summaryrefslogtreecommitdiff
path: root/NetworkPkg
diff options
context:
space:
mode:
authorqianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>2011-12-08 03:15:55 +0000
committerqianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>2011-12-08 03:15:55 +0000
commitda7c529ca1c93071792745005aea5edf38669731 (patch)
tree2366e1c09fc3739d9bff39db7f560bb69b64aef0 /NetworkPkg
parentc20d62b5d2cb8e3cd9599e0ee26409e0d60cbe35 (diff)
downloadedk2-platforms-da7c529ca1c93071792745005aea5edf38669731.tar.xz
IpsecConfigApp add the check for the required options (--local, --remote, Auth-algo, Auth-key) for SAD adding.
Signed-off-by: qianouyang Reviewed-by: czhan46 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12829 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg')
-rw-r--r--NetworkPkg/Application/IpsecConfig/Dump.c13
-rw-r--r--NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c39
2 files changed, 41 insertions, 11 deletions
diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c
index 72d3bc5955..1a82a63df3 100644
--- a/NetworkPkg/Application/IpsecConfig/Dump.c
+++ b/NetworkPkg/Application/IpsecConfig/Dump.c
@@ -92,7 +92,7 @@ DumpBuf (
{
UINTN Index;
for (Index = 0; Index < Length; Index++) {
- Print (L"%02x ", Data[Index]);
+ Print (L"%02x ", Data[Index]);
}
}
@@ -457,12 +457,12 @@ DumpSadEntry (
//
Print (L" Auth:%s/",AuthAlgoStr);
DumpAsciiString (
- Data->AlgoInfo.EspAlgoInfo.AuthKey,
+ Data->AlgoInfo.EspAlgoInfo.AuthKey,
Data->AlgoInfo.EspAlgoInfo.AuthKeyLength
);
Print (L"\n Encrypt:%s/",EncAlgoStr);
DumpAsciiString (
- Data->AlgoInfo.EspAlgoInfo.EncKey,
+ Data->AlgoInfo.EspAlgoInfo.EncKey,
Data->AlgoInfo.EspAlgoInfo.EncKeyLength
);
} else {
@@ -472,13 +472,14 @@ DumpSadEntry (
//
Print (L" Auth:%s/",AuthAlgoStr);
DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
-
+
Print (L"\n Encrypt:%s/",EncAlgoStr);
- DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
+ DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
}
}
+ Print (L"\n");
if (Data->SpdSelector != NULL) {
- Print (L"\n ");
+ Print (L" ");
DumpSpdSelector (Data->SpdSelector);
Print (L"\n");
}
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
index d8330bcce0..67209f6247 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@@ -913,7 +913,7 @@ CreateSadEntry (
}
//
- // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+ // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
if (ValueStr != NULL) {
@@ -934,10 +934,28 @@ CreateSadEntry (
*Mask |= SOURCE;
}
}
+
+ //
+ // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
+ //
+ if ((*Data)->Mode == EfiIPsecTunnel) {
+ if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
+ mHiiHandle,
+ mAppName,
+ L"--tunnel-source --tunnel-dest"
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ }
+ }
ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
if (CreateNew) {
- if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
+ if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
ShellPrintHiiEx (
-1,
-1,
@@ -945,7 +963,7 @@ CreateSadEntry (
STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
mHiiHandle,
mAppName,
- L"--spi --ipsec-proto --dest"
+ L"--spi --ipsec-proto --local --remote"
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else {
@@ -974,7 +992,7 @@ CreateSadEntry (
ReturnStatus = EFI_INVALID_PARAMETER;
}
} else {
- if ((*Mask & ENCRYPT_ALGO) == 0) {
+ if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
ShellPrintHiiEx (
-1,
-1,
@@ -982,7 +1000,7 @@ CreateSadEntry (
STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
mHiiHandle,
mAppName,
- L"--encrypt-algo"
+ L"--encrypt-algo --auth-algo"
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
@@ -996,6 +1014,17 @@ CreateSadEntry (
L"--encrypt-key"
);
ReturnStatus = EFI_INVALID_PARAMETER;
+ } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
+ mHiiHandle,
+ mAppName,
+ L"--auth-key"
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
}
}
}