]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/Application/IpsecConfig/IpSecConfig.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add NetworkPkg (P.UDK2010.UP3.Network.P1)
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
CommitLineData
a3bcde70
HT		 1/** @file\r
2 The main process for IpSecConfig application.\r
3\r
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include <Library/UefiRuntimeServicesTableLib.h>\r
17#include <Library/HiiLib.h>\r
18\r
19#include <Protocol/IpSec.h>\r
20\r
21#include "IpSecConfig.h"\r
22#include "Dump.h"\r
23#include "Indexer.h"\r
24#include "PolicyEntryOperation.h"\r
25#include "Delete.h"\r
26#include "Helper.h"\r
27\r
28//\r
29// Used for ShellCommandLineParseEx only\r
30// and to ensure user inputs are in valid format\r
31//\r
32SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r
33 { L"-p", TypeValue },\r
34 { L"-a", TypeValue },\r
35 { L"-i", TypeValue },\r
36 { L"-e", TypeValue },\r
37 { L"-d", TypeValue },\r
38 { L"-f", TypeFlag },\r
39 { L"-l", TypeFlag },\r
40 { L"-enable", TypeFlag },\r
41 { L"-disable", TypeFlag },\r
42 { L"-status", TypeFlag },\r
43 { L"-?", TypeFlag },\r
44\r
45 //\r
46 // SPD Selector\r
47 //\r
48 { L"--local", TypeValue },\r
49 { L"--remote", TypeValue },\r
50 { L"--proto", TypeValue },\r
51 { L"--local-port", TypeValue },\r
52 { L"--remote-port", TypeValue },\r
53 { L"--icmp-type", TypeValue },\r
54 { L"--icmp-code", TypeValue },\r
55\r
56 //\r
57 // SPD Data\r
58 //\r
59 { L"--name", TypeValue },\r
60 { L"--packet-flag", TypeValue },\r
61 { L"--action", TypeValue },\r
62 { L"--lifebyte", TypeValue },\r
63 { L"--lifetime-soft", TypeValue },\r
64 { L"--lifetime", TypeValue },\r
65 { L"--mode", TypeValue },\r
66 { L"--tunnel-local", TypeValue },\r
67 { L"--tunnel-remote", TypeValue },\r
68 { L"--dont-fragment", TypeValue },\r
69 { L"--ipsec-proto", TypeValue },\r
70 { L"--auth-algo", TypeValue },\r
71 { L"--encrypt-algo", TypeValue },\r
72\r
73 { L"--ext-sequence", TypeFlag },\r
74 { L"--sequence-overflow", TypeFlag },\r
75 { L"--fragment-check", TypeFlag },\r
76 { L"--ext-sequence-", TypeFlag },\r
77 { L"--sequence-overflow-", TypeFlag },\r
78 { L"--fragment-check-", TypeFlag },\r
79\r
80 //\r
81 // SA ID\r
82 // --ipsec-proto\r
83 //\r
84 { L"--spi", TypeValue },\r
85 { L"--dest", TypeValue },\r
86 { L"--lookup-spi", TypeValue },\r
87 { L"--lookup-ipsec-proto", TypeValue },\r
88 { L"--lookup-dest", TypeValue },\r
89\r
90 //\r
91 // SA DATA\r
92 // --mode\r
93 // --auth-algo\r
94 // --encrypt-algo\r
95 //\r
96 { L"--sequence-number", TypeValue },\r
97 { L"--antireplay-window", TypeValue },\r
98 { L"--auth-key", TypeValue },\r
99 { L"--encrypt-key", TypeValue },\r
100 { L"--path-mtu", TypeValue },\r
101\r
102 //\r
103 // PAD ID\r
104 //\r
105 { L"--peer-id", TypeValue },\r
106 { L"--peer-address", TypeValue },\r
107 { L"--auth-proto", TypeValue },\r
108 { L"--auth-method", TypeValue },\r
109 { L"--ike-id", TypeValue },\r
110 { L"--ike-id-", TypeValue },\r
111 { L"--auth-data", TypeValue },\r
112 { L"--revocation-data", TypeValue },\r
113 { L"--lookup-peer-id", TypeValue },\r
114 { L"--lookup-peer-address", TypeValue },\r
115\r
116 { NULL, TypeMax },\r
117};\r
118\r
119//\r
120// -P\r
121//\r
122STR2INT mMapPolicy[] = {\r
123 { L"SPD", IPsecConfigDataTypeSpd },\r
124 { L"SAD", IPsecConfigDataTypeSad },\r
125 { L"PAD", IPsecConfigDataTypePad },\r
126 { NULL, 0 },\r
127};\r
128\r
129//\r
130// --proto\r
131//\r
132STR2INT mMapIpProtocol[] = {\r
133 { L"TCP", EFI_IP4_PROTO_TCP },\r
134 { L"UDP", EFI_IP4_PROTO_UDP },\r
135 { L"ICMP", EFI_IP4_PROTO_ICMP },\r
136 { NULL, 0 },\r
137};\r
138\r
139//\r
140// --action\r
141//\r
142STR2INT mMapIpSecAction[] = {\r
143 { L"Bypass", EfiIPsecActionBypass },\r
144 { L"Discard", EfiIPsecActionDiscard },\r
145 { L"Protect", EfiIPsecActionProtect },\r
146 { NULL, 0 },\r
147};\r
148\r
149//\r
150// --mode\r
151//\r
152STR2INT mMapIpSecMode[] = {\r
153 { L"Transport", EfiIPsecTransport },\r
154 { L"Tunnel", EfiIPsecTunnel },\r
155 { NULL, 0 },\r
156};\r
157\r
158//\r
159// --dont-fragment\r
160//\r
161STR2INT mMapDfOption[] = {\r
162 { L"clear", EfiIPsecTunnelClearDf },\r
163 { L"set", EfiIPsecTunnelSetDf },\r
164 { L"copy", EfiIPsecTunnelCopyDf },\r
165 { NULL, 0 },\r
166};\r
167\r
168//\r
169// --ipsec-proto\r
170//\r
171STR2INT mMapIpSecProtocol[] = {\r
172 { L"AH", EfiIPsecAH },\r
173 { L"ESP", EfiIPsecESP },\r
174 { NULL, 0 },\r
175};\r
176\r
177//\r
178// --auth-algo\r
179//\r
180STR2INT mMapAuthAlgo[] = {\r
181 { L"NONE", EFI_IPSEC_AALG_NONE },\r
182 { L"MD5HMAC", EFI_IPSEC_AALG_MD5HMAC },\r
183 { L"SHA1HMAC", EFI_IPSEC_AALG_SHA1HMAC },\r
184 { L"SHA2-256HMAC", EFI_IPSEC_AALG_SHA2_256HMAC },\r
185 { L"SHA2-384HMAC", EFI_IPSEC_AALG_SHA2_384HMAC },\r
186 { L"SHA2-512HMAC", EFI_IPSEC_AALG_SHA2_512HMAC },\r
187 { L"AES-XCBC-MAC", EFI_IPSEC_AALG_AES_XCBC_MAC },\r
188 { L"NULL", EFI_IPSEC_AALG_NULL },\r
189 { NULL, 0 },\r
190};\r
191\r
192//\r
193// --encrypt-algo\r
194//\r
195STR2INT mMapEncAlgo[] = {\r
196 { L"NONE", EFI_IPSEC_EALG_NONE },\r
197 { L"DESCBC", EFI_IPSEC_EALG_DESCBC },\r
198 { L"3DESCBC", EFI_IPSEC_EALG_3DESCBC },\r
199 { L"CASTCBC", EFI_IPSEC_EALG_CASTCBC },\r
200 { L"BLOWFISHCBC", EFI_IPSEC_EALG_BLOWFISHCBC },\r
201 { L"NULL", EFI_IPSEC_EALG_NULL },\r
202 { L"AESCBC", EFI_IPSEC_EALG_AESCBC },\r
203 { L"AESCTR", EFI_IPSEC_EALG_AESCTR },\r
204 { L"AES-CCM-ICV8", EFI_IPSEC_EALG_AES_CCM_ICV8 },\r
205 { L"AES-CCM-ICV12",EFI_IPSEC_EALG_AES_CCM_ICV12 },\r
206 { L"AES-CCM-ICV16",EFI_IPSEC_EALG_AES_CCM_ICV16 },\r
207 { L"AES-GCM-ICV8", EFI_IPSEC_EALG_AES_GCM_ICV8 },\r
208 { L"AES-GCM-ICV12",EFI_IPSEC_EALG_AES_GCM_ICV12 },\r
209 { L"AES-GCM-ICV16",EFI_IPSEC_EALG_AES_GCM_ICV16 },\r
210 { NULL, 0 },\r
211};\r
212\r
213//\r
214// --auth-proto\r
215//\r
216STR2INT mMapAuthProto[] = {\r
217 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r
218 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r
219 { NULL, 0 },\r
220};\r
221\r
222//\r
223// --auth-method\r
224//\r
225STR2INT mMapAuthMethod[] = {\r
226 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r
227 { L"Certificates", EfiIPsecAuthMethodCertificates },\r
228 { NULL, 0 },\r
229};\r
230\r
231EFI_IPSEC_PROTOCOL *mIpSec;\r
232EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r
233EFI_HII_HANDLE mHiiHandle;\r
234EFI_GUID mEfiIpSecConfigGuid = EFI_IPSEC_CONFIG_GUID;\r
235CHAR16 mAppName[] = L"IpSecConfig";\r
236\r
237//\r
238// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r
239//\r
240VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r
241 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
242 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
243 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
244 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
245\r
246 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
247 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
248 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
249 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
250 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
251 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
252\r
253 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r
254\r
255 //\r
256 // SPD Selector\r
257 //\r
258 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r
259 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r
260 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r
261 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
262 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
263 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
264 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
265\r
266 //\r
267 // SPD Data\r
268 //\r
269 { L"--name", 0, 0, BIT(2), 0 },\r
270 { L"--packet-flag", 0, 0, BIT(2), 0 },\r
271 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r
272 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r
273 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r
274 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r
275 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r
276 { L"--tunnel-local", 0, 0, BIT(2), 0 },\r
277 { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r
278 { L"--dont-fragment", 0, 0, BIT(2), 0 },\r
279 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r
280 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
281 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
282\r
283 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r
284 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r
285 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r
286 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r
287 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r
288 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r
289\r
290 //\r
291 // SA ID\r
292 // --ipsec-proto\r
293 //\r
294 { L"--spi", 0, 0, BIT(1), 0 },\r
295 { L"--dest", 0, 0, BIT(1), 0 },\r
296 { L"--lookup-spi", 0, 0, BIT(1), 0 },\r
297 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r
298 { L"--lookup-dest", 0, 0, BIT(1), 0 },\r
299\r
300 //\r
301 // SA DATA\r
302 // --mode\r
303 // --auth-algo\r
304 // --encrypt-algo\r
305 //\r
306 { L"--sequence-number", 0, 0, BIT(1), 0 },\r
307 { L"--antireplay-window", 0, 0, BIT(1), 0 },\r
308 { L"--auth-key", 0, 0, BIT(1), 0 },\r
309 { L"--encrypt-key", 0, 0, BIT(1), 0 },\r
310 { L"--path-mtu", 0, 0, BIT(1), 0 },\r
311\r
312 //\r
313 // The example to add a PAD:\r
314 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r
315 // --auth-method PreSharedSeceret/Certificate --ike-id\r
316 // --auth-data 343343 --revocation-data 2342432"\r
317 // The example to delete a PAD:\r
318 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r
319 // "-D 1"\r
320 // The example to edit a PAD:\r
321 // "-E * --lookup-peer-id Mike --auth-method Certificate"\r
322\r
323 //\r
324 // PAD ID\r
325 //\r
326 { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r
327 { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r
328 { L"--auth-proto", 0, 0, BIT(0), 0 },\r
329 { L"--auth-method", 0, 0, BIT(0), 0 },\r
330 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r
331 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r
332 { L"--auth-data", 0, 0, BIT(0), 0 },\r
333 { L"--revocation-data", 0, 0, BIT(0), 0 },\r
334 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r
335 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r
336\r
337 { NULL, 0, 0, 0, 0 },\r
338};\r
339\r
340/**\r
341 The function to allocate the proper sized buffer for various\r
342 EFI interfaces.\r
343\r
344 @param[in, out] Status Current status.\r
345 @param[in, out] Buffer Current allocated buffer, or NULL.\r
346 @param[in] BufferSize Current buffer size needed\r
347\r
348 @retval TRUE If the buffer was reallocated and the caller should try the API again.\r
349 @retval FALSE If the buffer was not reallocated successfully.\r
350**/\r
351BOOLEAN\r
352GrowBuffer (\r
353 IN OUT EFI_STATUS *Status,\r
354 IN OUT VOID **Buffer,\r
355 IN UINTN BufferSize\r
356 )\r
357{\r
358 BOOLEAN TryAgain;\r
359\r
360 ASSERT (Status != NULL);\r
361 ASSERT (Buffer != NULL);\r
362\r
363 //\r
364 // If this is an initial request, buffer will be null with a new buffer size.\r
365 //\r
366 if ((NULL == *Buffer) && (BufferSize != 0)) {\r
367 *Status = EFI_BUFFER_TOO_SMALL;\r
368 }\r
369\r
370 //\r
371 // If the status code is "buffer too small", resize the buffer.\r
372 //\r
373 TryAgain = FALSE;\r
374 if (*Status == EFI_BUFFER_TOO_SMALL) {\r
375\r
376 if (*Buffer != NULL) {\r
377 FreePool (*Buffer);\r
378 }\r
379\r
380 *Buffer = AllocateZeroPool (BufferSize);\r
381\r
382 if (*Buffer != NULL) {\r
383 TryAgain = TRUE;\r
384 } else {\r
385 *Status = EFI_OUT_OF_RESOURCES;\r
386 }\r
387 }\r
388\r
389 //\r
390 // If there's an error, free the buffer.\r
391 //\r
392 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r
393 FreePool (*Buffer);\r
394 *Buffer = NULL;\r
395 }\r
396\r
397 return TryAgain;\r
398}\r
399\r
400/**\r
401 Function returns an array of handles that support the requested protocol\r
402 in a buffer allocated from a pool.\r
403\r
404 @param[in] SearchType Specifies which handle(s) are to be returned.\r
405 @param[in] Protocol Provides the protocol to search by.\r
406 This parameter is only valid for SearchType ByProtocol.\r
407\r
408 @param[in] SearchKey Supplies the search key depending on the SearchType.\r
409 @param[in, out] NoHandles The number of handles returned in Buffer.\r
410 @param[out] Buffer A pointer to the buffer to return the requested array of\r
411 handles that support Protocol.\r
412\r
413 @retval EFI_SUCCESS The resulting array of handles was returned.\r
414 @retval Others Other mistake case.\r
415**/\r
416EFI_STATUS\r
417LocateHandle (\r
418 IN EFI_LOCATE_SEARCH_TYPE SearchType,\r
419 IN EFI_GUID *Protocol OPTIONAL,\r
420 IN VOID *SearchKey OPTIONAL,\r
421 IN OUT UINTN *NoHandles,\r
422 OUT EFI_HANDLE **Buffer\r
423 )\r
424{\r
425 EFI_STATUS Status;\r
426 UINTN BufferSize;\r
427\r
428 ASSERT (NoHandles != NULL);\r
429 ASSERT (Buffer != NULL);\r
430\r
431 //\r
432 // Initialize for GrowBuffer loop.\r
433 //\r
434 Status = EFI_SUCCESS;\r
435 *Buffer = NULL;\r
436 BufferSize = 50 * sizeof (EFI_HANDLE);\r
437\r
438 //\r
439 // Call the real function.\r
440 //\r
441 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r
442 Status = gBS->LocateHandle (\r
443 SearchType,\r
444 Protocol,\r
445 SearchKey,\r
446 &BufferSize,\r
447 *Buffer\r
448 );\r
449 }\r
450\r
451 *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r
452 if (EFI_ERROR (Status)) {\r
453 *NoHandles = 0;\r
454 }\r
455\r
456 return Status;\r
457}\r
458\r
459/**\r
460 Find the first instance of this protocol in the system and return its interface.\r
461\r
462 @param[in] ProtocolGuid The guid of the protocol.\r
463 @param[out] Interface The pointer to the first instance of the protocol.\r
464\r
465 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r
466 @retval Others A protocol instance matching ProtocolGuid was not found.\r
467**/\r
468EFI_STATUS\r
469LocateProtocol (\r
470 IN EFI_GUID *ProtocolGuid,\r
471 OUT VOID **Interface\r
472 )\r
473\r
474{\r
475 EFI_STATUS Status;\r
476 UINTN NumberHandles;\r
477 UINTN Index;\r
478 EFI_HANDLE *Handles;\r
479\r
480 *Interface = NULL;\r
481 Handles = NULL;\r
482 NumberHandles = 0;\r
483\r
484 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r
485 if (EFI_ERROR (Status)) {\r
486 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r
487 return Status;\r
488 }\r
489\r
490 for (Index = 0; Index < NumberHandles; Index++) {\r
491 ASSERT (Handles != NULL);\r
492 Status = gBS->HandleProtocol (\r
493 Handles[Index],\r
494 ProtocolGuid,\r
495 Interface\r
496 );\r
497\r
498 if (!EFI_ERROR (Status)) {\r
499 break;\r
500 }\r
501 }\r
502\r
503 if (Handles != NULL) {\r
504 FreePool (Handles);\r
505 }\r
506\r
507 return Status;\r
508}\r
509\r
510/**\r
511 Helper function called to check the conflicted flags.\r
512\r
513 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r
514 @param[in] ParamPackage The pointer to the ParamPackage list.\r
515\r
516 @retval EFI_SUCCESS No conflicted flags.\r
517 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r
518**/\r
519EFI_STATUS\r
520IpSecConfigRetriveCheckListByName (\r
521 IN VAR_CHECK_ITEM *CheckList,\r
522 IN LIST_ENTRY *ParamPackage\r
523)\r
524{\r
525\r
526 LIST_ENTRY *Node;\r
527 VAR_CHECK_ITEM *Item;\r
528 UINT32 Attribute1;\r
529 UINT32 Attribute2;\r
530 UINT32 Attribute3;\r
531 UINT32 Attribute4;\r
532 UINT32 Index;\r
533\r
534 Attribute1 = 0;\r
535 Attribute2 = 0;\r
536 Attribute3 = 0;\r
537 Attribute4 = 0;\r
538 Index = 0;\r
539 Item = mIpSecConfigVarCheckList;\r
540\r
541 if ((ParamPackage == NULL) || (CheckList == NULL)) {\r
542 return EFI_INVALID_PARAMETER;\r
543 }\r
544\r
545 //\r
546 // Enumerate through the list of parameters that are input by user.\r
547 //\r
548 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r
549 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r
550 //\r
551 // Enumerate the check list that defines the conflicted attributes of each flag.\r
552 //\r
553 for (; Item->VarName != NULL; Item++) {\r
554 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r
555 Index++;\r
556 if (Index == 1) {\r
557 Attribute1 = Item->Attribute1;\r
558 Attribute2 = Item->Attribute2;\r
559 Attribute3 = Item->Attribute3;\r
560 Attribute4 = Item->Attribute4;\r
561 } else {\r
562 Attribute1 &= Item->Attribute1;\r
563 Attribute2 |= Item->Attribute2;\r
564 Attribute3 &= Item->Attribute3;\r
565 Attribute4 |= Item->Attribute4;\r
566 if (Attribute1 != 0) {\r
567 return EFI_INVALID_PARAMETER;\r
568 }\r
569\r
570 if (Attribute2 != 0) {\r
571 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r
572 continue;\r
573 }\r
574\r
575 return EFI_INVALID_PARAMETER;\r
576 }\r
577\r
578 if (Attribute3 == 0) {\r
579 return EFI_INVALID_PARAMETER;\r
580 }\r
581 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r
582 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r
583 return EFI_INVALID_PARAMETER;\r
584 }\r
585 }\r
586 break;\r
587 }\r
588 }\r
589\r
590 Item = mIpSecConfigVarCheckList;\r
591 }\r
592 }\r
593\r
594 return EFI_SUCCESS;\r
595}\r
596\r
597/**\r
598 This is the declaration of an EFI image entry point. This entry point is\r
599 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
600 both device drivers and bus drivers.\r
601\r
602 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r
603\r
604 @param[in] ImageHandle The image handle of this application.\r
605 @param[in] SystemTable The pointer to the EFI System Table.\r
606\r
607 @retval EFI_SUCCESS The operation completed successfully.\r
608\r
609**/\r
610EFI_STATUS\r
611EFIAPI\r
612InitializeIpSecConfig (\r
613 IN EFI_HANDLE ImageHandle,\r
614 IN EFI_SYSTEM_TABLE *SystemTable\r
615 )\r
616{\r
617 EFI_STATUS Status;\r
618 EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r
619 UINT8 Value;\r
620 LIST_ENTRY *ParamPackage;\r
621 CONST CHAR16 *ValueStr;\r
622 CHAR16 *ProblemParam;\r
623 UINTN NonOptionCount;\r
624\r
625 //\r
626 // Register our string package with HII and return the handle to it.\r
627 //\r
628 mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);\r
629 ASSERT (mHiiHandle != NULL);\r
630\r
631 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r
632 if (EFI_ERROR (Status)) {\r
633 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r
634 goto Done;\r
635 }\r
636\r
637 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r
638 if (EFI_ERROR (Status)) {\r
639 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r
640 goto Done;\r
641 }\r
642\r
643 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r
644 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r
645 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
646 goto Done;\r
647 }\r
648\r
649 Status = LocateProtocol (&gEfiIpSecProtocolGuid, (VOID **) &mIpSec);\r
650 if (EFI_ERROR (Status) || mIpSec == NULL) {\r
651 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
652 goto Done;\r
653 }\r
654\r
655 //\r
656 // Enable IPsec.\r
657 //\r
658 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r
659 if (!(mIpSec->DisabledFlag)) {\r
660 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r
661 } else {\r
662 //\r
663 // Set enable flag.\r
664 //\r
665 Value = IPSEC_STATUS_ENABLED;\r
666 Status = gRT->SetVariable (\r
667 IPSECCONFIG_STATUS_NAME,\r
668 &gEfiIpSecConfigProtocolGuid,\r
669 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
670 sizeof (Value),\r
671 &Value\r
672 );\r
673 if (!EFI_ERROR (Status)) {\r
674 mIpSec->DisabledFlag = FALSE;\r
675 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r
676 } else {\r
677 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r
678 }\r
679 }\r
680\r
681 goto Done;\r
682 }\r
683\r
684 //\r
685 // Disable IPsec.\r
686 //\r
687 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r
688 if (mIpSec->DisabledFlag) {\r
689 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r
690 } else {\r
691 //\r
692 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r
693 //\r
694 gBS->SignalEvent (mIpSec->DisabledEvent);\r
695 if (mIpSec->DisabledFlag) {\r
696 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r
697 } else {\r
698 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r
699 }\r
700 }\r
701\r
702 goto Done;\r
703 }\r
704\r
705 //\r
706 //IPsec Status.\r
707 //\r
708 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r
709 if (mIpSec->DisabledFlag) {\r
710 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r
711 } else {\r
712 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r
713 }\r
714\r
715 goto Done;\r
716 }\r
717\r
718 //\r
719 // Try to get policy database type.\r
720 //\r
721 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) -1;\r
722 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r
723 if (ValueStr != NULL) {\r
724 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r
725 if (DataType == -1) {\r
726 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r
727 goto Done;\r
728 }\r
729 }\r
730\r
731 if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {\r
732 switch (DataType) {\r
733 case (EFI_IPSEC_CONFIG_DATA_TYPE) -1:\r
734 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);\r
735 break;\r
736\r
737 case IPsecConfigDataTypeSpd:\r
738 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);\r
739 break;\r
740\r
741 case IPsecConfigDataTypeSad:\r
742 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);\r
743 break;\r
744\r
745 case IPsecConfigDataTypePad:\r
746 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);\r
747 break;\r
748\r
749 default:\r
750 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);\r
751 break;\r
752 }\r
753\r
754 goto Done;\r
755 }\r
756\r
757 NonOptionCount = ShellCommandLineGetCount ();\r
758 if ((NonOptionCount - 1) > 0) {\r
759 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r
760 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r
761 goto Done;\r
762 }\r
763\r
764 if (DataType == -1) {\r
765 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r
766 goto Done;\r
767 }\r
768\r
769 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
770 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
771 if (EFI_ERROR (Status)) {\r
772 goto Done;\r
773 }\r
774 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r
775 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
776 if (EFI_ERROR (Status)) {\r
777 goto Done;\r
778 }\r
779 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r
780 Status = EditPolicyEntry (DataType, ParamPackage);\r
781 if (EFI_ERROR (Status)) {\r
782 goto Done;\r
783 }\r
784 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r
785 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
786 if (EFI_ERROR (Status)) {\r
787 goto Done;\r
788 }\r
789 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r
790 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
791 if (EFI_ERROR (Status)) {\r
792 goto Done;\r
793 }\r
794 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r
795 Status = ListPolicyEntry (DataType, ParamPackage);\r
796 if (EFI_ERROR (Status)) {\r
797 goto Done;\r
798 }\r
799 } else {\r
800 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r
801 goto Done;\r
802 }\r
803\r
804Done:\r
805 ShellCommandLineFreeVarList (ParamPackage);\r
806 HiiRemovePackages (mHiiHandle);\r
807\r
808 return EFI_SUCCESS;\r
809}\r
EFI Development Kit II mirror for PVE