diff options
| author | Wang, Fan <fan.wang@intel.com> | 2019-04-23 11:16:50 +0800 |
|---|---|---|
| committer | Fu Siyuan <siyuan.fu@intel.com> | 2019-04-29 08:43:17 +0800 |
| commit | d55d9d0664366efe731db461e14c6fc380fca776 (patch) | |
| tree | 09df5249c7ae984220199febea0714923518ac46 /NetworkPkg/Application | |
| parent | af51cb48a22d4135db48ed784dbb6bbbea9c15b5 (diff) | |
| download | edk2-d55d9d0664366efe731db461e14c6fc380fca776.tar.gz edk2-d55d9d0664366efe731db461e14c6fc380fca776.tar.bz2 edk2-d55d9d0664366efe731db461e14c6fc380fca776.zip | |
NetworkPkg: Remove IpSec driver and application
* REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1697
The IpSec driver in NetworkPkg is not really used by platforms
but has security risks. So it is scheduled to be removed from
edk2, also include IpSecConfig application.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Diffstat (limited to 'NetworkPkg/Application')
20 files changed, 0 insertions, 5342 deletions
diff --git a/NetworkPkg/Application/IpsecConfig/Delete.c b/NetworkPkg/Application/IpsecConfig/Delete.c deleted file mode 100644 index cd37efdf49..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Delete.c +++ /dev/null @@ -1,104 +0,0 @@ -/** @file
- The implementation of delete policy entry function in IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Indexer.h"
-#include "Delete.h"
-#include "Match.h"
-#include "ForEach.h"
-
-/**
- Private function to delete entry information in database.
-
- @param[in] Selector The pointer to EFI_IPSEC_CONFIG_SELECTOR structure.
- @param[in] Data The pointer to Data.
- @param[in] Context The pointer to DELETE_POLICY_ENTRY_CONTEXT.
-
- @retval EFI_ABORTED Abort the iteration.
- @retval EFI_SUCCESS Continue the iteration.
-**/
-EFI_STATUS
-DeletePolicyEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN DELETE_POLICY_ENTRY_CONTEXT *Context
- )
-{
- if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
- Context->Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Selector,
- NULL,
- NULL
- );
- //
- // Abort the iteration after the insertion.
- //
- return EFI_ABORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Flush or delete entry information in the database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Delete entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-FlushOrDeletePolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- DELETE_POLICY_ENTRY_CONTEXT Context;
- CONST CHAR16 *ValueStr;
-
- //
- // If user wants to remove all.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- DataType,
- NULL,
- NULL,
- NULL
- );
- } else {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-d");
- if (ValueStr == NULL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
- return EFI_NOT_FOUND;
- }
-
- Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
- if (!EFI_ERROR (Status)) {
- Context.DataType = DataType;
- Context.Status = EFI_NOT_FOUND;
- ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) DeletePolicyEntry, &Context);
- Status = Context.Status;
-
- if (Status == EFI_NOT_FOUND) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
- } else if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DELETE_FAILED), mHiiHandle, mAppName);
- }
- }
- }
-
- return Status;
-}
diff --git a/NetworkPkg/Application/IpsecConfig/Delete.h b/NetworkPkg/Application/IpsecConfig/Delete.h deleted file mode 100644 index 35665b87d4..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Delete.h +++ /dev/null @@ -1,36 +0,0 @@ -/** @file
- The internal structure and function declaration of delete policy entry function
- in IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef __DELETE_H_
-#define __DELETE_H_
-
-typedef struct {
- EFI_IPSEC_CONFIG_DATA_TYPE DataType;
- POLICY_ENTRY_INDEXER Indexer;
- EFI_STATUS Status; //Indicate whether deletion succeeds.
-} DELETE_POLICY_ENTRY_CONTEXT;
-
-/**
- Flush or delete entry information in the database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Delete entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-FlushOrDeletePolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- );
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c deleted file mode 100644 index cc88cf36e5..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Dump.c +++ /dev/null @@ -1,573 +0,0 @@ -/** @file
- The implementation of dump policy entry function in IpSecConfig application.
-
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Dump.h"
-#include "ForEach.h"
-#include "Helper.h"
-
-/**
- Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
-
- @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
-
- @return the value of version.
-**/
-UINTN
-GetVerFromAddrInfo (
- IN EFI_IP_ADDRESS_INFO *AddressInfo
-)
-{
- if((AddressInfo->PrefixLength <= 32) && (AddressInfo->Address.Addr[1] == 0) &&
- (AddressInfo->Address.Addr[2] == 0) && (AddressInfo->Address.Addr[3] == 0)) {
- return IP_VERSION_4;
- } else {
- return IP_VERSION_6;
- }
-}
-
-/**
- Private function called to get the version information from a EFI_IP_ADDRESS structure.
-
- @param[in] Address The pointer to the EFI_IP_ADDRESS structure.
-
- @return The value of the version.
-**/
-UINTN
-GetVerFromIpAddr (
- IN EFI_IP_ADDRESS *Address
-)
-{
- if ((Address->Addr[1] == 0) && (Address->Addr[2] == 0) && (Address->Addr[3] == 0)) {
- return IP_VERSION_4;
- } else {
- return IP_VERSION_6;
- }
-}
-
-/**
- Private function called to print an ASCII string in unicode char format.
-
- @param[in] Str The pointer to the ASCII string.
- @param[in] Length The value of the ASCII string length.
-**/
-VOID
-DumpAsciiString (
- IN CHAR8 *Str,
- IN UINTN Length
- )
-{
- UINTN Index;
- Print (L"\"");
- for (Index = 0; Index < Length; Index++) {
- Print (L"%c", (CHAR16) Str[Index]);
- }
- Print (L"\"");
-}
-
-/**
- Private function called to print a buffer in Hex format.
-
- @param[in] Data The pointer to the buffer.
- @param[in] Length The size of the buffer.
-
-**/
-VOID
-DumpBuf (
- IN UINT8 *Data,
- IN UINTN Length
- )
-{
- UINTN Index;
- for (Index = 0; Index < Length; Index++) {
- Print (L"%02x ", Data[Index]);
- }
-}
-
-/**
- Private function called to print EFI_IP_ADDRESS_INFO content.
-
- @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
-**/
-VOID
-DumpAddressInfo (
- IN EFI_IP_ADDRESS_INFO *AddressInfo
- )
-{
- if (IP_VERSION_4 == GetVerFromAddrInfo (AddressInfo)) {
- Print (
- L"%d.%d.%d.%d",
- (UINTN) AddressInfo->Address.v4.Addr[0],
- (UINTN) AddressInfo->Address.v4.Addr[1],
- (UINTN) AddressInfo->Address.v4.Addr[2],
- (UINTN) AddressInfo->Address.v4.Addr[3]
- );
- if (AddressInfo->PrefixLength != 32) {
- Print (L"/%d", (UINTN) AddressInfo->PrefixLength);
- }
- }
-
- if (IP_VERSION_6 == GetVerFromAddrInfo (AddressInfo)) {
- Print (
- L"%x:%x:%x:%x:%x:%x:%x:%x",
- (((UINT16) AddressInfo->Address.v6.Addr[0]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[1]),
- (((UINT16) AddressInfo->Address.v6.Addr[2]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[3]),
- (((UINT16) AddressInfo->Address.v6.Addr[4]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[5]),
- (((UINT16) AddressInfo->Address.v6.Addr[6]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[7]),
- (((UINT16) AddressInfo->Address.v6.Addr[8]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[9]),
- (((UINT16) AddressInfo->Address.v6.Addr[10]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[11]),
- (((UINT16) AddressInfo->Address.v6.Addr[12]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[13]),
- (((UINT16) AddressInfo->Address.v6.Addr[14]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[15])
- );
- if (AddressInfo->PrefixLength != 128) {
- Print (L"/%d", AddressInfo->PrefixLength);
- }
- }
-}
-
-/**
- Private function called to print EFI_IP_ADDRESS content.
-
- @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
-**/
-VOID
-DumpIpAddress (
- IN EFI_IP_ADDRESS *IpAddress
- )
-{
- if (IP_VERSION_4 == GetVerFromIpAddr (IpAddress)) {
- Print (
- L"%d.%d.%d.%d",
- (UINTN) IpAddress->v4.Addr[0],
- (UINTN) IpAddress->v4.Addr[1],
- (UINTN) IpAddress->v4.Addr[2],
- (UINTN) IpAddress->v4.Addr[3]
- );
- }
-
- if (IP_VERSION_6 == GetVerFromIpAddr (IpAddress)) {
- Print (
- L"%x:%x:%x:%x:%x:%x:%x:%x",
- (((UINT16) IpAddress->v6.Addr[0]) << 8) | ((UINT16) IpAddress->v6.Addr[1]),
- (((UINT16) IpAddress->v6.Addr[2]) << 8) | ((UINT16) IpAddress->v6.Addr[3]),
- (((UINT16) IpAddress->v6.Addr[4]) << 8) | ((UINT16) IpAddress->v6.Addr[5]),
- (((UINT16) IpAddress->v6.Addr[6]) << 8) | ((UINT16) IpAddress->v6.Addr[7]),
- (((UINT16) IpAddress->v6.Addr[8]) << 8) | ((UINT16) IpAddress->v6.Addr[9]),
- (((UINT16) IpAddress->v6.Addr[10]) << 8) | ((UINT16) IpAddress->v6.Addr[11]),
- (((UINT16) IpAddress->v6.Addr[12]) << 8) | ((UINT16) IpAddress->v6.Addr[13]),
- (((UINT16) IpAddress->v6.Addr[14]) << 8) | ((UINT16) IpAddress->v6.Addr[15])
- );
- }
-
-}
-
-/**
- Private function called to print EFI_IPSEC_SPD_SELECTOR content.
-
- @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
-**/
-VOID
-DumpSpdSelector (
- IN EFI_IPSEC_SPD_SELECTOR *Selector
- )
-{
- UINT32 Index;
- CHAR16 *Str;
-
- for (Index = 0; Index < Selector->LocalAddressCount; Index++) {
- if (Index > 0) {
- Print (L",");
- }
-
- DumpAddressInfo (&Selector->LocalAddress[Index]);
- }
-
- if (Index == 0) {
- Print (L"localhost");
- }
-
- Print (L" -> ");
-
- for (Index = 0; Index < Selector->RemoteAddressCount; Index++) {
- if (Index > 0) {
- Print (L",");
- }
-
- DumpAddressInfo (&Selector->RemoteAddress[Index]);
- }
-
- Str = MapIntegerToString (Selector->NextLayerProtocol, mMapIpProtocol);
- if (Str != NULL) {
- Print (L" %s", Str);
- } else {
- Print (L" proto:%d", (UINTN) Selector->NextLayerProtocol);
- }
-
- if ((Selector->NextLayerProtocol == EFI_IP4_PROTO_TCP) || (Selector->NextLayerProtocol == EFI_IP4_PROTO_UDP)) {
- Print (L" port:");
- if (Selector->LocalPort != EFI_IPSEC_ANY_PORT) {
- Print (L"%d", Selector->LocalPort);
- if (Selector->LocalPortRange != 0) {
- Print (L"~%d", (UINTN) Selector->LocalPort + Selector->LocalPortRange);
- }
- } else {
- Print (L"any");
- }
-
- Print (L" -> ");
- if (Selector->RemotePort != EFI_IPSEC_ANY_PORT) {
- Print (L"%d", Selector->RemotePort);
- if (Selector->RemotePortRange != 0) {
- Print (L"~%d", (UINTN) Selector->RemotePort + Selector->RemotePortRange);
- }
- } else {
- Print (L"any");
- }
- } else if (Selector->NextLayerProtocol == EFI_IP4_PROTO_ICMP) {
- Print (L" class/code:");
- if (Selector->LocalPort != 0) {
- Print (L"%d", (UINTN) (UINT8) Selector->LocalPort);
- } else {
- Print (L"any");
- }
-
- Print (L"/");
- if (Selector->RemotePort != 0) {
- Print (L"%d", (UINTN) (UINT8) Selector->RemotePort);
- } else {
- Print (L"any");
- }
- }
-}
-
-/**
- Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
-
- @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
- @param[in] EntryIndex The pointer to the Index in SPD Database.
-
- @retval EFI_SUCCESS Dump SPD information successfully.
-**/
-EFI_STATUS
-DumpSpdEntry (
- IN EFI_IPSEC_SPD_SELECTOR *Selector,
- IN EFI_IPSEC_SPD_DATA *Data,
- IN UINTN *EntryIndex
- )
-{
- BOOLEAN HasPre;
- CHAR16 DataName[128];
- CHAR16 *String1;
- CHAR16 *String2;
- CHAR16 *String3;
- UINT8 Index;
-
- Print (L"%d.", (*EntryIndex)++);
-
- //
- // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
- // Protect PF:0x34323423 Name:First Entry
- // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
- // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
- //
-
- DumpSpdSelector (Selector);
- Print (L"\n ");
-
- Print (L"%s ", MapIntegerToString (Data->Action, mMapIpSecAction));
- Print (L"PF:%08x ", Data->PackageFlag);
-
- Index = 0;
- while (Data->Name[Index] != 0) {
- DataName[Index] = (CHAR16) Data->Name[Index];
- Index++;
- ASSERT (Index < 128);
- }
- DataName[Index] = L'\0';
-
- Print (L"Name:%s", DataName);
-
- if (Data->Action == EfiIPsecActionProtect) {
- Print (L"\n ");
- if (Data->ProcessingPolicy->ExtSeqNum) {
- Print (L"ext-sequence ");
- }
-
- if (Data->ProcessingPolicy->SeqOverflow) {
- Print (L"sequence-overflow ");
- }
-
- if (Data->ProcessingPolicy->FragCheck) {
- Print (L"fragment-check ");
- }
-
- HasPre = FALSE;
- if (Data->ProcessingPolicy->SaLifetime.ByteCount != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxB", Data->ProcessingPolicy->SaLifetime.ByteCount);
- HasPre = TRUE;
- }
-
- if (Data->ProcessingPolicy->SaLifetime.SoftLifetime != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxs", Data->ProcessingPolicy->SaLifetime.SoftLifetime);
- HasPre = TRUE;
- }
-
- if (Data->ProcessingPolicy->SaLifetime.HardLifetime != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxS", Data->ProcessingPolicy->SaLifetime.HardLifetime);
- HasPre = TRUE;
- }
-
- if (HasPre) {
- Print (L"]");
- }
-
- if (HasPre || Data->ProcessingPolicy->ExtSeqNum ||
- Data->ProcessingPolicy->SeqOverflow || Data->ProcessingPolicy->FragCheck) {
- Print (L"\n ");
- }
-
- String1 = MapIntegerToString (Data->ProcessingPolicy->Proto, mMapIpSecProtocol);
- String2 = MapIntegerToString (Data->ProcessingPolicy->AuthAlgoId, mMapAuthAlgo);
- String3 = MapIntegerToString (Data->ProcessingPolicy->EncAlgoId, mMapEncAlgo);
- Print (
- L"%s Auth:%s Encrypt:%s ",
- String1,
- String2,
- String3
- );
-
- Print (L"%s ", MapIntegerToString (Data->ProcessingPolicy->Mode, mMapIpSecMode));
- if (Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
- Print (L"[");
- DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
- Print (L" -> ");
- DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
- Print (L" %s]", MapIntegerToString (Data->ProcessingPolicy->TunnelOption->DF, mMapDfOption));
- }
- }
-
- Print (L"\n");
-
- return EFI_SUCCESS;
-}
-
-/**
- Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
-
- @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
- @param[in] EntryIndex The pointer to the Index in the SAD Database.
-
- @retval EFI_SUCCESS Dump SAD information successfully.
-**/
-EFI_STATUS
-DumpSadEntry (
- IN EFI_IPSEC_SA_ID *SaId,
- IN EFI_IPSEC_SA_DATA2 *Data,
- IN UINTN *EntryIndex
- )
-{
- BOOLEAN HasPre;
- CHAR16 *AuthAlgoStr;
- CHAR16 *EncAlgoStr;
-
- AuthAlgoStr = NULL;
- EncAlgoStr = NULL;
-
- //
- // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
- // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
- // Auth:xxxx/password Encrypt:yyyy/password
- // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
- //
-
- Print (L"%d.", (*EntryIndex)++);
- Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
- if (Data->Mode == EfiIPsecTunnel) {
- Print (L"TunnelSourceAddress:");
- DumpIpAddress (&Data->TunnelSourceAddress);
- Print (L"\n");
- Print (L" TunnelDestination:");
- DumpIpAddress (&Data->TunnelDestinationAddress);
- Print (L"\n");
- }
-
- Print (
- L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
- MapIntegerToString (Data->Mode, mMapIpSecMode),
- Data->SNCount,
- (UINTN) Data->AntiReplayWindows
- );
-
- HasPre = FALSE;
- if (Data->SaLifetime.ByteCount != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxB", Data->SaLifetime.ByteCount);
- HasPre = TRUE;
- }
-
- if (Data->SaLifetime.SoftLifetime != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxs", Data->SaLifetime.SoftLifetime);
- HasPre = TRUE;
- }
-
- if (Data->SaLifetime.HardLifetime != 0) {
- Print (HasPre ? L"," : L"life:[");
- Print (L"%lxS", Data->SaLifetime.HardLifetime);
- HasPre = TRUE;
- }
-
- if (HasPre) {
- Print (L"] ");
- }
-
- Print (L"PathMTU:%d\n", (UINTN) Data->PathMTU);
-
- if (SaId->Proto == EfiIPsecAH) {
- Print (
- L" Auth:%s/%s\n",
- MapIntegerToString (Data->AlgoInfo.AhAlgoInfo.AuthAlgoId, mMapAuthAlgo),
- Data->AlgoInfo.AhAlgoInfo.AuthKey
- );
- } else {
- AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
- EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
-
- if (Data->ManualSet) {
- //
- // if the SAD is set manually the key is a Ascii string in most of time.
- // Print the Key in Ascii string format.
- //
- Print (L" Auth:%s/",AuthAlgoStr);
- DumpAsciiString (
- Data->AlgoInfo.EspAlgoInfo.AuthKey,
- Data->AlgoInfo.EspAlgoInfo.AuthKeyLength
- );
- Print (L"\n Encrypt:%s/",EncAlgoStr);
- DumpAsciiString (
- Data->AlgoInfo.EspAlgoInfo.EncKey,
- Data->AlgoInfo.EspAlgoInfo.EncKeyLength
- );
- } else {
- //
- // if the SAD is created by IKE, the key is a set of hex value in buffer.
- // Print the Key in Hex format.
- //
- Print (L" Auth:%s/",AuthAlgoStr);
- DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
-
- Print (L"\n Encrypt:%s/",EncAlgoStr);
- DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
- }
- }
- Print (L"\n");
- if (Data->SpdSelector != NULL) {
- Print (L" ");
- DumpSpdSelector (Data->SpdSelector);
- Print (L"\n");
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
-
- @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
- @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
- @param[in] EntryIndex The pointer to the Index in the PAD Database.
-
- @retval EFI_SUCCESS Dump PAD information successfully.
-**/
-EFI_STATUS
-DumpPadEntry (
- IN EFI_IPSEC_PAD_ID *PadId,
- IN EFI_IPSEC_PAD_DATA *Data,
- IN UINTN *EntryIndex
- )
-{
- CHAR16 *String1;
- CHAR16 *String2;
-
- //
- // ADDR:10.23.17.34/15
- // IDEv1 PreSharedSecret IKE-ID
- // password
- //
-
- Print (L"%d.", (*EntryIndex)++);
-
- if (PadId->PeerIdValid) {
- Print (L"ID:%s", PadId->Id.PeerId);
- } else {
- Print (L"ADDR:");
- DumpAddressInfo (&PadId->Id.IpAddress);
- }
-
- Print (L"\n");
-
- String1 = MapIntegerToString (Data->AuthProtocol, mMapAuthProto);
- String2 = MapIntegerToString (Data->AuthMethod, mMapAuthMethod);
- Print (
- L" %s %s",
- String1,
- String2
- );
-
- if (Data->IkeIdFlag) {
- Print (L"IKE-ID");
- }
-
- Print (L"\n");
-
- if (Data->AuthData != NULL) {
- DumpAsciiString (Data->AuthData, Data->AuthDataSize);
- Print (L"\n");
- }
-
- if (Data->RevocationData != NULL) {
- Print (L" %s\n", Data->RevocationData);
- }
-
- return EFI_SUCCESS;
-
-}
-
-VISIT_POLICY_ENTRY mDumpPolicyEntry[] = {
- (VISIT_POLICY_ENTRY) DumpSpdEntry,
- (VISIT_POLICY_ENTRY) DumpSadEntry,
- (VISIT_POLICY_ENTRY) DumpPadEntry
-};
-
-/**
- Print all entry information in the database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Dump all information successfully.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-ListPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- )
-{
- UINTN EntryIndex;
-
- EntryIndex = 0;
- return ForeachPolicyEntry (DataType, mDumpPolicyEntry[DataType], &EntryIndex);
-}
-
diff --git a/NetworkPkg/Application/IpsecConfig/Dump.h b/NetworkPkg/Application/IpsecConfig/Dump.h deleted file mode 100644 index 44ed7aa6e9..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Dump.h +++ /dev/null @@ -1,28 +0,0 @@ -/** @file
- The function declaration of dump policy entry function in IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _DUMP_H_
-#define _DUMP_H_
-
-/**
- Print all entry information in the database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Dump all information successfully.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-ListPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- );
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/ForEach.c b/NetworkPkg/Application/IpsecConfig/ForEach.c deleted file mode 100644 index 6d82ee292b..0000000000 --- a/NetworkPkg/Application/IpsecConfig/ForEach.c +++ /dev/null @@ -1,109 +0,0 @@ -/** @file
- The implementation to go through each entry in IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "ForEach.h"
-
-
-/**
- Enumerate all entries in the database to execute specified operations according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] Routine The pointer to the function of a specified operation.
- @param[in] Context The pointer to the context of a function.
-
- @retval EFI_SUCCESS Execute specified operation successfully.
-**/
-EFI_STATUS
-ForeachPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN VISIT_POLICY_ENTRY Routine,
- IN VOID *Context
- )
-{
- EFI_STATUS GetNextStatus;
- EFI_STATUS GetDataStatus;
- EFI_IPSEC_CONFIG_SELECTOR *Selector;
- VOID *Data;
- UINTN SelectorSize;
- UINTN DataSize;
- BOOLEAN FirstGetNext;
-
- FirstGetNext = TRUE;
- SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
- Selector = AllocateZeroPool (SelectorSize);
-
- DataSize = 0;
- Data = NULL;
-
- while (TRUE) {
- GetNextStatus = mIpSecConfig->GetNextSelector (
- mIpSecConfig,
- DataType,
- &SelectorSize,
- Selector
- );
- if (GetNextStatus == EFI_BUFFER_TOO_SMALL) {
- gBS->FreePool (Selector);
- Selector = FirstGetNext ? AllocateZeroPool (SelectorSize) : AllocatePool (SelectorSize);
-
- GetNextStatus = mIpSecConfig->GetNextSelector (
- mIpSecConfig,
- DataType,
- &SelectorSize,
- Selector
- );
- }
-
- if (EFI_ERROR (GetNextStatus)) {
- break;
- }
-
- FirstGetNext = FALSE;
-
- GetDataStatus = mIpSecConfig->GetData (
- mIpSecConfig,
- DataType,
- Selector,
- &DataSize,
- Data
- );
- if (GetDataStatus == EFI_BUFFER_TOO_SMALL) {
- if (Data != NULL) {
- gBS->FreePool (Data);
- }
-
- Data = AllocateZeroPool (DataSize);
- GetDataStatus = mIpSecConfig->GetData (
- mIpSecConfig,
- DataType,
- Selector,
- &DataSize,
- Data
- );
- }
-
- ASSERT_EFI_ERROR (GetDataStatus);
-
- if (EFI_ERROR (Routine (Selector, Data, Context))) {
- break;
- }
- }
-
- if (Data != NULL) {
- gBS->FreePool (Data);
- }
-
- if (Selector != NULL) {
- gBS->FreePool (Selector);
- }
-
- return EFI_SUCCESS;
-}
-
diff --git a/NetworkPkg/Application/IpsecConfig/ForEach.h b/NetworkPkg/Application/IpsecConfig/ForEach.h deleted file mode 100644 index a69dd35619..0000000000 --- a/NetworkPkg/Application/IpsecConfig/ForEach.h +++ /dev/null @@ -1,48 +0,0 @@ -/** @file
- The internal structure and function declaration of the implementation
- to go through each entry in IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _FOREACH_H_
-#define _FOREACH_H_
-
-/**
- The prototype for the DumpSpdEntry()/DumpSadEntry()/DumpPadEntry().
- Print EFI_IPSEC_CONFIG_SELECTOR and corresponding content.
-
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR union.
- @param[in] Data The pointer to the corresponding data.
- @param[in] Context The pointer to the Index in SPD/SAD/PAD Database.
-
- @retval EFI_SUCCESS Dump SPD/SAD/PAD information successfully.
-**/
-typedef
-EFI_STATUS
-(*VISIT_POLICY_ENTRY) (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN VOID *Context
- );
-
-/**
- Enumerate all entry in the database to execute a specified operation according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] Routine The pointer to function of a specified operation.
- @param[in] Context The pointer to the context of a function.
-
- @retval EFI_SUCCESS Execute specified operation successfully.
-**/
-EFI_STATUS
-ForeachPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN VISIT_POLICY_ENTRY Routine,
- IN VOID *Context
- );
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/Helper.c b/NetworkPkg/Application/IpsecConfig/Helper.c deleted file mode 100644 index 51718cbbbc..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Helper.c +++ /dev/null @@ -1,414 +0,0 @@ -/** @file
- The assistant function implementation for IpSecConfig application.
-
- Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Helper.h"
-
-/**
- Helper function called to change an input parameter in the string format to a number.
-
- @param[in] FlagStr The pointer to the flag string.
- @param[in] Maximum Greatest value number.
- @param[in, out] ValuePtr The pointer to the input parameter in string format.
- @param[in] ByteCount The valid byte count
- @param[in] Map The pointer to the STR2INT table.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[in] FormatMask The bit mask.
- BIT 0 set indicates the value of a flag might be a number.
- BIT 1 set indicates the value of a flag might be a string that needs to be looked up.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_NOT_FOUND The input parameter can't be found.
- @retval EFI_INVALID_PARAMETER The input parameter is an invalid input.
-**/
-EFI_STATUS
-GetNumber (
- IN CHAR16 *FlagStr,
- IN UINT64 Maximum,
- IN OUT VOID *ValuePtr,
- IN UINTN ByteCount,
- IN STR2INT *Map,
- IN LIST_ENTRY *ParamPackage,
- IN UINT32 FormatMask
- )
-{
- EFI_STATUS Status;
- UINT64 Value64;
- BOOLEAN Converted;
- UINTN Index;
- CONST CHAR16 *ValueStr;
-
- ASSERT (FormatMask & (FORMAT_NUMBER | FORMAT_STRING));
-
- Converted = FALSE;
- Value64 = 0;
- ValueStr = ShellCommandLineGetValue (ParamPackage, FlagStr);
-
- if (ValueStr == NULL) {
- return EFI_NOT_FOUND;
- } else {
- //
- // Try to convert to integer directly if MaybeNumber is TRUE.
- //
- if ((FormatMask & FORMAT_NUMBER) != 0) {
- Value64 = StrToUInteger (ValueStr, &Status);
- if (!EFI_ERROR (Status)) {
- //
- // Convert successfully.
- //
- if (Value64 > Maximum) {
- //
- // But the result is invalid
- //
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- FlagStr,
- ValueStr
- );
- return EFI_INVALID_PARAMETER;
- }
-
- Converted = TRUE;
- }
- }
-
- if (!Converted && ((FormatMask & FORMAT_STRING) != 0)) {
- //
- // Convert falied, so use String->Integer map.
- //
- ASSERT (Map != NULL);
- Value64 = MapStringToInteger (ValueStr, Map);
- if (Value64 == (UINT32) -1) {
- //
- // Cannot find the string in the map.
- //
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- FlagStr,
- ValueStr
- );
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ACCEPT_PARAMETERS), mHiiHandle);
- for (Index = 0; Map[Index].String != NULL; Index++) {
- Print (L" %s", Map[Index].String);
- }
-
- Print (L"\n");
- return EFI_INVALID_PARAMETER;
- }
- }
-
- CopyMem (ValuePtr, &Value64, ByteCount);
- return EFI_SUCCESS;
- }
-}
-
-/**
- Helper function called to convert a string containing an Ipv4 or Ipv6 Internet Protocol address
- into a proper address for the EFI_IP_ADDRESS structure.
-
- @param[in] Ptr The pointer to the string containing an Ipv4 or Ipv6 Internet Protocol address.
- @param[out] Ip The pointer to the EFI_IP_ADDRESS structure to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
-**/
-EFI_STATUS
-EfiInetAddr2 (
- IN CHAR16 *Ptr,
- OUT EFI_IP_ADDRESS *Ip
- )
-{
- EFI_STATUS Status;
-
- if ((Ptr == NULL) || (Ip == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Parse the input address as Ipv4 Address first.
- //
- Status = NetLibStrToIp4 (Ptr, &Ip->v4);
- if (!EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = NetLibStrToIp6 (Ptr, &Ip->v6);
- return Status;
-}
-
-/**
- Helper function called to calculate the prefix length associated with the string
- containing an Ipv4 or Ipv6 Internet Protocol address.
-
- @param[in] Ptr The pointer to the string containing an Ipv4 or Ipv6 Internet Protocol address.
- @param[out] Addr The pointer to the EFI_IP_ADDRESS_INFO structure to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval Others Other mistake case.
-**/
-EFI_STATUS
-EfiInetAddrRange (
- IN CHAR16 *Ptr,
- OUT EFI_IP_ADDRESS_INFO *Addr
- )
-{
- EFI_STATUS Status;
-
- if ((Ptr == NULL) || (Addr == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = NetLibStrToIp4 (Ptr, &Addr->Address.v4);
- if (!EFI_ERROR (Status)) {
- if ((UINT32)(*Addr->Address.v4.Addr) == 0) {
- Addr->PrefixLength = 0;
- } else {
- Addr->PrefixLength = 32;
- }
- return Status;
- }
-
- Status = NetLibStrToIp6andPrefix (Ptr, &Addr->Address.v6, &Addr->PrefixLength);
- if (!EFI_ERROR (Status) && (Addr->PrefixLength == 0xFF)) {
- Addr->PrefixLength = 128;
- }
-
- return Status;
-}
-
-/**
- Helper function called to calculate the port range associated with the string.
-
- @param[in] Ptr The pointer to the string containing a port and range.
- @param[out] Port The pointer to the Port to contain the result.
- @param[out] PortRange The pointer to the PortRange to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval Others Other mistake case.
-**/
-EFI_STATUS
-EfiInetPortRange (
- IN CHAR16 *Ptr,
- OUT UINT16 *Port,
- OUT UINT16 *PortRange
- )
-{
- CHAR16 *BreakPtr;
- CHAR16 Ch;
- EFI_STATUS Status;
-
- for (BreakPtr = Ptr; (*BreakPtr != L'\0') && (*BreakPtr != L':'); BreakPtr++) {
- ;
- }
-
- Ch = *BreakPtr;
- *BreakPtr = L'\0';
- *Port = (UINT16) StrToUInteger (Ptr, &Status);
- *BreakPtr = Ch;
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- *PortRange = 0;
- if (*BreakPtr == L':') {
- BreakPtr++;
- *PortRange = (UINT16) StrToUInteger (BreakPtr, &Status);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- if (*PortRange < *Port) {
- return EFI_INVALID_PARAMETER;
- }
-
- *PortRange = (UINT16) (*PortRange - *Port);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Helper function called to transfer a string to an unsigned integer.
-
- @param[in] Str The pointer to the string.
- @param[out] Status The operation status.
-
- @return The integer value of converted Str.
-**/
-UINT64
-StrToUInteger (
- IN CONST CHAR16 *Str,
- OUT EFI_STATUS *Status
- )
-{
- UINT64 Value;
- UINT64 NewValue;
- CHAR16 *StrTail;
- CHAR16 Char;
- UINTN Base;
- UINTN Len;
-
- Base = 10;
- Value = 0;
- *Status = EFI_ABORTED;
-
- //
- // Skip leading white space.
- //
- while ((*Str != 0) && (*Str == ' ')) {
- Str++;
- }
- //
- // For NULL Str, just return.
- //
- if (*Str == 0) {
- return 0;
- }
- //
- // Skip white space in tail.
- //
- Len = StrLen (Str);
- StrTail = (CHAR16 *) (Str + Len - 1);
- while (*StrTail == ' ') {
- *StrTail = 0;
- StrTail--;
- }
-
- Len = StrTail - Str + 1;
-
- //
- // Check hex prefix '0x'.
- //
- if ((Len >= 2) && (*Str == '0') && ((*(Str + 1) == 'x') || (*(Str + 1) == 'X'))) {
- Str += 2;
- Len -= 2;
- Base = 16;
- }
-
- if (Len == 0) {
- return 0;
- }
- //
- // Convert the string to value.
- //
- for (; Str <= StrTail; Str++) {
-
- Char = *Str;
-
- if (Base == 16) {
- if (RShiftU64 (Value, 60) != 0) {
- //
- // Overflow here x16.
- //
- return 0;
- }
-
- NewValue = LShiftU64 (Value, 4);
- } else {
- if (RShiftU64 (Value, 61) != 0) {
- //
- // Overflow here x8.
- //
- return 0;
- }
-
- NewValue = LShiftU64 (Value, 3);
- Value = LShiftU64 (Value, 1);
- NewValue += Value;
- if (NewValue < Value) {
- //
- // Overflow here.
- //
- return 0;
- }
- }
-
- Value = NewValue;
-
- if ((Base == 16) && (Char >= 'a') && (Char <= 'f')) {
- Char = (CHAR16) (Char - 'a' + 'A');
- }
-
- if ((Base == 16) && (Char >= 'A') && (Char <= 'F')) {
- Value += (Char - 'A') + 10;
- } else if ((Char >= '0') && (Char <= '9')) {
- Value += (Char - '0');
- } else {
- //
- // Unexpected Char encountered.
- //
- return 0;
- }
- }
-
- *Status = EFI_SUCCESS;
- return Value;
-}
-
-/**
- Helper function called to transfer a string to an unsigned integer according to the map table.
-
- @param[in] Str The pointer to the string.
- @param[in] Map The pointer to the map table.
-
- @return The integer value of converted Str. If not found, then return -1.
-**/
-UINT32
-MapStringToInteger (
- IN CONST CHAR16 *Str,
- IN STR2INT *Map
- )
-{
- STR2INT *Item;
-
- for (Item = Map; Item->String != NULL; Item++) {
- if (StrCmp (Item->String, Str) == 0) {
- return Item->Integer;
- }
- }
-
- return (UINT32) -1;
-}
-
-/**
- Helper function called to transfer an unsigned integer to a string according to the map table.
-
- @param[in] Integer The pointer to the string.
- @param[in] Map The pointer to the map table.
-
- @return The converted Str. If not found, then return NULL.
-**/
-CHAR16 *
-MapIntegerToString (
- IN UINT32 Integer,
- IN STR2INT *Map
- )
-{
- STR2INT *Item;
-
- for (Item = Map; Item->String != NULL; Item++) {
- if (Integer == Item->Integer) {
- return Item->String;
- }
- }
-
- return NULL;
-}
diff --git a/NetworkPkg/Application/IpsecConfig/Helper.h b/NetworkPkg/Application/IpsecConfig/Helper.h deleted file mode 100644 index a610bd8515..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Helper.h +++ /dev/null @@ -1,137 +0,0 @@ -/** @file
- The assistant function declaration for IpSecConfig application.
-
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _HELPER_H_
-#define _HELPER_H_
-
-#define FORMAT_NUMBER 0x1
-#define FORMAT_STRING 0x2
-
-/**
- Helper function called to change input parameter in string format to number.
-
- @param[in] FlagStr The pointer to the flag string.
- @param[in] Maximum most value number.
- @param[in, out] ValuePtr The pointer to the input parameter in string format.
- @param[in] ByteCount The valid byte count
- @param[in] Map The pointer to the STR2INT table.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[in] FormatMask The bit mask.
- BIT 0 set indicates the value of flag might be number.
- BIT 1 set indicates the value of flag might be a string that needs to be looked up.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_NOT_FOUND The input parameter can't be found.
- @retval EFI_INVALID_PARAMETER The input parameter is an invalid input.
-**/
-EFI_STATUS
-GetNumber (
- IN CHAR16 *FlagStr,
- IN UINT64 Maximum,
- IN OUT VOID *ValuePtr,
- IN UINTN ByteCount,
- IN STR2INT *Map,
- IN LIST_ENTRY *ParamPackage,
- IN UINT32 FormatMask
- );
-
-/**
- Helper function called to convert a string containing an (Ipv4) Internet Protocol dotted address
- into a proper address for the EFI_IP_ADDRESS structure.
-
- @param[in] Ptr The pointer to the string containing an (Ipv4) Internet Protocol dotted address.
- @param[out] Ip The pointer to the Ip address structure to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
-**/
-EFI_STATUS
-EfiInetAddr2 (
- IN CHAR16 *Ptr,
- OUT EFI_IP_ADDRESS *Ip
- );
-
-/**
- Helper function called to calculate the prefix length associated with the string
- containing an Ipv4 or Ipv6 Internet Protocol address.
-
- @param[in] Ptr The pointer to the string containing an Ipv4 or Ipv6 Internet Protocol address.
- @param[out] Addr The pointer to the EFI_IP_ADDRESS_INFO structure to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval Others Other mistake case.
-**/
-EFI_STATUS
-EfiInetAddrRange (
- IN CHAR16 *Ptr,
- OUT EFI_IP_ADDRESS_INFO *Addr
- );
-
-/**
- Helper function called to calculate the port range associated with the string.
-
- @param[in] Ptr The pointer to the string containing a port and range.
- @param[out] Port The pointer to the Port to contain the result.
- @param[out] PortRange The pointer to the PortRange to contain the result.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval Others Other mistake case.
-**/
-EFI_STATUS
-EfiInetPortRange (
- IN CHAR16 *Ptr,
- OUT UINT16 *Port,
- OUT UINT16 *PortRange
- );
-
-/**
- Helper function called to transfer a string to an unsigned integer.
-
- @param[in] Str The pointer to the string.
- @param[out] Status The operation status.
-
- @return The integer value of a converted str.
-**/
-UINT64
-StrToUInteger (
- IN CONST CHAR16 *Str,
- OUT EFI_STATUS *Status
- );
-
-/**
- Helper function called to transfer a string to an unsigned integer according to the map table.
-
- @param[in] Str The pointer to the string.
- @param[in] Map The pointer to the map table.
-
- @return The integer value of converted str. If not found, then return -1.
-**/
-UINT32
-MapStringToInteger (
- IN CONST CHAR16 *Str,
- IN STR2INT *Map
- );
-
-/**
- Helper function called to transfer an unsigned integer to a string according to the map table.
-
- @param[in] Integer The pointer to the string.
- @param[in] Map The pointer to the map table.
-
- @return The converted str. If not found, then return NULL.
-**/
-CHAR16 *
-MapIntegerToString (
- IN UINT32 Integer,
- IN STR2INT *Map
- );
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/Indexer.c b/NetworkPkg/Application/IpsecConfig/Indexer.c deleted file mode 100644 index 37524b0d66..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Indexer.c +++ /dev/null @@ -1,249 +0,0 @@ -/** @file
- The implementation of construct ENTRY_INDEXER in IpSecConfig application.
-
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Indexer.h"
-#include "Helper.h"
-
-/**
- Fill in SPD_ENTRY_INDEXER through ParamPackage list.
-
- @param[in, out] Indexer The pointer to the SPD_ENTRY_INDEXER structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Filled in SPD_ENTRY_INDEXER successfully.
-**/
-EFI_STATUS
-ConstructSpdIndexer (
- IN OUT SPD_ENTRY_INDEXER *Indexer,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- UINT64 Value64;
- CONST CHAR16 *ValueStr;
-
- ValueStr = NULL;
-
- if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-d");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
- } else {
- return EFI_INVALID_PARAMETER;
- }
-
- if (ValueStr == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Value64 = StrToUInteger (ValueStr, &Status);
- if (!EFI_ERROR (Status)) {
- Indexer->Index = (UINTN) Value64;
- ZeroMem (Indexer->Name, MAX_PEERID_LEN);
- } else {
- UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) Indexer->Name, MAX_PEERID_LEN);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Fill in SAD_ENTRY_INDEXER through ParamPackage list.
-
- @param[in, out] Indexer The pointer to the SAD_ENTRY_INDEXER structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Filled in SPD_ENTRY_INDEXER successfully.
- @retval EFI_INVALID_PARAMETER The mistaken user input in ParamPackage list.
-**/
-EFI_STATUS
-ConstructSadIndexer (
- IN OUT SAD_ENTRY_INDEXER *Indexer,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- EFI_STATUS Status1;
- UINT64 Value64;
- CONST CHAR16 *ValueStr;
-
- ValueStr = NULL;
-
- if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-d");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
- } else {
- return EFI_INVALID_PARAMETER;
- }
-
- if (ValueStr == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Value64 = StrToUInteger (ValueStr, &Status);
- if (!EFI_ERROR (Status)) {
- Indexer->Index = (UINTN) Value64;
- ZeroMem (&Indexer->SaId, sizeof (EFI_IPSEC_SA_ID));
- } else {
- if ((!ShellCommandLineGetFlag (ParamPackage, L"--lookup-spi")) ||
- (!ShellCommandLineGetFlag (ParamPackage, L"--lookup-ipsec-proto")) ||
- (!ShellCommandLineGetFlag (ParamPackage, L"--lookup-dest"))) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--lookup-spi --lookup-ipsec-proto --lookup-dest"
- );
- return EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--lookup-spi",
- (UINT32) -1,
- &Indexer->SaId.Spi,
- sizeof (UINT32),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- Status1 = GetNumber (
- L"--lookup-ipsec-proto",
- 0,
- &Indexer->SaId.Proto,
- sizeof (EFI_IPSEC_PROTOCOL_TYPE),
- mMapIpSecProtocol,
- ParamPackage,
- FORMAT_STRING
- );
-
- if (EFI_ERROR (Status) || EFI_ERROR (Status1)) {
- return EFI_INVALID_PARAMETER;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--lookup-dest");
- ASSERT (ValueStr != NULL);
-
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &Indexer->SaId.DestAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--lookup-dest",
- ValueStr
- );
- return EFI_INVALID_PARAMETER;
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Fill in PAD_ENTRY_INDEXER through ParamPackage list.
-
- @param[in, out] Indexer The pointer to the PAD_ENTRY_INDEXER structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Filled in PAD_ENTRY_INDEXER successfully.
- @retval EFI_INVALID_PARAMETER The mistaken user input in ParamPackage list.
-**/
-EFI_STATUS
-ConstructPadIndexer (
- IN OUT PAD_ENTRY_INDEXER *Indexer,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- UINT64 Value64;
- CONST CHAR16 *ValueStr;
-
- ValueStr = NULL;
-
- if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-d");
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
- } else {
- return EFI_INVALID_PARAMETER;
- }
-
- if (ValueStr == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Value64 = StrToUInteger (ValueStr, &Status);
-
- if (!EFI_ERROR (Status)) {
- Indexer->Index = (UINTN) Value64;
- ZeroMem (&Indexer->PadId, sizeof (EFI_IPSEC_PAD_ID));
- } else {
-
- if (ShellCommandLineGetFlag (ParamPackage, L"--lookup-peer-address")) {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--lookup-peer-address");
- ASSERT (ValueStr != NULL);
-
- Indexer->PadId.PeerIdValid = FALSE;
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &Indexer->PadId.Id.IpAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--lookup-peer-address",
- ValueStr
- );
- return EFI_INVALID_PARAMETER;
- }
- } else {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--lookup-peer-id");
- if (ValueStr == NULL) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--lookup-peer-address --lookup-peer-id"
- );
- return EFI_INVALID_PARAMETER;
- }
-
- Indexer->PadId.PeerIdValid = TRUE;
- ZeroMem (Indexer->PadId.Id.PeerId, MAX_PEERID_LEN);
- StrnCpyS ((CHAR16 *) Indexer->PadId.Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);
- }
- }
-
- return EFI_SUCCESS;
-}
-
-CONSTRUCT_POLICY_ENTRY_INDEXER mConstructPolicyEntryIndexer[] = {
- (CONSTRUCT_POLICY_ENTRY_INDEXER) ConstructSpdIndexer,
- (CONSTRUCT_POLICY_ENTRY_INDEXER) ConstructSadIndexer,
- (CONSTRUCT_POLICY_ENTRY_INDEXER) ConstructPadIndexer
-};
diff --git a/NetworkPkg/Application/IpsecConfig/Indexer.h b/NetworkPkg/Application/IpsecConfig/Indexer.h deleted file mode 100644 index b26e931c73..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Indexer.h +++ /dev/null @@ -1,52 +0,0 @@ -/** @file
- The internal structure and function declaration to construct ENTRY_INDEXER in
- IpSecConfig application.
-
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _INDEXER_H_
-#define _INDEXER_H_
-
-typedef struct {
- UINT8 Name[MAX_PEERID_LEN];
- UINTN Index; // Used only if Name buffer is filled with zero.
-} SPD_ENTRY_INDEXER;
-
-typedef struct {
- EFI_IPSEC_SA_ID SaId;
- UINTN Index;
-} SAD_ENTRY_INDEXER;
-
-typedef struct {
- EFI_IPSEC_PAD_ID PadId;
- UINTN Index;
-} PAD_ENTRY_INDEXER;
-
-typedef union {
- SPD_ENTRY_INDEXER Spd;
- SAD_ENTRY_INDEXER Sad;
- PAD_ENTRY_INDEXER Pad;
-} POLICY_ENTRY_INDEXER;
-
-/**
- The prototype for the ConstructSpdIndexer()/ConstructSadIndexer()/ConstructPadIndexer().
- Fill in SPD_ENTRY_INDEXER/SAD_ENTRY_INDEXER/PAD_ENTRY_INDEXER through ParamPackage list.
-
- @param[in, out] Indexer The pointer to the POLICY_ENTRY_INDEXER union.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Filled in POLICY_ENTRY_INDEXER successfully.
-**/
-typedef
-EFI_STATUS
-(* CONSTRUCT_POLICY_ENTRY_INDEXER) (
- IN POLICY_ENTRY_INDEXER *Indexer,
- IN LIST_ENTRY *ParamPackage
-);
-
-extern CONSTRUCT_POLICY_ENTRY_INDEXER mConstructPolicyEntryIndexer[];
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c deleted file mode 100644 index c10394fce5..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c +++ /dev/null @@ -1,806 +0,0 @@ -/** @file
- The main process for IpSecConfig application.
-
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/HiiLib.h>
-
-#include <Protocol/IpSec.h>
-
-#include "IpSecConfig.h"
-#include "Dump.h"
-#include "Indexer.h"
-#include "PolicyEntryOperation.h"
-#include "Delete.h"
-#include "Helper.h"
-
-//
-// String token ID of IpSecConfig command help message text.
-//
-GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId = STRING_TOKEN (STR_IPSEC_CONFIG_HELP);
-
-//
-// Used for ShellCommandLineParseEx only
-// and to ensure user inputs are in valid format
-//
-SHELL_PARAM_ITEM mIpSecConfigParamList[] = {
- { L"-p", TypeValue },
- { L"-a", TypeValue },
- { L"-i", TypeValue },
- { L"-e", TypeValue },
- { L"-d", TypeValue },
- { L"-f", TypeFlag },
- { L"-l", TypeFlag },
- { L"-enable", TypeFlag },
- { L"-disable", TypeFlag },
- { L"-status", TypeFlag },
-
- //
- // SPD Selector
- //
- { L"--local", TypeValue },
- { L"--remote", TypeValue },
- { L"--proto", TypeValue },
- { L"--local-port", TypeValue },
- { L"--remote-port", TypeValue },
- { L"--icmp-type", TypeValue },
- { L"--icmp-code", TypeValue },
-
- //
- // SPD Data
- //
- { L"--name", TypeValue },
- { L"--packet-flag", TypeValue },
- { L"--action", TypeValue },
- { L"--lifebyte", TypeValue },
- { L"--lifetime-soft", TypeValue },
- { L"--lifetime", TypeValue },
- { L"--mode", TypeValue },
- { L"--tunnel-local", TypeValue },
- { L"--tunnel-remote", TypeValue },
- { L"--dont-fragment", TypeValue },
- { L"--ipsec-proto", TypeValue },
- { L"--auth-algo", TypeValue },
- { L"--encrypt-algo", TypeValue },
-
- { L"--ext-sequence", TypeFlag },
- { L"--sequence-overflow", TypeFlag },
- { L"--fragment-check", TypeFlag },
- { L"--ext-sequence-", TypeFlag },
- { L"--sequence-overflow-", TypeFlag },
- { L"--fragment-check-", TypeFlag },
-
- //
- // SA ID
- // --ipsec-proto
- //
- { L"--spi", TypeValue },
- { L"--tunnel-dest", TypeValue },
- { L"--tunnel-source", TypeValue },
- { L"--lookup-spi", TypeValue },
- { L"--lookup-ipsec-proto", TypeValue },
- { L"--lookup-dest", TypeValue },
-
- //
- // SA DATA
- // --mode
- // --auth-algo
- // --encrypt-algo
- //
- { L"--sequence-number", TypeValue },
- { L"--antireplay-window", TypeValue },
- { L"--auth-key", TypeValue },
- { L"--encrypt-key", TypeValue },
- { L"--path-mtu", TypeValue },
-
- //
- // PAD ID
- //
- { L"--peer-id", TypeValue },
- { L"--peer-address", TypeValue },
- { L"--auth-proto", TypeValue },
- { L"--auth-method", TypeValue },
- { L"--ike-id", TypeValue },
- { L"--ike-id-", TypeValue },
- { L"--auth-data", TypeValue },
- { L"--revocation-data", TypeValue },
- { L"--lookup-peer-id", TypeValue },
- { L"--lookup-peer-address", TypeValue },
-
- { NULL, TypeMax },
-};
-
-//
-// -P
-//
-STR2INT mMapPolicy[] = {
- { L"SPD", IPsecConfigDataTypeSpd },
- { L"SAD", IPsecConfigDataTypeSad },
- { L"PAD", IPsecConfigDataTypePad },
- { NULL, 0 },
-};
-
-//
-// --proto
-//
-STR2INT mMapIpProtocol[] = {
- { L"TCP", EFI_IP4_PROTO_TCP },
- { L"UDP", EFI_IP4_PROTO_UDP },
- { L"ICMP", EFI_IP4_PROTO_ICMP },
- { NULL, 0 },
-};
-
-//
-// --action
-//
-STR2INT mMapIpSecAction[] = {
- { L"Bypass", EfiIPsecActionBypass },
- { L"Discard", EfiIPsecActionDiscard },
- { L"Protect", EfiIPsecActionProtect },
- { NULL, 0 },
-};
-
-//
-// --mode
-//
-STR2INT mMapIpSecMode[] = {
- { L"Transport", EfiIPsecTransport },
- { L"Tunnel", EfiIPsecTunnel },
- { NULL, 0 },
-};
-
-//
-// --dont-fragment
-//
-STR2INT mMapDfOption[] = {
- { L"clear", EfiIPsecTunnelClearDf },
- { L"set", EfiIPsecTunnelSetDf },
- { L"copy", EfiIPsecTunnelCopyDf },
- { NULL, 0 },
-};
-
-//
-// --ipsec-proto
-//
-STR2INT mMapIpSecProtocol[] = {
- { L"AH", EfiIPsecAH },
- { L"ESP", EfiIPsecESP },
- { NULL, 0 },
-};
-
-//
-// --auth-algo
-//
-STR2INT mMapAuthAlgo[] = {
- { L"NONE", IPSEC_AALG_NONE },
- { L"MD5HMAC", IPSEC_AALG_MD5HMAC },
- { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },
- { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },
- { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },
- { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },
- { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },
- { L"NULL", IPSEC_AALG_NULL },
- { NULL, 0 },
-};
-
-//
-// --encrypt-algo
-//
-STR2INT mMapEncAlgo[] = {
- { L"NONE", IPSEC_EALG_NONE },
- { L"DESCBC", IPSEC_EALG_DESCBC },
- { L"3DESCBC", IPSEC_EALG_3DESCBC },
- { L"CASTCBC", IPSEC_EALG_CASTCBC },
- { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },
- { L"NULL", IPSEC_EALG_NULL },
- { L"AESCBC", IPSEC_EALG_AESCBC },
- { L"AESCTR", IPSEC_EALG_AESCTR },
- { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },
- { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },
- { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },
- { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },
- { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },
- { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },
- { NULL, 0 },
-};
-
-//
-// --auth-proto
-//
-STR2INT mMapAuthProto[] = {
- { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },
- { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },
- { NULL, 0 },
-};
-
-//
-// --auth-method
-//
-STR2INT mMapAuthMethod[] = {
- { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },
- { L"Certificates", EfiIPsecAuthMethodCertificates },
- { NULL, 0 },
-};
-
-EFI_IPSEC2_PROTOCOL *mIpSec;
-EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;
-EFI_HII_HANDLE mHiiHandle;
-CHAR16 mAppName[] = L"IpSecConfig";
-
-//
-// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
-//
-VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {
- { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
-
- { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
- { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
-
- { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
-
- //
- // SPD Selector
- //
- { L"--local", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
- { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
- { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
- { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
-
- //
- // SPD Data
- //
- { L"--name", 0, 0, BIT(2), 0 },
- { L"--packet-flag", 0, 0, BIT(2), 0 },
- { L"--action", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--tunnel-local", 0, 0, BIT(2), 0 },
- { L"--tunnel-remote", 0, 0, BIT(2), 0 },
- { L"--dont-fragment", 0, 0, BIT(2), 0 },
- { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
- { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
-
- { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },
- { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
- { L"--fragment-check", 0, 0, BIT(2), BIT(2) },
- { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
- { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
- { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },
-
- //
- // SA ID
- // --ipsec-proto
- //
- { L"--spi", 0, 0, BIT(1), 0 },
- { L"--tunnel-dest", 0, 0, BIT(1), 0 },
- { L"--tunnel-source", 0, 0, BIT(1), 0 },
- { L"--lookup-spi", 0, 0, BIT(1), 0 },
- { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
- { L"--lookup-dest", 0, 0, BIT(1), 0 },
-
- //
- // SA DATA
- // --mode
- // --auth-algo
- // --encrypt-algo
- //
- { L"--sequence-number", 0, 0, BIT(1), 0 },
- { L"--antireplay-window", 0, 0, BIT(1), 0 },
- { L"--auth-key", 0, 0, BIT(1), 0 },
- { L"--encrypt-key", 0, 0, BIT(1), 0 },
- { L"--path-mtu", 0, 0, BIT(1), 0 },
-
- //
- // The example to add a PAD:
- // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
- // --auth-method PreSharedSeceret/Certificate --ike-id
- // --auth-data 343343 --revocation-data 2342432"
- // The example to delete a PAD:
- // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
- // "-D 1"
- // The example to edit a PAD:
- // "-E * --lookup-peer-id Mike --auth-method Certificate"
-
- //
- // PAD ID
- //
- { L"--peer-id", 0, 0, BIT(0), BIT(4) },
- { L"--peer-address", 0, 0, BIT(0), BIT(5) },
- { L"--auth-proto", 0, 0, BIT(0), 0 },
- { L"--auth-method", 0, 0, BIT(0), 0 },
- { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },
- { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
- { L"--auth-data", 0, 0, BIT(0), 0 },
- { L"--revocation-data", 0, 0, BIT(0), 0 },
- { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
- { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
-
- { NULL, 0, 0, 0, 0 },
-};
-
-/**
- The function to allocate the proper sized buffer for various
- EFI interfaces.
-
- @param[in, out] Status Current status.
- @param[in, out] Buffer Current allocated buffer, or NULL.
- @param[in] BufferSize Current buffer size needed
-
- @retval TRUE If the buffer was reallocated and the caller should try the API again.
- @retval FALSE If the buffer was not reallocated successfully.
-**/
-BOOLEAN
-GrowBuffer (
- IN OUT EFI_STATUS *Status,
- IN OUT VOID **Buffer,
- IN UINTN BufferSize
- )
-{
- BOOLEAN TryAgain;
-
- ASSERT (Status != NULL);
- ASSERT (Buffer != NULL);
-
- //
- // If this is an initial request, buffer will be null with a new buffer size.
- //
- if ((NULL == *Buffer) && (BufferSize != 0)) {
- *Status = EFI_BUFFER_TOO_SMALL;
- }
-
- //
- // If the status code is "buffer too small", resize the buffer.
- //
- TryAgain = FALSE;
- if (*Status == EFI_BUFFER_TOO_SMALL) {
-
- if (*Buffer != NULL) {
- FreePool (*Buffer);
- }
-
- *Buffer = AllocateZeroPool (BufferSize);
-
- if (*Buffer != NULL) {
- TryAgain = TRUE;
- } else {
- *Status = EFI_OUT_OF_RESOURCES;
- }
- }
-
- //
- // If there's an error, free the buffer.
- //
- if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
- FreePool (*Buffer);
- *Buffer = NULL;
- }
-
- return TryAgain;
-}
-
-/**
- Function returns an array of handles that support the requested protocol
- in a buffer allocated from a pool.
-
- @param[in] SearchType Specifies which handle(s) are to be returned.
- @param[in] Protocol Provides the protocol to search by.
- This parameter is only valid for SearchType ByProtocol.
-
- @param[in] SearchKey Supplies the search key depending on the SearchType.
- @param[in, out] NoHandles The number of handles returned in Buffer.
- @param[out] Buffer A pointer to the buffer to return the requested array of
- handles that support Protocol.
-
- @retval EFI_SUCCESS The resulting array of handles was returned.
- @retval Others Other mistake case.
-**/
-EFI_STATUS
-LocateHandle (
- IN EFI_LOCATE_SEARCH_TYPE SearchType,
- IN EFI_GUID *Protocol OPTIONAL,
- IN VOID *SearchKey OPTIONAL,
- IN OUT UINTN *NoHandles,
- OUT EFI_HANDLE **Buffer
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
-
- ASSERT (NoHandles != NULL);
- ASSERT (Buffer != NULL);
-
- //
- // Initialize for GrowBuffer loop.
- //
- Status = EFI_SUCCESS;
- *Buffer = NULL;
- BufferSize = 50 * sizeof (EFI_HANDLE);
-
- //
- // Call the real function.
- //
- while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {
- Status = gBS->LocateHandle (
- SearchType,
- Protocol,
- SearchKey,
- &BufferSize,
- *Buffer
- );
- }
-
- *NoHandles = BufferSize / sizeof (EFI_HANDLE);
- if (EFI_ERROR (Status)) {
- *NoHandles = 0;
- }
-
- return Status;
-}
-
-/**
- Find the first instance of this protocol in the system and return its interface.
-
- @param[in] ProtocolGuid The guid of the protocol.
- @param[out] Interface The pointer to the first instance of the protocol.
-
- @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
- @retval Others A protocol instance matching ProtocolGuid was not found.
-**/
-EFI_STATUS
-LocateProtocol (
- IN EFI_GUID *ProtocolGuid,
- OUT VOID **Interface
- )
-
-{
- EFI_STATUS Status;
- UINTN NumberHandles;
- UINTN Index;
- EFI_HANDLE *Handles;
-
- *Interface = NULL;
- Handles = NULL;
- NumberHandles = 0;
-
- Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));
- return Status;
- }
-
- for (Index = 0; Index < NumberHandles; Index++) {
- ASSERT (Handles != NULL);
- Status = gBS->HandleProtocol (
- Handles[Index],
- ProtocolGuid,
- Interface
- );
-
- if (!EFI_ERROR (Status)) {
- break;
- }
- }
-
- if (Handles != NULL) {
- FreePool (Handles);
- }
-
- return Status;
-}
-
-/**
- Helper function called to check the conflicted flags.
-
- @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS No conflicted flags.
- @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
-**/
-EFI_STATUS
-IpSecConfigRetriveCheckListByName (
- IN VAR_CHECK_ITEM *CheckList,
- IN LIST_ENTRY *ParamPackage
-)
-{
-
- LIST_ENTRY *Node;
- VAR_CHECK_ITEM *Item;
- UINT32 Attribute1;
- UINT32 Attribute2;
- UINT32 Attribute3;
- UINT32 Attribute4;
- UINT32 Index;
-
- Attribute1 = 0;
- Attribute2 = 0;
- Attribute3 = 0;
- Attribute4 = 0;
- Index = 0;
- Item = mIpSecConfigVarCheckList;
-
- if ((ParamPackage == NULL) || (CheckList == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Enumerate through the list of parameters that are input by user.
- //
- for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
- if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
- //
- // Enumerate the check list that defines the conflicted attributes of each flag.
- //
- for (; Item->VarName != NULL; Item++) {
- if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
- Index++;
- if (Index == 1) {
- Attribute1 = Item->Attribute1;
- Attribute2 = Item->Attribute2;
- Attribute3 = Item->Attribute3;
- Attribute4 = Item->Attribute4;
- } else {
- Attribute1 &= Item->Attribute1;
- Attribute2 |= Item->Attribute2;
- Attribute3 &= Item->Attribute3;
- Attribute4 |= Item->Attribute4;
- if (Attribute1 != 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Attribute2 != 0) {
- if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {
- continue;
- }
-
- return EFI_INVALID_PARAMETER;
- }
-
- if (Attribute3 == 0) {
- return EFI_INVALID_PARAMETER;
- }
- if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||
- ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {
- return EFI_INVALID_PARAMETER;
- }
- }
- break;
- }
- }
-
- Item = mIpSecConfigVarCheckList;
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
- both device drivers and bus drivers.
-
- The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
-
- @param[in] ImageHandle The image handle of this application.
- @param[in] SystemTable The pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-InitializeIpSecConfig (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- EFI_IPSEC_CONFIG_DATA_TYPE DataType;
- UINT8 Value;
- LIST_ENTRY *ParamPackage;
- CONST CHAR16 *ValueStr;
- CHAR16 *ProblemParam;
- UINTN NonOptionCount;
- EFI_HII_PACKAGE_LIST_HEADER *PackageList;
-
- //
- // Retrieve HII package list from ImageHandle
- //
- Status = gBS->OpenProtocol (
- ImageHandle,
- &gEfiHiiPackageListProtocolGuid,
- (VOID **) &PackageList,
- ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Publish HII package list to HII Database.
- //
- Status = gHiiDatabase->NewPackageList (
- gHiiDatabase,
- PackageList,
- NULL,
- &mHiiHandle
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (mHiiHandle != NULL);
-
- Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);
- goto Done;
- }
-
- Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);
- goto Done;
- }
-
- Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);
- if (EFI_ERROR (Status) || mIpSecConfig == NULL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
- goto Done;
- }
-
- Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);
- if (EFI_ERROR (Status) || mIpSec == NULL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
- goto Done;
- }
-
- //
- // Enable IPsec.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {
- if (!(mIpSec->DisabledFlag)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);
- } else {
- //
- // Set enable flag.
- //
- Value = IPSEC_STATUS_ENABLED;
- Status = gRT->SetVariable (
- IPSECCONFIG_STATUS_NAME,
- &gEfiIpSecConfigProtocolGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- sizeof (Value),
- &Value
- );
- if (!EFI_ERROR (Status)) {
- mIpSec->DisabledFlag = FALSE;
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);
- } else {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);
- }
- }
-
- goto Done;
- }
-
- //
- // Disable IPsec.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {
- if (mIpSec->DisabledFlag) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);
- } else {
- //
- // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
- //
- gBS->SignalEvent (mIpSec->DisabledEvent);
- if (mIpSec->DisabledFlag) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);
- } else {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);
- }
- }
-
- goto Done;
- }
-
- //
- //IPsec Status.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {
- if (mIpSec->DisabledFlag) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);
- } else {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);
- }
- goto Done;
- }
-
- //
- // Try to get policy database type.
- //
- DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");
- if (ValueStr != NULL) {
- DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);
- if (DataType == -1) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);
- goto Done;
- }
- }
-
- NonOptionCount = ShellCommandLineGetCount (ParamPackage);
- if ((NonOptionCount - 1) > 0) {
- ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);
- goto Done;
- }
-
- if (DataType == -1) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);
- goto Done;
- }
-
- if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
- Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
- Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
- Status = EditPolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
- Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {
- Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {
- Status = ListPolicyEntry (DataType, ParamPackage);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- } else {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);
- goto Done;
- }
-
-Done:
- ShellCommandLineFreeVarList (ParamPackage);
- HiiRemovePackages (mHiiHandle);
-
- return EFI_SUCCESS;
-}
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.h b/NetworkPkg/Application/IpsecConfig/IpSecConfig.h deleted file mode 100644 index e37f8aae80..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.h +++ /dev/null @@ -1,143 +0,0 @@ -/** @file
- The internal structure and function declaration in IpSecConfig application.
-
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _IPSEC_CONFIG_H_
-#define _IPSEC_CONFIG_H_
-
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiLib.h>
-#include <Library/ShellLib.h>
-#include <Library/DebugLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiHiiServicesLib.h>
-#include <Library/NetLib.h>
-
-#include <Protocol/IpSecConfig.h>
-
-#define IPSECCONFIG_STATUS_NAME L"IpSecStatus"
-
-#define BIT(x) (UINT32) (1 << (x))
-
-#define IPSEC_STATUS_DISABLED 0x0
-#define IPSEC_STATUS_ENABLED 0x1
-
-#define EFI_IP4_PROTO_ICMP 0x1
-#define EFI_IP4_PROTO_TCP 0x6
-#define EFI_IP4_PROTO_UDP 0x11
-
-#define EFI_IPSEC_ANY_PROTOCOL 0xFFFF
-#define EFI_IPSEC_ANY_PORT 0
-
-///
-/// IPsec Authentication Algorithm Definition
-/// The number value definition is aligned to IANA assignment
-///
-#define IPSEC_AALG_NONE 0x00
-#define IPSEC_AALG_MD5HMAC 0x01
-#define IPSEC_AALG_SHA1HMAC 0x02
-#define IPSEC_AALG_SHA2_256HMAC 0x05
-#define IPSEC_AALG_SHA2_384HMAC 0x06
-#define IPSEC_AALG_SHA2_512HMAC 0x07
-#define IPSEC_AALG_AES_XCBC_MAC 0x09
-#define IPSEC_AALG_NULL 0xFB
-
-///
-/// IPsec Encryption Algorithm Definition
-/// The number value definition is aligned to IANA assignment
-///
-#define IPSEC_EALG_NONE 0x00
-#define IPSEC_EALG_DESCBC 0x02
-#define IPSEC_EALG_3DESCBC 0x03
-#define IPSEC_EALG_CASTCBC 0x06
-#define IPSEC_EALG_BLOWFISHCBC 0x07
-#define IPSEC_EALG_NULL 0x0B
-#define IPSEC_EALG_AESCBC 0x0C
-#define IPSEC_EALG_AESCTR 0x0D
-#define IPSEC_EALG_AES_CCM_ICV8 0x0E
-#define IPSEC_EALG_AES_CCM_ICV12 0x0F
-#define IPSEC_EALG_AES_CCM_ICV16 0x10
-#define IPSEC_EALG_AES_GCM_ICV8 0x12
-#define IPSEC_EALG_AES_GCM_ICV12 0x13
-#define IPSEC_EALG_AES_GCM_ICV16 0x14
-
-typedef struct {
- CHAR16 *VarName;
- UINT32 Attribute1;
- UINT32 Attribute2;
- UINT32 Attribute3;
- UINT32 Attribute4;
-} VAR_CHECK_ITEM;
-
-typedef struct {
- LIST_ENTRY Link;
- CHAR16 *Name;
- SHELL_PARAM_TYPE Type;
- CHAR16 *Value;
- UINTN OriginalPosition;
-} SHELL_PARAM_PACKAGE;
-
-typedef struct {
- CHAR16 *String;
- UINT32 Integer;
-} STR2INT;
-
-extern EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;
-extern EFI_HII_HANDLE mHiiHandle;
-extern CHAR16 mAppName[];
-
-//
-// -P
-//
-extern STR2INT mMapPolicy[];
-
-//
-// --proto
-//
-extern STR2INT mMapIpProtocol[];
-
-//
-// --action
-//
-extern STR2INT mMapIpSecAction[];
-
-//
-// --mode
-//
-extern STR2INT mMapIpSecMode[];
-
-//
-// --dont-fragment
-//
-extern STR2INT mMapDfOption[];
-
-//
-// --ipsec-proto
-//
-extern STR2INT mMapIpSecProtocol[];
-//
-// --auth-algo
-//
-extern STR2INT mMapAuthAlgo[];
-
-//
-// --encrypt-algo
-//
-extern STR2INT mMapEncAlgo[];
-//
-// --auth-proto
-//
-extern STR2INT mMapAuthProto[];
-
-//
-// --auth-method
-//
-extern STR2INT mMapAuthMethod[];
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.inf b/NetworkPkg/Application/IpsecConfig/IpSecConfig.inf deleted file mode 100644 index 7ad6b5627f..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.inf +++ /dev/null @@ -1,70 +0,0 @@ -## @file
-# Shell application IpSecConfig.
-#
-# This application is used to set and retrieve security and policy related information
-# for the EFI IPsec protocol driver.
-#
-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010006
- BASE_NAME = IpSecConfig
- FILE_GUID = 0922E604-F5EC-42ef-980D-A35E9A2B1844
- MODULE_TYPE = UEFI_APPLICATION
- VERSION_STRING = 1.0
- ENTRY_POINT = InitializeIpSecConfig
- MODULE_UNI_FILE = IpSecConfig.uni
-
-#
-#
-# This flag specifies whether HII resource section is generated into PE image.
-#
- UEFI_HII_RESOURCE_SECTION = TRUE
-
-[Sources]
- IpSecConfigStrings.uni
- IpSecConfig.c
- IpSecConfig.h
- Dump.c
- Dump.h
- Indexer.c
- Indexer.h
- Match.c
- Match.h
- Delete.h
- Delete.c
- Helper.c
- Helper.h
- ForEach.c
- ForEach.h
- PolicyEntryOperation.c
- PolicyEntryOperation.h
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- ShellPkg/ShellPkg.dec
-
-[LibraryClasses]
- UefiBootServicesTableLib
- UefiApplicationEntryPoint
- UefiHiiServicesLib
- BaseMemoryLib
- ShellLib
- MemoryAllocationLib
- DebugLib
- HiiLib
- NetLib
- UefiLib
-
-[Protocols]
- gEfiIpSec2ProtocolGuid ##CONSUMES
- gEfiIpSecConfigProtocolGuid ##CONSUMES
- gEfiHiiPackageListProtocolGuid ##CONSUMES
-
-[UserExtensions.TianoCore."ExtraFiles"]
- IpSecConfigExtra.uni
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.uni b/NetworkPkg/Application/IpsecConfig/IpSecConfig.uni deleted file mode 100644 index 3d01977ffd..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.uni +++ /dev/null @@ -1,17 +0,0 @@ -// /** @file
-// Shell application IpSecConfig.
-//
-// This application is used to set and retrieve security and policy related information
-// for the EFI IPsec protocol driver.
-//
-// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Shell application IpSecConfig"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This application is used to set and retrieve security and policy related information for the EFI IPsec protocol driver."
-
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfigExtra.uni b/NetworkPkg/Application/IpsecConfig/IpSecConfigExtra.uni deleted file mode 100644 index 2fef5f4b31..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfigExtra.uni +++ /dev/null @@ -1,14 +0,0 @@ -// /** @file
-// IpSecConfig Localized Strings and Content
-//
-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"IpSec Config App"
-
-
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfigStrings.uni b/NetworkPkg/Application/IpsecConfig/IpSecConfigStrings.uni deleted file mode 100644 index 9a854464a8..0000000000 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfigStrings.uni +++ /dev/null @@ -1,127 +0,0 @@ -/** @file
- String definitions for the Shell IpSecConfig application.
-
- Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#langdef en-US "English"
-
-#string STR_IPSEC_CONFIG_UNKNOWN_OPERATION #language en-US "%s: Operation not specified.\n"
-
-#string STR_IPSEC_CONFIG_INCORRECT_DB #language en-US "%s: Incorrect Database - %s.\n"
-
-#string STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT #language en-US "%s: IPSEC_CONFIG protocol inexistent.\n"
-
-#string STR_IPSEC_CONFIG_MISSING_DB #language en-US "%s: Missing Database.\n"
-
-#string STR_IPSEC_CONFIG_FILE_OPEN_FAILED #language en-US "%s: Open file failed - %s.\n"
-
-#string STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE #language en-US "%s: Incorrect value of %s - %s.\n"
-
-#string STR_IPSEC_CONFIG_ACCEPT_PARAMETERS #language en-US " Values could be:"
-
-#string STR_IPSEC_CONFIG_MISSING_PARAMETER #language en-US "%s: Missing parameter - %s.\n"
-
-#string STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS #language en-US "%s: Missing one of the parameters - %s.\n"
-
-#string STR_IPSEC_CONFIG_UNWANTED_PARAMETER #language en-US "%s: Unwanted parameter - %s.\n"
-
-#string STR_IPSEC_CONFIG_INSERT_FAILED #language en-US "%s: Policy entry insertion failed!\n"
-
-#string STR_IPSEC_CONFIG_DELETE_FAILED #language en-US "%s: Policy entry deletion failed!\n"
-
-#string STR_IPSEC_CONFIG_EDIT_FAILED #language en-US "%s: Policy entry edit failed!\n"
-
-#string STR_IPSEC_CONFIG_ALREADY_EXISTS #language en-US "%s: Policy entry already exists!\n"
-
-#string STR_IPSEC_CONFIG_INDEX_NOT_FOUND #language en-US "%s: Specified index not found!\n"
-
-#string STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED #language en-US "%s: Index should be Specified!\n"
-
-#string STR_IPSEC_CONFIG_INSERT_UNSUPPORT #language en-US "%s: Policy entry insertion not supported!\n"
-
-#string STR_IPSEC_MISTAKEN_OPTIONS #language en-US "Mistaken Input. Please refer to %H"IpSecConfig -?"%N for more help information.\n"
-
-#string STR_IPSEC_REDUNDANCY_MANY #language en-US "%s has one redundancy option: %H%s%N\n"
-
-#string STR_IPSEC_CONFIG_ALREADY_ENABLE #language en-US "IPsec has been already enabled!\n"
-
-#string STR_IPSEC_CONFIG_ENABLE_SUCCESS #language en-US "Enable IPsec ! \n"
-
-#string STR_IPSEC_CONFIG_DISABLE_SUCCESS #language en-US "Disable IPsec ! \n"
-
-#string STR_IPSEC_CONFIG_ALREADY_DISABLE #language en-US "IPsec has been already disabled !\n"
-
-#string STR_IPSEC_CONFIG_STATUS_ENABLE #language en-US "IPsec Status : Enabled ! \n"
-
-#string STR_IPSEC_CONFIG_STATUS_DISABLE #language en-US "IPsec Status : Disabled ! \n"
-
-#string STR_IPSEC_CONFIG_ENABLE_FAILED #language en-US "Error: Enable IPsec failed !\n"
-
-#string STR_IPSEC_CONFIG_DISABLE_FAILED #language en-US "Error: Disable IPsec failed !\n"
-
-#string STR_IPSEC_CONFIG_HELP #language en-US ""
-".TH IpSecConfig 0 "Displays or modifies the current IPsec configuration."\r\n"
-".SH NAME\r\n"
-"Displays or modifies the current IPsec configuration.\r\n"
-".SH SYNOPSIS\r\n"
-" \r\n"
-"%HIpSecConfig [-p {SPD|SAD|PAD}] [command] [options[parameters]]\r\n"
-".SH OPTIONS\r\n"
-" \r\n"
-"%H-p (SPD|SAD|PAD)%N required.point to certain policy database.\r\n"
-" \r\n"
-"%Hcommand%N:\r\n"
-" -a [options[parameters]] Add new policy entry.\r\n"
-" -i entryid [options[parameters]] Insert new policy entry before the one\r\n"
-" matched by the entryid.\r\n"
-" It's only supported on SPD policy database.\r\n"
-" -d entryid Delete the policy entry matched by the \r\n"
-" entryid.\r\n"
-" -e entryid [options[parameters]] Edit the policy entry matched by the\r\n"
-" entryid.\r\n"
-" -f Flush the entire policy database.\r\n"
-" -l List all entries for specified database.\r\n"
-" -enable Enable IPsec.\r\n"
-" -disable Disable IPsec.\r\n"
-" -status Show IPsec current status.\r\n"
-" \r\n"
-"%H[options[parameters]]%N for %HSPD%N:\r\n"
-" --local localaddress optional local address\r\n"
-" --remote remoteaddress required remote address\r\n"
-" --proto (TCP|UDP|ICMP|...) required IP protocol\r\n"
-" --local-port port optional local port for tcp/udp protocol\r\n"
-" --remote-port port optional remote port for tcp/udp protocol\r\n"
-" --name name optional SPD name\r\n"
-" --action (Bypass|Discard|Protect) required \r\n"
-" required IPsec action\r\n"
-" --mode (Transport|Tunnel) optional IPsec mode, transport by default\r\n"
-" --ipsec-proto (AH|ESP) optional IPsec protocol, ESP by default\r\n"
-" --auth-algo (NONE|SHA1HMAC) optional authentication algorithm\r\n"
-" --encrypt-algo(NONE|DESCBC|3DESCBC)optional encryption algorithm\r\n"
-" --tunnel-local tunnellocaladdr optional tunnel local address(only for tunnel mode)\r\n"
-" --tunnel-remote tunnelremoteaddr optional tunnel remote address(only for tunnel mode)\r\n"
-" \r\n"
-"%H[options[parameters]]%N for %HSAD%N:\r\n"
-" --spi spi required SPI value\r\n"
-" --ipsec-proto (AH|ESP) required IPsec protocol\r\n"
-" --local localaddress optional local address\r\n"
-" --remote remoteaddress required destination address\r\n"
-" --auth-algo (NONE|SHA1HMAC) required for AH. authentication algorithm\n"
-" --auth-key key required for AH. key for authentication\r\n"
-" --encrypt-algo (NONE|DESCBC|3DESCBC) required for ESP. encryption algorithm\r\n"
-" --encrypt-key key required for ESP. key for encryption\r\n"
-" --mode (Transport|Tunnel) optional IPsec mode, transport by default\r\n"
-" --tunnel-dest tunneldestaddr optional tunnel destination address(only for tunnel mode)\r\n"
-" --tunnel-source tunnelsourceaddr optional tunnel source address(only for tunnel mode)\r\n"
-" \r\n"
-"%H[options[parameters]]%N for %HPAD%N:\r\n"
-" --peer-address address required peer address\r\n"
-" --auth-proto (IKEv1|IKEv2) optional IKE protocol, IKEv1 by\r\n"
-" default\r\n"
-" --auth-method (PreSharedSecret|Certificates) required authentication method\r\n"
-" --auth-data authdata required data for authentication\r\n"
-" \r\n"
diff --git a/NetworkPkg/Application/IpsecConfig/Match.c b/NetworkPkg/Application/IpsecConfig/Match.c deleted file mode 100644 index 9d5a81c4ac..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Match.c +++ /dev/null @@ -1,157 +0,0 @@ -/** @file
- The implementation of match policy entry function in IpSecConfig application.
-
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Indexer.h"
-#include "Match.h"
-
-/**
- Private function to validate a buffer that should be filled with zero.
-
- @param[in] Memory The pointer to the buffer.
- @param[in] Size The size of the buffer.
-
- @retval TRUE The memory is filled with zero.
- @retval FALSE The memory isn't filled with zero.
-**/
-BOOLEAN
-IsMemoryZero (
- IN VOID *Memory,
- IN UINTN Size
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < Size; Index++) {
- if (*((UINT8 *) Memory + Index) != 0) {
- return FALSE;
- }
- }
-
- return TRUE;
-}
-
-/**
- Find the matching SPD with Indexer.
-
- @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
- @param[in] Indexer The pointer to the SPD_ENTRY_INDEXER structure.
-
- @retval TRUE The matched SPD is found.
- @retval FALSE The matched SPD is not found.
-**/
-BOOLEAN
-MatchSpdEntry (
- IN EFI_IPSEC_SPD_SELECTOR *Selector,
- IN EFI_IPSEC_SPD_DATA *Data,
- IN SPD_ENTRY_INDEXER *Indexer
- )
-{
- BOOLEAN Match;
-
- Match = FALSE;
- if (!IsMemoryZero (Indexer->Name, MAX_PEERID_LEN)) {
- if ((Data->Name != NULL) && (AsciiStrCmp ((CHAR8 *) Indexer->Name, (CHAR8 *) Data->Name) == 0)) {
- Match = TRUE;
- }
- } else {
- if (Indexer->Index == 0) {
- Match = TRUE;
- }
-
- Indexer->Index--;
- }
-
- return Match;
-}
-
-/**
- Find the matching SAD with Indexer.
-
- @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
- @param[in] Indexer The pointer to the SPD_ENTRY_INDEXER structure.
-
- @retval TRUE The matched SAD is found.
- @retval FALSE The matched SAD is not found.
-**/
-BOOLEAN
-MatchSadEntry (
- IN EFI_IPSEC_SA_ID *SaId,
- IN EFI_IPSEC_SA_DATA2 *Data,
- IN SAD_ENTRY_INDEXER *Indexer
- )
-{
- BOOLEAN Match;
-
- Match = FALSE;
- if (!IsMemoryZero (&Indexer->SaId, sizeof (EFI_IPSEC_SA_ID))) {
- Match = (BOOLEAN) (CompareMem (&Indexer->SaId, SaId, sizeof (EFI_IPSEC_SA_ID)) == 0);
- } else {
- if (Indexer->Index == 0) {
- Match = TRUE;
- }
- Indexer->Index--;
- }
-
- return Match;
-}
-
-/**
- Find the matching PAD with Indexer.
-
- @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
- @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
- @param[in] Indexer The pointer to the SPD_ENTRY_INDEXER structure.
-
- @retval TRUE The matched PAD is found.
- @retval FALSE The matched PAD is not found.
-**/
-BOOLEAN
-MatchPadEntry (
- IN EFI_IPSEC_PAD_ID *PadId,
- IN EFI_IPSEC_PAD_DATA *Data,
- IN PAD_ENTRY_INDEXER *Indexer
- )
-{
- BOOLEAN Match;
-
- Match = FALSE;
- if (!IsMemoryZero (&Indexer->PadId, sizeof (EFI_IPSEC_PAD_ID))) {
- Match = (BOOLEAN) ((Indexer->PadId.PeerIdValid == PadId->PeerIdValid) &&
- ((PadId->PeerIdValid &&
- (StrCmp (
- (CONST CHAR16 *) Indexer->PadId.Id.PeerId,
- (CONST CHAR16 *) PadId->Id.PeerId
- ) == 0)) ||
- ((!PadId->PeerIdValid) &&
- (Indexer->PadId.Id.IpAddress.PrefixLength == PadId->Id.IpAddress.PrefixLength) &&
- (CompareMem (
- &Indexer->PadId.Id.IpAddress.Address,
- &PadId->Id.IpAddress.Address,
- sizeof (EFI_IP_ADDRESS)
- ) == 0))));
- } else {
- if (Indexer->Index == 0) {
- Match = TRUE;
- }
-
- Indexer->Index--;
- }
-
- return Match;
-}
-
-MATCH_POLICY_ENTRY mMatchPolicyEntry[] = {
- (MATCH_POLICY_ENTRY) MatchSpdEntry,
- (MATCH_POLICY_ENTRY) MatchSadEntry,
- (MATCH_POLICY_ENTRY) MatchPadEntry
-};
-
diff --git a/NetworkPkg/Application/IpsecConfig/Match.h b/NetworkPkg/Application/IpsecConfig/Match.h deleted file mode 100644 index 2e0b31b8b9..0000000000 --- a/NetworkPkg/Application/IpsecConfig/Match.h +++ /dev/null @@ -1,35 +0,0 @@ -/** @file
- The internal structure and function declaration of
- match policy entry function in IpSecConfig application.
-
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _MATCH_H_
-#define _MATCH_H_
-
-/**
- The prototype for the MatchSpdEntry()/MatchSadEntry()/MatchPadEntry().
- The functionality is to find the matching SPD/SAD/PAD with Indexer.
-
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR union.
- @param[in] Data The pointer to corresponding Data.
- @param[in] Indexer The pointer to the POLICY_ENTRY_INDEXER union.
-
- @retval TRUE The matched SPD/SAD/PAD is found.
- @retval FALSE The matched SPD/SAD/PAD is not found.
-**/
-typedef
-BOOLEAN
-(* MATCH_POLICY_ENTRY) (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN POLICY_ENTRY_INDEXER *Indexer
- );
-
-extern MATCH_POLICY_ENTRY mMatchPolicyEntry[];
-
-#endif
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c deleted file mode 100644 index 16f3590977..0000000000 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c +++ /dev/null @@ -1,2070 +0,0 @@ -/** @file
- The implementation of policy entry operation function in IpSecConfig application.
-
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfig.h"
-#include "Indexer.h"
-#include "Match.h"
-#include "Helper.h"
-#include "ForEach.h"
-#include "PolicyEntryOperation.h"
-
-/**
- Fill in EFI_IPSEC_SPD_SELECTOR through ParamPackage list.
-
- @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[in, out] Mask The pointer to the Mask.
-
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CreateSpdSelector (
- OUT EFI_IPSEC_SPD_SELECTOR *Selector,
- IN LIST_ENTRY *ParamPackage,
- IN OUT UINT32 *Mask
- )
-{
- EFI_STATUS Status;
- EFI_STATUS ReturnStatus;
- CONST CHAR16 *ValueStr;
-
- Status = EFI_SUCCESS;
- ReturnStatus = EFI_SUCCESS;
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local");
- if (ValueStr != NULL) {
- Selector->LocalAddressCount = 1;
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->LocalAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--local",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= LOCAL;
- }
- }
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote");
- if (ValueStr != NULL) {
- Selector->RemoteAddressCount = 1;
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, Selector->RemoteAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--remote",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= REMOTE;
- }
- }
-
- Selector->NextLayerProtocol = EFI_IPSEC_ANY_PROTOCOL;
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- Status = GetNumber (
- L"--proto",
- (UINT16) -1,
- &Selector->NextLayerProtocol,
- sizeof (UINT16),
- mMapIpProtocol,
- ParamPackage,
- FORMAT_NUMBER | FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= PROTO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Selector->LocalPort = EFI_IPSEC_ANY_PORT;
- Selector->RemotePort = EFI_IPSEC_ANY_PORT;
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--local-port");
- if (ValueStr != NULL) {
- Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->LocalPort, &Selector->LocalPortRange);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--local-port",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= LOCAL_PORT;
- }
- }
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--remote-port");
- if (ValueStr != NULL) {
- Status = EfiInetPortRange ((CHAR16 *) ValueStr, &Selector->RemotePort, &Selector->RemotePortRange);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--remote-port",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= REMOTE_PORT;
- }
- }
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- Status = GetNumber (
- L"--icmp-type",
- (UINT8) -1,
- &Selector->LocalPort,
- sizeof (UINT16),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= ICMP_TYPE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in the member in EFI_IPSEC_SPD_SELECTOR.
- //
- Status = GetNumber (
- L"--icmp-code",
- (UINT8) -1,
- &Selector->RemotePort,
- sizeof (UINT16),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= ICMP_CODE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- return ReturnStatus;
-}
-
-/**
- Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA through ParamPackage list.
-
- @param[out] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[out] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[out] Mask The pointer to the Mask.
- @param[in] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CreateSpdEntry (
- OUT EFI_IPSEC_SPD_SELECTOR **Selector,
- OUT EFI_IPSEC_SPD_DATA **Data,
- IN LIST_ENTRY *ParamPackage,
- OUT UINT32 *Mask,
- IN BOOLEAN CreateNew
- )
-{
- EFI_STATUS Status;
- EFI_STATUS ReturnStatus;
- CONST CHAR16 *ValueStr;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
- *Mask = 0;
-
- *Selector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR) + 2 * sizeof (EFI_IP_ADDRESS_INFO));
- ASSERT (*Selector != NULL);
-
- (*Selector)->LocalAddress = (EFI_IP_ADDRESS_INFO *) (*Selector + 1);
- (*Selector)->RemoteAddress = (*Selector)->LocalAddress + 1;
-
- ReturnStatus = CreateSpdSelector (*Selector, ParamPackage, Mask);
-
- //
- // SPD DATA
- // NOTE: Allocate enough memory and add padding for different arch.
- //
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SPD_DATA));
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_PROCESS_POLICY));
- DataSize += sizeof (EFI_IPSEC_TUNNEL_OPTION);
-
- *Data = AllocateZeroPool (DataSize);
- ASSERT (*Data != NULL);
-
- (*Data)->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
- (*Data + 1),
- sizeof (UINTN)
- );
- (*Data)->ProcessingPolicy->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER (
- ((*Data)->ProcessingPolicy + 1),
- sizeof (UINTN)
- );
-
-
- //
- // Convert user imput from string to integer, and fill in the Name in EFI_IPSEC_SPD_DATA.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
- if (ValueStr != NULL) {
- UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));
- *Mask |= NAME;
- }
-
- //
- // Convert user imput from string to integer, and fill in the PackageFlag in EFI_IPSEC_SPD_DATA.
- //
- Status = GetNumber (
- L"--packet-flag",
- (UINT8) -1,
- &(*Data)->PackageFlag,
- sizeof (UINT32),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= PACKET_FLAG;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in the Action in EFI_IPSEC_SPD_DATA.
- //
- Status = GetNumber (
- L"--action",
- (UINT8) -1,
- &(*Data)->Action,
- sizeof (UINT32),
- mMapIpSecAction,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= ACTION;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in the ExtSeqNum in EFI_IPSEC_SPD_DATA.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence")) {
- (*Data)->ProcessingPolicy->ExtSeqNum = TRUE;
- *Mask |= EXT_SEQUENCE;
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--ext-sequence-")) {
- (*Data)->ProcessingPolicy->ExtSeqNum = FALSE;
- *Mask |= EXT_SEQUENCE;
- }
-
- //
- // Convert user imput from string to integer, and fill in the SeqOverflow in EFI_IPSEC_SPD_DATA.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow")) {
- (*Data)->ProcessingPolicy->SeqOverflow = TRUE;
- *Mask |= SEQUENCE_OVERFLOW;
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--sequence-overflow-")) {
- (*Data)->ProcessingPolicy->SeqOverflow = FALSE;
- *Mask |= SEQUENCE_OVERFLOW;
- }
-
- //
- // Convert user imput from string to integer, and fill in the FragCheck in EFI_IPSEC_SPD_DATA.
- //
- if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check")) {
- (*Data)->ProcessingPolicy->FragCheck = TRUE;
- *Mask |= FRAGMENT_CHECK;
- } else if (ShellCommandLineGetFlag (ParamPackage, L"--fragment-check-")) {
- (*Data)->ProcessingPolicy->FragCheck = FALSE;
- *Mask |= FRAGMENT_CHECK;
- }
-
- //
- // Convert user imput from string to integer, and fill in the ProcessingPolicy in EFI_IPSEC_SPD_DATA.
- //
- Status = GetNumber (
- L"--lifebyte",
- (UINT64) -1,
- &(*Data)->ProcessingPolicy->SaLifetime.ByteCount,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFEBYTE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--lifetime",
- (UINT64) -1,
- &(*Data)->ProcessingPolicy->SaLifetime.HardLifetime,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFETIME;
- }
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--lifetime-soft",
- (UINT64) -1,
- &(*Data)->ProcessingPolicy->SaLifetime.SoftLifetime,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFETIME_SOFT;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- (*Data)->ProcessingPolicy->Mode = EfiIPsecTransport;
- Status = GetNumber (
- L"--mode",
- 0,
- &(*Data)->ProcessingPolicy->Mode,
- sizeof (UINT32),
- mMapIpSecMode,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= MODE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-local");
- if (ValueStr != NULL) {
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--tunnel-local",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= TUNNEL_LOCAL;
- }
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-remote");
- if (ValueStr != NULL) {
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--tunnel-remote",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= TUNNEL_REMOTE;
- }
- }
-
- (*Data)->ProcessingPolicy->TunnelOption->DF = EfiIPsecTunnelCopyDf;
- Status = GetNumber (
- L"--dont-fragment",
- 0,
- &(*Data)->ProcessingPolicy->TunnelOption->DF,
- sizeof (UINT32),
- mMapDfOption,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= DONT_FRAGMENT;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- (*Data)->ProcessingPolicy->Proto = EfiIPsecESP;
- Status = GetNumber (
- L"--ipsec-proto",
- 0,
- &(*Data)->ProcessingPolicy->Proto,
- sizeof (UINT32),
- mMapIpSecProtocol,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= IPSEC_PROTO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--encrypt-algo",
- 0,
- &(*Data)->ProcessingPolicy->EncAlgoId,
- sizeof (UINT8),
- mMapEncAlgo,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= ENCRYPT_ALGO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--auth-algo",
- 0,
- &(*Data)->ProcessingPolicy->AuthAlgoId,
- sizeof (UINT8),
- mMapAuthAlgo,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= AUTH_ALGO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Cannot check Mode against EfiIPsecTunnel, because user may want to change tunnel_remote only so the Mode is not set.
- //
- if ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE | DONT_FRAGMENT)) == 0) {
- (*Data)->ProcessingPolicy->TunnelOption = NULL;
- }
-
- if ((*Mask & (EXT_SEQUENCE | SEQUENCE_OVERFLOW | FRAGMENT_CHECK | LIFEBYTE |
- LIFETIME_SOFT | LIFETIME | MODE | TUNNEL_LOCAL | TUNNEL_REMOTE |
- DONT_FRAGMENT | IPSEC_PROTO | AUTH_ALGO | ENCRYPT_ALGO)) == 0) {
- if ((*Data)->Action != EfiIPsecActionProtect) {
- //
- // User may not provide additional parameter for Protect action, so we cannot simply set ProcessingPolicy to NULL.
- //
- (*Data)->ProcessingPolicy = NULL;
- }
- }
-
- if (CreateNew) {
- if ((*Mask & (LOCAL | REMOTE | PROTO | ACTION)) != (LOCAL | REMOTE | PROTO | ACTION)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--local --remote --proto --action"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else if (((*Data)->Action == EfiIPsecActionProtect) &&
- ((*Data)->ProcessingPolicy->Mode == EfiIPsecTunnel) &&
- ((*Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE))) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--tunnel-local --tunnel-remote"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
- }
-
- return ReturnStatus;
-}
-
-/**
- Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
-
- @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[out] Mask The pointer to the Mask.
- @param[in] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CreateSadEntry (
- OUT EFI_IPSEC_SA_ID **SaId,
- OUT EFI_IPSEC_SA_DATA2 **Data,
- IN LIST_ENTRY *ParamPackage,
- OUT UINT32 *Mask,
- IN BOOLEAN CreateNew
- )
-{
- EFI_STATUS Status;
- EFI_STATUS ReturnStatus;
- UINTN AuthKeyLength;
- UINTN EncKeyLength;
- CONST CHAR16 *ValueStr;
- CHAR8 *AsciiStr;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
- ReturnStatus = EFI_SUCCESS;
- *Mask = 0;
- AuthKeyLength = 0;
- EncKeyLength = 0;
-
- *SaId = AllocateZeroPool (sizeof (EFI_IPSEC_SA_ID));
- ASSERT (*SaId != NULL);
-
- //
- // Convert user imput from string to integer, and fill in the Spi in EFI_IPSEC_SA_ID.
- //
- Status = GetNumber (L"--spi", (UINT32) -1, &(*SaId)->Spi, sizeof (UINT32), NULL, ParamPackage, FORMAT_NUMBER);
- if (!EFI_ERROR (Status)) {
- *Mask |= SPI;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in the Proto in EFI_IPSEC_SA_ID.
- //
- Status = GetNumber (
- L"--ipsec-proto",
- 0,
- &(*SaId)->Proto,
- sizeof (EFI_IPSEC_PROTOCOL_TYPE),
- mMapIpSecProtocol,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= IPSEC_PROTO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
- if (ValueStr != NULL) {
- AuthKeyLength = StrLen (ValueStr);
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
- if (ValueStr != NULL) {
- EncKeyLength = StrLen (ValueStr);
- }
-
- //
- // EFI_IPSEC_SA_DATA2:
- // +------------
- // | EFI_IPSEC_SA_DATA2
- // +-----------------------
- // | AuthKey
- // +-------------------------
- // | EncKey
- // +-------------------------
- // | SpdSelector
- //
- // Notes: To make sure the address alignment add padding after each data if needed.
- //
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
- DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
- DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
- DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IP_ADDRESS_INFO));
- DataSize += sizeof (EFI_IP_ADDRESS_INFO);
-
-
-
- *Data = AllocateZeroPool (DataSize);
- ASSERT (*Data != NULL);
-
- (*Data)->ManualSet = TRUE;
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER (((*Data) + 1), sizeof (UINTN));
- (*Data)->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
- ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.AuthKey + AuthKeyLength),
- sizeof (UINTN)
- );
- (*Data)->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER (
- ((UINT8 *) (*Data)->AlgoInfo.EspAlgoInfo.EncKey + EncKeyLength),
- sizeof (UINTN)
- );
- (*Data)->SpdSelector->LocalAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
- ((UINT8 *) (*Data)->SpdSelector + sizeof (EFI_IPSEC_SPD_SELECTOR)),
- sizeof (UINTN));
- (*Data)->SpdSelector->RemoteAddress = (EFI_IP_ADDRESS_INFO *) ALIGN_POINTER (
- (*Data)->SpdSelector->LocalAddress + 1,
- sizeof (UINTN)
- );
-
- (*Data)->Mode = EfiIPsecTransport;
- Status = GetNumber (
- L"--mode",
- 0,
- &(*Data)->Mode,
- sizeof (EFI_IPSEC_MODE),
- mMapIpSecMode,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= MODE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // According to RFC 4303-3.3.3. The first packet sent using a given SA
- // will contain a sequence number of 1.
- //
- (*Data)->SNCount = 1;
- Status = GetNumber (
- L"--sequence-number",
- (UINT64) -1,
- &(*Data)->SNCount,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= SEQUENCE_NUMBER;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- (*Data)->AntiReplayWindows = 0;
- Status = GetNumber (
- L"--antireplay-window",
- (UINT8) -1,
- &(*Data)->AntiReplayWindows,
- sizeof (UINT8),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= SEQUENCE_NUMBER;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--encrypt-algo",
- 0,
- &(*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId,
- sizeof (UINT8),
- mMapEncAlgo,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= ENCRYPT_ALGO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
- if (ValueStr != NULL ) {
- (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
- AsciiStr = AllocateZeroPool (EncKeyLength + 1);
- ASSERT (AsciiStr != NULL);
- UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
- FreePool (AsciiStr);
- *Mask |= ENCRYPT_KEY;
- } else {
- (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
- }
-
- Status = GetNumber (
- L"--auth-algo",
- 0,
- &(*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId,
- sizeof (UINT8),
- mMapAuthAlgo,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= AUTH_ALGO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
- if (ValueStr != NULL) {
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
- AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
- ASSERT (AsciiStr != NULL);
- UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
- FreePool (AsciiStr);
- *Mask |= AUTH_KEY;
- } else {
- (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
- }
-
- Status = GetNumber (
- L"--lifebyte",
- (UINT64) -1,
- &(*Data)->SaLifetime.ByteCount,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFEBYTE;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--lifetime",
- (UINT64) -1,
- &(*Data)->SaLifetime.HardLifetime,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFETIME;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--lifetime-soft",
- (UINT64) -1,
- &(*Data)->SaLifetime.SoftLifetime,
- sizeof (UINT64),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= LIFETIME_SOFT;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--path-mtu",
- (UINT32) -1,
- &(*Data)->PathMTU,
- sizeof (UINT32),
- NULL,
- ParamPackage,
- FORMAT_NUMBER
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= PATH_MTU;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- //
- // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
- if (ValueStr != NULL) {
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--tunnel-dest",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= DEST;
- }
- }
-
- //
- // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
- if (ValueStr != NULL) {
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--tunnel-source",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= SOURCE;
- }
- }
-
- //
- // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
- //
- if ((*Data)->Mode == EfiIPsecTunnel) {
- if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--tunnel-source --tunnel-dest"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
- }
- ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
-
- if (CreateNew) {
- if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--spi --ipsec-proto --local --remote"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- if ((*SaId)->Proto == EfiIPsecAH) {
- if ((*Mask & AUTH_ALGO) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--auth-algo"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--auth-key"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
- } else {
- if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--encrypt-algo --auth-algo"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--encrypt-key"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--auth-key"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
- }
- }
- }
-
- return ReturnStatus;
-}
-
-/**
- Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA through ParamPackage list.
-
- @param[out] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
- @param[out] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[out] Mask The pointer to the Mask.
- @param[in] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Fill in EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CreatePadEntry (
- OUT EFI_IPSEC_PAD_ID **PadId,
- OUT EFI_IPSEC_PAD_DATA **Data,
- IN LIST_ENTRY *ParamPackage,
- OUT UINT32 *Mask,
- IN BOOLEAN CreateNew
- )
-{
- EFI_STATUS Status;
- EFI_STATUS ReturnStatus;
- SHELL_FILE_HANDLE FileHandle;
- UINT64 FileSize;
- UINTN AuthDataLength;
- UINTN RevocationDataLength;
- UINTN DataLength;
- UINTN Index;
- CONST CHAR16 *ValueStr;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
- ReturnStatus = EFI_SUCCESS;
- *Mask = 0;
- AuthDataLength = 0;
- RevocationDataLength = 0;
-
- *PadId = AllocateZeroPool (sizeof (EFI_IPSEC_PAD_ID));
- ASSERT (*PadId != NULL);
-
- //
- // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_ID.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-address");
- if (ValueStr != NULL) {
- (*PadId)->PeerIdValid = FALSE;
- Status = EfiInetAddrRange ((CHAR16 *) ValueStr, &(*PadId)->Id.IpAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--peer-address",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= PEER_ADDRESS;
- }
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
- if (ValueStr != NULL) {
- (*PadId)->PeerIdValid = TRUE;
- StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);
- *Mask |= PEER_ID;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
- if (ValueStr != NULL) {
- if (ValueStr[0] == L'@') {
- //
- // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
- //
- Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
- mHiiHandle,
- mAppName,
- &ValueStr[1]
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- Status = ShellGetFileSize (FileHandle, &FileSize);
- ShellCloseFile (&FileHandle);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
- mHiiHandle,
- mAppName,
- &ValueStr[1]
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- AuthDataLength = (UINTN) FileSize;
- }
- }
- } else {
- AuthDataLength = StrLen (ValueStr);
- }
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
- if (ValueStr != NULL) {
- RevocationDataLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
- }
-
- //
- // Allocate Buffer for Data. Add padding after each struct to make sure the alignment
- // in different Arch.
- //
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
- DataSize = ALIGN_VARIABLE (DataSize + AuthDataLength);
- DataSize += RevocationDataLength;
-
- *Data = AllocateZeroPool (DataSize);
- ASSERT (*Data != NULL);
-
- (*Data)->AuthData = (VOID *) ALIGN_POINTER ((*Data + 1), sizeof (UINTN));
- (*Data)->RevocationData = (VOID *) ALIGN_POINTER (((UINT8 *) (*Data + 1) + AuthDataLength), sizeof (UINTN));
- (*Data)->AuthProtocol = EfiIPsecAuthProtocolIKEv1;
-
- //
- // Convert user imput from string to integer, and fill in EFI_IPSEC_PAD_DATA.
- //
- Status = GetNumber (
- L"--auth-proto",
- 0,
- &(*Data)->AuthProtocol,
- sizeof (EFI_IPSEC_AUTH_PROTOCOL_TYPE),
- mMapAuthProto,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= AUTH_PROTO;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- Status = GetNumber (
- L"--auth-method",
- 0,
- &(*Data)->AuthMethod,
- sizeof (EFI_IPSEC_AUTH_METHOD),
- mMapAuthMethod,
- ParamPackage,
- FORMAT_STRING
- );
- if (!EFI_ERROR (Status)) {
- *Mask |= AUTH_METHOD;
- }
-
- if (Status == EFI_INVALID_PARAMETER) {
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
-
- if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id")) {
- (*Data)->IkeIdFlag = TRUE;
- *Mask |= IKE_ID;
- }
-
- if (ShellCommandLineGetFlag (ParamPackage, L"--ike-id-")) {
- (*Data)->IkeIdFlag = FALSE;
- *Mask |= IKE_ID;
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data");
- if (ValueStr != NULL) {
- if (ValueStr[0] == L'@') {
- //
- // Input is a file: --auth-data "@fs1:\My Certificates\tom.dat"
- //
-
- Status = ShellOpenFileByName (&ValueStr[1], &FileHandle, EFI_FILE_MODE_READ, 0);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
- mHiiHandle,
- mAppName,
- &ValueStr[1]
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- (*Data)->AuthData = NULL;
- } else {
- DataLength = AuthDataLength;
- Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
- ShellCloseFile (&FileHandle);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_FILE_OPEN_FAILED),
- mHiiHandle,
- mAppName,
- &ValueStr[1]
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- (*Data)->AuthData = NULL;
- } else {
- ASSERT (DataLength == AuthDataLength);
- *Mask |= AUTH_DATA;
- }
- }
- } else {
- for (Index = 0; Index < AuthDataLength; Index++) {
- ((CHAR8 *) (*Data)->AuthData)[Index] = (CHAR8) ValueStr[Index];
- }
- (*Data)->AuthDataSize = AuthDataLength;
- *Mask |= AUTH_DATA;
- }
- }
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--revocation-data");
- if (ValueStr != NULL) {
- CopyMem ((*Data)->RevocationData, ValueStr, RevocationDataLength);
- (*Data)->RevocationDataSize = RevocationDataLength;
- *Mask |= REVOCATION_DATA;
- } else {
- (*Data)->RevocationData = NULL;
- }
-
- if (CreateNew) {
- if ((*Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--peer-id --peer-address"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else if ((*Mask & (AUTH_METHOD | AUTH_DATA)) != (AUTH_METHOD | AUTH_DATA)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--auth-method --auth-data"
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- }
- }
-
- return ReturnStatus;
-}
-
-CREATE_POLICY_ENTRY mCreatePolicyEntry[] = {
- (CREATE_POLICY_ENTRY) CreateSpdEntry,
- (CREATE_POLICY_ENTRY) CreateSadEntry,
- (CREATE_POLICY_ENTRY) CreatePadEntry
-};
-
-/**
- Combine old SPD entry with new SPD entry.
-
- @param[in, out] OldSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[in, out] OldData The pointer to the EFI_IPSEC_SPD_DATA structure.
- @param[in] NewSelector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
- @param[in] NewData The pointer to the EFI_IPSEC_SPD_DATA structure.
- @param[in] Mask The pointer to the Mask.
- @param[out] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Combined successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CombineSpdEntry (
- IN OUT EFI_IPSEC_SPD_SELECTOR *OldSelector,
- IN OUT EFI_IPSEC_SPD_DATA *OldData,
- IN EFI_IPSEC_SPD_SELECTOR *NewSelector,
- IN EFI_IPSEC_SPD_DATA *NewData,
- IN UINT32 Mask,
- OUT BOOLEAN *CreateNew
- )
-{
-
- //
- // Process Selector
- //
- *CreateNew = FALSE;
- if ((Mask & LOCAL) == 0) {
- NewSelector->LocalAddressCount = OldSelector->LocalAddressCount;
- NewSelector->LocalAddress = OldSelector->LocalAddress;
- } else if ((NewSelector->LocalAddressCount != OldSelector->LocalAddressCount) ||
- (CompareMem (NewSelector->LocalAddress, OldSelector->LocalAddress, NewSelector->LocalAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & REMOTE) == 0) {
- NewSelector->RemoteAddressCount = OldSelector->RemoteAddressCount;
- NewSelector->RemoteAddress = OldSelector->RemoteAddress;
- } else if ((NewSelector->RemoteAddressCount != OldSelector->RemoteAddressCount) ||
- (CompareMem (NewSelector->RemoteAddress, OldSelector->RemoteAddress, NewSelector->RemoteAddressCount * sizeof (EFI_IP_ADDRESS_INFO)) != 0)) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & PROTO) == 0) {
- NewSelector->NextLayerProtocol = OldSelector->NextLayerProtocol;
- } else if (NewSelector->NextLayerProtocol != OldSelector->NextLayerProtocol) {
- *CreateNew = TRUE;
- }
-
- switch (NewSelector->NextLayerProtocol) {
- case EFI_IP4_PROTO_TCP:
- case EFI_IP4_PROTO_UDP:
- if ((Mask & LOCAL_PORT) == 0) {
- NewSelector->LocalPort = OldSelector->LocalPort;
- NewSelector->LocalPortRange = OldSelector->LocalPortRange;
- } else if ((NewSelector->LocalPort != OldSelector->LocalPort) ||
- (NewSelector->LocalPortRange != OldSelector->LocalPortRange)) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & REMOTE_PORT) == 0) {
- NewSelector->RemotePort = OldSelector->RemotePort;
- NewSelector->RemotePortRange = OldSelector->RemotePortRange;
- } else if ((NewSelector->RemotePort != OldSelector->RemotePort) ||
- (NewSelector->RemotePortRange != OldSelector->RemotePortRange)) {
- *CreateNew = TRUE;
- }
- break;
-
- case EFI_IP4_PROTO_ICMP:
- if ((Mask & ICMP_TYPE) == 0) {
- NewSelector->LocalPort = OldSelector->LocalPort;
- } else if (NewSelector->LocalPort != OldSelector->LocalPort) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & ICMP_CODE) == 0) {
- NewSelector->RemotePort = OldSelector->RemotePort;
- } else if (NewSelector->RemotePort != OldSelector->RemotePort) {
- *CreateNew = TRUE;
- }
- break;
- }
- //
- // Process Data
- //
- OldData->SaIdCount = 0;
-
- if ((Mask & NAME) != 0) {
- AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);
- }
-
- if ((Mask & PACKET_FLAG) != 0) {
- OldData->PackageFlag = NewData->PackageFlag;
- }
-
- if ((Mask & ACTION) != 0) {
- OldData->Action = NewData->Action;
- }
-
- if (OldData->Action != EfiIPsecActionProtect) {
- OldData->ProcessingPolicy = NULL;
- } else {
- //
- // Protect
- //
- if (OldData->ProcessingPolicy == NULL) {
- //
- // Just point to new data if originally NULL.
- //
- OldData->ProcessingPolicy = NewData->ProcessingPolicy;
- if (OldData->ProcessingPolicy->Mode == EfiIPsecTunnel &&
- (Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)
- ) {
- //
- // Change to Protect action and Tunnel mode, but without providing local/remote tunnel address.
- //
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--tunnel-local --tunnel-remote"
- );
- return EFI_INVALID_PARAMETER;
- }
- } else {
- //
- // Modify some of the data.
- //
- if ((Mask & EXT_SEQUENCE) != 0) {
- OldData->ProcessingPolicy->ExtSeqNum = NewData->ProcessingPolicy->ExtSeqNum;
- }
-
- if ((Mask & SEQUENCE_OVERFLOW) != 0) {
- OldData->ProcessingPolicy->SeqOverflow = NewData->ProcessingPolicy->SeqOverflow;
- }
-
- if ((Mask & FRAGMENT_CHECK) != 0) {
- OldData->ProcessingPolicy->FragCheck = NewData->ProcessingPolicy->FragCheck;
- }
-
- if ((Mask & LIFEBYTE) != 0) {
- OldData->ProcessingPolicy->SaLifetime.ByteCount = NewData->ProcessingPolicy->SaLifetime.ByteCount;
- }
-
- if ((Mask & LIFETIME_SOFT) != 0) {
- OldData->ProcessingPolicy->SaLifetime.SoftLifetime = NewData->ProcessingPolicy->SaLifetime.SoftLifetime;
- }
-
- if ((Mask & LIFETIME) != 0) {
- OldData->ProcessingPolicy->SaLifetime.HardLifetime = NewData->ProcessingPolicy->SaLifetime.HardLifetime;
- }
-
- if ((Mask & MODE) != 0) {
- OldData->ProcessingPolicy->Mode = NewData->ProcessingPolicy->Mode;
- }
-
- if ((Mask & IPSEC_PROTO) != 0) {
- OldData->ProcessingPolicy->Proto = NewData->ProcessingPolicy->Proto;
- }
-
- if ((Mask & AUTH_ALGO) != 0) {
- OldData->ProcessingPolicy->AuthAlgoId = NewData->ProcessingPolicy->AuthAlgoId;
- }
-
- if ((Mask & ENCRYPT_ALGO) != 0) {
- OldData->ProcessingPolicy->EncAlgoId = NewData->ProcessingPolicy->EncAlgoId;
- }
-
- if (OldData->ProcessingPolicy->Mode != EfiIPsecTunnel) {
- OldData->ProcessingPolicy->TunnelOption = NULL;
- } else {
- if (OldData->ProcessingPolicy->TunnelOption == NULL) {
- //
- // Set from Transport mode to Tunnel mode, should ensure TUNNEL_LOCAL & TUNNEL_REMOTE both exists.
- //
- if ((Mask & (TUNNEL_LOCAL | TUNNEL_REMOTE)) != (TUNNEL_LOCAL | TUNNEL_REMOTE)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--tunnel-local --tunnel-remote"
- );
- return EFI_INVALID_PARAMETER;
- }
-
- OldData->ProcessingPolicy->TunnelOption = NewData->ProcessingPolicy->TunnelOption;
- } else {
- if ((Mask & TUNNEL_LOCAL) != 0) {
- CopyMem (
- &OldData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
- &NewData->ProcessingPolicy->TunnelOption->LocalTunnelAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- }
-
- if ((Mask & TUNNEL_REMOTE) != 0) {
- CopyMem (
- &OldData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
- &NewData->ProcessingPolicy->TunnelOption->RemoteTunnelAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- }
-
- if ((Mask & DONT_FRAGMENT) != 0) {
- OldData->ProcessingPolicy->TunnelOption->DF = NewData->ProcessingPolicy->TunnelOption->DF;
- }
- }
- }
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Combine old SAD entry with new SAD entry.
-
- @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
- @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
- @param[in] Mask The pointer to the Mask.
- @param[out] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Combined successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CombineSadEntry (
- IN OUT EFI_IPSEC_SA_ID *OldSaId,
- IN OUT EFI_IPSEC_SA_DATA2 *OldData,
- IN EFI_IPSEC_SA_ID *NewSaId,
- IN EFI_IPSEC_SA_DATA2 *NewData,
- IN UINT32 Mask,
- OUT BOOLEAN *CreateNew
- )
-{
-
- *CreateNew = FALSE;
-
- if ((Mask & SPI) == 0) {
- NewSaId->Spi = OldSaId->Spi;
- } else if (NewSaId->Spi != OldSaId->Spi) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & IPSEC_PROTO) == 0) {
- NewSaId->Proto = OldSaId->Proto;
- } else if (NewSaId->Proto != OldSaId->Proto) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & DEST) == 0) {
- CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
- } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
- *CreateNew = TRUE;
- }
-
- if ((Mask & SOURCE) == 0) {
- CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
- } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
- *CreateNew = TRUE;
- }
- //
- // Process SA_DATA.
- //
- if ((Mask & MODE) != 0) {
- OldData->Mode = NewData->Mode;
- }
-
- if ((Mask & SEQUENCE_NUMBER) != 0) {
- OldData->SNCount = NewData->SNCount;
- }
-
- if ((Mask & ANTIREPLAY_WINDOW) != 0) {
- OldData->AntiReplayWindows = NewData->AntiReplayWindows;
- }
-
- if ((Mask & AUTH_ALGO) != 0) {
- OldData->AlgoInfo.EspAlgoInfo.AuthAlgoId = NewData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
- }
-
- if ((Mask & AUTH_KEY) != 0) {
- OldData->AlgoInfo.EspAlgoInfo.AuthKey = NewData->AlgoInfo.EspAlgoInfo.AuthKey;
- OldData->AlgoInfo.EspAlgoInfo.AuthKeyLength = NewData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
- }
-
- if ((Mask & ENCRYPT_ALGO) != 0) {
- OldData->AlgoInfo.EspAlgoInfo.EncAlgoId = NewData->AlgoInfo.EspAlgoInfo.EncAlgoId;
- }
-
- if ((Mask & ENCRYPT_KEY) != 0) {
- OldData->AlgoInfo.EspAlgoInfo.EncKey = NewData->AlgoInfo.EspAlgoInfo.EncKey;
- OldData->AlgoInfo.EspAlgoInfo.EncKeyLength = NewData->AlgoInfo.EspAlgoInfo.EncKeyLength;
- }
-
- if (NewSaId->Proto == EfiIPsecAH) {
- if ((Mask & (ENCRYPT_ALGO | ENCRYPT_KEY)) != 0) {
- //
- // Should not provide encrypt_* if AH.
- //
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_UNWANTED_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--encrypt-algo --encrypt-key"
- );
- return EFI_INVALID_PARAMETER;
- }
- }
-
- if (NewSaId->Proto == EfiIPsecESP && OldSaId->Proto == EfiIPsecAH) {
- //
- // AH -> ESP
- // Should provide encrypt_algo at least.
- //
- if ((Mask & ENCRYPT_ALGO) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--encrypt-algo"
- );
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Encrypt_key should be provided if algorithm is not NONE.
- //
- if (NewData->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (Mask & ENCRYPT_KEY) == 0) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
- mHiiHandle,
- mAppName,
- L"--encrypt-algo"
- );
- return EFI_INVALID_PARAMETER;
- }
- }
-
- if ((Mask & LIFEBYTE) != 0) {
- OldData->SaLifetime.ByteCount = NewData->SaLifetime.ByteCount;
- }
-
- if ((Mask & LIFETIME_SOFT) != 0) {
- OldData->SaLifetime.SoftLifetime = NewData->SaLifetime.SoftLifetime;
- }
-
- if ((Mask & LIFETIME) != 0) {
- OldData->SaLifetime.HardLifetime = NewData->SaLifetime.HardLifetime;
- }
-
- if ((Mask & PATH_MTU) != 0) {
- OldData->PathMTU = NewData->PathMTU;
- }
- //
- // Process SpdSelector.
- //
- if (OldData->SpdSelector == NULL) {
- if ((Mask & (LOCAL | REMOTE | PROTO | LOCAL_PORT | REMOTE_PORT | ICMP_TYPE | ICMP_CODE)) != 0) {
- if ((Mask & (LOCAL | REMOTE | PROTO)) != (LOCAL | REMOTE | PROTO)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
- mHiiHandle,
- mAppName,
- L"--local --remote --proto"
- );
- return EFI_INVALID_PARAMETER;
- }
-
- OldData->SpdSelector = NewData->SpdSelector;
- }
- } else {
- if ((Mask & LOCAL) != 0) {
- OldData->SpdSelector->LocalAddressCount = NewData->SpdSelector->LocalAddressCount;
- OldData->SpdSelector->LocalAddress = NewData->SpdSelector->LocalAddress;
- }
-
- if ((Mask & REMOTE) != 0) {
- OldData->SpdSelector->RemoteAddressCount = NewData->SpdSelector->RemoteAddressCount;
- OldData->SpdSelector->RemoteAddress = NewData->SpdSelector->RemoteAddress;
- }
-
- if ((Mask & PROTO) != 0) {
- OldData->SpdSelector->NextLayerProtocol = NewData->SpdSelector->NextLayerProtocol;
- }
-
- if (OldData->SpdSelector != NULL) {
- switch (OldData->SpdSelector->NextLayerProtocol) {
- case EFI_IP4_PROTO_TCP:
- case EFI_IP4_PROTO_UDP:
- if ((Mask & LOCAL_PORT) != 0) {
- OldData->SpdSelector->LocalPort = NewData->SpdSelector->LocalPort;
- }
-
- if ((Mask & REMOTE_PORT) != 0) {
- OldData->SpdSelector->RemotePort = NewData->SpdSelector->RemotePort;
- }
- break;
-
- case EFI_IP4_PROTO_ICMP:
- if ((Mask & ICMP_TYPE) != 0) {
- OldData->SpdSelector->LocalPort = (UINT8) NewData->SpdSelector->LocalPort;
- }
-
- if ((Mask & ICMP_CODE) != 0) {
- OldData->SpdSelector->RemotePort = (UINT8) NewData->SpdSelector->RemotePort;
- }
- break;
- }
- }
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Combine old PAD entry with new PAD entry.
-
- @param[in, out] OldPadId The pointer to the EFI_IPSEC_PAD_ID structure.
- @param[in, out] OldData The pointer to the EFI_IPSEC_PAD_DATA structure.
- @param[in] NewPadId The pointer to the EFI_IPSEC_PAD_ID structure.
- @param[in] NewData The pointer to the EFI_IPSEC_PAD_DATA structure.
- @param[in] Mask The pointer to the Mask.
- @param[out] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Combined successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-EFI_STATUS
-CombinePadEntry (
- IN OUT EFI_IPSEC_PAD_ID *OldPadId,
- IN OUT EFI_IPSEC_PAD_DATA *OldData,
- IN EFI_IPSEC_PAD_ID *NewPadId,
- IN EFI_IPSEC_PAD_DATA *NewData,
- IN UINT32 Mask,
- OUT BOOLEAN *CreateNew
- )
-{
-
- *CreateNew = FALSE;
-
- if ((Mask & (PEER_ID | PEER_ADDRESS)) == 0) {
- CopyMem (NewPadId, OldPadId, sizeof (EFI_IPSEC_PAD_ID));
- } else {
- if ((Mask & PEER_ID) != 0) {
- if (OldPadId->PeerIdValid) {
- if (StrCmp ((CONST CHAR16 *) OldPadId->Id.PeerId, (CONST CHAR16 *) NewPadId->Id.PeerId) != 0) {
- *CreateNew = TRUE;
- }
- } else {
- *CreateNew = TRUE;
- }
- } else {
- //
- // MASK & PEER_ADDRESS
- //
- if (OldPadId->PeerIdValid) {
- *CreateNew = TRUE;
- } else {
- if ((CompareMem (&OldPadId->Id.IpAddress.Address, &NewPadId->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0) ||
- (OldPadId->Id.IpAddress.PrefixLength != NewPadId->Id.IpAddress.PrefixLength)) {
- *CreateNew = TRUE;
- }
- }
- }
- }
-
- if ((Mask & AUTH_PROTO) != 0) {
- OldData->AuthProtocol = NewData->AuthProtocol;
- }
-
- if ((Mask & AUTH_METHOD) != 0) {
- OldData->AuthMethod = NewData->AuthMethod;
- }
-
- if ((Mask & IKE_ID) != 0) {
- OldData->IkeIdFlag = NewData->IkeIdFlag;
- }
-
- if ((Mask & AUTH_DATA) != 0) {
- OldData->AuthDataSize = NewData->AuthDataSize;
- OldData->AuthData = NewData->AuthData;
- }
-
- if ((Mask & REVOCATION_DATA) != 0) {
- OldData->RevocationDataSize = NewData->RevocationDataSize;
- OldData->RevocationData = NewData->RevocationData;
- }
-
- return EFI_SUCCESS;
-}
-
-COMBINE_POLICY_ENTRY mCombinePolicyEntry[] = {
- (COMBINE_POLICY_ENTRY) CombineSpdEntry,
- (COMBINE_POLICY_ENTRY) CombineSadEntry,
- (COMBINE_POLICY_ENTRY) CombinePadEntry
-};
-
-/**
- Edit entry information in the database.
-
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
- @param[in] Data The pointer to the data.
- @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
-
- @retval EFI_SUCCESS Continue the iteration.
- @retval EFI_ABORTED Abort the iteration.
-**/
-EFI_STATUS
-EditOperatePolicyEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN EDIT_POLICY_ENTRY_CONTEXT *Context
- )
-{
- EFI_STATUS Status;
- BOOLEAN CreateNew;
-
- if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
- ASSERT (Context->DataType < 3);
-
- Status = mCombinePolicyEntry[Context->DataType] (
- Selector,
- Data,
- Context->Selector,
- Context->Data,
- Context->Mask,
- &CreateNew
- );
- if (!EFI_ERROR (Status)) {
- //
- // If the Selector already existed, this Entry will be updated by set data.
- //
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Context->Selector, /// New created selector.
- Data, /// Old date which has been modified, need to be set data.
- Selector
- );
- ASSERT_EFI_ERROR (Status);
-
- if (CreateNew) {
- //
- // Edit the entry to a new one. So, we need delete the old entry.
- //
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Selector, /// Old selector.
- NULL, /// NULL means to delete this Entry specified by Selector.
- NULL
- );
- ASSERT_EFI_ERROR (Status);
- }
- }
-
- Context->Status = Status;
- return EFI_ABORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Edit entry information in database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Edit entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-EditPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- EDIT_POLICY_ENTRY_CONTEXT Context;
- CONST CHAR16 *ValueStr;
-
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-e");
- if (ValueStr == NULL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
- return EFI_NOT_FOUND;
- }
-
- Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
- if (!EFI_ERROR (Status)) {
- Context.DataType = DataType;
- Context.Status = EFI_NOT_FOUND;
- Status = mCreatePolicyEntry[DataType] (&Context.Selector, &Context.Data, ParamPackage, &Context.Mask, FALSE);
- if (!EFI_ERROR (Status)) {
- ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) EditOperatePolicyEntry, &Context);
- Status = Context.Status;
- }
-
- if (Context.Selector != NULL) {
- gBS->FreePool (Context.Selector);
- }
-
- if (Context.Data != NULL) {
- gBS->FreePool (Context.Data);
- }
- }
-
- if (Status == EFI_NOT_FOUND) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
- } else if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_EDIT_FAILED), mHiiHandle, mAppName);
- }
-
- return Status;
-
-}
-
-/**
- Insert entry information in database.
-
- @param[in] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR structure.
- @param[in] Data The pointer to the data.
- @param[in] Context The pointer to the INSERT_POLICY_ENTRY_CONTEXT structure.
-
- @retval EFI_SUCCESS Continue the iteration.
- @retval EFI_ABORTED Abort the iteration.
-**/
-EFI_STATUS
-InsertPolicyEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN INSERT_POLICY_ENTRY_CONTEXT *Context
- )
-{
- //
- // Found the entry which we want to insert before.
- //
- if (mMatchPolicyEntry[Context->DataType] (Selector, Data, &Context->Indexer)) {
-
- Context->Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Context->Selector,
- Context->Data,
- Selector
- );
- //
- // Abort the iteration after the insertion.
- //
- return EFI_ABORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Insert or add entry information in database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Insert or add entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval EFI_BUFFER_TOO_SMALL The entry already existed.
- @retval EFI_UNSUPPORTED The operation is not supported.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-AddOrInsertPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- )
-{
- EFI_STATUS Status;
- EFI_IPSEC_CONFIG_SELECTOR *Selector;
- VOID *Data;
- INSERT_POLICY_ENTRY_CONTEXT Context;
- UINT32 Mask;
- UINTN DataSize;
- CONST CHAR16 *ValueStr;
-
- Status = mCreatePolicyEntry[DataType] (&Selector, &Data, ParamPackage, &Mask, TRUE);
- if (!EFI_ERROR (Status)) {
- //
- // Find if the Selector to be inserted already exists.
- //
- DataSize = 0;
- Status = mIpSecConfig->GetData (
- mIpSecConfig,
- DataType,
- Selector,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_EXISTS), mHiiHandle, mAppName);
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- DataType,
- Selector,
- Data,
- NULL
- );
- } else {
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-i");
- if (ValueStr == NULL) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_SPECIFIED), mHiiHandle, mAppName, ValueStr);
- return EFI_NOT_FOUND;
- }
-
- Status = mConstructPolicyEntryIndexer[DataType] (&Context.Indexer, ParamPackage);
- if (!EFI_ERROR (Status)) {
- Context.DataType = DataType;
- Context.Status = EFI_NOT_FOUND;
- Context.Selector = Selector;
- Context.Data = Data;
-
- ForeachPolicyEntry (DataType, (VISIT_POLICY_ENTRY) InsertPolicyEntry, &Context);
- Status = Context.Status;
- if (Status == EFI_NOT_FOUND) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INDEX_NOT_FOUND), mHiiHandle, mAppName, ValueStr);
- }
- }
- }
-
- gBS->FreePool (Selector);
- gBS->FreePool (Data);
- }
-
- if (Status == EFI_UNSUPPORTED) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_UNSUPPORT), mHiiHandle, mAppName);
- } else if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INSERT_FAILED), mHiiHandle, mAppName);
- }
-
- return Status;
-}
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h deleted file mode 100644 index 3384774f6a..0000000000 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h +++ /dev/null @@ -1,153 +0,0 @@ -/** @file
- The function declaration of policy entry operation in IpSecConfig application.
-
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _POLICY_ENTRY_OPERATION_H_
-#define _POLICY_ENTRY_OPERATION_H_
-
-#define LOCAL BIT(0)
-#define REMOTE BIT(1)
-#define PROTO BIT(2)
-#define LOCAL_PORT BIT(3)
-#define REMOTE_PORT BIT(4)
-#define ICMP_TYPE BIT(5)
-#define ICMP_CODE BIT(6)
-#define NAME BIT(7)
-#define PACKET_FLAG BIT(8)
-#define ACTION BIT(9)
-#define EXT_SEQUENCE BIT(10)
-#define SEQUENCE_OVERFLOW BIT(11)
-#define FRAGMENT_CHECK BIT(12)
-#define LIFEBYTE BIT(13)
-#define LIFETIME_SOFT BIT(14)
-#define LIFETIME BIT(15)
-#define MODE BIT(16)
-#define TUNNEL_LOCAL BIT(17)
-#define TUNNEL_REMOTE BIT(18)
-#define DONT_FRAGMENT BIT(19)
-#define IPSEC_PROTO BIT(20)
-#define AUTH_ALGO BIT(21)
-#define ENCRYPT_ALGO BIT(22)
-#define SPI BIT(23)
-#define DEST BIT(24)
-#define SEQUENCE_NUMBER BIT(25)
-#define ANTIREPLAY_WINDOW BIT(26)
-#define AUTH_KEY BIT(27)
-#define ENCRYPT_KEY BIT(28)
-#define PATH_MTU BIT(29)
-#define SOURCE BIT(30)
-
-#define PEER_ID BIT(0)
-#define PEER_ADDRESS BIT(1)
-#define AUTH_PROTO BIT(2)
-#define AUTH_METHOD BIT(3)
-#define IKE_ID BIT(4)
-#define AUTH_DATA BIT(5)
-#define REVOCATION_DATA BIT(6)
-
-typedef struct {
- EFI_IPSEC_CONFIG_DATA_TYPE DataType;
- EFI_IPSEC_CONFIG_SELECTOR *Selector; // Data to be inserted.
- VOID *Data;
- UINT32 Mask;
- POLICY_ENTRY_INDEXER Indexer;
- EFI_STATUS Status; // Indicate whether insertion succeeds.
-} EDIT_POLICY_ENTRY_CONTEXT;
-
-typedef struct {
- EFI_IPSEC_CONFIG_DATA_TYPE DataType;
- EFI_IPSEC_CONFIG_SELECTOR *Selector; // Data to be inserted.
- VOID *Data;
- POLICY_ENTRY_INDEXER Indexer;
- EFI_STATUS Status; // Indicate whether insertion succeeds.
-} INSERT_POLICY_ENTRY_CONTEXT;
-
-/**
- The prototype for the CreateSpdEntry()/CreateSadEntry()/CreatePadEntry().
- Fill in EFI_IPSEC_CONFIG_SELECTOR and corresponding data thru ParamPackage list.
-
- @param[out] Selector The pointer to the EFI_IPSEC_CONFIG_SELECTOR union.
- @param[out] Data The pointer to corresponding data.
- @param[in] ParamPackage The pointer to the ParamPackage list.
- @param[out] Mask The pointer to the Mask.
- @param[in] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Filled in EFI_IPSEC_CONFIG_SELECTOR and corresponding data successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-typedef
-EFI_STATUS
-(*CREATE_POLICY_ENTRY) (
- OUT EFI_IPSEC_CONFIG_SELECTOR **Selector,
- OUT VOID **Data,
- IN LIST_ENTRY *ParamPackage,
- OUT UINT32 *Mask,
- IN BOOLEAN CreateNew
- );
-
-/**
- The prototype for the CombineSpdEntry()/CombineSadEntry()/CombinePadEntry().
- Combine old SPD/SAD/PAD entry with new SPD/SAD/PAD entry.
-
- @param[in, out] OldSelector The pointer to the old EFI_IPSEC_CONFIG_SELECTOR union.
- @param[in, out] OldData The pointer to the corresponding old data.
- @param[in] NewSelector The pointer to the new EFI_IPSEC_CONFIG_SELECTOR union.
- @param[in] NewData The pointer to the corresponding new data.
- @param[in] Mask The pointer to the Mask.
- @param[out] CreateNew The switch to create new.
-
- @retval EFI_SUCCESS Combined successfully.
- @retval EFI_INVALID_PARAMETER Invalid user input parameter.
-
-**/
-typedef
-EFI_STATUS
-(* COMBINE_POLICY_ENTRY) (
- IN OUT EFI_IPSEC_CONFIG_SELECTOR *OldSelector,
- IN OUT VOID *OldData,
- IN EFI_IPSEC_CONFIG_SELECTOR *NewSelector,
- IN VOID *NewData,
- IN UINT32 Mask,
- OUT BOOLEAN *CreateNew
- );
-
-/**
- Insert or add entry information in database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Insert or add entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval EFI_BUFFER_TOO_SMALL The entry already existed.
- @retval EFI_UNSUPPORTED The operation is not supported./
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-AddOrInsertPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- );
-
-/**
- Edit entry information in the database according to datatype.
-
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
- @param[in] ParamPackage The pointer to the ParamPackage list.
-
- @retval EFI_SUCCESS Edit entry information successfully.
- @retval EFI_NOT_FOUND Can't find the specified entry.
- @retval Others Some mistaken case.
-**/
-EFI_STATUS
-EditPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN LIST_ENTRY *ParamPackage
- );
-#endif
|