]>
Commit | Line | Data |
---|---|---|
a3bcde70 | 1 | /** @file\r |
9166f840 | 2 | The Interfaces of IPsec debug information printing.\r |
a3bcde70 | 3 | \r |
f75a7f56 | 4 | Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r |
a3bcde70 | 5 | \r |
ecf98fbc | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
a3bcde70 HT |
7 | \r |
8 | **/\r | |
9 | \r | |
10 | #include "IpSecImpl.h"\r | |
11 | #include "IpSecDebug.h"\r | |
12 | \r | |
13 | //\r | |
14 | // The print title for IKEv1 variety phase.\r | |
15 | //\r | |
1a6fdcb0 | 16 | CHAR8 *mIkev1StateStr[IKE_STATE_NUM] = {\r |
a3bcde70 HT |
17 | "IKEv1_MAIN_1",\r |
18 | "IKEv1_MAIN_2",\r | |
19 | "IKEv1_MAIN_3",\r | |
20 | "IKEv1_MAIN_ESTABLISHED",\r | |
21 | "IKEv1_QUICK_1",\r | |
22 | "IKEv1_QUICK_2",\r | |
23 | "IKEv1_QUICK_ESTABLISHED"\r | |
24 | };\r | |
9166f840 | 25 | \r |
26 | //\r | |
27 | // The print title for IKEv2 variety phase.\r | |
28 | //\r | |
1a6fdcb0 | 29 | CHAR8 *mIkev2StateStr[IKE_STATE_NUM] = {\r |
9166f840 | 30 | "IKEv2_STATE_INIT",\r |
31 | "IKEv2_STATE_AUTH",\r | |
32 | "IKEv2_STATE_SA_ESTABLISH",\r | |
33 | "IKEv2_STATE_CREATE_CHILD",\r | |
34 | "IKEv2_STATE_SA_REKEYING",\r | |
35 | "IKEv2_STATE_CHILD_SA_ESTABLISHED",\r | |
36 | "IKEv2_STATE_SA_DELETING"\r | |
37 | };\r | |
38 | \r | |
a3bcde70 HT |
39 | //\r |
40 | // The print title for IKEv1 variety Exchagne.\r | |
41 | //\r | |
42 | CHAR8 *mExchangeStr[] = {\r | |
43 | "IKEv1 Main Exchange",\r | |
44 | "IKEv1 Info Exchange",\r | |
45 | "IKEv1 Quick Exchange",\r | |
9166f840 | 46 | "IKEv2 Initial Exchange",\r |
47 | "IKEv2 Auth Exchange",\r | |
48 | "IKEv2 Create Child Exchange",\r | |
49 | "IKEv2 Info Exchange",\r | |
50 | "IKE Unknow Exchange"\r | |
a3bcde70 HT |
51 | };\r |
52 | \r | |
53 | //\r | |
54 | // The print title for IKEv1 variety Payload.\r | |
55 | //\r | |
9166f840 | 56 | CHAR8 *mIkev1PayloadStr[] = {\r |
a3bcde70 HT |
57 | "IKEv1 None Payload",\r |
58 | "IKEv1 SA Payload",\r | |
59 | "IKEv1 Proposal Payload",\r | |
60 | "IKEv1 Transform Payload",\r | |
61 | "IKEv1 KE Payload",\r | |
62 | "IKEv1 ID Payload",\r | |
63 | "IKEv1 Certificate Payload",\r | |
64 | "IKEv1 Certificate Request Payload",\r | |
65 | "IKEv1 Hash Payload",\r | |
66 | "IKEv1 Signature Payload",\r | |
67 | "IKEv1 Nonce Payload",\r | |
68 | "IKEv1 Notify Payload",\r | |
69 | "IKEv1 Delete Payload",\r | |
70 | "IKEv1 Vendor Payload"\r | |
71 | };\r | |
72 | \r | |
9166f840 | 73 | //\r |
74 | // The print title for IKEv2 variety Payload.\r | |
75 | //\r | |
76 | CHAR8* mIkev2PayloadStr[] = {\r | |
77 | "IKEv2 SA Payload",\r | |
78 | "IKEv2 Key Payload",\r | |
79 | "IKEv2 Identity Initial Payload",\r | |
80 | "IKEv2 Identity Respond Payload",\r | |
81 | "IKEv2 Certificate Payload",\r | |
82 | "IKEv2 Certificate Request Payload",\r | |
83 | "IKEv2 Auth Payload",\r | |
84 | "IKEv2 Nonce Payload",\r | |
85 | "IKEv2 Notify Payload",\r | |
86 | "IKEv2 Delet Payload",\r | |
87 | "IKEv2 Vendor Payload",\r | |
88 | "IKEv2 Traffic Selector Initiator Payload",\r | |
89 | "IKEv2 Traffic Selector Respond Payload",\r | |
90 | "IKEv2 Encrypt Payload",\r | |
91 | "IKEv2 Configuration Payload",\r | |
92 | "IKEv2 Extensible Authentication Payload"\r | |
93 | };\r | |
94 | \r | |
a3bcde70 HT |
95 | /**\r |
96 | Print the IP address.\r | |
97 | \r | |
98 | @param[in] Level Debug print error level. Pass to DEBUG().\r | |
99 | @param[in] Ip Point to a specified IP address.\r | |
100 | @param[in] IpVersion The IP Version.\r | |
101 | \r | |
102 | **/\r | |
103 | VOID\r | |
104 | IpSecDumpAddress (\r | |
105 | IN UINTN Level,\r | |
106 | IN EFI_IP_ADDRESS *Ip,\r | |
107 | IN UINT8 IpVersion\r | |
108 | )\r | |
109 | {\r | |
110 | if (IpVersion == IP_VERSION_6) {\r | |
111 | DEBUG (\r | |
112 | (Level,\r | |
113 | "%x%x:%x%x:%x%x:%x%x",\r | |
114 | Ip->v6.Addr[0],\r | |
115 | Ip->v6.Addr[1],\r | |
116 | Ip->v6.Addr[2],\r | |
117 | Ip->v6.Addr[3],\r | |
118 | Ip->v6.Addr[4],\r | |
119 | Ip->v6.Addr[5],\r | |
120 | Ip->v6.Addr[6],\r | |
121 | Ip->v6.Addr[7])\r | |
122 | );\r | |
123 | DEBUG (\r | |
124 | (Level,\r | |
125 | ":%x%x:%x%x:%x%x:%x%x\n",\r | |
126 | Ip->v6.Addr[8],\r | |
127 | Ip->v6.Addr[9],\r | |
128 | Ip->v6.Addr[10],\r | |
129 | Ip->v6.Addr[11],\r | |
130 | Ip->v6.Addr[12],\r | |
131 | Ip->v6.Addr[13],\r | |
132 | Ip->v6.Addr[14],\r | |
133 | Ip->v6.Addr[15])\r | |
134 | );\r | |
135 | } else {\r | |
136 | DEBUG (\r | |
137 | (Level,\r | |
138 | "%d.%d.%d.%d\n",\r | |
139 | Ip->v4.Addr[0],\r | |
140 | Ip->v4.Addr[1],\r | |
141 | Ip->v4.Addr[2],\r | |
142 | Ip->v4.Addr[3])\r | |
143 | );\r | |
144 | }\r | |
145 | \r | |
146 | }\r | |
147 | \r | |
148 | /**\r | |
9166f840 | 149 | Print IKE Current states.\r |
a3bcde70 | 150 | \r |
9166f840 | 151 | @param[in] Previous The Previous state of IKE.\r |
152 | @param[in] Current The current state of IKE.\r | |
153 | @param[in] IkeVersion The version of IKE.\r | |
a3bcde70 HT |
154 | \r |
155 | **/\r | |
156 | VOID\r | |
9166f840 | 157 | IkeDumpState (\r |
a3bcde70 | 158 | IN UINT32 Previous,\r |
9166f840 | 159 | IN UINT32 Current,\r |
160 | IN UINT8 IkeVersion\r | |
a3bcde70 HT |
161 | )\r |
162 | {\r | |
1a6fdcb0 | 163 | if (Previous >= IKE_STATE_NUM || Current >= IKE_STATE_NUM) {\r |
f75a7f56 | 164 | return;\r |
1a6fdcb0 | 165 | }\r |
f75a7f56 | 166 | \r |
a3bcde70 | 167 | if (Previous == Current) {\r |
9166f840 | 168 | if (IkeVersion == 1) {\r |
169 | DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev1StateStr[Previous]));\r | |
170 | } else if (IkeVersion == 2) {\r | |
171 | DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev2StateStr[Previous]));\r | |
f75a7f56 | 172 | }\r |
9166f840 | 173 | } else {\r |
174 | if (IkeVersion == 1) {\r | |
175 | DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev1StateStr[Previous], mIkev1StateStr[Current]));\r | |
176 | } else {\r | |
177 | DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev2StateStr[Previous], mIkev2StateStr[Current]));\r | |
f75a7f56 | 178 | }\r |
9166f840 | 179 | }\r |
9166f840 | 180 | }\r |
181 | \r | |
182 | /**\r | |
183 | Print the IKE Packet.\r | |
184 | \r | |
185 | @param[in] Packet Point to IKE packet to be printed.\r | |
186 | @param[in] Direction Point to the IKE packet is inbound or outbound.\r | |
187 | @param[in] IpVersion Specified IP Version.\r | |
188 | \r | |
189 | **/\r | |
190 | VOID\r | |
191 | IpSecDumpPacket (\r | |
192 | IN IKE_PACKET *Packet,\r | |
193 | IN EFI_IPSEC_TRAFFIC_DIR Direction,\r | |
194 | IN UINT8 IpVersion\r | |
195 | )\r | |
196 | {\r | |
197 | CHAR8 *TypeStr;\r | |
198 | UINTN PacketSize;\r | |
199 | UINT64 InitCookie;\r | |
200 | UINT64 RespCookie;\r | |
201 | \r | |
202 | ASSERT (Packet != NULL);\r | |
203 | \r | |
204 | PacketSize = Packet->PayloadTotalSize + sizeof (IKE_HEADER);\r | |
205 | InitCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->InitiatorCookie) : Packet->Header->InitiatorCookie;\r | |
206 | RespCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->ResponderCookie) : Packet->Header->ResponderCookie;\r | |
207 | \r | |
208 | switch (Packet->Header->ExchangeType) {\r | |
209 | case IKE_XCG_TYPE_IDENTITY_PROTECT:\r | |
210 | TypeStr = mExchangeStr[0];\r | |
211 | break;\r | |
212 | \r | |
213 | case IKE_XCG_TYPE_INFO:\r | |
214 | TypeStr = mExchangeStr[1];\r | |
215 | break;\r | |
216 | \r | |
217 | case IKE_XCG_TYPE_QM:\r | |
218 | TypeStr = mExchangeStr[2];\r | |
219 | break;\r | |
f75a7f56 | 220 | \r |
9166f840 | 221 | case IKE_XCG_TYPE_SA_INIT:\r |
222 | TypeStr = mExchangeStr[3];\r | |
223 | break;\r | |
224 | \r | |
225 | case IKE_XCG_TYPE_AUTH:\r | |
226 | TypeStr = mExchangeStr[4];\r | |
227 | break;\r | |
228 | \r | |
229 | case IKE_XCG_TYPE_CREATE_CHILD_SA:\r | |
230 | TypeStr = mExchangeStr[5];\r | |
231 | break;\r | |
232 | \r | |
233 | case IKE_XCG_TYPE_INFO2:\r | |
234 | TypeStr = mExchangeStr[6];\r | |
235 | break;\r | |
f75a7f56 | 236 | \r |
9166f840 | 237 | default:\r |
238 | TypeStr = mExchangeStr[7];\r | |
239 | break;\r | |
240 | }\r | |
241 | \r | |
242 | if (Direction == EfiIPsecOutBound) {\r | |
243 | DEBUG ((DEBUG_INFO, "\n>>>Sending %d bytes %a to ", PacketSize, TypeStr));\r | |
a3bcde70 | 244 | } else {\r |
9166f840 | 245 | DEBUG ((DEBUG_INFO, "\n>>>Receiving %d bytes %a from ", PacketSize, TypeStr));\r |
a3bcde70 HT |
246 | }\r |
247 | \r | |
9166f840 | 248 | IpSecDumpAddress (DEBUG_INFO, &Packet->RemotePeerIp, IpVersion);\r |
249 | \r | |
250 | DEBUG ((DEBUG_INFO, " InitiatorCookie:0x%lx ResponderCookie:0x%lx\n", InitCookie, RespCookie));\r | |
251 | DEBUG (\r | |
252 | (DEBUG_INFO,\r | |
253 | " Version: 0x%x Flags:0x%x ExchangeType:0x%x\n",\r | |
254 | Packet->Header->Version,\r | |
255 | Packet->Header->Flags,\r | |
256 | Packet->Header->ExchangeType)\r | |
257 | );\r | |
258 | DEBUG (\r | |
259 | (DEBUG_INFO,\r | |
260 | " MessageId:0x%x NextPayload:0x%x\n",\r | |
261 | Packet->Header->MessageId,\r | |
262 | Packet->Header->NextPayload)\r | |
263 | );\r | |
264 | \r | |
265 | }\r | |
266 | \r | |
267 | /**\r | |
268 | Print the IKE Paylolad.\r | |
269 | \r | |
270 | @param[in] IkePayload Point to payload to be printed.\r | |
271 | @param[in] IkeVersion The specified version of IKE.\r | |
f75a7f56 | 272 | \r |
9166f840 | 273 | **/\r |
274 | VOID\r | |
275 | IpSecDumpPayload (\r | |
276 | IN IKE_PAYLOAD *IkePayload,\r | |
277 | IN UINT8 IkeVersion\r | |
278 | )\r | |
279 | {\r | |
280 | if (IkeVersion == 1) {\r | |
281 | DEBUG ((DEBUG_INFO, "+%a\n", mIkev1PayloadStr[IkePayload->PayloadType]));\r | |
282 | } else {\r | |
283 | //\r | |
284 | // For IKEV2 the first Payload type is started from 33.\r | |
285 | //\r | |
286 | DEBUG ((DEBUG_INFO, "+%a\n", mIkev2PayloadStr[IkePayload->PayloadType - 33]));\r | |
287 | }\r | |
288 | IpSecDumpBuf ("Payload data", IkePayload->PayloadBuf, IkePayload->PayloadSize);\r | |
a3bcde70 HT |
289 | }\r |
290 | \r | |
291 | /**\r | |
292 | Print the buffer in form of Hex.\r | |
293 | \r | |
294 | @param[in] Title The strings to be printed before the data of the buffer.\r | |
295 | @param[in] Data Points to buffer to be printed.\r | |
296 | @param[in] DataSize The size of the buffer to be printed.\r | |
297 | \r | |
298 | **/\r | |
299 | VOID\r | |
300 | IpSecDumpBuf (\r | |
301 | IN CHAR8 *Title,\r | |
302 | IN UINT8 *Data,\r | |
303 | IN UINTN DataSize\r | |
304 | )\r | |
305 | {\r | |
306 | UINTN Index;\r | |
307 | UINTN DataIndex;\r | |
308 | UINTN BytesRemaining;\r | |
309 | UINTN BytesToPrint;\r | |
310 | \r | |
311 | DataIndex = 0;\r | |
312 | BytesRemaining = DataSize;\r | |
313 | \r | |
314 | DEBUG ((DEBUG_INFO, "==%a %d bytes==\n", Title, DataSize));\r | |
315 | \r | |
316 | while (BytesRemaining > 0) {\r | |
317 | \r | |
318 | BytesToPrint = (BytesRemaining > IPSEC_DEBUG_BYTE_PER_LINE) ? IPSEC_DEBUG_BYTE_PER_LINE : BytesRemaining;\r | |
319 | \r | |
320 | for (Index = 0; Index < BytesToPrint; Index++) {\r | |
321 | DEBUG ((DEBUG_INFO, " 0x%02x,", Data[DataIndex++]));\r | |
322 | }\r | |
323 | \r | |
324 | DEBUG ((DEBUG_INFO, "\n"));\r | |
325 | BytesRemaining -= BytesToPrint;\r | |
326 | }\r | |
327 | \r | |
328 | }\r |