]>
Commit | Line | Data |
---|---|---|
a3bcde70 HT |
1 | /** @file\r |
2 | The main process for IpSecConfig application.\r | |
3 | \r | |
4 | Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r | |
5 | \r | |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php.\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
17 | #include <Library/HiiLib.h>\r | |
18 | \r | |
19 | #include <Protocol/IpSec.h>\r | |
20 | \r | |
21 | #include "IpSecConfig.h"\r | |
22 | #include "Dump.h"\r | |
23 | #include "Indexer.h"\r | |
24 | #include "PolicyEntryOperation.h"\r | |
25 | #include "Delete.h"\r | |
26 | #include "Helper.h"\r | |
27 | \r | |
28 | //\r | |
29 | // Used for ShellCommandLineParseEx only\r | |
30 | // and to ensure user inputs are in valid format\r | |
31 | //\r | |
32 | SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r | |
33 | { L"-p", TypeValue },\r | |
34 | { L"-a", TypeValue },\r | |
35 | { L"-i", TypeValue },\r | |
36 | { L"-e", TypeValue },\r | |
37 | { L"-d", TypeValue },\r | |
38 | { L"-f", TypeFlag },\r | |
39 | { L"-l", TypeFlag },\r | |
40 | { L"-enable", TypeFlag },\r | |
41 | { L"-disable", TypeFlag },\r | |
42 | { L"-status", TypeFlag },\r | |
43 | { L"-?", TypeFlag },\r | |
44 | \r | |
45 | //\r | |
46 | // SPD Selector\r | |
47 | //\r | |
48 | { L"--local", TypeValue },\r | |
49 | { L"--remote", TypeValue },\r | |
50 | { L"--proto", TypeValue },\r | |
51 | { L"--local-port", TypeValue },\r | |
52 | { L"--remote-port", TypeValue },\r | |
53 | { L"--icmp-type", TypeValue },\r | |
54 | { L"--icmp-code", TypeValue },\r | |
55 | \r | |
56 | //\r | |
57 | // SPD Data\r | |
58 | //\r | |
59 | { L"--name", TypeValue },\r | |
60 | { L"--packet-flag", TypeValue },\r | |
61 | { L"--action", TypeValue },\r | |
62 | { L"--lifebyte", TypeValue },\r | |
63 | { L"--lifetime-soft", TypeValue },\r | |
64 | { L"--lifetime", TypeValue },\r | |
65 | { L"--mode", TypeValue },\r | |
66 | { L"--tunnel-local", TypeValue },\r | |
67 | { L"--tunnel-remote", TypeValue },\r | |
68 | { L"--dont-fragment", TypeValue },\r | |
69 | { L"--ipsec-proto", TypeValue },\r | |
70 | { L"--auth-algo", TypeValue },\r | |
71 | { L"--encrypt-algo", TypeValue },\r | |
72 | \r | |
73 | { L"--ext-sequence", TypeFlag },\r | |
74 | { L"--sequence-overflow", TypeFlag },\r | |
75 | { L"--fragment-check", TypeFlag },\r | |
76 | { L"--ext-sequence-", TypeFlag },\r | |
77 | { L"--sequence-overflow-", TypeFlag },\r | |
78 | { L"--fragment-check-", TypeFlag },\r | |
79 | \r | |
80 | //\r | |
81 | // SA ID\r | |
82 | // --ipsec-proto\r | |
83 | //\r | |
84 | { L"--spi", TypeValue },\r | |
64b2d0e5 | 85 | { L"--tunnel-dest", TypeValue },\r |
86 | { L"--tunnel-source", TypeValue },\r | |
a3bcde70 HT |
87 | { L"--lookup-spi", TypeValue },\r |
88 | { L"--lookup-ipsec-proto", TypeValue },\r | |
89 | { L"--lookup-dest", TypeValue },\r | |
90 | \r | |
91 | //\r | |
92 | // SA DATA\r | |
93 | // --mode\r | |
94 | // --auth-algo\r | |
95 | // --encrypt-algo\r | |
96 | //\r | |
97 | { L"--sequence-number", TypeValue },\r | |
98 | { L"--antireplay-window", TypeValue },\r | |
99 | { L"--auth-key", TypeValue },\r | |
100 | { L"--encrypt-key", TypeValue },\r | |
101 | { L"--path-mtu", TypeValue },\r | |
102 | \r | |
103 | //\r | |
104 | // PAD ID\r | |
105 | //\r | |
106 | { L"--peer-id", TypeValue },\r | |
107 | { L"--peer-address", TypeValue },\r | |
108 | { L"--auth-proto", TypeValue },\r | |
109 | { L"--auth-method", TypeValue },\r | |
110 | { L"--ike-id", TypeValue },\r | |
111 | { L"--ike-id-", TypeValue },\r | |
112 | { L"--auth-data", TypeValue },\r | |
113 | { L"--revocation-data", TypeValue },\r | |
114 | { L"--lookup-peer-id", TypeValue },\r | |
115 | { L"--lookup-peer-address", TypeValue },\r | |
116 | \r | |
117 | { NULL, TypeMax },\r | |
118 | };\r | |
119 | \r | |
120 | //\r | |
121 | // -P\r | |
122 | //\r | |
123 | STR2INT mMapPolicy[] = {\r | |
124 | { L"SPD", IPsecConfigDataTypeSpd },\r | |
125 | { L"SAD", IPsecConfigDataTypeSad },\r | |
126 | { L"PAD", IPsecConfigDataTypePad },\r | |
127 | { NULL, 0 },\r | |
128 | };\r | |
129 | \r | |
130 | //\r | |
131 | // --proto\r | |
132 | //\r | |
133 | STR2INT mMapIpProtocol[] = {\r | |
134 | { L"TCP", EFI_IP4_PROTO_TCP },\r | |
135 | { L"UDP", EFI_IP4_PROTO_UDP },\r | |
136 | { L"ICMP", EFI_IP4_PROTO_ICMP },\r | |
137 | { NULL, 0 },\r | |
138 | };\r | |
139 | \r | |
140 | //\r | |
141 | // --action\r | |
142 | //\r | |
143 | STR2INT mMapIpSecAction[] = {\r | |
144 | { L"Bypass", EfiIPsecActionBypass },\r | |
145 | { L"Discard", EfiIPsecActionDiscard },\r | |
146 | { L"Protect", EfiIPsecActionProtect },\r | |
147 | { NULL, 0 },\r | |
148 | };\r | |
149 | \r | |
150 | //\r | |
151 | // --mode\r | |
152 | //\r | |
153 | STR2INT mMapIpSecMode[] = {\r | |
154 | { L"Transport", EfiIPsecTransport },\r | |
155 | { L"Tunnel", EfiIPsecTunnel },\r | |
156 | { NULL, 0 },\r | |
157 | };\r | |
158 | \r | |
159 | //\r | |
160 | // --dont-fragment\r | |
161 | //\r | |
162 | STR2INT mMapDfOption[] = {\r | |
163 | { L"clear", EfiIPsecTunnelClearDf },\r | |
164 | { L"set", EfiIPsecTunnelSetDf },\r | |
165 | { L"copy", EfiIPsecTunnelCopyDf },\r | |
166 | { NULL, 0 },\r | |
167 | };\r | |
168 | \r | |
169 | //\r | |
170 | // --ipsec-proto\r | |
171 | //\r | |
172 | STR2INT mMapIpSecProtocol[] = {\r | |
173 | { L"AH", EfiIPsecAH },\r | |
174 | { L"ESP", EfiIPsecESP },\r | |
175 | { NULL, 0 },\r | |
176 | };\r | |
177 | \r | |
178 | //\r | |
179 | // --auth-algo\r | |
180 | //\r | |
181 | STR2INT mMapAuthAlgo[] = {\r | |
780847d1 | 182 | { L"NONE", IPSEC_AALG_NONE },\r |
183 | { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r | |
184 | { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r | |
185 | { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r | |
186 | { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r | |
187 | { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r | |
188 | { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r | |
189 | { L"NULL", IPSEC_AALG_NULL },\r | |
a3bcde70 HT |
190 | { NULL, 0 },\r |
191 | };\r | |
192 | \r | |
193 | //\r | |
194 | // --encrypt-algo\r | |
195 | //\r | |
196 | STR2INT mMapEncAlgo[] = {\r | |
780847d1 | 197 | { L"NONE", IPSEC_EALG_NONE },\r |
198 | { L"DESCBC", IPSEC_EALG_DESCBC },\r | |
199 | { L"3DESCBC", IPSEC_EALG_3DESCBC },\r | |
200 | { L"CASTCBC", IPSEC_EALG_CASTCBC },\r | |
201 | { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r | |
202 | { L"NULL", IPSEC_EALG_NULL },\r | |
203 | { L"AESCBC", IPSEC_EALG_AESCBC },\r | |
204 | { L"AESCTR", IPSEC_EALG_AESCTR },\r | |
205 | { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r | |
206 | { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r | |
207 | { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r | |
208 | { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r | |
209 | { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r | |
210 | { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r | |
a3bcde70 HT |
211 | { NULL, 0 },\r |
212 | };\r | |
213 | \r | |
214 | //\r | |
215 | // --auth-proto\r | |
216 | //\r | |
217 | STR2INT mMapAuthProto[] = {\r | |
218 | { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r | |
219 | { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r | |
220 | { NULL, 0 },\r | |
221 | };\r | |
222 | \r | |
223 | //\r | |
224 | // --auth-method\r | |
225 | //\r | |
226 | STR2INT mMapAuthMethod[] = {\r | |
227 | { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r | |
228 | { L"Certificates", EfiIPsecAuthMethodCertificates },\r | |
229 | { NULL, 0 },\r | |
230 | };\r | |
231 | \r | |
780847d1 | 232 | EFI_IPSEC2_PROTOCOL *mIpSec;\r |
a3bcde70 HT |
233 | EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r |
234 | EFI_HII_HANDLE mHiiHandle;\r | |
235 | EFI_GUID mEfiIpSecConfigGuid = EFI_IPSEC_CONFIG_GUID;\r | |
236 | CHAR16 mAppName[] = L"IpSecConfig";\r | |
237 | \r | |
238 | //\r | |
239 | // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r | |
240 | //\r | |
241 | VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r | |
242 | { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
243 | { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
244 | { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
245 | { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
246 | \r | |
247 | { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
248 | { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
249 | { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
250 | { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
251 | { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
252 | { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r | |
253 | \r | |
254 | { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r | |
255 | \r | |
256 | //\r | |
257 | // SPD Selector\r | |
258 | //\r | |
259 | { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r | |
260 | { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r | |
261 | { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r | |
262 | { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r | |
263 | { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r | |
264 | { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r | |
265 | { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r | |
266 | \r | |
267 | //\r | |
268 | // SPD Data\r | |
269 | //\r | |
270 | { L"--name", 0, 0, BIT(2), 0 },\r | |
271 | { L"--packet-flag", 0, 0, BIT(2), 0 },\r | |
272 | { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r | |
273 | { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r | |
274 | { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r | |
275 | { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r | |
276 | { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r | |
277 | { L"--tunnel-local", 0, 0, BIT(2), 0 },\r | |
278 | { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r | |
279 | { L"--dont-fragment", 0, 0, BIT(2), 0 },\r | |
280 | { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r | |
281 | { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r | |
282 | { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r | |
283 | \r | |
284 | { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r | |
285 | { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r | |
286 | { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r | |
287 | { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r | |
288 | { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r | |
289 | { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r | |
290 | \r | |
291 | //\r | |
292 | // SA ID\r | |
293 | // --ipsec-proto\r | |
294 | //\r | |
295 | { L"--spi", 0, 0, BIT(1), 0 },\r | |
64b2d0e5 | 296 | { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r |
297 | { L"--tunnel-source", 0, 0, BIT(1), 0 },\r | |
a3bcde70 HT |
298 | { L"--lookup-spi", 0, 0, BIT(1), 0 },\r |
299 | { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r | |
300 | { L"--lookup-dest", 0, 0, BIT(1), 0 },\r | |
301 | \r | |
302 | //\r | |
303 | // SA DATA\r | |
304 | // --mode\r | |
305 | // --auth-algo\r | |
306 | // --encrypt-algo\r | |
307 | //\r | |
308 | { L"--sequence-number", 0, 0, BIT(1), 0 },\r | |
309 | { L"--antireplay-window", 0, 0, BIT(1), 0 },\r | |
310 | { L"--auth-key", 0, 0, BIT(1), 0 },\r | |
311 | { L"--encrypt-key", 0, 0, BIT(1), 0 },\r | |
312 | { L"--path-mtu", 0, 0, BIT(1), 0 },\r | |
313 | \r | |
314 | //\r | |
315 | // The example to add a PAD:\r | |
316 | // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r | |
317 | // --auth-method PreSharedSeceret/Certificate --ike-id\r | |
318 | // --auth-data 343343 --revocation-data 2342432"\r | |
319 | // The example to delete a PAD:\r | |
320 | // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r | |
321 | // "-D 1"\r | |
322 | // The example to edit a PAD:\r | |
323 | // "-E * --lookup-peer-id Mike --auth-method Certificate"\r | |
324 | \r | |
325 | //\r | |
326 | // PAD ID\r | |
327 | //\r | |
328 | { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r | |
329 | { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r | |
330 | { L"--auth-proto", 0, 0, BIT(0), 0 },\r | |
331 | { L"--auth-method", 0, 0, BIT(0), 0 },\r | |
332 | { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r | |
333 | { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r | |
334 | { L"--auth-data", 0, 0, BIT(0), 0 },\r | |
335 | { L"--revocation-data", 0, 0, BIT(0), 0 },\r | |
336 | { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r | |
337 | { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r | |
338 | \r | |
339 | { NULL, 0, 0, 0, 0 },\r | |
340 | };\r | |
341 | \r | |
342 | /**\r | |
343 | The function to allocate the proper sized buffer for various\r | |
344 | EFI interfaces.\r | |
345 | \r | |
346 | @param[in, out] Status Current status.\r | |
347 | @param[in, out] Buffer Current allocated buffer, or NULL.\r | |
348 | @param[in] BufferSize Current buffer size needed\r | |
349 | \r | |
350 | @retval TRUE If the buffer was reallocated and the caller should try the API again.\r | |
351 | @retval FALSE If the buffer was not reallocated successfully.\r | |
352 | **/\r | |
353 | BOOLEAN\r | |
354 | GrowBuffer (\r | |
355 | IN OUT EFI_STATUS *Status,\r | |
356 | IN OUT VOID **Buffer,\r | |
357 | IN UINTN BufferSize\r | |
358 | )\r | |
359 | {\r | |
360 | BOOLEAN TryAgain;\r | |
361 | \r | |
362 | ASSERT (Status != NULL);\r | |
363 | ASSERT (Buffer != NULL);\r | |
364 | \r | |
365 | //\r | |
366 | // If this is an initial request, buffer will be null with a new buffer size.\r | |
367 | //\r | |
368 | if ((NULL == *Buffer) && (BufferSize != 0)) {\r | |
369 | *Status = EFI_BUFFER_TOO_SMALL;\r | |
370 | }\r | |
371 | \r | |
372 | //\r | |
373 | // If the status code is "buffer too small", resize the buffer.\r | |
374 | //\r | |
375 | TryAgain = FALSE;\r | |
376 | if (*Status == EFI_BUFFER_TOO_SMALL) {\r | |
377 | \r | |
378 | if (*Buffer != NULL) {\r | |
379 | FreePool (*Buffer);\r | |
380 | }\r | |
381 | \r | |
382 | *Buffer = AllocateZeroPool (BufferSize);\r | |
383 | \r | |
384 | if (*Buffer != NULL) {\r | |
385 | TryAgain = TRUE;\r | |
386 | } else {\r | |
387 | *Status = EFI_OUT_OF_RESOURCES;\r | |
388 | }\r | |
389 | }\r | |
390 | \r | |
391 | //\r | |
392 | // If there's an error, free the buffer.\r | |
393 | //\r | |
394 | if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r | |
395 | FreePool (*Buffer);\r | |
396 | *Buffer = NULL;\r | |
397 | }\r | |
398 | \r | |
399 | return TryAgain;\r | |
400 | }\r | |
401 | \r | |
402 | /**\r | |
403 | Function returns an array of handles that support the requested protocol\r | |
404 | in a buffer allocated from a pool.\r | |
405 | \r | |
406 | @param[in] SearchType Specifies which handle(s) are to be returned.\r | |
407 | @param[in] Protocol Provides the protocol to search by.\r | |
408 | This parameter is only valid for SearchType ByProtocol.\r | |
409 | \r | |
410 | @param[in] SearchKey Supplies the search key depending on the SearchType.\r | |
411 | @param[in, out] NoHandles The number of handles returned in Buffer.\r | |
412 | @param[out] Buffer A pointer to the buffer to return the requested array of\r | |
413 | handles that support Protocol.\r | |
414 | \r | |
415 | @retval EFI_SUCCESS The resulting array of handles was returned.\r | |
416 | @retval Others Other mistake case.\r | |
417 | **/\r | |
418 | EFI_STATUS\r | |
419 | LocateHandle (\r | |
420 | IN EFI_LOCATE_SEARCH_TYPE SearchType,\r | |
421 | IN EFI_GUID *Protocol OPTIONAL,\r | |
422 | IN VOID *SearchKey OPTIONAL,\r | |
423 | IN OUT UINTN *NoHandles,\r | |
424 | OUT EFI_HANDLE **Buffer\r | |
425 | )\r | |
426 | {\r | |
427 | EFI_STATUS Status;\r | |
428 | UINTN BufferSize;\r | |
429 | \r | |
430 | ASSERT (NoHandles != NULL);\r | |
431 | ASSERT (Buffer != NULL);\r | |
432 | \r | |
433 | //\r | |
434 | // Initialize for GrowBuffer loop.\r | |
435 | //\r | |
436 | Status = EFI_SUCCESS;\r | |
437 | *Buffer = NULL;\r | |
438 | BufferSize = 50 * sizeof (EFI_HANDLE);\r | |
439 | \r | |
440 | //\r | |
441 | // Call the real function.\r | |
442 | //\r | |
443 | while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r | |
444 | Status = gBS->LocateHandle (\r | |
445 | SearchType,\r | |
446 | Protocol,\r | |
447 | SearchKey,\r | |
448 | &BufferSize,\r | |
449 | *Buffer\r | |
450 | );\r | |
451 | }\r | |
452 | \r | |
453 | *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r | |
454 | if (EFI_ERROR (Status)) {\r | |
455 | *NoHandles = 0;\r | |
456 | }\r | |
457 | \r | |
458 | return Status;\r | |
459 | }\r | |
460 | \r | |
461 | /**\r | |
462 | Find the first instance of this protocol in the system and return its interface.\r | |
463 | \r | |
464 | @param[in] ProtocolGuid The guid of the protocol.\r | |
465 | @param[out] Interface The pointer to the first instance of the protocol.\r | |
466 | \r | |
467 | @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r | |
468 | @retval Others A protocol instance matching ProtocolGuid was not found.\r | |
469 | **/\r | |
470 | EFI_STATUS\r | |
471 | LocateProtocol (\r | |
472 | IN EFI_GUID *ProtocolGuid,\r | |
473 | OUT VOID **Interface\r | |
474 | )\r | |
475 | \r | |
476 | {\r | |
477 | EFI_STATUS Status;\r | |
478 | UINTN NumberHandles;\r | |
479 | UINTN Index;\r | |
480 | EFI_HANDLE *Handles;\r | |
481 | \r | |
482 | *Interface = NULL;\r | |
483 | Handles = NULL;\r | |
484 | NumberHandles = 0;\r | |
485 | \r | |
486 | Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r | |
487 | if (EFI_ERROR (Status)) {\r | |
488 | DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r | |
489 | return Status;\r | |
490 | }\r | |
491 | \r | |
492 | for (Index = 0; Index < NumberHandles; Index++) {\r | |
493 | ASSERT (Handles != NULL);\r | |
494 | Status = gBS->HandleProtocol (\r | |
495 | Handles[Index],\r | |
496 | ProtocolGuid,\r | |
497 | Interface\r | |
498 | );\r | |
499 | \r | |
500 | if (!EFI_ERROR (Status)) {\r | |
501 | break;\r | |
502 | }\r | |
503 | }\r | |
504 | \r | |
505 | if (Handles != NULL) {\r | |
506 | FreePool (Handles);\r | |
507 | }\r | |
508 | \r | |
509 | return Status;\r | |
510 | }\r | |
511 | \r | |
512 | /**\r | |
513 | Helper function called to check the conflicted flags.\r | |
514 | \r | |
515 | @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r | |
516 | @param[in] ParamPackage The pointer to the ParamPackage list.\r | |
517 | \r | |
518 | @retval EFI_SUCCESS No conflicted flags.\r | |
519 | @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r | |
520 | **/\r | |
521 | EFI_STATUS\r | |
522 | IpSecConfigRetriveCheckListByName (\r | |
523 | IN VAR_CHECK_ITEM *CheckList,\r | |
524 | IN LIST_ENTRY *ParamPackage\r | |
525 | )\r | |
526 | {\r | |
527 | \r | |
528 | LIST_ENTRY *Node;\r | |
529 | VAR_CHECK_ITEM *Item;\r | |
530 | UINT32 Attribute1;\r | |
531 | UINT32 Attribute2;\r | |
532 | UINT32 Attribute3;\r | |
533 | UINT32 Attribute4;\r | |
534 | UINT32 Index;\r | |
535 | \r | |
536 | Attribute1 = 0;\r | |
537 | Attribute2 = 0;\r | |
538 | Attribute3 = 0;\r | |
539 | Attribute4 = 0;\r | |
540 | Index = 0;\r | |
541 | Item = mIpSecConfigVarCheckList;\r | |
542 | \r | |
543 | if ((ParamPackage == NULL) || (CheckList == NULL)) {\r | |
544 | return EFI_INVALID_PARAMETER;\r | |
545 | }\r | |
546 | \r | |
547 | //\r | |
548 | // Enumerate through the list of parameters that are input by user.\r | |
549 | //\r | |
550 | for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r | |
551 | if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r | |
552 | //\r | |
64b2d0e5 | 553 | // Enumerate the check list that defines the conflicted attributes of each flag.\r |
a3bcde70 HT |
554 | //\r |
555 | for (; Item->VarName != NULL; Item++) {\r | |
556 | if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r | |
557 | Index++;\r | |
558 | if (Index == 1) {\r | |
559 | Attribute1 = Item->Attribute1;\r | |
560 | Attribute2 = Item->Attribute2;\r | |
561 | Attribute3 = Item->Attribute3;\r | |
562 | Attribute4 = Item->Attribute4;\r | |
563 | } else {\r | |
564 | Attribute1 &= Item->Attribute1;\r | |
565 | Attribute2 |= Item->Attribute2;\r | |
566 | Attribute3 &= Item->Attribute3;\r | |
567 | Attribute4 |= Item->Attribute4;\r | |
568 | if (Attribute1 != 0) {\r | |
569 | return EFI_INVALID_PARAMETER;\r | |
570 | }\r | |
571 | \r | |
572 | if (Attribute2 != 0) {\r | |
573 | if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r | |
574 | continue;\r | |
575 | }\r | |
576 | \r | |
577 | return EFI_INVALID_PARAMETER;\r | |
578 | }\r | |
579 | \r | |
580 | if (Attribute3 == 0) {\r | |
581 | return EFI_INVALID_PARAMETER;\r | |
582 | }\r | |
583 | if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r | |
584 | ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r | |
585 | return EFI_INVALID_PARAMETER;\r | |
586 | }\r | |
587 | }\r | |
588 | break;\r | |
589 | }\r | |
590 | }\r | |
591 | \r | |
592 | Item = mIpSecConfigVarCheckList;\r | |
593 | }\r | |
594 | }\r | |
595 | \r | |
596 | return EFI_SUCCESS;\r | |
597 | }\r | |
598 | \r | |
599 | /**\r | |
600 | This is the declaration of an EFI image entry point. This entry point is\r | |
601 | the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r | |
602 | both device drivers and bus drivers.\r | |
603 | \r | |
604 | The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r | |
605 | \r | |
606 | @param[in] ImageHandle The image handle of this application.\r | |
607 | @param[in] SystemTable The pointer to the EFI System Table.\r | |
608 | \r | |
609 | @retval EFI_SUCCESS The operation completed successfully.\r | |
610 | \r | |
611 | **/\r | |
612 | EFI_STATUS\r | |
613 | EFIAPI\r | |
614 | InitializeIpSecConfig (\r | |
615 | IN EFI_HANDLE ImageHandle,\r | |
616 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
617 | )\r | |
618 | {\r | |
619 | EFI_STATUS Status;\r | |
620 | EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r | |
621 | UINT8 Value;\r | |
622 | LIST_ENTRY *ParamPackage;\r | |
623 | CONST CHAR16 *ValueStr;\r | |
624 | CHAR16 *ProblemParam;\r | |
625 | UINTN NonOptionCount;\r | |
626 | \r | |
627 | //\r | |
628 | // Register our string package with HII and return the handle to it.\r | |
629 | //\r | |
630 | mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);\r | |
631 | ASSERT (mHiiHandle != NULL);\r | |
632 | \r | |
633 | Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r | |
634 | if (EFI_ERROR (Status)) {\r | |
635 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r | |
636 | goto Done;\r | |
637 | }\r | |
638 | \r | |
639 | Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r | |
640 | if (EFI_ERROR (Status)) {\r | |
641 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r | |
642 | goto Done;\r | |
643 | }\r | |
644 | \r | |
645 | Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r | |
646 | if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r | |
647 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r | |
648 | goto Done;\r | |
649 | }\r | |
650 | \r | |
651 | Status = LocateProtocol (&gEfiIpSecProtocolGuid, (VOID **) &mIpSec);\r | |
652 | if (EFI_ERROR (Status) || mIpSec == NULL) {\r | |
653 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r | |
654 | goto Done;\r | |
655 | }\r | |
656 | \r | |
657 | //\r | |
658 | // Enable IPsec.\r | |
659 | //\r | |
660 | if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r | |
661 | if (!(mIpSec->DisabledFlag)) {\r | |
662 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r | |
663 | } else {\r | |
664 | //\r | |
665 | // Set enable flag.\r | |
666 | //\r | |
667 | Value = IPSEC_STATUS_ENABLED;\r | |
668 | Status = gRT->SetVariable (\r | |
669 | IPSECCONFIG_STATUS_NAME,\r | |
670 | &gEfiIpSecConfigProtocolGuid,\r | |
671 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r | |
672 | sizeof (Value),\r | |
673 | &Value\r | |
674 | );\r | |
675 | if (!EFI_ERROR (Status)) {\r | |
676 | mIpSec->DisabledFlag = FALSE;\r | |
677 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r | |
678 | } else {\r | |
679 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r | |
680 | }\r | |
681 | }\r | |
682 | \r | |
683 | goto Done;\r | |
684 | }\r | |
685 | \r | |
686 | //\r | |
687 | // Disable IPsec.\r | |
688 | //\r | |
689 | if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r | |
690 | if (mIpSec->DisabledFlag) {\r | |
691 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r | |
692 | } else {\r | |
693 | //\r | |
694 | // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r | |
695 | //\r | |
696 | gBS->SignalEvent (mIpSec->DisabledEvent);\r | |
697 | if (mIpSec->DisabledFlag) {\r | |
698 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r | |
699 | } else {\r | |
700 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r | |
701 | }\r | |
702 | }\r | |
703 | \r | |
704 | goto Done;\r | |
705 | }\r | |
706 | \r | |
707 | //\r | |
708 | //IPsec Status.\r | |
709 | //\r | |
710 | if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r | |
711 | if (mIpSec->DisabledFlag) {\r | |
712 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r | |
713 | } else {\r | |
714 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r | |
715 | }\r | |
a3bcde70 HT |
716 | goto Done;\r |
717 | }\r | |
718 | \r | |
719 | //\r | |
720 | // Try to get policy database type.\r | |
721 | //\r | |
722 | DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) -1;\r | |
723 | ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r | |
724 | if (ValueStr != NULL) {\r | |
725 | DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r | |
726 | if (DataType == -1) {\r | |
727 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r | |
728 | goto Done;\r | |
729 | }\r | |
730 | }\r | |
731 | \r | |
732 | if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {\r | |
733 | switch (DataType) {\r | |
734 | case (EFI_IPSEC_CONFIG_DATA_TYPE) -1:\r | |
735 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);\r | |
736 | break;\r | |
737 | \r | |
738 | case IPsecConfigDataTypeSpd:\r | |
739 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);\r | |
740 | break;\r | |
741 | \r | |
742 | case IPsecConfigDataTypeSad:\r | |
743 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);\r | |
744 | break;\r | |
745 | \r | |
746 | case IPsecConfigDataTypePad:\r | |
747 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);\r | |
748 | break;\r | |
749 | \r | |
750 | default:\r | |
751 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);\r | |
752 | break;\r | |
753 | }\r | |
754 | \r | |
755 | goto Done;\r | |
756 | }\r | |
757 | \r | |
780847d1 | 758 | NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r |
a3bcde70 HT |
759 | if ((NonOptionCount - 1) > 0) {\r |
760 | ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r | |
761 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r | |
762 | goto Done;\r | |
763 | }\r | |
764 | \r | |
765 | if (DataType == -1) {\r | |
766 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r | |
767 | goto Done;\r | |
768 | }\r | |
769 | \r | |
770 | if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r | |
771 | Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r | |
772 | if (EFI_ERROR (Status)) {\r | |
773 | goto Done;\r | |
774 | }\r | |
775 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r | |
776 | Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r | |
777 | if (EFI_ERROR (Status)) {\r | |
778 | goto Done;\r | |
779 | }\r | |
780 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r | |
781 | Status = EditPolicyEntry (DataType, ParamPackage);\r | |
782 | if (EFI_ERROR (Status)) {\r | |
783 | goto Done;\r | |
784 | }\r | |
785 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r | |
786 | Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r | |
787 | if (EFI_ERROR (Status)) {\r | |
788 | goto Done;\r | |
789 | }\r | |
790 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r | |
791 | Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r | |
792 | if (EFI_ERROR (Status)) {\r | |
793 | goto Done;\r | |
794 | }\r | |
795 | } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r | |
796 | Status = ListPolicyEntry (DataType, ParamPackage);\r | |
797 | if (EFI_ERROR (Status)) {\r | |
798 | goto Done;\r | |
799 | }\r | |
800 | } else {\r | |
801 | ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r | |
802 | goto Done;\r | |
803 | }\r | |
804 | \r | |
805 | Done:\r | |
806 | ShellCommandLineFreeVarList (ParamPackage);\r | |
807 | HiiRemovePackages (mHiiHandle);\r | |
808 | \r | |
809 | return EFI_SUCCESS;\r | |
810 | }\r |