tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Ipsecconfig application. 

1. add the support of "--tunnel-dest" and "tunnel-source" parameters.
2. transfer to EFI_IPSEC_SA_DATA2.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11205 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qianouyang 2010-12-29 10:44:12 +00:00
parent e0ee9d9314
commit 64b2d0e5c0
5 changed files with 125 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
NetworkPkg/Application/IpsecConfig/Dump.c
View File

@ -347,10 +347,10 @@ DumpSpdEntry (
} }
/** /**
Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA content. Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
@param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure. @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
@param[in] Data The pointer to the EFI_IPSEC_SA_DATA structure. @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] EntryIndex The pointer to the Index in the SAD Database. @param[in] EntryIndex The pointer to the Index in the SAD Database.
@retval EFI_SUCCESS Dump SAD information successfully. @retval EFI_SUCCESS Dump SAD information successfully.
@ -358,13 +358,20 @@ DumpSpdEntry (
EFI_STATUS EFI_STATUS
DumpSadEntry ( DumpSadEntry (
IN EFI_IPSEC_SA_ID *SaId, IN EFI_IPSEC_SA_ID *SaId,
IN EFI_IPSEC_SA_DATA *Data, IN EFI_IPSEC_SA_DATA2 *Data,
IN UINTN *EntryIndex IN UINTN *EntryIndex
) )
{ {
BOOLEAN HasPre; BOOLEAN HasPre;
CHAR16 *String1; CHAR16 *AuthAlgoStr;
CHAR16 *String2; CHAR16 *EncAlgoStr;
CHAR8 *AuthKeyAsciiStr;
CHAR8 *EncKeyAsciiStr;
AuthAlgoStr = NULL;
EncAlgoStr = NULL;
AuthKeyAsciiStr = NULL;
EncKeyAsciiStr = NULL;
// //
// SPI:1234 ESP Destination:xxx.xxx.xxx.xxx // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
@ -375,9 +382,14 @@ DumpSadEntry (
Print (L"%d.", (*EntryIndex)++); Print (L"%d.", (*EntryIndex)++);
Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol)); Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
Print (L"Destination:"); if (Data->Mode == EfiIPsecTunnel) {
DumpIpAddress (&SaId->DestAddress); Print (L"TunnelSourceAddress:");
DumpIpAddress (&Data->TunnelSourceAddress);
Print (L"\n"); Print (L"\n");
Print (L"TunnelDestination:");
DumpIpAddress (&Data->TunnelDestinationAddress);
Print (L"\n");
}
Print ( Print (
L" Mode:%s SeqNum:%lx AntiReplayWin:%d ", L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
@ -418,15 +430,29 @@ DumpSadEntry (
Data->AlgoInfo.AhAlgoInfo.AuthKey Data->AlgoInfo.AhAlgoInfo.AuthKey
); );
} else { } else {
String1 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo); AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
String2 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo); EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
AuthKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1);
ASSERT (AuthKeyAsciiStr != NULL);
CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0';
EncKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1);
ASSERT (EncKeyAsciiStr != NULL) ;
CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0';
Print ( Print (
L" Auth:%s/%s Encrypt:%s/%s\n", L" Auth:%s/%a Encrypt:%s/%a\n",
String1, AuthAlgoStr,
Data->AlgoInfo.EspAlgoInfo.AuthKey, AuthKeyAsciiStr,
String2, EncAlgoStr,
Data->AlgoInfo.EspAlgoInfo.EncKey EncKeyAsciiStr
); );
FreePool (AuthKeyAsciiStr);
FreePool (EncKeyAsciiStr);
} }
if (Data->SpdSelector != NULL) { if (Data->SpdSelector != NULL) {

6
NetworkPkg/Application/IpsecConfig/IpSecConfig.c
View File

@ -82,7 +82,8 @@ SHELL_PARAM_ITEM mIpSecConfigParamList[] = {
// --ipsec-proto // --ipsec-proto
// //
{ L"--spi", TypeValue }, { L"--spi", TypeValue },
{ L"--dest", TypeValue }, { L"--tunnel-dest", TypeValue },
{ L"--tunnel-source", TypeValue },
{ L"--lookup-spi", TypeValue }, { L"--lookup-spi", TypeValue },
{ L"--lookup-ipsec-proto", TypeValue }, { L"--lookup-ipsec-proto", TypeValue },
{ L"--lookup-dest", TypeValue }, { L"--lookup-dest", TypeValue },
@ -292,7 +293,8 @@ VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {
// --ipsec-proto // --ipsec-proto
// //
{ L"--spi", 0, 0, BIT(1), 0 }, { L"--spi", 0, 0, BIT(1), 0 },
{ L"--dest", 0, 0, BIT(1), 0 }, { L"--tunnel-dest", 0, 0, BIT(1), 0 },
{ L"--tunnel-source", 0, 0, BIT(1), 0 },
{ L"--lookup-spi", 0, 0, BIT(1), 0 }, { L"--lookup-spi", 0, 0, BIT(1), 0 },
{ L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 }, { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },
{ L"--lookup-dest", 0, 0, BIT(1), 0 }, { L"--lookup-dest", 0, 0, BIT(1), 0 },

2
NetworkPkg/Application/IpsecConfig/Match.c
View File

@ -91,7 +91,7 @@ MatchSpdEntry (
BOOLEAN BOOLEAN
MatchSadEntry ( MatchSadEntry (
IN EFI_IPSEC_SA_ID *SaId, IN EFI_IPSEC_SA_ID *SaId,
IN EFI_IPSEC_SA_DATA *Data, IN EFI_IPSEC_SA_DATA2 *Data,
IN SAD_ENTRY_INDEXER *Indexer IN SAD_ENTRY_INDEXER *Indexer
) )
{ {

118
NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
View File

@ -579,22 +579,22 @@ CreateSpdEntry (
} }
/** /**
Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list. Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
@param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure. @param[out] SaId The pointer to the EFI_IPSEC_SA_ID structure.
@param[out] Data The pointer to the EFI_IPSEC_SA_DATA structure. @param[out] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] ParamPackage The pointer to the ParamPackage list. @param[in] ParamPackage The pointer to the ParamPackage list.
@param[out] Mask The pointer to the Mask. @param[out] Mask The pointer to the Mask.
@param[in] CreateNew The switch to create new. @param[in] CreateNew The switch to create new.
@retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully. @retval EFI_SUCCESS Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
@retval EFI_INVALID_PARAMETER Invalid user input parameter. @retval EFI_INVALID_PARAMETER Invalid user input parameter.
**/ **/
EFI_STATUS EFI_STATUS
CreateSadEntry ( CreateSadEntry (
OUT EFI_IPSEC_SA_ID **SaId, OUT EFI_IPSEC_SA_ID **SaId,
OUT EFI_IPSEC_SA_DATA **Data, OUT EFI_IPSEC_SA_DATA2 **Data,
IN LIST_ENTRY *ParamPackage, IN LIST_ENTRY *ParamPackage,
OUT UINT32 *Mask, OUT UINT32 *Mask,
IN BOOLEAN CreateNew IN BOOLEAN CreateNew
@ -605,6 +605,7 @@ CreateSadEntry (
UINTN AuthKeyLength; UINTN AuthKeyLength;
UINTN EncKeyLength; UINTN EncKeyLength;
CONST CHAR16 *ValueStr; CONST CHAR16 *ValueStr;
CHAR8 *AsciiStr;
UINTN DataSize; UINTN DataSize;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -649,45 +650,22 @@ CreateSadEntry (
} }
// //
// Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");
if (ValueStr != NULL) {
Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);
if (EFI_ERROR (Status)) {
ShellPrintHiiEx (
-1,
-1,
NULL,
STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
mHiiHandle,
mAppName,
L"--dest",
ValueStr
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else {
*Mask |= DEST;
}
}
//
// Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.
// //
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key"); ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
if (ValueStr != NULL) { if (ValueStr != NULL) {
AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16); AuthKeyLength = StrLen (ValueStr);
} }
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key"); ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
if (ValueStr != NULL) { if (ValueStr != NULL) {
EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16); EncKeyLength = StrLen (ValueStr);
} }
// //
// EFI_IPSEC_SA_DATA: // EFI_IPSEC_SA_DATA2:
// +------------ // +------------
// | EFI_IPSEC_SA_DATA // | EFI_IPSEC_SA_DATA2
// +----------------------- // +-----------------------
// | AuthKey // | AuthKey
// +------------------------- // +-------------------------
@ -697,7 +675,7 @@ CreateSadEntry (
// //
// Notes: To make sure the address alignment add padding after each data if needed. // Notes: To make sure the address alignment add padding after each data if needed.
// //
DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA)); DataSize = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength); DataSize = ALIGN_VARIABLE (DataSize + AuthKeyLength);
DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength); DataSize = ALIGN_VARIABLE (DataSize + EncKeyLength);
DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR)); DataSize = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
@ -805,7 +783,10 @@ CreateSadEntry (
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key"); ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
if (ValueStr != NULL ) { if (ValueStr != NULL ) {
(*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength; (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength); AsciiStr = AllocateZeroPool (EncKeyLength + 1);
UnicodeStrToAsciiStr (ValueStr, AsciiStr);
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
FreePool (AsciiStr);
*Mask |= ENCRYPT_KEY; *Mask |= ENCRYPT_KEY;
} else { } else {
(*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL; (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
@ -831,7 +812,10 @@ CreateSadEntry (
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key"); ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
if (ValueStr != NULL) { if (ValueStr != NULL) {
(*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength; (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength); AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
UnicodeStrToAsciiStr (ValueStr, AsciiStr);
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
FreePool (AsciiStr);
*Mask |= AUTH_KEY; *Mask |= AUTH_KEY;
} else { } else {
(*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL; (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
@ -905,10 +889,55 @@ CreateSadEntry (
ReturnStatus = EFI_INVALID_PARAMETER; ReturnStatus = EFI_INVALID_PARAMETER;
} }
//
// Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
if (ValueStr != NULL) {
Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
if (EFI_ERROR (Status)) {
ShellPrintHiiEx (
-1,
-1,
NULL,
STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
mHiiHandle,
mAppName,
L"--tunnel-dest",
ValueStr
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else {
*Mask |= DEST;
}
}
//
// Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
if (ValueStr != NULL) {
Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
if (EFI_ERROR (Status)) {
ShellPrintHiiEx (
-1,
-1,
NULL,
STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
mHiiHandle,
mAppName,
L"--tunnel-source",
ValueStr
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else {
*Mask |= SOURCE;
}
}
ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask); ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
if (CreateNew) { if (CreateNew) {
if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) { if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
ShellPrintHiiEx ( ShellPrintHiiEx (
-1, -1,
-1, -1,
@ -1475,9 +1504,9 @@ CombineSpdEntry (
Combine old SAD entry with new SAD entry. Combine old SAD entry with new SAD entry.
@param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure. @param[in, out] OldSaId The pointer to the EFI_IPSEC_SA_ID structure.
@param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA structure. @param[in, out] OldData The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure. @param[in] NewSaId The pointer to the EFI_IPSEC_SA_ID structure.
@param[in] NewData The pointer to the EFI_IPSEC_SA_DATA structure. @param[in] NewData The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] Mask The pointer to the Mask. @param[in] Mask The pointer to the Mask.
@param[out] CreateNew The switch to create new. @param[out] CreateNew The switch to create new.
@ -1488,9 +1517,9 @@ CombineSpdEntry (
EFI_STATUS EFI_STATUS
CombineSadEntry ( CombineSadEntry (
IN OUT EFI_IPSEC_SA_ID *OldSaId, IN OUT EFI_IPSEC_SA_ID *OldSaId,
IN OUT EFI_IPSEC_SA_DATA *OldData, IN OUT EFI_IPSEC_SA_DATA2 *OldData,
IN EFI_IPSEC_SA_ID *NewSaId, IN EFI_IPSEC_SA_ID *NewSaId,
IN EFI_IPSEC_SA_DATA *NewData, IN EFI_IPSEC_SA_DATA2 *NewData,
IN UINT32 Mask, IN UINT32 Mask,
OUT BOOLEAN *CreateNew OUT BOOLEAN *CreateNew
) )
@ -1511,11 +1540,16 @@ CombineSadEntry (
} }
if ((Mask & DEST) == 0) { if ((Mask & DEST) == 0) {
CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)); CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
} else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) { } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
*CreateNew = TRUE; *CreateNew = TRUE;
} }
if ((Mask & SOURCE) == 0) {
CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
} else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
*CreateNew = TRUE;
}
// //
// Process SA_DATA. // Process SA_DATA.
// //

1
NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
View File

@ -46,6 +46,7 @@
#define AUTH_KEY BIT(27) #define AUTH_KEY BIT(27)
#define ENCRYPT_KEY BIT(28) #define ENCRYPT_KEY BIT(28)
#define PATH_MTU BIT(29) #define PATH_MTU BIT(29)
#define SOURCE BIT(30)
#define PEER_ID BIT(0) #define PEER_ID BIT(0)
#define PEER_ADDRESS BIT(1) #define PEER_ADDRESS BIT(1)