diff --git a/NetworkPkg/Application/IpsecConfig/Dump.c b/NetworkPkg/Application/IpsecConfig/Dump.c index 72d3bc5955..1a82a63df3 100644 --- a/NetworkPkg/Application/IpsecConfig/Dump.c +++ b/NetworkPkg/Application/IpsecConfig/Dump.c @@ -92,7 +92,7 @@ DumpBuf ( { UINTN Index; for (Index = 0; Index < Length; Index++) { - Print (L"%02x ", Data[Index]); + Print (L"%02x ", Data[Index]); } } @@ -457,12 +457,12 @@ DumpSadEntry ( // Print (L" Auth:%s/",AuthAlgoStr); DumpAsciiString ( - Data->AlgoInfo.EspAlgoInfo.AuthKey, + Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength ); Print (L"\n Encrypt:%s/",EncAlgoStr); DumpAsciiString ( - Data->AlgoInfo.EspAlgoInfo.EncKey, + Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength ); } else { @@ -472,13 +472,14 @@ DumpSadEntry ( // Print (L" Auth:%s/",AuthAlgoStr); DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength); - + Print (L"\n Encrypt:%s/",EncAlgoStr); - DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength); + DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength); } } + Print (L"\n"); if (Data->SpdSelector != NULL) { - Print (L"\n "); + Print (L" "); DumpSpdSelector (Data->SpdSelector); Print (L"\n"); } diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c index d8330bcce0..67209f6247 100644 --- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c +++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c @@ -913,7 +913,7 @@ CreateSadEntry ( } // - // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. + // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID. // ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source"); if (ValueStr != NULL) { @@ -934,10 +934,12 @@ CreateSadEntry ( *Mask |= SOURCE; } } - ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask); - if (CreateNew) { - if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) { + // + // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set + // + if ((*Data)->Mode == EfiIPsecTunnel) { + if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) { ShellPrintHiiEx ( -1, -1, @@ -945,7 +947,23 @@ CreateSadEntry ( STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS), mHiiHandle, mAppName, - L"--spi --ipsec-proto --dest" + L"--tunnel-source --tunnel-dest" + ); + ReturnStatus = EFI_INVALID_PARAMETER; + } + } + ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask); + + if (CreateNew) { + if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS), + mHiiHandle, + mAppName, + L"--spi --ipsec-proto --local --remote" ); ReturnStatus = EFI_INVALID_PARAMETER; } else { @@ -974,7 +992,7 @@ CreateSadEntry ( ReturnStatus = EFI_INVALID_PARAMETER; } } else { - if ((*Mask & ENCRYPT_ALGO) == 0) { + if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) { ShellPrintHiiEx ( -1, -1, @@ -982,7 +1000,7 @@ CreateSadEntry ( STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER), mHiiHandle, mAppName, - L"--encrypt-algo" + L"--encrypt-algo --auth-algo" ); ReturnStatus = EFI_INVALID_PARAMETER; } else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) { @@ -996,6 +1014,17 @@ CreateSadEntry ( L"--encrypt-key" ); ReturnStatus = EFI_INVALID_PARAMETER; + } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) { + ShellPrintHiiEx ( + -1, + -1, + NULL, + STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER), + mHiiHandle, + mAppName, + L"--auth-key" + ); + ReturnStatus = EFI_INVALID_PARAMETER; } } }