diff options
Diffstat (limited to 'NetworkPkg/IpSecDxe/IpSecConfigImpl.c')
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecConfigImpl.c | 3156 |
1 files changed, 0 insertions, 3156 deletions
diff --git a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c deleted file mode 100644 index 74745519a0..0000000000 --- a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c +++ /dev/null @@ -1,3156 +0,0 @@ -/** @file
- The implementation of IPSEC_CONFIG_PROTOCOL.
-
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "IpSecConfigImpl.h"
-#include "IpSecDebug.h"
-
-LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum];
-BOOLEAN mSetBySelf = FALSE;
-
-//
-// Common CompareSelector routine entry for SPD/SAD/PAD.
-//
-IPSEC_COMPARE_SELECTOR mCompareSelector[] = {
- (IPSEC_COMPARE_SELECTOR) CompareSpdSelector,
- (IPSEC_COMPARE_SELECTOR) CompareSaId,
- (IPSEC_COMPARE_SELECTOR) ComparePadId
-};
-
-//
-// Common IsZeroSelector routine entry for SPD/SAD/PAD.
-//
-IPSEC_IS_ZERO_SELECTOR mIsZeroSelector[] = {
- (IPSEC_IS_ZERO_SELECTOR) IsZeroSpdSelector,
- (IPSEC_IS_ZERO_SELECTOR) IsZeroSaId,
- (IPSEC_IS_ZERO_SELECTOR) IsZeroPadId
-};
-
-//
-// Common DuplicateSelector routine entry for SPD/SAD/PAD.
-//
-IPSEC_DUPLICATE_SELECTOR mDuplicateSelector[] = {
- (IPSEC_DUPLICATE_SELECTOR) DuplicateSpdSelector,
- (IPSEC_DUPLICATE_SELECTOR) DuplicateSaId,
- (IPSEC_DUPLICATE_SELECTOR) DuplicatePadId
-};
-
-//
-// Common FixPolicyEntry routine entry for SPD/SAD/PAD.
-//
-IPSEC_FIX_POLICY_ENTRY mFixPolicyEntry[] = {
- (IPSEC_FIX_POLICY_ENTRY) FixSpdEntry,
- (IPSEC_FIX_POLICY_ENTRY) FixSadEntry,
- (IPSEC_FIX_POLICY_ENTRY) FixPadEntry
-};
-
-//
-// Common UnfixPolicyEntry routine entry for SPD/SAD/PAD.
-//
-IPSEC_FIX_POLICY_ENTRY mUnfixPolicyEntry[] = {
- (IPSEC_FIX_POLICY_ENTRY) UnfixSpdEntry,
- (IPSEC_FIX_POLICY_ENTRY) UnfixSadEntry,
- (IPSEC_FIX_POLICY_ENTRY) UnfixPadEntry
-};
-
-//
-// Common SetPolicyEntry routine entry for SPD/SAD/PAD.
-//
-IPSEC_SET_POLICY_ENTRY mSetPolicyEntry[] = {
- (IPSEC_SET_POLICY_ENTRY) SetSpdEntry,
- (IPSEC_SET_POLICY_ENTRY) SetSadEntry,
- (IPSEC_SET_POLICY_ENTRY) SetPadEntry
-};
-
-//
-// Common GetPolicyEntry routine entry for SPD/SAD/PAD.
-//
-IPSEC_GET_POLICY_ENTRY mGetPolicyEntry[] = {
- (IPSEC_GET_POLICY_ENTRY) GetSpdEntry,
- (IPSEC_GET_POLICY_ENTRY) GetSadEntry,
- (IPSEC_GET_POLICY_ENTRY) GetPadEntry
-};
-
-//
-// Routine entry for IpSecConfig protocol.
-//
-EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance = {
- EfiIpSecConfigSetData,
- EfiIpSecConfigGetData,
- EfiIpSecConfigGetNextSelector,
- EfiIpSecConfigRegisterNotify,
- EfiIpSecConfigUnregisterNotify
-};
-
-/**
- Get the all IPSec configuration variables and store those variables
- to the internal data structure.
-
- This founction is called by IpSecConfigInitialize() that is to intialize the
- IPsecConfiguration Protocol.
-
- @param[in] Private Point to IPSEC_PRIVATE_DATA.
-
- @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
- @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
- @retval others Other errors is found during the variable getting.
-
-**/
-EFI_STATUS
-IpSecConfigRestore (
- IN IPSEC_PRIVATE_DATA *Private
- );
-
-/**
- Check if the specified EFI_IP_ADDRESS_INFO is in EFI_IP_ADDRESS_INFO list.
-
- @param[in] AddressInfo Pointer of IP_ADDRESS_INFO to be search in AddressInfo list.
- @param[in] AddressInfoList A list that contains IP_ADDRESS_INFOs.
- @param[in] AddressCount Point out how many IP_ADDRESS_INFO in the list.
-
- @retval TRUE The specified AddressInfo is in the AddressInfoList.
- @retval FALSE The specified AddressInfo is not in the AddressInfoList.
-
-**/
-BOOLEAN
-IsInAddressInfoList(
- IN EFI_IP_ADDRESS_INFO *AddressInfo,
- IN EFI_IP_ADDRESS_INFO *AddressInfoList,
- IN UINT32 AddressCount
- )
-{
- UINT8 Index;
- EFI_IP_ADDRESS ZeroAddress;
-
- ZeroMem(&ZeroAddress, sizeof (EFI_IP_ADDRESS));
-
- //
- // Zero Address means any address is matched.
- //
- if (AddressCount == 1) {
- if (CompareMem (
- &AddressInfoList[0].Address,
- &ZeroAddress,
- sizeof (EFI_IP_ADDRESS)
- ) == 0) {
- return TRUE;
- }
- }
- for (Index = 0; Index < AddressCount ; Index++) {
- if (CompareMem (
- AddressInfo,
- &AddressInfoList[Index].Address,
- sizeof (EFI_IP_ADDRESS)
- ) == 0 &&
- AddressInfo->PrefixLength == AddressInfoList[Index].PrefixLength
- ) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Compare two SPD Selectors.
-
- Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
- NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
- Local Addresses and remote Addresses.
-
- @param[in] Selector1 Pointer of first SPD Selector.
- @param[in] Selector2 Pointer of second SPD Selector.
-
- @retval TRUE This two Selector have the same value in above fields.
- @retval FALSE Not all above fields have the same value in these two Selectors.
-
-**/
-BOOLEAN
-CompareSpdSelector (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector2
- )
-{
- EFI_IPSEC_SPD_SELECTOR *SpdSel1;
- EFI_IPSEC_SPD_SELECTOR *SpdSel2;
- BOOLEAN IsMatch;
- UINTN Index;
-
- SpdSel1 = &Selector1->SpdSelector;
- SpdSel2 = &Selector2->SpdSelector;
- IsMatch = TRUE;
-
- //
- // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
- // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
- // two Spdselectors. Since the SPD supports two directions, it needs to
- // compare two directions.
- //
- if ((SpdSel1->LocalAddressCount != SpdSel2->LocalAddressCount &&
- SpdSel1->LocalAddressCount != SpdSel2->RemoteAddressCount) ||
- (SpdSel1->RemoteAddressCount != SpdSel2->RemoteAddressCount &&
- SpdSel1->RemoteAddressCount != SpdSel2->LocalAddressCount) ||
- SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol ||
- SpdSel1->LocalPort != SpdSel2->LocalPort ||
- SpdSel1->LocalPortRange != SpdSel2->LocalPortRange ||
- SpdSel1->RemotePort != SpdSel2->RemotePort ||
- SpdSel1->RemotePortRange != SpdSel2->RemotePortRange
- ) {
- IsMatch = FALSE;
- return IsMatch;
- }
-
- //
- // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
- // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
- // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
- // TRUE.
- //
- for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->LocalAddress[Index],
- SpdSel2->LocalAddress,
- SpdSel2->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel2->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel2->LocalAddress[Index],
- SpdSel1->LocalAddress,
- SpdSel1->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->RemoteAddress[Index],
- SpdSel2->RemoteAddress,
- SpdSel2->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel2->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel2->RemoteAddress[Index],
- SpdSel1->RemoteAddress,
- SpdSel1->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- //
- // Finish the one direction compare. If it is matched, return; otherwise,
- // compare the other direction.
- //
- if (IsMatch) {
- return IsMatch;
- }
- //
- // Secondly, the SpdSel1->LocalAddress doesn't equal to SpdSel2->LocalAddress and
- // SpdSel1->RemoteAddress doesn't equal to SpdSel2->RemoteAddress. Try to compare
- // the RemoteAddress to LocalAddress.
- //
- IsMatch = TRUE;
- for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->RemoteAddress[Index],
- SpdSel2->LocalAddress,
- SpdSel2->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel2->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel2->RemoteAddress[Index],
- SpdSel1->LocalAddress,
- SpdSel1->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->LocalAddress[Index],
- SpdSel2->RemoteAddress,
- SpdSel2->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- if (IsMatch) {
- for (Index = 0; Index < SpdSel2->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel2->LocalAddress[Index],
- SpdSel1->RemoteAddress,
- SpdSel1->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- return IsMatch;
-}
-
-/**
- Find if the two SPD Selectors has subordinative.
-
- Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/
- NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the
- Local Addresses and remote Addresses.
-
- @param[in] Selector1 Pointer of first SPD Selector.
- @param[in] Selector2 Pointer of second SPD Selector.
-
- @retval TRUE The first SPD Selector is subordinate Selector of second SPD Selector.
- @retval FALSE The first SPD Selector is not subordinate Selector of second
- SPD Selector.
-
-**/
-BOOLEAN
-IsSubSpdSelector (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector2
- )
-{
- EFI_IPSEC_SPD_SELECTOR *SpdSel1;
- EFI_IPSEC_SPD_SELECTOR *SpdSel2;
- BOOLEAN IsMatch;
- UINTN Index;
-
- SpdSel1 = &Selector1->SpdSelector;
- SpdSel2 = &Selector2->SpdSelector;
- IsMatch = TRUE;
-
- //
- // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
- // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
- // two Spdselectors. Since the SPD supports two directions, it needs to
- // compare two directions.
- //
- if (SpdSel1->LocalAddressCount > SpdSel2->LocalAddressCount ||
- SpdSel1->RemoteAddressCount > SpdSel2->RemoteAddressCount ||
- (SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol && SpdSel2->NextLayerProtocol != 0xffff) ||
- (SpdSel1->LocalPort > SpdSel2->LocalPort && SpdSel2->LocalPort != 0)||
- (SpdSel1->LocalPortRange > SpdSel2->LocalPortRange && SpdSel1->LocalPort != 0)||
- (SpdSel1->RemotePort > SpdSel2->RemotePort && SpdSel2->RemotePort != 0) ||
- (SpdSel1->RemotePortRange > SpdSel2->RemotePortRange && SpdSel2->RemotePort != 0)
- ) {
- IsMatch = FALSE;
- }
-
- //
- // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
- // First, SpdSel1->LocalAddress to SpdSel2->LocalAddress && Compare
- // SpdSel1->RemoteAddress to SpdSel2->RemoteAddress. If all match, return
- // TRUE.
- //
- if (IsMatch) {
- for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->LocalAddress[Index],
- SpdSel2->LocalAddress,
- SpdSel2->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
-
- if (IsMatch) {
- for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->RemoteAddress[Index],
- SpdSel2->RemoteAddress,
- SpdSel2->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- }
- if (IsMatch) {
- return IsMatch;
- }
-
- //
- //
- // The SPD selector in SPD entry is two way.
- //
- // Compare the LocalAddressCount/RemoteAddressCount/NextLayerProtocol/
- // LocalPort/LocalPortRange/RemotePort/RemotePortRange fields in the
- // two Spdselectors. Since the SPD supports two directions, it needs to
- // compare two directions.
- //
- IsMatch = TRUE;
- if (SpdSel1->LocalAddressCount > SpdSel2->RemoteAddressCount ||
- SpdSel1->RemoteAddressCount > SpdSel2->LocalAddressCount ||
- (SpdSel1->NextLayerProtocol != SpdSel2->NextLayerProtocol && SpdSel2->NextLayerProtocol != 0xffff) ||
- (SpdSel1->LocalPort > SpdSel2->RemotePort && SpdSel2->RemotePort != 0)||
- (SpdSel1->LocalPortRange > SpdSel2->RemotePortRange && SpdSel1->RemotePort != 0)||
- (SpdSel1->RemotePort > SpdSel2->LocalPort && SpdSel2->LocalPort != 0) ||
- (SpdSel1->RemotePortRange > SpdSel2->LocalPortRange && SpdSel2->LocalPort != 0)
- ) {
- IsMatch = FALSE;
- return IsMatch;
- }
-
- //
- // Compare the all LocalAddress and RemoteAddress fields in the two Spdselectors.
- // First, SpdSel1->LocalAddress to SpdSel2->RemoteAddress && Compare
- // SpdSel1->RemoteAddress to SpdSel2->LocalAddress. If all match, return
- // TRUE.
- //
- for (Index = 0; Index < SpdSel1->LocalAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->LocalAddress[Index],
- SpdSel2->RemoteAddress,
- SpdSel2->RemoteAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
-
- if (IsMatch) {
- for (Index = 0; Index < SpdSel1->RemoteAddressCount; Index++) {
- if (!IsInAddressInfoList (
- &SpdSel1->RemoteAddress[Index],
- SpdSel2->LocalAddress,
- SpdSel2->LocalAddressCount
- )) {
- IsMatch = FALSE;
- break;
- }
- }
- }
- return IsMatch;
-
-}
-
-/**
- Compare two SA IDs.
-
- @param[in] Selector1 Pointer of first SA ID.
- @param[in] Selector2 Pointer of second SA ID.
-
- @retval TRUE This two Selectors have the same SA ID.
- @retval FALSE This two Selecotrs don't have the same SA ID.
-
-**/
-BOOLEAN
-CompareSaId (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector2
- )
-{
- EFI_IPSEC_SA_ID *SaId1;
- EFI_IPSEC_SA_ID *SaId2;
- BOOLEAN IsMatch;
-
- SaId1 = &Selector1->SaId;
- SaId2 = &Selector2->SaId;
- IsMatch = TRUE;
-
- if (CompareMem (SaId1, SaId2, sizeof (EFI_IPSEC_SA_ID)) != 0) {
- IsMatch = FALSE;
- }
-
- return IsMatch;
-}
-
-/**
- Compare two PAD IDs.
-
- @param[in] Selector1 Pointer of first PAD ID.
- @param[in] Selector2 Pointer of second PAD ID.
-
- @retval TRUE This two Selectors have the same PAD ID.
- @retval FALSE This two Selecotrs don't have the same PAD ID.
-
-**/
-BOOLEAN
-ComparePadId (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector1,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector2
- )
-{
- EFI_IPSEC_PAD_ID *PadId1;
- EFI_IPSEC_PAD_ID *PadId2;
- BOOLEAN IsMatch;
-
- PadId1 = &Selector1->PadId;
- PadId2 = &Selector2->PadId;
- IsMatch = TRUE;
-
- //
- // Compare the PeerIdValid fields in PadId.
- //
- if (PadId1->PeerIdValid != PadId2->PeerIdValid) {
- IsMatch = FALSE;
- }
- //
- // Compare the PeerId fields in PadId if PeerIdValid is true.
- //
- if (IsMatch &&
- PadId1->PeerIdValid &&
- AsciiStriCmp ((CONST CHAR8 *) PadId1->Id.PeerId, (CONST CHAR8 *) PadId2->Id.PeerId) != 0
- ) {
- IsMatch = FALSE;
- }
- //
- // Compare the IpAddress fields in PadId if PeerIdValid is false.
- //
- if (IsMatch &&
- !PadId1->PeerIdValid &&
- (PadId1->Id.IpAddress.PrefixLength != PadId2->Id.IpAddress.PrefixLength ||
- CompareMem (&PadId1->Id.IpAddress.Address, &PadId2->Id.IpAddress.Address, sizeof (EFI_IP_ADDRESS)) != 0)
- ) {
- IsMatch = FALSE;
- }
-
- return IsMatch;
-}
-
-/**
- Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount
- fields.
-
- @param[in] Selector Pointer of the SPD Selector.
-
- @retval TRUE If the SPD Selector is Zero.
- @retval FALSE If the SPD Selector is not Zero.
-
-**/
-BOOLEAN
-IsZeroSpdSelector (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector
- )
-{
- EFI_IPSEC_SPD_SELECTOR *SpdSel;
- BOOLEAN IsZero;
-
- SpdSel = &Selector->SpdSelector;
- IsZero = FALSE;
-
- if (SpdSel->LocalAddressCount == 0 && SpdSel->RemoteAddressCount == 0) {
- IsZero = TRUE;
- }
-
- return IsZero;
-}
-
-/**
- Check if the SA ID is Zero by its DestAddress.
-
- @param[in] Selector Pointer of the SA ID.
-
- @retval TRUE If the SA ID is Zero.
- @retval FALSE If the SA ID is not Zero.
-
-**/
-BOOLEAN
-IsZeroSaId (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector
- )
-{
- BOOLEAN IsZero;
- EFI_IPSEC_CONFIG_SELECTOR ZeroSelector;
-
- IsZero = FALSE;
-
- ZeroMem (&ZeroSelector, sizeof (EFI_IPSEC_CONFIG_SELECTOR));
-
- if (CompareMem (&ZeroSelector, Selector, sizeof (EFI_IPSEC_CONFIG_SELECTOR)) == 0) {
- IsZero = TRUE;
- }
-
- return IsZero;
-}
-
-/**
- Check if the PAD ID is Zero.
-
- @param[in] Selector Pointer of the PAD ID.
-
- @retval TRUE If the PAD ID is Zero.
- @retval FALSE If the PAD ID is not Zero.
-
-**/
-BOOLEAN
-IsZeroPadId (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector
- )
-{
- EFI_IPSEC_PAD_ID *PadId;
- EFI_IPSEC_PAD_ID ZeroId;
- BOOLEAN IsZero;
-
- PadId = &Selector->PadId;
- IsZero = FALSE;
-
- ZeroMem (&ZeroId, sizeof (EFI_IPSEC_PAD_ID));
-
- if (CompareMem (PadId, &ZeroId, sizeof (EFI_IPSEC_PAD_ID)) == 0) {
- IsZero = TRUE;
- }
-
- return IsZero;
-}
-
-/**
- Copy Source SPD Selector to the Destination SPD Selector.
-
- @param[in, out] DstSel Pointer of Destination SPD Selector.
- @param[in] SrcSel Pointer of Source SPD Selector.
- @param[in, out] Size The size of the Destination SPD Selector. If it
- not NULL and its value less than the size of
- Source SPD Selector, the value of Source SPD
- Selector's size will be passed to caller by this
- parameter.
-
- @retval EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL
- @retval EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
- @retval EFI_SUCCESS Copy Source SPD Selector to the Destination SPD
- Selector successfully.
-
-**/
-EFI_STATUS
-DuplicateSpdSelector (
- IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,
- IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,
- IN OUT UINTN *Size
- )
-{
- EFI_IPSEC_SPD_SELECTOR *Dst;
- EFI_IPSEC_SPD_SELECTOR *Src;
-
- Dst = &DstSel->SpdSelector;
- Src = &SrcSel->SpdSelector;
-
- if (Dst == NULL || Src == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Size != NULL && (*Size) < SIZE_OF_SPD_SELECTOR (Src)) {
- *Size = SIZE_OF_SPD_SELECTOR (Src);
- return EFI_BUFFER_TOO_SMALL;
- }
- //
- // Copy the base structure of SPD selector.
- //
- CopyMem (Dst, Src, sizeof (EFI_IPSEC_SPD_SELECTOR));
-
- //
- // Copy the local address array of SPD selector.
- //
- Dst->LocalAddress = (EFI_IP_ADDRESS_INFO *) (Dst + 1);
- CopyMem (
- Dst->LocalAddress,
- Src->LocalAddress,
- sizeof (EFI_IP_ADDRESS_INFO) * Dst->LocalAddressCount
- );
-
- //
- // Copy the remote address array of SPD selector.
- //
- Dst->RemoteAddress = Dst->LocalAddress + Dst->LocalAddressCount;
- CopyMem (
- Dst->RemoteAddress,
- Src->RemoteAddress,
- sizeof (EFI_IP_ADDRESS_INFO) * Dst->RemoteAddressCount
- );
-
- return EFI_SUCCESS;
-}
-
-/**
- Copy Source SA ID to the Destination SA ID.
-
- @param[in, out] DstSel Pointer of Destination SA ID.
- @param[in] SrcSel Pointer of Source SA ID.
- @param[in, out] Size The size of the Destination SA ID. If it
- not NULL and its value less than the size of
- Source SA ID, the value of Source SA ID's size
- will be passed to caller by this parameter.
-
- @retval EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.
- @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
- @retval EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.
-
-**/
-EFI_STATUS
-DuplicateSaId (
- IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,
- IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,
- IN OUT UINTN *Size
- )
-{
- EFI_IPSEC_SA_ID *Dst;
- EFI_IPSEC_SA_ID *Src;
-
- Dst = &DstSel->SaId;
- Src = &SrcSel->SaId;
-
- if (Dst == NULL || Src == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Size != NULL && *Size < sizeof (EFI_IPSEC_SA_ID)) {
- *Size = sizeof (EFI_IPSEC_SA_ID);
- return EFI_BUFFER_TOO_SMALL;
- }
-
- CopyMem (Dst, Src, sizeof (EFI_IPSEC_SA_ID));
-
- return EFI_SUCCESS;
-}
-
-/**
- Copy Source PAD ID to the Destination PAD ID.
-
- @param[in, out] DstSel Pointer of Destination PAD ID.
- @param[in] SrcSel Pointer of Source PAD ID.
- @param[in, out] Size The size of the Destination PAD ID. If it
- not NULL and its value less than the size of
- Source PAD ID, the value of Source PAD ID's size
- will be passed to caller by this parameter.
-
- @retval EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.
- @retval EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID .
- @retval EFI_SUCCESS Copy Source PAD ID to the Destination PAD ID successfully.
-
-**/
-EFI_STATUS
-DuplicatePadId (
- IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel,
- IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel,
- IN OUT UINTN *Size
- )
-{
- EFI_IPSEC_PAD_ID *Dst;
- EFI_IPSEC_PAD_ID *Src;
-
- Dst = &DstSel->PadId;
- Src = &SrcSel->PadId;
-
- if (Dst == NULL || Src == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (Size != NULL && *Size < sizeof (EFI_IPSEC_PAD_ID)) {
- *Size = sizeof (EFI_IPSEC_PAD_ID);
- return EFI_BUFFER_TOO_SMALL;
- }
-
- CopyMem (Dst, Src, sizeof (EFI_IPSEC_PAD_ID));
-
- return EFI_SUCCESS;
-}
-
-/**
- Fix the value of some members of SPD Selector.
-
- This function is called by IpSecCopyPolicyEntry()which copy the Policy
- Entry into the Variable. Since some members in SPD Selector are pointers,
- a physical address to relative address convertion is required before copying
- this SPD entry into the variable.
-
- @param[in] Selector Pointer of SPD Selector.
- @param[in, out] Data Pointer of SPD Data.
-
-**/
-VOID
-FixSpdEntry (
- IN EFI_IPSEC_SPD_SELECTOR *Selector,
- IN OUT EFI_IPSEC_SPD_DATA *Data
- )
-{
- //
- // It assumes that all ref buffers in SPD selector and data are
- // stored in the continous memory and close to the base structure.
- //
- FIX_REF_BUF_ADDR (Selector->LocalAddress, Selector);
- FIX_REF_BUF_ADDR (Selector->RemoteAddress, Selector);
-
- if (Data->ProcessingPolicy != NULL) {
- if (Data->ProcessingPolicy->TunnelOption != NULL) {
- FIX_REF_BUF_ADDR (Data->ProcessingPolicy->TunnelOption, Data);
- }
-
- FIX_REF_BUF_ADDR (Data->ProcessingPolicy, Data);
- }
-
-}
-
-/**
- Fix the value of some members of SA ID.
-
- This function is called by IpSecCopyPolicyEntry()which copy the Policy
- Entry into the Variable. Since some members in SA ID are pointers,
- a physical address to relative address conversion is required before copying
- this SAD into the variable.
-
- @param[in] SaId Pointer of SA ID
- @param[in, out] Data Pointer of SA Data.
-
-**/
-VOID
-FixSadEntry (
- IN EFI_IPSEC_SA_ID *SaId,
- IN OUT EFI_IPSEC_SA_DATA2 *Data
- )
-{
- //
- // It assumes that all ref buffers in SAD selector and data are
- // stored in the continous memory and close to the base structure.
- //
- if (Data->AlgoInfo.EspAlgoInfo.AuthKey != NULL) {
- FIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.AuthKey, Data);
- }
-
- if (SaId->Proto == EfiIPsecESP && Data->AlgoInfo.EspAlgoInfo.EncKey != NULL) {
- FIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.EncKey, Data);
- }
-
- if (Data->SpdSelector != NULL) {
- if (Data->SpdSelector->LocalAddress != NULL) {
- FIX_REF_BUF_ADDR (Data->SpdSelector->LocalAddress, Data);
- }
-
- FIX_REF_BUF_ADDR (Data->SpdSelector->RemoteAddress, Data);
- FIX_REF_BUF_ADDR (Data->SpdSelector, Data);
- }
-
-}
-
-/**
- Fix the value of some members of PAD ID.
-
- This function is called by IpSecCopyPolicyEntry()which copy the Policy
- Entry into the Variable. Since some members in PAD ID are pointers,
- a physical address to relative address conversion is required before copying
- this PAD into the variable.
-
- @param[in] PadId Pointer of PAD ID.
- @param[in, out] Data Pointer of PAD Data.
-
-**/
-VOID
-FixPadEntry (
- IN EFI_IPSEC_PAD_ID *PadId,
- IN OUT EFI_IPSEC_PAD_DATA *Data
- )
-{
- //
- // It assumes that all ref buffers in pad selector and data are
- // stored in the continous memory and close to the base structure.
- //
- if (Data->AuthData != NULL) {
- FIX_REF_BUF_ADDR (Data->AuthData, Data);
- }
-
- if (Data->RevocationData != NULL) {
- FIX_REF_BUF_ADDR (Data->RevocationData, Data);
- }
-
-}
-
-/**
- Recover the value of some members of SPD Selector.
-
- This function is corresponding to FixSpdEntry(). It recovers the value of members
- of SPD Selector that are fixed by FixSpdEntry().
-
- @param[in, out] Selector Pointer of SPD Selector.
- @param[in, out] Data Pointer of SPD Data.
-
-**/
-VOID
-UnfixSpdEntry (
- IN OUT EFI_IPSEC_SPD_SELECTOR *Selector,
- IN OUT EFI_IPSEC_SPD_DATA *Data
- )
-{
- //
- // It assumes that all ref buffers in SPD selector and data are
- // stored in the continous memory and close to the base structure.
- //
- UNFIX_REF_BUF_ADDR (Selector->LocalAddress, Selector);
- UNFIX_REF_BUF_ADDR (Selector->RemoteAddress, Selector);
-
- if (Data->ProcessingPolicy != NULL) {
- UNFIX_REF_BUF_ADDR (Data->ProcessingPolicy, Data);
- if (Data->ProcessingPolicy->TunnelOption != NULL) {
- UNFIX_REF_BUF_ADDR (Data->ProcessingPolicy->TunnelOption, Data);
- }
- }
-
-}
-
-/**
- Recover the value of some members of SA ID.
-
- This function is corresponding to FixSadEntry(). It recovers the value of members
- of SAD ID that are fixed by FixSadEntry().
-
- @param[in, out] SaId Pointer of SAD ID.
- @param[in, out] Data Pointer of SAD Data.
-
-**/
-VOID
-UnfixSadEntry (
- IN OUT EFI_IPSEC_SA_ID *SaId,
- IN OUT EFI_IPSEC_SA_DATA2 *Data
- )
-{
- //
- // It assumes that all ref buffers in SAD selector and data are
- // stored in the continous memory and close to the base structure.
- //
- if (Data->AlgoInfo.EspAlgoInfo.AuthKey != NULL) {
- UNFIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.AuthKey, Data);
- }
-
- if (SaId->Proto == EfiIPsecESP && Data->AlgoInfo.EspAlgoInfo.EncKey != NULL) {
- UNFIX_REF_BUF_ADDR (Data->AlgoInfo.EspAlgoInfo.EncKey, Data);
- }
-
- if (Data->SpdSelector != NULL) {
- UNFIX_REF_BUF_ADDR (Data->SpdSelector, Data);
- if (Data->SpdSelector->LocalAddress != NULL) {
- UNFIX_REF_BUF_ADDR (Data->SpdSelector->LocalAddress, Data);
- }
-
- UNFIX_REF_BUF_ADDR (Data->SpdSelector->RemoteAddress, Data);
- }
-
-}
-
-/**
- Recover the value of some members of PAD ID.
-
- This function is corresponding to FixPadEntry(). It recovers the value of members
- of PAD ID that are fixed by FixPadEntry().
-
- @param[in] PadId Pointer of PAD ID.
- @param[in, out] Data Pointer of PAD Data.
-
-**/
-VOID
-UnfixPadEntry (
- IN EFI_IPSEC_PAD_ID *PadId,
- IN OUT EFI_IPSEC_PAD_DATA *Data
- )
-{
- //
- // It assumes that all ref buffers in pad selector and data are
- // stored in the continous memory and close to the base structure.
- //
- if (Data->AuthData != NULL) {
- UNFIX_REF_BUF_ADDR (Data->AuthData, Data);
- }
-
- if (Data->RevocationData != NULL) {
- UNFIX_REF_BUF_ADDR (Data->RevocationData, Data);
- }
-
-}
-
-/**
- Set the security policy information for the EFI IPsec driver.
-
- The IPsec configuration data has a unique selector/identifier separately to
- identify a data entry.
-
- @param[in] Selector Pointer to an entry selector on operated
- configuration data specified by DataType.
- A NULL Selector causes the entire specified-type
- configuration information to be flushed.
- @param[in] Data The data buffer to be set. The structure
- of the data buffer should be EFI_IPSEC_SPD_DATA.
- @param[in] Context Pointer to one entry selector that describes
- the expected position the new data entry will
- be added. If Context is NULL, the new entry will
- be appended the end of database.
-
- @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
- - Selector is not NULL and its LocalAddress
- is NULL or its RemoteAddress is NULL.
- - Data is not NULL and its Action is Protected
- and its plolicy is NULL.
- - Data is not NULL, its Action is not protected,
- and its policy is not NULL.
- - The Action of Data is Protected, its policy
- mode is Tunnel, and its tunnel option is NULL.
- - The Action of Data is protected and its policy
- mode is not Tunnel and it tunnel option is not NULL.
- - SadEntry requied to be set into new SpdEntry's Sas has
- been found but it is invalid.
- @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
-
-**/
-EFI_STATUS
-SetSpdEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN VOID *Context OPTIONAL
- )
-{
- EFI_IPSEC_SPD_SELECTOR *SpdSel;
- EFI_IPSEC_SPD_DATA *SpdData;
- EFI_IPSEC_SPD_SELECTOR *InsertBefore;
- LIST_ENTRY *SpdList;
- LIST_ENTRY *SadList;
- LIST_ENTRY *SpdSas;
- LIST_ENTRY *EntryInsertBefore;
- LIST_ENTRY *Entry;
- LIST_ENTRY *Entry2;
- LIST_ENTRY *NextEntry;
- LIST_ENTRY *NextEntry2;
- IPSEC_SPD_ENTRY *SpdEntry;
- IPSEC_SAD_ENTRY *SadEntry;
- UINTN SpdEntrySize;
- UINTN Index;
-
- SpdSel = (Selector == NULL) ? NULL : &Selector->SpdSelector;
- SpdData = (Data == NULL) ? NULL : (EFI_IPSEC_SPD_DATA *) Data;
- InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->SpdSelector;
- SpdList = &mConfigData[IPsecConfigDataTypeSpd];
-
- if (SpdSel != NULL) {
- if (SpdSel->LocalAddress == NULL || SpdSel->RemoteAddress == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- }
-
- if (SpdData != NULL) {
- if ((SpdData->Action == EfiIPsecActionProtect && SpdData->ProcessingPolicy == NULL) ||
- (SpdData->Action != EfiIPsecActionProtect && SpdData->ProcessingPolicy != NULL)
- ) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (SpdData->Action == EfiIPsecActionProtect) {
- if ((SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel && SpdData->ProcessingPolicy->TunnelOption == NULL) ||
- (SpdData->ProcessingPolicy->Mode != EfiIPsecTunnel && SpdData->ProcessingPolicy->TunnelOption != NULL)
- ) {
- return EFI_INVALID_PARAMETER;
- }
- }
- }
- //
- // The default behavior is to insert the node ahead of the header.
- //
- EntryInsertBefore = SpdList;
-
- //
- // Remove the existed SPD entry.
- //
- NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, SpdList) {
-
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
-
- if (SpdSel == NULL ||
- CompareSpdSelector ((EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector, (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel)
- ) {
- //
- // Record the existed entry position to keep the original order.
- //
- EntryInsertBefore = SpdEntry->List.ForwardLink;
- RemoveEntryList (&SpdEntry->List);
-
- //
- // Update the reverse ref of SAD entry in the SPD.sas list.
- //
- SpdSas = &SpdEntry->Data->Sas;
-
- //
- // Remove the related SAs from Sas(SadEntry->BySpd). If the SA entry is established by
- // IKE, remove from mConfigData list(SadEntry->List) and then free it directly since its
- // SpdEntry will be freed later.
- //
- NET_LIST_FOR_EACH_SAFE (Entry2, NextEntry2, SpdSas) {
- SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry2);
-
- if (SadEntry->Data->SpdEntry != NULL) {
- RemoveEntryList (&SadEntry->BySpd);
- SadEntry->Data->SpdEntry = NULL;
- }
-
- if (!(SadEntry->Data->ManualSet)) {
- RemoveEntryList (&SadEntry->List);
- FreePool (SadEntry);
- }
- }
-
- //
- // Free the existed SPD entry
- //
- FreePool (SpdEntry);
- }
- }
- //
- // Return success here if only want to remove the SPD entry.
- //
- if (SpdData == NULL || SpdSel == NULL) {
- return EFI_SUCCESS;
- }
- //
- // Search the appointed entry position if InsertBefore is not NULL.
- //
- if (InsertBefore != NULL) {
-
- NET_LIST_FOR_EACH (Entry, SpdList) {
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
-
- if (CompareSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector,
- (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore
- )) {
- EntryInsertBefore = Entry;
- break;
- }
- }
- }
-
- //
- // Do Padding for the different Arch.
- //
- SpdEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SPD_ENTRY));
- SpdEntrySize = ALIGN_VARIABLE (SpdEntrySize + SIZE_OF_SPD_SELECTOR (SpdSel));
- SpdEntrySize += IpSecGetSizeOfEfiSpdData (SpdData);
-
- SpdEntry = AllocateZeroPool (SpdEntrySize);
-
- if (SpdEntry == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Fix the address of Selector and Data buffer and copy them, which is
- // continous memory and close to the base structure of SPD entry.
- //
- SpdEntry->Selector = (EFI_IPSEC_SPD_SELECTOR *) ALIGN_POINTER ((SpdEntry + 1), sizeof (UINTN));
- SpdEntry->Data = (IPSEC_SPD_DATA *) ALIGN_POINTER (
- ((UINT8 *) SpdEntry->Selector + SIZE_OF_SPD_SELECTOR (SpdSel)),
- sizeof (UINTN)
- );
-
- DuplicateSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,
- NULL
- );
-
- CopyMem (
- SpdEntry->Data->Name,
- SpdData->Name,
- sizeof (SpdData->Name)
- );
- SpdEntry->Data->PackageFlag = SpdData->PackageFlag;
- SpdEntry->Data->TrafficDirection = SpdData->TrafficDirection;
- SpdEntry->Data->Action = SpdData->Action;
-
- //
- // Fix the address of ProcessingPolicy and copy it if need, which is continous
- // memory and close to the base structure of SAD data.
- //
- if (SpdData->Action != EfiIPsecActionProtect) {
- SpdEntry->Data->ProcessingPolicy = NULL;
- } else {
- SpdEntry->Data->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ALIGN_POINTER (
- SpdEntry->Data + 1,
- sizeof (UINTN)
- );
- IpSecDuplicateProcessPolicy (SpdEntry->Data->ProcessingPolicy, SpdData->ProcessingPolicy);
- }
- //
- // Update the sas list of the new SPD entry.
- //
- InitializeListHead (&SpdEntry->Data->Sas);
-
- SadList = &mConfigData[IPsecConfigDataTypeSad];
-
- NET_LIST_FOR_EACH (Entry, SadList) {
- SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);
-
- for (Index = 0; Index < SpdData->SaIdCount; Index++) {
- if (CompareSaId (
- (EFI_IPSEC_CONFIG_SELECTOR *) &SpdData->SaId[Index],
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id
- )) {
- //
- // Check whether the found SadEntry is vaild.
- //
- if (IsSubSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
- )) {
- if (SadEntry->Data->SpdEntry != NULL) {
- RemoveEntryList (&SadEntry->BySpd);
- }
- InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);
- SadEntry->Data->SpdEntry = SpdEntry;
- } else {
- return EFI_INVALID_PARAMETER;
- }
- }
- }
- }
-
- //
- // Insert the new SPD entry.
- //
- InsertTailList (EntryInsertBefore, &SpdEntry->List);
-
- return EFI_SUCCESS;
-}
-
-/**
- Set the security association information for the EFI IPsec driver.
-
- The IPsec configuration data has a unique selector/identifier separately to
- identify a data entry.
-
- @param[in] Selector Pointer to an entry selector on operated
- configuration data specified by DataType.
- A NULL Selector causes the entire specified-type
- configuration information to be flushed.
- @param[in] Data The data buffer to be set. The structure
- of the data buffer should be EFI_IPSEC_SA_DATA.
- @param[in] Context Pointer to one entry selector which describes
- the expected position the new data entry will
- be added. If Context is NULL,the new entry will
- be appended the end of database.
-
- @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
-
-**/
-EFI_STATUS
-SetSadEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN VOID *Context OPTIONAL
- )
-{
- IPSEC_SAD_ENTRY *SadEntry;
- IPSEC_SPD_ENTRY *SpdEntry;
- LIST_ENTRY *Entry;
- LIST_ENTRY *NextEntry;
- LIST_ENTRY *SadList;
- LIST_ENTRY *SpdList;
- EFI_IPSEC_SA_ID *SaId;
- EFI_IPSEC_SA_DATA2 *SaData;
- EFI_IPSEC_SA_ID *InsertBefore;
- LIST_ENTRY *EntryInsertBefore;
- UINTN SadEntrySize;
-
- SaId = (Selector == NULL) ? NULL : &Selector->SaId;
- SaData = (Data == NULL) ? NULL : (EFI_IPSEC_SA_DATA2 *) Data;
- InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->SaId;
- SadList = &mConfigData[IPsecConfigDataTypeSad];
-
- //
- // The default behavior is to insert the node ahead of the header.
- //
- EntryInsertBefore = SadList;
-
- //
- // Remove the existed SAD entry.
- //
- NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, SadList) {
-
- SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);
-
- if (SaId == NULL ||
- CompareSaId (
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id,
- (EFI_IPSEC_CONFIG_SELECTOR *) SaId
- )) {
- //
- // Record the existed entry position to keep the original order.
- //
- EntryInsertBefore = SadEntry->List.ForwardLink;
-
- //
- // Update the related SAD.byspd field.
- //
- if (SadEntry->Data->SpdEntry != NULL) {
- RemoveEntryList (&SadEntry->BySpd);
- }
-
- RemoveEntryList (&SadEntry->List);
- FreePool (SadEntry);
- }
- }
- //
- // Return success here if only want to remove the SAD entry
- //
- if (SaData == NULL || SaId == NULL) {
- return EFI_SUCCESS;
- }
- //
- // Search the appointed entry position if InsertBefore is not NULL.
- //
- if (InsertBefore != NULL) {
-
- NET_LIST_FOR_EACH (Entry, SadList) {
- SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);
-
- if (CompareSaId (
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id,
- (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore
- )) {
- EntryInsertBefore = Entry;
- break;
- }
- }
- }
-
- //
- // Do Padding for different Arch.
- //
- SadEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_SAD_ENTRY));
- SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (EFI_IPSEC_SA_ID));
- SadEntrySize = ALIGN_VARIABLE (SadEntrySize + sizeof (IPSEC_SAD_DATA));
-
- if (SaId->Proto == EfiIPsecAH) {
- SadEntrySize += SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength;
- } else {
- SadEntrySize = ALIGN_VARIABLE (SadEntrySize + SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength);
- SadEntrySize += ALIGN_VARIABLE (SaData->AlgoInfo.EspAlgoInfo.EncKeyLength);
- }
-
- if (SaData->SpdSelector != NULL) {
- SadEntrySize += SadEntrySize + SIZE_OF_SPD_SELECTOR (SaData->SpdSelector);
- }
- SadEntry = AllocateZeroPool (SadEntrySize);
-
- if (SadEntry == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Fix the address of Id and Data buffer and copy them, which is
- // continous memory and close to the base structure of SAD entry.
- //
- SadEntry->Id = (EFI_IPSEC_SA_ID *) ALIGN_POINTER ((SadEntry + 1), sizeof (UINTN));
- SadEntry->Data = (IPSEC_SAD_DATA *) ALIGN_POINTER ((SadEntry->Id + 1), sizeof (UINTN));
-
- CopyMem (SadEntry->Id, SaId, sizeof (EFI_IPSEC_SA_ID));
-
- SadEntry->Data->Mode = SaData->Mode;
- SadEntry->Data->SequenceNumber = SaData->SNCount;
- SadEntry->Data->AntiReplayWindowSize = SaData->AntiReplayWindows;
-
- ZeroMem (
- &SadEntry->Data->AntiReplayBitmap,
- sizeof (SadEntry->Data->AntiReplayBitmap)
- );
-
- ZeroMem (
- &SadEntry->Data->AlgoInfo,
- sizeof (EFI_IPSEC_ALGO_INFO)
- );
-
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId = SaData->AlgoInfo.EspAlgoInfo.AuthAlgoId;
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength = SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength;
-
- if (SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength != 0) {
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SadEntry->Data + 1), sizeof (UINTN));
- CopyMem (
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey,
- SaData->AlgoInfo.EspAlgoInfo.AuthKey,
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength
- );
- }
-
- if (SaId->Proto == EfiIPsecESP) {
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId = SaData->AlgoInfo.EspAlgoInfo.EncAlgoId;
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength = SaData->AlgoInfo.EspAlgoInfo.EncKeyLength;
-
- if (SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength != 0) {
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
- ((UINT8 *) (SadEntry->Data + 1) +
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength),
- sizeof (UINTN)
- );
- CopyMem (
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey,
- SaData->AlgoInfo.EspAlgoInfo.EncKey,
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength
- );
- }
- }
-
- CopyMem (
- &SadEntry->Data->SaLifetime,
- &SaData->SaLifetime,
- sizeof (EFI_IPSEC_SA_LIFETIME)
- );
-
- SadEntry->Data->PathMTU = SaData->PathMTU;
- SadEntry->Data->SpdSelector = NULL;
- SadEntry->Data->ESNEnabled = FALSE;
- SadEntry->Data->ManualSet = SaData->ManualSet;
-
- //
- // Copy Tunnel Source/Destination Address
- //
- if (SaData->Mode == EfiIPsecTunnel) {
- CopyMem (
- &SadEntry->Data->TunnelDestAddress,
- &SaData->TunnelDestinationAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- CopyMem (
- &SadEntry->Data->TunnelSourceAddress,
- &SaData->TunnelSourceAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- }
- //
- // Update the spd.sas list of the spd entry specified by SAD selector
- //
- SpdList = &mConfigData[IPsecConfigDataTypeSpd];
-
- for (Entry = SpdList->ForwardLink; Entry != SpdList && SaData->SpdSelector != NULL; Entry = Entry->ForwardLink) {
-
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
- if (IsSubSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
- ) && SpdEntry->Data->Action == EfiIPsecActionProtect) {
- SadEntry->Data->SpdEntry = SpdEntry;
- SadEntry->Data->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *)((UINT8 *)SadEntry +
- SadEntrySize -
- SIZE_OF_SPD_SELECTOR (SaData->SpdSelector)
- );
- DuplicateSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,
- NULL
- );
- InsertTailList (&SpdEntry->Data->Sas, &SadEntry->BySpd);
- }
- }
- //
- // Insert the new SAD entry.
- //
- InsertTailList (EntryInsertBefore, &SadEntry->List);
-
- return EFI_SUCCESS;
-}
-
-/**
- Set the peer authorization configuration information for the EFI IPsec driver.
-
- The IPsec configuration data has a unique selector/identifier separately to
- identify a data entry.
-
- @param[in] Selector Pointer to an entry selector on operated
- configuration data specified by DataType.
- A NULL Selector causes the entire specified-type
- configuration information to be flushed.
- @param[in] Data The data buffer to be set. The structure
- of the data buffer should be EFI_IPSEC_PAD_DATA.
- @param[in] Context Pointer to one entry selector that describes
- the expected position the new data entry will
- be added. If Context is NULL, the new entry will
- be appended the end of database.
-
- @retval EFI_OUT_OF_RESOURCES The required system resources could not be allocated.
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
-
-**/
-EFI_STATUS
-SetPadEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN VOID *Context OPTIONAL
- )
-{
- IPSEC_PAD_ENTRY *PadEntry;
- EFI_IPSEC_PAD_ID *PadId;
- EFI_IPSEC_PAD_DATA *PadData;
- LIST_ENTRY *PadList;
- LIST_ENTRY *Entry;
- LIST_ENTRY *NextEntry;
- EFI_IPSEC_PAD_ID *InsertBefore;
- LIST_ENTRY *EntryInsertBefore;
- UINTN PadEntrySize;
-
- PadId = (Selector == NULL) ? NULL : &Selector->PadId;
- PadData = (Data == NULL) ? NULL : (EFI_IPSEC_PAD_DATA *) Data;
- InsertBefore = (Context == NULL) ? NULL : &((EFI_IPSEC_CONFIG_SELECTOR *) Context)->PadId;
- PadList = &mConfigData[IPsecConfigDataTypePad];
-
- //
- // The default behavior is to insert the node ahead of the header.
- //
- EntryInsertBefore = PadList;
-
- //
- // Remove the existed pad entry.
- //
- NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, PadList) {
-
- PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);
-
- if (PadId == NULL ||
- ComparePadId ((EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id, (EFI_IPSEC_CONFIG_SELECTOR *) PadId)
- ) {
- //
- // Record the existed entry position to keep the original order.
- //
- EntryInsertBefore = PadEntry->List.ForwardLink;
- RemoveEntryList (&PadEntry->List);
-
- FreePool (PadEntry);
- }
- }
- //
- // Return success here if only want to remove the pad entry
- //
- if (PadData == NULL || PadId == NULL) {
- return EFI_SUCCESS;
- }
- //
- // Search the appointed entry position if InsertBefore is not NULL.
- //
- if (InsertBefore != NULL) {
-
- NET_LIST_FOR_EACH (Entry, PadList) {
- PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);
-
- if (ComparePadId (
- (EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id,
- (EFI_IPSEC_CONFIG_SELECTOR *) InsertBefore
- )) {
- EntryInsertBefore = Entry;
- break;
- }
- }
- }
-
- //
- // Do PADDING for different arch.
- //
- PadEntrySize = ALIGN_VARIABLE (sizeof (IPSEC_PAD_ENTRY));
- PadEntrySize = ALIGN_VARIABLE (PadEntrySize + sizeof (EFI_IPSEC_PAD_ID));
- PadEntrySize = ALIGN_VARIABLE (PadEntrySize + sizeof (EFI_IPSEC_PAD_DATA));
- PadEntrySize = ALIGN_VARIABLE (PadEntrySize + (PadData->AuthData != NULL ? PadData->AuthDataSize : 0));
- PadEntrySize += PadData->RevocationData != NULL ? PadData->RevocationDataSize : 0;
-
- PadEntry = AllocateZeroPool (PadEntrySize);
-
- if (PadEntry == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Fix the address of Id and Data buffer and copy them, which is
- // continous memory and close to the base structure of pad entry.
- //
- PadEntry->Id = (EFI_IPSEC_PAD_ID *) ALIGN_POINTER ((PadEntry + 1), sizeof (UINTN));
- PadEntry->Data = (EFI_IPSEC_PAD_DATA *) ALIGN_POINTER ((PadEntry->Id + 1), sizeof (UINTN));
-
- CopyMem (PadEntry->Id, PadId, sizeof (EFI_IPSEC_PAD_ID));
-
- PadEntry->Data->AuthProtocol = PadData->AuthProtocol;
- PadEntry->Data->AuthMethod = PadData->AuthMethod;
- PadEntry->Data->IkeIdFlag = PadData->IkeIdFlag;
-
- if (PadData->AuthData != NULL) {
- PadEntry->Data->AuthDataSize = PadData->AuthDataSize;
- PadEntry->Data->AuthData = (VOID *) ALIGN_POINTER (PadEntry->Data + 1, sizeof (UINTN));
- CopyMem (
- PadEntry->Data->AuthData,
- PadData->AuthData,
- PadData->AuthDataSize
- );
- } else {
- PadEntry->Data->AuthDataSize = 0;
- PadEntry->Data->AuthData = NULL;
- }
-
- if (PadData->RevocationData != NULL) {
- PadEntry->Data->RevocationDataSize = PadData->RevocationDataSize;
- PadEntry->Data->RevocationData = (VOID *) ALIGN_POINTER (
- ((UINT8 *) (PadEntry->Data + 1) + PadData->AuthDataSize),
- sizeof (UINTN)
- );
- CopyMem (
- PadEntry->Data->RevocationData,
- PadData->RevocationData,
- PadData->RevocationDataSize
- );
- } else {
- PadEntry->Data->RevocationDataSize = 0;
- PadEntry->Data->RevocationData = NULL;
- }
- //
- // Insert the new pad entry.
- //
- InsertTailList (EntryInsertBefore, &PadEntry->List);
-
- return EFI_SUCCESS;
-}
-
-/**
- This function lookup the data entry from IPsec SPD. Return the configuration
- value of the specified SPD Entry.
-
- @param[in] Selector Pointer to an entry selector which is an identifier
- of the SPD entry.
- @param[in, out] DataSize On output the size of data returned in Data.
- @param[out] Data The buffer to return the contents of the IPsec
- configuration data. The type of the data buffer
- is associated with the DataType.
-
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
- @retval EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.
- @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
- updated with the size needed to complete the request.
-
-**/
-EFI_STATUS
-GetSpdEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- IPSEC_SPD_ENTRY *SpdEntry;
- IPSEC_SAD_ENTRY *SadEntry;
- EFI_IPSEC_SPD_SELECTOR *SpdSel;
- EFI_IPSEC_SPD_DATA *SpdData;
- LIST_ENTRY *SpdList;
- LIST_ENTRY *SpdSas;
- LIST_ENTRY *Entry;
- UINTN RequiredSize;
-
- SpdSel = &Selector->SpdSelector;
- SpdData = (EFI_IPSEC_SPD_DATA *) Data;
- SpdList = &mConfigData[IPsecConfigDataTypeSpd];
-
- NET_LIST_FOR_EACH (Entry, SpdList) {
- SpdEntry = IPSEC_SPD_ENTRY_FROM_LIST (Entry);
-
- //
- // Find the required SPD entry
- //
- if (CompareSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdSel,
- (EFI_IPSEC_CONFIG_SELECTOR *) SpdEntry->Selector
- )) {
-
- RequiredSize = IpSecGetSizeOfSpdData (SpdEntry->Data);
- if (*DataSize < RequiredSize) {
- *DataSize = RequiredSize;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- if (SpdData == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- *DataSize = RequiredSize;
-
- //
- // Extract and fill all SaId array from the SPD.sas list
- //
- SpdSas = &SpdEntry->Data->Sas;
- SpdData->SaIdCount = 0;
-
- NET_LIST_FOR_EACH (Entry, SpdSas) {
- SadEntry = IPSEC_SAD_ENTRY_FROM_SPD (Entry);
- CopyMem (
- &SpdData->SaId[SpdData->SaIdCount++],
- SadEntry->Id,
- sizeof (EFI_IPSEC_SA_ID)
- );
- }
- //
- // Fill the other fields in SPD data.
- //
- CopyMem (SpdData->Name, SpdEntry->Data->Name, sizeof (SpdData->Name));
-
- SpdData->PackageFlag = SpdEntry->Data->PackageFlag;
- SpdData->TrafficDirection = SpdEntry->Data->TrafficDirection;
- SpdData->Action = SpdEntry->Data->Action;
-
- if (SpdData->Action != EfiIPsecActionProtect) {
- SpdData->ProcessingPolicy = NULL;
- } else {
- SpdData->ProcessingPolicy = (EFI_IPSEC_PROCESS_POLICY *) ((UINT8 *) SpdData + sizeof (EFI_IPSEC_SPD_DATA) + (SpdData->SaIdCount - 1) * sizeof (EFI_IPSEC_SA_ID));
-
- IpSecDuplicateProcessPolicy (
- SpdData->ProcessingPolicy,
- SpdEntry->Data->ProcessingPolicy
- );
- }
-
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- This function lookup the data entry from IPsec SAD. Return the configuration
- value of the specified SAD Entry.
-
- @param[in] Selector Pointer to an entry selector which is an identifier
- of the SAD entry.
- @param[in, out] DataSize On output, the size of data returned in Data.
- @param[out] Data The buffer to return the contents of the IPsec
- configuration data. The type of the data buffer
- is associated with the DataType.
-
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
- @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
- updated with the size needed to complete the request.
-
-**/
-EFI_STATUS
-GetSadEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- IPSEC_SAD_ENTRY *SadEntry;
- LIST_ENTRY *Entry;
- LIST_ENTRY *SadList;
- EFI_IPSEC_SA_ID *SaId;
- EFI_IPSEC_SA_DATA2 *SaData;
- UINTN RequiredSize;
-
- SaId = &Selector->SaId;
- SaData = (EFI_IPSEC_SA_DATA2 *) Data;
- SadList = &mConfigData[IPsecConfigDataTypeSad];
-
- NET_LIST_FOR_EACH (Entry, SadList) {
- SadEntry = IPSEC_SAD_ENTRY_FROM_LIST (Entry);
-
- //
- // Find the required SAD entry.
- //
- if (CompareSaId (
- (EFI_IPSEC_CONFIG_SELECTOR *) SaId,
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Id
- )) {
- //
- // Calculate the required size of the SAD entry.
- // Data Layout is follows:
- // |EFI_IPSEC_SA_DATA
- // |AuthKey
- // |EncryptKey (Optional)
- // |SpdSelector (Optional)
- //
- RequiredSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
-
- if (SaId->Proto == EfiIPsecAH) {
- RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKeyLength);
- } else {
- RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
- RequiredSize = ALIGN_VARIABLE (RequiredSize + SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
- }
-
- if (SadEntry->Data->SpdSelector != NULL) {
- RequiredSize += SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector);
- }
-
- if (*DataSize < RequiredSize) {
- *DataSize = RequiredSize;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- //
- // Fill the data fields of SAD entry.
- //
- *DataSize = RequiredSize;
- SaData->Mode = SadEntry->Data->Mode;
- SaData->SNCount = SadEntry->Data->SequenceNumber;
- SaData->AntiReplayWindows = SadEntry->Data->AntiReplayWindowSize;
-
- CopyMem (
- &SaData->SaLifetime,
- &SadEntry->Data->SaLifetime,
- sizeof (EFI_IPSEC_SA_LIFETIME)
- );
-
- ZeroMem (
- &SaData->AlgoInfo,
- sizeof (EFI_IPSEC_ALGO_INFO)
- );
-
- if (SaId->Proto == EfiIPsecAH) {
- //
- // Copy AH alogrithm INFO to SaData
- //
- SaData->AlgoInfo.AhAlgoInfo.AuthAlgoId = SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthAlgoId;
- SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength = SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKeyLength;
- if (SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength != 0) {
- SaData->AlgoInfo.AhAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SaData + 1), sizeof (UINTN));
- CopyMem (
- SaData->AlgoInfo.AhAlgoInfo.AuthKey,
- SadEntry->Data->AlgoInfo.AhAlgoInfo.AuthKey,
- SaData->AlgoInfo.AhAlgoInfo.AuthKeyLength
- );
- }
- } else if (SaId->Proto == EfiIPsecESP) {
- //
- // Copy ESP alogrithem INFO to SaData
- //
- SaData->AlgoInfo.EspAlgoInfo.AuthAlgoId = SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthAlgoId;
- SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength = SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKeyLength;
- if (SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength != 0) {
- SaData->AlgoInfo.EspAlgoInfo.AuthKey = (VOID *) ALIGN_POINTER ((SaData + 1), sizeof (UINTN));
- CopyMem (
- SaData->AlgoInfo.EspAlgoInfo.AuthKey,
- SadEntry->Data->AlgoInfo.EspAlgoInfo.AuthKey,
- SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength
- );
- }
-
- SaData->AlgoInfo.EspAlgoInfo.EncAlgoId = SadEntry->Data->AlgoInfo.EspAlgoInfo.EncAlgoId;
- SaData->AlgoInfo.EspAlgoInfo.EncKeyLength = SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKeyLength;
-
- if (SaData->AlgoInfo.EspAlgoInfo.EncKeyLength != 0) {
- SaData->AlgoInfo.EspAlgoInfo.EncKey = (VOID *) ALIGN_POINTER (
- ((UINT8 *) (SaData + 1) +
- SaData->AlgoInfo.EspAlgoInfo.AuthKeyLength),
- sizeof (UINTN)
- );
- CopyMem (
- SaData->AlgoInfo.EspAlgoInfo.EncKey,
- SadEntry->Data->AlgoInfo.EspAlgoInfo.EncKey,
- SaData->AlgoInfo.EspAlgoInfo.EncKeyLength
- );
- }
- }
-
- SaData->PathMTU = SadEntry->Data->PathMTU;
-
- //
- // Fill Tunnel Address if it is Tunnel Mode
- //
- if (SadEntry->Data->Mode == EfiIPsecTunnel) {
- CopyMem (
- &SaData->TunnelDestinationAddress,
- &SadEntry->Data->TunnelDestAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- CopyMem (
- &SaData->TunnelSourceAddress,
- &SadEntry->Data->TunnelSourceAddress,
- sizeof (EFI_IP_ADDRESS)
- );
- }
- //
- // Fill the spd selector field of SAD data
- //
- if (SadEntry->Data->SpdSelector != NULL) {
-
- SaData->SpdSelector = (EFI_IPSEC_SPD_SELECTOR *) (
- (UINT8 *)SaData +
- RequiredSize -
- SIZE_OF_SPD_SELECTOR (SadEntry->Data->SpdSelector)
- );
-
- DuplicateSpdSelector (
- (EFI_IPSEC_CONFIG_SELECTOR *) SaData->SpdSelector,
- (EFI_IPSEC_CONFIG_SELECTOR *) SadEntry->Data->SpdSelector,
- NULL
- );
-
- } else {
-
- SaData->SpdSelector = NULL;
- }
-
- SaData->ManualSet = SadEntry->Data->ManualSet;
-
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- This function lookup the data entry from IPsec PAD. Return the configuration
- value of the specified PAD Entry.
-
- @param[in] Selector Pointer to an entry selector which is an identifier
- of the PAD entry.
- @param[in, out] DataSize On output the size of data returned in Data.
- @param[out] Data The buffer to return the contents of the IPsec
- configuration data. The type of the data buffer
- is associated with the DataType.
-
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
- @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
- updated with the size needed to complete the request.
-
-**/
-EFI_STATUS
-GetPadEntry (
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- IPSEC_PAD_ENTRY *PadEntry;
- LIST_ENTRY *PadList;
- LIST_ENTRY *Entry;
- EFI_IPSEC_PAD_ID *PadId;
- EFI_IPSEC_PAD_DATA *PadData;
- UINTN RequiredSize;
-
- PadId = &Selector->PadId;
- PadData = (EFI_IPSEC_PAD_DATA *) Data;
- PadList = &mConfigData[IPsecConfigDataTypePad];
-
- NET_LIST_FOR_EACH (Entry, PadList) {
- PadEntry = IPSEC_PAD_ENTRY_FROM_LIST (Entry);
-
- //
- // Find the required pad entry.
- //
- if (ComparePadId (
- (EFI_IPSEC_CONFIG_SELECTOR *) PadId,
- (EFI_IPSEC_CONFIG_SELECTOR *) PadEntry->Id
- )) {
- //
- // Calculate the required size of the pad entry.
- //
- RequiredSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_PAD_DATA));
- RequiredSize = ALIGN_VARIABLE (RequiredSize + PadEntry->Data->AuthDataSize);
- RequiredSize += PadEntry->Data->RevocationDataSize;
-
- if (*DataSize < RequiredSize) {
- *DataSize = RequiredSize;
- return EFI_BUFFER_TOO_SMALL;
- }
- //
- // Fill the data fields of pad entry
- //
- *DataSize = RequiredSize;
- PadData->AuthProtocol = PadEntry->Data->AuthProtocol;
- PadData->AuthMethod = PadEntry->Data->AuthMethod;
- PadData->IkeIdFlag = PadEntry->Data->IkeIdFlag;
-
- //
- // Copy Authentication data.
- //
- if (PadEntry->Data->AuthData != NULL) {
-
- PadData->AuthDataSize = PadEntry->Data->AuthDataSize;
- PadData->AuthData = (VOID *) ALIGN_POINTER ((PadData + 1), sizeof (UINTN));
- CopyMem (
- PadData->AuthData,
- PadEntry->Data->AuthData,
- PadData->AuthDataSize
- );
- } else {
-
- PadData->AuthDataSize = 0;
- PadData->AuthData = NULL;
- }
- //
- // Copy Revocation Data.
- //
- if (PadEntry->Data->RevocationData != NULL) {
-
- PadData->RevocationDataSize = PadEntry->Data->RevocationDataSize;
- PadData->RevocationData = (VOID *) ALIGN_POINTER (
- ((UINT8 *) (PadData + 1) + PadData->AuthDataSize),
- sizeof (UINTN)
- );
- CopyMem (
- PadData->RevocationData,
- PadEntry->Data->RevocationData,
- PadData->RevocationDataSize
- );
- } else {
-
- PadData->RevocationDataSize = 0;
- PadData->RevocationData = NULL;
- }
-
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- Copy Source Process Policy to the Destination Process Policy.
-
- @param[in] Dst Pointer to the Source Process Policy.
- @param[in] Src Pointer to the Destination Process Policy.
-
-**/
-VOID
-IpSecDuplicateProcessPolicy (
- IN EFI_IPSEC_PROCESS_POLICY *Dst,
- IN EFI_IPSEC_PROCESS_POLICY *Src
- )
-{
- //
- // Firstly copy the structure content itself.
- //
- CopyMem (Dst, Src, sizeof (EFI_IPSEC_PROCESS_POLICY));
-
- //
- // Recursively copy the tunnel option if needed.
- //
- if (Dst->Mode != EfiIPsecTunnel) {
- ASSERT (Dst->TunnelOption == NULL);
- } else {
- Dst->TunnelOption = (EFI_IPSEC_TUNNEL_OPTION *) ALIGN_POINTER ((Dst + 1), sizeof (UINTN));
- CopyMem (
- Dst->TunnelOption,
- Src->TunnelOption,
- sizeof (EFI_IPSEC_TUNNEL_OPTION)
- );
- }
-}
-
-/**
- Calculate the a whole size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed
- to by the pointer members.
-
- @param[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.
-
- @return the whole size the specified EFI_IPSEC_SPD_DATA.
-
-**/
-UINTN
-IpSecGetSizeOfEfiSpdData (
- IN EFI_IPSEC_SPD_DATA *SpdData
- )
-{
- UINTN Size;
-
- Size = ALIGN_VARIABLE (sizeof (IPSEC_SPD_DATA));
-
- if (SpdData->Action == EfiIPsecActionProtect) {
- Size = ALIGN_VARIABLE (Size + sizeof (EFI_IPSEC_PROCESS_POLICY));
-
- if (SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel) {
- Size = ALIGN_VARIABLE (Size + sizeof (EFI_IPSEC_TUNNEL_OPTION));
- }
- }
-
- return Size;
-}
-
-/**
- Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed
- to by the pointer members and the buffer size used by the Sa List.
-
- @param[in] SpdData Pointer to the specified IPSEC_SPD_DATA.
-
- @return the whole size of IPSEC_SPD_DATA.
-
-**/
-UINTN
-IpSecGetSizeOfSpdData (
- IN IPSEC_SPD_DATA *SpdData
- )
-{
- UINTN Size;
- LIST_ENTRY *Link;
-
- Size = sizeof (EFI_IPSEC_SPD_DATA) - sizeof (EFI_IPSEC_SA_ID);
-
- if (SpdData->Action == EfiIPsecActionProtect) {
- Size += sizeof (EFI_IPSEC_PROCESS_POLICY);
-
- if (SpdData->ProcessingPolicy->Mode == EfiIPsecTunnel) {
- Size += sizeof (EFI_IPSEC_TUNNEL_OPTION);
- }
- }
-
- NET_LIST_FOR_EACH (Link, &SpdData->Sas) {
- Size += sizeof (EFI_IPSEC_SA_ID);
- }
-
- return Size;
-}
-
-/**
- Get the IPsec Variable.
-
- Get the all variables which start with the string contained in VaraiableName.
- Since all IPsec related variable store in continual space, those kinds of
- variable can be searched by the EfiGetNextVariableName. Those variables also are
- returned in a continual buffer.
-
- @param[in] VariableName Pointer to a specified Variable Name.
- @param[in] VendorGuid Pointer to a specified Vendor Guid.
- @param[in] Attributes Point to memory location to return the attributes
- of variable. If the point is NULL, the parameter
- would be ignored.
- @param[in, out] DataSize As input, point to the maximum size of return
- Data-Buffer. As output, point to the actual
- size of the returned Data-Buffer.
- @param[in] Data Point to return Data-Buffer.
-
- @retval EFI_ABORTED If the Variable size which contained in the variable
- structure doesn't match the variable size obtained
- from the EFIGetVariable.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
- been updated with the size needed to complete the request.
- @retval EFI_SUCCESS The function completed successfully.
- @retval others Other errors found during the variable getting.
-**/
-EFI_STATUS
-IpSecGetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 *Attributes, OPTIONAL
- IN OUT UINTN *DataSize,
- IN VOID *Data
- )
-{
- EFI_STATUS Status;
- EFI_GUID VendorGuidI;
- UINTN VariableNameLength;
- CHAR16 *VariableNameI;
- UINTN VariableNameISize;
- UINTN VariableNameISizeNew;
- UINTN VariableIndex;
- UINTN VariableCount;
- IP_SEC_VARIABLE_INFO IpSecVariableInfo;
- UINTN DataSizeI;
-
- //
- // The variable name constructor is "VariableName + Info/0001/0002/... + NULL".
- // So the varialbe name is like "VariableNameInfo", "VariableName0001", ...
- // "VariableNameNULL".
- //
- VariableNameLength = StrLen (VariableName);
- VariableNameISize = (VariableNameLength + 5) * sizeof (CHAR16);
- VariableNameI = AllocateZeroPool (VariableNameISize);
- if (VariableNameI == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Construct the varible name of ipsecconfig meta data.
- //
- UnicodeSPrint (VariableNameI, VariableNameISize, L"%s%s", VariableName, L"Info");
-
- DataSizeI = sizeof (IpSecVariableInfo);
-
- Status = gRT->GetVariable (
- VariableNameI,
- VendorGuid,
- Attributes,
- &DataSizeI,
- &IpSecVariableInfo
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- if (*DataSize < IpSecVariableInfo.VariableSize) {
- *DataSize = IpSecVariableInfo.VariableSize;
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
-
- VariableCount = IpSecVariableInfo.VariableCount;
- VariableNameI[0] = L'\0';
-
- while (VariableCount != 0) {
- //
- // Get the variable name one by one in the variable database.
- //
- VariableNameISizeNew = VariableNameISize;
- Status = gRT->GetNextVariableName (
- &VariableNameISizeNew,
- VariableNameI,
- &VendorGuidI
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- VariableNameI = ReallocatePool (
- VariableNameISize,
- VariableNameISizeNew,
- VariableNameI
- );
- if (VariableNameI == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- break;
- }
- VariableNameISize = VariableNameISizeNew;
-
- Status = gRT->GetNextVariableName (
- &VariableNameISizeNew,
- VariableNameI,
- &VendorGuidI
- );
- }
-
- if (EFI_ERROR (Status)) {
- break;
- }
- //
- // Check whether the current variable is the required "ipsecconfig".
- //
- if (StrnCmp (VariableNameI, VariableName, VariableNameLength) == 0 ||
- CompareGuid (VendorGuid, &VendorGuidI)
- ) {
- //
- // Parse the variable count of the current ipsecconfig data.
- //
- VariableIndex = StrDecimalToUintn (VariableNameI + VariableNameLength);
- if (VariableIndex!= 0 && VariableIndex <= IpSecVariableInfo.VariableCount) {
- //
- // Get the variable size of the current ipsecconfig data.
- //
- DataSizeI = 0;
- Status = gRT->GetVariable (
- VariableNameI,
- VendorGuid,
- Attributes,
- &DataSizeI,
- NULL
- );
- ASSERT (Status == EFI_BUFFER_TOO_SMALL);
- //
- // Validate the variable count and variable size.
- //
- if (VariableIndex != IpSecVariableInfo.VariableCount) {
- //
- // If the varaibe is not the last one, its size should be the max
- // size of the single variable.
- //
- if (DataSizeI != IpSecVariableInfo.SingleVariableSize) {
- return EFI_ABORTED;
- }
- } else {
- if (DataSizeI != IpSecVariableInfo.VariableSize % IpSecVariableInfo.SingleVariableSize) {
- return EFI_ABORTED;
- }
- }
- //
- // Get the variable data of the current ipsecconfig data and
- // store it into user buffer continously.
- //
- Status = gRT->GetVariable (
- VariableNameI,
- VendorGuid,
- Attributes,
- &DataSizeI,
- (UINT8 *) Data + (VariableIndex - 1) * IpSecVariableInfo.SingleVariableSize
- );
- ASSERT_EFI_ERROR (Status);
- VariableCount--;
- }
- }
- }
- //
- // The VariableCount in "VariableNameInfo" varaible should have the correct
- // numbers of variables which name starts with VariableName.
- //
- if (VariableCount != 0) {
- Status = EFI_ABORTED;
- }
-
-ON_EXIT:
- if (VariableNameI != NULL) {
- FreePool (VariableNameI);
- }
- return Status;
-}
-
-/**
- Set the IPsec variables.
-
- Set all IPsec variables which start with the specified variable name. Those variables
- are set one by one.
-
- @param[in] VariableName The name of the vendor's variable. It is a
- Null-Terminated Unicode String.
- @param[in] VendorGuid Unify identifier for vendor.
- @param[in] Attributes Point to memory location to return the attributes of
- variable. If the point is NULL, the parameter would be ignored.
- @param[in] DataSize The size in bytes of Data-Buffer.
- @param[in] Data Points to the content of the variable.
-
- @retval EFI_SUCCESS The firmware successfully stored the variable and its data, as
- defined by the Attributes.
- @retval others Storing the variables failed.
-
-**/
-EFI_STATUS
-IpSecSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- EFI_STATUS Status;
- CHAR16 *VariableNameI;
- UINTN VariableNameSize;
- UINTN VariableIndex;
- IP_SEC_VARIABLE_INFO IpSecVariableInfo;
- UINT64 MaximumVariableStorageSize;
- UINT64 RemainingVariableStorageSize;
- UINT64 MaximumVariableSize;
-
- Status = gRT->QueryVariableInfo (
- Attributes,
- &MaximumVariableStorageSize,
- &RemainingVariableStorageSize,
- &MaximumVariableSize
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // "VariableName + Info/0001/0002/... + NULL"
- //
- VariableNameSize = (StrLen (VariableName) + 5) * sizeof (CHAR16);
- VariableNameI = AllocateZeroPool (VariableNameSize);
-
- if (VariableNameI == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
- //
- // Construct the variable of ipsecconfig general information. Like the total
- // numbers of the Ipsecconfig variables, the total size of all ipsecconfig variables.
- //
- UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%s", VariableName, L"Info");
- MaximumVariableSize -= VariableNameSize;
-
- IpSecVariableInfo.VariableCount = (UINT32) ((DataSize + (UINTN) MaximumVariableSize - 1) / (UINTN) MaximumVariableSize);
- IpSecVariableInfo.VariableSize = (UINT32) DataSize;
- IpSecVariableInfo.SingleVariableSize = (UINT32) MaximumVariableSize;
-
- //
- // Set the variable of ipsecconfig general information.
- //
- Status = gRT->SetVariable (
- VariableNameI,
- VendorGuid,
- Attributes,
- sizeof (IpSecVariableInfo),
- &IpSecVariableInfo
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Error set ipsecconfig meta data with %r\n", Status));
- goto ON_EXIT;
- }
-
- for (VariableIndex = 0; VariableIndex < IpSecVariableInfo.VariableCount; VariableIndex++) {
- //
- // Construct and set the variable of ipsecconfig data one by one.
- // The index of variable name begin from 0001, and the varaible name
- // likes "VariableName0001", "VaraiableName0002"....
- //
- UnicodeSPrint (VariableNameI, VariableNameSize, L"%s%04d", VariableName, VariableIndex + 1);
- Status = gRT->SetVariable (
- VariableNameI,
- VendorGuid,
- Attributes,
- (VariableIndex == IpSecVariableInfo.VariableCount - 1) ?
- (DataSize % (UINTN) MaximumVariableSize) :
- (UINTN) MaximumVariableSize,
- (UINT8 *) Data + VariableIndex * (UINTN) MaximumVariableSize
- );
-
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Error set ipsecconfig variable data with %r\n", Status));
- goto ON_EXIT;
- }
- }
-
-ON_EXIT:
- if (VariableNameI != NULL) {
- FreePool (VariableNameI);
- }
-
- return Status;
-}
-
-/**
- Return the configuration value for the EFI IPsec driver.
-
- This function lookup the data entry from IPsec database or IKEv2 configuration
- information. The expected data type and unique identification are described in
- DataType and Selector parameters.
-
- @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
- @param[in] DataType The type of data to retrieve.
- @param[in] Selector Pointer to an entry selector that is an identifier of the IPsec
- configuration data entry.
- @param[in, out] DataSize On output the size of data returned in Data.
- @param[out] Data The buffer to return the contents of the IPsec configuration data.
- The type of the data buffer associated with the DataType.
-
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
- @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
- - This is NULL.
- - Selector is NULL.
- - DataSize is NULL.
- - Data is NULL and *DataSize is not zero
- @retval EFI_NOT_FOUND The configuration data specified by Selector is not found.
- @retval EFI_UNSUPPORTED The specified DataType is not supported.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been
- updated with the size needed to complete the request.
-
-**/
-EFI_STATUS
-EFIAPI
-EfiIpSecConfigGetData (
- IN EFI_IPSEC_CONFIG_PROTOCOL *This,
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- if (This == NULL || Selector == NULL || DataSize == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (*DataSize != 0 && Data == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (DataType >= IPsecConfigDataTypeMaximum) {
- return EFI_UNSUPPORTED;
- }
-
- return mGetPolicyEntry[DataType](Selector, DataSize, Data);
-}
-
-/**
- Set the security association, security policy and peer authorization configuration
- information for the EFI IPsec driver.
-
- This function is used to set the IPsec configuration information of type DataType for
- the EFI IPsec driver.
- The IPsec configuration data has a unique selector/identifier separately to identify
- a data entry. The selector structure depends on DataType's definition.
- Using SetData() with a Data of NULL causes the IPsec configuration data entry identified
- by DataType and Selector to be deleted.
-
- @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
- @param[in] DataType The type of data to be set.
- @param[in] Selector Pointer to an entry selector on operated configuration data
- specified by DataType. A NULL Selector causes the entire
- specified-type configuration information to be flushed.
- @param[in] Data The data buffer to be set. The structure of the data buffer is
- associated with the DataType.
- @param[in] InsertBefore Pointer to one entry selector which describes the expected
- position the new data entry will be added. If InsertBefore is NULL,
- the new entry will be appended to the end of the database.
-
- @retval EFI_SUCCESS The specified configuration entry data was set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following are TRUE:
- - This is NULL.
- @retval EFI_UNSUPPORTED The specified DataType is not supported.
- @retval EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
-
-**/
-EFI_STATUS
-EFIAPI
-EfiIpSecConfigSetData (
- IN EFI_IPSEC_CONFIG_PROTOCOL *This,
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore OPTIONAL
- )
-{
- EFI_STATUS Status;
-
- if (This == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (DataType >= IPsecConfigDataTypeMaximum) {
- return EFI_UNSUPPORTED;
- }
-
- Status = mSetPolicyEntry[DataType](Selector, Data, InsertBefore);
-
- if (!EFI_ERROR (Status) && !mSetBySelf) {
- //
- // Save the updated config data into variable.
- //
- IpSecConfigSave ();
- }
-
- return Status;
-}
-
-/**
- Enumerates the current selector for IPsec configuration data entry.
-
- This function is called multiple times to retrieve the entry Selector in IPsec
- configuration database. On each call to GetNextSelector(), the next entry
- Selector are retrieved into the output interface.
-
- If the entire IPsec configuration database has been iterated, the error
- EFI_NOT_FOUND is returned.
- If the Selector buffer is too small for the next Selector copy, an
- EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect
- the size of buffer needed.
-
- On the initial call to GetNextSelector() to start the IPsec configuration database
- search, a pointer to the buffer with all zero value is passed in Selector. Calls
- to SetData() between calls to GetNextSelector may produce unpredictable results.
-
- @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
- @param[in] DataType The type of IPsec configuration data to retrieve.
- @param[in, out] SelectorSize The size of the Selector buffer.
- @param[in, out] Selector On input, supplies the pointer to last Selector that was
- returned by GetNextSelector().
- On output, returns one copy of the current entry Selector
- of a given DataType.
-
- @retval EFI_SUCCESS The specified configuration data was obtained successfully.
- @retval EFI_INVALID_PARAMETER One or more of the followings are TRUE:
- - This is NULL.
- - SelectorSize is NULL.
- - Selector is NULL.
- @retval EFI_NOT_FOUND The next configuration data entry was not found.
- @retval EFI_UNSUPPORTED The specified DataType is not supported.
- @retval EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter
- has been updated with the size needed to complete the search
- request.
-
-**/
-EFI_STATUS
-EFIAPI
-EfiIpSecConfigGetNextSelector (
- IN EFI_IPSEC_CONFIG_PROTOCOL *This,
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN OUT UINTN *SelectorSize,
- IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector
- )
-{
- LIST_ENTRY *Link;
- IPSEC_COMMON_POLICY_ENTRY *CommonEntry;
- BOOLEAN IsFound;
-
- if (This == NULL || Selector == NULL || SelectorSize == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (DataType >= IPsecConfigDataTypeMaximum) {
- return EFI_UNSUPPORTED;
- }
-
- IsFound = FALSE;
-
- NET_LIST_FOR_EACH (Link, &mConfigData[DataType]) {
- CommonEntry = BASE_CR (Link, IPSEC_COMMON_POLICY_ENTRY, List);
-
- if (IsFound || (BOOLEAN)(mIsZeroSelector[DataType](Selector))) {
- //
- // If found the appointed entry, then duplicate the next one and return,
- // or if the appointed entry is zero, then return the first one directly.
- //
- return mDuplicateSelector[DataType](Selector, CommonEntry->Selector, SelectorSize);
- } else {
- //
- // Set the flag if find the appointed entry.
- //
- IsFound = mCompareSelector[DataType](Selector, CommonEntry->Selector);
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- Register an event that is to be signaled whenever a configuration process on the
- specified IPsec configuration information is done.
-
- The register function is not surpport now and always returns EFI_UNSUPPORTED.
-
- @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
- @param[in] DataType The type of data to be registered the event for.
- @param[in] Event The event to be registered.
-
- @retval EFI_SUCCESS The event is registered successfully.
- @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
- @retval EFI_ACCESS_DENIED The Event is already registered for the DataType.
- @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
- DataType is not supported.
-
-**/
-EFI_STATUS
-EFIAPI
-EfiIpSecConfigRegisterNotify (
- IN EFI_IPSEC_CONFIG_PROTOCOL *This,
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN EFI_EVENT Event
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Remove the specified event that was previously registered on the specified IPsec
- configuration data.
-
- This function is not support now and alwasy return EFI_UNSUPPORTED.
-
- @param[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
- @param[in] DataType The configuration data type to remove the registered event for.
- @param[in] Event The event to be unregistered.
-
- @retval EFI_SUCCESS The event was removed successfully.
- @retval EFI_NOT_FOUND The Event specified by DataType could not be found in the
- database.
- @retval EFI_INVALID_PARAMETER This is NULL or Event is NULL.
- @retval EFI_UNSUPPORTED The notify registration is unsupported, or the specified
- DataType is not supported.
-
-**/
-EFI_STATUS
-EFIAPI
-EfiIpSecConfigUnregisterNotify (
- IN EFI_IPSEC_CONFIG_PROTOCOL *This,
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN EFI_EVENT Event
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.
-
- This function is a caller defined function, and it is called by the IpSecVisitConfigData().
- The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to
- copy all types of IPsec Config datas into one buffer and store this buffer into firmware in
- the form of several variables.
-
- @param[in] Type A specified IPSEC_CONFIG_DATA_TYPE.
- @param[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied
- to the buffer.
- @param[in] Data Points to data to be copied to the buffer. The
- Data type is related to the Type.
- @param[in] SelectorSize The size of the Selector.
- @param[in] DataSize The size of the Data.
- @param[in, out] Buffer The buffer to store the Selector and Data.
-
- @retval EFI_SUCCESS Copy the Selector and Data to a buffer successfully.
- @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
-
-**/
-EFI_STATUS
-IpSecCopyPolicyEntry (
- IN EFI_IPSEC_CONFIG_DATA_TYPE Type,
- IN EFI_IPSEC_CONFIG_SELECTOR *Selector,
- IN VOID *Data,
- IN UINTN SelectorSize,
- IN UINTN DataSize,
- IN OUT IPSEC_VARIABLE_BUFFER *Buffer
- )
-{
- IPSEC_VAR_ITEM_HEADER SelectorHeader;
- IPSEC_VAR_ITEM_HEADER DataHeader;
- UINTN EntrySize;
- UINT8 *TempPoint;
-
- if (Type == IPsecConfigDataTypeSad) {
- //
- // Don't save automatically-generated SA entry into variable.
- //
- if (((EFI_IPSEC_SA_DATA2 *) Data)->ManualSet == FALSE) {
- return EFI_SUCCESS;
- }
- }
- //
- // Increase the capacity size of the buffer if needed.
- //
- EntrySize = ALIGN_VARIABLE (sizeof (SelectorHeader));
- EntrySize = ALIGN_VARIABLE (EntrySize + SelectorSize);
- EntrySize = ALIGN_VARIABLE (EntrySize + sizeof (SelectorHeader));
- EntrySize = ALIGN_VARIABLE (EntrySize + DataSize);
-
- //EntrySize = SelectorSize + DataSize + 2 * sizeof (SelectorHeader);
- if (Buffer->Capacity - Buffer->Size < EntrySize) {
- //
- // Calculate the required buffer
- //
- Buffer->Capacity += EntrySize;
- TempPoint = AllocatePool (Buffer->Capacity);
-
- if (TempPoint == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Copy the old Buffer to new buffer and free the old one.
- //
- CopyMem (TempPoint, Buffer->Ptr, Buffer->Size);
- FreePool (Buffer->Ptr);
-
- Buffer->Ptr = TempPoint;
- }
-
- mFixPolicyEntry[Type](Selector, Data);
-
- //
- // Fill the selector header and copy it into buffer.
- //
- SelectorHeader.Type = (UINT8) (Type | IPSEC_VAR_ITEM_HEADER_LOGO_BIT);
- SelectorHeader.Size = (UINT16) SelectorSize;
-
- CopyMem (
- Buffer->Ptr + Buffer->Size,
- &SelectorHeader,
- sizeof (SelectorHeader)
- );
- Buffer->Size = ALIGN_VARIABLE (Buffer->Size + sizeof (SelectorHeader));
-
- //
- // Copy the selector into buffer.
- //
- CopyMem (
- Buffer->Ptr + Buffer->Size,
- Selector,
- SelectorSize
- );
- Buffer->Size = ALIGN_VARIABLE (Buffer->Size + SelectorSize);
-
- //
- // Fill the data header and copy it into buffer.
- //
- DataHeader.Type = (UINT8) Type;
- DataHeader.Size = (UINT16) DataSize;
-
- CopyMem (
- Buffer->Ptr + Buffer->Size,
- &DataHeader,
- sizeof (DataHeader)
- );
- Buffer->Size = ALIGN_VARIABLE (Buffer->Size + sizeof (DataHeader));
- //
- // Copy the data into buffer.
- //
- CopyMem (
- Buffer->Ptr + Buffer->Size,
- Data,
- DataSize
- );
- Buffer->Size = ALIGN_VARIABLE (Buffer->Size + DataSize);
-
- mUnfixPolicyEntry[Type](Selector, Data);
-
- return EFI_SUCCESS;
-}
-
-/**
- Visit all IPsec Configurations of specified Type and call the caller defined
- interface.
-
- @param[in] DataType The specified IPsec Config Data Type.
- @param[in] Routine The function defined by the caller.
- @param[in] Context The data passed to the Routine.
-
- @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
- @retval EFI_SUCCESS This function completed successfully.
-
-**/
-EFI_STATUS
-IpSecVisitConfigData (
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
- IN IPSEC_COPY_POLICY_ENTRY Routine,
- IN VOID *Context
- )
-{
- EFI_STATUS GetNextStatus;
- EFI_STATUS GetDataStatus;
- EFI_STATUS RoutineStatus;
- EFI_IPSEC_CONFIG_SELECTOR *Selector;
- VOID *Data;
- UINTN SelectorSize;
- UINTN DataSize;
- UINTN SelectorBufferSize;
- UINTN DataBufferSize;
- BOOLEAN FirstGetNext;
-
- FirstGetNext = TRUE;
- DataBufferSize = 0;
- Data = NULL;
- SelectorBufferSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
- Selector = AllocateZeroPool (SelectorBufferSize);
-
- if (Selector == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- while (TRUE) {
- //
- // Get the real size of the selector.
- //
- SelectorSize = SelectorBufferSize;
- GetNextStatus = EfiIpSecConfigGetNextSelector (
- &mIpSecConfigInstance,
- DataType,
- &SelectorSize,
- Selector
- );
- if (GetNextStatus == EFI_BUFFER_TOO_SMALL) {
- FreePool (Selector);
- SelectorBufferSize = SelectorSize;
- //
- // Allocate zero pool for the first selector, while store the last
- // selector content for the other selectors.
- //
- if (FirstGetNext) {
- Selector = AllocateZeroPool (SelectorBufferSize);
- } else {
- Selector = AllocateCopyPool (SelectorBufferSize, Selector);
- }
-
- if (Selector == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Get the content of the selector.
- //
- GetNextStatus = EfiIpSecConfigGetNextSelector (
- &mIpSecConfigInstance,
- DataType,
- &SelectorSize,
- Selector
- );
- }
-
- if (EFI_ERROR (GetNextStatus)) {
- break;
- }
-
- FirstGetNext = FALSE;
-
- //
- // Get the real size of the policy entry according to the selector.
- //
- DataSize = DataBufferSize;
- GetDataStatus = EfiIpSecConfigGetData (
- &mIpSecConfigInstance,
- DataType,
- Selector,
- &DataSize,
- Data
- );
- if (GetDataStatus == EFI_BUFFER_TOO_SMALL) {
- if (Data != NULL) {
- FreePool (Data);
- }
-
- DataBufferSize = DataSize;
- Data = AllocateZeroPool (DataBufferSize);
-
- if (Data == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Get the content of the policy entry according to the selector.
- //
- GetDataStatus = EfiIpSecConfigGetData (
- &mIpSecConfigInstance,
- DataType,
- Selector,
- &DataSize,
- Data
- );
- }
-
- if (EFI_ERROR (GetDataStatus)) {
- break;
- }
- //
- // Prepare the buffer of updated policy entry, which is stored in
- // the continous memory, and then save into variable later.
- //
- RoutineStatus = Routine (
- DataType,
- Selector,
- Data,
- SelectorSize,
- DataSize,
- Context
- );
- if (EFI_ERROR (RoutineStatus)) {
- break;
- }
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (Selector != NULL) {
- FreePool (Selector);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This function is the subfunction of EFIIpSecConfigSetData.
-
- This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.
-
- @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
- @retval EFI_SUCCESS Saved the configration successfully.
- @retval Others Other errors were found while obtaining the variable.
-
-**/
-EFI_STATUS
-IpSecConfigSave (
- VOID
- )
-{
- IPSEC_VARIABLE_BUFFER Buffer;
- EFI_STATUS Status;
- EFI_IPSEC_CONFIG_DATA_TYPE Type;
-
- Buffer.Size = 0;
- Buffer.Capacity = IPSEC_DEFAULT_VARIABLE_SIZE;
- Buffer.Ptr = AllocateZeroPool (Buffer.Capacity);
-
- if (Buffer.Ptr == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // For each policy database, prepare the contious buffer to save into variable.
- //
- for (Type = IPsecConfigDataTypeSpd; Type < IPsecConfigDataTypeMaximum; Type++) {
- IpSecVisitConfigData (
- Type,
- (IPSEC_COPY_POLICY_ENTRY) IpSecCopyPolicyEntry,
- &Buffer
- );
- }
- //
- // Save the updated policy database into variable.
- //
- Status = IpSecSetVariable (
- IPSECCONFIG_VARIABLE_NAME,
- &gEfiIpSecConfigProtocolGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- Buffer.Size,
- Buffer.Ptr
- );
-
- FreePool (Buffer.Ptr);
-
- return Status;
-}
-
-/**
- Get the all IPSec configuration variables and store those variables
- to the internal data structure.
-
- This founction is called by IpSecConfigInitialize() which is to intialize the
- IPsecConfiguration Protocol.
-
- @param[in] Private Point to IPSEC_PRIVATE_DATA.
-
- @retval EFI_OUT_OF_RESOURCES The required system resource could not be allocated
- @retval EFI_SUCCESS Restore the IPsec Configuration successfully.
- @retval others Other errors is found while obtaining the variable.
-
-**/
-EFI_STATUS
-IpSecConfigRestore (
- IN IPSEC_PRIVATE_DATA *Private
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
- UINT8 *Buffer;
- IPSEC_VAR_ITEM_HEADER *Header;
- UINT8 *Ptr;
- EFI_IPSEC_CONFIG_SELECTOR *Selector;
- EFI_IPSEC_CONFIG_DATA_TYPE Type;
- VOID *Data;
- UINT8 Value;
- UINTN Size;
-
- Value = 0;
- Size = sizeof (Value);
- BufferSize = 0;
- Buffer = NULL;
-
- Status = gRT->GetVariable (
- IPSECCONFIG_STATUS_NAME,
- &gEfiIpSecConfigProtocolGuid,
- NULL,
- &Size,
- &Value
- );
-
- if (!EFI_ERROR (Status) && Value == IPSEC_STATUS_ENABLED) {
- Private->IpSec.DisabledFlag = FALSE;
- }
- //
- // Get the real size of policy database in variable.
- //
- Status = IpSecGetVariable (
- IPSECCONFIG_VARIABLE_NAME,
- &gEfiIpSecConfigProtocolGuid,
- NULL,
- &BufferSize,
- Buffer
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
-
- Buffer = AllocateZeroPool (BufferSize);
- if (Buffer == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- //
- // Get the content of policy database in variable.
- //
- Status = IpSecGetVariable (
- IPSECCONFIG_VARIABLE_NAME,
- &gEfiIpSecConfigProtocolGuid,
- NULL,
- &BufferSize,
- Buffer
- );
- if (EFI_ERROR (Status)) {
- FreePool (Buffer);
- return Status;
- }
-
- for (Ptr = Buffer; Ptr < Buffer + BufferSize;) {
-
- Header = (IPSEC_VAR_ITEM_HEADER *) Ptr;
- Type = (EFI_IPSEC_CONFIG_DATA_TYPE) (Header->Type & IPSEC_VAR_ITEM_HEADER_CONTENT_BIT);
- ASSERT (((Header->Type & 0x80) == IPSEC_VAR_ITEM_HEADER_LOGO_BIT) && (Type < IPsecConfigDataTypeMaximum));
-
- Selector = (EFI_IPSEC_CONFIG_SELECTOR *) ALIGN_POINTER (Header + 1, sizeof (UINTN));
- Header = (IPSEC_VAR_ITEM_HEADER *) ALIGN_POINTER (
- (UINT8 *) Selector + Header->Size,
- sizeof (UINTN)
- );
- ASSERT (Header->Type == Type);
-
- Data = ALIGN_POINTER (Header + 1, sizeof (UINTN));
-
- mUnfixPolicyEntry[Type](Selector, Data);
-
- //
- // Update each policy entry according to the content in variable.
- //
- mSetBySelf = TRUE;
- Status = EfiIpSecConfigSetData (
- &Private->IpSecConfig,
- Type,
- Selector,
- Data,
- NULL
- );
- mSetBySelf = FALSE;
-
- if (EFI_ERROR (Status)) {
- FreePool (Buffer);
- return Status;
- }
-
- Ptr = ALIGN_POINTER ((UINT8 *) Data + Header->Size, sizeof (UINTN));
- }
-
- FreePool (Buffer);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Install and Initialize IPsecConfig protocol
-
- @param[in, out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish,
- the pointer of IPsecConfig Protocol implementation will copy
- into its IPsecConfig member.
-
- @retval EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.
- @retval Others Initializing the IPsecConfig Protocol failed.
-**/
-EFI_STATUS
-IpSecConfigInitialize (
- IN OUT IPSEC_PRIVATE_DATA *Private
- )
-{
- EFI_IPSEC_CONFIG_DATA_TYPE Type;
-
- CopyMem (
- &Private->IpSecConfig,
- &mIpSecConfigInstance,
- sizeof (EFI_IPSEC_CONFIG_PROTOCOL)
- );
-
- //
- // Initialize the list head of policy database.
- //
- for (Type = IPsecConfigDataTypeSpd; Type < IPsecConfigDataTypeMaximum; Type++) {
- InitializeListHead (&mConfigData[Type]);
- }
- //
- // Restore the content of policy database according to the variable.
- //
- IpSecConfigRestore (Private);
-
- return gBS->InstallMultipleProtocolInterfaces (
- &Private->Handle,
- &gEfiIpSecConfigProtocolGuid,
- &Private->IpSecConfig,
- NULL
- );
-}
|