From da7c529ca1c93071792745005aea5edf38669731 Mon Sep 17 00:00:00 2001 From: qianouyang Date: Thu, 8 Dec 2011 03:15:55 +0000 Subject: IpsecConfigApp add the check for the required options (--local, --remote, Auth-algo, Auth-key) for SAD adding. Signed-off-by: qianouyang Reviewed-by: czhan46 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12829 6f19259b-4bc3-4df7-8a09-765794883524 --- NetworkPkg/Application/IpsecConfig/Dump.c | 13 ++++---- .../Application/IpsecConfig/PolicyEntryOperation.c | 39 +++++++++++++++++++--- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c index 72d3bc5955..1a82a63df3 100644 --- a/NetworkPkg/Application/IpsecConfig/Dump.c +++ b/NetworkPkg/Application/IpsecConfig/Dump.c @@ -92,7 +92,7 @@ DumpBuf ( { UINTN Index; for (Index = 0; Index < Length; Index++) { - Print (L"%02x ", Data[Index]); + Print (L"%02x ", Data[Index]); } } @@ -457,12 +457,12 @@ DumpSadEntry ( // Print (L" Auth:%s/",AuthAlgoStr); DumpAsciiString ( - Data->AlgoInfo.EspAlgoInfo.AuthKey, + Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength ); Print (L"\n Encrypt:%s/",EncAlgoStr); DumpAsciiString ( - Data->AlgoInfo.EspAlgoInfo.EncKey, + Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength ); } else { @@ -472,13 +472,14 @@ DumpSadEntry ( // Print (L" Auth:%s/",AuthAlgoStr); DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength); - + Print (L"\n Encrypt:%s/",EncAlgoStr); - DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength); + DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength); } } + Print (L"\n"); if (Data->SpdSelector != NULL) { - Print (L"\n "); + Print (L" "); DumpSpdSelector (Data->SpdSelector); Print (L"\n"); } diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c index d8330bcce0..67209f6247 100644 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c +++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c @@ -913,7 +913,7 @@ CreateSadEntry ( } // - // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. + // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. // ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source"); if (ValueStr != NULL) { @@ -934,10 +934,28 @@ CreateSadEntry ( *Mask |= SOURCE; } } + + // + // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set + // + if ((*Data)->Mode == EfiIPsecTunnel) { + if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS), + mHiiHandle, + mAppName, + L"--tunnel-source --tunnel-dest" + ); + ReturnStatus = EFI_INVALID_PARAMETER; + } + } ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask); if (CreateNew) { - if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) { + if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) { ShellPrintHiiEx ( -1, -1, @@ -945,7 +963,7 @@ CreateSadEntry ( STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS), mHiiHandle, mAppName, - L"--spi --ipsec-proto --dest" + L"--spi --ipsec-proto --local --remote" ); ReturnStatus = EFI_INVALID_PARAMETER; } else { @@ -974,7 +992,7 @@ CreateSadEntry ( ReturnStatus = EFI_INVALID_PARAMETER; } } else { - if ((*Mask & ENCRYPT_ALGO) == 0) { + if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) { ShellPrintHiiEx ( -1, -1, @@ -982,7 +1000,7 @@ CreateSadEntry ( STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER), mHiiHandle, mAppName, - L"--encrypt-algo" + L"--encrypt-algo --auth-algo" ); ReturnStatus = EFI_INVALID_PARAMETER; } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) { @@ -996,6 +1014,17 @@ CreateSadEntry ( L"--encrypt-key" ); ReturnStatus = EFI_INVALID_PARAMETER; + } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER), + mHiiHandle, + mAppName, + L"--auth-key" + ); + ReturnStatus = EFI_INVALID_PARAMETER; } } } -- cgit v1.2.3