summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NetworkPkg/Application/IpsecConfig/Dump.c56
-rw-r--r--NetworkPkg/Application/IpsecConfig/IpSecConfig.c8
-rw-r--r--NetworkPkg/Application/IpsecConfig/Match.c2
-rw-r--r--NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c120
-rw-r--r--NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h1
5 files changed, 125 insertions, 62 deletions
diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c
index 004ab1089c..f467f94afb 100644
--- a/NetworkPkg/Application/IpsecConfig/Dump.c
+++ b/NetworkPkg/Application/IpsecConfig/Dump.c
@@ -347,10 +347,10 @@ DumpSpdEntry (
}
/**
- Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA content.
+ Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
@param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in] Data The pointer to the EFI_IPSEC_SA_DATA structure.
+ @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] EntryIndex The pointer to the Index in the SAD Database.
@retval EFI_SUCCESS Dump SAD information successfully.
@@ -358,13 +358,20 @@ DumpSpdEntry (
EFI_STATUS
DumpSadEntry (
IN EFI_IPSEC_SA_ID *SaId,
- IN EFI_IPSEC_SA_DATA *Data,
+ IN EFI_IPSEC_SA_DATA2 *Data,
IN UINTN *EntryIndex
)
{
BOOLEAN HasPre;
- CHAR16 *String1;
- CHAR16 *String2;
+ CHAR16 *AuthAlgoStr;
+ CHAR16 *EncAlgoStr;
+ CHAR8 *AuthKeyAsciiStr;
+ CHAR8 *EncKeyAsciiStr;
+
+ AuthAlgoStr = NULL;
+ EncAlgoStr = NULL;
+ AuthKeyAsciiStr = NULL;
+ EncKeyAsciiStr = NULL;
//
// SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
@@ -375,9 +382,14 @@ DumpSadEntry (
Print (L"%d.", (*EntryIndex)++);
Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
- Print (L"Destination:");
- DumpIpAddress (&SaId->DestAddress);
- Print (L"\n");
+ if (Data->Mode == EfiIPsecTunnel) {
+ Print (L"TunnelSourceAddress:");
+ DumpIpAddress (&Data->TunnelSourceAddress);
+ Print (L"\n");
+ Print (L"TunnelDestination:");
+ DumpIpAddress (&Data->TunnelDestinationAddress);
+ Print (L"\n");
+ }
Print (
L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
@@ -418,15 +430,29 @@ DumpSadEntry (
Data->AlgoInfo.AhAlgoInfo.AuthKey
);
} else {
- String1 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
- String2 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+ AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
+ EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+
+ AuthKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1);
+ ASSERT (AuthKeyAsciiStr != NULL);
+ CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
+ AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0';
+
+ EncKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1);
+ ASSERT (EncKeyAsciiStr != NULL) ;
+ CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
+ EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0';
+
Print (
- L" Auth:%s/%s Encrypt:%s/%s\n",
- String1,
- Data->AlgoInfo.EspAlgoInfo.AuthKey,
- String2,
- Data->AlgoInfo.EspAlgoInfo.EncKey
+ L" Auth:%s/%a Encrypt:%s/%a\n",
+ AuthAlgoStr,
+ AuthKeyAsciiStr,
+ EncAlgoStr,
+ EncKeyAsciiStr
);
+
+ FreePool (AuthKeyAsciiStr);
+ FreePool (EncKeyAsciiStr);
}
if (Data->SpdSelector != NULL) {
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
index 3554355bd7..1e63bc9622 100644
--- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
+++ b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
@@ -82,7 +82,8 @@ SHELL_PARAM_ITEM mIpSecConfigParamList[] = {
// --ipsec-proto
//
{ L"--spi", TypeValue },
- { L"--dest", TypeValue },
+ { L"--tunnel-dest", TypeValue },
+ { L"--tunnel-source", TypeValue },
{ L"--lookup-spi", TypeValue },
{ L"--lookup-ipsec-proto", TypeValue },
{ L"--lookup-dest", TypeValue },
@@ -292,7 +293,8 @@ VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {
// --ipsec-proto
//
{ L"--spi", 0, 0, BIT(1), 0 },
- { L"--dest", 0, 0, BIT(1), 0 },
+ { L"--tunnel-dest", 0, 0, BIT(1), 0 },
+ { L"--tunnel-source", 0, 0, BIT(1), 0 },
{ L"--lookup-spi", 0, 0, BIT(1), 0 },
{ L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
{ L"--lookup-dest", 0, 0, BIT(1), 0 },
@@ -548,7 +550,7 @@ IpSecConfigRetriveCheckListByName (
for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
//
- // Enumerate the check list that defines the conflicted attributes of each flag.
+ // Enumerate the check list that defines the conflicted attributes of each flag.
//
for (; Item->VarName != NULL; Item++) {
if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
diff --git a/NetworkPkg/Application/IpsecConfig/Match.c b/NetworkPkg/Application/IpsecConfig/Match.c
index d6595ee8b8..7ac1cb5c5a 100644
--- a/NetworkPkg/Application/IpsecConfig/Match.c
+++ b/NetworkPkg/Application/IpsecConfig/Match.c
@@ -91,7 +91,7 @@ MatchSpdEntry (
BOOLEAN
MatchSadEntry (
IN EFI_IPSEC_SA_ID *SaId,
- IN EFI_IPSEC_SA_DATA *Data,
+ IN EFI_IPSEC_SA_DATA2 *Data,
IN SAD_ENTRY_INDEXER *Indexer
)
{
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
index f128bee1ec..cc9f0b3121 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@@ -579,22 +579,22 @@ CreateSpdEntry (
}
/**
- Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list.
+ Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
@param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[out] Data The pointer to the EFI_IPSEC_SA_DATA structure.
+ @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] ParamPackage The pointer to the ParamPackage list.
@param[out] Mask The pointer to the Mask.
@param[in] CreateNew The switch to create new.
- @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully.
+ @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
@retval EFI_INVALID_PARAMETER Invalid user input parameter.
**/
EFI_STATUS
CreateSadEntry (
OUT EFI_IPSEC_SA_ID **SaId,
- OUT EFI_IPSEC_SA_DATA **Data,
+ OUT EFI_IPSEC_SA_DATA2 **Data,
IN LIST_ENTRY *ParamPackage,
OUT UINT32 *Mask,
IN BOOLEAN CreateNew
@@ -605,6 +605,7 @@ CreateSadEntry (
UINTN AuthKeyLength;
UINTN EncKeyLength;
CONST CHAR16 *ValueStr;
+ CHAR8 *AsciiStr;
UINTN DataSize;
Status = EFI_SUCCESS;
@@ -649,45 +650,22 @@ CreateSadEntry (
}
//
- // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
- //
- ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");
- if (ValueStr != NULL) {
- Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);
- if (EFI_ERROR (Status)) {
- ShellPrintHiiEx (
- -1,
- -1,
- NULL,
- STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
- mHiiHandle,
- mAppName,
- L"--dest",
- ValueStr
- );
- ReturnStatus = EFI_INVALID_PARAMETER;
- } else {
- *Mask |= DEST;
- }
- }
-
- //
- // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.
+ // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
if (ValueStr != NULL) {
- AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+ AuthKeyLength = StrLen (ValueStr);
}
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
if (ValueStr != NULL) {
- EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+ EncKeyLength = StrLen (ValueStr);
}
//
- // EFI_IPSEC_SA_DATA:
+ // EFI_IPSEC_SA_DATA2:
// +------------
- // | EFI_IPSEC_SA_DATA
+ // | EFI_IPSEC_SA_DATA2
// +-----------------------
// | AuthKey
// +-------------------------
@@ -697,7 +675,7 @@ CreateSadEntry (
//
// Notes: To make sure the address alignment add padding after each data if needed.
//
- DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA));
+ DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
@@ -805,7 +783,10 @@ CreateSadEntry (
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
if (ValueStr != NULL ) {
(*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength);
+ AsciiStr = AllocateZeroPool (EncKeyLength + 1);
+ UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+ CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
+ FreePool (AsciiStr);
*Mask |= ENCRYPT_KEY;
} else {
(*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
@@ -831,7 +812,10 @@ CreateSadEntry (
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
if (ValueStr != NULL) {
(*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
- CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength);
+ AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
+ UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+ CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
+ FreePool (AsciiStr);
*Mask |= AUTH_KEY;
} else {
(*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
@@ -905,10 +889,55 @@ CreateSadEntry (
ReturnStatus = EFI_INVALID_PARAMETER;
}
+ //
+ // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+ //
+ ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
+ if (ValueStr != NULL) {
+ Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
+ if (EFI_ERROR (Status)) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+ mHiiHandle,
+ mAppName,
+ L"--tunnel-dest",
+ ValueStr
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ } else {
+ *Mask |= DEST;
+ }
+ }
+
+ //
+ // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+ //
+ ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
+ if (ValueStr != NULL) {
+ Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
+ if (EFI_ERROR (Status)) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+ mHiiHandle,
+ mAppName,
+ L"--tunnel-source",
+ ValueStr
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ } else {
+ *Mask |= SOURCE;
+ }
+ }
ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
if (CreateNew) {
- if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) {
+ if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
ShellPrintHiiEx (
-1,
-1,
@@ -1178,7 +1207,7 @@ CreatePadEntry (
(*Data)->AuthData = NULL;
} else {
DataLength = AuthDataLength;
- Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
+ Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
ShellCloseFile (&FileHandle);
if (EFI_ERROR (Status)) {
ShellPrintHiiEx (
@@ -1475,9 +1504,9 @@ CombineSpdEntry (
Combine old SAD entry with new SAD entry.
@param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA structure.
+ @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
- @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA structure.
+ @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] Mask The pointer to the Mask.
@param[out] CreateNew The switch to create new.
@@ -1488,9 +1517,9 @@ CombineSpdEntry (
EFI_STATUS
CombineSadEntry (
IN OUT EFI_IPSEC_SA_ID *OldSaId,
- IN OUT EFI_IPSEC_SA_DATA *OldData,
+ IN OUT EFI_IPSEC_SA_DATA2 *OldData,
IN EFI_IPSEC_SA_ID *NewSaId,
- IN EFI_IPSEC_SA_DATA *NewData,
+ IN EFI_IPSEC_SA_DATA2 *NewData,
IN UINT32 Mask,
OUT BOOLEAN *CreateNew
)
@@ -1511,11 +1540,16 @@ CombineSadEntry (
}
if ((Mask & DEST) == 0) {
- CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS));
- } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+ CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
+ } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
*CreateNew = TRUE;
}
+ if ((Mask & SOURCE) == 0) {
+ CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
+ } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+ *CreateNew = TRUE;
+ }
//
// Process SA_DATA.
//
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
index 5161bacccb..7ae00b2092 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
@@ -46,6 +46,7 @@
#define AUTH_KEY BIT(27)
#define ENCRYPT_KEY BIT(28)
#define PATH_MTU BIT(29)
+#define SOURCE BIT(30)
#define PEER_ID BIT(0)
#define PEER_ADDRESS BIT(1)