1 /** @file
2 The implementation of policy entry operation function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 #include "Helper.h"
20 #include "ForEach.h"
21 #include "PolicyEntryOperation.h"
22
23 /**
24 Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
25
26 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
27 @param[in] ParamPackage The pointer to the ParamPackage list.
28 @param[in, out] Mask The pointer to the Mask.
29
30 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
31 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
32
33 **/
34 EFI_STATUS
CreateSpdSelector(OUT EFI_IPSEC_SPD_SELECTOR * Selector,IN LIST_ENTRY * ParamPackage,IN OUT UINT32 * Mask)35 CreateSpdSelector (
36 OUT EFI_IPSEC_SPD_SELECTOR *Selector,
37 IN LIST_ENTRY *ParamPackage,
38 IN OUT UINT32 *Mask
39 )
40 {
41 EFI_STATUS Status;
42 EFI_STATUS ReturnStatus;
43 CONST CHAR16 *ValueStr;
44
45 Status = EFI_SUCCESS;
46 ReturnStatus = EFI_SUCCESS;
47
48 //
49 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
50 //
51 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
52 if (ValueStr != NULL) {
53 Selector->LocalAddressCount = 1;
54 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
55 if (EFI_ERROR (Status)) {
56 ShellPrintHiiEx (
57 -1,
58 -1,
59 NULL,
60 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
61 mHiiHandle,
62 mAppName,
63 L"--local",
64 ValueStr
65 );
66 ReturnStatus = EFI_INVALID_PARAMETER;
67 } else {
68 *Mask |= LOCAL;
69 }
70 }
71
72 //
73 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
74 //
75 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
76 if (ValueStr != NULL) {
77 Selector->RemoteAddressCount = 1;
78 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
79 if (EFI_ERROR (Status)) {
80 ShellPrintHiiEx (
81 -1,
82 -1,
83 NULL,
84 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
85 mHiiHandle,
86 mAppName,
87 L"--remote",
88 ValueStr
89 );
90 ReturnStatus = EFI_INVALID_PARAMETER;
91 } else {
92 *Mask |= REMOTE;
93 }
94 }
95
96 Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
97
98 //
99 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
100 //
101 Status = GetNumber (
102 L"--proto",
103 (UINT16) -1,
104 &Selector->NextLayerProtocol,
105 sizeof (UINT16),
106 mMapIpProtocol,
107 ParamPackage,
108 FORMAT_NUMBER | FORMAT_STRING
109 );
110 if (!EFI_ERROR (Status)) {
111 *Mask |= PROTO;
112 }
113
114 if (Status == EFI_INVALID_PARAMETER) {
115 ReturnStatus = EFI_INVALID_PARAMETER;
116 }
117
118 Selector->LocalPort = EFI_IPSEC_ANY_PORT;
119 Selector->RemotePort = EFI_IPSEC_ANY_PORT;
120
121 //
122 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
123 //
124 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
125 if (ValueStr != NULL) {
126 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
127 if (EFI_ERROR (Status)) {
128 ShellPrintHiiEx (
129 -1,
130 -1,
131 NULL,
132 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
133 mHiiHandle,
134 mAppName,
135 L"--local-port",
136 ValueStr
137 );
138 ReturnStatus = EFI_INVALID_PARAMETER;
139 } else {
140 *Mask |= LOCAL_PORT;
141 }
142 }
143
144 //
145 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
146 //
147 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
148 if (ValueStr != NULL) {
149 Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
150 if (EFI_ERROR (Status)) {
151 ShellPrintHiiEx (
152 -1,
153 -1,
154 NULL,
155 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
156 mHiiHandle,
157 mAppName,
158 L"--remote-port",
159 ValueStr
160 );
161 ReturnStatus = EFI_INVALID_PARAMETER;
162 } else {
163 *Mask |= REMOTE_PORT;
164 }
165 }
166
167 //
168 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
169 //
170 Status = GetNumber (
171 L"--icmp-type",
172 (UINT8) -1,
173 &Selector->LocalPort,
174 sizeof (UINT16),
175 NULL,
176 ParamPackage,
177 FORMAT_NUMBER
178 );
179 if (!EFI_ERROR (Status)) {
180 *Mask |= ICMP_TYPE;
181 }
182
183 if (Status == EFI_INVALID_PARAMETER) {
184 ReturnStatus = EFI_INVALID_PARAMETER;
185 }
186
187 //
188 // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
189 //
190 Status = GetNumber (
191 L"--icmp-code",
192 (UINT8) -1,
193 &Selector->RemotePort,
194 sizeof (UINT16),
195 NULL,
196 ParamPackage,
197 FORMAT_NUMBER
198 );
199 if (!EFI_ERROR (Status)) {
200 *Mask |= ICMP_CODE;
201 }
202
203 if (Status == EFI_INVALID_PARAMETER) {
204 ReturnStatus = EFI_INVALID_PARAMETER;
205 }
206
207 return ReturnStatus;
208 }
209
210 /**
211 Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
212
213 @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
214 @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
215 @param[in] ParamPackage The pointer to the ParamPackage list.
216 @param[out] Mask The pointer to the Mask.
217 @param[in] CreateNew The switch to create new.
218
219 @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
220 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
221
222 **/
223 EFI_STATUS
CreateSpdEntry(OUT EFI_IPSEC_SPD_SELECTOR ** Selector,OUT EFI_IPSEC_SPD_DATA ** Data,IN LIST_ENTRY * ParamPackage,OUT UINT32 * Mask,IN BOOLEAN CreateNew)224 CreateSpdEntry (
225 OUT EFI_IPSEC_SPD_SELECTOR **Selector,
226 OUT EFI_IPSEC_SPD_DATA **Data,
227 IN LIST_ENTRY *ParamPackage,
228 OUT UINT32 *Mask,
229 IN BOOLEAN CreateNew
230 )
231 {
232 EFI_STATUS Status;
233 EFI_STATUS ReturnStatus;
234 CONST CHAR16 *ValueStr;
235 UINTN DataSize;
236
237 Status = EFI_SUCCESS;
238 *Mask = 0;
239
240 *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
241 ASSERT (*Selector != NULL);
242
243 (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
244 (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
245
246 ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
247
248 //
249 // SPD DATA
250 // NOTE: Allocate enough memory and add padding for different arch.
251 //
252 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
253 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
254 DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
255
256 *Data = AllocateZeroPool (DataSize);
257 ASSERT (*Data != NULL);
258
259 (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
260 (*Data + 1),
261 sizeof (UINTN)
262 );
263 (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
264 ((*Data)->ProcessingPolicy + 1),
265 sizeof (UINTN)
266 );
267
268
269 //
270 // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
271 //
272 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
273 if (ValueStr != NULL) {
274 UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));
275 *Mask |= NAME;
276 }
277
278 //
279 // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
280 //
281 Status = GetNumber (
282 L"--packet-flag",
283 (UINT8) -1,
284 &(*Data)->PackageFlag,
285 sizeof (UINT32),
286 NULL,
287 ParamPackage,
288 FORMAT_NUMBER
289 );
290 if (!EFI_ERROR (Status)) {
291 *Mask |= PACKET_FLAG;
292 }
293
294 if (Status == EFI_INVALID_PARAMETER) {
295 ReturnStatus = EFI_INVALID_PARAMETER;
296 }
297
298 //
299 // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
300 //
301 Status = GetNumber (
302 L"--action",
303 (UINT8) -1,
304 &(*Data)->Action,
305 sizeof (UINT32),
306 mMapIpSecAction,
307 ParamPackage,
308 FORMAT_STRING
309 );
310 if (!EFI_ERROR (Status)) {
311 *Mask |= ACTION;
312 }
313
314 if (Status == EFI_INVALID_PARAMETER) {
315 ReturnStatus = EFI_INVALID_PARAMETER;
316 }
317
318 //
319 // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
320 //
321 if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
322 (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
323 *Mask |= EXT_SEQUENCE;
324 } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
325 (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
326 *Mask |= EXT_SEQUENCE;
327 }
328
329 //
330 // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
331 //
332 if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
333 (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
334 *Mask |= SEQUENCE_OVERFLOW;
335 } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
336 (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
337 *Mask |= SEQUENCE_OVERFLOW;
338 }
339
340 //
341 // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
342 //
343 if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
344 (*Data)->ProcessingPolicy->FragCheck = TRUE;
345 *Mask |= FRAGMENT_CHECK;
346 } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
347 (*Data)->ProcessingPolicy->FragCheck = FALSE;
348 *Mask |= FRAGMENT_CHECK;
349 }
350
351 //
352 // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
353 //
354 Status = GetNumber (
355 L"--lifebyte",
356 (UINT64) -1,
357 &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
358 sizeof (UINT64),
359 NULL,
360 ParamPackage,
361 FORMAT_NUMBER
362 );
363 if (!EFI_ERROR (Status)) {
364 *Mask |= LIFEBYTE;
365 }
366
367 if (Status == EFI_INVALID_PARAMETER) {
368 ReturnStatus = EFI_INVALID_PARAMETER;
369 }
370
371 Status = GetNumber (
372 L"--lifetime",
373 (UINT64) -1,
374 &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
375 sizeof (UINT64),
376 NULL,
377 ParamPackage,
378 FORMAT_NUMBER
379 );
380 if (!EFI_ERROR (Status)) {
381 *Mask |= LIFETIME;
382 }
383 if (Status == EFI_INVALID_PARAMETER) {
384 ReturnStatus = EFI_INVALID_PARAMETER;
385 }
386
387 Status = GetNumber (
388 L"--lifetime-soft",
389 (UINT64) -1,
390 &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
391 sizeof (UINT64),
392 NULL,
393 ParamPackage,
394 FORMAT_NUMBER
395 );
396 if (!EFI_ERROR (Status)) {
397 *Mask |= LIFETIME_SOFT;
398 }
399
400 if (Status == EFI_INVALID_PARAMETER) {
401 ReturnStatus = EFI_INVALID_PARAMETER;
402 }
403
404 (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
405 Status = GetNumber (
406 L"--mode",
407 0,
408 &(*Data)->ProcessingPolicy->Mode,
409 sizeof (UINT32),
410 mMapIpSecMode,
411 ParamPackage,
412 FORMAT_STRING
413 );
414 if (!EFI_ERROR (Status)) {
415 *Mask |= MODE;
416 }
417
418 if (Status == EFI_INVALID_PARAMETER) {
419 ReturnStatus = EFI_INVALID_PARAMETER;
420 }
421
422 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
423 if (ValueStr != NULL) {
424 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
425 if (EFI_ERROR (Status)) {
426 ShellPrintHiiEx (
427 -1,
428 -1,
429 NULL,
430 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
431 mHiiHandle,
432 mAppName,
433 L"--tunnel-local",
434 ValueStr
435 );
436 ReturnStatus = EFI_INVALID_PARAMETER;
437 } else {
438 *Mask |= TUNNEL_LOCAL;
439 }
440 }
441
442 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
443 if (ValueStr != NULL) {
444 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
445 if (EFI_ERROR (Status)) {
446 ShellPrintHiiEx (
447 -1,
448 -1,
449 NULL,
450 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
451 mHiiHandle,
452 mAppName,
453 L"--tunnel-remote",
454 ValueStr
455 );
456 ReturnStatus = EFI_INVALID_PARAMETER;
457 } else {
458 *Mask |= TUNNEL_REMOTE;
459 }
460 }
461
462 (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
463 Status = GetNumber (
464 L"--dont-fragment",
465 0,
466 &(*Data)->ProcessingPolicy->TunnelOption->DF,
467 sizeof (UINT32),
468 mMapDfOption,
469 ParamPackage,
470 FORMAT_STRING
471 );
472 if (!EFI_ERROR (Status)) {
473 *Mask |= DONT_FRAGMENT;
474 }
475
476 if (Status == EFI_INVALID_PARAMETER) {
477 ReturnStatus = EFI_INVALID_PARAMETER;
478 }
479
480 (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
481 Status = GetNumber (
482 L"--ipsec-proto",
483 0,
484 &(*Data)->ProcessingPolicy->Proto,
485 sizeof (UINT32),
486 mMapIpSecProtocol,
487 ParamPackage,
488 FORMAT_STRING
489 );
490 if (!EFI_ERROR (Status)) {
491 *Mask |= IPSEC_PROTO;
492 }
493
494 if (Status == EFI_INVALID_PARAMETER) {
495 ReturnStatus = EFI_INVALID_PARAMETER;
496 }
497
498 Status = GetNumber (
499 L"--encrypt-algo",
500 0,
501 &(*Data)->ProcessingPolicy->EncAlgoId,
502 sizeof (UINT8),
503 mMapEncAlgo,
504 ParamPackage,
505 FORMAT_STRING
506 );
507 if (!EFI_ERROR (Status)) {
508 *Mask |= ENCRYPT_ALGO;
509 }
510
511 if (Status == EFI_INVALID_PARAMETER) {
512 ReturnStatus = EFI_INVALID_PARAMETER;
513 }
514
515 Status = GetNumber (
516 L"--auth-algo",
517 0,
518 &(*Data)->ProcessingPolicy->AuthAlgoId,
519 sizeof (UINT8),
520 mMapAuthAlgo,
521 ParamPackage,
522 FORMAT_STRING
523 );
524 if (!EFI_ERROR (Status)) {
525 *Mask |= AUTH_ALGO;
526 }
527
528 if (Status == EFI_INVALID_PARAMETER) {
529 ReturnStatus = EFI_INVALID_PARAMETER;
530 }
531
532 //
533 // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
534 //
535 if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
536 (*Data)->ProcessingPolicy->TunnelOption = NULL;
537 }
538
539 if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
540 LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
541 DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
542 if ((*Data)->Action != EfiIPsecActionProtect) {
543 //
544 // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
545 //
546 (*Data)->ProcessingPolicy = NULL;
547 }
548 }
549
550 if (CreateNew) {
551 if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
552 ShellPrintHiiEx (
553 -1,
554 -1,
555 NULL,
556 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
557 mHiiHandle,
558 mAppName,
559 L"--local --remote --proto --action"
560 );
561 ReturnStatus = EFI_INVALID_PARAMETER;
562 } else if (((*Data)->Action == EfiIPsecActionProtect) &&
563 ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
564 ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
565 ShellPrintHiiEx (
566 -1,
567 -1,
568 NULL,
569 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
570 mHiiHandle,
571 mAppName,
572 L"--tunnel-local --tunnel-remote"
573 );
574 ReturnStatus = EFI_INVALID_PARAMETER;
575 }
576 }
577
578 return ReturnStatus;
579 }
580
581 /**
582 Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
583
584 @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
585 @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
586 @param[in] ParamPackage The pointer to the ParamPackage list.
587 @param[out] Mask The pointer to the Mask.
588 @param[in] CreateNew The switch to create new.
589
590 @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
591 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
592
593 **/
594 EFI_STATUS
CreateSadEntry(OUT EFI_IPSEC_SA_ID ** SaId,OUT EFI_IPSEC_SA_DATA2 ** Data,IN LIST_ENTRY * ParamPackage,OUT UINT32 * Mask,IN BOOLEAN CreateNew)595 CreateSadEntry (
596 OUT EFI_IPSEC_SA_ID **SaId,
597 OUT EFI_IPSEC_SA_DATA2 **Data,
598 IN LIST_ENTRY *ParamPackage,
599 OUT UINT32 *Mask,
600 IN BOOLEAN CreateNew
601 )
602 {
603 EFI_STATUS Status;
604 EFI_STATUS ReturnStatus;
605 UINTN AuthKeyLength;
606 UINTN EncKeyLength;
607 CONST CHAR16 *ValueStr;
608 CHAR8 *AsciiStr;
609 UINTN DataSize;
610
611 Status = EFI_SUCCESS;
612 ReturnStatus = EFI_SUCCESS;
613 *Mask = 0;
614 AuthKeyLength = 0;
615 EncKeyLength = 0;
616
617 *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
618 ASSERT (*SaId != NULL);
619
620 //
621 // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
622 //
623 Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
624 if (!EFI_ERROR (Status)) {
625 *Mask |= SPI;
626 }
627
628 if (Status == EFI_INVALID_PARAMETER) {
629 ReturnStatus = EFI_INVALID_PARAMETER;
630 }
631
632 //
633 // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
634 //
635 Status = GetNumber (
636 L"--ipsec-proto",
637 0,
638 &(*SaId)->Proto,
639 sizeof (EFI_IPSEC_PROTOCOL_TYPE),
640 mMapIpSecProtocol,
641 ParamPackage,
642 FORMAT_STRING
643 );
644 if (!EFI_ERROR (Status)) {
645 *Mask |= IPSEC_PROTO;
646 }
647
648 if (Status == EFI_INVALID_PARAMETER) {
649 ReturnStatus = EFI_INVALID_PARAMETER;
650 }
651
652 //
653 // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
654 //
655 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
656 if (ValueStr != NULL) {
657 AuthKeyLength = StrLen (ValueStr);
658 }
659
660 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
661 if (ValueStr != NULL) {
662 EncKeyLength = StrLen (ValueStr);
663 }
664
665 //
666 // EFI_IPSEC_SA_DATA2:
667 // +------------
668 // | EFI_IPSEC_SA_DATA2
669 // +-----------------------
670 // | AuthKey
671 // +-------------------------
672 // | EncKey
673 // +-------------------------
674 // | SpdSelector
675 //
676 // Notes: To make sure the address alignment add padding after each data if needed.
677 //
678 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
679 DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
680 DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
681 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
682 DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
683 DataSize += sizeof (EFI_IP_ADDRESS_INFO);
684
685
686
687 *Data = AllocateZeroPool (DataSize);
688 ASSERT (*Data != NULL);
689
690 (*Data)->ManualSet = TRUE;
691 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
692 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
693 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
694 sizeof (UINTN)
695 );
696 (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
697 ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
698 sizeof (UINTN)
699 );
700 (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
701 ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
702 sizeof (UINTN));
703 (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
704 (*Data)->SpdSelector->LocalAddress + 1,
705 sizeof (UINTN)
706 );
707
708 (*Data)->Mode = EfiIPsecTransport;
709 Status = GetNumber (
710 L"--mode",
711 0,
712 &(*Data)->Mode,
713 sizeof (EFI_IPSEC_MODE),
714 mMapIpSecMode,
715 ParamPackage,
716 FORMAT_STRING
717 );
718 if (!EFI_ERROR (Status)) {
719 *Mask |= MODE;
720 }
721
722 if (Status == EFI_INVALID_PARAMETER) {
723 ReturnStatus = EFI_INVALID_PARAMETER;
724 }
725
726 //
727 // According to RFC 4303-3.3.3. The first packet sent using a given SA
728 // will contain a sequence number of 1.
729 //
730 (*Data)->SNCount = 1;
731 Status = GetNumber (
732 L"--sequence-number",
733 (UINT64) -1,
734 &(*Data)->SNCount,
735 sizeof (UINT64),
736 NULL,
737 ParamPackage,
738 FORMAT_NUMBER
739 );
740 if (!EFI_ERROR (Status)) {
741 *Mask |= SEQUENCE_NUMBER;
742 }
743
744 if (Status == EFI_INVALID_PARAMETER) {
745 ReturnStatus = EFI_INVALID_PARAMETER;
746 }
747
748 (*Data)->AntiReplayWindows = 0;
749 Status = GetNumber (
750 L"--antireplay-window",
751 (UINT8) -1,
752 &(*Data)->AntiReplayWindows,
753 sizeof (UINT8),
754 NULL,
755 ParamPackage,
756 FORMAT_NUMBER
757 );
758 if (!EFI_ERROR (Status)) {
759 *Mask |= SEQUENCE_NUMBER;
760 }
761
762 if (Status == EFI_INVALID_PARAMETER) {
763 ReturnStatus = EFI_INVALID_PARAMETER;
764 }
765
766 Status = GetNumber (
767 L"--encrypt-algo",
768 0,
769 &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
770 sizeof (UINT8),
771 mMapEncAlgo,
772 ParamPackage,
773 FORMAT_STRING
774 );
775 if (!EFI_ERROR (Status)) {
776 *Mask |= ENCRYPT_ALGO;
777 }
778
779 if (Status == EFI_INVALID_PARAMETER) {
780 ReturnStatus = EFI_INVALID_PARAMETER;
781 }
782
783 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
784 if (ValueStr != NULL ) {
785 (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
786 AsciiStr = AllocateZeroPool (EncKeyLength + 1);
787 ASSERT (AsciiStr != NULL);
788 UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);
789 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
790 FreePool (AsciiStr);
791 *Mask |= ENCRYPT_KEY;
792 } else {
793 (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
794 }
795
796 Status = GetNumber (
797 L"--auth-algo",
798 0,
799 &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
800 sizeof (UINT8),
801 mMapAuthAlgo,
802 ParamPackage,
803 FORMAT_STRING
804 );
805 if (!EFI_ERROR (Status)) {
806 *Mask |= AUTH_ALGO;
807 }
808
809 if (Status == EFI_INVALID_PARAMETER) {
810 ReturnStatus = EFI_INVALID_PARAMETER;
811 }
812
813 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
814 if (ValueStr != NULL) {
815 (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
816 AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
817 ASSERT (AsciiStr != NULL);
818 UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);
819 CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
820 FreePool (AsciiStr);
821 *Mask |= AUTH_KEY;
822 } else {
823 (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
824 }
825
826 Status = GetNumber (
827 L"--lifebyte",
828 (UINT64) -1,
829 &(*Data)->SaLifetime.ByteCount,
830 sizeof (UINT64),
831 NULL,
832 ParamPackage,
833 FORMAT_NUMBER
834 );
835 if (!EFI_ERROR (Status)) {
836 *Mask |= LIFEBYTE;
837 }
838
839 if (Status == EFI_INVALID_PARAMETER) {
840 ReturnStatus = EFI_INVALID_PARAMETER;
841 }
842
843 Status = GetNumber (
844 L"--lifetime",
845 (UINT64) -1,
846 &(*Data)->SaLifetime.HardLifetime,
847 sizeof (UINT64),
848 NULL,
849 ParamPackage,
850 FORMAT_NUMBER
851 );
852 if (!EFI_ERROR (Status)) {
853 *Mask |= LIFETIME;
854 }
855
856 if (Status == EFI_INVALID_PARAMETER) {
857 ReturnStatus = EFI_INVALID_PARAMETER;
858 }
859
860 Status = GetNumber (
861 L"--lifetime-soft",
862 (UINT64) -1,
863 &(*Data)->SaLifetime.SoftLifetime,
864 sizeof (UINT64),
865 NULL,
866 ParamPackage,
867 FORMAT_NUMBER
868 );
869 if (!EFI_ERROR (Status)) {
870 *Mask |= LIFETIME_SOFT;
871 }
872
873 if (Status == EFI_INVALID_PARAMETER) {
874 ReturnStatus = EFI_INVALID_PARAMETER;
875 }
876
877 Status = GetNumber (
878 L"--path-mtu",
879 (UINT32) -1,
880 &(*Data)->PathMTU,
881 sizeof (UINT32),
882 NULL,
883 ParamPackage,
884 FORMAT_NUMBER
885 );
886 if (!EFI_ERROR (Status)) {
887 *Mask |= PATH_MTU;
888 }
889
890 if (Status == EFI_INVALID_PARAMETER) {
891 ReturnStatus = EFI_INVALID_PARAMETER;
892 }
893
894 //
895 // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
896 //
897 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
898 if (ValueStr != NULL) {
899 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
900 if (EFI_ERROR (Status)) {
901 ShellPrintHiiEx (
902 -1,
903 -1,
904 NULL,
905 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
906 mHiiHandle,
907 mAppName,
908 L"--tunnel-dest",
909 ValueStr
910 );
911 ReturnStatus = EFI_INVALID_PARAMETER;
912 } else {
913 *Mask |= DEST;
914 }
915 }
916
917 //
918 // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
919 //
920 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
921 if (ValueStr != NULL) {
922 Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
923 if (EFI_ERROR (Status)) {
924 ShellPrintHiiEx (
925 -1,
926 -1,
927 NULL,
928 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
929 mHiiHandle,
930 mAppName,
931 L"--tunnel-source",
932 ValueStr
933 );
934 ReturnStatus = EFI_INVALID_PARAMETER;
935 } else {
936 *Mask |= SOURCE;
937 }
938 }
939
940 //
941 // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
942 //
943 if ((*Data)->Mode == EfiIPsecTunnel) {
944 if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
945 ShellPrintHiiEx (
946 -1,
947 -1,
948 NULL,
949 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
950 mHiiHandle,
951 mAppName,
952 L"--tunnel-source --tunnel-dest"
953 );
954 ReturnStatus = EFI_INVALID_PARAMETER;
955 }
956 }
957 ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
958
959 if (CreateNew) {
960 if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
961 ShellPrintHiiEx (
962 -1,
963 -1,
964 NULL,
965 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
966 mHiiHandle,
967 mAppName,
968 L"--spi --ipsec-proto --local --remote"
969 );
970 ReturnStatus = EFI_INVALID_PARAMETER;
971 } else {
972 if ((*SaId)->Proto == EfiIPsecAH) {
973 if ((*Mask & AUTH_ALGO) == 0) {
974 ShellPrintHiiEx (
975 -1,
976 -1,
977 NULL,
978 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
979 mHiiHandle,
980 mAppName,
981 L"--auth-algo"
982 );
983 ReturnStatus = EFI_INVALID_PARAMETER;
984 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
985 ShellPrintHiiEx (
986 -1,
987 -1,
988 NULL,
989 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
990 mHiiHandle,
991 mAppName,
992 L"--auth-key"
993 );
994 ReturnStatus = EFI_INVALID_PARAMETER;
995 }
996 } else {
997 if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
998 ShellPrintHiiEx (
999 -1,
1000 -1,
1001 NULL,
1002 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1003 mHiiHandle,
1004 mAppName,
1005 L"--encrypt-algo --auth-algo"
1006 );
1007 ReturnStatus = EFI_INVALID_PARAMETER;
1008 } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
1009 ShellPrintHiiEx (
1010 -1,
1011 -1,
1012 NULL,
1013 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1014 mHiiHandle,
1015 mAppName,
1016 L"--encrypt-key"
1017 );
1018 ReturnStatus = EFI_INVALID_PARAMETER;
1019 } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
1020 ShellPrintHiiEx (
1021 -1,
1022 -1,
1023 NULL,
1024 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1025 mHiiHandle,
1026 mAppName,
1027 L"--auth-key"
1028 );
1029 ReturnStatus = EFI_INVALID_PARAMETER;
1030 }
1031 }
1032 }
1033 }
1034
1035 return ReturnStatus;
1036 }
1037
1038 /**
1039 Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
1040
1041 @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
1042 @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
1043 @param[in] ParamPackage The pointer to the ParamPackage list.
1044 @param[out] Mask The pointer to the Mask.
1045 @param[in] CreateNew The switch to create new.
1046
1047 @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
1048 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1049
1050 **/
1051 EFI_STATUS
CreatePadEntry(OUT EFI_IPSEC_PAD_ID ** PadId,OUT EFI_IPSEC_PAD_DATA ** Data,IN LIST_ENTRY * ParamPackage,OUT UINT32 * Mask,IN BOOLEAN CreateNew)1052 CreatePadEntry (
1053 OUT EFI_IPSEC_PAD_ID **PadId,
1054 OUT EFI_IPSEC_PAD_DATA **Data,
1055 IN LIST_ENTRY *ParamPackage,
1056 OUT UINT32 *Mask,
1057 IN BOOLEAN CreateNew
1058 )
1059 {
1060 EFI_STATUS Status;
1061 EFI_STATUS ReturnStatus;
1062 SHELL_FILE_HANDLE FileHandle;
1063 UINT64 FileSize;
1064 UINTN AuthDataLength;
1065 UINTN RevocationDataLength;
1066 UINTN DataLength;
1067 UINTN Index;
1068 CONST CHAR16 *ValueStr;
1069 UINTN DataSize;
1070
1071 Status = EFI_SUCCESS;
1072 ReturnStatus = EFI_SUCCESS;
1073 *Mask = 0;
1074 AuthDataLength = 0;
1075 RevocationDataLength = 0;
1076
1077 *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
1078 ASSERT (*PadId != NULL);
1079
1080 //
1081 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
1082 //
1083 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
1084 if (ValueStr != NULL) {
1085 (*PadId)->PeerIdValid = FALSE;
1086 Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
1087 if (EFI_ERROR (Status)) {
1088 ShellPrintHiiEx (
1089 -1,
1090 -1,
1091 NULL,
1092 STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
1093 mHiiHandle,
1094 mAppName,
1095 L"--peer-address",
1096 ValueStr
1097 );
1098 ReturnStatus = EFI_INVALID_PARAMETER;
1099 } else {
1100 *Mask |= PEER_ADDRESS;
1101 }
1102 }
1103
1104 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
1105 if (ValueStr != NULL) {
1106 (*PadId)->PeerIdValid = TRUE;
1107 StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);
1108 *Mask |= PEER_ID;
1109 }
1110
1111 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1112 if (ValueStr != NULL) {
1113 if (ValueStr[0] == L'@') {
1114 //
1115 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1116 //
1117 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1118 if (EFI_ERROR (Status)) {
1119 ShellPrintHiiEx (
1120 -1,
1121 -1,
1122 NULL,
1123 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1124 mHiiHandle,
1125 mAppName,
1126 &ValueStr[1]
1127 );
1128 ReturnStatus = EFI_INVALID_PARAMETER;
1129 } else {
1130 Status = ShellGetFileSize (FileHandle, &FileSize);
1131 ShellCloseFile (&FileHandle);
1132 if (EFI_ERROR (Status)) {
1133 ShellPrintHiiEx (
1134 -1,
1135 -1,
1136 NULL,
1137 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1138 mHiiHandle,
1139 mAppName,
1140 &ValueStr[1]
1141 );
1142 ReturnStatus = EFI_INVALID_PARAMETER;
1143 } else {
1144 AuthDataLength = (UINTN) FileSize;
1145 }
1146 }
1147 } else {
1148 AuthDataLength = StrLen (ValueStr);
1149 }
1150 }
1151
1152 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1153 if (ValueStr != NULL) {
1154 RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
1155 }
1156
1157 //
1158 // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
1159 // in different Arch.
1160 //
1161 DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
1162 DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
1163 DataSize += RevocationDataLength;
1164
1165 *Data = AllocateZeroPool (DataSize);
1166 ASSERT (*Data != NULL);
1167
1168 (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
1169 (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
1170 (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
1171
1172 //
1173 // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
1174 //
1175 Status = GetNumber (
1176 L"--auth-proto",
1177 0,
1178 &(*Data)->AuthProtocol,
1179 sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
1180 mMapAuthProto,
1181 ParamPackage,
1182 FORMAT_STRING
1183 );
1184 if (!EFI_ERROR (Status)) {
1185 *Mask |= AUTH_PROTO;
1186 }
1187
1188 if (Status == EFI_INVALID_PARAMETER) {
1189 ReturnStatus = EFI_INVALID_PARAMETER;
1190 }
1191
1192 Status = GetNumber (
1193 L"--auth-method",
1194 0,
1195 &(*Data)->AuthMethod,
1196 sizeof (EFI_IPSEC_AUTH_METHOD),
1197 mMapAuthMethod,
1198 ParamPackage,
1199 FORMAT_STRING
1200 );
1201 if (!EFI_ERROR (Status)) {
1202 *Mask |= AUTH_METHOD;
1203 }
1204
1205 if (Status == EFI_INVALID_PARAMETER) {
1206 ReturnStatus = EFI_INVALID_PARAMETER;
1207 }
1208
1209 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
1210 (*Data)->IkeIdFlag = TRUE;
1211 *Mask |= IKE_ID;
1212 }
1213
1214 if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
1215 (*Data)->IkeIdFlag = FALSE;
1216 *Mask |= IKE_ID;
1217 }
1218
1219 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
1220 if (ValueStr != NULL) {
1221 if (ValueStr[0] == L'@') {
1222 //
1223 // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
1224 //
1225
1226 Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
1227 if (EFI_ERROR (Status)) {
1228 ShellPrintHiiEx (
1229 -1,
1230 -1,
1231 NULL,
1232 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1233 mHiiHandle,
1234 mAppName,
1235 &ValueStr[1]
1236 );
1237 ReturnStatus = EFI_INVALID_PARAMETER;
1238 (*Data)->AuthData = NULL;
1239 } else {
1240 DataLength = AuthDataLength;
1241 Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
1242 ShellCloseFile (&FileHandle);
1243 if (EFI_ERROR (Status)) {
1244 ShellPrintHiiEx (
1245 -1,
1246 -1,
1247 NULL,
1248 STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
1249 mHiiHandle,
1250 mAppName,
1251 &ValueStr[1]
1252 );
1253 ReturnStatus = EFI_INVALID_PARAMETER;
1254 (*Data)->AuthData = NULL;
1255 } else {
1256 ASSERT (DataLength == AuthDataLength);
1257 *Mask |= AUTH_DATA;
1258 }
1259 }
1260 } else {
1261 for (Index = 0; Index < AuthDataLength; Index++) {
1262 ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
1263 }
1264 (*Data)->AuthDataSize = AuthDataLength;
1265 *Mask |= AUTH_DATA;
1266 }
1267 }
1268
1269 ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
1270 if (ValueStr != NULL) {
1271 CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
1272 (*Data)->RevocationDataSize = RevocationDataLength;
1273 *Mask |= REVOCATION_DATA;
1274 } else {
1275 (*Data)->RevocationData = NULL;
1276 }
1277
1278 if (CreateNew) {
1279 if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1280 ShellPrintHiiEx (
1281 -1,
1282 -1,
1283 NULL,
1284 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1285 mHiiHandle,
1286 mAppName,
1287 L"--peer-id --peer-address"
1288 );
1289 ReturnStatus = EFI_INVALID_PARAMETER;
1290 } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
1291 ShellPrintHiiEx (
1292 -1,
1293 -1,
1294 NULL,
1295 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1296 mHiiHandle,
1297 mAppName,
1298 L"--auth-method --auth-data"
1299 );
1300 ReturnStatus = EFI_INVALID_PARAMETER;
1301 }
1302 }
1303
1304 return ReturnStatus;
1305 }
1306
1307 CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
1308 (CREATE_POLICY_ENTRY) CreateSpdEntry,
1309 (CREATE_POLICY_ENTRY) CreateSadEntry,
1310 (CREATE_POLICY_ENTRY) CreatePadEntry
1311 };
1312
1313 /**
1314 Combine old SPD entry with new SPD entry.
1315
1316 @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1317 @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
1318 @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
1319 @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
1320 @param[in] Mask The pointer to the Mask.
1321 @param[out] CreateNew The switch to create new.
1322
1323 @retval EFI_SUCCESS Combined successfully.
1324 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1325
1326 **/
1327 EFI_STATUS
CombineSpdEntry(IN OUT EFI_IPSEC_SPD_SELECTOR * OldSelector,IN OUT EFI_IPSEC_SPD_DATA * OldData,IN EFI_IPSEC_SPD_SELECTOR * NewSelector,IN EFI_IPSEC_SPD_DATA * NewData,IN UINT32 Mask,OUT BOOLEAN * CreateNew)1328 CombineSpdEntry (
1329 IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
1330 IN OUT EFI_IPSEC_SPD_DATA *OldData,
1331 IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
1332 IN EFI_IPSEC_SPD_DATA *NewData,
1333 IN UINT32 Mask,
1334 OUT BOOLEAN *CreateNew
1335 )
1336 {
1337
1338 //
1339 // Process Selector
1340 //
1341 *CreateNew = FALSE;
1342 if ((Mask & LOCAL) == 0) {
1343 NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
1344 NewSelector->LocalAddress = OldSelector->LocalAddress;
1345 } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
1346 (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1347 *CreateNew = TRUE;
1348 }
1349
1350 if ((Mask & REMOTE) == 0) {
1351 NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
1352 NewSelector->RemoteAddress = OldSelector->RemoteAddress;
1353 } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
1354 (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
1355 *CreateNew = TRUE;
1356 }
1357
1358 if ((Mask & PROTO) == 0) {
1359 NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
1360 } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
1361 *CreateNew = TRUE;
1362 }
1363
1364 switch (NewSelector->NextLayerProtocol) {
1365 case EFI_IP4_PROTO_TCP:
1366 case EFI_IP4_PROTO_UDP:
1367 if ((Mask & LOCAL_PORT) == 0) {
1368 NewSelector->LocalPort = OldSelector->LocalPort;
1369 NewSelector->LocalPortRange = OldSelector->LocalPortRange;
1370 } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
1371 (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
1372 *CreateNew = TRUE;
1373 }
1374
1375 if ((Mask & REMOTE_PORT) == 0) {
1376 NewSelector->RemotePort = OldSelector->RemotePort;
1377 NewSelector->RemotePortRange = OldSelector->RemotePortRange;
1378 } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
1379 (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
1380 *CreateNew = TRUE;
1381 }
1382 break;
1383
1384 case EFI_IP4_PROTO_ICMP:
1385 if ((Mask & ICMP_TYPE) == 0) {
1386 NewSelector->LocalPort = OldSelector->LocalPort;
1387 } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
1388 *CreateNew = TRUE;
1389 }
1390
1391 if ((Mask & ICMP_CODE) == 0) {
1392 NewSelector->RemotePort = OldSelector->RemotePort;
1393 } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
1394 *CreateNew = TRUE;
1395 }
1396 break;
1397 }
1398 //
1399 // Process Data
1400 //
1401 OldData->SaIdCount = 0;
1402
1403 if ((Mask & NAME) != 0) {
1404 AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);
1405 }
1406
1407 if ((Mask & PACKET_FLAG) != 0) {
1408 OldData->PackageFlag = NewData->PackageFlag;
1409 }
1410
1411 if ((Mask & ACTION) != 0) {
1412 OldData->Action = NewData->Action;
1413 }
1414
1415 if (OldData->Action != EfiIPsecActionProtect) {
1416 OldData->ProcessingPolicy = NULL;
1417 } else {
1418 //
1419 // Protect
1420 //
1421 if (OldData->ProcessingPolicy == NULL) {
1422 //
1423 // Just point to new data if originally NULL.
1424 //
1425 OldData->ProcessingPolicy = NewData->ProcessingPolicy;
1426 if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
1427 (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
1428 ) {
1429 //
1430 // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
1431 //
1432 ShellPrintHiiEx (
1433 -1,
1434 -1,
1435 NULL,
1436 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1437 mHiiHandle,
1438 mAppName,
1439 L"--tunnel-local --tunnel-remote"
1440 );
1441 return EFI_INVALID_PARAMETER;
1442 }
1443 } else {
1444 //
1445 // Modify some of the data.
1446 //
1447 if ((Mask & EXT_SEQUENCE) != 0) {
1448 OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
1449 }
1450
1451 if ((Mask & SEQUENCE_OVERFLOW) != 0) {
1452 OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
1453 }
1454
1455 if ((Mask & FRAGMENT_CHECK) != 0) {
1456 OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
1457 }
1458
1459 if ((Mask & LIFEBYTE) != 0) {
1460 OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
1461 }
1462
1463 if ((Mask & LIFETIME_SOFT) != 0) {
1464 OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
1465 }
1466
1467 if ((Mask & LIFETIME) != 0) {
1468 OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
1469 }
1470
1471 if ((Mask & MODE) != 0) {
1472 OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
1473 }
1474
1475 if ((Mask & IPSEC_PROTO) != 0) {
1476 OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
1477 }
1478
1479 if ((Mask & AUTH_ALGO) != 0) {
1480 OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
1481 }
1482
1483 if ((Mask & ENCRYPT_ALGO) != 0) {
1484 OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
1485 }
1486
1487 if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
1488 OldData->ProcessingPolicy->TunnelOption = NULL;
1489 } else {
1490 if (OldData->ProcessingPolicy->TunnelOption == NULL) {
1491 //
1492 // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
1493 //
1494 if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
1495 ShellPrintHiiEx (
1496 -1,
1497 -1,
1498 NULL,
1499 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1500 mHiiHandle,
1501 mAppName,
1502 L"--tunnel-local --tunnel-remote"
1503 );
1504 return EFI_INVALID_PARAMETER;
1505 }
1506
1507 OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
1508 } else {
1509 if ((Mask & TUNNEL_LOCAL) != 0) {
1510 CopyMem (
1511 &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1512 &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
1513 sizeof (EFI_IP_ADDRESS)
1514 );
1515 }
1516
1517 if ((Mask & TUNNEL_REMOTE) != 0) {
1518 CopyMem (
1519 &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1520 &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
1521 sizeof (EFI_IP_ADDRESS)
1522 );
1523 }
1524
1525 if ((Mask & DONT_FRAGMENT) != 0) {
1526 OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
1527 }
1528 }
1529 }
1530 }
1531 }
1532
1533 return EFI_SUCCESS;
1534 }
1535
1536 /**
1537 Combine old SAD entry with new SAD entry.
1538
1539 @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
1540 @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1541 @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
1542 @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
1543 @param[in] Mask The pointer to the Mask.
1544 @param[out] CreateNew The switch to create new.
1545
1546 @retval EFI_SUCCESS Combined successfully.
1547 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1548
1549 **/
1550 EFI_STATUS
CombineSadEntry(IN OUT EFI_IPSEC_SA_ID * OldSaId,IN OUT EFI_IPSEC_SA_DATA2 * OldData,IN EFI_IPSEC_SA_ID * NewSaId,IN EFI_IPSEC_SA_DATA2 * NewData,IN UINT32 Mask,OUT BOOLEAN * CreateNew)1551 CombineSadEntry (
1552 IN OUT EFI_IPSEC_SA_ID *OldSaId,
1553 IN OUT EFI_IPSEC_SA_DATA2 *OldData,
1554 IN EFI_IPSEC_SA_ID *NewSaId,
1555 IN EFI_IPSEC_SA_DATA2 *NewData,
1556 IN UINT32 Mask,
1557 OUT BOOLEAN *CreateNew
1558 )
1559 {
1560
1561 *CreateNew = FALSE;
1562
1563 if ((Mask & SPI) == 0) {
1564 NewSaId->Spi = OldSaId->Spi;
1565 } else if (NewSaId->Spi != OldSaId->Spi) {
1566 *CreateNew = TRUE;
1567 }
1568
1569 if ((Mask & IPSEC_PROTO) == 0) {
1570 NewSaId->Proto = OldSaId->Proto;
1571 } else if (NewSaId->Proto != OldSaId->Proto) {
1572 *CreateNew = TRUE;
1573 }
1574
1575 if ((Mask & DEST) == 0) {
1576 CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
1577 } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1578 *CreateNew = TRUE;
1579 }
1580
1581 if ((Mask & SOURCE) == 0) {
1582 CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
1583 } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
1584 *CreateNew = TRUE;
1585 }
1586 //
1587 // Process SA_DATA.
1588 //
1589 if ((Mask & MODE) != 0) {
1590 OldData->Mode = NewData->Mode;
1591 }
1592
1593 if ((Mask & SEQUENCE_NUMBER) != 0) {
1594 OldData->SNCount = NewData->SNCount;
1595 }
1596
1597 if ((Mask & ANTIREPLAY_WINDOW) != 0) {
1598 OldData->AntiReplayWindows = NewData->AntiReplayWindows;
1599 }
1600
1601 if ((Mask & AUTH_ALGO) != 0) {
1602 OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
1603 }
1604
1605 if ((Mask & AUTH_KEY) != 0) {
1606 OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
1607 OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
1608 }
1609
1610 if ((Mask & ENCRYPT_ALGO) != 0) {
1611 OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
1612 }
1613
1614 if ((Mask & ENCRYPT_KEY) != 0) {
1615 OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
1616 OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
1617 }
1618
1619 if (NewSaId->Proto == EfiIPsecAH) {
1620 if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
1621 //
1622 // Should not provide encrypt_* if AH.
1623 //
1624 ShellPrintHiiEx (
1625 -1,
1626 -1,
1627 NULL,
1628 STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
1629 mHiiHandle,
1630 mAppName,
1631 L"--encrypt-algo --encrypt-key"
1632 );
1633 return EFI_INVALID_PARAMETER;
1634 }
1635 }
1636
1637 if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
1638 //
1639 // AH -> ESP
1640 // Should provide encrypt_algo at least.
1641 //
1642 if ((Mask & ENCRYPT_ALGO) == 0) {
1643 ShellPrintHiiEx (
1644 -1,
1645 -1,
1646 NULL,
1647 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1648 mHiiHandle,
1649 mAppName,
1650 L"--encrypt-algo"
1651 );
1652 return EFI_INVALID_PARAMETER;
1653 }
1654
1655 //
1656 // Encrypt_key should be provided if algorithm is not NONE.
1657 //
1658 if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
1659 ShellPrintHiiEx (
1660 -1,
1661 -1,
1662 NULL,
1663 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
1664 mHiiHandle,
1665 mAppName,
1666 L"--encrypt-algo"
1667 );
1668 return EFI_INVALID_PARAMETER;
1669 }
1670 }
1671
1672 if ((Mask & LIFEBYTE) != 0) {
1673 OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
1674 }
1675
1676 if ((Mask & LIFETIME_SOFT) != 0) {
1677 OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
1678 }
1679
1680 if ((Mask & LIFETIME) != 0) {
1681 OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
1682 }
1683
1684 if ((Mask & PATH_MTU) != 0) {
1685 OldData->PathMTU = NewData->PathMTU;
1686 }
1687 //
1688 // Process SpdSelector.
1689 //
1690 if (OldData->SpdSelector == NULL) {
1691 if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
1692 if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
1693 ShellPrintHiiEx (
1694 -1,
1695 -1,
1696 NULL,
1697 STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
1698 mHiiHandle,
1699 mAppName,
1700 L"--local --remote --proto"
1701 );
1702 return EFI_INVALID_PARAMETER;
1703 }
1704
1705 OldData->SpdSelector = NewData->SpdSelector;
1706 }
1707 } else {
1708 if ((Mask & LOCAL) != 0) {
1709 OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
1710 OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
1711 }
1712
1713 if ((Mask & REMOTE) != 0) {
1714 OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
1715 OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
1716 }
1717
1718 if ((Mask & PROTO) != 0) {
1719 OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
1720 }
1721
1722 if (OldData->SpdSelector != NULL) {
1723 switch (OldData->SpdSelector->NextLayerProtocol) {
1724 case EFI_IP4_PROTO_TCP:
1725 case EFI_IP4_PROTO_UDP:
1726 if ((Mask & LOCAL_PORT) != 0) {
1727 OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
1728 }
1729
1730 if ((Mask & REMOTE_PORT) != 0) {
1731 OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
1732 }
1733 break;
1734
1735 case EFI_IP4_PROTO_ICMP:
1736 if ((Mask & ICMP_TYPE) != 0) {
1737 OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
1738 }
1739
1740 if ((Mask & ICMP_CODE) != 0) {
1741 OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
1742 }
1743 break;
1744 }
1745 }
1746 }
1747
1748 return EFI_SUCCESS;
1749 }
1750
1751 /**
1752 Combine old PAD entry with new PAD entry.
1753
1754 @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1755 @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
1756 @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
1757 @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
1758 @param[in] Mask The pointer to the Mask.
1759 @param[out] CreateNew The switch to create new.
1760
1761 @retval EFI_SUCCESS Combined successfully.
1762 @retval EFI_INVALID_PARAMETER Invalid user input parameter.
1763
1764 **/
1765 EFI_STATUS
CombinePadEntry(IN OUT EFI_IPSEC_PAD_ID * OldPadId,IN OUT EFI_IPSEC_PAD_DATA * OldData,IN EFI_IPSEC_PAD_ID * NewPadId,IN EFI_IPSEC_PAD_DATA * NewData,IN UINT32 Mask,OUT BOOLEAN * CreateNew)1766 CombinePadEntry (
1767 IN OUT EFI_IPSEC_PAD_ID *OldPadId,
1768 IN OUT EFI_IPSEC_PAD_DATA *OldData,
1769 IN EFI_IPSEC_PAD_ID *NewPadId,
1770 IN EFI_IPSEC_PAD_DATA *NewData,
1771 IN UINT32 Mask,
1772 OUT BOOLEAN *CreateNew
1773 )
1774 {
1775
1776 *CreateNew = FALSE;
1777
1778 if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
1779 CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
1780 } else {
1781 if ((Mask & PEER_ID) != 0) {
1782 if (OldPadId->PeerIdValid) {
1783 if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
1784 *CreateNew = TRUE;
1785 }
1786 } else {
1787 *CreateNew = TRUE;
1788 }
1789 } else {
1790 //
1791 // MASK & PEER_ADDRESS
1792 //
1793 if (OldPadId->PeerIdValid) {
1794 *CreateNew = TRUE;
1795 } else {
1796 if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
1797 (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
1798 *CreateNew = TRUE;
1799 }
1800 }
1801 }
1802 }
1803
1804 if ((Mask & AUTH_PROTO) != 0) {
1805 OldData->AuthProtocol = NewData->AuthProtocol;
1806 }
1807
1808 if ((Mask & AUTH_METHOD) != 0) {
1809 OldData->AuthMethod = NewData->AuthMethod;
1810 }
1811
1812 if ((Mask & IKE_ID) != 0) {
1813 OldData->IkeIdFlag = NewData->IkeIdFlag;
1814 }
1815
1816 if ((Mask & AUTH_DATA) != 0) {
1817 OldData->AuthDataSize = NewData->AuthDataSize;
1818 OldData->AuthData = NewData->AuthData;
1819 }
1820
1821 if ((Mask & REVOCATION_DATA) != 0) {
1822 OldData->RevocationDataSize = NewData->RevocationDataSize;
1823 OldData->RevocationData = NewData->RevocationData;
1824 }
1825
1826 return EFI_SUCCESS;
1827 }
1828
1829 COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
1830 (COMBINE_POLICY_ENTRY) CombineSpdEntry,
1831 (COMBINE_POLICY_ENTRY) CombineSadEntry,
1832 (COMBINE_POLICY_ENTRY) CombinePadEntry
1833 };
1834
1835 /**
1836 Edit entry information in the database.
1837
1838 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1839 @param[in] Data The pointer to the data.
1840 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1841
1842 @retval EFI_SUCCESS Continue the iteration.
1843 @retval EFI_ABORTED Abort the iteration.
1844 **/
1845 EFI_STATUS
EditOperatePolicyEntry(IN EFI_IPSEC_CONFIG_SELECTOR * Selector,IN VOID * Data,IN EDIT_POLICY_ENTRY_CONTEXT * Context)1846 EditOperatePolicyEntry (
1847 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1848 IN VOID *Data,
1849 IN EDIT_POLICY_ENTRY_CONTEXT *Context
1850 )
1851 {
1852 EFI_STATUS Status;
1853 BOOLEAN CreateNew;
1854
1855 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1856 ASSERT (Context->DataType < 3);
1857
1858 Status = mCombinePolicyEntry[Context->DataType] (
1859 Selector,
1860 Data,
1861 Context->Selector,
1862 Context->Data,
1863 Context->Mask,
1864 &CreateNew
1865 );
1866 if (!EFI_ERROR (Status)) {
1867 //
1868 // If the Selector already existed, this Entry will be updated by set data.
1869 //
1870 Status = mIpSecConfig->SetData (
1871 mIpSecConfig,
1872 Context->DataType,
1873 Context->Selector, /// New created selector.
1874 Data, /// Old date which has been modified, need to be set data.
1875 Selector
1876 );
1877 ASSERT_EFI_ERROR (Status);
1878
1879 if (CreateNew) {
1880 //
1881 // Edit the entry to a new one. So, we need delete the old entry.
1882 //
1883 Status = mIpSecConfig->SetData (
1884 mIpSecConfig,
1885 Context->DataType,
1886 Selector, /// Old selector.
1887 NULL, /// NULL means to delete this Entry specified by Selector.
1888 NULL
1889 );
1890 ASSERT_EFI_ERROR (Status);
1891 }
1892 }
1893
1894 Context->Status = Status;
1895 return EFI_ABORTED;
1896 }
1897
1898 return EFI_SUCCESS;
1899 }
1900
1901 /**
1902 Edit entry information in database according to datatype.
1903
1904 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1905 @param[in] ParamPackage The pointer to the ParamPackage list.
1906
1907 @retval EFI_SUCCESS Edit entry information successfully.
1908 @retval EFI_NOT_FOUND Can't find the specified entry.
1909 @retval Others Some mistaken case.
1910 **/
1911 EFI_STATUS
EditPolicyEntry(IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,IN LIST_ENTRY * ParamPackage)1912 EditPolicyEntry (
1913 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
1914 IN LIST_ENTRY *ParamPackage
1915 )
1916 {
1917 EFI_STATUS Status;
1918 EDIT_POLICY_ENTRY_CONTEXT Context;
1919 CONST CHAR16 *ValueStr;
1920
1921 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
1922 if (ValueStr == NULL) {
1923 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
1924 return EFI_NOT_FOUND;
1925 }
1926
1927 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
1928 if (!EFI_ERROR (Status)) {
1929 Context.DataType = DataType;
1930 Context.Status = EFI_NOT_FOUND;
1931 Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
1932 if (!EFI_ERROR (Status)) {
1933 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
1934 Status = Context.Status;
1935 }
1936
1937 if (Context.Selector != NULL) {
1938 gBS->FreePool (Context.Selector);
1939 }
1940
1941 if (Context.Data != NULL) {
1942 gBS->FreePool (Context.Data);
1943 }
1944 }
1945
1946 if (Status == EFI_NOT_FOUND) {
1947 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
1948 } else if (EFI_ERROR (Status)) {
1949 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
1950 }
1951
1952 return Status;
1953
1954 }
1955
1956 /**
1957 Insert entry information in database.
1958
1959 @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
1960 @param[in] Data The pointer to the data.
1961 @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
1962
1963 @retval EFI_SUCCESS Continue the iteration.
1964 @retval EFI_ABORTED Abort the iteration.
1965 **/
1966 EFI_STATUS
InsertPolicyEntry(IN EFI_IPSEC_CONFIG_SELECTOR * Selector,IN VOID * Data,IN INSERT_POLICY_ENTRY_CONTEXT * Context)1967 InsertPolicyEntry (
1968 IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
1969 IN VOID *Data,
1970 IN INSERT_POLICY_ENTRY_CONTEXT *Context
1971 )
1972 {
1973 //
1974 // Found the entry which we want to insert before.
1975 //
1976 if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
1977
1978 Context->Status = mIpSecConfig->SetData (
1979 mIpSecConfig,
1980 Context->DataType,
1981 Context->Selector,
1982 Context->Data,
1983 Selector
1984 );
1985 //
1986 // Abort the iteration after the insertion.
1987 //
1988 return EFI_ABORTED;
1989 }
1990
1991 return EFI_SUCCESS;
1992 }
1993
1994 /**
1995 Insert or add entry information in database according to datatype.
1996
1997 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
1998 @param[in] ParamPackage The pointer to the ParamPackage list.
1999
2000 @retval EFI_SUCCESS Insert or add entry information successfully.
2001 @retval EFI_NOT_FOUND Can't find the specified entry.
2002 @retval EFI_BUFFER_TOO_SMALL The entry already existed.
2003 @retval EFI_UNSUPPORTED The operation is not supported.
2004 @retval Others Some mistaken case.
2005 **/
2006 EFI_STATUS
AddOrInsertPolicyEntry(IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,IN LIST_ENTRY * ParamPackage)2007 AddOrInsertPolicyEntry (
2008 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
2009 IN LIST_ENTRY *ParamPackage
2010 )
2011 {
2012 EFI_STATUS Status;
2013 EFI_IPSEC_CONFIG_SELECTOR *Selector;
2014 VOID *Data;
2015 INSERT_POLICY_ENTRY_CONTEXT Context;
2016 UINT32 Mask;
2017 UINTN DataSize;
2018 CONST CHAR16 *ValueStr;
2019
2020 Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
2021 if (!EFI_ERROR (Status)) {
2022 //
2023 // Find if the Selector to be inserted already exists.
2024 //
2025 DataSize = 0;
2026 Status = mIpSecConfig->GetData (
2027 mIpSecConfig,
2028 DataType,
2029 Selector,
2030 &DataSize,
2031 NULL
2032 );
2033 if (Status == EFI_BUFFER_TOO_SMALL) {
2034 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
2035 } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
2036 Status = mIpSecConfig->SetData (
2037 mIpSecConfig,
2038 DataType,
2039 Selector,
2040 Data,
2041 NULL
2042 );
2043 } else {
2044 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
2045 if (ValueStr == NULL) {
2046 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
2047 return EFI_NOT_FOUND;
2048 }
2049
2050 Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
2051 if (!EFI_ERROR (Status)) {
2052 Context.DataType = DataType;
2053 Context.Status = EFI_NOT_FOUND;
2054 Context.Selector = Selector;
2055 Context.Data = Data;
2056
2057 ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
2058 Status = Context.Status;
2059 if (Status == EFI_NOT_FOUND) {
2060 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
2061 }
2062 }
2063 }
2064
2065 gBS->FreePool (Selector);
2066 gBS->FreePool (Data);
2067 }
2068
2069 if (Status == EFI_UNSUPPORTED) {
2070 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
2071 } else if (EFI_ERROR (Status)) {
2072 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
2073 }
2074
2075 return Status;
2076 }
2077