1 /** @file
2   The implementation of match policy entry function in IpSecConfig application.
3 
4   Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
5 
6   This program and the accompanying materials
7   are licensed and made available under the terms and conditions of the BSD License
8   which accompanies this distribution.  The full text of the license may be found at
9   http://opensource.org/licenses/bsd-license.php.
10 
11   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13 
14 **/
15 
16 #include "IpSecConfig.h"
17 #include "Indexer.h"
18 #include "Match.h"
19 
20 /**
21   Private function to validate a buffer that should be filled with zero.
22 
23   @param[in] Memory    The pointer to the buffer.
24   @param[in] Size      The size of the buffer.
25 
26   @retval TRUE     The memory is filled with zero.
27   @retval FALSE    The memory isn't filled with zero.
28 **/
29 BOOLEAN
IsMemoryZero(IN VOID * Memory,IN UINTN Size)30 IsMemoryZero (
31   IN VOID     *Memory,
32   IN UINTN    Size
33   )
34 {
35   UINTN    Index;
36 
37   for (Index = 0; Index < Size; Index++) {
38     if (*((UINT8 *) Memory + Index) != 0) {
39       return FALSE;
40     }
41   }
42 
43   return TRUE;
44 }
45 
46 /**
47   Find the matching SPD with Indexer.
48 
49   @param[in] Selector    The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
50   @param[in] Data        The pointer to the EFI_IPSEC_SPD_DATA structure.
51   @param[in] Indexer     The pointer to the SPD_ENTRY_INDEXER structure.
52 
53   @retval TRUE     The matched SPD is found.
54   @retval FALSE    The matched SPD is not found.
55 **/
56 BOOLEAN
MatchSpdEntry(IN EFI_IPSEC_SPD_SELECTOR * Selector,IN EFI_IPSEC_SPD_DATA * Data,IN SPD_ENTRY_INDEXER * Indexer)57 MatchSpdEntry (
58   IN EFI_IPSEC_SPD_SELECTOR    *Selector,
59   IN EFI_IPSEC_SPD_DATA        *Data,
60   IN SPD_ENTRY_INDEXER         *Indexer
61   )
62 {
63   BOOLEAN    Match;
64 
65   Match = FALSE;
66   if (!IsMemoryZero (Indexer->Name, MAX_PEERID_LEN)) {
67     if ((Data->Name != NULL) && (AsciiStrCmp ((CHAR8 *) Indexer->Name, (CHAR8 *) Data->Name) == 0)) {
68       Match = TRUE;
69     }
70   } else {
71     if (Indexer->Index == 0) {
72       Match = TRUE;
73     }
74 
75     Indexer->Index--;
76   }
77 
78   return Match;
79 }
80 
81 /**
82   Find the matching SAD with Indexer.
83 
84   @param[in] SaId       The pointer to the EFI_IPSEC_SA_ID structure.
85   @param[in] Data       The pointer to the EFI_IPSEC_SA_DATA2 structure.
86   @param[in] Indexer    The pointer to the SPD_ENTRY_INDEXER structure.
87 
88   @retval TRUE     The matched SAD is found.
89   @retval FALSE    The matched SAD is not found.
90 **/
91 BOOLEAN
MatchSadEntry(IN EFI_IPSEC_SA_ID * SaId,IN EFI_IPSEC_SA_DATA2 * Data,IN SAD_ENTRY_INDEXER * Indexer)92 MatchSadEntry (
93   IN EFI_IPSEC_SA_ID      *SaId,
94   IN EFI_IPSEC_SA_DATA2   *Data,
95   IN SAD_ENTRY_INDEXER    *Indexer
96   )
97 {
98   BOOLEAN    Match;
99 
100   Match = FALSE;
101   if (!IsMemoryZero (&Indexer->SaId, sizeof (EFI_IPSEC_SA_ID))) {
102     Match = (BOOLEAN) (CompareMem (&Indexer->SaId, SaId, sizeof (EFI_IPSEC_SA_ID)) == 0);
103   } else {
104     if (Indexer->Index == 0) {
105       Match = TRUE;
106     }
107     Indexer->Index--;
108   }
109 
110   return Match;
111 }
112 
113 /**
114   Find the matching PAD with Indexer.
115 
116   @param[in] PadId      The pointer to the EFI_IPSEC_PAD_ID structure.
117   @param[in] Data       The pointer to the EFI_IPSEC_PAD_DATA structure.
118   @param[in] Indexer    The pointer to the SPD_ENTRY_INDEXER structure.
119 
120   @retval TRUE     The matched PAD is found.
121   @retval FALSE    The matched PAD is not found.
122 **/
123 BOOLEAN
MatchPadEntry(IN EFI_IPSEC_PAD_ID * PadId,IN EFI_IPSEC_PAD_DATA * Data,IN PAD_ENTRY_INDEXER * Indexer)124 MatchPadEntry (
125   IN EFI_IPSEC_PAD_ID      *PadId,
126   IN EFI_IPSEC_PAD_DATA    *Data,
127   IN PAD_ENTRY_INDEXER     *Indexer
128   )
129 {
130   BOOLEAN                       Match;
131 
132   Match = FALSE;
133   if (!IsMemoryZero (&Indexer->PadId, sizeof (EFI_IPSEC_PAD_ID))) {
134     Match = (BOOLEAN) ((Indexer->PadId.PeerIdValid == PadId->PeerIdValid) &&
135                        ((PadId->PeerIdValid &&
136                          (StrCmp (
137                             (CONST CHAR16 *) Indexer->PadId.Id.PeerId,
138                             (CONST CHAR16 *) PadId->Id.PeerId
139                             ) == 0)) ||
140                         ((!PadId->PeerIdValid) &&
141                          (Indexer->PadId.Id.IpAddress.PrefixLength == PadId->Id.IpAddress.PrefixLength) &&
142                          (CompareMem (
143                             &Indexer->PadId.Id.IpAddress.Address,
144                             &PadId->Id.IpAddress.Address,
145                             sizeof (EFI_IP_ADDRESS)
146                             ) == 0))));
147   } else {
148     if (Indexer->Index == 0) {
149       Match = TRUE;
150     }
151 
152     Indexer->Index--;
153   }
154 
155   return Match;
156 }
157 
158 MATCH_POLICY_ENTRY mMatchPolicyEntry[] = {
159   (MATCH_POLICY_ENTRY) MatchSpdEntry,
160   (MATCH_POLICY_ENTRY) MatchSadEntry,
161   (MATCH_POLICY_ENTRY) MatchPadEntry
162 };
163 
164