]>
Commit | Line | Data |
---|---|---|
a3bcde70 HT |
1 | /** @file\r |
2 | The main process for IpSecConfig application.\r | |
3 | \r | |
96c1d788 | 4 | Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r |
a3bcde70 HT |
5 | \r |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
17 | #include <Library/HiiLib.h>\r | |
18 | \r | |
19 | #include <Protocol/IpSec.h>\r | |
20 | \r | |
21 | #include "IpSecConfig.h"\r | |
22 | #include "Dump.h"\r | |
23 | #include "Indexer.h"\r | |
24 | #include "PolicyEntryOperation.h"\r | |
25 | #include "Delete.h"\r | |
26 | #include "Helper.h"\r | |
27 | \r | |
96c1d788 JW |
28 | //\r |
29 | // String token ID of IpSecConfig command help message text.\r | |
30 | //\r | |
31 | GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId = STRING_TOKEN (STR_IPSEC_CONFIG_HELP);\r | |
32 | \r | |
a3bcde70 HT |
33 | //\r |
34 | // Used for ShellCommandLineParseEx only\r | |
35 | // and to ensure user inputs are in valid format\r | |
36 | //\r | |
37 | SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r | |
38 | { L"-p", TypeValue },\r | |
39 | { L"-a", TypeValue },\r | |
40 | { L"-i", TypeValue },\r | |
41 | { L"-e", TypeValue },\r | |
42 | { L"-d", TypeValue },\r | |
43 | { L"-f", TypeFlag },\r | |
44 | { L"-l", TypeFlag },\r | |
45 | { L"-enable", TypeFlag },\r | |
46 | { L"-disable", TypeFlag },\r | |
47 | { L"-status", TypeFlag },\r | |
a3bcde70 HT |
48 | \r |
49 | //\r | |
50 | // SPD Selector\r | |
51 | //\r | |
52 | { L"--local", TypeValue },\r | |
53 | { L"--remote", TypeValue },\r | |
54 | { L"--proto", TypeValue },\r | |
55 | { L"--local-port", TypeValue },\r | |
56 | { L"--remote-port", TypeValue },\r | |
57 | { L"--icmp-type", TypeValue },\r | |
58 | { L"--icmp-code", TypeValue },\r | |
59 | \r | |
60 | //\r | |
61 | // SPD Data\r | |
62 | //\r | |
63 | { L"--name", TypeValue },\r | |
64 | { L"--packet-flag", TypeValue },\r | |
65 | { L"--action", TypeValue },\r | |
66 | { L"--lifebyte", TypeValue },\r | |
67 | { L"--lifetime-soft", TypeValue },\r | |
68 | { L"--lifetime", TypeValue },\r | |
69 | { L"--mode", TypeValue },\r | |
70 | { L"--tunnel-local", TypeValue },\r | |
71 | { L"--tunnel-remote", TypeValue },\r | |
72 | { L"--dont-fragment", TypeValue },\r | |
73 | { L"--ipsec-proto", TypeValue },\r | |
74 | { L"--auth-algo", TypeValue },\r | |
75 | { L"--encrypt-algo", TypeValue },\r | |
76 | \r | |
77 | { L"--ext-sequence", TypeFlag },\r | |
78 | { L"--sequence-overflow", TypeFlag },\r | |
79 | { L"--fragment-check", TypeFlag },\r | |
80 | { L"--ext-sequence-", TypeFlag },\r | |
81 | { L"--sequence-overflow-", TypeFlag },\r | |
82 | { L"--fragment-check-", TypeFlag },\r | |
83 | \r | |
84 | //\r | |
85 | // SA ID\r | |
86 | // --ipsec-proto\r | |
87 | //\r | |
88 | { L"--spi", TypeValue },\r | |
64b2d0e5 | 89 | { L"--tunnel-dest", TypeValue },\r |
90 | { L"--tunnel-source", TypeValue },\r | |
a3bcde70 HT |
91 | { L"--lookup-spi", TypeValue },\r |
92 | { L"--lookup-ipsec-proto", TypeValue },\r | |
93 | { L"--lookup-dest", TypeValue },\r | |
94 | \r | |
95 | //\r | |
96 | // SA DATA\r | |
97 | // --mode\r | |
98 | // --auth-algo\r | |
99 | // --encrypt-algo\r | |
100 | //\r | |
101 | { L"--sequence-number", TypeValue },\r | |
102 | { L"--antireplay-window", TypeValue },\r | |
103 | { L"--auth-key", TypeValue },\r | |
104 | { L"--encrypt-key", TypeValue },\r | |
105 | { L"--path-mtu", TypeValue },\r | |
106 | \r | |
107 | //\r | |
108 | // PAD ID\r | |
109 | //\r | |
110 | { L"--peer-id", TypeValue },\r | |
111 | { L"--peer-address", TypeValue },\r | |
112 | { L"--auth-proto", TypeValue },\r | |
113 | { L"--auth-method", TypeValue },\r | |
114 | { L"--ike-id", TypeValue },\r | |
115 | { L"--ike-id-", TypeValue },\r | |
116 | { L"--auth-data", TypeValue },\r | |
117 | { L"--revocation-data", TypeValue },\r | |
118 | { L"--lookup-peer-id", TypeValue },\r | |
119 | { L"--lookup-peer-address", TypeValue },\r | |
120 | \r | |
121 | { NULL, TypeMax },\r | |
122 | };\r | |
123 | \r | |
124 | //\r | |
125 | // -P\r | |
126 | //\r | |
127 | STR2INT mMapPolicy[] = {\r | |
128 | { L"SPD", IPsecConfigDataTypeSpd },\r | |
129 | { L"SAD", IPsecConfigDataTypeSad },\r | |
130 | { L"PAD", IPsecConfigDataTypePad },\r | |
131 | { NULL, 0 },\r | |
132 | };\r | |
133 | \r | |
134 | //\r | |
135 | // --proto\r | |
136 | //\r | |
137 | STR2INT mMapIpProtocol[] = {\r | |
138 | { L"TCP", EFI_IP4_PROTO_TCP },\r | |
139 | { L"UDP", EFI_IP4_PROTO_UDP },\r | |
140 | { L"ICMP", EFI_IP4_PROTO_ICMP },\r | |
141 | { NULL, 0 },\r | |
142 | };\r | |
143 | \r | |
144 | //\r | |
145 | // --action\r | |
146 | //\r | |
147 | STR2INT mMapIpSecAction[] = {\r | |
148 | { L"Bypass", EfiIPsecActionBypass },\r | |
149 | { L"Discard", EfiIPsecActionDiscard },\r | |
150 | { L"Protect", EfiIPsecActionProtect },\r | |
151 | { NULL, 0 },\r | |
152 | };\r | |
153 | \r | |
154 | //\r | |
155 | // --mode\r | |
156 | //\r | |
157 | STR2INT mMapIpSecMode[] = {\r | |
158 | { L"Transport", EfiIPsecTransport },\r | |
159 | { L"Tunnel", EfiIPsecTunnel },\r | |
160 | { NULL, 0 },\r | |
161 | };\r | |
162 | \r | |
163 | //\r | |
164 | // --dont-fragment\r | |
165 | //\r | |
166 | STR2INT mMapDfOption[] = {\r | |
167 | { L"clear", EfiIPsecTunnelClearDf },\r | |
168 | { L"set", EfiIPsecTunnelSetDf },\r | |
169 | { L"copy", EfiIPsecTunnelCopyDf },\r | |
170 | { NULL, 0 },\r | |
171 | };\r | |
172 | \r | |
173 | //\r | |
174 | // --ipsec-proto\r | |
175 | //\r | |
176 | STR2INT mMapIpSecProtocol[] = {\r | |
177 | { L"AH", EfiIPsecAH },\r | |
178 | { L"ESP", EfiIPsecESP },\r | |
179 | { NULL, 0 },\r | |
180 | };\r | |
181 | \r | |
182 | //\r | |
183 | // --auth-algo\r | |
184 | //\r | |
185 | STR2INT mMapAuthAlgo[] = {\r | |
780847d1 | 186 | { L"NONE", IPSEC_AALG_NONE },\r |
187 | { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r | |
188 | { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r | |
189 | { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r | |
190 | { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r | |
191 | { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r | |
192 | { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r | |
193 | { L"NULL", IPSEC_AALG_NULL },\r | |
a3bcde70 HT |
194 | { NULL, 0 },\r |
195 | };\r | |
196 | \r | |
197 | //\r | |
198 | // --encrypt-algo\r | |
199 | //\r | |
200 | STR2INT mMapEncAlgo[] = {\r | |
780847d1 | 201 | { L"NONE", IPSEC_EALG_NONE },\r |
202 | { L"DESCBC", IPSEC_EALG_DESCBC },\r | |
203 | { L"3DESCBC", IPSEC_EALG_3DESCBC },\r | |
204 | { L"CASTCBC", IPSEC_EALG_CASTCBC },\r | |
205 | { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r | |
206 | { L"NULL", IPSEC_EALG_NULL },\r | |
207 | { L"AESCBC", IPSEC_EALG_AESCBC },\r | |
208 | { L"AESCTR", IPSEC_EALG_AESCTR },\r | |
209 | { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r | |
210 | { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r | |
211 | { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r | |
212 | { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r | |
213 | { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r | |
214 | { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r | |
a3bcde70 HT |
215 | { NULL, 0 },\r |
216 | };\r | |
217 | \r | |
218 | //\r | |
219 | // --auth-proto\r | |
220 | //\r | |
221 | STR2INT mMapAuthProto[] = {\r | |
222 | { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r | |
223 | { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r | |
224 | { NULL, 0 },\r | |
225 | };\r | |
226 | \r | |
227 | //\r | |
228 | // --auth-method\r | |
229 | //\r | |
230 | STR2INT mMapAuthMethod[] = {\r | |
231 | { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r | |
232 | { L"Certificates", EfiIPsecAuthMethodCertificates },\r | |
233 | { NULL, 0 },\r | |
234 | };\r | |
235 | \r | |
780847d1 | 236 | EFI_IPSEC2_PROTOCOL *mIpSec;\r |
a3bcde70 HT |
237 | EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r |
238 | EFI_HII_HANDLE mHiiHandle;\r | |
a3bcde70 HT |
239 | CHAR16 mAppName[] = L"IpSecConfig";\r |
240 | \r | |
241 | //\r | |
242 | // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r | |
243 | //\r | |
244 | VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r | |
245 | { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
246 | { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
247 | { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
248 | { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
249 | \r | |
250 | { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
251 | { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
252 | { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
253 | { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
254 | { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
255 | { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
256 | \r | |
257 | { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
258 | \r | |
259 | //\r | |
260 | // SPD Selector\r | |
261 | //\r | |
262 | { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r | |
263 | { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r | |
264 | { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r | |
265 | { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r | |
266 | { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r | |
267 | { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r | |
268 | { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r | |
269 | \r | |
270 | //\r | |
271 | // SPD Data\r | |
272 | //\r | |
273 | { L"--name", 0, 0, BIT(2), 0 },\r | |
274 | { L"--packet-flag", 0, 0, BIT(2), 0 },\r | |
275 | { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r | |
276 | { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r | |
277 | { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r | |
278 | { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r | |
279 | { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r | |
280 | { L"--tunnel-local", 0, 0, BIT(2), 0 },\r | |
281 | { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r | |
282 | { L"--dont-fragment", 0, 0, BIT(2), 0 },\r | |
283 | { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r | |
284 | { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r | |
285 | { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r | |
286 | \r | |
287 | { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r | |
288 | { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r | |
289 | { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r | |
290 | { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r | |
291 | { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r | |
292 | { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r | |
293 | \r | |
294 | //\r | |
295 | // SA ID\r | |
296 | // --ipsec-proto\r | |
297 | //\r | |
298 | { L"--spi", 0, 0, BIT(1), 0 },\r | |
64b2d0e5 | 299 | { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r |
300 | { L"--tunnel-source", 0, 0, BIT(1), 0 },\r | |
a3bcde70 HT |
301 | { L"--lookup-spi", 0, 0, BIT(1), 0 },\r |
302 | { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r | |
303 | { L"--lookup-dest", 0, 0, BIT(1), 0 },\r | |
304 | \r | |
305 | //\r | |
306 | // SA DATA\r | |
307 | // --mode\r | |
308 | // --auth-algo\r | |
309 | // --encrypt-algo\r | |
310 | //\r | |
311 | { L"--sequence-number", 0, 0, BIT(1), 0 },\r | |
312 | { L"--antireplay-window", 0, 0, BIT(1), 0 },\r | |
313 | { L"--auth-key", 0, 0, BIT(1), 0 },\r | |
314 | { L"--encrypt-key", 0, 0, BIT(1), 0 },\r | |
315 | { L"--path-mtu", 0, 0, BIT(1), 0 },\r | |
316 | \r | |
317 | //\r | |
318 | // The example to add a PAD:\r | |
319 | // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r | |
320 | // --auth-method PreSharedSeceret/Certificate --ike-id\r | |
321 | // --auth-data 343343 --revocation-data 2342432"\r | |
322 | // The example to delete a PAD:\r | |
323 | // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r | |
324 | // "-D 1"\r | |
325 | // The example to edit a PAD:\r | |
326 | // "-E * --lookup-peer-id Mike --auth-method Certificate"\r | |
327 | \r | |
328 | //\r | |
329 | // PAD ID\r | |
330 | //\r | |
331 | { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r | |
332 | { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r | |
333 | { L"--auth-proto", 0, 0, BIT(0), 0 },\r | |
334 | { L"--auth-method", 0, 0, BIT(0), 0 },\r | |
335 | { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r | |
336 | { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r | |
337 | { L"--auth-data", 0, 0, BIT(0), 0 },\r | |
338 | { L"--revocation-data", 0, 0, BIT(0), 0 },\r | |
339 | { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r | |
340 | { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r | |
341 | \r | |
342 | { NULL, 0, 0, 0, 0 },\r | |
343 | };\r | |
344 | \r | |
345 | /**\r | |
346 | The function to allocate the proper sized buffer for various\r | |
347 | EFI interfaces.\r | |
348 | \r | |
349 | @param[in, out] Status Current status.\r | |
350 | @param[in, out] Buffer Current allocated buffer, or NULL.\r | |
351 | @param[in] BufferSize Current buffer size needed\r | |
352 | \r | |
353 | @retval TRUE If the buffer was reallocated and the caller should try the API again.\r | |
354 | @retval FALSE If the buffer was not reallocated successfully.\r | |
355 | **/\r | |
356 | BOOLEAN\r | |
357 | GrowBuffer (\r | |
358 | IN OUT EFI_STATUS *Status,\r | |
359 | IN OUT VOID **Buffer,\r | |
360 | IN UINTN BufferSize\r | |
361 | )\r | |
362 | {\r | |
363 | BOOLEAN TryAgain;\r | |
364 | \r | |
365 | ASSERT (Status != NULL);\r | |
366 | ASSERT (Buffer != NULL);\r | |
367 | \r | |
368 | //\r | |
369 | // If this is an initial request, buffer will be null with a new buffer size.\r | |
370 | //\r | |
371 | if ((NULL == *Buffer) && (BufferSize != 0)) {\r | |
372 | *Status = EFI_BUFFER_TOO_SMALL;\r | |
373 | }\r | |
374 | \r | |
375 | //\r | |
376 | // If the status code is "buffer too small", resize the buffer.\r | |
377 | //\r | |
378 | TryAgain = FALSE;\r | |
379 | if (*Status == EFI_BUFFER_TOO_SMALL) {\r | |
380 | \r | |
381 | if (*Buffer != NULL) {\r | |
382 | FreePool (*Buffer);\r | |
383 | }\r | |
384 | \r | |
385 | *Buffer = AllocateZeroPool (BufferSize);\r | |
386 | \r | |
387 | if (*Buffer != NULL) {\r | |
388 | TryAgain = TRUE;\r | |
389 | } else {\r | |
390 | *Status = EFI_OUT_OF_RESOURCES;\r | |
391 | }\r | |
392 | }\r | |
393 | \r | |
394 | //\r | |
395 | // If there's an error, free the buffer.\r | |
396 | //\r | |
397 | if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r | |
398 | FreePool (*Buffer);\r | |
399 | *Buffer = NULL;\r | |
400 | }\r | |
401 | \r | |
402 | return TryAgain;\r | |
403 | }\r | |
404 | \r | |
405 | /**\r | |
406 | Function returns an array of handles that support the requested protocol\r | |
407 | in a buffer allocated from a pool.\r | |
408 | \r | |
409 | @param[in] SearchType Specifies which handle(s) are to be returned.\r | |
410 | @param[in] Protocol Provides the protocol to search by.\r | |
411 | This parameter is only valid for SearchType ByProtocol.\r | |
412 | \r | |
413 | @param[in] SearchKey Supplies the search key depending on the SearchType.\r | |
414 | @param[in, out] NoHandles The number of handles returned in Buffer.\r | |
415 | @param[out] Buffer A pointer to the buffer to return the requested array of\r | |
416 | handles that support Protocol.\r | |
417 | \r | |
418 | @retval EFI_SUCCESS The resulting array of handles was returned.\r | |
419 | @retval Others Other mistake case.\r | |
420 | **/\r | |
421 | EFI_STATUS\r | |
422 | LocateHandle (\r | |
423 | IN EFI_LOCATE_SEARCH_TYPE SearchType,\r | |
424 | IN EFI_GUID *Protocol OPTIONAL,\r | |
425 | IN VOID *SearchKey OPTIONAL,\r | |
426 | IN OUT UINTN *NoHandles,\r | |
427 | OUT EFI_HANDLE **Buffer\r | |
428 | )\r | |
429 | {\r | |
430 | EFI_STATUS Status;\r | |
431 | UINTN BufferSize;\r | |
432 | \r | |
433 | ASSERT (NoHandles != NULL);\r | |
434 | ASSERT (Buffer != NULL);\r | |
435 | \r | |
436 | //\r | |
437 | // Initialize for GrowBuffer loop.\r | |
438 | //\r | |
439 | Status = EFI_SUCCESS;\r | |
440 | *Buffer = NULL;\r | |
441 | BufferSize = 50 * sizeof (EFI_HANDLE);\r | |
442 | \r | |
443 | //\r | |
444 | // Call the real function.\r | |
445 | //\r | |
446 | while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r | |
447 | Status = gBS->LocateHandle (\r | |
448 | SearchType,\r | |
449 | Protocol,\r | |
450 | SearchKey,\r | |
451 | &BufferSize,\r | |
452 | *Buffer\r | |
453 | );\r | |
454 | }\r | |
455 | \r | |
456 | *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r | |
457 | if (EFI_ERROR (Status)) {\r | |
458 | *NoHandles = 0;\r | |
459 | }\r | |
460 | \r | |
461 | return Status;\r | |
462 | }\r | |
463 | \r | |
464 | /**\r | |
465 | Find the first instance of this protocol in the system and return its interface.\r | |
466 | \r | |
467 | @param[in] ProtocolGuid The guid of the protocol.\r | |
468 | @param[out] Interface The pointer to the first instance of the protocol.\r | |
469 | \r | |
470 | @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r | |
471 | @retval Others A protocol instance matching ProtocolGuid was not found.\r | |
472 | **/\r | |
473 | EFI_STATUS\r | |
474 | LocateProtocol (\r | |
475 | IN EFI_GUID *ProtocolGuid,\r | |
476 | OUT VOID **Interface\r | |
477 | )\r | |
478 | \r | |
479 | {\r | |
480 | EFI_STATUS Status;\r | |
481 | UINTN NumberHandles;\r | |
482 | UINTN Index;\r | |
483 | EFI_HANDLE *Handles;\r | |
484 | \r | |
485 | *Interface = NULL;\r | |
486 | Handles = NULL;\r | |
487 | NumberHandles = 0;\r | |
488 | \r | |
489 | Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r | |
490 | if (EFI_ERROR (Status)) {\r | |
491 | DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r | |
492 | return Status;\r | |
493 | }\r | |
494 | \r | |
495 | for (Index = 0; Index < NumberHandles; Index++) {\r | |
496 | ASSERT (Handles != NULL);\r | |
497 | Status = gBS->HandleProtocol (\r | |
498 | Handles[Index],\r | |
499 | ProtocolGuid,\r | |
500 | Interface\r | |
501 | );\r | |
502 | \r | |
503 | if (!EFI_ERROR (Status)) {\r | |
504 | break;\r | |
505 | }\r | |
506 | }\r | |
507 | \r | |
508 | if (Handles != NULL) {\r | |
509 | FreePool (Handles);\r | |
510 | }\r | |
511 | \r | |
512 | return Status;\r | |
513 | }\r | |
514 | \r | |
515 | /**\r | |
516 | Helper function called to check the conflicted flags.\r | |
517 | \r | |
518 | @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r | |
519 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
520 | \r | |
521 | @retval EFI_SUCCESS No conflicted flags.\r | |
522 | @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r | |
523 | **/\r | |
524 | EFI_STATUS\r | |
525 | IpSecConfigRetriveCheckListByName (\r | |
526 | IN VAR_CHECK_ITEM *CheckList,\r | |
527 | IN LIST_ENTRY *ParamPackage\r | |
528 | )\r | |
529 | {\r | |
530 | \r | |
531 | LIST_ENTRY *Node;\r | |
532 | VAR_CHECK_ITEM *Item;\r | |
533 | UINT32 Attribute1;\r | |
534 | UINT32 Attribute2;\r | |
535 | UINT32 Attribute3;\r | |
536 | UINT32 Attribute4;\r | |
537 | UINT32 Index;\r | |
538 | \r | |
539 | Attribute1 = 0;\r | |
540 | Attribute2 = 0;\r | |
541 | Attribute3 = 0;\r | |
542 | Attribute4 = 0;\r | |
543 | Index = 0;\r | |
544 | Item = mIpSecConfigVarCheckList;\r | |
545 | \r | |
546 | if ((ParamPackage == NULL) || (CheckList == NULL)) {\r | |
547 | return EFI_INVALID_PARAMETER;\r | |
548 | }\r | |
549 | \r | |
550 | //\r | |
551 | // Enumerate through the list of parameters that are input by user.\r | |
552 | //\r | |
553 | for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r | |
554 | if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r | |
555 | //\r | |
64b2d0e5 | 556 | // Enumerate the check list that defines the conflicted attributes of each flag.\r |
a3bcde70 HT |
557 | //\r |
558 | for (; Item->VarName != NULL; Item++) {\r | |
559 | if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r | |
560 | Index++;\r | |
561 | if (Index == 1) {\r | |
562 | Attribute1 = Item->Attribute1;\r | |
563 | Attribute2 = Item->Attribute2;\r | |
564 | Attribute3 = Item->Attribute3;\r | |
565 | Attribute4 = Item->Attribute4;\r | |
566 | } else {\r | |
567 | Attribute1 &= Item->Attribute1;\r | |
568 | Attribute2 |= Item->Attribute2;\r | |
569 | Attribute3 &= Item->Attribute3;\r | |
570 | Attribute4 |= Item->Attribute4;\r | |
571 | if (Attribute1 != 0) {\r | |
572 | return EFI_INVALID_PARAMETER;\r | |
573 | }\r | |
574 | \r | |
575 | if (Attribute2 != 0) {\r | |
576 | if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r | |
577 | continue;\r | |
578 | }\r | |
579 | \r | |
580 | return EFI_INVALID_PARAMETER;\r | |
581 | }\r | |
582 | \r | |
583 | if (Attribute3 == 0) {\r | |
584 | return EFI_INVALID_PARAMETER;\r | |
585 | }\r | |
586 | if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r | |
587 | ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r | |
588 | return EFI_INVALID_PARAMETER;\r | |
589 | }\r | |
590 | }\r | |
591 | break;\r | |
592 | }\r | |
593 | }\r | |
594 | \r | |
595 | Item = mIpSecConfigVarCheckList;\r | |
596 | }\r | |
597 | }\r | |
598 | \r | |
599 | return EFI_SUCCESS;\r | |
600 | }\r | |
601 | \r | |
602 | /**\r | |
603 | This is the declaration of an EFI image entry point. This entry point is\r | |
604 | the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r | |
605 | both device drivers and bus drivers.\r | |
606 | \r | |
607 | The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r | |
608 | \r | |
609 | @param[in] ImageHandle The image handle of this application.\r | |
610 | @param[in] SystemTable The pointer to the EFI System Table.\r | |
611 | \r | |
612 | @retval EFI_SUCCESS The operation completed successfully.\r | |
613 | \r | |
614 | **/\r | |
615 | EFI_STATUS\r | |
616 | EFIAPI\r | |
617 | InitializeIpSecConfig (\r | |
618 | IN EFI_HANDLE ImageHandle,\r | |
619 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
620 | )\r | |
621 | {\r | |
622 | EFI_STATUS Status;\r | |
623 | EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r | |
624 | UINT8 Value;\r | |
625 | LIST_ENTRY *ParamPackage;\r | |
626 | CONST CHAR16 *ValueStr;\r | |
627 | CHAR16 *ProblemParam;\r | |
628 | UINTN NonOptionCount;\r | |
be6cd654 | 629 | EFI_HII_PACKAGE_LIST_HEADER *PackageList;\r |
a3bcde70 HT |
630 | \r |
631 | //\r | |
be6cd654 | 632 | // Retrieve HII package list from ImageHandle\r |
a3bcde70 | 633 | //\r |
be6cd654 ZL |
634 | Status = gBS->OpenProtocol (\r |
635 | ImageHandle,\r | |
636 | &gEfiHiiPackageListProtocolGuid,\r | |
637 | (VOID **) &PackageList,\r | |
638 | ImageHandle,\r | |
639 | NULL,\r | |
640 | EFI_OPEN_PROTOCOL_GET_PROTOCOL\r | |
641 | );\r | |
642 | if (EFI_ERROR (Status)) {\r | |
643 | return Status;\r | |
644 | }\r | |
645 | \r | |
646 | //\r | |
647 | // Publish HII package list to HII Database.\r | |
648 | //\r | |
649 | Status = gHiiDatabase->NewPackageList (\r | |
650 | gHiiDatabase,\r | |
651 | PackageList,\r | |
652 | NULL,\r | |
653 | &mHiiHandle\r | |
654 | );\r | |
655 | if (EFI_ERROR (Status)) {\r | |
656 | return Status;\r | |
657 | }\r | |
658 | \r | |
a3bcde70 HT |
659 | ASSERT (mHiiHandle != NULL);\r |
660 | \r | |
661 | Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r | |
662 | if (EFI_ERROR (Status)) {\r | |
663 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r | |
664 | goto Done;\r | |
665 | }\r | |
666 | \r | |
667 | Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r | |
668 | if (EFI_ERROR (Status)) {\r | |
669 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r | |
670 | goto Done;\r | |
671 | }\r | |
672 | \r | |
673 | Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r | |
674 | if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r | |
675 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r | |
676 | goto Done;\r | |
677 | }\r | |
678 | \r | |
0a7294f7 | 679 | Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);\r |
a3bcde70 HT |
680 | if (EFI_ERROR (Status) || mIpSec == NULL) {\r |
681 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r | |
682 | goto Done;\r | |
683 | }\r | |
684 | \r | |
685 | //\r | |
686 | // Enable IPsec.\r | |
687 | //\r | |
688 | if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r | |
689 | if (!(mIpSec->DisabledFlag)) {\r | |
690 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r | |
691 | } else {\r | |
692 | //\r | |
693 | // Set enable flag.\r | |
694 | //\r | |
695 | Value = IPSEC_STATUS_ENABLED;\r | |
696 | Status = gRT->SetVariable (\r | |
697 | IPSECCONFIG_STATUS_NAME,\r | |
698 | &gEfiIpSecConfigProtocolGuid,\r | |
699 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r | |
700 | sizeof (Value),\r | |
701 | &Value\r | |
702 | );\r | |
703 | if (!EFI_ERROR (Status)) {\r | |
704 | mIpSec->DisabledFlag = FALSE;\r | |
705 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r | |
706 | } else {\r | |
707 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r | |
708 | }\r | |
709 | }\r | |
710 | \r | |
711 | goto Done;\r | |
712 | }\r | |
713 | \r | |
714 | //\r | |
715 | // Disable IPsec.\r | |
716 | //\r | |
717 | if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r | |
718 | if (mIpSec->DisabledFlag) {\r | |
719 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r | |
720 | } else {\r | |
721 | //\r | |
722 | // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r | |
723 | //\r | |
724 | gBS->SignalEvent (mIpSec->DisabledEvent);\r | |
725 | if (mIpSec->DisabledFlag) {\r | |
726 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r | |
727 | } else {\r | |
728 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r | |
729 | }\r | |
730 | }\r | |
731 | \r | |
732 | goto Done;\r | |
733 | }\r | |
734 | \r | |
735 | //\r | |
736 | //IPsec Status.\r | |
737 | //\r | |
738 | if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r | |
739 | if (mIpSec->DisabledFlag) {\r | |
740 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r | |
741 | } else {\r | |
742 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r | |
743 | }\r | |
a3bcde70 HT |
744 | goto Done;\r |
745 | }\r | |
746 | \r | |
747 | //\r | |
748 | // Try to get policy database type.\r | |
749 | //\r | |
14fc747b | 750 | DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;\r |
a3bcde70 HT |
751 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r |
752 | if (ValueStr != NULL) {\r | |
753 | DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r | |
754 | if (DataType == -1) {\r | |
755 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r | |
756 | goto Done;\r | |
757 | }\r | |
758 | }\r | |
759 | \r | |
780847d1 | 760 | NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r |
a3bcde70 HT |
761 | if ((NonOptionCount - 1) > 0) {\r |
762 | ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r | |
763 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r | |
764 | goto Done;\r | |
765 | }\r | |
766 | \r | |
767 | if (DataType == -1) {\r | |
768 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r | |
769 | goto Done;\r | |
770 | }\r | |
771 | \r | |
772 | if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r | |
773 | Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r | |
774 | if (EFI_ERROR (Status)) {\r | |
775 | goto Done;\r | |
776 | }\r | |
777 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r | |
778 | Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r | |
779 | if (EFI_ERROR (Status)) {\r | |
780 | goto Done;\r | |
781 | }\r | |
782 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r | |
783 | Status = EditPolicyEntry (DataType, ParamPackage);\r | |
784 | if (EFI_ERROR (Status)) {\r | |
785 | goto Done;\r | |
786 | }\r | |
787 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r | |
788 | Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r | |
789 | if (EFI_ERROR (Status)) {\r | |
790 | goto Done;\r | |
791 | }\r | |
792 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r | |
793 | Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r | |
794 | if (EFI_ERROR (Status)) {\r | |
795 | goto Done;\r | |
796 | }\r | |
797 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r | |
798 | Status = ListPolicyEntry (DataType, ParamPackage);\r | |
799 | if (EFI_ERROR (Status)) {\r | |
800 | goto Done;\r | |
801 | }\r | |
802 | } else {\r | |
803 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r | |
804 | goto Done;\r | |
805 | }\r | |
806 | \r | |
807 | Done:\r | |
808 | ShellCommandLineFreeVarList (ParamPackage);\r | |
809 | HiiRemovePackages (mHiiHandle);\r | |
810 | \r | |
811 | return EFI_SUCCESS;\r | |
812 | }\r |