diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c index 004ab1089c..f467f94afb 100644 --- a/NetworkPkg/Application/IpsecConfig/Dump.c +++ b/NetworkPkg/Application/IpsecConfig/Dump.c @@ -347,10 +347,10 @@ DumpSpdEntry ( } /** - Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA content. + Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content. @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure. - @param[in] Data The pointer to the EFI_IPSEC_SA_DATA structure. + @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure. @param[in] EntryIndex The pointer to the Index in the SAD Database. @retval EFI_SUCCESS Dump SAD information successfully. @@ -358,13 +358,20 @@ DumpSpdEntry ( EFI_STATUS DumpSadEntry ( IN EFI_IPSEC_SA_ID *SaId, - IN EFI_IPSEC_SA_DATA *Data, + IN EFI_IPSEC_SA_DATA2 *Data, IN UINTN *EntryIndex ) { BOOLEAN HasPre; - CHAR16 *String1; - CHAR16 *String2; + CHAR16 *AuthAlgoStr; + CHAR16 *EncAlgoStr; + CHAR8 *AuthKeyAsciiStr; + CHAR8 *EncKeyAsciiStr; + + AuthAlgoStr = NULL; + EncAlgoStr = NULL; + AuthKeyAsciiStr = NULL; + EncKeyAsciiStr = NULL; // // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx @@ -375,9 +382,14 @@ DumpSadEntry ( Print (L"%d.", (*EntryIndex)++); Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol)); - Print (L"Destination:"); - DumpIpAddress (&SaId->DestAddress); - Print (L"\n"); + if (Data->Mode == EfiIPsecTunnel) { + Print (L"TunnelSourceAddress:"); + DumpIpAddress (&Data->TunnelSourceAddress); + Print (L"\n"); + Print (L"TunnelDestination:"); + DumpIpAddress (&Data->TunnelDestinationAddress); + Print (L"\n"); + } Print ( L" Mode:%s SeqNum:%lx AntiReplayWin:%d ", @@ -418,15 +430,29 @@ DumpSadEntry ( Data->AlgoInfo.AhAlgoInfo.AuthKey ); } else { - String1 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo); - String2 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo); + AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo); + EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo); + + AuthKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1); + ASSERT (AuthKeyAsciiStr != NULL); + CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength); + AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0'; + + EncKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1); + ASSERT (EncKeyAsciiStr != NULL) ; + CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength); + EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0'; + Print ( - L" Auth:%s/%s Encrypt:%s/%s\n", - String1, - Data->AlgoInfo.EspAlgoInfo.AuthKey, - String2, - Data->AlgoInfo.EspAlgoInfo.EncKey + L" Auth:%s/%a Encrypt:%s/%a\n", + AuthAlgoStr, + AuthKeyAsciiStr, + EncAlgoStr, + EncKeyAsciiStr ); + + FreePool (AuthKeyAsciiStr); + FreePool (EncKeyAsciiStr); } if (Data->SpdSelector != NULL) { diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c index 3554355bd7..1e63bc9622 100644 --- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c +++ b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c @@ -82,7 +82,8 @@ SHELL_PARAM_ITEM mIpSecConfigParamList[] = { // --ipsec-proto // { L"--spi", TypeValue }, - { L"--dest", TypeValue }, + { L"--tunnel-dest", TypeValue }, + { L"--tunnel-source", TypeValue }, { L"--lookup-spi", TypeValue }, { L"--lookup-ipsec-proto", TypeValue }, { L"--lookup-dest", TypeValue }, @@ -292,7 +293,8 @@ VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = { // --ipsec-proto // { L"--spi", 0, 0, BIT(1), 0 }, - { L"--dest", 0, 0, BIT(1), 0 }, + { L"--tunnel-dest", 0, 0, BIT(1), 0 }, + { L"--tunnel-source", 0, 0, BIT(1), 0 }, { L"--lookup-spi", 0, 0, BIT(1), 0 }, { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 }, { L"--lookup-dest", 0, 0, BIT(1), 0 }, @@ -548,7 +550,7 @@ IpSecConfigRetriveCheckListByName ( for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) { if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) { // - // Enumerate the check list that defines the conflicted attributes of each flag. + // Enumerate the check list that defines the conflicted attributes of each flag. // for (; Item->VarName != NULL; Item++) { if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) { diff --git a/NetworkPkg/Application/IpsecConfig/Match.c b/NetworkPkg/Application/IpsecConfig/Match.c index d6595ee8b8..7ac1cb5c5a 100644 --- a/NetworkPkg/Application/IpsecConfig/Match.c +++ b/NetworkPkg/Application/IpsecConfig/Match.c @@ -91,7 +91,7 @@ MatchSpdEntry ( BOOLEAN MatchSadEntry ( IN EFI_IPSEC_SA_ID *SaId, - IN EFI_IPSEC_SA_DATA *Data, + IN EFI_IPSEC_SA_DATA2 *Data, IN SAD_ENTRY_INDEXER *Indexer ) { diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c index f128bee1ec..cc9f0b3121 100644 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c +++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c @@ -579,22 +579,22 @@ CreateSpdEntry ( } /** - Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list. + Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list. @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure. - @param[out] Data The pointer to the EFI_IPSEC_SA_DATA structure. + @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure. @param[in] ParamPackage The pointer to the ParamPackage list. @param[out] Mask The pointer to the Mask. @param[in] CreateNew The switch to create new. - @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully. + @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully. @retval EFI_INVALID_PARAMETER Invalid user input parameter. **/ EFI_STATUS CreateSadEntry ( OUT EFI_IPSEC_SA_ID **SaId, - OUT EFI_IPSEC_SA_DATA **Data, + OUT EFI_IPSEC_SA_DATA2 **Data, IN LIST_ENTRY *ParamPackage, OUT UINT32 *Mask, IN BOOLEAN CreateNew @@ -605,6 +605,7 @@ CreateSadEntry ( UINTN AuthKeyLength; UINTN EncKeyLength; CONST CHAR16 *ValueStr; + CHAR8 *AsciiStr; UINTN DataSize; Status = EFI_SUCCESS; @@ -649,45 +650,22 @@ CreateSadEntry ( } // - // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. - // - ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest"); - if (ValueStr != NULL) { - Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress); - if (EFI_ERROR (Status)) { - ShellPrintHiiEx ( - -1, - -1, - NULL, - STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE), - mHiiHandle, - mAppName, - L"--dest", - ValueStr - ); - ReturnStatus = EFI_INVALID_PARAMETER; - } else { - *Mask |= DEST; - } - } - - // - // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA. + // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2. // ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key"); if (ValueStr != NULL) { - AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16); + AuthKeyLength = StrLen (ValueStr); } ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key"); if (ValueStr != NULL) { - EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16); + EncKeyLength = StrLen (ValueStr); } // - // EFI_IPSEC_SA_DATA: + // EFI_IPSEC_SA_DATA2: // +------------ - // | EFI_IPSEC_SA_DATA + // | EFI_IPSEC_SA_DATA2 // +----------------------- // | AuthKey // +------------------------- @@ -697,7 +675,7 @@ CreateSadEntry ( // // Notes: To make sure the address alignment add padding after each data if needed. // - DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA)); + DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2)); DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength); DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength); DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR)); @@ -805,7 +783,10 @@ CreateSadEntry ( ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key"); if (ValueStr != NULL ) { (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength; - CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength); + AsciiStr = AllocateZeroPool (EncKeyLength + 1); + UnicodeStrToAsciiStr (ValueStr, AsciiStr); + CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength); + FreePool (AsciiStr); *Mask |= ENCRYPT_KEY; } else { (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL; @@ -831,7 +812,10 @@ CreateSadEntry ( ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key"); if (ValueStr != NULL) { (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength; - CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength); + AsciiStr = AllocateZeroPool (AuthKeyLength + 1); + UnicodeStrToAsciiStr (ValueStr, AsciiStr); + CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength); + FreePool (AsciiStr); *Mask |= AUTH_KEY; } else { (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL; @@ -905,10 +889,55 @@ CreateSadEntry ( ReturnStatus = EFI_INVALID_PARAMETER; } + // + // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. + // + ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest"); + if (ValueStr != NULL) { + Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress); + if (EFI_ERROR (Status)) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE), + mHiiHandle, + mAppName, + L"--tunnel-dest", + ValueStr + ); + ReturnStatus = EFI_INVALID_PARAMETER; + } else { + *Mask |= DEST; + } + } + + // + // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. + // + ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source"); + if (ValueStr != NULL) { + Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress); + if (EFI_ERROR (Status)) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE), + mHiiHandle, + mAppName, + L"--tunnel-source", + ValueStr + ); + ReturnStatus = EFI_INVALID_PARAMETER; + } else { + *Mask |= SOURCE; + } + } ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask); if (CreateNew) { - if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) { + if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) { ShellPrintHiiEx ( -1, -1, @@ -1178,7 +1207,7 @@ CreatePadEntry ( (*Data)->AuthData = NULL; } else { DataLength = AuthDataLength; - Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData); + Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData); ShellCloseFile (&FileHandle); if (EFI_ERROR (Status)) { ShellPrintHiiEx ( @@ -1475,9 +1504,9 @@ CombineSpdEntry ( Combine old SAD entry with new SAD entry. @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure. - @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA structure. + @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure. @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure. - @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA structure. + @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure. @param[in] Mask The pointer to the Mask. @param[out] CreateNew The switch to create new. @@ -1488,9 +1517,9 @@ CombineSpdEntry ( EFI_STATUS CombineSadEntry ( IN OUT EFI_IPSEC_SA_ID *OldSaId, - IN OUT EFI_IPSEC_SA_DATA *OldData, + IN OUT EFI_IPSEC_SA_DATA2 *OldData, IN EFI_IPSEC_SA_ID *NewSaId, - IN EFI_IPSEC_SA_DATA *NewData, + IN EFI_IPSEC_SA_DATA2 *NewData, IN UINT32 Mask, OUT BOOLEAN *CreateNew ) @@ -1511,11 +1540,16 @@ CombineSadEntry ( } if ((Mask & DEST) == 0) { - CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)); - } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) { + CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)); + } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) { *CreateNew = TRUE; } + if ((Mask & SOURCE) == 0) { + CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)); + } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) { + *CreateNew = TRUE; + } // // Process SA_DATA. // diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h index 5161bacccb..7ae00b2092 100644 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h +++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h @@ -46,6 +46,7 @@ #define AUTH_KEY BIT(27) #define ENCRYPT_KEY BIT(28) #define PATH_MTU BIT(29) +#define SOURCE BIT(30) #define PEER_ID BIT(0) #define PEER_ADDRESS BIT(1)