Update the relevant drivers to use the correct GUID for EFI_IPSEC2_PROTOCOL.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
1 /** @file
2 The main process for IpSecConfig application.
3
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include <Library/UefiRuntimeServicesTableLib.h>
17 #include <Library/HiiLib.h>
18
19 #include <Protocol/IpSec.h>
20
21 #include "IpSecConfig.h"
22 #include "Dump.h"
23 #include "Indexer.h"
24 #include "PolicyEntryOperation.h"
25 #include "Delete.h"
26 #include "Helper.h"
27
28 //
29 // Used for ShellCommandLineParseEx only
30 // and to ensure user inputs are in valid format
31 //
32 SHELL_PARAM_ITEM mIpSecConfigParamList[] = {
33 { L"-p", TypeValue },
34 { L"-a", TypeValue },
35 { L"-i", TypeValue },
36 { L"-e", TypeValue },
37 { L"-d", TypeValue },
38 { L"-f", TypeFlag },
39 { L"-l", TypeFlag },
40 { L"-enable", TypeFlag },
41 { L"-disable", TypeFlag },
42 { L"-status", TypeFlag },
43 { L"-?", TypeFlag },
44
45 //
46 // SPD Selector
47 //
48 { L"--local", TypeValue },
49 { L"--remote", TypeValue },
50 { L"--proto", TypeValue },
51 { L"--local-port", TypeValue },
52 { L"--remote-port", TypeValue },
53 { L"--icmp-type", TypeValue },
54 { L"--icmp-code", TypeValue },
55
56 //
57 // SPD Data
58 //
59 { L"--name", TypeValue },
60 { L"--packet-flag", TypeValue },
61 { L"--action", TypeValue },
62 { L"--lifebyte", TypeValue },
63 { L"--lifetime-soft", TypeValue },
64 { L"--lifetime", TypeValue },
65 { L"--mode", TypeValue },
66 { L"--tunnel-local", TypeValue },
67 { L"--tunnel-remote", TypeValue },
68 { L"--dont-fragment", TypeValue },
69 { L"--ipsec-proto", TypeValue },
70 { L"--auth-algo", TypeValue },
71 { L"--encrypt-algo", TypeValue },
72
73 { L"--ext-sequence", TypeFlag },
74 { L"--sequence-overflow", TypeFlag },
75 { L"--fragment-check", TypeFlag },
76 { L"--ext-sequence-", TypeFlag },
77 { L"--sequence-overflow-", TypeFlag },
78 { L"--fragment-check-", TypeFlag },
79
80 //
81 // SA ID
82 // --ipsec-proto
83 //
84 { L"--spi", TypeValue },
85 { L"--tunnel-dest", TypeValue },
86 { L"--tunnel-source", TypeValue },
87 { L"--lookup-spi", TypeValue },
88 { L"--lookup-ipsec-proto", TypeValue },
89 { L"--lookup-dest", TypeValue },
90
91 //
92 // SA DATA
93 // --mode
94 // --auth-algo
95 // --encrypt-algo
96 //
97 { L"--sequence-number", TypeValue },
98 { L"--antireplay-window", TypeValue },
99 { L"--auth-key", TypeValue },
100 { L"--encrypt-key", TypeValue },
101 { L"--path-mtu", TypeValue },
102
103 //
104 // PAD ID
105 //
106 { L"--peer-id", TypeValue },
107 { L"--peer-address", TypeValue },
108 { L"--auth-proto", TypeValue },
109 { L"--auth-method", TypeValue },
110 { L"--ike-id", TypeValue },
111 { L"--ike-id-", TypeValue },
112 { L"--auth-data", TypeValue },
113 { L"--revocation-data", TypeValue },
114 { L"--lookup-peer-id", TypeValue },
115 { L"--lookup-peer-address", TypeValue },
116
117 { NULL, TypeMax },
118 };
119
120 //
121 // -P
122 //
123 STR2INT mMapPolicy[] = {
124 { L"SPD", IPsecConfigDataTypeSpd },
125 { L"SAD", IPsecConfigDataTypeSad },
126 { L"PAD", IPsecConfigDataTypePad },
127 { NULL, 0 },
128 };
129
130 //
131 // --proto
132 //
133 STR2INT mMapIpProtocol[] = {
134 { L"TCP", EFI_IP4_PROTO_TCP },
135 { L"UDP", EFI_IP4_PROTO_UDP },
136 { L"ICMP", EFI_IP4_PROTO_ICMP },
137 { NULL, 0 },
138 };
139
140 //
141 // --action
142 //
143 STR2INT mMapIpSecAction[] = {
144 { L"Bypass", EfiIPsecActionBypass },
145 { L"Discard", EfiIPsecActionDiscard },
146 { L"Protect", EfiIPsecActionProtect },
147 { NULL, 0 },
148 };
149
150 //
151 // --mode
152 //
153 STR2INT mMapIpSecMode[] = {
154 { L"Transport", EfiIPsecTransport },
155 { L"Tunnel", EfiIPsecTunnel },
156 { NULL, 0 },
157 };
158
159 //
160 // --dont-fragment
161 //
162 STR2INT mMapDfOption[] = {
163 { L"clear", EfiIPsecTunnelClearDf },
164 { L"set", EfiIPsecTunnelSetDf },
165 { L"copy", EfiIPsecTunnelCopyDf },
166 { NULL, 0 },
167 };
168
169 //
170 // --ipsec-proto
171 //
172 STR2INT mMapIpSecProtocol[] = {
173 { L"AH", EfiIPsecAH },
174 { L"ESP", EfiIPsecESP },
175 { NULL, 0 },
176 };
177
178 //
179 // --auth-algo
180 //
181 STR2INT mMapAuthAlgo[] = {
182 { L"NONE", IPSEC_AALG_NONE },
183 { L"MD5HMAC", IPSEC_AALG_MD5HMAC },
184 { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },
185 { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },
186 { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },
187 { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },
188 { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },
189 { L"NULL", IPSEC_AALG_NULL },
190 { NULL, 0 },
191 };
192
193 //
194 // --encrypt-algo
195 //
196 STR2INT mMapEncAlgo[] = {
197 { L"NONE", IPSEC_EALG_NONE },
198 { L"DESCBC", IPSEC_EALG_DESCBC },
199 { L"3DESCBC", IPSEC_EALG_3DESCBC },
200 { L"CASTCBC", IPSEC_EALG_CASTCBC },
201 { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },
202 { L"NULL", IPSEC_EALG_NULL },
203 { L"AESCBC", IPSEC_EALG_AESCBC },
204 { L"AESCTR", IPSEC_EALG_AESCTR },
205 { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },
206 { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },
207 { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },
208 { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },
209 { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },
210 { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },
211 { NULL, 0 },
212 };
213
214 //
215 // --auth-proto
216 //
217 STR2INT mMapAuthProto[] = {
218 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },
219 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },
220 { NULL, 0 },
221 };
222
223 //
224 // --auth-method
225 //
226 STR2INT mMapAuthMethod[] = {
227 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },
228 { L"Certificates", EfiIPsecAuthMethodCertificates },
229 { NULL, 0 },
230 };
231
232 EFI_IPSEC2_PROTOCOL *mIpSec;
233 EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;
234 EFI_HII_HANDLE mHiiHandle;
235 EFI_GUID mEfiIpSecConfigGuid = EFI_IPSEC_CONFIG_GUID;
236 CHAR16 mAppName[] = L"IpSecConfig";
237
238 //
239 // Used for IpSecConfigRetriveCheckListByName only to check the validation of user input
240 //
241 VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {
242 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
243 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
244 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },
245 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },
246
247 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
248 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
249 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
250 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
251 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
252 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },
253
254 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },
255
256 //
257 // SPD Selector
258 //
259 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },
260 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },
261 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },
262 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
263 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },
264 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },
265 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },
266
267 //
268 // SPD Data
269 //
270 { L"--name", 0, 0, BIT(2), 0 },
271 { L"--packet-flag", 0, 0, BIT(2), 0 },
272 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },
273 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },
274 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },
275 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },
276 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },
277 { L"--tunnel-local", 0, 0, BIT(2), 0 },
278 { L"--tunnel-remote", 0, 0, BIT(2), 0 },
279 { L"--dont-fragment", 0, 0, BIT(2), 0 },
280 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },
281 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },
282 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },
283
284 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },
285 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },
286 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },
287 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },
288 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },
289 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },
290
291 //
292 // SA ID
293 // --ipsec-proto
294 //
295 { L"--spi", 0, 0, BIT(1), 0 },
296 { L"--tunnel-dest", 0, 0, BIT(1), 0 },
297 { L"--tunnel-source", 0, 0, BIT(1), 0 },
298 { L"--lookup-spi", 0, 0, BIT(1), 0 },
299 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
300 { L"--lookup-dest", 0, 0, BIT(1), 0 },
301
302 //
303 // SA DATA
304 // --mode
305 // --auth-algo
306 // --encrypt-algo
307 //
308 { L"--sequence-number", 0, 0, BIT(1), 0 },
309 { L"--antireplay-window", 0, 0, BIT(1), 0 },
310 { L"--auth-key", 0, 0, BIT(1), 0 },
311 { L"--encrypt-key", 0, 0, BIT(1), 0 },
312 { L"--path-mtu", 0, 0, BIT(1), 0 },
313
314 //
315 // The example to add a PAD:
316 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2
317 // --auth-method PreSharedSeceret/Certificate --ike-id
318 // --auth-data 343343 --revocation-data 2342432"
319 // The example to delete a PAD:
320 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"
321 // "-D 1"
322 // The example to edit a PAD:
323 // "-E * --lookup-peer-id Mike --auth-method Certificate"
324
325 //
326 // PAD ID
327 //
328 { L"--peer-id", 0, 0, BIT(0), BIT(4) },
329 { L"--peer-address", 0, 0, BIT(0), BIT(5) },
330 { L"--auth-proto", 0, 0, BIT(0), 0 },
331 { L"--auth-method", 0, 0, BIT(0), 0 },
332 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },
333 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },
334 { L"--auth-data", 0, 0, BIT(0), 0 },
335 { L"--revocation-data", 0, 0, BIT(0), 0 },
336 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },
337 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },
338
339 { NULL, 0, 0, 0, 0 },
340 };
341
342 /**
343 The function to allocate the proper sized buffer for various
344 EFI interfaces.
345
346 @param[in, out] Status Current status.
347 @param[in, out] Buffer Current allocated buffer, or NULL.
348 @param[in] BufferSize Current buffer size needed
349
350 @retval TRUE If the buffer was reallocated and the caller should try the API again.
351 @retval FALSE If the buffer was not reallocated successfully.
352 **/
353 BOOLEAN
354 GrowBuffer (
355 IN OUT EFI_STATUS *Status,
356 IN OUT VOID **Buffer,
357 IN UINTN BufferSize
358 )
359 {
360 BOOLEAN TryAgain;
361
362 ASSERT (Status != NULL);
363 ASSERT (Buffer != NULL);
364
365 //
366 // If this is an initial request, buffer will be null with a new buffer size.
367 //
368 if ((NULL == *Buffer) && (BufferSize != 0)) {
369 *Status = EFI_BUFFER_TOO_SMALL;
370 }
371
372 //
373 // If the status code is "buffer too small", resize the buffer.
374 //
375 TryAgain = FALSE;
376 if (*Status == EFI_BUFFER_TOO_SMALL) {
377
378 if (*Buffer != NULL) {
379 FreePool (*Buffer);
380 }
381
382 *Buffer = AllocateZeroPool (BufferSize);
383
384 if (*Buffer != NULL) {
385 TryAgain = TRUE;
386 } else {
387 *Status = EFI_OUT_OF_RESOURCES;
388 }
389 }
390
391 //
392 // If there's an error, free the buffer.
393 //
394 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {
395 FreePool (*Buffer);
396 *Buffer = NULL;
397 }
398
399 return TryAgain;
400 }
401
402 /**
403 Function returns an array of handles that support the requested protocol
404 in a buffer allocated from a pool.
405
406 @param[in] SearchType Specifies which handle(s) are to be returned.
407 @param[in] Protocol Provides the protocol to search by.
408 This parameter is only valid for SearchType ByProtocol.
409
410 @param[in] SearchKey Supplies the search key depending on the SearchType.
411 @param[in, out] NoHandles The number of handles returned in Buffer.
412 @param[out] Buffer A pointer to the buffer to return the requested array of
413 handles that support Protocol.
414
415 @retval EFI_SUCCESS The resulting array of handles was returned.
416 @retval Others Other mistake case.
417 **/
418 EFI_STATUS
419 LocateHandle (
420 IN EFI_LOCATE_SEARCH_TYPE SearchType,
421 IN EFI_GUID *Protocol OPTIONAL,
422 IN VOID *SearchKey OPTIONAL,
423 IN OUT UINTN *NoHandles,
424 OUT EFI_HANDLE **Buffer
425 )
426 {
427 EFI_STATUS Status;
428 UINTN BufferSize;
429
430 ASSERT (NoHandles != NULL);
431 ASSERT (Buffer != NULL);
432
433 //
434 // Initialize for GrowBuffer loop.
435 //
436 Status = EFI_SUCCESS;
437 *Buffer = NULL;
438 BufferSize = 50 * sizeof (EFI_HANDLE);
439
440 //
441 // Call the real function.
442 //
443 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {
444 Status = gBS->LocateHandle (
445 SearchType,
446 Protocol,
447 SearchKey,
448 &BufferSize,
449 *Buffer
450 );
451 }
452
453 *NoHandles = BufferSize / sizeof (EFI_HANDLE);
454 if (EFI_ERROR (Status)) {
455 *NoHandles = 0;
456 }
457
458 return Status;
459 }
460
461 /**
462 Find the first instance of this protocol in the system and return its interface.
463
464 @param[in] ProtocolGuid The guid of the protocol.
465 @param[out] Interface The pointer to the first instance of the protocol.
466
467 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.
468 @retval Others A protocol instance matching ProtocolGuid was not found.
469 **/
470 EFI_STATUS
471 LocateProtocol (
472 IN EFI_GUID *ProtocolGuid,
473 OUT VOID **Interface
474 )
475
476 {
477 EFI_STATUS Status;
478 UINTN NumberHandles;
479 UINTN Index;
480 EFI_HANDLE *Handles;
481
482 *Interface = NULL;
483 Handles = NULL;
484 NumberHandles = 0;
485
486 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);
487 if (EFI_ERROR (Status)) {
488 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));
489 return Status;
490 }
491
492 for (Index = 0; Index < NumberHandles; Index++) {
493 ASSERT (Handles != NULL);
494 Status = gBS->HandleProtocol (
495 Handles[Index],
496 ProtocolGuid,
497 Interface
498 );
499
500 if (!EFI_ERROR (Status)) {
501 break;
502 }
503 }
504
505 if (Handles != NULL) {
506 FreePool (Handles);
507 }
508
509 return Status;
510 }
511
512 /**
513 Helper function called to check the conflicted flags.
514
515 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.
516 @param[in] ParamPackage The pointer to the ParamPackage list.
517
518 @retval EFI_SUCCESS No conflicted flags.
519 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.
520 **/
521 EFI_STATUS
522 IpSecConfigRetriveCheckListByName (
523 IN VAR_CHECK_ITEM *CheckList,
524 IN LIST_ENTRY *ParamPackage
525 )
526 {
527
528 LIST_ENTRY *Node;
529 VAR_CHECK_ITEM *Item;
530 UINT32 Attribute1;
531 UINT32 Attribute2;
532 UINT32 Attribute3;
533 UINT32 Attribute4;
534 UINT32 Index;
535
536 Attribute1 = 0;
537 Attribute2 = 0;
538 Attribute3 = 0;
539 Attribute4 = 0;
540 Index = 0;
541 Item = mIpSecConfigVarCheckList;
542
543 if ((ParamPackage == NULL) || (CheckList == NULL)) {
544 return EFI_INVALID_PARAMETER;
545 }
546
547 //
548 // Enumerate through the list of parameters that are input by user.
549 //
550 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
551 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
552 //
553 // Enumerate the check list that defines the conflicted attributes of each flag.
554 //
555 for (; Item->VarName != NULL; Item++) {
556 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
557 Index++;
558 if (Index == 1) {
559 Attribute1 = Item->Attribute1;
560 Attribute2 = Item->Attribute2;
561 Attribute3 = Item->Attribute3;
562 Attribute4 = Item->Attribute4;
563 } else {
564 Attribute1 &= Item->Attribute1;
565 Attribute2 |= Item->Attribute2;
566 Attribute3 &= Item->Attribute3;
567 Attribute4 |= Item->Attribute4;
568 if (Attribute1 != 0) {
569 return EFI_INVALID_PARAMETER;
570 }
571
572 if (Attribute2 != 0) {
573 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {
574 continue;
575 }
576
577 return EFI_INVALID_PARAMETER;
578 }
579
580 if (Attribute3 == 0) {
581 return EFI_INVALID_PARAMETER;
582 }
583 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||
584 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {
585 return EFI_INVALID_PARAMETER;
586 }
587 }
588 break;
589 }
590 }
591
592 Item = mIpSecConfigVarCheckList;
593 }
594 }
595
596 return EFI_SUCCESS;
597 }
598
599 /**
600 This is the declaration of an EFI image entry point. This entry point is
601 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including
602 both device drivers and bus drivers.
603
604 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.
605
606 @param[in] ImageHandle The image handle of this application.
607 @param[in] SystemTable The pointer to the EFI System Table.
608
609 @retval EFI_SUCCESS The operation completed successfully.
610
611 **/
612 EFI_STATUS
613 EFIAPI
614 InitializeIpSecConfig (
615 IN EFI_HANDLE ImageHandle,
616 IN EFI_SYSTEM_TABLE *SystemTable
617 )
618 {
619 EFI_STATUS Status;
620 EFI_IPSEC_CONFIG_DATA_TYPE DataType;
621 UINT8 Value;
622 LIST_ENTRY *ParamPackage;
623 CONST CHAR16 *ValueStr;
624 CHAR16 *ProblemParam;
625 UINTN NonOptionCount;
626
627 //
628 // Register our string package with HII and return the handle to it.
629 //
630 mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);
631 ASSERT (mHiiHandle != NULL);
632
633 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);
634 if (EFI_ERROR (Status)) {
635 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);
636 goto Done;
637 }
638
639 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);
640 if (EFI_ERROR (Status)) {
641 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);
642 goto Done;
643 }
644
645 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);
646 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {
647 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
648 goto Done;
649 }
650
651 Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);
652 if (EFI_ERROR (Status) || mIpSec == NULL) {
653 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);
654 goto Done;
655 }
656
657 //
658 // Enable IPsec.
659 //
660 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {
661 if (!(mIpSec->DisabledFlag)) {
662 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);
663 } else {
664 //
665 // Set enable flag.
666 //
667 Value = IPSEC_STATUS_ENABLED;
668 Status = gRT->SetVariable (
669 IPSECCONFIG_STATUS_NAME,
670 &gEfiIpSecConfigProtocolGuid,
671 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
672 sizeof (Value),
673 &Value
674 );
675 if (!EFI_ERROR (Status)) {
676 mIpSec->DisabledFlag = FALSE;
677 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);
678 } else {
679 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);
680 }
681 }
682
683 goto Done;
684 }
685
686 //
687 // Disable IPsec.
688 //
689 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {
690 if (mIpSec->DisabledFlag) {
691 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);
692 } else {
693 //
694 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.
695 //
696 gBS->SignalEvent (mIpSec->DisabledEvent);
697 if (mIpSec->DisabledFlag) {
698 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);
699 } else {
700 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);
701 }
702 }
703
704 goto Done;
705 }
706
707 //
708 //IPsec Status.
709 //
710 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {
711 if (mIpSec->DisabledFlag) {
712 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);
713 } else {
714 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);
715 }
716 goto Done;
717 }
718
719 //
720 // Try to get policy database type.
721 //
722 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;
723 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");
724 if (ValueStr != NULL) {
725 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);
726 if (DataType == -1) {
727 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);
728 goto Done;
729 }
730 }
731
732 if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {
733 if (DataType == -1) {
734 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);
735 goto Done;
736 }
737
738 switch (DataType) {
739 case IPsecConfigDataTypeSpd:
740 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);
741 break;
742
743 case IPsecConfigDataTypeSad:
744 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);
745 break;
746
747 case IPsecConfigDataTypePad:
748 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);
749 break;
750
751 default:
752 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);
753 break;
754 }
755
756 goto Done;
757 }
758
759 NonOptionCount = ShellCommandLineGetCount (ParamPackage);
760 if ((NonOptionCount - 1) > 0) {
761 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));
762 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);
763 goto Done;
764 }
765
766 if (DataType == -1) {
767 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);
768 goto Done;
769 }
770
771 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {
772 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
773 if (EFI_ERROR (Status)) {
774 goto Done;
775 }
776 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {
777 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);
778 if (EFI_ERROR (Status)) {
779 goto Done;
780 }
781 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {
782 Status = EditPolicyEntry (DataType, ParamPackage);
783 if (EFI_ERROR (Status)) {
784 goto Done;
785 }
786 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {
787 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
788 if (EFI_ERROR (Status)) {
789 goto Done;
790 }
791 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {
792 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);
793 if (EFI_ERROR (Status)) {
794 goto Done;
795 }
796 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {
797 Status = ListPolicyEntry (DataType, ParamPackage);
798 if (EFI_ERROR (Status)) {
799 goto Done;
800 }
801 } else {
802 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);
803 goto Done;
804 }
805
806 Done:
807 ShellCommandLineFreeVarList (ParamPackage);
808 HiiRemovePackages (mHiiHandle);
809
810 return EFI_SUCCESS;
811 }