//---------------------------------------------------------------------------- // // Copyright (C) 2006 Intel Corporation // // File: ConfigFile.h // // Contents: functions for creating and reading a configuration setup file // containg records with PID, PPS and MEBx password information // //---------------------------------------------------------------------------- #ifndef _CONFIG_FILE_H #define _CONFIG_FILE_H #include "MyRand.h" #include "CertHash.h" #include "SetupFileDefinitions.h" #include #include #include using namespace std; // definitions #define PID_LENGTH 8 #define PPS_LENGTH 32 #define MIN_PWD_LEN 8 #define MAX_PWD_LEN 32 #define SINGLE_CHUNK_COUNT 1 #define GUID_LENGTH 16 #define HOSTNAME_MAX_LENGTH 63 #define DOMAIN_NAME_MAX_LENGTH 256 #define DHCP_LENGTH 1 #define SFWU_LENGTH 1 #define IDLE_TIMEOUT_LENGTH 4 #define PM_LENGTH 1 #define PROSERADDR_IPV4_SIZE 4 #define PROSERADDR_IPV6_SIZE 16 #define PROSERADDR_MAX_SIZE 16 #define PROSERPORT_SIZE 2 #define VLAN_SIZE 3 #define STATIC_PV4_PARAMS_SIZE 20 #define MIN_IDLE_TIMEOUT 1 #define MAX_IDLE_TIMEOUT 0XFFFF #define MIN_SUPPORT_CHANNEL_IDEN 1 #define MAX_SUPPORT_CHANNEL_IDEN 0XFFFF #define SUPPORT_CHANNEL_IDEN_SIZE 4 #define SUPPORT_CHANNEL_DESC_MAX_LENGTH 60 #define SERVICE_ACCOUNT_NO_MAX_LENGTH 32 #define ENROLLMENT_PASSCODE_MAX_LENGTH 32 #define SERVICE_TYPE_SIZE 4 #define IPV6_PARAMS_SIZE_NEW_FORMAT 84 #define IPV6_PARAMS_SIZE 204 #define IPV6_INTERFACE_INDEX_OFFSET 0 #define IPV6_ENABLED_OFFSET 1 #define IPV6_INTERFACE_ID_TYPE_OFFSET 2 #define IPV6_INTERFACE_ID_OFFSET 3 #define IPV6_INTERFACE_ID_STRING_LENGTH 16 #define IPV6_ADDRESS_OFFSET 20 #define IPV6_DEFAULT_ROUTER_OFFSET 66 #define IPV6_PRIMARY_DNS_ADD_OFFSET 112 #define IPV6_SECONDARY_DNS_ADD_OFFSET 158 #define IPV6_DEFAULT_ROUTER_OFFSET_NEW_FORMAT 36 #define IPV6_PRIMARY_DNS_ADD_OFFSET_NEW_FORMAT 52 #define IPV6_SECONDARY_DNS_ADD_OFFSET_NEW_FORMAT 68 #define PASS_POLICY_FLAG_SIZE 1 #define LAST_SMALL_ERROR 21 #define FISRT_BIG_ERROR 101 // error codes // failed to write to the given file #define CONFIG_FILE_WRITE_ERROR 101 // failed to read from the given file #define CONFIG_FILE_READ_ERROR 102 // failed to create random numbers #define CONFIG_RNG_ERROR 103 // the CurrentMEBx password is invalid #define CONFIG_INVALID_CURR_PWD 104 // the NewMEBx password is invalid #define CONFIG_INVALID_NEW_PWD 105 // the PID is invalid #define CONFIG_INVALID_PID 106 // the PPS is invalid #define CONFIG_INVALID_PPS 107 // the data record is missing a CurrentMEBx password entry #define CONFIG_MISSING_CURR_PWD 108 // the data record is missing a NewMEBx password entry #define CONFIG_MISSING_NEW_PWD 109 // the data record is missing a PID entry #define CONFIG_MISSING_PID 110 // the data record is missing a PPS entry #define CONFIG_MISSING_PPS 111 // invalid DnsSuffix #define CONFIG_INVALID_DNS_SUFFIX 112 // invalid fqdn #define CONFIG_INVALID_FQDN 113 // invalid ZTC setting #define CONFIG_INVALID_ZTC_ENABLED 114 // invalid sol ide redirection config #define CONFIG_INVALID_SOLIDER_CONFIG 115 // invalid Support Channel Description #define CONFIG_INVALID_SUPPORT_CH_DESC 116 // invalid Service Account Number #define CONFIG_INVALID_SERVICE_ACC_NO 117 // invalid Enrollment Passcode #define CONFIG_INVALID_ENROLLMENT_PASSCODE 118 const static string S_ERROR_STRINGS[] = {/***************************/ /*** ERRORS FROM 1 T0 22 ***/ /***************************/ "The setup file header has an illegal UUID", "The setup file version is unsupported", "A record entry that does not contain a current MEBx Password was encountered", "The given buffer length is invalid", "The header chunk count cannot contain all of the setup file header data", "The record chunk count cannot contain all of the setup file record data", "The requested index is invalid", "The setup file header indicates that there are no valid records(RecordsConsumed >= RecordCount)", "The given buffer is invalid", "A record entry with an invalid Module ID was encountered", "A record entry with an invalid record number was encountered", "The setup file header contains an invalid module ID list", "The setup file header contains an invalid byte count", "The setup file record id is not RECORD_IDENTIFIER_DATA_RECORD", "The list of data record entries is invalid", "The setup file is corrupted", "The setup record has already been used", "A record entry that does not contain a new MEBx password was encountered", "A record with an invalid manageability feature selection was found", "Invalid input was received", "A record with invalid certificate hash settings was encountered", "A file contains both scrambled and clear records was encountered", /***************************/ /***ERRORS FROM 101 T0 115**/ /***************************/ "Failed to write to the given file", "Failed to read from the given file", "Failed to create random numbers", "The CurrentMEBx password is invalid", "The NewMEBx password is invalid", "The PID is invalid", "The PPS is invalid", "The data record is missing a CurrentMEBx password entry", "The data record is missing a NewMEBx password entry", "The data record is missing a PID entry", "The data record is missing a PPS entry", "Invalid DnsSuffix", "Invalid fqdn", "Invalid ZTC setting", "Invalid sol ide redirection config", "Invalid Support Channel Description", "Invalid Service Account Number", "Invalid Enrollment Passcode"}; enum CFG_MEBX_PWD_CHANGE_POLICY { CFG_PWD_CHANGE_POLICY_ONLY_DEFAULT = 0, CFG_PWD_CHANGE_POLICY_BLOCK_IN_POST, CFG_PWD_CHANGE_POLICY_ALWAYS_ALLOWED }; enum IP_TYPE { IPV4 = 0, IPV6 }; enum LOCAL_FW_UPDATE_OPTION { LOCAL_FW_UPDATE_DISABLED = 0, LOCAL_FW_UPDATE_ENABLED, LOCAL_FW_UPDATE_PASSWORD_PROTECTED }; enum USER_CERTIFICATE_OPTION { USER_CERTIFICATE_DISABLED = 0, USER_CERTIFICATE_ENABLED, USER_CERTIFICATE_DELETE }; enum OEM_CERTIFICATE_OPTION { OEM_CERTIFICATE_DISABLED = 0, OEM_CERTIFICATE_ENABLED, }; // this struct holds general setup file settings struct RecordSettings { unsigned char majorVersion; unsigned char minorVersion; string currentMEBxPwd; string newMEBxPwd; bool pidValid; char pid[PID_LENGTH]; bool ppsValid; char pps[PPS_LENGTH]; bool generateRandomPskPair; bool dnsSuffixValid; string dnsSuffix; bool serverFqdnValid; string ServerFqdn; bool setAmt; bool soliderConfigValid; unsigned char soliderConfig; bool enableRCFGValid; bool enableRCFG; vector certHashes; bool fwLocalUpdatePresent; LOCAL_FW_UPDATE_OPTION fwLocalUpdateEnable; bool fwUpdateQualifierPresent; unsigned char fwUpdateQualifier; bool multiple; unsigned char guid[GUID_LENGTH]; bool guidPresent; int numRecords; string hostName; bool hostNamePresent; string domainName; bool domainNamePresent; bool dhcpPresent; unsigned char dhcp; bool secureFWUpdatePresent; bool secureFWUpdate; bool provisionModePresent; unsigned char provisionMode; bool idleTimeOutPresent; unsigned char idleTimeOut[4]; bool provisionServerAddPresent; unsigned int provisionServerAddSize; IP_TYPE provisionServerAddType; unsigned char provisionServerAdd[PROSERADDR_MAX_SIZE]; bool provisionServerPortPresent; unsigned char provisionServerPort[2]; bool vlanPresent; unsigned char vlan[VLAN_SIZE]; bool passPolicyFlagExist; CFG_MEBX_PWD_CHANGE_POLICY passPolicyFlag; bool staticIPv4ParamsPresent; unsigned char staticIPv4Params[STATIC_PV4_PARAMS_SIZE]; bool consumable; bool sharedDedicatedFqdnPresent; unsigned char sharedDedicatedFqdn; bool dynamicDnsUpdatePresent; unsigned char dynamicDnsUpdate; bool kvmStatePresent; unsigned char kvmState; bool optInUserConsentPresent; unsigned char optInUserConsentOption; bool optInRemoteITPresent; unsigned char optInRemoteItPolicy; bool meProvisioningHaltActivatePresent; unsigned char meProvisioningHaltActivate; bool manualSetupAndConfigurationPresent; unsigned char manualSetupAndConfiguration; bool supportChannelIdentifierPresent; unsigned char supportChannelIdentifier[SUPPORT_CHANNEL_IDEN_SIZE]; bool supportChannelDescriptionPresent; string supportChannelDescription; bool serviceAccountNumberPresent; string serviceAccountNumber; bool enrollmentPasscodePresent; string enrollmentPasscode; bool serviceTypePresent; unsigned char serviceType[SERVICE_TYPE_SIZE]; bool ipv6ParamsPresent; unsigned char* ipv6Params; bool serviceProviderIdentifierPresent; unsigned char serviceProviderIdentifier[GUID_LENGTH]; bool scrambleRecords; bool userCertificateFlagExist; USER_CERTIFICATE_OPTION userCertificateFlag; bool oemCertificateFlagExist; OEM_CERTIFICATE_OPTION oemCertificateFlag; }; // a struct that binds a PID, PPS PWD triplet struct ConfigRecord { bool valid; string CurrentMEBxPwd; string NewMEBxPwd; bool hasPskPair; char Pid[PID_LENGTH]; char Pps[PPS_LENGTH]; }; struct IPV6SettingsNewFormat { string ipv6Address; string defultRouter; string primaryDNS; string secondaryDNS; }; /* * This function writes a setup file with data records containing PID, PPS and * MEBx password information. All records must be valid. The file created by * this function is of version 1.0 * Arguments: * fileName - the name of the file to write to * records - a list of records containing PID, PPS, and password information * overwrite - if true and the given file exists, the existing * file will be overwritten. * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int WriteVersion1ConfigFile(const string& fileName, const vector& records, const bool overwrite = false); /* * This function parses a setup file and retrieves a list of records. The * records will be retrieved in the order that they appear in the file. * Invalid records (records that were alreay used by the BIOS) will also * be added to the container. * Arguments: * fileName - the name of the file to read from * records - if not NULL and the file was parsed successfully, the * DataRecords will be added to records until an error occurs. * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int ReadConfigFile(const string& fileName, vector& records); /* * This function parses a setup file and returns a record at a given index. * Note - the function assumes that the data records contain PID, PPS and * MEBx password entries * Arguments: * fileName - the name of the file to read from * index - a non-zero positive integer indicating the index of the requested * record * config - if not NULL, will hold the PID, PPS and password information on * successful return * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int GetConfigFileRecord(const string& fileName, const unsigned int index, ConfigRecord* config); /* * This function tests the length and strength of a NewMEBxPassword. * Arguments: * pwd - the password to test * Return Value: * true - if the pwd is valid */ bool IsPasswordValid(const string& pwd); bool ParseIPv6(unsigned char* ipv6PartByteArray, string& ipv6PartInput); /* * This function tests if the PSK pair is all zeroes - a valid PSK pair for disabling the PSK * capability if it was already enabled. * Arguments: * pid - the PID to test * pps - the PPS to test * Return Value: * true - if the PSK pair is all zeroes */ bool IsPskAllZeroes(const char pid[PID_LENGTH], const char pps[PPS_LENGTH]); /* * This function tests a PID. In particular, it verifies the CRC mechanism. * Arguments: * pid - the PID to test * Return Value: * true - if the PID is valid */ bool IsPidValid(const char pid[PID_LENGTH]); /* * This function tests a PPS. In particular, it verifies the CRC mechanism. * Arguments: * pps - the PPS to test * Return Value: * true - if the PPS is valid */ bool IsPpsValid(const char pps[PPS_LENGTH]); /* * This function tests the validity of the PID, PPS and MEBx passwords. * Arguments: * record - the record to test * Return Value: * CONFIG_SUCCESS - if valid * a non-zero error code indicating the problem, otherwise */ int IsRecordValid(const ConfigRecord record); /* * This function chooses a random char from a given string of chars * Arguments: * randomChar - on return will hold the chosen char * validChars - the valid chars to choose from * myRand - the PRNG object used to randomize the result */ void RandomChar(char* randomChar, const string & validChars, const MyRand* myRand); /* * This function creates a random password * Arguments: * pwd - on return will hold the random password * length - the password length (scaled to a number between MIN_PWD_LEN and * MAX_PWD_LEN) * myRand - the PRNG object used to randomize the result * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int RandomPassword(string* pwd, const unsigned int length, const MyRand* myrand = NULL); /* * This function creates a random PID * Arguments: * pid - on return will hold the random PID * myRand - the PRNG object used to randomize the result * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int RandomPid(char pid[PID_LENGTH], const MyRand* myrand = NULL); /* * This function creates a random PPS * Arguments: * pps - on return will hold the random PPS * myRand - the PRNG object used to randomize the result * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int RandomPps(char pps[PPS_LENGTH], const MyRand* myrand = NULL); /* * This function creates a data record using the parameters provided. * Arguments: * settings - the USB record details * record - data record created * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int CreateDataRecord(const RecordSettings& settings, DataRecord& record); /* * This function creates a setup file with multiple (consumable) records * or single record using the parameters provided. * Arguments: * settings - the USB record details * fileName - ouput file name * overwrite - overwrite output file * records - if not NULL, the generated records will be returned * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int WriteConfigFile(const RecordSettings& settings, const string& fileName, bool overwrite = false, vector* records = NULL); /* * This function parses a setup file and returns data regarding the file * as well as the (valid) data records it contains. The data records are * returned as they are; no validation of the data content is performed. * Arguments: * fileName - the name of the usb file * fileInfo - if not NULL this will hold the file details * records - if not NULL this will hold the list of valid records * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int ParseUsbFile(const string& fileName, SetupFileInfo* fileInfo = NULL, vector* records = NULL); /* * This function parses a setup file and dumps data regarding the file * as well as the (valid) data records it contains to the given stream. * Arguments: * fileName - the name of the usb file * out - the file info will be dumped to here * printrecords - true to dump the valid records * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int DumpUsbFile(const string& fileName, ostream& out, bool printRecords); /* * Prints a data record to a stream. If an error is encountered while parsing, * the function will halt and return an error code. * Arguments: * record - a data record * out - the file info and data records will be dumped to here * majorVersion - the major version of the file * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int PrintDataRecord(const DataRecord& record, ostream& out, unsigned int majorVersion); /* * Scrambles record entry so that every byte in the data is increased by 17, then computed by modulo 256. * (srcByte = (srcByte + 17)%256 * Arguments: * recordEntry - a record to scramble * recordEntrySize - the record (not including the record header) size in bytes * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int ScrambleRecordData(unsigned char* recordData, const size_t recordDataSize); /* * Descrambles record entry so that every byte in the data is increased by 17, then computed by modulo 256. * (srcByte = (srcByte + 17)%256 * Arguments: * recordEntry - a scrambled record (not including the record header) * recordEntrySize - the record entry size (in bytes) * Return Value: * CONFIG_SUCCESS - on success * a non-zero error code - on failure */ int DescrambleRecordData(unsigned char* recordData, const size_t recordDataSize); #endif