NetworkPkg/IpSecDxe/IpSecConfigImpl.c File Reference


Functions

EFI_STATUS IpSecConfigRestore (IN IPSEC_PRIVATE_DATA *Private)
BOOLEAN IsInAddressInfoList (IN EFI_IP_ADDRESS_INFO *AddressInfo, IN EFI_IP_ADDRESS_INFO *AddressInfoList, IN UINT32 AddressCount)
BOOLEAN CompareSpdSelector (IN EFI_IPSEC_CONFIG_SELECTOR *Selector1, IN EFI_IPSEC_CONFIG_SELECTOR *Selector2)
BOOLEAN IsSubSpdSelector (IN EFI_IPSEC_CONFIG_SELECTOR *Selector1, IN EFI_IPSEC_CONFIG_SELECTOR *Selector2)
BOOLEAN CompareSaId (IN EFI_IPSEC_CONFIG_SELECTOR *Selector1, IN EFI_IPSEC_CONFIG_SELECTOR *Selector2)
BOOLEAN ComparePadId (IN EFI_IPSEC_CONFIG_SELECTOR *Selector1, IN EFI_IPSEC_CONFIG_SELECTOR *Selector2)
BOOLEAN IsZeroSpdSelector (IN EFI_IPSEC_CONFIG_SELECTOR *Selector)
BOOLEAN IsZeroSaId (IN EFI_IPSEC_CONFIG_SELECTOR *Selector)
BOOLEAN IsZeroPadId (IN EFI_IPSEC_CONFIG_SELECTOR *Selector)
EFI_STATUS DuplicateSpdSelector (IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel, IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel, IN OUT UINTN *Size)
EFI_STATUS DuplicateSaId (IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel, IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel, IN OUT UINTN *Size)
EFI_STATUS DuplicatePadId (IN OUT EFI_IPSEC_CONFIG_SELECTOR *DstSel, IN EFI_IPSEC_CONFIG_SELECTOR *SrcSel, IN OUT UINTN *Size)
VOID FixSpdEntry (IN EFI_IPSEC_SPD_SELECTOR *Selector, IN OUT EFI_IPSEC_SPD_DATA *Data)
VOID FixSadEntry (IN EFI_IPSEC_SA_ID *SaId, IN OUT EFI_IPSEC_SA_DATA2 *Data)
VOID FixPadEntry (IN EFI_IPSEC_PAD_ID *PadId, IN OUT EFI_IPSEC_PAD_DATA *Data)
VOID UnfixSpdEntry (IN OUT EFI_IPSEC_SPD_SELECTOR *Selector, IN OUT EFI_IPSEC_SPD_DATA *Data)
VOID UnfixSadEntry (IN OUT EFI_IPSEC_SA_ID *SaId, IN OUT EFI_IPSEC_SA_DATA2 *Data)
VOID UnfixPadEntry (IN EFI_IPSEC_PAD_ID *PadId, IN OUT EFI_IPSEC_PAD_DATA *Data)
EFI_STATUS SetSpdEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN VOID *Context)
EFI_STATUS SetSadEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN VOID *Context)
EFI_STATUS SetPadEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN VOID *Context)
EFI_STATUS GetSpdEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)
EFI_STATUS GetSadEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)
EFI_STATUS GetPadEntry (IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)
VOID IpSecDuplicateProcessPolicy (IN EFI_IPSEC_PROCESS_POLICY *Dst, IN EFI_IPSEC_PROCESS_POLICY *Src)
UINTN IpSecGetSizeOfEfiSpdData (IN EFI_IPSEC_SPD_DATA *SpdData)
UINTN IpSecGetSizeOfSpdData (IN IPSEC_SPD_DATA *SpdData)
EFI_STATUS IpSecGetVariable (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN UINT32 *Attributes, IN OUT UINTN *DataSize, IN VOID *Data)
EFI_STATUS IpSecSetVariable (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN UINT32 Attributes, IN UINTN DataSize, IN VOID *Data)
EFI_STATUS EFIAPI EfiIpSecConfigGetData (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN OUT UINTN *DataSize, OUT VOID *Data)
EFI_STATUS EFIAPI EfiIpSecConfigSetData (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN EFI_IPSEC_CONFIG_SELECTOR *InsertBefore)
EFI_STATUS EFIAPI EfiIpSecConfigGetNextSelector (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN OUT UINTN *SelectorSize, IN OUT EFI_IPSEC_CONFIG_SELECTOR *Selector)
EFI_STATUS EFIAPI EfiIpSecConfigRegisterNotify (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event)
EFI_STATUS EFIAPI EfiIpSecConfigUnregisterNotify (IN EFI_IPSEC_CONFIG_PROTOCOL *This, IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN EFI_EVENT Event)
EFI_STATUS IpSecCopyPolicyEntry (IN EFI_IPSEC_CONFIG_DATA_TYPE Type, IN EFI_IPSEC_CONFIG_SELECTOR *Selector, IN VOID *Data, IN UINTN SelectorSize, IN UINTN DataSize, IN OUT IPSEC_VARIABLE_BUFFER *Buffer)
EFI_STATUS IpSecVisitConfigData (IN EFI_IPSEC_CONFIG_DATA_TYPE DataType, IN IPSEC_COPY_POLICY_ENTRY Routine, IN VOID *Context)
EFI_STATUS IpSecConfigSave (VOID)
EFI_STATUS IpSecConfigInitialize (IN OUT IPSEC_PRIVATE_DATA *Private)

Variables

LIST_ENTRY mConfigData [IPsecConfigDataTypeMaximum]
BOOLEAN mSetBySelf = FALSE
IPSEC_COMPARE_SELECTOR mCompareSelector []
IPSEC_IS_ZERO_SELECTOR mIsZeroSelector []
IPSEC_DUPLICATE_SELECTOR mDuplicateSelector []
IPSEC_FIX_POLICY_ENTRY mFixPolicyEntry []
IPSEC_FIX_POLICY_ENTRY mUnfixPolicyEntry []
IPSEC_SET_POLICY_ENTRY mSetPolicyEntry []
IPSEC_GET_POLICY_ENTRY mGetPolicyEntry []
EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance

Detailed Description

The implementation of IPSEC_CONFIG_PROTOCOL.

Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

BOOLEAN ComparePadId ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector1,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector2 
)

Compare two PAD IDs.

Parameters:
[in] Selector1 Pointer of first PAD ID.
[in] Selector2 Pointer of second PAD ID.
Return values:
TRUE This two Selectors have the same PAD ID.
FALSE This two Selecotrs don't have the same PAD ID.

Referenced by GetPadEntry(), and SetPadEntry().

BOOLEAN CompareSaId ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector1,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector2 
)

Compare two SA IDs.

Parameters:
[in] Selector1 Pointer of first SA ID.
[in] Selector2 Pointer of second SA ID.
Return values:
TRUE This two Selectors have the same SA ID.
FALSE This two Selecotrs don't have the same SA ID.

Referenced by GetSadEntry(), SetSadEntry(), and SetSpdEntry().

BOOLEAN CompareSpdSelector ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector1,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector2 
)

Compare two SPD Selectors.

Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/ NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the Local Addresses and remote Addresses.

Parameters:
[in] Selector1 Pointer of first SPD Selector.
[in] Selector2 Pointer of second SPD Selector.
Return values:
TRUE This two Selector have the same value in above fields.
FALSE Not all above fields have the same value in these two Selectors.

References IsInAddressInfoList().

Referenced by GetSpdEntry(), IkeSearchSpdEntry(), and SetSpdEntry().

EFI_STATUS DuplicatePadId ( IN OUT EFI_IPSEC_CONFIG_SELECTOR *  DstSel,
IN EFI_IPSEC_CONFIG_SELECTOR *  SrcSel,
IN OUT UINTN *  Size 
)

Copy Source PAD ID to the Destination PAD ID.

Parameters:
[in,out] DstSel Pointer of Destination PAD ID.
[in] SrcSel Pointer of Source PAD ID.
[in,out] Size The size of the Destination PAD ID. If it not NULL and its value less than the size of Source PAD ID, the value of Source PAD ID's size will be passed to caller by this parameter.
Return values:
EFI_INVALID_PARAMETER If the Destination or Source PAD ID is NULL.
EFI_BUFFER_TOO_SMALL If the input Size less than size of source PAD ID .
EFI_SUCCESS Copy Source PAD ID to the Destination PAD ID successfully.

EFI_STATUS DuplicateSaId ( IN OUT EFI_IPSEC_CONFIG_SELECTOR *  DstSel,
IN EFI_IPSEC_CONFIG_SELECTOR *  SrcSel,
IN OUT UINTN *  Size 
)

Copy Source SA ID to the Destination SA ID.

Parameters:
[in,out] DstSel Pointer of Destination SA ID.
[in] SrcSel Pointer of Source SA ID.
[in,out] Size The size of the Destination SA ID. If it not NULL and its value less than the size of Source SA ID, the value of Source SA ID's size will be passed to caller by this parameter.
Return values:
EFI_INVALID_PARAMETER If the Destination or Source SA ID is NULL.
EFI_BUFFER_TOO_SMALL If the input Size less than size of source SA ID.
EFI_SUCCESS Copy Source SA ID to the Destination SA ID successfully.

EFI_STATUS DuplicateSpdSelector ( IN OUT EFI_IPSEC_CONFIG_SELECTOR *  DstSel,
IN EFI_IPSEC_CONFIG_SELECTOR *  SrcSel,
IN OUT UINTN *  Size 
)

Copy Source SPD Selector to the Destination SPD Selector.

Parameters:
[in,out] DstSel Pointer of Destination SPD Selector.
[in] SrcSel Pointer of Source SPD Selector.
[in,out] Size The size of the Destination SPD Selector. If it not NULL and its value less than the size of Source SPD Selector, the value of Source SPD Selector's size will be passed to caller by this parameter.
Return values:
EFI_INVALID_PARAMETER If the Destination or Source SPD Selector is NULL
EFI_BUFFER_TOO_SMALL If the input Size is less than size of the Source SPD Selector.
EFI_SUCCESS Copy Source SPD Selector to the Destination SPD Selector successfully.

References SIZE_OF_SPD_SELECTOR.

Referenced by GetSadEntry(), SetSadEntry(), and SetSpdEntry().

EFI_STATUS EFIAPI EfiIpSecConfigGetData ( IN EFI_IPSEC_CONFIG_PROTOCOL *  This,
IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN OUT UINTN *  DataSize,
OUT VOID *  Data 
)

Return the configuration value for the EFI IPsec driver.

This function lookup the data entry from IPsec database or IKEv2 configuration information. The expected data type and unique identification are described in DataType and Selector parameters.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to retrieve.
[in] Selector Pointer to an entry selector that is an identifier of the IPsec configuration data entry.
[in,out] DataSize On output the size of data returned in Data.
[out] Data The buffer to return the contents of the IPsec configuration data. The type of the data buffer associated with the DataType.
Return values:
EFI_SUCCESS The specified configuration data was obtained successfully.
EFI_INVALID_PARAMETER One or more of the followings are TRUE:
  • This is NULL.
  • Selector is NULL.
  • DataSize is NULL.
  • Data is NULL and *DataSize is not zero
EFI_NOT_FOUND The configuration data specified by Selector is not found.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.

Referenced by IpSecVisitConfigData().

EFI_STATUS EFIAPI EfiIpSecConfigGetNextSelector ( IN EFI_IPSEC_CONFIG_PROTOCOL *  This,
IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN OUT UINTN *  SelectorSize,
IN OUT EFI_IPSEC_CONFIG_SELECTOR *  Selector 
)

Enumerates the current selector for IPsec configuration data entry.

This function is called multiple times to retrieve the entry Selector in IPsec configuration database. On each call to GetNextSelector(), the next entry Selector are retrieved into the output interface.

If the entire IPsec configuration database has been iterated, the error EFI_NOT_FOUND is returned. If the Selector buffer is too small for the next Selector copy, an EFI_BUFFER_TOO_SMALL error is returned, and SelectorSize is updated to reflect the size of buffer needed.

On the initial call to GetNextSelector() to start the IPsec configuration database search, a pointer to the buffer with all zero value is passed in Selector. Calls to SetData() between calls to GetNextSelector may produce unpredictable results.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of IPsec configuration data to retrieve.
[in,out] SelectorSize The size of the Selector buffer.
[in,out] Selector On input, supplies the pointer to last Selector that was returned by GetNextSelector(). On output, returns one copy of the current entry Selector of a given DataType.
Return values:
EFI_SUCCESS The specified configuration data was obtained successfully.
EFI_INVALID_PARAMETER One or more of the followings are TRUE:
  • This is NULL.
  • SelectorSize is NULL.
  • Selector is NULL.
EFI_NOT_FOUND The next configuration data entry was not found.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_BUFFER_TOO_SMALL The SelectorSize is too small for the result. This parameter has been updated with the size needed to complete the search request.

References mCompareSelector, mConfigData, and IPSEC_COMMON_POLICY_ENTRY::Selector.

Referenced by Ikev2ChildSaSilentDelete(), and IpSecVisitConfigData().

EFI_STATUS EFIAPI EfiIpSecConfigRegisterNotify ( IN EFI_IPSEC_CONFIG_PROTOCOL *  This,
IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN EFI_EVENT  Event 
)

Register an event that is to be signaled whenever a configuration process on the specified IPsec configuration information is done.

The register function is not surpport now and always returns EFI_UNSUPPORTED.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to be registered the event for.
[in] Event The event to be registered.
Return values:
EFI_SUCCESS The event is registered successfully.
EFI_INVALID_PARAMETER This is NULL or Event is NULL.
EFI_ACCESS_DENIED The Event is already registered for the DataType.
EFI_UNSUPPORTED The notify registration is unsupported, or the specified DataType is not supported.

EFI_STATUS EFIAPI EfiIpSecConfigSetData ( IN EFI_IPSEC_CONFIG_PROTOCOL *  This,
IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN EFI_IPSEC_CONFIG_SELECTOR *  InsertBefore 
)

Set the security association, security policy and peer authorization configuration information for the EFI IPsec driver.

This function is used to set the IPsec configuration information of type DataType for the EFI IPsec driver. The IPsec configuration data has a unique selector/identifier separately to identify a data entry. The selector structure depends on DataType's definition. Using SetData() with a Data of NULL causes the IPsec configuration data entry identified by DataType and Selector to be deleted.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The type of data to be set.
[in] Selector Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed.
[in] Data The data buffer to be set. The structure of the data buffer is associated with the DataType.
[in] InsertBefore Pointer to one entry selector which describes the expected position the new data entry will be added. If InsertBefore is NULL, the new entry will be appended to the end of the database.
Return values:
EFI_SUCCESS The specified configuration entry data was set successfully.
EFI_INVALID_PARAMETER One or more of the following are TRUE:
  • This is NULL.
EFI_UNSUPPORTED The specified DataType is not supported.
EFI_OUT_OF_RESOURCED The required system resource could not be allocated.

References IpSecConfigSave(), and mSetBySelf.

Referenced by Ikev2ChildSaSilentDelete(), Ikev2StoreSaData(), and IpSecConfigRestore().

EFI_STATUS EFIAPI EfiIpSecConfigUnregisterNotify ( IN EFI_IPSEC_CONFIG_PROTOCOL *  This,
IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN EFI_EVENT  Event 
)

Remove the specified event that was previously registered on the specified IPsec configuration data.

This function is not support now and alwasy return EFI_UNSUPPORTED.

Parameters:
[in] This Pointer to the EFI_IPSEC_CONFIG_PROTOCOL instance.
[in] DataType The configuration data type to remove the registered event for.
[in] Event The event to be unregistered.
Return values:
EFI_SUCCESS The event was removed successfully.
EFI_NOT_FOUND The Event specified by DataType could not be found in the database.
EFI_INVALID_PARAMETER This is NULL or Event is NULL.
EFI_UNSUPPORTED The notify registration is unsupported, or the specified DataType is not supported.

VOID FixPadEntry ( IN EFI_IPSEC_PAD_ID *  PadId,
IN OUT EFI_IPSEC_PAD_DATA *  Data 
)

Fix the value of some members of PAD ID.

This function is called by IpSecCopyPolicyEntry()which copy the Policy Entry into the Variable. Since some members in PAD ID are pointers, a physical address to relative address conversion is required before copying this PAD into the variable.

Parameters:
[in] PadId Pointer of PAD ID.
[in,out] Data Pointer of PAD Data.

References FIX_REF_BUF_ADDR.

VOID FixSadEntry ( IN EFI_IPSEC_SA_ID *  SaId,
IN OUT EFI_IPSEC_SA_DATA2 *  Data 
)

Fix the value of some members of SA ID.

This function is called by IpSecCopyPolicyEntry()which copy the Policy Entry into the Variable. Since some members in SA ID are pointers, a physical address to relative address conversion is required before copying this SAD into the variable.

Parameters:
[in] SaId Pointer of SA ID
[in,out] Data Pointer of SA Data.

References FIX_REF_BUF_ADDR.

VOID FixSpdEntry ( IN EFI_IPSEC_SPD_SELECTOR *  Selector,
IN OUT EFI_IPSEC_SPD_DATA *  Data 
)

Fix the value of some members of SPD Selector.

This function is called by IpSecCopyPolicyEntry()which copy the Policy Entry into the Variable. Since some members in SPD Selector are pointers, a physical address to relative address convertion is required before copying this SPD entry into the variable.

Parameters:
[in] Selector Pointer of SPD Selector.
[in,out] Data Pointer of SPD Data.

References FIX_REF_BUF_ADDR.

EFI_STATUS GetPadEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN OUT UINTN *  DataSize,
OUT VOID *  Data 
)

This function lookup the data entry from IPsec PAD. Return the configuration value of the specified PAD Entry.

Parameters:
[in] Selector Pointer to an entry selector which is an identifier of the PAD entry.
[in,out] DataSize On output the size of data returned in Data.
[out] Data The buffer to return the contents of the IPsec configuration data. The type of the data buffer is associated with the DataType.
Return values:
EFI_SUCCESS The specified configuration data was obtained successfully.
EFI_NOT_FOUND The configuration data specified by Selector is not found.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.

References ComparePadId(), _IPSEC_PAD_ENTRY::Data, _IPSEC_PAD_ENTRY::Id, IPSEC_PAD_ENTRY_FROM_LIST, and mConfigData.

EFI_STATUS GetSadEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN OUT UINTN *  DataSize,
OUT VOID *  Data 
)

This function lookup the data entry from IPsec SAD. Return the configuration value of the specified SAD Entry.

Parameters:
[in] Selector Pointer to an entry selector which is an identifier of the SAD entry.
[in,out] DataSize On output, the size of data returned in Data.
[out] Data The buffer to return the contents of the IPsec configuration data. The type of the data buffer is associated with the DataType.
Return values:
EFI_SUCCESS The specified configuration data was obtained successfully.
EFI_NOT_FOUND The configuration data specified by Selector is not found.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.

References _IPSEC_SAD_DATA::AlgoInfo, _IPSEC_SAD_DATA::AntiReplayWindowSize, CompareSaId(), _IPSEC_SAD_ENTRY::Data, DuplicateSpdSelector(), _IPSEC_SAD_ENTRY::Id, IPSEC_SAD_ENTRY_FROM_LIST, _IPSEC_SAD_DATA::ManualSet, mConfigData, _IPSEC_SAD_DATA::Mode, _IPSEC_SAD_DATA::PathMTU, _IPSEC_SAD_DATA::SaLifetime, _IPSEC_SAD_DATA::SequenceNumber, SIZE_OF_SPD_SELECTOR, _IPSEC_SAD_DATA::SpdSelector, _IPSEC_SAD_DATA::TunnelDestAddress, and _IPSEC_SAD_DATA::TunnelSourceAddress.

EFI_STATUS GetSpdEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN OUT UINTN *  DataSize,
OUT VOID *  Data 
)

This function lookup the data entry from IPsec SPD. Return the configuration value of the specified SPD Entry.

Parameters:
[in] Selector Pointer to an entry selector which is an identifier of the SPD entry.
[in,out] DataSize On output the size of data returned in Data.
[out] Data The buffer to return the contents of the IPsec configuration data. The type of the data buffer is associated with the DataType.
Return values:
EFI_SUCCESS The specified configuration data was obtained successfully.
EFI_INVALID_PARAMETER Data is NULL and *DataSize is not zero.
EFI_NOT_FOUND The configuration data specified by Selector is not found.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.

References _IPSEC_SPD_DATA::Action, CompareSpdSelector(), _IPSEC_SPD_ENTRY::Data, _IPSEC_SAD_ENTRY::Id, IPSEC_SAD_ENTRY_FROM_SPD, IPSEC_SPD_ENTRY_FROM_LIST, IpSecDuplicateProcessPolicy(), IpSecGetSizeOfSpdData(), mConfigData, _IPSEC_SPD_DATA::Name, _IPSEC_SPD_DATA::PackageFlag, _IPSEC_SPD_DATA::ProcessingPolicy, _IPSEC_SPD_DATA::Sas, _IPSEC_SPD_ENTRY::Selector, and _IPSEC_SPD_DATA::TrafficDirection.

EFI_STATUS IpSecConfigInitialize ( IN OUT IPSEC_PRIVATE_DATA Private  ) 

Install and Initialize IPsecConfig protocol

Parameters:
[in,out] Private Pointer to IPSEC_PRIVATE_DATA. After this function finish, the pointer of IPsecConfig Protocol implementation will copy into its IPsecConfig member.
Return values:
EFI_SUCCESS Initialized the IPsecConfig Protocol successfully.
Others Initializing the IPsecConfig Protocol failed.

References IpSecConfigRestore(), and mConfigData.

Referenced by IpSecDriverEntryPoint().

EFI_STATUS IpSecConfigRestore ( IN IPSEC_PRIVATE_DATA Private  ) 

Get the all IPSec configuration variables and store those variables to the internal data structure.

This founction is called by IpSecConfigInitialize() that is to intialize the IPsecConfiguration Protocol.

Parameters:
[in] Private Point to IPSEC_PRIVATE_DATA.
Return values:
EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
EFI_SUCCESS Restore the IPsec Configuration successfully.
others Other errors is found during the variable getting.
Get the all IPSec configuration variables and store those variables to the internal data structure.

This founction is called by IpSecConfigInitialize() which is to intialize the IPsecConfiguration Protocol.

Parameters:
[in] Private Point to IPSEC_PRIVATE_DATA.
Return values:
EFI_OUT_OF_RESOURCES The required system resource could not be allocated
EFI_SUCCESS Restore the IPsec Configuration successfully.
others Other errors is found while obtaining the variable.

References EfiIpSecConfigSetData(), IPSEC_STATUS_ENABLED, IPSEC_VAR_ITEM_HEADER_CONTENT_BIT, IPSEC_VAR_ITEM_HEADER_LOGO_BIT, IPSECCONFIG_STATUS_NAME, IPSECCONFIG_VARIABLE_NAME, IpSecGetVariable(), mSetBySelf, IPSEC_VAR_ITEM_HEADER::Size, and IPSEC_VAR_ITEM_HEADER::Type.

Referenced by IpSecConfigInitialize().

EFI_STATUS IpSecConfigSave ( VOID   ) 

This function is the subfunction of EFIIpSecConfigSetData.

This function call IpSecSetVaraible to set the IPsec Configuration into the firmware.

Return values:
EFI_OUT_OF_RESOURCES The required system resource could not be allocated.
EFI_SUCCESS Saved the configration successfully.
Others Other errors were found while obtaining the variable.

References IPSEC_VARIABLE_BUFFER::Capacity, IPSEC_DEFAULT_VARIABLE_SIZE, IPSECCONFIG_VARIABLE_NAME, IpSecCopyPolicyEntry(), IpSecSetVariable(), IpSecVisitConfigData(), IPSEC_VARIABLE_BUFFER::Ptr, and IPSEC_VARIABLE_BUFFER::Size.

Referenced by EfiIpSecConfigSetData().

EFI_STATUS IpSecCopyPolicyEntry ( IN EFI_IPSEC_CONFIG_DATA_TYPE  Type,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN UINTN  SelectorSize,
IN UINTN  DataSize,
IN OUT IPSEC_VARIABLE_BUFFER Buffer 
)

Copy whole data in specified EFI_SIPEC_CONFIG_SELECTOR and the Data to a buffer.

This function is a caller defined function, and it is called by the IpSecVisitConfigData(). The orignal caller is IpSecConfigSave(), which calls the IpsecVisitConfigData() to copy all types of IPsec Config datas into one buffer and store this buffer into firmware in the form of several variables.

Parameters:
[in] Type A specified IPSEC_CONFIG_DATA_TYPE.
[in] Selector Points to a EFI_IPSEC_CONFIG_SELECTOR to be copied to the buffer.
[in] Data Points to data to be copied to the buffer. The Data type is related to the Type.
[in] SelectorSize The size of the Selector.
[in] DataSize The size of the Data.
[in,out] Buffer The buffer to store the Selector and Data.
Return values:
EFI_SUCCESS Copy the Selector and Data to a buffer successfully.
EFI_OUT_OF_RESOURCES The required system resource could not be allocated.

References IPSEC_VAR_ITEM_HEADER_LOGO_BIT, IPSEC_VAR_ITEM_HEADER::Size, and IPSEC_VAR_ITEM_HEADER::Type.

Referenced by IpSecConfigSave().

VOID IpSecDuplicateProcessPolicy ( IN EFI_IPSEC_PROCESS_POLICY *  Dst,
IN EFI_IPSEC_PROCESS_POLICY *  Src 
)

Copy Source Process Policy to the Destination Process Policy.

Parameters:
[in] Dst Pointer to the Source Process Policy.
[in] Src Pointer to the Destination Process Policy.

Referenced by GetSpdEntry(), and SetSpdEntry().

UINTN IpSecGetSizeOfEfiSpdData ( IN EFI_IPSEC_SPD_DATA *  SpdData  ) 

Calculate the a whole size of EFI_IPSEC_SPD_DATA, which includes the buffer size pointed to by the pointer members.

Parameters:
[in] SpdData Pointer to a specified EFI_IPSEC_SPD_DATA.
Returns:
the whole size the specified EFI_IPSEC_SPD_DATA.

Referenced by SetSpdEntry().

UINTN IpSecGetSizeOfSpdData ( IN IPSEC_SPD_DATA SpdData  ) 

Calculate the a whole size of IPSEC_SPD_DATA which includes the buffer size pointed to by the pointer members and the buffer size used by the Sa List.

Parameters:
[in] SpdData Pointer to the specified IPSEC_SPD_DATA.
Returns:
the whole size of IPSEC_SPD_DATA.

Referenced by GetSpdEntry().

EFI_STATUS IpSecGetVariable ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN UINT32 *  Attributes,
IN OUT UINTN *  DataSize,
IN VOID *  Data 
)

Get the IPsec Variable.

Get the all variables which start with the string contained in VaraiableName. Since all IPsec related variable store in continual space, those kinds of variable can be searched by the EfiGetNextVariableName. Those variables also are returned in a continual buffer.

Parameters:
[in] VariableName Pointer to a specified Variable Name.
[in] VendorGuid Pointer to a specified Vendor Guid.
[in] Attributes Point to memory location to return the attributes of variable. If the point is NULL, the parameter would be ignored.
[in,out] DataSize As input, point to the maximum size of return Data-Buffer. As output, point to the actual size of the returned Data-Buffer.
[in] Data Point to return Data-Buffer.
Return values:
EFI_ABORTED If the Variable size which contained in the variable structure doesn't match the variable size obtained from the EFIGetVariable.
EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has been updated with the size needed to complete the request.
EFI_SUCCESS The function completed successfully.
others Other errors found during the variable getting.

References IP_SEC_VARIABLE_INFO::SingleVariableSize, IP_SEC_VARIABLE_INFO::VariableCount, and IP_SEC_VARIABLE_INFO::VariableSize.

Referenced by IpSecConfigRestore().

EFI_STATUS IpSecSetVariable ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN UINT32  Attributes,
IN UINTN  DataSize,
IN VOID *  Data 
)

Set the IPsec variables.

Set all IPsec variables which start with the specified variable name. Those variables are set one by one.

Parameters:
[in] VariableName The name of the vendor's variable. It is a Null-Terminated Unicode String.
[in] VendorGuid Unify identifier for vendor.
[in] Attributes Point to memory location to return the attributes of variable. If the point is NULL, the parameter would be ignored.
[in] DataSize The size in bytes of Data-Buffer.
[in] Data Points to the content of the variable.
Return values:
EFI_SUCCESS The firmware successfully stored the variable and its data, as defined by the Attributes.
others Storing the variables failed.

References IP_SEC_VARIABLE_INFO::SingleVariableSize, IP_SEC_VARIABLE_INFO::VariableCount, and IP_SEC_VARIABLE_INFO::VariableSize.

Referenced by IpSecConfigSave().

EFI_STATUS IpSecVisitConfigData ( IN EFI_IPSEC_CONFIG_DATA_TYPE  DataType,
IN IPSEC_COPY_POLICY_ENTRY  Routine,
IN VOID *  Context 
)

Visit all IPsec Configurations of specified Type and call the caller defined interface.

Parameters:
[in] DataType The specified IPsec Config Data Type.
[in] Routine The function defined by the caller.
[in] Context The data passed to the Routine.
Return values:
EFI_OUT_OF_RESOURCES The required system resource could not be allocated
EFI_SUCCESS This function completed successfully.

References EfiIpSecConfigGetData(), and EfiIpSecConfigGetNextSelector().

Referenced by Ikev2ChildSaAssociateSpdEntry(), and IpSecConfigSave().

BOOLEAN IsInAddressInfoList ( IN EFI_IP_ADDRESS_INFO *  AddressInfo,
IN EFI_IP_ADDRESS_INFO *  AddressInfoList,
IN UINT32  AddressCount 
)

Check if the specified EFI_IP_ADDRESS_INFO is in EFI_IP_ADDRESS_INFO list.

Parameters:
[in] AddressInfo Pointer of IP_ADDRESS_INFO to be search in AddressInfo list.
[in] AddressInfoList A list that contains IP_ADDRESS_INFOs.
[in] AddressCount Point out how many IP_ADDRESS_INFO in the list.
Return values:
TRUE The specified AddressInfo is in the AddressInfoList.
FALSE The specified AddressInfo is not in the AddressInfoList.

Referenced by CompareSpdSelector(), and IsSubSpdSelector().

BOOLEAN IsSubSpdSelector ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector1,
IN EFI_IPSEC_CONFIG_SELECTOR *  Selector2 
)

Find if the two SPD Selectors has subordinative.

Compare two SPD Selector by the fields of LocalAddressCount/RemoteAddressCount/ NextLayerProtocol/LocalPort/LocalPortRange/RemotePort/RemotePortRange and the Local Addresses and remote Addresses.

Parameters:
[in] Selector1 Pointer of first SPD Selector.
[in] Selector2 Pointer of second SPD Selector.
Return values:
TRUE The first SPD Selector is subordinate Selector of second SPD Selector.
FALSE The first SPD Selector is not subordinate Selector of second SPD Selector.

References IsInAddressInfoList().

Referenced by IpSecProcess(), and SetSadEntry().

BOOLEAN IsZeroPadId ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector  ) 

Check if the PAD ID is Zero.

Parameters:
[in] Selector Pointer of the PAD ID.
Return values:
TRUE If the PAD ID is Zero.
FALSE If the PAD ID is not Zero.

BOOLEAN IsZeroSaId ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector  ) 

Check if the SA ID is Zero by its DestAddress.

Parameters:
[in] Selector Pointer of the SA ID.
Return values:
TRUE If the SA ID is Zero.
FALSE If the SA ID is not Zero.

BOOLEAN IsZeroSpdSelector ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector  ) 

Check if the SPD Selector is Zero by its LocalAddressCount and RemoteAddressCount fields.

Parameters:
[in] Selector Pointer of the SPD Selector.
Return values:
TRUE If the SPD Selector is Zero.
FALSE If the SPD Selector is not Zero.

EFI_STATUS SetPadEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN VOID *  Context 
)

Set the peer authorization configuration information for the EFI IPsec driver.

The IPsec configuration data has a unique selector/identifier separately to identify a data entry.

Parameters:
[in] Selector Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed.
[in] Data The data buffer to be set. The structure of the data buffer should be EFI_IPSEC_PAD_DATA.
[in] Context Pointer to one entry selector that describes the expected position the new data entry will be added. If Context is NULL, the new entry will be appended the end of database.
Return values:
EFI_OUT_OF_RESOURCES The required system resources could not be allocated.
EFI_SUCCESS The specified configuration data was obtained successfully.

References ComparePadId(), _IPSEC_PAD_ENTRY::Data, _IPSEC_PAD_ENTRY::Id, IPSEC_PAD_ENTRY_FROM_LIST, _IPSEC_PAD_ENTRY::List, and mConfigData.

EFI_STATUS SetSadEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN VOID *  Context 
)

Set the security association information for the EFI IPsec driver.

The IPsec configuration data has a unique selector/identifier separately to identify a data entry.

Parameters:
[in] Selector Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed.
[in] Data The data buffer to be set. The structure of the data buffer should be EFI_IPSEC_SA_DATA.
[in] Context Pointer to one entry selector which describes the expected position the new data entry will be added. If Context is NULL,the new entry will be appended the end of database.
Return values:
EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
EFI_SUCCESS The specified configuration data was obtained successfully.

References _IPSEC_SPD_DATA::Action, _IPSEC_SAD_DATA::AlgoInfo, _IPSEC_SAD_DATA::AntiReplayBitmap, _IPSEC_SAD_DATA::AntiReplayWindowSize, _IPSEC_SAD_ENTRY::BySpd, CompareSaId(), _IPSEC_SPD_ENTRY::Data, _IPSEC_SAD_ENTRY::Data, DuplicateSpdSelector(), _IPSEC_SAD_DATA::ESNEnabled, _IPSEC_SAD_ENTRY::Id, IPSEC_SAD_ENTRY_FROM_LIST, IPSEC_SPD_ENTRY_FROM_LIST, IsSubSpdSelector(), _IPSEC_SAD_ENTRY::List, _IPSEC_SAD_DATA::ManualSet, mConfigData, _IPSEC_SAD_DATA::Mode, _IPSEC_SAD_DATA::PathMTU, _IPSEC_SAD_DATA::SaLifetime, _IPSEC_SPD_DATA::Sas, _IPSEC_SPD_ENTRY::Selector, _IPSEC_SAD_DATA::SequenceNumber, SIZE_OF_SPD_SELECTOR, _IPSEC_SAD_DATA::SpdEntry, _IPSEC_SAD_DATA::SpdSelector, _IPSEC_SAD_DATA::TunnelDestAddress, and _IPSEC_SAD_DATA::TunnelSourceAddress.

EFI_STATUS SetSpdEntry ( IN EFI_IPSEC_CONFIG_SELECTOR *  Selector,
IN VOID *  Data,
IN VOID *  Context 
)

Set the security policy information for the EFI IPsec driver.

The IPsec configuration data has a unique selector/identifier separately to identify a data entry.

Parameters:
[in] Selector Pointer to an entry selector on operated configuration data specified by DataType. A NULL Selector causes the entire specified-type configuration information to be flushed.
[in] Data The data buffer to be set. The structure of the data buffer should be EFI_IPSEC_SPD_DATA.
[in] Context Pointer to one entry selector that describes the expected position the new data entry will be added. If Context is NULL, the new entry will be appended the end of database.
Return values:
EFI_INVALID_PARAMETER One or more of the following are TRUE:
  • Selector is not NULL and its LocalAddress is NULL or its RemoteAddress is NULL.
  • Data is not NULL and its Action is Protected and its plolicy is NULL.
  • Data is not NULL, its Action is not protected, and its policy is not NULL.
  • The Action of Data is Protected, its policy mode is Tunnel, and its tunnel option is NULL.
  • The Action of Data is protected and its policy mode is not Tunnel and it tunnel option is not NULL.
EFI_OUT_OF_RESOURCED The required system resource could not be allocated.
EFI_SUCCESS The specified configuration data was obtained successfully.

References _IPSEC_SPD_DATA::Action, _IPSEC_SAD_ENTRY::BySpd, CompareSaId(), CompareSpdSelector(), _IPSEC_SAD_ENTRY::Data, _IPSEC_SPD_ENTRY::Data, DuplicateSpdSelector(), _IPSEC_SAD_ENTRY::Id, IPSEC_SAD_ENTRY_FROM_LIST, IPSEC_SAD_ENTRY_FROM_SPD, IPSEC_SPD_ENTRY_FROM_LIST, IpSecDuplicateProcessPolicy(), IpSecGetSizeOfEfiSpdData(), _IPSEC_SPD_ENTRY::List, mConfigData, _IPSEC_SPD_DATA::Name, _IPSEC_SPD_DATA::PackageFlag, _IPSEC_SPD_DATA::ProcessingPolicy, _IPSEC_SPD_DATA::Sas, _IPSEC_SPD_ENTRY::Selector, SIZE_OF_SPD_SELECTOR, _IPSEC_SAD_DATA::SpdEntry, and _IPSEC_SPD_DATA::TrafficDirection.

VOID UnfixPadEntry ( IN EFI_IPSEC_PAD_ID *  PadId,
IN OUT EFI_IPSEC_PAD_DATA *  Data 
)

Recover the value of some members of PAD ID.

This function is corresponding to FixPadEntry(). It recovers the value of members of PAD ID that are fixed by FixPadEntry().

Parameters:
[in] PadId Pointer of PAD ID.
[in,out] Data Pointer of PAD Data.

References UNFIX_REF_BUF_ADDR.

VOID UnfixSadEntry ( IN OUT EFI_IPSEC_SA_ID *  SaId,
IN OUT EFI_IPSEC_SA_DATA2 *  Data 
)

Recover the value of some members of SA ID.

This function is corresponding to FixSadEntry(). It recovers the value of members of SAD ID that are fixed by FixSadEntry().

Parameters:
[in,out] SaId Pointer of SAD ID.
[in,out] Data Pointer of SAD Data.

References UNFIX_REF_BUF_ADDR.

VOID UnfixSpdEntry ( IN OUT EFI_IPSEC_SPD_SELECTOR *  Selector,
IN OUT EFI_IPSEC_SPD_DATA *  Data 
)

Recover the value of some members of SPD Selector.

This function is corresponding to FixSpdEntry(). It recovers the value of members of SPD Selector that are fixed by FixSpdEntry().

Parameters:
[in,out] Selector Pointer of SPD Selector.
[in,out] Data Pointer of SPD Data.

References UNFIX_REF_BUF_ADDR.


Variable Documentation

LIST_ENTRY mConfigData[IPsecConfigDataTypeMaximum]

EFI_IPSEC_CONFIG_PROTOCOL mIpSecConfigInstance

BOOLEAN mSetBySelf = FALSE


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1