]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/Application/IpsecConfig/IpSecConfig.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update Ipsecconfig application.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
CommitLineData
a3bcde70
HT		 1/** @file\r
2 The main process for IpSecConfig application.\r
3\r
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include <Library/UefiRuntimeServicesTableLib.h>\r
17#include <Library/HiiLib.h>\r
18\r
19#include <Protocol/IpSec.h>\r
20\r
21#include "IpSecConfig.h"\r
22#include "Dump.h"\r
23#include "Indexer.h"\r
24#include "PolicyEntryOperation.h"\r
25#include "Delete.h"\r
26#include "Helper.h"\r
27\r
28//\r
29// Used for ShellCommandLineParseEx only\r
30// and to ensure user inputs are in valid format\r
31//\r
32SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r
33 { L"-p", TypeValue },\r
34 { L"-a", TypeValue },\r
35 { L"-i", TypeValue },\r
36 { L"-e", TypeValue },\r
37 { L"-d", TypeValue },\r
38 { L"-f", TypeFlag },\r
39 { L"-l", TypeFlag },\r
40 { L"-enable", TypeFlag },\r
41 { L"-disable", TypeFlag },\r
42 { L"-status", TypeFlag },\r
43 { L"-?", TypeFlag },\r
44\r
45 //\r
46 // SPD Selector\r
47 //\r
48 { L"--local", TypeValue },\r
49 { L"--remote", TypeValue },\r
50 { L"--proto", TypeValue },\r
51 { L"--local-port", TypeValue },\r
52 { L"--remote-port", TypeValue },\r
53 { L"--icmp-type", TypeValue },\r
54 { L"--icmp-code", TypeValue },\r
55\r
56 //\r
57 // SPD Data\r
58 //\r
59 { L"--name", TypeValue },\r
60 { L"--packet-flag", TypeValue },\r
61 { L"--action", TypeValue },\r
62 { L"--lifebyte", TypeValue },\r
63 { L"--lifetime-soft", TypeValue },\r
64 { L"--lifetime", TypeValue },\r
65 { L"--mode", TypeValue },\r
66 { L"--tunnel-local", TypeValue },\r
67 { L"--tunnel-remote", TypeValue },\r
68 { L"--dont-fragment", TypeValue },\r
69 { L"--ipsec-proto", TypeValue },\r
70 { L"--auth-algo", TypeValue },\r
71 { L"--encrypt-algo", TypeValue },\r
72\r
73 { L"--ext-sequence", TypeFlag },\r
74 { L"--sequence-overflow", TypeFlag },\r
75 { L"--fragment-check", TypeFlag },\r
76 { L"--ext-sequence-", TypeFlag },\r
77 { L"--sequence-overflow-", TypeFlag },\r
78 { L"--fragment-check-", TypeFlag },\r
79\r
80 //\r
81 // SA ID\r
82 // --ipsec-proto\r
83 //\r
84 { L"--spi", TypeValue },\r
64b2d0e5 85 { L"--tunnel-dest", TypeValue },\r
86 { L"--tunnel-source", TypeValue },\r
a3bcde70
HT		 87 { L"--lookup-spi", TypeValue },\r
88 { L"--lookup-ipsec-proto", TypeValue },\r
89 { L"--lookup-dest", TypeValue },\r
90\r
91 //\r
92 // SA DATA\r
93 // --mode\r
94 // --auth-algo\r
95 // --encrypt-algo\r
96 //\r
97 { L"--sequence-number", TypeValue },\r
98 { L"--antireplay-window", TypeValue },\r
99 { L"--auth-key", TypeValue },\r
100 { L"--encrypt-key", TypeValue },\r
101 { L"--path-mtu", TypeValue },\r
102\r
103 //\r
104 // PAD ID\r
105 //\r
106 { L"--peer-id", TypeValue },\r
107 { L"--peer-address", TypeValue },\r
108 { L"--auth-proto", TypeValue },\r
109 { L"--auth-method", TypeValue },\r
110 { L"--ike-id", TypeValue },\r
111 { L"--ike-id-", TypeValue },\r
112 { L"--auth-data", TypeValue },\r
113 { L"--revocation-data", TypeValue },\r
114 { L"--lookup-peer-id", TypeValue },\r
115 { L"--lookup-peer-address", TypeValue },\r
116\r
117 { NULL, TypeMax },\r
118};\r
119\r
120//\r
121// -P\r
122//\r
123STR2INT mMapPolicy[] = {\r
124 { L"SPD", IPsecConfigDataTypeSpd },\r
125 { L"SAD", IPsecConfigDataTypeSad },\r
126 { L"PAD", IPsecConfigDataTypePad },\r
127 { NULL, 0 },\r
128};\r
129\r
130//\r
131// --proto\r
132//\r
133STR2INT mMapIpProtocol[] = {\r
134 { L"TCP", EFI_IP4_PROTO_TCP },\r
135 { L"UDP", EFI_IP4_PROTO_UDP },\r
136 { L"ICMP", EFI_IP4_PROTO_ICMP },\r
137 { NULL, 0 },\r
138};\r
139\r
140//\r
141// --action\r
142//\r
143STR2INT mMapIpSecAction[] = {\r
144 { L"Bypass", EfiIPsecActionBypass },\r
145 { L"Discard", EfiIPsecActionDiscard },\r
146 { L"Protect", EfiIPsecActionProtect },\r
147 { NULL, 0 },\r
148};\r
149\r
150//\r
151// --mode\r
152//\r
153STR2INT mMapIpSecMode[] = {\r
154 { L"Transport", EfiIPsecTransport },\r
155 { L"Tunnel", EfiIPsecTunnel },\r
156 { NULL, 0 },\r
157};\r
158\r
159//\r
160// --dont-fragment\r
161//\r
162STR2INT mMapDfOption[] = {\r
163 { L"clear", EfiIPsecTunnelClearDf },\r
164 { L"set", EfiIPsecTunnelSetDf },\r
165 { L"copy", EfiIPsecTunnelCopyDf },\r
166 { NULL, 0 },\r
167};\r
168\r
169//\r
170// --ipsec-proto\r
171//\r
172STR2INT mMapIpSecProtocol[] = {\r
173 { L"AH", EfiIPsecAH },\r
174 { L"ESP", EfiIPsecESP },\r
175 { NULL, 0 },\r
176};\r
177\r
178//\r
179// --auth-algo\r
180//\r
181STR2INT mMapAuthAlgo[] = {\r
780847d1 182 { L"NONE", IPSEC_AALG_NONE },\r
183 { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r
184 { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r
185 { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r
186 { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r
187 { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r
188 { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r
189 { L"NULL", IPSEC_AALG_NULL },\r
a3bcde70
HT		 190 { NULL, 0 },\r
191};\r
192\r
193//\r
194// --encrypt-algo\r
195//\r
196STR2INT mMapEncAlgo[] = {\r
780847d1 197 { L"NONE", IPSEC_EALG_NONE },\r
198 { L"DESCBC", IPSEC_EALG_DESCBC },\r
199 { L"3DESCBC", IPSEC_EALG_3DESCBC },\r
200 { L"CASTCBC", IPSEC_EALG_CASTCBC },\r
201 { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r
202 { L"NULL", IPSEC_EALG_NULL },\r
203 { L"AESCBC", IPSEC_EALG_AESCBC },\r
204 { L"AESCTR", IPSEC_EALG_AESCTR },\r
205 { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r
206 { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r
207 { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r
208 { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r
209 { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r
210 { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r
a3bcde70
HT		 211 { NULL, 0 },\r
212};\r
213\r
214//\r
215// --auth-proto\r
216//\r
217STR2INT mMapAuthProto[] = {\r
218 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r
219 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r
220 { NULL, 0 },\r
221};\r
222\r
223//\r
224// --auth-method\r
225//\r
226STR2INT mMapAuthMethod[] = {\r
227 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r
228 { L"Certificates", EfiIPsecAuthMethodCertificates },\r
229 { NULL, 0 },\r
230};\r
231\r
780847d1 232EFI_IPSEC2_PROTOCOL *mIpSec;\r
a3bcde70
HT		 233EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r
234EFI_HII_HANDLE mHiiHandle;\r
235EFI_GUID mEfiIpSecConfigGuid = EFI_IPSEC_CONFIG_GUID;\r
236CHAR16 mAppName[] = L"IpSecConfig";\r
237\r
238//\r
239// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r
240//\r
241VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r
242 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
243 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
244 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
245 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
246\r
247 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
248 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
249 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
250 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
251 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
252 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
253\r
254 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r
255\r
256 //\r
257 // SPD Selector\r
258 //\r
259 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r
260 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r
261 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r
262 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
263 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
264 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
265 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
266\r
267 //\r
268 // SPD Data\r
269 //\r
270 { L"--name", 0, 0, BIT(2), 0 },\r
271 { L"--packet-flag", 0, 0, BIT(2), 0 },\r
272 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r
273 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r
274 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r
275 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r
276 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r
277 { L"--tunnel-local", 0, 0, BIT(2), 0 },\r
278 { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r
279 { L"--dont-fragment", 0, 0, BIT(2), 0 },\r
280 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r
281 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
282 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
283\r
284 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r
285 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r
286 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r
287 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r
288 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r
289 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r
290\r
291 //\r
292 // SA ID\r
293 // --ipsec-proto\r
294 //\r
295 { L"--spi", 0, 0, BIT(1), 0 },\r
64b2d0e5 296 { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r
297 { L"--tunnel-source", 0, 0, BIT(1), 0 },\r
a3bcde70
HT		 298 { L"--lookup-spi", 0, 0, BIT(1), 0 },\r
299 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r
300 { L"--lookup-dest", 0, 0, BIT(1), 0 },\r
301\r
302 //\r
303 // SA DATA\r
304 // --mode\r
305 // --auth-algo\r
306 // --encrypt-algo\r
307 //\r
308 { L"--sequence-number", 0, 0, BIT(1), 0 },\r
309 { L"--antireplay-window", 0, 0, BIT(1), 0 },\r
310 { L"--auth-key", 0, 0, BIT(1), 0 },\r
311 { L"--encrypt-key", 0, 0, BIT(1), 0 },\r
312 { L"--path-mtu", 0, 0, BIT(1), 0 },\r
313\r
314 //\r
315 // The example to add a PAD:\r
316 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r
317 // --auth-method PreSharedSeceret/Certificate --ike-id\r
318 // --auth-data 343343 --revocation-data 2342432"\r
319 // The example to delete a PAD:\r
320 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r
321 // "-D 1"\r
322 // The example to edit a PAD:\r
323 // "-E * --lookup-peer-id Mike --auth-method Certificate"\r
324\r
325 //\r
326 // PAD ID\r
327 //\r
328 { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r
329 { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r
330 { L"--auth-proto", 0, 0, BIT(0), 0 },\r
331 { L"--auth-method", 0, 0, BIT(0), 0 },\r
332 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r
333 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r
334 { L"--auth-data", 0, 0, BIT(0), 0 },\r
335 { L"--revocation-data", 0, 0, BIT(0), 0 },\r
336 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r
337 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r
338\r
339 { NULL, 0, 0, 0, 0 },\r
340};\r
341\r
342/**\r
343 The function to allocate the proper sized buffer for various\r
344 EFI interfaces.\r
345\r
346 @param[in, out] Status Current status.\r
347 @param[in, out] Buffer Current allocated buffer, or NULL.\r
348 @param[in] BufferSize Current buffer size needed\r
349\r
350 @retval TRUE If the buffer was reallocated and the caller should try the API again.\r
351 @retval FALSE If the buffer was not reallocated successfully.\r
352**/\r
353BOOLEAN\r
354GrowBuffer (\r
355 IN OUT EFI_STATUS *Status,\r
356 IN OUT VOID **Buffer,\r
357 IN UINTN BufferSize\r
358 )\r
359{\r
360 BOOLEAN TryAgain;\r
361\r
362 ASSERT (Status != NULL);\r
363 ASSERT (Buffer != NULL);\r
364\r
365 //\r
366 // If this is an initial request, buffer will be null with a new buffer size.\r
367 //\r
368 if ((NULL == *Buffer) && (BufferSize != 0)) {\r
369 *Status = EFI_BUFFER_TOO_SMALL;\r
370 }\r
371\r
372 //\r
373 // If the status code is "buffer too small", resize the buffer.\r
374 //\r
375 TryAgain = FALSE;\r
376 if (*Status == EFI_BUFFER_TOO_SMALL) {\r
377\r
378 if (*Buffer != NULL) {\r
379 FreePool (*Buffer);\r
380 }\r
381\r
382 *Buffer = AllocateZeroPool (BufferSize);\r
383\r
384 if (*Buffer != NULL) {\r
385 TryAgain = TRUE;\r
386 } else {\r
387 *Status = EFI_OUT_OF_RESOURCES;\r
388 }\r
389 }\r
390\r
391 //\r
392 // If there's an error, free the buffer.\r
393 //\r
394 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r
395 FreePool (*Buffer);\r
396 *Buffer = NULL;\r
397 }\r
398\r
399 return TryAgain;\r
400}\r
401\r
402/**\r
403 Function returns an array of handles that support the requested protocol\r
404 in a buffer allocated from a pool.\r
405\r
406 @param[in] SearchType Specifies which handle(s) are to be returned.\r
407 @param[in] Protocol Provides the protocol to search by.\r
408 This parameter is only valid for SearchType ByProtocol.\r
409\r
410 @param[in] SearchKey Supplies the search key depending on the SearchType.\r
411 @param[in, out] NoHandles The number of handles returned in Buffer.\r
412 @param[out] Buffer A pointer to the buffer to return the requested array of\r
413 handles that support Protocol.\r
414\r
415 @retval EFI_SUCCESS The resulting array of handles was returned.\r
416 @retval Others Other mistake case.\r
417**/\r
418EFI_STATUS\r
419LocateHandle (\r
420 IN EFI_LOCATE_SEARCH_TYPE SearchType,\r
421 IN EFI_GUID *Protocol OPTIONAL,\r
422 IN VOID *SearchKey OPTIONAL,\r
423 IN OUT UINTN *NoHandles,\r
424 OUT EFI_HANDLE **Buffer\r
425 )\r
426{\r
427 EFI_STATUS Status;\r
428 UINTN BufferSize;\r
429\r
430 ASSERT (NoHandles != NULL);\r
431 ASSERT (Buffer != NULL);\r
432\r
433 //\r
434 // Initialize for GrowBuffer loop.\r
435 //\r
436 Status = EFI_SUCCESS;\r
437 *Buffer = NULL;\r
438 BufferSize = 50 * sizeof (EFI_HANDLE);\r
439\r
440 //\r
441 // Call the real function.\r
442 //\r
443 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r
444 Status = gBS->LocateHandle (\r
445 SearchType,\r
446 Protocol,\r
447 SearchKey,\r
448 &BufferSize,\r
449 *Buffer\r
450 );\r
451 }\r
452\r
453 *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r
454 if (EFI_ERROR (Status)) {\r
455 *NoHandles = 0;\r
456 }\r
457\r
458 return Status;\r
459}\r
460\r
461/**\r
462 Find the first instance of this protocol in the system and return its interface.\r
463\r
464 @param[in] ProtocolGuid The guid of the protocol.\r
465 @param[out] Interface The pointer to the first instance of the protocol.\r
466\r
467 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r
468 @retval Others A protocol instance matching ProtocolGuid was not found.\r
469**/\r
470EFI_STATUS\r
471LocateProtocol (\r
472 IN EFI_GUID *ProtocolGuid,\r
473 OUT VOID **Interface\r
474 )\r
475\r
476{\r
477 EFI_STATUS Status;\r
478 UINTN NumberHandles;\r
479 UINTN Index;\r
480 EFI_HANDLE *Handles;\r
481\r
482 *Interface = NULL;\r
483 Handles = NULL;\r
484 NumberHandles = 0;\r
485\r
486 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r
487 if (EFI_ERROR (Status)) {\r
488 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r
489 return Status;\r
490 }\r
491\r
492 for (Index = 0; Index < NumberHandles; Index++) {\r
493 ASSERT (Handles != NULL);\r
494 Status = gBS->HandleProtocol (\r
495 Handles[Index],\r
496 ProtocolGuid,\r
497 Interface\r
498 );\r
499\r
500 if (!EFI_ERROR (Status)) {\r
501 break;\r
502 }\r
503 }\r
504\r
505 if (Handles != NULL) {\r
506 FreePool (Handles);\r
507 }\r
508\r
509 return Status;\r
510}\r
511\r
512/**\r
513 Helper function called to check the conflicted flags.\r
514\r
515 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r
516 @param[in] ParamPackage The pointer to the ParamPackage list.\r
517\r
518 @retval EFI_SUCCESS No conflicted flags.\r
519 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r
520**/\r
521EFI_STATUS\r
522IpSecConfigRetriveCheckListByName (\r
523 IN VAR_CHECK_ITEM *CheckList,\r
524 IN LIST_ENTRY *ParamPackage\r
525)\r
526{\r
527\r
528 LIST_ENTRY *Node;\r
529 VAR_CHECK_ITEM *Item;\r
530 UINT32 Attribute1;\r
531 UINT32 Attribute2;\r
532 UINT32 Attribute3;\r
533 UINT32 Attribute4;\r
534 UINT32 Index;\r
535\r
536 Attribute1 = 0;\r
537 Attribute2 = 0;\r
538 Attribute3 = 0;\r
539 Attribute4 = 0;\r
540 Index = 0;\r
541 Item = mIpSecConfigVarCheckList;\r
542\r
543 if ((ParamPackage == NULL) || (CheckList == NULL)) {\r
544 return EFI_INVALID_PARAMETER;\r
545 }\r
546\r
547 //\r
548 // Enumerate through the list of parameters that are input by user.\r
549 //\r
550 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r
551 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r
552 //\r
64b2d0e5 553 // Enumerate the check list that defines the conflicted attributes of each flag.\r
a3bcde70
HT		 554 //\r
555 for (; Item->VarName != NULL; Item++) {\r
556 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r
557 Index++;\r
558 if (Index == 1) {\r
559 Attribute1 = Item->Attribute1;\r
560 Attribute2 = Item->Attribute2;\r
561 Attribute3 = Item->Attribute3;\r
562 Attribute4 = Item->Attribute4;\r
563 } else {\r
564 Attribute1 &= Item->Attribute1;\r
565 Attribute2 |= Item->Attribute2;\r
566 Attribute3 &= Item->Attribute3;\r
567 Attribute4 |= Item->Attribute4;\r
568 if (Attribute1 != 0) {\r
569 return EFI_INVALID_PARAMETER;\r
570 }\r
571\r
572 if (Attribute2 != 0) {\r
573 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r
574 continue;\r
575 }\r
576\r
577 return EFI_INVALID_PARAMETER;\r
578 }\r
579\r
580 if (Attribute3 == 0) {\r
581 return EFI_INVALID_PARAMETER;\r
582 }\r
583 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r
584 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r
585 return EFI_INVALID_PARAMETER;\r
586 }\r
587 }\r
588 break;\r
589 }\r
590 }\r
591\r
592 Item = mIpSecConfigVarCheckList;\r
593 }\r
594 }\r
595\r
596 return EFI_SUCCESS;\r
597}\r
598\r
599/**\r
600 This is the declaration of an EFI image entry point. This entry point is\r
601 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
602 both device drivers and bus drivers.\r
603\r
604 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r
605\r
606 @param[in] ImageHandle The image handle of this application.\r
607 @param[in] SystemTable The pointer to the EFI System Table.\r
608\r
609 @retval EFI_SUCCESS The operation completed successfully.\r
610\r
611**/\r
612EFI_STATUS\r
613EFIAPI\r
614InitializeIpSecConfig (\r
615 IN EFI_HANDLE ImageHandle,\r
616 IN EFI_SYSTEM_TABLE *SystemTable\r
617 )\r
618{\r
619 EFI_STATUS Status;\r
620 EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r
621 UINT8 Value;\r
622 LIST_ENTRY *ParamPackage;\r
623 CONST CHAR16 *ValueStr;\r
624 CHAR16 *ProblemParam;\r
625 UINTN NonOptionCount;\r
626\r
627 //\r
628 // Register our string package with HII and return the handle to it.\r
629 //\r
630 mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);\r
631 ASSERT (mHiiHandle != NULL);\r
632\r
633 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r
634 if (EFI_ERROR (Status)) {\r
635 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r
636 goto Done;\r
637 }\r
638\r
639 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r
640 if (EFI_ERROR (Status)) {\r
641 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r
642 goto Done;\r
643 }\r
644\r
645 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r
646 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r
647 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
648 goto Done;\r
649 }\r
650\r
651 Status = LocateProtocol (&gEfiIpSecProtocolGuid, (VOID **) &mIpSec);\r
652 if (EFI_ERROR (Status) || mIpSec == NULL) {\r
653 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
654 goto Done;\r
655 }\r
656\r
657 //\r
658 // Enable IPsec.\r
659 //\r
660 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r
661 if (!(mIpSec->DisabledFlag)) {\r
662 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r
663 } else {\r
664 //\r
665 // Set enable flag.\r
666 //\r
667 Value = IPSEC_STATUS_ENABLED;\r
668 Status = gRT->SetVariable (\r
669 IPSECCONFIG_STATUS_NAME,\r
670 &gEfiIpSecConfigProtocolGuid,\r
671 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
672 sizeof (Value),\r
673 &Value\r
674 );\r
675 if (!EFI_ERROR (Status)) {\r
676 mIpSec->DisabledFlag = FALSE;\r
677 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r
678 } else {\r
679 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r
680 }\r
681 }\r
682\r
683 goto Done;\r
684 }\r
685\r
686 //\r
687 // Disable IPsec.\r
688 //\r
689 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r
690 if (mIpSec->DisabledFlag) {\r
691 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r
692 } else {\r
693 //\r
694 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r
695 //\r
696 gBS->SignalEvent (mIpSec->DisabledEvent);\r
697 if (mIpSec->DisabledFlag) {\r
698 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r
699 } else {\r
700 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r
701 }\r
702 }\r
703\r
704 goto Done;\r
705 }\r
706\r
707 //\r
708 //IPsec Status.\r
709 //\r
710 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r
711 if (mIpSec->DisabledFlag) {\r
712 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r
713 } else {\r
714 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r
715 }\r
a3bcde70
HT		 716 goto Done;\r
717 }\r
718\r
719 //\r
720 // Try to get policy database type.\r
721 //\r
722 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) -1;\r
723 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r
724 if (ValueStr != NULL) {\r
725 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r
726 if (DataType == -1) {\r
727 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r
728 goto Done;\r
729 }\r
730 }\r
731\r
732 if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {\r
733 switch (DataType) {\r
734 case (EFI_IPSEC_CONFIG_DATA_TYPE) -1:\r
735 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);\r
736 break;\r
737\r
738 case IPsecConfigDataTypeSpd:\r
739 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);\r
740 break;\r
741\r
742 case IPsecConfigDataTypeSad:\r
743 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);\r
744 break;\r
745\r
746 case IPsecConfigDataTypePad:\r
747 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);\r
748 break;\r
749\r
750 default:\r
751 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);\r
752 break;\r
753 }\r
754\r
755 goto Done;\r
756 }\r
757\r
780847d1 758 NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r
a3bcde70
HT		 759 if ((NonOptionCount - 1) > 0) {\r
760 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r
761 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r
762 goto Done;\r
763 }\r
764\r
765 if (DataType == -1) {\r
766 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r
767 goto Done;\r
768 }\r
769\r
770 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
771 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
772 if (EFI_ERROR (Status)) {\r
773 goto Done;\r
774 }\r
775 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r
776 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
777 if (EFI_ERROR (Status)) {\r
778 goto Done;\r
779 }\r
780 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r
781 Status = EditPolicyEntry (DataType, ParamPackage);\r
782 if (EFI_ERROR (Status)) {\r
783 goto Done;\r
784 }\r
785 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r
786 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
787 if (EFI_ERROR (Status)) {\r
788 goto Done;\r
789 }\r
790 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r
791 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
792 if (EFI_ERROR (Status)) {\r
793 goto Done;\r
794 }\r
795 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r
796 Status = ListPolicyEntry (DataType, ParamPackage);\r
797 if (EFI_ERROR (Status)) {\r
798 goto Done;\r
799 }\r
800 } else {\r
801 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r
802 goto Done;\r
803 }\r
804\r
805Done:\r
806 ShellCommandLineFreeVarList (ParamPackage);\r
807 HiiRemovePackages (mHiiHandle);\r
808\r
809 return EFI_SUCCESS;\r
810}\r
EFI Development Kit II mirror for PVE