+++ /dev/null
-/** @file\r
- The main process for IpSecConfig application.\r
-\r
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/HiiLib.h>\r
-\r
-#include <Protocol/IpSec.h>\r
-\r
-#include "IpSecConfig.h"\r
-#include "Dump.h"\r
-#include "Indexer.h"\r
-#include "PolicyEntryOperation.h"\r
-#include "Delete.h"\r
-#include "Helper.h"\r
-\r
-//\r
-// String token ID of IpSecConfig command help message text.\r
-//\r
-GLOBAL_REMOVE_IF_UNREFERENCED EFI_STRING_ID mStringIpSecHelpTokenId = STRING_TOKEN (STR_IPSEC_CONFIG_HELP);\r
-\r
-//\r
-// Used for ShellCommandLineParseEx only\r
-// and to ensure user inputs are in valid format\r
-//\r
-SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r
- { L"-p", TypeValue },\r
- { L"-a", TypeValue },\r
- { L"-i", TypeValue },\r
- { L"-e", TypeValue },\r
- { L"-d", TypeValue },\r
- { L"-f", TypeFlag },\r
- { L"-l", TypeFlag },\r
- { L"-enable", TypeFlag },\r
- { L"-disable", TypeFlag },\r
- { L"-status", TypeFlag },\r
-\r
- //\r
- // SPD Selector\r
- //\r
- { L"--local", TypeValue },\r
- { L"--remote", TypeValue },\r
- { L"--proto", TypeValue },\r
- { L"--local-port", TypeValue },\r
- { L"--remote-port", TypeValue },\r
- { L"--icmp-type", TypeValue },\r
- { L"--icmp-code", TypeValue },\r
-\r
- //\r
- // SPD Data\r
- //\r
- { L"--name", TypeValue },\r
- { L"--packet-flag", TypeValue },\r
- { L"--action", TypeValue },\r
- { L"--lifebyte", TypeValue },\r
- { L"--lifetime-soft", TypeValue },\r
- { L"--lifetime", TypeValue },\r
- { L"--mode", TypeValue },\r
- { L"--tunnel-local", TypeValue },\r
- { L"--tunnel-remote", TypeValue },\r
- { L"--dont-fragment", TypeValue },\r
- { L"--ipsec-proto", TypeValue },\r
- { L"--auth-algo", TypeValue },\r
- { L"--encrypt-algo", TypeValue },\r
-\r
- { L"--ext-sequence", TypeFlag },\r
- { L"--sequence-overflow", TypeFlag },\r
- { L"--fragment-check", TypeFlag },\r
- { L"--ext-sequence-", TypeFlag },\r
- { L"--sequence-overflow-", TypeFlag },\r
- { L"--fragment-check-", TypeFlag },\r
-\r
- //\r
- // SA ID\r
- // --ipsec-proto\r
- //\r
- { L"--spi", TypeValue },\r
- { L"--tunnel-dest", TypeValue },\r
- { L"--tunnel-source", TypeValue },\r
- { L"--lookup-spi", TypeValue },\r
- { L"--lookup-ipsec-proto", TypeValue },\r
- { L"--lookup-dest", TypeValue },\r
-\r
- //\r
- // SA DATA\r
- // --mode\r
- // --auth-algo\r
- // --encrypt-algo\r
- //\r
- { L"--sequence-number", TypeValue },\r
- { L"--antireplay-window", TypeValue },\r
- { L"--auth-key", TypeValue },\r
- { L"--encrypt-key", TypeValue },\r
- { L"--path-mtu", TypeValue },\r
-\r
- //\r
- // PAD ID\r
- //\r
- { L"--peer-id", TypeValue },\r
- { L"--peer-address", TypeValue },\r
- { L"--auth-proto", TypeValue },\r
- { L"--auth-method", TypeValue },\r
- { L"--ike-id", TypeValue },\r
- { L"--ike-id-", TypeValue },\r
- { L"--auth-data", TypeValue },\r
- { L"--revocation-data", TypeValue },\r
- { L"--lookup-peer-id", TypeValue },\r
- { L"--lookup-peer-address", TypeValue },\r
-\r
- { NULL, TypeMax },\r
-};\r
-\r
-//\r
-// -P\r
-//\r
-STR2INT mMapPolicy[] = {\r
- { L"SPD", IPsecConfigDataTypeSpd },\r
- { L"SAD", IPsecConfigDataTypeSad },\r
- { L"PAD", IPsecConfigDataTypePad },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --proto\r
-//\r
-STR2INT mMapIpProtocol[] = {\r
- { L"TCP", EFI_IP4_PROTO_TCP },\r
- { L"UDP", EFI_IP4_PROTO_UDP },\r
- { L"ICMP", EFI_IP4_PROTO_ICMP },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --action\r
-//\r
-STR2INT mMapIpSecAction[] = {\r
- { L"Bypass", EfiIPsecActionBypass },\r
- { L"Discard", EfiIPsecActionDiscard },\r
- { L"Protect", EfiIPsecActionProtect },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --mode\r
-//\r
-STR2INT mMapIpSecMode[] = {\r
- { L"Transport", EfiIPsecTransport },\r
- { L"Tunnel", EfiIPsecTunnel },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --dont-fragment\r
-//\r
-STR2INT mMapDfOption[] = {\r
- { L"clear", EfiIPsecTunnelClearDf },\r
- { L"set", EfiIPsecTunnelSetDf },\r
- { L"copy", EfiIPsecTunnelCopyDf },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --ipsec-proto\r
-//\r
-STR2INT mMapIpSecProtocol[] = {\r
- { L"AH", EfiIPsecAH },\r
- { L"ESP", EfiIPsecESP },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --auth-algo\r
-//\r
-STR2INT mMapAuthAlgo[] = {\r
- { L"NONE", IPSEC_AALG_NONE },\r
- { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r
- { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r
- { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r
- { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r
- { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r
- { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r
- { L"NULL", IPSEC_AALG_NULL },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --encrypt-algo\r
-//\r
-STR2INT mMapEncAlgo[] = {\r
- { L"NONE", IPSEC_EALG_NONE },\r
- { L"DESCBC", IPSEC_EALG_DESCBC },\r
- { L"3DESCBC", IPSEC_EALG_3DESCBC },\r
- { L"CASTCBC", IPSEC_EALG_CASTCBC },\r
- { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r
- { L"NULL", IPSEC_EALG_NULL },\r
- { L"AESCBC", IPSEC_EALG_AESCBC },\r
- { L"AESCTR", IPSEC_EALG_AESCTR },\r
- { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r
- { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r
- { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r
- { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r
- { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r
- { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --auth-proto\r
-//\r
-STR2INT mMapAuthProto[] = {\r
- { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r
- { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r
- { NULL, 0 },\r
-};\r
-\r
-//\r
-// --auth-method\r
-//\r
-STR2INT mMapAuthMethod[] = {\r
- { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r
- { L"Certificates", EfiIPsecAuthMethodCertificates },\r
- { NULL, 0 },\r
-};\r
-\r
-EFI_IPSEC2_PROTOCOL *mIpSec;\r
-EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r
-EFI_HII_HANDLE mHiiHandle;\r
-CHAR16 mAppName[] = L"IpSecConfig";\r
-\r
-//\r
-// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r
-//\r
-VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r
- { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
-\r
- { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
- { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
-\r
- { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r
-\r
- //\r
- // SPD Selector\r
- //\r
- { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
- { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
- { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
- { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
-\r
- //\r
- // SPD Data\r
- //\r
- { L"--name", 0, 0, BIT(2), 0 },\r
- { L"--packet-flag", 0, 0, BIT(2), 0 },\r
- { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--tunnel-local", 0, 0, BIT(2), 0 },\r
- { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r
- { L"--dont-fragment", 0, 0, BIT(2), 0 },\r
- { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
- { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
-\r
- { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r
- { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r
- { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r
- { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r
- { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r
- { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r
-\r
- //\r
- // SA ID\r
- // --ipsec-proto\r
- //\r
- { L"--spi", 0, 0, BIT(1), 0 },\r
- { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r
- { L"--tunnel-source", 0, 0, BIT(1), 0 },\r
- { L"--lookup-spi", 0, 0, BIT(1), 0 },\r
- { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r
- { L"--lookup-dest", 0, 0, BIT(1), 0 },\r
-\r
- //\r
- // SA DATA\r
- // --mode\r
- // --auth-algo\r
- // --encrypt-algo\r
- //\r
- { L"--sequence-number", 0, 0, BIT(1), 0 },\r
- { L"--antireplay-window", 0, 0, BIT(1), 0 },\r
- { L"--auth-key", 0, 0, BIT(1), 0 },\r
- { L"--encrypt-key", 0, 0, BIT(1), 0 },\r
- { L"--path-mtu", 0, 0, BIT(1), 0 },\r
-\r
- //\r
- // The example to add a PAD:\r
- // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r
- // --auth-method PreSharedSeceret/Certificate --ike-id\r
- // --auth-data 343343 --revocation-data 2342432"\r
- // The example to delete a PAD:\r
- // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r
- // "-D 1"\r
- // The example to edit a PAD:\r
- // "-E * --lookup-peer-id Mike --auth-method Certificate"\r
-\r
- //\r
- // PAD ID\r
- //\r
- { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r
- { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r
- { L"--auth-proto", 0, 0, BIT(0), 0 },\r
- { L"--auth-method", 0, 0, BIT(0), 0 },\r
- { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r
- { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r
- { L"--auth-data", 0, 0, BIT(0), 0 },\r
- { L"--revocation-data", 0, 0, BIT(0), 0 },\r
- { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r
- { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r
-\r
- { NULL, 0, 0, 0, 0 },\r
-};\r
-\r
-/**\r
- The function to allocate the proper sized buffer for various\r
- EFI interfaces.\r
-\r
- @param[in, out] Status Current status.\r
- @param[in, out] Buffer Current allocated buffer, or NULL.\r
- @param[in] BufferSize Current buffer size needed\r
-\r
- @retval TRUE If the buffer was reallocated and the caller should try the API again.\r
- @retval FALSE If the buffer was not reallocated successfully.\r
-**/\r
-BOOLEAN\r
-GrowBuffer (\r
- IN OUT EFI_STATUS *Status,\r
- IN OUT VOID **Buffer,\r
- IN UINTN BufferSize\r
- )\r
-{\r
- BOOLEAN TryAgain;\r
-\r
- ASSERT (Status != NULL);\r
- ASSERT (Buffer != NULL);\r
-\r
- //\r
- // If this is an initial request, buffer will be null with a new buffer size.\r
- //\r
- if ((NULL == *Buffer) && (BufferSize != 0)) {\r
- *Status = EFI_BUFFER_TOO_SMALL;\r
- }\r
-\r
- //\r
- // If the status code is "buffer too small", resize the buffer.\r
- //\r
- TryAgain = FALSE;\r
- if (*Status == EFI_BUFFER_TOO_SMALL) {\r
-\r
- if (*Buffer != NULL) {\r
- FreePool (*Buffer);\r
- }\r
-\r
- *Buffer = AllocateZeroPool (BufferSize);\r
-\r
- if (*Buffer != NULL) {\r
- TryAgain = TRUE;\r
- } else {\r
- *Status = EFI_OUT_OF_RESOURCES;\r
- }\r
- }\r
-\r
- //\r
- // If there's an error, free the buffer.\r
- //\r
- if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r
- FreePool (*Buffer);\r
- *Buffer = NULL;\r
- }\r
-\r
- return TryAgain;\r
-}\r
-\r
-/**\r
- Function returns an array of handles that support the requested protocol\r
- in a buffer allocated from a pool.\r
-\r
- @param[in] SearchType Specifies which handle(s) are to be returned.\r
- @param[in] Protocol Provides the protocol to search by.\r
- This parameter is only valid for SearchType ByProtocol.\r
-\r
- @param[in] SearchKey Supplies the search key depending on the SearchType.\r
- @param[in, out] NoHandles The number of handles returned in Buffer.\r
- @param[out] Buffer A pointer to the buffer to return the requested array of\r
- handles that support Protocol.\r
-\r
- @retval EFI_SUCCESS The resulting array of handles was returned.\r
- @retval Others Other mistake case.\r
-**/\r
-EFI_STATUS\r
-LocateHandle (\r
- IN EFI_LOCATE_SEARCH_TYPE SearchType,\r
- IN EFI_GUID *Protocol OPTIONAL,\r
- IN VOID *SearchKey OPTIONAL,\r
- IN OUT UINTN *NoHandles,\r
- OUT EFI_HANDLE **Buffer\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN BufferSize;\r
-\r
- ASSERT (NoHandles != NULL);\r
- ASSERT (Buffer != NULL);\r
-\r
- //\r
- // Initialize for GrowBuffer loop.\r
- //\r
- Status = EFI_SUCCESS;\r
- *Buffer = NULL;\r
- BufferSize = 50 * sizeof (EFI_HANDLE);\r
-\r
- //\r
- // Call the real function.\r
- //\r
- while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r
- Status = gBS->LocateHandle (\r
- SearchType,\r
- Protocol,\r
- SearchKey,\r
- &BufferSize,\r
- *Buffer\r
- );\r
- }\r
-\r
- *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r
- if (EFI_ERROR (Status)) {\r
- *NoHandles = 0;\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Find the first instance of this protocol in the system and return its interface.\r
-\r
- @param[in] ProtocolGuid The guid of the protocol.\r
- @param[out] Interface The pointer to the first instance of the protocol.\r
-\r
- @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r
- @retval Others A protocol instance matching ProtocolGuid was not found.\r
-**/\r
-EFI_STATUS\r
-LocateProtocol (\r
- IN EFI_GUID *ProtocolGuid,\r
- OUT VOID **Interface\r
- )\r
-\r
-{\r
- EFI_STATUS Status;\r
- UINTN NumberHandles;\r
- UINTN Index;\r
- EFI_HANDLE *Handles;\r
-\r
- *Interface = NULL;\r
- Handles = NULL;\r
- NumberHandles = 0;\r
-\r
- Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r
- return Status;\r
- }\r
-\r
- for (Index = 0; Index < NumberHandles; Index++) {\r
- ASSERT (Handles != NULL);\r
- Status = gBS->HandleProtocol (\r
- Handles[Index],\r
- ProtocolGuid,\r
- Interface\r
- );\r
-\r
- if (!EFI_ERROR (Status)) {\r
- break;\r
- }\r
- }\r
-\r
- if (Handles != NULL) {\r
- FreePool (Handles);\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Helper function called to check the conflicted flags.\r
-\r
- @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
-\r
- @retval EFI_SUCCESS No conflicted flags.\r
- @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r
-**/\r
-EFI_STATUS\r
-IpSecConfigRetriveCheckListByName (\r
- IN VAR_CHECK_ITEM *CheckList,\r
- IN LIST_ENTRY *ParamPackage\r
-)\r
-{\r
-\r
- LIST_ENTRY *Node;\r
- VAR_CHECK_ITEM *Item;\r
- UINT32 Attribute1;\r
- UINT32 Attribute2;\r
- UINT32 Attribute3;\r
- UINT32 Attribute4;\r
- UINT32 Index;\r
-\r
- Attribute1 = 0;\r
- Attribute2 = 0;\r
- Attribute3 = 0;\r
- Attribute4 = 0;\r
- Index = 0;\r
- Item = mIpSecConfigVarCheckList;\r
-\r
- if ((ParamPackage == NULL) || (CheckList == NULL)) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Enumerate through the list of parameters that are input by user.\r
- //\r
- for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r
- if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r
- //\r
- // Enumerate the check list that defines the conflicted attributes of each flag.\r
- //\r
- for (; Item->VarName != NULL; Item++) {\r
- if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r
- Index++;\r
- if (Index == 1) {\r
- Attribute1 = Item->Attribute1;\r
- Attribute2 = Item->Attribute2;\r
- Attribute3 = Item->Attribute3;\r
- Attribute4 = Item->Attribute4;\r
- } else {\r
- Attribute1 &= Item->Attribute1;\r
- Attribute2 |= Item->Attribute2;\r
- Attribute3 &= Item->Attribute3;\r
- Attribute4 |= Item->Attribute4;\r
- if (Attribute1 != 0) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- if (Attribute2 != 0) {\r
- if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r
- continue;\r
- }\r
-\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- if (Attribute3 == 0) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r
- ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- }\r
- break;\r
- }\r
- }\r
-\r
- Item = mIpSecConfigVarCheckList;\r
- }\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- This is the declaration of an EFI image entry point. This entry point is\r
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
- both device drivers and bus drivers.\r
-\r
- The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r
-\r
- @param[in] ImageHandle The image handle of this application.\r
- @param[in] SystemTable The pointer to the EFI System Table.\r
-\r
- @retval EFI_SUCCESS The operation completed successfully.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-InitializeIpSecConfig (\r
- IN EFI_HANDLE ImageHandle,\r
- IN EFI_SYSTEM_TABLE *SystemTable\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r
- UINT8 Value;\r
- LIST_ENTRY *ParamPackage;\r
- CONST CHAR16 *ValueStr;\r
- CHAR16 *ProblemParam;\r
- UINTN NonOptionCount;\r
- EFI_HII_PACKAGE_LIST_HEADER *PackageList;\r
-\r
- //\r
- // Retrieve HII package list from ImageHandle\r
- //\r
- Status = gBS->OpenProtocol (\r
- ImageHandle,\r
- &gEfiHiiPackageListProtocolGuid,\r
- (VOID **) &PackageList,\r
- ImageHandle,\r
- NULL,\r
- EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- //\r
- // Publish HII package list to HII Database.\r
- //\r
- Status = gHiiDatabase->NewPackageList (\r
- gHiiDatabase,\r
- PackageList,\r
- NULL,\r
- &mHiiHandle\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- ASSERT (mHiiHandle != NULL);\r
-\r
- Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r
- goto Done;\r
- }\r
-\r
- Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r
- goto Done;\r
- }\r
-\r
- Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r
- if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
- goto Done;\r
- }\r
-\r
- Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);\r
- if (EFI_ERROR (Status) || mIpSec == NULL) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
- goto Done;\r
- }\r
-\r
- //\r
- // Enable IPsec.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r
- if (!(mIpSec->DisabledFlag)) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r
- } else {\r
- //\r
- // Set enable flag.\r
- //\r
- Value = IPSEC_STATUS_ENABLED;\r
- Status = gRT->SetVariable (\r
- IPSECCONFIG_STATUS_NAME,\r
- &gEfiIpSecConfigProtocolGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
- sizeof (Value),\r
- &Value\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- mIpSec->DisabledFlag = FALSE;\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r
- } else {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r
- }\r
- }\r
-\r
- goto Done;\r
- }\r
-\r
- //\r
- // Disable IPsec.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r
- if (mIpSec->DisabledFlag) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r
- } else {\r
- //\r
- // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r
- //\r
- gBS->SignalEvent (mIpSec->DisabledEvent);\r
- if (mIpSec->DisabledFlag) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r
- } else {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r
- }\r
- }\r
-\r
- goto Done;\r
- }\r
-\r
- //\r
- //IPsec Status.\r
- //\r
- if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r
- if (mIpSec->DisabledFlag) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r
- } else {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r
- }\r
- goto Done;\r
- }\r
-\r
- //\r
- // Try to get policy database type.\r
- //\r
- DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;\r
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r
- if (ValueStr != NULL) {\r
- DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r
- if (DataType == -1) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r
- goto Done;\r
- }\r
- }\r
-\r
- NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r
- if ((NonOptionCount - 1) > 0) {\r
- ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r
- goto Done;\r
- }\r
-\r
- if (DataType == -1) {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r
- goto Done;\r
- }\r
-\r
- if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
- Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r
- Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r
- Status = EditPolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r
- Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r
- Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r
- Status = ListPolicyEntry (DataType, ParamPackage);\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
- }\r
- } else {\r
- ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r
- goto Done;\r
- }\r
-\r
-Done:\r
- ShellCommandLineFreeVarList (ParamPackage);\r
- HiiRemovePackages (mHiiHandle);\r
-\r
- return EFI_SUCCESS;\r
-}\r