Update ipsecconfig and ping6 due to ShellLib update.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
1 /** @file
2 The main process for IpSecConfig application.
3
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include <Library/UefiRuntimeServicesTableLib.h>
17 #include <Library/HiiLib.h>
18
19 #include <Protocol/IpSec.h>
20
21 #include "IpSecConfig.h"
22 #include "Dump.h"
23 #include "Indexer.h"
24 #include "PolicyEntryOperation.h"
25 #include "Delete.h"
26 #include "Helper.h"
27
28 //
29 // Used for ShellCommandLineParseEx only
30 // and to ensure user inputs are in valid format
31 //
32 SHELL_PARAM_ITEM mIpSecConfigParamList[] = {
33 { L"-p", TypeValue },
34 { L"-a", TypeValue },
35 { L"-i", TypeValue },
36 { L"-e", TypeValue },
37 { L"-d", TypeValue },
38 { L"-f", TypeFlag },
39 { L"-l", TypeFlag },
40 { L"-enable", TypeFlag },
41 { L"-disable", TypeFlag },
42 { L"-status", TypeFlag },
43 { L"-?", TypeFlag },
44
45 //
46 // SPD Selector
47 //
48 { L"--local", TypeValue },
49 { L"--remote", TypeValue },
50 { L"--proto", TypeValue },
51 { L"--local-port", TypeValue },
52 { L"--remote-port", TypeValue },
53 { L"--icmp-type", TypeValue },
54 { L"--icmp-code", TypeValue },
55
56 //
57 // SPD Data
58 //
59 { L"--name", TypeValue },
60 { L"--packet-flag", TypeValue },
61 { L"--action", TypeValue },
62 { L"--lifebyte", TypeValue },
63 { L"--lifetime-soft", TypeValue },
64 { L"--lifetime", TypeValue },
65 { L"--mode", TypeValue },
66 { L"--tunnel-local", TypeValue },
67 { L"--tunnel-remote", TypeValue },
68 { L"--dont-fragment", TypeValue },
69 { L"--ipsec-proto", TypeValue },
70 { L"--auth-algo", TypeValue },
71 { L"--encrypt-algo", TypeValue },
72
73 { L"--ext-sequence", TypeFlag },
74 { L"--sequence-overflow", TypeFlag },
75 { L"--fragment-check", TypeFlag },
76 { L"--ext-sequence-", TypeFlag },
77 { L"--sequence-overflow-", TypeFlag },
78 { L"--fragment-check-", TypeFlag },
79
80 //
81 // SA ID
82 // --ipsec-proto
83 //
84 { L"--spi", TypeValue },
85 { L"--dest", TypeValue },
86 { L"--lookup-spi", TypeValue },
87 { L"--lookup-ipsec-proto", TypeValue },
88 { L"--lookup-dest", TypeValue },
89
90 //
91 // SA DATA
92 // --mode
93 // --auth-algo
94 // --encrypt-algo
95 //
96 { L"--sequence-number", TypeValue },
97 { L"--antireplay-window", TypeValue },
98 { L"--auth-key", TypeValue },
99 { L"--encrypt-key", TypeValue },
100 { L"--path-mtu", TypeValue },
101
102 //
103 // PAD ID
104 //
105 { L"--peer-id", TypeValue },
106 { L"--peer-address", TypeValue },
107 { L"--auth-proto", TypeValue },
108 { L"--auth-method", TypeValue },
109 { L"--ike-id", TypeValue },
110 { L"--ike-id-", TypeValue },
111 { L"--auth-data", TypeValue },
112 { L"--revocation-data", TypeValue },
113 { L"--lookup-peer-id", TypeValue },
114 { L"--lookup-peer-address", TypeValue },
115
116 { NULL, TypeMax },
117 };
118
119 //
120 // -P
121 //
122 STR2INT mMapPolicy[] = {
123 { L"SPD", IPsecConfigDataTypeSpd },
124 { L"SAD", IPsecConfigDataTypeSad },
125 { L"PAD", IPsecConfigDataTypePad },
126 { NULL, 0 },
127 };
128
129 //
130 // --proto
131 //
132 STR2INT mMapIpProtocol[] = {
133 { L"TCP", EFI_IP4_PROTO_TCP },
134 { L"UDP", EFI_IP4_PROTO_UDP },
135 { L"ICMP", EFI_IP4_PROTO_ICMP },
136 { NULL, 0 },
137 };
138
139 //
140 // --action
141 //
142 STR2INT mMapIpSecAction[] = {
143 { L"Bypass", EfiIPsecActionBypass },
144 { L"Discard", EfiIPsecActionDiscard },
145 { L"Protect", EfiIPsecActionProtect },
146 { NULL, 0 },
147 };
148
149 //
150 // --mode
151 //
152 STR2INT mMapIpSecMode[] = {
153 { L"Transport", EfiIPsecTransport },
154 { L"Tunnel", EfiIPsecTunnel },
155 { NULL, 0 },
156 };
157
158 //
159 // --dont-fragment
160 //
161 STR2INT mMapDfOption[] = {
162 { L"clear", EfiIPsecTunnelClearDf },
163 { L"set", EfiIPsecTunnelSetDf },
164 { L"copy", EfiIPsecTunnelCopyDf },
165 { NULL, 0 },
166 };
167
168 //
169 // --ipsec-proto
170 //
171 STR2INT mMapIpSecProtocol[] = {
172 { L"AH", EfiIPsecAH },
173 { L"ESP", EfiIPsecESP },
174 { NULL, 0 },
175 };
176
177 //
178 // --auth-algo
179 //
180 STR2INT mMapAuthAlgo[] = {
181 { L"NONE", IPSEC_AALG_NONE },
182 { L"MD5HMAC", IPSEC_AALG_MD5HMAC },
183 { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },
184 { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },
185 { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },
186 { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },
187 { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },
188 { L"NULL", IPSEC_AALG_NULL },
189 { NULL, 0 },
190 };
191
192 //
193 // --encrypt-algo
194 //
195 STR2INT mMapEncAlgo[] = {
196 { L"NONE", IPSEC_EALG_NONE },
197 { L"DESCBC", IPSEC_EALG_DESCBC },
198 { L"3DESCBC", IPSEC_EALG_3DESCBC },
199 { L"CASTCBC", IPSEC_EALG_CASTCBC },
200 { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },
201 { L"NULL", IPSEC_EALG_NULL },
202 { L"AESCBC", IPSEC_EALG_AESCBC },
203 { L"AESCTR", IPSEC_EALG_AESCTR },
204 { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },
205 { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },
206 { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },
207 { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },
208 { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },
209 { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },
210 { NULL, 0 },
211 };
212
213 //
214 // --auth-proto
215 //
216 STR2INT mMapAuthProto[] = {
217 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },
218 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },
219 { NULL, 0 },
220 };
221
222 //
223 // --auth-method
224 //
225 STR2INT mMapAuthMethod[] = {
226 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },
227 { L"Certificates", EfiIPsecAuthMethodCertificates },
228 { NULL, 0 },
229 };
230
231 EFI_IPSEC2_PROTOCOL *mIpSec;
232 EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;
233 EFI_HII_HANDLE mHiiHandle;
234 EFI_GUID mEfiIpSecConfigGuid = EFI_IPSEC_CONFIG_GUID;
235 CHAR16 mAppName[] = L"IpSecConfig";
236
237 //
238 // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
239 //
240 VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {
241 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
242 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
243 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
244 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
245
246 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
247 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
248 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
249 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
250 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
251 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
252
253 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
254
255 //
256 // SPD Selector
257 //
258 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },
259 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },
260 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },
261 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
262 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
263 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
264 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
265
266 //
267 // SPD Data
268 //
269 { L"--name", 0, 0, BIT(2), 0 },
270 { L"--packet-flag", 0, 0, BIT(2), 0 },
271 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },
272 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
273 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
274 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
275 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },
276 { L"--tunnel-local", 0, 0, BIT(2), 0 },
277 { L"--tunnel-remote", 0, 0, BIT(2), 0 },
278 { L"--dont-fragment", 0, 0, BIT(2), 0 },
279 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
280 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
281 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
282
283 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },
284 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
285 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },
286 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
287 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
288 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },
289
290 //
291 // SA ID
292 // --ipsec-proto
293 //
294 { L"--spi", 0, 0, BIT(1), 0 },
295 { L"--dest", 0, 0, BIT(1), 0 },
296 { L"--lookup-spi", 0, 0, BIT(1), 0 },
297 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
298 { L"--lookup-dest", 0, 0, BIT(1), 0 },
299
300 //
301 // SA DATA
302 // --mode
303 // --auth-algo
304 // --encrypt-algo
305 //
306 { L"--sequence-number", 0, 0, BIT(1), 0 },
307 { L"--antireplay-window", 0, 0, BIT(1), 0 },
308 { L"--auth-key", 0, 0, BIT(1), 0 },
309 { L"--encrypt-key", 0, 0, BIT(1), 0 },
310 { L"--path-mtu", 0, 0, BIT(1), 0 },
311
312 //
313 // The example to add a PAD:
314 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
315 // --auth-method PreSharedSeceret/Certificate --ike-id
316 // --auth-data 343343 --revocation-data 2342432"
317 // The example to delete a PAD:
318 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
319 // "-D 1"
320 // The example to edit a PAD:
321 // "-E * --lookup-peer-id Mike --auth-method Certificate"
322
323 //
324 // PAD ID
325 //
326 { L"--peer-id", 0, 0, BIT(0), BIT(4) },
327 { L"--peer-address", 0, 0, BIT(0), BIT(5) },
328 { L"--auth-proto", 0, 0, BIT(0), 0 },
329 { L"--auth-method", 0, 0, BIT(0), 0 },
330 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },
331 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
332 { L"--auth-data", 0, 0, BIT(0), 0 },
333 { L"--revocation-data", 0, 0, BIT(0), 0 },
334 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
335 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
336
337 { NULL, 0, 0, 0, 0 },
338 };
339
340 /**
341 The function to allocate the proper sized buffer for various
342 EFI interfaces.
343
344 @param[in, out] Status Current status.
345 @param[in, out] Buffer Current allocated buffer, or NULL.
346 @param[in] BufferSize Current buffer size needed
347
348 @retval TRUE If the buffer was reallocated and the caller should try the API again.
349 @retval FALSE If the buffer was not reallocated successfully.
350 **/
351 BOOLEAN
352 GrowBuffer (
353 IN OUT EFI_STATUS *Status,
354 IN OUT VOID **Buffer,
355 IN UINTN BufferSize
356 )
357 {
358 BOOLEAN TryAgain;
359
360 ASSERT (Status != NULL);
361 ASSERT (Buffer != NULL);
362
363 //
364 // If this is an initial request, buffer will be null with a new buffer size.
365 //
366 if ((NULL == *Buffer) && (BufferSize != 0)) {
367 *Status = EFI_BUFFER_TOO_SMALL;
368 }
369
370 //
371 // If the status code is "buffer too small", resize the buffer.
372 //
373 TryAgain = FALSE;
374 if (*Status == EFI_BUFFER_TOO_SMALL) {
375
376 if (*Buffer != NULL) {
377 FreePool (*Buffer);
378 }
379
380 *Buffer = AllocateZeroPool (BufferSize);
381
382 if (*Buffer != NULL) {
383 TryAgain = TRUE;
384 } else {
385 *Status = EFI_OUT_OF_RESOURCES;
386 }
387 }
388
389 //
390 // If there's an error, free the buffer.
391 //
392 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
393 FreePool (*Buffer);
394 *Buffer = NULL;
395 }
396
397 return TryAgain;
398 }
399
400 /**
401 Function returns an array of handles that support the requested protocol
402 in a buffer allocated from a pool.
403
404 @param[in] SearchType Specifies which handle(s) are to be returned.
405 @param[in] Protocol Provides the protocol to search by.
406 This parameter is only valid for SearchType ByProtocol.
407
408 @param[in] SearchKey Supplies the search key depending on the SearchType.
409 @param[in, out] NoHandles The number of handles returned in Buffer.
410 @param[out] Buffer A pointer to the buffer to return the requested array of
411 handles that support Protocol.
412
413 @retval EFI_SUCCESS The resulting array of handles was returned.
414 @retval Others Other mistake case.
415 **/
416 EFI_STATUS
417 LocateHandle (
418 IN EFI_LOCATE_SEARCH_TYPE SearchType,
419 IN EFI_GUID *Protocol OPTIONAL,
420 IN VOID *SearchKey OPTIONAL,
421 IN OUT UINTN *NoHandles,
422 OUT EFI_HANDLE **Buffer
423 )
424 {
425 EFI_STATUS Status;
426 UINTN BufferSize;
427
428 ASSERT (NoHandles != NULL);
429 ASSERT (Buffer != NULL);
430
431 //
432 // Initialize for GrowBuffer loop.
433 //
434 Status = EFI_SUCCESS;
435 *Buffer = NULL;
436 BufferSize = 50 * sizeof (EFI_HANDLE);
437
438 //
439 // Call the real function.
440 //
441 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {
442 Status = gBS->LocateHandle (
443 SearchType,
444 Protocol,
445 SearchKey,
446 &BufferSize,
447 *Buffer
448 );
449 }
450
451 *NoHandles = BufferSize / sizeof (EFI_HANDLE);
452 if (EFI_ERROR (Status)) {
453 *NoHandles = 0;
454 }
455
456 return Status;
457 }
458
459 /**
460 Find the first instance of this protocol in the system and return its interface.
461
462 @param[in] ProtocolGuid The guid of the protocol.
463 @param[out] Interface The pointer to the first instance of the protocol.
464
465 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
466 @retval Others A protocol instance matching ProtocolGuid was not found.
467 **/
468 EFI_STATUS
469 LocateProtocol (
470 IN EFI_GUID *ProtocolGuid,
471 OUT VOID **Interface
472 )
473
474 {
475 EFI_STATUS Status;
476 UINTN NumberHandles;
477 UINTN Index;
478 EFI_HANDLE *Handles;
479
480 *Interface = NULL;
481 Handles = NULL;
482 NumberHandles = 0;
483
484 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);
485 if (EFI_ERROR (Status)) {
486 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));
487 return Status;
488 }
489
490 for (Index = 0; Index < NumberHandles; Index++) {
491 ASSERT (Handles != NULL);
492 Status = gBS->HandleProtocol (
493 Handles[Index],
494 ProtocolGuid,
495 Interface
496 );
497
498 if (!EFI_ERROR (Status)) {
499 break;
500 }
501 }
502
503 if (Handles != NULL) {
504 FreePool (Handles);
505 }
506
507 return Status;
508 }
509
510 /**
511 Helper function called to check the conflicted flags.
512
513 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
514 @param[in] ParamPackage The pointer to the ParamPackage list.
515
516 @retval EFI_SUCCESS No conflicted flags.
517 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
518 **/
519 EFI_STATUS
520 IpSecConfigRetriveCheckListByName (
521 IN VAR_CHECK_ITEM *CheckList,
522 IN LIST_ENTRY *ParamPackage
523 )
524 {
525
526 LIST_ENTRY *Node;
527 VAR_CHECK_ITEM *Item;
528 UINT32 Attribute1;
529 UINT32 Attribute2;
530 UINT32 Attribute3;
531 UINT32 Attribute4;
532 UINT32 Index;
533
534 Attribute1 = 0;
535 Attribute2 = 0;
536 Attribute3 = 0;
537 Attribute4 = 0;
538 Index = 0;
539 Item = mIpSecConfigVarCheckList;
540
541 if ((ParamPackage == NULL) || (CheckList == NULL)) {
542 return EFI_INVALID_PARAMETER;
543 }
544
545 //
546 // Enumerate through the list of parameters that are input by user.
547 //
548 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
549 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
550 //
551 // Enumerate the check list that defines the conflicted attributes of each flag.
552 //
553 for (; Item->VarName != NULL; Item++) {
554 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
555 Index++;
556 if (Index == 1) {
557 Attribute1 = Item->Attribute1;
558 Attribute2 = Item->Attribute2;
559 Attribute3 = Item->Attribute3;
560 Attribute4 = Item->Attribute4;
561 } else {
562 Attribute1 &= Item->Attribute1;
563 Attribute2 |= Item->Attribute2;
564 Attribute3 &= Item->Attribute3;
565 Attribute4 |= Item->Attribute4;
566 if (Attribute1 != 0) {
567 return EFI_INVALID_PARAMETER;
568 }
569
570 if (Attribute2 != 0) {
571 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {
572 continue;
573 }
574
575 return EFI_INVALID_PARAMETER;
576 }
577
578 if (Attribute3 == 0) {
579 return EFI_INVALID_PARAMETER;
580 }
581 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||
582 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {
583 return EFI_INVALID_PARAMETER;
584 }
585 }
586 break;
587 }
588 }
589
590 Item = mIpSecConfigVarCheckList;
591 }
592 }
593
594 return EFI_SUCCESS;
595 }
596
597 /**
598 This is the declaration of an EFI image entry point. This entry point is
599 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
600 both device drivers and bus drivers.
601
602 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
603
604 @param[in] ImageHandle The image handle of this application.
605 @param[in] SystemTable The pointer to the EFI System Table.
606
607 @retval EFI_SUCCESS The operation completed successfully.
608
609 **/
610 EFI_STATUS
611 EFIAPI
612 InitializeIpSecConfig (
613 IN EFI_HANDLE ImageHandle,
614 IN EFI_SYSTEM_TABLE *SystemTable
615 )
616 {
617 EFI_STATUS Status;
618 EFI_IPSEC_CONFIG_DATA_TYPE DataType;
619 UINT8 Value;
620 LIST_ENTRY *ParamPackage;
621 CONST CHAR16 *ValueStr;
622 CHAR16 *ProblemParam;
623 UINTN NonOptionCount;
624
625 //
626 // Register our string package with HII and return the handle to it.
627 //
628 mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);
629 ASSERT (mHiiHandle != NULL);
630
631 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);
632 if (EFI_ERROR (Status)) {
633 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);
634 goto Done;
635 }
636
637 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);
638 if (EFI_ERROR (Status)) {
639 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);
640 goto Done;
641 }
642
643 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);
644 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {
645 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
646 goto Done;
647 }
648
649 Status = LocateProtocol (&gEfiIpSecProtocolGuid, (VOID **) &mIpSec);
650 if (EFI_ERROR (Status) || mIpSec == NULL) {
651 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
652 goto Done;
653 }
654
655 //
656 // Enable IPsec.
657 //
658 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {
659 if (!(mIpSec->DisabledFlag)) {
660 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);
661 } else {
662 //
663 // Set enable flag.
664 //
665 Value = IPSEC_STATUS_ENABLED;
666 Status = gRT->SetVariable (
667 IPSECCONFIG_STATUS_NAME,
668 &gEfiIpSecConfigProtocolGuid,
669 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
670 sizeof (Value),
671 &Value
672 );
673 if (!EFI_ERROR (Status)) {
674 mIpSec->DisabledFlag = FALSE;
675 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);
676 } else {
677 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);
678 }
679 }
680
681 goto Done;
682 }
683
684 //
685 // Disable IPsec.
686 //
687 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {
688 if (mIpSec->DisabledFlag) {
689 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);
690 } else {
691 //
692 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
693 //
694 gBS->SignalEvent (mIpSec->DisabledEvent);
695 if (mIpSec->DisabledFlag) {
696 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);
697 } else {
698 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);
699 }
700 }
701
702 goto Done;
703 }
704
705 //
706 //IPsec Status.
707 //
708 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {
709 if (mIpSec->DisabledFlag) {
710 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);
711 } else {
712 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);
713 }
714 goto Done;
715 }
716
717 //
718 // Try to get policy database type.
719 //
720 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) -1;
721 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");
722 if (ValueStr != NULL) {
723 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);
724 if (DataType == -1) {
725 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);
726 goto Done;
727 }
728 }
729
730 if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {
731 switch (DataType) {
732 case (EFI_IPSEC_CONFIG_DATA_TYPE) -1:
733 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);
734 break;
735
736 case IPsecConfigDataTypeSpd:
737 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);
738 break;
739
740 case IPsecConfigDataTypeSad:
741 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);
742 break;
743
744 case IPsecConfigDataTypePad:
745 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);
746 break;
747
748 default:
749 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);
750 break;
751 }
752
753 goto Done;
754 }
755
756 NonOptionCount = ShellCommandLineGetCount (ParamPackage);
757 if ((NonOptionCount - 1) > 0) {
758 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));
759 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);
760 goto Done;
761 }
762
763 if (DataType == -1) {
764 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);
765 goto Done;
766 }
767
768 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
769 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
770 if (EFI_ERROR (Status)) {
771 goto Done;
772 }
773 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
774 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
775 if (EFI_ERROR (Status)) {
776 goto Done;
777 }
778 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
779 Status = EditPolicyEntry (DataType, ParamPackage);
780 if (EFI_ERROR (Status)) {
781 goto Done;
782 }
783 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
784 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
785 if (EFI_ERROR (Status)) {
786 goto Done;
787 }
788 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {
789 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
790 if (EFI_ERROR (Status)) {
791 goto Done;
792 }
793 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {
794 Status = ListPolicyEntry (DataType, ParamPackage);
795 if (EFI_ERROR (Status)) {
796 goto Done;
797 }
798 } else {
799 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);
800 goto Done;
801 }
802
803 Done:
804 ShellCommandLineFreeVarList (ParamPackage);
805 HiiRemovePackages (mHiiHandle);
806
807 return EFI_SUCCESS;
808 }