Update Ipsecconfig application.

1. add the support of "--tunnel-dest" and "tunnel-source" parameters. 2. transfer to EFI_IPSEC_SA_DATA2. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11205 6f19259b-4bc3-4df7-8a09-765794883524
2010-12-29 10:44:12 +00:00 · 2010-12-29 10:44:12 +00:00 · 64b2d0e5c0
parent e0ee9d9314
commit 64b2d0e5c0
5 changed files with 125 additions and 62 deletions
--- a/NetworkPkg/Application/IpsecConfig/Dump.c
+++ b/NetworkPkg/Application/IpsecConfig/Dump.c
@ -347,10 +347,10 @@ DumpSpdEntry (
 }

 /**
-  Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA content.
+  Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.

  @param[in] SaId          The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in] Data          The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in] Data          The pointer to the EFI_IPSEC_SA_DATA2 structure.
  @param[in] EntryIndex    The pointer to the Index in the SAD Database.

  @retval EFI_SUCCESS    Dump SAD information successfully.
@ -358,13 +358,20 @@ DumpSpdEntry (
 EFI_STATUS
 DumpSadEntry (
  IN EFI_IPSEC_SA_ID      *SaId,
-  IN EFI_IPSEC_SA_DATA    *Data,
+  IN EFI_IPSEC_SA_DATA2   *Data,
  IN UINTN                *EntryIndex
  )
 {
  BOOLEAN    HasPre;
-  CHAR16     *String1;
-  CHAR16     *String2;
+  CHAR16     *AuthAlgoStr;
+  CHAR16     *EncAlgoStr;
+  CHAR8      *AuthKeyAsciiStr;
+  CHAR8      *EncKeyAsciiStr;
+
+  AuthAlgoStr      = NULL;
+  EncAlgoStr       = NULL;
+  AuthKeyAsciiStr  = NULL;
+  EncKeyAsciiStr   = NULL;

  //
  // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
@ -375,9 +382,14 @@ DumpSadEntry (

  Print (L"%d.", (*EntryIndex)++);
  Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
-  Print (L"Destination:");
-  DumpIpAddress (&SaId->DestAddress);
-  Print (L"\n");
+  if (Data->Mode == EfiIPsecTunnel) {
+    Print (L"TunnelSourceAddress:");
+    DumpIpAddress (&Data->TunnelSourceAddress);
+    Print (L"\n");
+    Print (L"TunnelDestination:");
+    DumpIpAddress (&Data->TunnelDestinationAddress);
+    Print (L"\n");
+  }

  Print (
    L"  Mode:%s SeqNum:%lx AntiReplayWin:%d ",
@ -418,15 +430,29 @@ DumpSadEntry (
      Data->AlgoInfo.AhAlgoInfo.AuthKey
      );
  } else {
-    String1 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
-    String2 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+    AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
+    EncAlgoStr  = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+
+    AuthKeyAsciiStr    = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1);
+    ASSERT (AuthKeyAsciiStr != NULL);
+    CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
+    AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0';
+
+    EncKeyAsciiStr  = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1);
+    ASSERT (EncKeyAsciiStr != NULL) ;
+    CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
+    EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0';
+
    Print (
-      L"  Auth:%s/%s Encrypt:%s/%s\n",
-      String1,
-      Data->AlgoInfo.EspAlgoInfo.AuthKey,
-      String2,
-      Data->AlgoInfo.EspAlgoInfo.EncKey
+      L"  Auth:%s/%a Encrypt:%s/%a\n",
+      AuthAlgoStr,      
+      AuthKeyAsciiStr,
+      EncAlgoStr,
+      EncKeyAsciiStr
      );
+ 
+    FreePool (AuthKeyAsciiStr);
+    FreePool (EncKeyAsciiStr);
  }

  if (Data->SpdSelector != NULL) {
--- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
+++ b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
@ -82,7 +82,8 @@ SHELL_PARAM_ITEM    mIpSecConfigParamList[] = {
  // --ipsec-proto
  //
  { L"--spi",                 TypeValue },
-  { L"--dest",                TypeValue },
+  { L"--tunnel-dest",         TypeValue },
+  { L"--tunnel-source",       TypeValue },
  { L"--lookup-spi",          TypeValue },
  { L"--lookup-ipsec-proto",  TypeValue },
  { L"--lookup-dest",         TypeValue },
@ -292,7 +293,8 @@ VAR_CHECK_ITEM    mIpSecConfigVarCheckList[] = {
  // --ipsec-proto
  //
  { L"--spi",                0,              0,       BIT(1),               0 },
-  { L"--dest",               0,              0,       BIT(1),               0 },
+  { L"--tunnel-dest",        0,              0,       BIT(1),               0 },
+  { L"--tunnel-source",      0,              0,       BIT(1),               0 },
  { L"--lookup-spi",         0,              0,       BIT(1),               0 },
  { L"--lookup-ipsec-proto", 0,              0,       BIT(1),               0 },
  { L"--lookup-dest",        0,              0,       BIT(1),               0 },
@ -548,7 +550,7 @@ IpSecConfigRetriveCheckListByName (
  for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
    if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
      //
-	  // Enumerate the check list that defines the conflicted attributes of each flag.
+      // Enumerate the check list that defines the conflicted attributes of each flag.
      //
      for (; Item->VarName != NULL; Item++) {
        if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
--- a/NetworkPkg/Application/IpsecConfig/Match.c
+++ b/NetworkPkg/Application/IpsecConfig/Match.c
@ -91,7 +91,7 @@ MatchSpdEntry (
 BOOLEAN
 MatchSadEntry (
  IN EFI_IPSEC_SA_ID      *SaId,
-  IN EFI_IPSEC_SA_DATA    *Data,
+  IN EFI_IPSEC_SA_DATA2   *Data,
  IN SAD_ENTRY_INDEXER    *Indexer
  )
 {
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@ -579,22 +579,22 @@ CreateSpdEntry (
 }

 /**
-  Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list.
+  Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.

  @param[out] SaId            The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[out] Data            The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[out] Data            The pointer to the EFI_IPSEC_SA_DATA2 structure.
  @param[in]  ParamPackage    The pointer to the ParamPackage list.
  @param[out] Mask            The pointer to the Mask.
  @param[in]  CreateNew       The switch to create new.

-  @retval EFI_SUCCESS              Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully.
+  @retval EFI_SUCCESS              Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
  @retval EFI_INVALID_PARAMETER    Invalid user input parameter.

 **/
 EFI_STATUS
 CreateSadEntry (
  OUT EFI_IPSEC_SA_ID      **SaId,
-  OUT EFI_IPSEC_SA_DATA    **Data,
+  OUT EFI_IPSEC_SA_DATA2   **Data,
  IN  LIST_ENTRY           *ParamPackage,
  OUT UINT32               *Mask,
  IN  BOOLEAN              CreateNew
@ -605,6 +605,7 @@ CreateSadEntry (
  UINTN           AuthKeyLength;
  UINTN           EncKeyLength;
  CONST CHAR16    *ValueStr;
+  CHAR8           *AsciiStr;
  UINTN           DataSize;

  Status        = EFI_SUCCESS;
@ -649,45 +650,22 @@ CreateSadEntry (
  }

  //
-  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
-  //
-  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");
-  if (ValueStr != NULL) {
-    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);
-    if (EFI_ERROR (Status)) {
-      ShellPrintHiiEx (
-        -1,
-        -1,
-        NULL,
-        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
-        mHiiHandle,
-        mAppName,
-        L"--dest",
-        ValueStr
-        );
-      ReturnStatus = EFI_INVALID_PARAMETER;
-    } else {
-      *Mask |= DEST;
-    }
-  }
-
-  //
-  // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.
+  // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
  //
  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
  if (ValueStr != NULL) {
-    AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+    AuthKeyLength = StrLen (ValueStr);
  }

  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
  if (ValueStr != NULL) {
-    EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+    EncKeyLength = StrLen (ValueStr);
  }

  //
-  // EFI_IPSEC_SA_DATA:
+  // EFI_IPSEC_SA_DATA2:
  //   +------------
-  //   | EFI_IPSEC_SA_DATA
+  //   | EFI_IPSEC_SA_DATA2
  //   +-----------------------
  //   | AuthKey
  //   +-------------------------
@ -697,7 +675,7 @@ CreateSadEntry (
  //
  // Notes: To make sure the address alignment add padding after each data if needed.
  //
-  DataSize  = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA));
+  DataSize  = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
  DataSize  = ALIGN_VARIABLE (DataSize + AuthKeyLength);
  DataSize  = ALIGN_VARIABLE (DataSize + EncKeyLength);
  DataSize  = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
@ -805,7 +783,10 @@ CreateSadEntry (
  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
  if (ValueStr != NULL ) {
    (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
-    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength);
+    AsciiStr = AllocateZeroPool (EncKeyLength + 1);
+    UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey,  AsciiStr, EncKeyLength);
+    FreePool (AsciiStr);
    *Mask |= ENCRYPT_KEY;
  } else {
    (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
@ -831,7 +812,10 @@ CreateSadEntry (
  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
  if (ValueStr != NULL) {
    (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
-    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength);
+    AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
+    UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
+    FreePool (AsciiStr);
    *Mask |= AUTH_KEY;
  } else {
    (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
@ -905,10 +889,55 @@ CreateSadEntry (
    ReturnStatus = EFI_INVALID_PARAMETER;
  }

+  //
+  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+  //
+  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
+  if (ValueStr != NULL) {
+    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
+    if (EFI_ERROR (Status)) {
+      ShellPrintHiiEx (
+        -1,
+        -1,
+        NULL,
+        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+        mHiiHandle,
+        mAppName,
+        L"--tunnel-dest",
+        ValueStr
+        );
+      ReturnStatus = EFI_INVALID_PARAMETER;
+    } else {
+      *Mask |= DEST;
+    }
+  }
+
+  //
+  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+  //
+  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
+  if (ValueStr != NULL) {
+    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
+    if (EFI_ERROR (Status)) {
+      ShellPrintHiiEx (
+        -1,
+        -1,
+        NULL,
+        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+        mHiiHandle,
+        mAppName,
+        L"--tunnel-source",
+        ValueStr
+        );
+      ReturnStatus = EFI_INVALID_PARAMETER;
+    } else {
+      *Mask |= SOURCE;
+    }
+  }
  ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);

  if (CreateNew) {
-    if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) {
+    if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
      ShellPrintHiiEx (
        -1,
        -1,
@ -1178,7 +1207,7 @@ CreatePadEntry (
        (*Data)->AuthData = NULL;
      } else {
        DataLength = AuthDataLength;
-        Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
+        Status     = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
        ShellCloseFile (&FileHandle);
        if (EFI_ERROR (Status)) {
          ShellPrintHiiEx (
@ -1475,9 +1504,9 @@ CombineSpdEntry (
  Combine old SAD entry with new SAD entry.

  @param[in, out] OldSaId      The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in, out] OldData      The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in, out] OldData      The pointer to the EFI_IPSEC_SA_DATA2 structure.
  @param[in]      NewSaId      The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in]      NewData      The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in]      NewData      The pointer to the EFI_IPSEC_SA_DATA2 structure.
  @param[in]      Mask         The pointer to the Mask.
  @param[out]     CreateNew    The switch to create new.

@ -1488,9 +1517,9 @@ CombineSpdEntry (
 EFI_STATUS
 CombineSadEntry (
  IN OUT EFI_IPSEC_SA_ID      *OldSaId,
-  IN OUT EFI_IPSEC_SA_DATA    *OldData,
+  IN OUT EFI_IPSEC_SA_DATA2    *OldData,
  IN     EFI_IPSEC_SA_ID      *NewSaId,
-  IN     EFI_IPSEC_SA_DATA    *NewData,
+  IN     EFI_IPSEC_SA_DATA2    *NewData,
  IN     UINT32               Mask,
     OUT BOOLEAN              *CreateNew
  )
@ -1511,11 +1540,16 @@ CombineSadEntry (
  }

  if ((Mask & DEST) == 0) {
-    CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS));
-  } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+    CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
+  } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
    *CreateNew = TRUE;
  }

+  if ((Mask & SOURCE) == 0) {
+    CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
+  } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+    *CreateNew = TRUE;
+  }
  //
  // Process SA_DATA.
  //
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
@ -46,6 +46,7 @@
 #define AUTH_KEY           BIT(27)
 #define ENCRYPT_KEY        BIT(28)
 #define PATH_MTU           BIT(29)
+#define SOURCE             BIT(30)

 #define PEER_ID            BIT(0)
 #define PEER_ADDRESS       BIT(1)