressCount = 1;\r
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--local",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= LOCAL;\r
- }\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");\r
- if (ValueStr != NULL) {\r
- Selector->RemoteAddressCount = 1;\r
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--remote",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= REMOTE;\r
- }\r
- }\r
-\r
- Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- Status = GetNumber (\r
- L"--proto",\r
- (UINT16) -1,\r
- &Selector->NextLayerProtocol,\r
- sizeof (UINT16),\r
- mMapIpProtocol,\r
- ParamPackage,\r
- FORMAT_NUMBER | FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= PROTO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Selector->LocalPort = EFI_IPSEC_ANY_PORT;\r
- Selector->RemotePort = EFI_IPSEC_ANY_PORT;\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--local-port",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= LOCAL_PORT;\r
- }\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--remote-port",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= REMOTE_PORT;\r
- }\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- Status = GetNumber (\r
- L"--icmp-type",\r
- (UINT8) -1,\r
- &Selector->LocalPort,\r
- sizeof (UINT16),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= ICMP_TYPE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.\r
- //\r
- Status = GetNumber (\r
- L"--icmp-code",\r
- (UINT8) -1,\r
- &Selector->RemotePort,\r
- sizeof (UINT16),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= ICMP_CODE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- return ReturnStatus;\r
-}\r
-\r
-/**\r
- Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.\r
-\r
- @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
- @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
- @param[out] Mask The pointer to the Mask.\r
- @param[in] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CreateSpdEntry (\r
- OUT EFI_IPSEC_SPD_SELECTOR **Selector,\r
- OUT EFI_IPSEC_SPD_DATA **Data,\r
- IN LIST_ENTRY *ParamPackage,\r
- OUT UINT32 *Mask,\r
- IN BOOLEAN CreateNew\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_STATUS ReturnStatus;\r
- CONST CHAR16 *ValueStr;\r
- UINTN DataSize;\r
-\r
- Status = EFI_SUCCESS;\r
- *Mask = 0;\r
-\r
- *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));\r
- ASSERT (*Selector != NULL);\r
-\r
- (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);\r
- (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;\r
-\r
- ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);\r
-\r
- //\r
- // SPD DATA\r
- // NOTE: Allocate enough memory and add padding for different arch.\r
- //\r
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));\r
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));\r
- DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);\r
-\r
- *Data = AllocateZeroPool (DataSize);\r
- ASSERT (*Data != NULL);\r
-\r
- (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (\r
- (*Data + 1),\r
- sizeof (UINTN)\r
- );\r
- (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (\r
- ((*Data)->ProcessingPolicy + 1),\r
- sizeof (UINTN)\r
- );\r
-\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");\r
- if (ValueStr != NULL) {\r
- UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));\r
- *Mask |= NAME;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.\r
- //\r
- Status = GetNumber (\r
- L"--packet-flag",\r
- (UINT8) -1,\r
- &(*Data)->PackageFlag,\r
- sizeof (UINT32),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= PACKET_FLAG;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.\r
- //\r
- Status = GetNumber (\r
- L"--action",\r
- (UINT8) -1,\r
- &(*Data)->Action,\r
- sizeof (UINT32),\r
- mMapIpSecAction,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= ACTION;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {\r
- (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;\r
- *Mask |= EXT_SEQUENCE;\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {\r
- (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;\r
- *Mask |= EXT_SEQUENCE;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {\r
- (*Data)->ProcessingPolicy->SeqOverflow = TRUE;\r
- *Mask |= SEQUENCE_OVERFLOW;\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {\r
- (*Data)->ProcessingPolicy->SeqOverflow = FALSE;\r
- *Mask |= SEQUENCE_OVERFLOW;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {\r
- (*Data)->ProcessingPolicy->FragCheck = TRUE;\r
- *Mask |= FRAGMENT_CHECK;\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {\r
- (*Data)->ProcessingPolicy->FragCheck = FALSE;\r
- *Mask |= FRAGMENT_CHECK;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.\r
- //\r
- Status = GetNumber (\r
- L"--lifebyte",\r
- (UINT64) -1,\r
- &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFEBYTE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--lifetime",\r
- (UINT64) -1,\r
- &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFETIME;\r
- }\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--lifetime-soft",\r
- (UINT64) -1,\r
- &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFETIME_SOFT;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;\r
- Status = GetNumber (\r
- L"--mode",\r
- 0,\r
- &(*Data)->ProcessingPolicy->Mode,\r
- sizeof (UINT32),\r
- mMapIpSecMode,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= MODE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-local",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= TUNNEL_LOCAL;\r
- }\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-remote",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= TUNNEL_REMOTE;\r
- }\r
- }\r
-\r
- (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;\r
- Status = GetNumber (\r
- L"--dont-fragment",\r
- 0,\r
- &(*Data)->ProcessingPolicy->TunnelOption->DF,\r
- sizeof (UINT32),\r
- mMapDfOption,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= DONT_FRAGMENT;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;\r
- Status = GetNumber (\r
- L"--ipsec-proto",\r
- 0,\r
- &(*Data)->ProcessingPolicy->Proto,\r
- sizeof (UINT32),\r
- mMapIpSecProtocol,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= IPSEC_PROTO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--encrypt-algo",\r
- 0,\r
- &(*Data)->ProcessingPolicy->EncAlgoId,\r
- sizeof (UINT8),\r
- mMapEncAlgo,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= ENCRYPT_ALGO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--auth-algo",\r
- 0,\r
- &(*Data)->ProcessingPolicy->AuthAlgoId,\r
- sizeof (UINT8),\r
- mMapAuthAlgo,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= AUTH_ALGO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.\r
- //\r
- if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {\r
- (*Data)->ProcessingPolicy->TunnelOption = NULL;\r
- }\r
-\r
- if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |\r
- LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |\r
- DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {\r
- if ((*Data)->Action != EfiIPsecActionProtect) {\r
- //\r
- // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.\r
- //\r
- (*Data)->ProcessingPolicy = NULL;\r
- }\r
- }\r
-\r
- if (CreateNew) {\r
- if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--local --remote --proto --action"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else if (((*Data)->Action == EfiIPsecActionProtect) &&\r
- ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&\r
- ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-local --tunnel-remote"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
- }\r
-\r
- return ReturnStatus;\r
-}\r
-\r
-/**\r
- Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.\r
-\r
- @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r
- @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
- @param[out] Mask The pointer to the Mask.\r
- @param[in] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CreateSadEntry (\r
- OUT EFI_IPSEC_SA_ID **SaId,\r
- OUT EFI_IPSEC_SA_DATA2 **Data,\r
- IN LIST_ENTRY *ParamPackage,\r
- OUT UINT32 *Mask,\r
- IN BOOLEAN CreateNew\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_STATUS ReturnStatus;\r
- UINTN AuthKeyLength;\r
- UINTN EncKeyLength;\r
- CONST CHAR16 *ValueStr;\r
- CHAR8 *AsciiStr;\r
- UINTN DataSize;\r
-\r
- Status = EFI_SUCCESS;\r
- ReturnStatus = EFI_SUCCESS;\r
- *Mask = 0;\r
- AuthKeyLength = 0;\r
- EncKeyLength = 0;\r
-\r
- *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));\r
- ASSERT (*SaId != NULL);\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.\r
- //\r
- Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= SPI;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.\r
- //\r
- Status = GetNumber (\r
- L"--ipsec-proto",\r
- 0,\r
- &(*SaId)->Proto,\r
- sizeof (EFI_IPSEC_PROTOCOL_TYPE),\r
- mMapIpSecProtocol,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= IPSEC_PROTO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
- if (ValueStr != NULL) {\r
- AuthKeyLength = StrLen (ValueStr);\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
- if (ValueStr != NULL) {\r
- EncKeyLength = StrLen (ValueStr);\r
- }\r
-\r
- //\r
- // EFI_IPSEC_SA_DATA2:\r
- // +------------\r
- // | EFI_IPSEC_SA_DATA2\r
- // +-----------------------\r
- // | AuthKey\r
- // +-------------------------\r
- // | EncKey\r
- // +-------------------------\r
- // | SpdSelector\r
- //\r
- // Notes: To make sure the address alignment add padding after each data if needed.\r
- //\r
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));\r
- DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);\r
- DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);\r
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));\r
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));\r
- DataSize += sizeof (EFI_IP_ADDRESS_INFO);\r
-\r
-\r
-\r
- *Data = AllocateZeroPool (DataSize);\r
- ASSERT (*Data != NULL);\r
-\r
- (*Data)->ManualSet = TRUE;\r
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));\r
- (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (\r
- ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),\r
- sizeof (UINTN)\r
- );\r
- (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (\r
- ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),\r
- sizeof (UINTN)\r
- );\r
- (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
- ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),\r
- sizeof (UINTN));\r
- (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (\r
- (*Data)->SpdSelector->LocalAddress + 1,\r
- sizeof (UINTN)\r
- );\r
-\r
- (*Data)->Mode = EfiIPsecTransport;\r
- Status = GetNumber (\r
- L"--mode",\r
- 0,\r
- &(*Data)->Mode,\r
- sizeof (EFI_IPSEC_MODE),\r
- mMapIpSecMode,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= MODE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // According to RFC 4303-3.3.3. The first packet sent using a given SA\r
- // will contain a sequence number of 1.\r
- //\r
- (*Data)->SNCount = 1;\r
- Status = GetNumber (\r
- L"--sequence-number",\r
- (UINT64) -1,\r
- &(*Data)->SNCount,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= SEQUENCE_NUMBER;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- (*Data)->AntiReplayWindows = 0;\r
- Status = GetNumber (\r
- L"--antireplay-window",\r
- (UINT8) -1,\r
- &(*Data)->AntiReplayWindows,\r
- sizeof (UINT8),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= SEQUENCE_NUMBER;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--encrypt-algo",\r
- 0,\r
- &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,\r
- sizeof (UINT8),\r
- mMapEncAlgo,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= ENCRYPT_ALGO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");\r
- if (ValueStr != NULL ) {\r
- (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;\r
- AsciiStr = AllocateZeroPool (EncKeyLength + 1);\r
- ASSERT (AsciiStr != NULL);\r
- UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);\r
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);\r
- FreePool (AsciiStr);\r
- *Mask |= ENCRYPT_KEY;\r
- } else {\r
- (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--auth-algo",\r
- 0,\r
- &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,\r
- sizeof (UINT8),\r
- mMapAuthAlgo,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= AUTH_ALGO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");\r
- if (ValueStr != NULL) {\r
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;\r
- AsciiStr = AllocateZeroPool (AuthKeyLength + 1);\r
- ASSERT (AsciiStr != NULL);\r
- UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);\r
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);\r
- FreePool (AsciiStr);\r
- *Mask |= AUTH_KEY;\r
- } else {\r
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--lifebyte",\r
- (UINT64) -1,\r
- &(*Data)->SaLifetime.ByteCount,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFEBYTE;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--lifetime",\r
- (UINT64) -1,\r
- &(*Data)->SaLifetime.HardLifetime,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFETIME;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--lifetime-soft",\r
- (UINT64) -1,\r
- &(*Data)->SaLifetime.SoftLifetime,\r
- sizeof (UINT64),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= LIFETIME_SOFT;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--path-mtu",\r
- (UINT32) -1,\r
- &(*Data)->PathMTU,\r
- sizeof (UINT32),\r
- NULL,\r
- ParamPackage,\r
- FORMAT_NUMBER\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= PATH_MTU;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-dest",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= DEST;\r
- }\r
- }\r
-\r
- //\r
- // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");\r
- if (ValueStr != NULL) {\r
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-source",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= SOURCE;\r
- }\r
- }\r
-\r
- //\r
- // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set\r
- //\r
- if ((*Data)->Mode == EfiIPsecTunnel) {\r
- if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-source --tunnel-dest"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
- }\r
- ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);\r
-\r
- if (CreateNew) {\r
- if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--spi --ipsec-proto --local --remote"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- if ((*SaId)->Proto == EfiIPsecAH) {\r
- if ((*Mask & AUTH_ALGO) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--auth-algo"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--auth-key"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
- } else {\r
- if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--encrypt-algo --auth-algo"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--encrypt-key"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--auth-key"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
- }\r
- }\r
- }\r
-\r
- return ReturnStatus;\r
-}\r
-\r
-/**\r
- Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.\r
-\r
- @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
- @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
- @param[out] Mask The pointer to the Mask.\r
- @param[in] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CreatePadEntry (\r
- OUT EFI_IPSEC_PAD_ID **PadId,\r
- OUT EFI_IPSEC_PAD_DATA **Data,\r
- IN LIST_ENTRY *ParamPackage,\r
- OUT UINT32 *Mask,\r
- IN BOOLEAN CreateNew\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_STATUS ReturnStatus;\r
- SHELL_FILE_HANDLE FileHandle;\r
- UINT64 FileSize;\r
- UINTN AuthDataLength;\r
- UINTN RevocationDataLength;\r
- UINTN DataLength;\r
- UINTN Index;\r
- CONST CHAR16 *ValueStr;\r
- UINTN DataSize;\r
-\r
- Status = EFI_SUCCESS;\r
- ReturnStatus = EFI_SUCCESS;\r
- *Mask = 0;\r
- AuthDataLength = 0;\r
- RevocationDataLength = 0;\r
-\r
- *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));\r
- ASSERT (*PadId != NULL);\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.\r
- //\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");\r
- if (ValueStr != NULL) {\r
- (*PadId)->PeerIdValid = FALSE;\r
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),\r
- mHiiHandle,\r
- mAppName,\r
- L"--peer-address",\r
- ValueStr\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- *Mask |= PEER_ADDRESS;\r
- }\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");\r
- if (ValueStr != NULL) {\r
- (*PadId)->PeerIdValid = TRUE;\r
- StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);\r
- *Mask |= PEER_ID;\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
- if (ValueStr != NULL) {\r
- if (ValueStr[0] == L'@') {\r
- //\r
- // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
- //\r
- Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
- mHiiHandle,\r
- mAppName,\r
- &ValueStr[1]\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- Status = ShellGetFileSize (FileHandle, &FileSize);\r
- ShellCloseFile (&FileHandle);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
- mHiiHandle,\r
- mAppName,\r
- &ValueStr[1]\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else {\r
- AuthDataLength = (UINTN) FileSize;\r
- }\r
- }\r
- } else {\r
- AuthDataLength = StrLen (ValueStr);\r
- }\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
- if (ValueStr != NULL) {\r
- RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);\r
- }\r
-\r
- //\r
- // Allocate Buffer for Data. Add padding after each struct to make sure the alignment\r
- // in different Arch.\r
- //\r
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));\r
- DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);\r
- DataSize += RevocationDataLength;\r
-\r
- *Data = AllocateZeroPool (DataSize);\r
- ASSERT (*Data != NULL);\r
-\r
- (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));\r
- (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));\r
- (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;\r
-\r
- //\r
- // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.\r
- //\r
- Status = GetNumber (\r
- L"--auth-proto",\r
- 0,\r
- &(*Data)->AuthProtocol,\r
- sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),\r
- mMapAuthProto,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= AUTH_PROTO;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = GetNumber (\r
- L"--auth-method",\r
- 0,\r
- &(*Data)->AuthMethod,\r
- sizeof (EFI_IPSEC_AUTH_METHOD),\r
- mMapAuthMethod,\r
- ParamPackage,\r
- FORMAT_STRING\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- *Mask |= AUTH_METHOD;\r
- }\r
-\r
- if (Status == EFI_INVALID_PARAMETER) {\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
-\r
- if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {\r
- (*Data)->IkeIdFlag = TRUE;\r
- *Mask |= IKE_ID;\r
- }\r
-\r
- if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {\r
- (*Data)->IkeIdFlag = FALSE;\r
- *Mask |= IKE_ID;\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");\r
- if (ValueStr != NULL) {\r
- if (ValueStr[0] == L'@') {\r
- //\r
- // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"\r
- //\r
-\r
- Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
- mHiiHandle,\r
- mAppName,\r
- &ValueStr[1]\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- (*Data)->AuthData = NULL;\r
- } else {\r
- DataLength = AuthDataLength;\r
- Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);\r
- ShellCloseFile (&FileHandle);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),\r
- mHiiHandle,\r
- mAppName,\r
- &ValueStr[1]\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- (*Data)->AuthData = NULL;\r
- } else {\r
- ASSERT (DataLength == AuthDataLength);\r
- *Mask |= AUTH_DATA;\r
- }\r
- }\r
- } else {\r
- for (Index = 0; Index < AuthDataLength; Index++) {\r
- ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];\r
- }\r
- (*Data)->AuthDataSize = AuthDataLength;\r
- *Mask |= AUTH_DATA;\r
- }\r
- }\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");\r
- if (ValueStr != NULL) {\r
- CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);\r
- (*Data)->RevocationDataSize = RevocationDataLength;\r
- *Mask |= REVOCATION_DATA;\r
- } else {\r
- (*Data)->RevocationData = NULL;\r
- }\r
-\r
- if (CreateNew) {\r
- if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--peer-id --peer-address"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--auth-method --auth-data"\r
- );\r
- ReturnStatus = EFI_INVALID_PARAMETER;\r
- }\r
- }\r
-\r
- return ReturnStatus;\r
-}\r
-\r
-CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {\r
- (CREATE_POLICY_ENTRY) CreateSpdEntry,\r
- (CREATE_POLICY_ENTRY) CreateSadEntry,\r
- (CREATE_POLICY_ENTRY) CreatePadEntry\r
-};\r
-\r
-/**\r
- Combine old SPD entry with new SPD entry.\r
-\r
- @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
- @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
- @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
- @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.\r
- @param[in] Mask The pointer to the Mask.\r
- @param[out] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Combined successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CombineSpdEntry (\r
- IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,\r
- IN OUT EFI_IPSEC_SPD_DATA *OldData,\r
- IN EFI_IPSEC_SPD_SELECTOR *NewSelector,\r
- IN EFI_IPSEC_SPD_DATA *NewData,\r
- IN UINT32 Mask,\r
- OUT BOOLEAN *CreateNew\r
- )\r
-{\r
-\r
- //\r
- // Process Selector\r
- //\r
- *CreateNew = FALSE;\r
- if ((Mask & LOCAL) == 0) {\r
- NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;\r
- NewSelector->LocalAddress = OldSelector->LocalAddress;\r
- } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||\r
- (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & REMOTE) == 0) {\r
- NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;\r
- NewSelector->RemoteAddress = OldSelector->RemoteAddress;\r
- } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||\r
- (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & PROTO) == 0) {\r
- NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;\r
- } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- switch (NewSelector->NextLayerProtocol) {\r
- case EFI_IP4_PROTO_TCP:\r
- case EFI_IP4_PROTO_UDP:\r
- if ((Mask & LOCAL_PORT) == 0) {\r
- NewSelector->LocalPort = OldSelector->LocalPort;\r
- NewSelector->LocalPortRange = OldSelector->LocalPortRange;\r
- } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||\r
- (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & REMOTE_PORT) == 0) {\r
- NewSelector->RemotePort = OldSelector->RemotePort;\r
- NewSelector->RemotePortRange = OldSelector->RemotePortRange;\r
- } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||\r
- (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {\r
- *CreateNew = TRUE;\r
- }\r
- break;\r
-\r
- case EFI_IP4_PROTO_ICMP:\r
- if ((Mask & ICMP_TYPE) == 0) {\r
- NewSelector->LocalPort = OldSelector->LocalPort;\r
- } else if (NewSelector->LocalPort != OldSelector->LocalPort) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & ICMP_CODE) == 0) {\r
- NewSelector->RemotePort = OldSelector->RemotePort;\r
- } else if (NewSelector->RemotePort != OldSelector->RemotePort) {\r
- *CreateNew = TRUE;\r
- }\r
- break;\r
- }\r
- //\r
- // Process Data\r
- //\r
- OldData->SaIdCount = 0;\r
-\r
- if ((Mask & NAME) != 0) {\r
- AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);\r
- }\r
-\r
- if ((Mask & PACKET_FLAG) != 0) {\r
- OldData->PackageFlag = NewData->PackageFlag;\r
- }\r
-\r
- if ((Mask & ACTION) != 0) {\r
- OldData->Action = NewData->Action;\r
- }\r
-\r
- if (OldData->Action != EfiIPsecActionProtect) {\r
- OldData->ProcessingPolicy = NULL;\r
- } else {\r
- //\r
- // Protect\r
- //\r
- if (OldData->ProcessingPolicy == NULL) {\r
- //\r
- // Just point to new data if originally NULL.\r
- //\r
- OldData->ProcessingPolicy = NewData->ProcessingPolicy;\r
- if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&\r
- (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)\r
- ) {\r
- //\r
- // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.\r
- //\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-local --tunnel-remote"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- } else {\r
- //\r
- // Modify some of the data.\r
- //\r
- if ((Mask & EXT_SEQUENCE) != 0) {\r
- OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;\r
- }\r
-\r
- if ((Mask & SEQUENCE_OVERFLOW) != 0) {\r
- OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;\r
- }\r
-\r
- if ((Mask & FRAGMENT_CHECK) != 0) {\r
- OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;\r
- }\r
-\r
- if ((Mask & LIFEBYTE) != 0) {\r
- OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;\r
- }\r
-\r
- if ((Mask & LIFETIME_SOFT) != 0) {\r
- OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;\r
- }\r
-\r
- if ((Mask & LIFETIME) != 0) {\r
- OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;\r
- }\r
-\r
- if ((Mask & MODE) != 0) {\r
- OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;\r
- }\r
-\r
- if ((Mask & IPSEC_PROTO) != 0) {\r
- OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;\r
- }\r
-\r
- if ((Mask & AUTH_ALGO) != 0) {\r
- OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;\r
- }\r
-\r
- if ((Mask & ENCRYPT_ALGO) != 0) {\r
- OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;\r
- }\r
-\r
- if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {\r
- OldData->ProcessingPolicy->TunnelOption = NULL;\r
- } else {\r
- if (OldData->ProcessingPolicy->TunnelOption == NULL) {\r
- //\r
- // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.\r
- //\r
- if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--tunnel-local --tunnel-remote"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;\r
- } else {\r
- if ((Mask & TUNNEL_LOCAL) != 0) {\r
- CopyMem (\r
- &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
- &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,\r
- sizeof (EFI_IP_ADDRESS)\r
- );\r
- }\r
-\r
- if ((Mask & TUNNEL_REMOTE) != 0) {\r
- CopyMem (\r
- &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
- &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,\r
- sizeof (EFI_IP_ADDRESS)\r
- );\r
- }\r
-\r
- if ((Mask & DONT_FRAGMENT) != 0) {\r
- OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Combine old SAD entry with new SAD entry.\r
-\r
- @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
- @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
- @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.\r
- @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
- @param[in] Mask The pointer to the Mask.\r
- @param[out] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Combined successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CombineSadEntry (\r
- IN OUT EFI_IPSEC_SA_ID *OldSaId,\r
- IN OUT EFI_IPSEC_SA_DATA2 *OldData,\r
- IN EFI_IPSEC_SA_ID *NewSaId,\r
- IN EFI_IPSEC_SA_DATA2 *NewData,\r
- IN UINT32 Mask,\r
- OUT BOOLEAN *CreateNew\r
- )\r
-{\r
-\r
- *CreateNew = FALSE;\r
-\r
- if ((Mask & SPI) == 0) {\r
- NewSaId->Spi = OldSaId->Spi;\r
- } else if (NewSaId->Spi != OldSaId->Spi) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & IPSEC_PROTO) == 0) {\r
- NewSaId->Proto = OldSaId->Proto;\r
- } else if (NewSaId->Proto != OldSaId->Proto) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & DEST) == 0) {\r
- CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));\r
- } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
- *CreateNew = TRUE;\r
- }\r
-\r
- if ((Mask & SOURCE) == 0) {\r
- CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));\r
- } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {\r
- *CreateNew = TRUE;\r
- }\r
- //\r
- // Process SA_DATA.\r
- //\r
- if ((Mask & MODE) != 0) {\r
- OldData->Mode = NewData->Mode;\r
- }\r
-\r
- if ((Mask & SEQUENCE_NUMBER) != 0) {\r
- OldData->SNCount = NewData->SNCount;\r
- }\r
-\r
- if ((Mask & ANTIREPLAY_WINDOW) != 0) {\r
- OldData->AntiReplayWindows = NewData->AntiReplayWindows;\r
- }\r
-\r
- if ((Mask & AUTH_ALGO) != 0) {\r
- OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;\r
- }\r
-\r
- if ((Mask & AUTH_KEY) != 0) {\r
- OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;\r
- OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;\r
- }\r
-\r
- if ((Mask & ENCRYPT_ALGO) != 0) {\r
- OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;\r
- }\r
-\r
- if ((Mask & ENCRYPT_KEY) != 0) {\r
- OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;\r
- OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;\r
- }\r
-\r
- if (NewSaId->Proto == EfiIPsecAH) {\r
- if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {\r
- //\r
- // Should not provide encrypt_* if AH.\r
- //\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--encrypt-algo --encrypt-key"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- }\r
-\r
- if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {\r
- //\r
- // AH -> ESP\r
- // Should provide encrypt_algo at least.\r
- //\r
- if ((Mask & ENCRYPT_ALGO) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--encrypt-algo"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Encrypt_key should be provided if algorithm is not NONE.\r
- //\r
- if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),\r
- mHiiHandle,\r
- mAppName,\r
- L"--encrypt-algo"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- }\r
-\r
- if ((Mask & LIFEBYTE) != 0) {\r
- OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;\r
- }\r
-\r
- if ((Mask & LIFETIME_SOFT) != 0) {\r
- OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;\r
- }\r
-\r
- if ((Mask & LIFETIME) != 0) {\r
- OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;\r
- }\r
-\r
- if ((Mask & PATH_MTU) != 0) {\r
- OldData->PathMTU = NewData->PathMTU;\r
- }\r
- //\r
- // Process SpdSelector.\r
- //\r
- if (OldData->SpdSelector == NULL) {\r
- if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {\r
- if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {\r
- ShellPrintHiiEx (\r
- -1,\r
- -1,\r
- NULL,\r
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),\r
- mHiiHandle,\r
- mAppName,\r
- L"--local --remote --proto"\r
- );\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- OldData->SpdSelector = NewData->SpdSelector;\r
- }\r
- } else {\r
- if ((Mask & LOCAL) != 0) {\r
- OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;\r
- OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;\r
- }\r
-\r
- if ((Mask & REMOTE) != 0) {\r
- OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;\r
- OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;\r
- }\r
-\r
- if ((Mask & PROTO) != 0) {\r
- OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;\r
- }\r
-\r
- if (OldData->SpdSelector != NULL) {\r
- switch (OldData->SpdSelector->NextLayerProtocol) {\r
- case EFI_IP4_PROTO_TCP:\r
- case EFI_IP4_PROTO_UDP:\r
- if ((Mask & LOCAL_PORT) != 0) {\r
- OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;\r
- }\r
-\r
- if ((Mask & REMOTE_PORT) != 0) {\r
- OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;\r
- }\r
- break;\r
-\r
- case EFI_IP4_PROTO_ICMP:\r
- if ((Mask & ICMP_TYPE) != 0) {\r
- OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;\r
- }\r
-\r
- if ((Mask & ICMP_CODE) != 0) {\r
- OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;\r
- }\r
- break;\r
- }\r
- }\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Combine old PAD entry with new PAD entry.\r
-\r
- @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
- @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
- @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
- @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.\r
- @param[in] Mask The pointer to the Mask.\r
- @param[out] CreateNew The switch to create new.\r
-\r
- @retval EFI_SUCCESS Combined successfully.\r
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.\r
-\r
-**/\r
-EFI_STATUS\r
-CombinePadEntry (\r
- IN OUT EFI_IPSEC_PAD_ID *OldPadId,\r
- IN OUT EFI_IPSEC_PAD_DATA *OldData,\r
- IN EFI_IPSEC_PAD_ID *NewPadId,\r
- IN EFI_IPSEC_PAD_DATA *NewData,\r
- IN UINT32 Mask,\r
- OUT BOOLEAN *CreateNew\r
- )\r
-{\r
-\r
- *CreateNew = FALSE;\r
-\r
- if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {\r
- CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));\r
- } else {\r
- if ((Mask & PEER_ID) != 0) {\r
- if (OldPadId->PeerIdValid) {\r
- if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {\r
- *CreateNew = TRUE;\r
- }\r
- } else {\r
- *CreateNew = TRUE;\r
- }\r
- } else {\r
- //\r
- // MASK & PEER_ADDRESS\r
- //\r
- if (OldPadId->PeerIdValid) {\r
- *CreateNew = TRUE;\r
- } else {\r
- if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||\r
- (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {\r
- *CreateNew = TRUE;\r
- }\r
- }\r
- }\r
- }\r
-\r
- if ((Mask & AUTH_PROTO) != 0) {\r
- OldData->AuthProtocol = NewData->AuthProtocol;\r
- }\r
-\r
- if ((Mask & AUTH_METHOD) != 0) {\r
- OldData->AuthMethod = NewData->AuthMethod;\r
- }\r
-\r
- if ((Mask & IKE_ID) != 0) {\r
- OldData->IkeIdFlag = NewData->IkeIdFlag;\r
- }\r
-\r
- if ((Mask & AUTH_DATA) != 0) {\r
- OldData->AuthDataSize = NewData->AuthDataSize;\r
- OldData->AuthData = NewData->AuthData;\r
- }\r
-\r
- if ((Mask & REVOCATION_DATA) != 0) {\r
- OldData->RevocationDataSize = NewData->RevocationDataSize;\r
- OldData->RevocationData = NewData->RevocationData;\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {\r
- (COMBINE_POLICY_ENTRY) CombineSpdEntry,\r
- (COMBINE_POLICY_ENTRY) CombineSadEntry,\r
- (COMBINE_POLICY_ENTRY) CombinePadEntry\r
-};\r
-\r
-/**\r
- Edit entry information in the database.\r
-\r
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
- @param[in] Data The pointer to the data.\r
- @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
-\r
- @retval EFI_SUCCESS Continue the iteration.\r
- @retval EFI_ABORTED Abort the iteration.\r
-**/\r
-EFI_STATUS\r
-EditOperatePolicyEntry (\r
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
- IN VOID *Data,\r
- IN EDIT_POLICY_ENTRY_CONTEXT *Context\r
- )\r
-{\r
- EFI_STATUS Status;\r
- BOOLEAN CreateNew;\r
-\r
- if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
- ASSERT (Context->DataType < 3);\r
-\r
- Status = mCombinePolicyEntry[Context->DataType] (\r
- Selector,\r
- Data,\r
- Context->Selector,\r
- Context->Data,\r
- Context->Mask,\r
- &CreateNew\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- //\r
- // If the Selector already existed, this Entry will be updated by set data.\r
- //\r
- Status = mIpSecConfig->SetData (\r
- mIpSecConfig,\r
- Context->DataType,\r
- Context->Selector, /// New created selector.\r
- Data, /// Old date which has been modified, need to be set data.\r
- Selector\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- if (CreateNew) {\r
- //\r
- // Edit the entry to a new one. So, we need delete the old entry.\r
- //\r
- Status = mIpSecConfig->SetData (\r
- mIpSecConfig,\r
- Context->DataType,\r
- Selector, /// Old selector.\r
- NULL, /// NULL means to delete this Entry specified by Selector.\r
- NULL\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
- }\r
-\r
- Context->Status = Status;\r
- return EFI_ABORTED;\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Edit entry information in database according to datatype.\r
-\r
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
-\r
- @retval EFI_SUCCESS Edit entry information successfully.\r
- @retval EFI_NOT_FOUND Can't find the specified entry.\r
- @retval Others Some mistaken case.\r
-**/\r
-EFI_STATUS\r
-EditPolicyEntry (\r
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
- IN LIST_ENTRY *ParamPackage\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EDIT_POLICY_ENTRY_CONTEXT Context;\r
- CONST CHAR16 *ValueStr;\r
-\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");\r
- if (ValueStr == NULL) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
- return EFI_NOT_FOUND;\r
- }\r
-\r
- Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
- if (!EFI_ERROR (Status)) {\r
- Context.DataType = DataType;\r
- Context.Status = EFI_NOT_FOUND;\r
- Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);\r
- if (!EFI_ERROR (Status)) {\r
- ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);\r
- Status = Context.Status;\r
- }\r
-\r
- if (Context.Selector != NULL) {\r
- gBS->FreePool (Context.Selector);\r
- }\r
-\r
- if (Context.Data != NULL) {\r
- gBS->FreePool (Context.Data);\r
- }\r
- }\r
-\r
- if (Status == EFI_NOT_FOUND) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
- } else if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);\r
- }\r
-\r
- return Status;\r
-\r
-}\r
-\r
-/**\r
- Insert entry information in database.\r
-\r
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.\r
- @param[in] Data The pointer to the data.\r
- @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.\r
-\r
- @retval EFI_SUCCESS Continue the iteration.\r
- @retval EFI_ABORTED Abort the iteration.\r
-**/\r
-EFI_STATUS\r
-InsertPolicyEntry (\r
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,\r
- IN VOID *Data,\r
- IN INSERT_POLICY_ENTRY_CONTEXT *Context\r
- )\r
-{\r
- //\r
- // Found the entry which we want to insert before.\r
- //\r
- if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {\r
-\r
- Context->Status = mIpSecConfig->SetData (\r
- mIpSecConfig,\r
- Context->DataType,\r
- Context->Selector,\r
- Context->Data,\r
- Selector\r
- );\r
- //\r
- // Abort the iteration after the insertion.\r
- //\r
- return EFI_ABORTED;\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Insert or add entry information in database according to datatype.\r
-\r
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
-\r
- @retval EFI_SUCCESS Insert or add entry information successfully.\r
- @retval EFI_NOT_FOUND Can't find the specified entry.\r
- @retval EFI_BUFFER_TOO_SMALL The entry already existed.\r
- @retval EFI_UNSUPPORTED The operation is not supported.\r
- @retval Others Some mistaken case.\r
-**/\r
-EFI_STATUS\r
-AddOrInsertPolicyEntry (\r
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
- IN LIST_ENTRY *ParamPackage\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_IPSEC_CONFIG_SELECTOR *Selector;\r
- VOID *Data;\r
- INSERT_POLICY_ENTRY_CONTEXT Context;\r
- UINT32 Mask;\r
- UINTN DataSize;\r
- CONST CHAR16 *ValueStr;\r
-\r
- Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);\r
- if (!EFI_ERROR (Status)) {\r
- //\r
- // Find if the Selector to be inserted already exists.\r
- //\r
- DataSize = 0;\r
- Status = mIpSecConfig->GetData (\r
- mIpSecConfig,\r
- DataType,\r
- Selector,\r
- &DataSize,\r
- NULL\r
- );\r
- if (Status == EFI_BUFFER_TOO_SMALL) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
- Status = mIpSecConfig->SetData (\r
- mIpSecConfig,\r
- DataType,\r
- Selector,\r
- Data,\r
- NULL\r
- );\r
- } else {\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");\r
- if (ValueStr == NULL) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);\r
- return EFI_NOT_FOUND;\r
- }\r
-\r
- Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);\r
- if (!EFI_ERROR (Status)) {\r
- Context.DataType = DataType;\r
- Context.Status = EFI_NOT_FOUND;\r
- Context.Selector = Selector;\r
- Context.Data = Data;\r
-\r
- ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);\r
- Status = Context.Status;\r
- if (Status == EFI_NOT_FOUND) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);\r
- }\r
- }\r
- }\r
-\r
- gBS->FreePool (Selector);\r
- gBS->FreePool (Data);\r
- }\r
-\r
- if (Status == EFI_UNSUPPORTED) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);\r
- } else if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);\r
- }\r
-\r
- return Status;\r
-}\r
projects / mirror_edk2.git / blobdiff