From: qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed, 29 Dec 2010 10:44:12 +0000 (+0000)
Subject: Update Ipsecconfig application.
X-Git-Tag: edk2-stable201903~15270
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=64b2d0e5c0d58c9276e458f70caf731f3328f822

Update Ipsecconfig application.
1. add the support of "--tunnel-dest" and "tunnel-source" parameters.
2. transfer to EFI_IPSEC_SA_DATA2.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11205 6f19259b-4bc3-4df7-8a09-765794883524
---

diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c
index 004ab1089c..f467f94afb 100644
--- a/NetworkPkg/Application/IpsecConfig/Dump.c
+++ b/NetworkPkg/Application/IpsecConfig/Dump.c
@@ -347,10 +347,10 @@ DumpSpdEntry (
 }
 
 /**
-  Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA content.
+  Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
 
   @param[in] SaId          The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in] Data          The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in] Data          The pointer to the EFI_IPSEC_SA_DATA2 structure.
   @param[in] EntryIndex    The pointer to the Index in the SAD Database.
 
   @retval EFI_SUCCESS    Dump SAD information successfully.
@@ -358,13 +358,20 @@ DumpSpdEntry (
 EFI_STATUS
 DumpSadEntry (
   IN EFI_IPSEC_SA_ID      *SaId,
-  IN EFI_IPSEC_SA_DATA    *Data,
+  IN EFI_IPSEC_SA_DATA2   *Data,
   IN UINTN                *EntryIndex
   )
 {
   BOOLEAN    HasPre;
-  CHAR16     *String1;
-  CHAR16     *String2;
+  CHAR16     *AuthAlgoStr;
+  CHAR16     *EncAlgoStr;
+  CHAR8      *AuthKeyAsciiStr;
+  CHAR8      *EncKeyAsciiStr;
+
+  AuthAlgoStr      = NULL;
+  EncAlgoStr       = NULL;
+  AuthKeyAsciiStr  = NULL;
+  EncKeyAsciiStr   = NULL;
 
   //
   // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
@@ -375,9 +382,14 @@ DumpSadEntry (
 
   Print (L"%d.", (*EntryIndex)++);
   Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
-  Print (L"Destination:");
-  DumpIpAddress (&SaId->DestAddress);
-  Print (L"\n");
+  if (Data->Mode == EfiIPsecTunnel) {
+    Print (L"TunnelSourceAddress:");
+    DumpIpAddress (&Data->TunnelSourceAddress);
+    Print (L"\n");
+    Print (L"TunnelDestination:");
+    DumpIpAddress (&Data->TunnelDestinationAddress);
+    Print (L"\n");
+  }
 
   Print (
     L"  Mode:%s SeqNum:%lx AntiReplayWin:%d ",
@@ -418,15 +430,29 @@ DumpSadEntry (
       Data->AlgoInfo.AhAlgoInfo.AuthKey
       );
   } else {
-    String1 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
-    String2 = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+    AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
+    EncAlgoStr  = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
+
+    AuthKeyAsciiStr    = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1);
+    ASSERT (AuthKeyAsciiStr != NULL);
+    CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
+    AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0';
+
+    EncKeyAsciiStr  = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1);
+    ASSERT (EncKeyAsciiStr != NULL) ;
+    CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
+    EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0';
+
     Print (
-      L"  Auth:%s/%s Encrypt:%s/%s\n",
-      String1,
-      Data->AlgoInfo.EspAlgoInfo.AuthKey,
-      String2,
-      Data->AlgoInfo.EspAlgoInfo.EncKey
+      L"  Auth:%s/%a Encrypt:%s/%a\n",
+      AuthAlgoStr,      
+      AuthKeyAsciiStr,
+      EncAlgoStr,
+      EncKeyAsciiStr
       );
+ 
+    FreePool (AuthKeyAsciiStr);
+    FreePool (EncKeyAsciiStr);
   }
 
   if (Data->SpdSelector != NULL) {
diff --git a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
index 3554355bd7..1e63bc9622 100644
--- a/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
+++ b/NetworkPkg/Application/IpsecConfig/IpSecConfig.c
@@ -82,7 +82,8 @@ SHELL_PARAM_ITEM    mIpSecConfigParamList[] = {
   // --ipsec-proto
   //
   { L"--spi",                 TypeValue },
-  { L"--dest",                TypeValue },
+  { L"--tunnel-dest",         TypeValue },
+  { L"--tunnel-source",       TypeValue },
   { L"--lookup-spi",          TypeValue },
   { L"--lookup-ipsec-proto",  TypeValue },
   { L"--lookup-dest",         TypeValue },
@@ -292,7 +293,8 @@ VAR_CHECK_ITEM    mIpSecConfigVarCheckList[] = {
   // --ipsec-proto
   //
   { L"--spi",                0,              0,       BIT(1),               0 },
-  { L"--dest",               0,              0,       BIT(1),               0 },
+  { L"--tunnel-dest",        0,              0,       BIT(1),               0 },
+  { L"--tunnel-source",      0,              0,       BIT(1),               0 },
   { L"--lookup-spi",         0,              0,       BIT(1),               0 },
   { L"--lookup-ipsec-proto", 0,              0,       BIT(1),               0 },
   { L"--lookup-dest",        0,              0,       BIT(1),               0 },
@@ -548,7 +550,7 @@ IpSecConfigRetriveCheckListByName (
   for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {
     if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {
       //
-	  // Enumerate the check list that defines the conflicted attributes of each flag.
+      // Enumerate the check list that defines the conflicted attributes of each flag.
       //
       for (; Item->VarName != NULL; Item++) {
         if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {
diff --git a/NetworkPkg/Application/IpsecConfig/Match.c b/NetworkPkg/Application/IpsecConfig/Match.c
index d6595ee8b8..7ac1cb5c5a 100644
--- a/NetworkPkg/Application/IpsecConfig/Match.c
+++ b/NetworkPkg/Application/IpsecConfig/Match.c
@@ -91,7 +91,7 @@ MatchSpdEntry (
 BOOLEAN
 MatchSadEntry (
   IN EFI_IPSEC_SA_ID      *SaId,
-  IN EFI_IPSEC_SA_DATA    *Data,
+  IN EFI_IPSEC_SA_DATA2   *Data,
   IN SAD_ENTRY_INDEXER    *Indexer
   )
 {
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
index f128bee1ec..cc9f0b3121 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@@ -579,22 +579,22 @@ CreateSpdEntry (
 }
 
 /**
-  Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA through ParamPackage list.
+  Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 through ParamPackage list.
 
   @param[out] SaId            The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[out] Data            The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[out] Data            The pointer to the EFI_IPSEC_SA_DATA2 structure.
   @param[in]  ParamPackage    The pointer to the ParamPackage list.
   @param[out] Mask            The pointer to the Mask.
   @param[in]  CreateNew       The switch to create new.
 
-  @retval EFI_SUCCESS              Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA successfully.
+  @retval EFI_SUCCESS              Fill in EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 successfully.
   @retval EFI_INVALID_PARAMETER    Invalid user input parameter.
 
 **/
 EFI_STATUS
 CreateSadEntry (
   OUT EFI_IPSEC_SA_ID      **SaId,
-  OUT EFI_IPSEC_SA_DATA    **Data,
+  OUT EFI_IPSEC_SA_DATA2   **Data,
   IN  LIST_ENTRY           *ParamPackage,
   OUT UINT32               *Mask,
   IN  BOOLEAN              CreateNew
@@ -605,6 +605,7 @@ CreateSadEntry (
   UINTN           AuthKeyLength;
   UINTN           EncKeyLength;
   CONST CHAR16    *ValueStr;
+  CHAR8           *AsciiStr;
   UINTN           DataSize;
 
   Status        = EFI_SUCCESS;
@@ -649,45 +650,22 @@ CreateSadEntry (
   }
 
   //
-  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
-  //
-  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--dest");
-  if (ValueStr != NULL) {
-    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*SaId)->DestAddress);
-    if (EFI_ERROR (Status)) {
-      ShellPrintHiiEx (
-        -1,
-        -1,
-        NULL,
-        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
-        mHiiHandle,
-        mAppName,
-        L"--dest",
-        ValueStr
-        );
-      ReturnStatus = EFI_INVALID_PARAMETER;
-    } else {
-      *Mask |= DEST;
-    }
-  }
-
-  //
-  // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA.
+  // Convert user imput from string to integer, and fill in EFI_IPSEC_SA_DATA2.
   //
   ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
   if (ValueStr != NULL) {
-    AuthKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+    AuthKeyLength = StrLen (ValueStr);
   }
 
   ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
   if (ValueStr != NULL) {
-    EncKeyLength = (StrLen (ValueStr) + 1) * sizeof (CHAR16);
+    EncKeyLength = StrLen (ValueStr);
   }
 
   //
-  // EFI_IPSEC_SA_DATA:
+  // EFI_IPSEC_SA_DATA2:
   //   +------------
-  //   | EFI_IPSEC_SA_DATA
+  //   | EFI_IPSEC_SA_DATA2
   //   +-----------------------
   //   | AuthKey
   //   +-------------------------
@@ -697,7 +675,7 @@ CreateSadEntry (
   //
   // Notes: To make sure the address alignment add padding after each data if needed.
   //
-  DataSize  = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA));
+  DataSize  = ALIGN_VARIABLE (sizeof (EFI_IPSEC_SA_DATA2));
   DataSize  = ALIGN_VARIABLE (DataSize + AuthKeyLength);
   DataSize  = ALIGN_VARIABLE (DataSize + EncKeyLength);
   DataSize  = ALIGN_VARIABLE (DataSize + sizeof (EFI_IPSEC_SPD_SELECTOR));
@@ -805,7 +783,10 @@ CreateSadEntry (
   ValueStr = ShellCommandLineGetValue (ParamPackage, L"--encrypt-key");
   if (ValueStr != NULL ) {
     (*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
-    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, ValueStr, EncKeyLength);
+    AsciiStr = AllocateZeroPool (EncKeyLength + 1);
+    UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey,  AsciiStr, EncKeyLength);
+    FreePool (AsciiStr);
     *Mask |= ENCRYPT_KEY;
   } else {
     (*Data)->AlgoInfo.EspAlgoInfo.EncKey = NULL;
@@ -831,7 +812,10 @@ CreateSadEntry (
   ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-key");
   if (ValueStr != NULL) {
     (*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
-    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, ValueStr, AuthKeyLength);
+    AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
+    UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+    CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
+    FreePool (AsciiStr);
     *Mask |= AUTH_KEY;
   } else {
     (*Data)->AlgoInfo.EspAlgoInfo.AuthKey = NULL;
@@ -905,10 +889,55 @@ CreateSadEntry (
     ReturnStatus = EFI_INVALID_PARAMETER;
   }
 
+  //
+  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+  //
+  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-dest");
+  if (ValueStr != NULL) {
+    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelDestinationAddress);
+    if (EFI_ERROR (Status)) {
+      ShellPrintHiiEx (
+        -1,
+        -1,
+        NULL,
+        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+        mHiiHandle,
+        mAppName,
+        L"--tunnel-dest",
+        ValueStr
+        );
+      ReturnStatus = EFI_INVALID_PARAMETER;
+    } else {
+      *Mask |= DEST;
+    }
+  }
+
+  //
+  // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+  //
+  ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
+  if (ValueStr != NULL) {
+    Status = EfiInetAddr2 ((CHAR16 *) ValueStr, &(*Data)->TunnelSourceAddress);
+    if (EFI_ERROR (Status)) {
+      ShellPrintHiiEx (
+        -1,
+        -1,
+        NULL,
+        STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_PARAMETER_VALUE),
+        mHiiHandle,
+        mAppName,
+        L"--tunnel-source",
+        ValueStr
+        );
+      ReturnStatus = EFI_INVALID_PARAMETER;
+    } else {
+      *Mask |= SOURCE;
+    }
+  }
   ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
 
   if (CreateNew) {
-    if ((*Mask & (SPI | IPSEC_PROTO | DEST)) != (SPI | IPSEC_PROTO | DEST)) {
+    if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
       ShellPrintHiiEx (
         -1,
         -1,
@@ -1178,7 +1207,7 @@ CreatePadEntry (
         (*Data)->AuthData = NULL;
       } else {
         DataLength = AuthDataLength;
-        Status = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
+        Status     = ShellReadFile (FileHandle, &DataLength, (*Data)->AuthData);
         ShellCloseFile (&FileHandle);
         if (EFI_ERROR (Status)) {
           ShellPrintHiiEx (
@@ -1475,9 +1504,9 @@ CombineSpdEntry (
   Combine old SAD entry with new SAD entry.
 
   @param[in, out] OldSaId      The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in, out] OldData      The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in, out] OldData      The pointer to the EFI_IPSEC_SA_DATA2 structure.
   @param[in]      NewSaId      The pointer to the EFI_IPSEC_SA_ID structure.
-  @param[in]      NewData      The pointer to the EFI_IPSEC_SA_DATA structure.
+  @param[in]      NewData      The pointer to the EFI_IPSEC_SA_DATA2 structure.
   @param[in]      Mask         The pointer to the Mask.
   @param[out]     CreateNew    The switch to create new.
 
@@ -1488,9 +1517,9 @@ CombineSpdEntry (
 EFI_STATUS
 CombineSadEntry (
   IN OUT EFI_IPSEC_SA_ID      *OldSaId,
-  IN OUT EFI_IPSEC_SA_DATA    *OldData,
+  IN OUT EFI_IPSEC_SA_DATA2    *OldData,
   IN     EFI_IPSEC_SA_ID      *NewSaId,
-  IN     EFI_IPSEC_SA_DATA    *NewData,
+  IN     EFI_IPSEC_SA_DATA2    *NewData,
   IN     UINT32               Mask,
      OUT BOOLEAN              *CreateNew
   )
@@ -1511,11 +1540,16 @@ CombineSadEntry (
   }
 
   if ((Mask & DEST) == 0) {
-    CopyMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS));
-  } else if (CompareMem (&NewSaId->DestAddress, &OldSaId->DestAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+    CopyMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS));
+  } else if (CompareMem (&NewData->TunnelDestinationAddress, &OldData->TunnelDestinationAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
     *CreateNew = TRUE;
   }
 
+  if ((Mask & SOURCE) == 0) {
+    CopyMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS));
+  } else if (CompareMem (&NewData->TunnelSourceAddress, &OldData->TunnelSourceAddress, sizeof (EFI_IP_ADDRESS)) != 0) {
+    *CreateNew = TRUE;
+  }
   //
   // Process SA_DATA.
   //
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
index 5161bacccb..7ae00b2092 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.h
@@ -46,6 +46,7 @@
 #define AUTH_KEY           BIT(27)
 #define ENCRYPT_KEY        BIT(28)
 #define PATH_MTU           BIT(29)
+#define SOURCE             BIT(30)
 
 #define PEER_ID            BIT(0)
 #define PEER_ADDRESS       BIT(1)