]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/Application/IpsecConfig/IpSecConfig.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
BaseTools/Capsule: Do not support -o with --dump-info
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
CommitLineData
a3bcde70
HT		 1/** @file\r
2 The main process for IpSecConfig application.\r
3\r
96c1d788 4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
a3bcde70
HT		 5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include <Library/UefiRuntimeServicesTableLib.h>\r
17#include <Library/HiiLib.h>\r
18\r
19#include <Protocol/IpSec.h>\r
20\r
21#include "IpSecConfig.h"\r
22#include "Dump.h"\r
23#include "Indexer.h"\r
24#include "PolicyEntryOperation.h"\r
25#include "Delete.h"\r
26#include "Helper.h"\r
27\r
96c1d788
JW		 28//\r
29// String token ID of IpSecConfig command help message text.\r
30//\r
31GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId = STRING_TOKEN (STR_IPSEC_CONFIG_HELP);\r
32\r
a3bcde70
HT		 33//\r
34// Used for ShellCommandLineParseEx only\r
35// and to ensure user inputs are in valid format\r
36//\r
37SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r
38 { L"-p", TypeValue },\r
39 { L"-a", TypeValue },\r
40 { L"-i", TypeValue },\r
41 { L"-e", TypeValue },\r
42 { L"-d", TypeValue },\r
43 { L"-f", TypeFlag },\r
44 { L"-l", TypeFlag },\r
45 { L"-enable", TypeFlag },\r
46 { L"-disable", TypeFlag },\r
47 { L"-status", TypeFlag },\r
a3bcde70
HT		 48\r
49 //\r
50 // SPD Selector\r
51 //\r
52 { L"--local", TypeValue },\r
53 { L"--remote", TypeValue },\r
54 { L"--proto", TypeValue },\r
55 { L"--local-port", TypeValue },\r
56 { L"--remote-port", TypeValue },\r
57 { L"--icmp-type", TypeValue },\r
58 { L"--icmp-code", TypeValue },\r
59\r
60 //\r
61 // SPD Data\r
62 //\r
63 { L"--name", TypeValue },\r
64 { L"--packet-flag", TypeValue },\r
65 { L"--action", TypeValue },\r
66 { L"--lifebyte", TypeValue },\r
67 { L"--lifetime-soft", TypeValue },\r
68 { L"--lifetime", TypeValue },\r
69 { L"--mode", TypeValue },\r
70 { L"--tunnel-local", TypeValue },\r
71 { L"--tunnel-remote", TypeValue },\r
72 { L"--dont-fragment", TypeValue },\r
73 { L"--ipsec-proto", TypeValue },\r
74 { L"--auth-algo", TypeValue },\r
75 { L"--encrypt-algo", TypeValue },\r
76\r
77 { L"--ext-sequence", TypeFlag },\r
78 { L"--sequence-overflow", TypeFlag },\r
79 { L"--fragment-check", TypeFlag },\r
80 { L"--ext-sequence-", TypeFlag },\r
81 { L"--sequence-overflow-", TypeFlag },\r
82 { L"--fragment-check-", TypeFlag },\r
83\r
84 //\r
85 // SA ID\r
86 // --ipsec-proto\r
87 //\r
88 { L"--spi", TypeValue },\r
64b2d0e5 89 { L"--tunnel-dest", TypeValue },\r
90 { L"--tunnel-source", TypeValue },\r
a3bcde70
HT		 91 { L"--lookup-spi", TypeValue },\r
92 { L"--lookup-ipsec-proto", TypeValue },\r
93 { L"--lookup-dest", TypeValue },\r
94\r
95 //\r
96 // SA DATA\r
97 // --mode\r
98 // --auth-algo\r
99 // --encrypt-algo\r
100 //\r
101 { L"--sequence-number", TypeValue },\r
102 { L"--antireplay-window", TypeValue },\r
103 { L"--auth-key", TypeValue },\r
104 { L"--encrypt-key", TypeValue },\r
105 { L"--path-mtu", TypeValue },\r
106\r
107 //\r
108 // PAD ID\r
109 //\r
110 { L"--peer-id", TypeValue },\r
111 { L"--peer-address", TypeValue },\r
112 { L"--auth-proto", TypeValue },\r
113 { L"--auth-method", TypeValue },\r
114 { L"--ike-id", TypeValue },\r
115 { L"--ike-id-", TypeValue },\r
116 { L"--auth-data", TypeValue },\r
117 { L"--revocation-data", TypeValue },\r
118 { L"--lookup-peer-id", TypeValue },\r
119 { L"--lookup-peer-address", TypeValue },\r
120\r
121 { NULL, TypeMax },\r
122};\r
123\r
124//\r
125// -P\r
126//\r
127STR2INT mMapPolicy[] = {\r
128 { L"SPD", IPsecConfigDataTypeSpd },\r
129 { L"SAD", IPsecConfigDataTypeSad },\r
130 { L"PAD", IPsecConfigDataTypePad },\r
131 { NULL, 0 },\r
132};\r
133\r
134//\r
135// --proto\r
136//\r
137STR2INT mMapIpProtocol[] = {\r
138 { L"TCP", EFI_IP4_PROTO_TCP },\r
139 { L"UDP", EFI_IP4_PROTO_UDP },\r
140 { L"ICMP", EFI_IP4_PROTO_ICMP },\r
141 { NULL, 0 },\r
142};\r
143\r
144//\r
145// --action\r
146//\r
147STR2INT mMapIpSecAction[] = {\r
148 { L"Bypass", EfiIPsecActionBypass },\r
149 { L"Discard", EfiIPsecActionDiscard },\r
150 { L"Protect", EfiIPsecActionProtect },\r
151 { NULL, 0 },\r
152};\r
153\r
154//\r
155// --mode\r
156//\r
157STR2INT mMapIpSecMode[] = {\r
158 { L"Transport", EfiIPsecTransport },\r
159 { L"Tunnel", EfiIPsecTunnel },\r
160 { NULL, 0 },\r
161};\r
162\r
163//\r
164// --dont-fragment\r
165//\r
166STR2INT mMapDfOption[] = {\r
167 { L"clear", EfiIPsecTunnelClearDf },\r
168 { L"set", EfiIPsecTunnelSetDf },\r
169 { L"copy", EfiIPsecTunnelCopyDf },\r
170 { NULL, 0 },\r
171};\r
172\r
173//\r
174// --ipsec-proto\r
175//\r
176STR2INT mMapIpSecProtocol[] = {\r
177 { L"AH", EfiIPsecAH },\r
178 { L"ESP", EfiIPsecESP },\r
179 { NULL, 0 },\r
180};\r
181\r
182//\r
183// --auth-algo\r
184//\r
185STR2INT mMapAuthAlgo[] = {\r
780847d1 186 { L"NONE", IPSEC_AALG_NONE },\r
187 { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r
188 { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r
189 { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r
190 { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r
191 { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r
192 { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r
193 { L"NULL", IPSEC_AALG_NULL },\r
a3bcde70
HT		 194 { NULL, 0 },\r
195};\r
196\r
197//\r
198// --encrypt-algo\r
199//\r
200STR2INT mMapEncAlgo[] = {\r
780847d1 201 { L"NONE", IPSEC_EALG_NONE },\r
202 { L"DESCBC", IPSEC_EALG_DESCBC },\r
203 { L"3DESCBC", IPSEC_EALG_3DESCBC },\r
204 { L"CASTCBC", IPSEC_EALG_CASTCBC },\r
205 { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r
206 { L"NULL", IPSEC_EALG_NULL },\r
207 { L"AESCBC", IPSEC_EALG_AESCBC },\r
208 { L"AESCTR", IPSEC_EALG_AESCTR },\r
209 { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r
210 { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r
211 { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r
212 { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r
213 { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r
214 { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r
a3bcde70
HT		 215 { NULL, 0 },\r
216};\r
217\r
218//\r
219// --auth-proto\r
220//\r
221STR2INT mMapAuthProto[] = {\r
222 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r
223 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r
224 { NULL, 0 },\r
225};\r
226\r
227//\r
228// --auth-method\r
229//\r
230STR2INT mMapAuthMethod[] = {\r
231 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r
232 { L"Certificates", EfiIPsecAuthMethodCertificates },\r
233 { NULL, 0 },\r
234};\r
235\r
780847d1 236EFI_IPSEC2_PROTOCOL *mIpSec;\r
a3bcde70
HT		 237EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r
238EFI_HII_HANDLE mHiiHandle;\r
a3bcde70
HT		 239CHAR16 mAppName[] = L"IpSecConfig";\r
240\r
241//\r
242// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r
243//\r
244VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r
245 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
246 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
247 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
248 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
249\r
250 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
251 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
252 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
253 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
254 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
255 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
256\r
257 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r
258\r
259 //\r
260 // SPD Selector\r
261 //\r
262 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r
263 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r
264 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r
265 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
266 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
267 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
268 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
269\r
270 //\r
271 // SPD Data\r
272 //\r
273 { L"--name", 0, 0, BIT(2), 0 },\r
274 { L"--packet-flag", 0, 0, BIT(2), 0 },\r
275 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r
276 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r
277 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r
278 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r
279 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r
280 { L"--tunnel-local", 0, 0, BIT(2), 0 },\r
281 { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r
282 { L"--dont-fragment", 0, 0, BIT(2), 0 },\r
283 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r
284 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
285 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
286\r
287 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r
288 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r
289 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r
290 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r
291 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r
292 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r
293\r
294 //\r
295 // SA ID\r
296 // --ipsec-proto\r
297 //\r
298 { L"--spi", 0, 0, BIT(1), 0 },\r
64b2d0e5 299 { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r
300 { L"--tunnel-source", 0, 0, BIT(1), 0 },\r
a3bcde70
HT		 301 { L"--lookup-spi", 0, 0, BIT(1), 0 },\r
302 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r
303 { L"--lookup-dest", 0, 0, BIT(1), 0 },\r
304\r
305 //\r
306 // SA DATA\r
307 // --mode\r
308 // --auth-algo\r
309 // --encrypt-algo\r
310 //\r
311 { L"--sequence-number", 0, 0, BIT(1), 0 },\r
312 { L"--antireplay-window", 0, 0, BIT(1), 0 },\r
313 { L"--auth-key", 0, 0, BIT(1), 0 },\r
314 { L"--encrypt-key", 0, 0, BIT(1), 0 },\r
315 { L"--path-mtu", 0, 0, BIT(1), 0 },\r
316\r
317 //\r
318 // The example to add a PAD:\r
319 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r
320 // --auth-method PreSharedSeceret/Certificate --ike-id\r
321 // --auth-data 343343 --revocation-data 2342432"\r
322 // The example to delete a PAD:\r
323 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r
324 // "-D 1"\r
325 // The example to edit a PAD:\r
326 // "-E * --lookup-peer-id Mike --auth-method Certificate"\r
327\r
328 //\r
329 // PAD ID\r
330 //\r
331 { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r
332 { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r
333 { L"--auth-proto", 0, 0, BIT(0), 0 },\r
334 { L"--auth-method", 0, 0, BIT(0), 0 },\r
335 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r
336 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r
337 { L"--auth-data", 0, 0, BIT(0), 0 },\r
338 { L"--revocation-data", 0, 0, BIT(0), 0 },\r
339 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r
340 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r
341\r
342 { NULL, 0, 0, 0, 0 },\r
343};\r
344\r
345/**\r
346 The function to allocate the proper sized buffer for various\r
347 EFI interfaces.\r
348\r
349 @param[in, out] Status Current status.\r
350 @param[in, out] Buffer Current allocated buffer, or NULL.\r
351 @param[in] BufferSize Current buffer size needed\r
352\r
353 @retval TRUE If the buffer was reallocated and the caller should try the API again.\r
354 @retval FALSE If the buffer was not reallocated successfully.\r
355**/\r
356BOOLEAN\r
357GrowBuffer (\r
358 IN OUT EFI_STATUS *Status,\r
359 IN OUT VOID **Buffer,\r
360 IN UINTN BufferSize\r
361 )\r
362{\r
363 BOOLEAN TryAgain;\r
364\r
365 ASSERT (Status != NULL);\r
366 ASSERT (Buffer != NULL);\r
367\r
368 //\r
369 // If this is an initial request, buffer will be null with a new buffer size.\r
370 //\r
371 if ((NULL == *Buffer) && (BufferSize != 0)) {\r
372 *Status = EFI_BUFFER_TOO_SMALL;\r
373 }\r
374\r
375 //\r
376 // If the status code is "buffer too small", resize the buffer.\r
377 //\r
378 TryAgain = FALSE;\r
379 if (*Status == EFI_BUFFER_TOO_SMALL) {\r
380\r
381 if (*Buffer != NULL) {\r
382 FreePool (*Buffer);\r
383 }\r
384\r
385 *Buffer = AllocateZeroPool (BufferSize);\r
386\r
387 if (*Buffer != NULL) {\r
388 TryAgain = TRUE;\r
389 } else {\r
390 *Status = EFI_OUT_OF_RESOURCES;\r
391 }\r
392 }\r
393\r
394 //\r
395 // If there's an error, free the buffer.\r
396 //\r
397 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r
398 FreePool (*Buffer);\r
399 *Buffer = NULL;\r
400 }\r
401\r
402 return TryAgain;\r
403}\r
404\r
405/**\r
406 Function returns an array of handles that support the requested protocol\r
407 in a buffer allocated from a pool.\r
408\r
409 @param[in] SearchType Specifies which handle(s) are to be returned.\r
410 @param[in] Protocol Provides the protocol to search by.\r
411 This parameter is only valid for SearchType ByProtocol.\r
412\r
413 @param[in] SearchKey Supplies the search key depending on the SearchType.\r
414 @param[in, out] NoHandles The number of handles returned in Buffer.\r
415 @param[out] Buffer A pointer to the buffer to return the requested array of\r
416 handles that support Protocol.\r
417\r
418 @retval EFI_SUCCESS The resulting array of handles was returned.\r
419 @retval Others Other mistake case.\r
420**/\r
421EFI_STATUS\r
422LocateHandle (\r
423 IN EFI_LOCATE_SEARCH_TYPE SearchType,\r
424 IN EFI_GUID *Protocol OPTIONAL,\r
425 IN VOID *SearchKey OPTIONAL,\r
426 IN OUT UINTN *NoHandles,\r
427 OUT EFI_HANDLE **Buffer\r
428 )\r
429{\r
430 EFI_STATUS Status;\r
431 UINTN BufferSize;\r
432\r
433 ASSERT (NoHandles != NULL);\r
434 ASSERT (Buffer != NULL);\r
435\r
436 //\r
437 // Initialize for GrowBuffer loop.\r
438 //\r
439 Status = EFI_SUCCESS;\r
440 *Buffer = NULL;\r
441 BufferSize = 50 * sizeof (EFI_HANDLE);\r
442\r
443 //\r
444 // Call the real function.\r
445 //\r
446 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r
447 Status = gBS->LocateHandle (\r
448 SearchType,\r
449 Protocol,\r
450 SearchKey,\r
451 &BufferSize,\r
452 *Buffer\r
453 );\r
454 }\r
455\r
456 *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r
457 if (EFI_ERROR (Status)) {\r
458 *NoHandles = 0;\r
459 }\r
460\r
461 return Status;\r
462}\r
463\r
464/**\r
465 Find the first instance of this protocol in the system and return its interface.\r
466\r
467 @param[in] ProtocolGuid The guid of the protocol.\r
468 @param[out] Interface The pointer to the first instance of the protocol.\r
469\r
470 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r
471 @retval Others A protocol instance matching ProtocolGuid was not found.\r
472**/\r
473EFI_STATUS\r
474LocateProtocol (\r
475 IN EFI_GUID *ProtocolGuid,\r
476 OUT VOID **Interface\r
477 )\r
478\r
479{\r
480 EFI_STATUS Status;\r
481 UINTN NumberHandles;\r
482 UINTN Index;\r
483 EFI_HANDLE *Handles;\r
484\r
485 *Interface = NULL;\r
486 Handles = NULL;\r
487 NumberHandles = 0;\r
488\r
489 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r
490 if (EFI_ERROR (Status)) {\r
491 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r
492 return Status;\r
493 }\r
494\r
495 for (Index = 0; Index < NumberHandles; Index++) {\r
496 ASSERT (Handles != NULL);\r
497 Status = gBS->HandleProtocol (\r
498 Handles[Index],\r
499 ProtocolGuid,\r
500 Interface\r
501 );\r
502\r
503 if (!EFI_ERROR (Status)) {\r
504 break;\r
505 }\r
506 }\r
507\r
508 if (Handles != NULL) {\r
509 FreePool (Handles);\r
510 }\r
511\r
512 return Status;\r
513}\r
514\r
515/**\r
516 Helper function called to check the conflicted flags.\r
517\r
518 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r
519 @param[in] ParamPackage The pointer to the ParamPackage list.\r
520\r
521 @retval EFI_SUCCESS No conflicted flags.\r
522 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r
523**/\r
524EFI_STATUS\r
525IpSecConfigRetriveCheckListByName (\r
526 IN VAR_CHECK_ITEM *CheckList,\r
527 IN LIST_ENTRY *ParamPackage\r
528)\r
529{\r
530\r
531 LIST_ENTRY *Node;\r
532 VAR_CHECK_ITEM *Item;\r
533 UINT32 Attribute1;\r
534 UINT32 Attribute2;\r
535 UINT32 Attribute3;\r
536 UINT32 Attribute4;\r
537 UINT32 Index;\r
538\r
539 Attribute1 = 0;\r
540 Attribute2 = 0;\r
541 Attribute3 = 0;\r
542 Attribute4 = 0;\r
543 Index = 0;\r
544 Item = mIpSecConfigVarCheckList;\r
545\r
546 if ((ParamPackage == NULL) || (CheckList == NULL)) {\r
547 return EFI_INVALID_PARAMETER;\r
548 }\r
549\r
550 //\r
551 // Enumerate through the list of parameters that are input by user.\r
552 //\r
553 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r
554 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r
555 //\r
64b2d0e5 556 // Enumerate the check list that defines the conflicted attributes of each flag.\r
a3bcde70
HT		 557 //\r
558 for (; Item->VarName != NULL; Item++) {\r
559 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r
560 Index++;\r
561 if (Index == 1) {\r
562 Attribute1 = Item->Attribute1;\r
563 Attribute2 = Item->Attribute2;\r
564 Attribute3 = Item->Attribute3;\r
565 Attribute4 = Item->Attribute4;\r
566 } else {\r
567 Attribute1 &= Item->Attribute1;\r
568 Attribute2 |= Item->Attribute2;\r
569 Attribute3 &= Item->Attribute3;\r
570 Attribute4 |= Item->Attribute4;\r
571 if (Attribute1 != 0) {\r
572 return EFI_INVALID_PARAMETER;\r
573 }\r
574\r
575 if (Attribute2 != 0) {\r
576 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r
577 continue;\r
578 }\r
579\r
580 return EFI_INVALID_PARAMETER;\r
581 }\r
582\r
583 if (Attribute3 == 0) {\r
584 return EFI_INVALID_PARAMETER;\r
585 }\r
586 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r
587 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r
588 return EFI_INVALID_PARAMETER;\r
589 }\r
590 }\r
591 break;\r
592 }\r
593 }\r
594\r
595 Item = mIpSecConfigVarCheckList;\r
596 }\r
597 }\r
598\r
599 return EFI_SUCCESS;\r
600}\r
601\r
602/**\r
603 This is the declaration of an EFI image entry point. This entry point is\r
604 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
605 both device drivers and bus drivers.\r
606\r
607 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r
608\r
609 @param[in] ImageHandle The image handle of this application.\r
610 @param[in] SystemTable The pointer to the EFI System Table.\r
611\r
612 @retval EFI_SUCCESS The operation completed successfully.\r
613\r
614**/\r
615EFI_STATUS\r
616EFIAPI\r
617InitializeIpSecConfig (\r
618 IN EFI_HANDLE ImageHandle,\r
619 IN EFI_SYSTEM_TABLE *SystemTable\r
620 )\r
621{\r
622 EFI_STATUS Status;\r
623 EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r
624 UINT8 Value;\r
625 LIST_ENTRY *ParamPackage;\r
626 CONST CHAR16 *ValueStr;\r
627 CHAR16 *ProblemParam;\r
628 UINTN NonOptionCount;\r
be6cd654 629 EFI_HII_PACKAGE_LIST_HEADER *PackageList;\r
a3bcde70
HT		 630\r
631 //\r
be6cd654 632 // Retrieve HII package list from ImageHandle\r
a3bcde70 633 //\r
be6cd654
ZL		 634 Status = gBS->OpenProtocol (\r
635 ImageHandle,\r
636 &gEfiHiiPackageListProtocolGuid,\r
637 (VOID **) &PackageList,\r
638 ImageHandle,\r
639 NULL,\r
640 EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
641 );\r
642 if (EFI_ERROR (Status)) {\r
643 return Status;\r
644 }\r
645\r
646 //\r
647 // Publish HII package list to HII Database.\r
648 //\r
649 Status = gHiiDatabase->NewPackageList (\r
650 gHiiDatabase,\r
651 PackageList,\r
652 NULL,\r
653 &mHiiHandle\r
654 );\r
655 if (EFI_ERROR (Status)) {\r
656 return Status;\r
657 }\r
658\r
a3bcde70
HT		 659 ASSERT (mHiiHandle != NULL);\r
660\r
661 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r
662 if (EFI_ERROR (Status)) {\r
663 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r
664 goto Done;\r
665 }\r
666\r
667 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r
668 if (EFI_ERROR (Status)) {\r
669 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r
670 goto Done;\r
671 }\r
672\r
673 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r
674 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r
675 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
676 goto Done;\r
677 }\r
678\r
0a7294f7 679 Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);\r
a3bcde70
HT		 680 if (EFI_ERROR (Status) || mIpSec == NULL) {\r
681 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
682 goto Done;\r
683 }\r
684\r
685 //\r
686 // Enable IPsec.\r
687 //\r
688 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r
689 if (!(mIpSec->DisabledFlag)) {\r
690 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r
691 } else {\r
692 //\r
693 // Set enable flag.\r
694 //\r
695 Value = IPSEC_STATUS_ENABLED;\r
696 Status = gRT->SetVariable (\r
697 IPSECCONFIG_STATUS_NAME,\r
698 &gEfiIpSecConfigProtocolGuid,\r
699 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
700 sizeof (Value),\r
701 &Value\r
702 );\r
703 if (!EFI_ERROR (Status)) {\r
704 mIpSec->DisabledFlag = FALSE;\r
705 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r
706 } else {\r
707 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r
708 }\r
709 }\r
710\r
711 goto Done;\r
712 }\r
713\r
714 //\r
715 // Disable IPsec.\r
716 //\r
717 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r
718 if (mIpSec->DisabledFlag) {\r
719 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r
720 } else {\r
721 //\r
722 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r
723 //\r
724 gBS->SignalEvent (mIpSec->DisabledEvent);\r
725 if (mIpSec->DisabledFlag) {\r
726 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r
727 } else {\r
728 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r
729 }\r
730 }\r
731\r
732 goto Done;\r
733 }\r
734\r
735 //\r
736 //IPsec Status.\r
737 //\r
738 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r
739 if (mIpSec->DisabledFlag) {\r
740 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r
741 } else {\r
742 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r
743 }\r
a3bcde70
HT		 744 goto Done;\r
745 }\r
746\r
747 //\r
748 // Try to get policy database type.\r
749 //\r
14fc747b 750 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;\r
a3bcde70
HT		 751 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r
752 if (ValueStr != NULL) {\r
753 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r
754 if (DataType == -1) {\r
755 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r
756 goto Done;\r
757 }\r
758 }\r
759\r
780847d1 760 NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r
a3bcde70
HT		 761 if ((NonOptionCount - 1) > 0) {\r
762 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r
763 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r
764 goto Done;\r
765 }\r
766\r
767 if (DataType == -1) {\r
768 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r
769 goto Done;\r
770 }\r
771\r
772 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
773 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
774 if (EFI_ERROR (Status)) {\r
775 goto Done;\r
776 }\r
777 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r
778 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
779 if (EFI_ERROR (Status)) {\r
780 goto Done;\r
781 }\r
782 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r
783 Status = EditPolicyEntry (DataType, ParamPackage);\r
784 if (EFI_ERROR (Status)) {\r
785 goto Done;\r
786 }\r
787 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r
788 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
789 if (EFI_ERROR (Status)) {\r
790 goto Done;\r
791 }\r
792 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r
793 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
794 if (EFI_ERROR (Status)) {\r
795 goto Done;\r
796 }\r
797 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r
798 Status = ListPolicyEntry (DataType, ParamPackage);\r
799 if (EFI_ERROR (Status)) {\r
800 goto Done;\r
801 }\r
802 } else {\r
803 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r
804 goto Done;\r
805 }\r
806\r
807Done:\r
808 ShellCommandLineFreeVarList (ParamPackage);\r
809 HiiRemovePackages (mHiiHandle);\r
810\r
811 return EFI_SUCCESS;\r
812}\r
EFI Development Kit II mirror for PVE