2 The implementation of dump policy entry function in IpSecConfig application.
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include "IpSecConfig.h"
22 Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
24 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
26 @return the value of version.
30 IN EFI_IP_ADDRESS_INFO
*AddressInfo
33 if((AddressInfo
->PrefixLength
<= 32) && (AddressInfo
->Address
.Addr
[1] == 0) &&
34 (AddressInfo
->Address
.Addr
[2] == 0) && (AddressInfo
->Address
.Addr
[3] == 0)) {
42 Private function called to get the version information from a EFI_IP_ADDRESS structure.
44 @param[in] Address The pointer to the EFI_IP_ADDRESS structure.
46 @return The value of the version.
50 IN EFI_IP_ADDRESS
*Address
53 if ((Address
->Addr
[1] == 0) && (Address
->Addr
[2] == 0) && (Address
->Addr
[3] == 0)) {
61 Private function called to print an ASCII string in unicode char format.
63 @param[in] Str The pointer to the ASCII string.
64 @param[in] Length The value of the ASCII string length.
73 for (Index
= 0; Index
< Length
; Index
++) {
74 Print (L
"%c", (CHAR16
) Str
[Index
]);
79 Private function called to print EFI_IP_ADDRESS_INFO content.
81 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
85 IN EFI_IP_ADDRESS_INFO
*AddressInfo
88 if (IP_VERSION_4
== GetVerFromAddrInfo (AddressInfo
)) {
91 (UINTN
) AddressInfo
->Address
.v4
.Addr
[0],
92 (UINTN
) AddressInfo
->Address
.v4
.Addr
[1],
93 (UINTN
) AddressInfo
->Address
.v4
.Addr
[2],
94 (UINTN
) AddressInfo
->Address
.v4
.Addr
[3]
96 if (AddressInfo
->PrefixLength
!= 32) {
97 Print (L
"/%d", (UINTN
) AddressInfo
->PrefixLength
);
101 if (IP_VERSION_6
== GetVerFromAddrInfo (AddressInfo
)) {
103 L
"%x:%x:%x:%x:%x:%x:%x:%x",
104 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[0]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[1]),
105 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[2]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[3]),
106 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[4]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[5]),
107 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[6]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[7]),
108 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[8]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[9]),
109 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[10]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[11]),
110 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[12]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[13]),
111 (((UINT16
) AddressInfo
->Address
.v6
.Addr
[14]) << 8) | ((UINT16
) AddressInfo
->Address
.v6
.Addr
[15])
113 if (AddressInfo
->PrefixLength
!= 128) {
114 Print (L
"/%d", AddressInfo
->PrefixLength
);
120 Private function called to print EFI_IP_ADDRESS content.
122 @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
126 IN EFI_IP_ADDRESS
*IpAddress
129 if (IP_VERSION_4
== GetVerFromIpAddr (IpAddress
)) {
132 (UINTN
) IpAddress
->v4
.Addr
[0],
133 (UINTN
) IpAddress
->v4
.Addr
[1],
134 (UINTN
) IpAddress
->v4
.Addr
[2],
135 (UINTN
) IpAddress
->v4
.Addr
[3]
139 if (IP_VERSION_6
== GetVerFromIpAddr (IpAddress
)) {
141 L
"%x:%x:%x:%x:%x:%x:%x:%x",
142 (((UINT16
) IpAddress
->v6
.Addr
[0]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[1]),
143 (((UINT16
) IpAddress
->v6
.Addr
[2]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[3]),
144 (((UINT16
) IpAddress
->v6
.Addr
[4]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[5]),
145 (((UINT16
) IpAddress
->v6
.Addr
[6]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[7]),
146 (((UINT16
) IpAddress
->v6
.Addr
[8]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[9]),
147 (((UINT16
) IpAddress
->v6
.Addr
[10]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[11]),
148 (((UINT16
) IpAddress
->v6
.Addr
[12]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[13]),
149 (((UINT16
) IpAddress
->v6
.Addr
[14]) << 8) | ((UINT16
) IpAddress
->v6
.Addr
[15])
156 Private function called to print EFI_IPSEC_SPD_SELECTOR content.
158 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
162 IN EFI_IPSEC_SPD_SELECTOR
*Selector
168 for (Index
= 0; Index
< Selector
->LocalAddressCount
; Index
++) {
173 DumpAddressInfo (&Selector
->LocalAddress
[Index
]);
177 Print (L
"localhost");
182 for (Index
= 0; Index
< Selector
->RemoteAddressCount
; Index
++) {
187 DumpAddressInfo (&Selector
->RemoteAddress
[Index
]);
190 Str
= MapIntegerToString (Selector
->NextLayerProtocol
, mMapIpProtocol
);
194 Print (L
" proto:%d", (UINTN
) Selector
->NextLayerProtocol
);
197 if ((Selector
->NextLayerProtocol
== EFI_IP4_PROTO_TCP
) || (Selector
->NextLayerProtocol
== EFI_IP4_PROTO_UDP
)) {
199 if (Selector
->LocalPort
!= EFI_IPSEC_ANY_PORT
) {
200 Print (L
"%d", Selector
->LocalPort
);
201 if (Selector
->LocalPortRange
!= 0) {
202 Print (L
"~%d", (UINTN
) Selector
->LocalPort
+ Selector
->LocalPortRange
);
209 if (Selector
->RemotePort
!= EFI_IPSEC_ANY_PORT
) {
210 Print (L
"%d", Selector
->RemotePort
);
211 if (Selector
->RemotePortRange
!= 0) {
212 Print (L
"~%d", (UINTN
) Selector
->RemotePort
+ Selector
->RemotePortRange
);
217 } else if (Selector
->NextLayerProtocol
== EFI_IP4_PROTO_ICMP
) {
218 Print (L
" class/code:");
219 if (Selector
->LocalPort
!= 0) {
220 Print (L
"%d", (UINTN
) (UINT8
) Selector
->LocalPort
);
226 if (Selector
->RemotePort
!= 0) {
227 Print (L
"%d", (UINTN
) (UINT8
) Selector
->RemotePort
);
235 Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
237 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
238 @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
239 @param[in] EntryIndex The pointer to the Index in SPD Database.
241 @retval EFI_SUCCESS Dump SPD information successfully.
245 IN EFI_IPSEC_SPD_SELECTOR
*Selector
,
246 IN EFI_IPSEC_SPD_DATA
*Data
,
251 CHAR16 DataName
[128];
257 Print (L
"%d.", (*EntryIndex
)++);
260 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
261 // Protect PF:0x34323423 Name:First Entry
262 // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
263 // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
266 DumpSpdSelector (Selector
);
269 Print (L
"%s ", MapIntegerToString (Data
->Action
, mMapIpSecAction
));
270 Print (L
"PF:%08x ", Data
->PackageFlag
);
273 while (Data
->Name
[Index
] != 0) {
274 DataName
[Index
] = (CHAR16
) Data
->Name
[Index
];
276 ASSERT (Index
< 128);
278 DataName
[Index
] = L
'\0';
280 Print (L
"Name:%s", DataName
);
282 if (Data
->Action
== EfiIPsecActionProtect
) {
284 if (Data
->ProcessingPolicy
->ExtSeqNum
) {
285 Print (L
"ext-sequence ");
288 if (Data
->ProcessingPolicy
->SeqOverflow
) {
289 Print (L
"sequence-overflow ");
292 if (Data
->ProcessingPolicy
->FragCheck
) {
293 Print (L
"fragment-check ");
297 if (Data
->ProcessingPolicy
->SaLifetime
.ByteCount
!= 0) {
298 Print (HasPre
? L
"," : L
"life:[");
299 Print (L
"%lxB", Data
->ProcessingPolicy
->SaLifetime
.ByteCount
);
303 if (Data
->ProcessingPolicy
->SaLifetime
.SoftLifetime
!= 0) {
304 Print (HasPre
? L
"," : L
"life:[");
305 Print (L
"%lxs", Data
->ProcessingPolicy
->SaLifetime
.SoftLifetime
);
309 if (Data
->ProcessingPolicy
->SaLifetime
.HardLifetime
!= 0) {
310 Print (HasPre
? L
"," : L
"life:[");
311 Print (L
"%lxS", Data
->ProcessingPolicy
->SaLifetime
.HardLifetime
);
319 if (HasPre
|| Data
->ProcessingPolicy
->ExtSeqNum
||
320 Data
->ProcessingPolicy
->SeqOverflow
|| Data
->ProcessingPolicy
->FragCheck
) {
324 String1
= MapIntegerToString (Data
->ProcessingPolicy
->Proto
, mMapIpSecProtocol
);
325 String2
= MapIntegerToString (Data
->ProcessingPolicy
->AuthAlgoId
, mMapAuthAlgo
);
326 String3
= MapIntegerToString (Data
->ProcessingPolicy
->EncAlgoId
, mMapEncAlgo
);
328 L
"%s Auth:%s Encrypt:%s ",
334 Print (L
"%s ", MapIntegerToString (Data
->ProcessingPolicy
->Mode
, mMapIpSecMode
));
335 if (Data
->ProcessingPolicy
->Mode
== EfiIPsecTunnel
) {
337 DumpIpAddress (&Data
->ProcessingPolicy
->TunnelOption
->LocalTunnelAddress
);
339 DumpIpAddress (&Data
->ProcessingPolicy
->TunnelOption
->RemoteTunnelAddress
);
340 Print (L
" %s]", MapIntegerToString (Data
->ProcessingPolicy
->TunnelOption
->DF
, mMapDfOption
));
350 Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
352 @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
353 @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
354 @param[in] EntryIndex The pointer to the Index in the SAD Database.
356 @retval EFI_SUCCESS Dump SAD information successfully.
360 IN EFI_IPSEC_SA_ID
*SaId
,
361 IN EFI_IPSEC_SA_DATA2
*Data
,
368 CHAR8
*AuthKeyAsciiStr
;
369 CHAR8
*EncKeyAsciiStr
;
373 AuthKeyAsciiStr
= NULL
;
374 EncKeyAsciiStr
= NULL
;
377 // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
378 // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
379 // Auth:xxxx/password Encrypt:yyyy/password
380 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
383 Print (L
"%d.", (*EntryIndex
)++);
384 Print (L
"0x%x %s ", (UINTN
) SaId
->Spi
, MapIntegerToString (SaId
->Proto
, mMapIpSecProtocol
));
385 if (Data
->Mode
== EfiIPsecTunnel
) {
386 Print (L
"TunnelSourceAddress:");
387 DumpIpAddress (&Data
->TunnelSourceAddress
);
389 Print (L
"TunnelDestination:");
390 DumpIpAddress (&Data
->TunnelDestinationAddress
);
395 L
" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
396 MapIntegerToString (Data
->Mode
, mMapIpSecMode
),
398 (UINTN
) Data
->AntiReplayWindows
402 if (Data
->SaLifetime
.ByteCount
!= 0) {
403 Print (HasPre
? L
"," : L
"life:[");
404 Print (L
"%lxB", Data
->SaLifetime
.ByteCount
);
408 if (Data
->SaLifetime
.SoftLifetime
!= 0) {
409 Print (HasPre
? L
"," : L
"life:[");
410 Print (L
"%lxs", Data
->SaLifetime
.SoftLifetime
);
414 if (Data
->SaLifetime
.HardLifetime
!= 0) {
415 Print (HasPre
? L
"," : L
"life:[");
416 Print (L
"%lxS", Data
->SaLifetime
.HardLifetime
);
424 Print (L
"PathMTU:%d\n", (UINTN
) Data
->PathMTU
);
426 if (SaId
->Proto
== EfiIPsecAH
) {
429 MapIntegerToString (Data
->AlgoInfo
.AhAlgoInfo
.AuthAlgoId
, mMapAuthAlgo
),
430 Data
->AlgoInfo
.AhAlgoInfo
.AuthKey
433 AuthAlgoStr
= MapIntegerToString (Data
->AlgoInfo
.EspAlgoInfo
.AuthAlgoId
, mMapAuthAlgo
);
434 EncAlgoStr
= MapIntegerToString (Data
->AlgoInfo
.EspAlgoInfo
.EncAlgoId
, mMapEncAlgo
);
436 AuthKeyAsciiStr
= AllocateZeroPool (Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
+ 1);
437 ASSERT (AuthKeyAsciiStr
!= NULL
);
438 CopyMem (AuthKeyAsciiStr
, Data
->AlgoInfo
.EspAlgoInfo
.AuthKey
, Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
);
439 AuthKeyAsciiStr
[Data
->AlgoInfo
.EspAlgoInfo
.AuthKeyLength
] = '\0';
441 EncKeyAsciiStr
= AllocateZeroPool (Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
+ 1);
442 ASSERT (EncKeyAsciiStr
!= NULL
) ;
443 CopyMem (EncKeyAsciiStr
, Data
->AlgoInfo
.EspAlgoInfo
.EncKey
, Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
);
444 EncKeyAsciiStr
[Data
->AlgoInfo
.EspAlgoInfo
.EncKeyLength
] = '\0';
447 L
" Auth:%s/%a Encrypt:%s/%a\n",
454 FreePool (AuthKeyAsciiStr
);
455 FreePool (EncKeyAsciiStr
);
458 if (Data
->SpdSelector
!= NULL
) {
460 DumpSpdSelector (Data
->SpdSelector
);
468 Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
470 @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
471 @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
472 @param[in] EntryIndex The pointer to the Index in the PAD Database.
474 @retval EFI_SUCCESS Dump PAD information successfully.
478 IN EFI_IPSEC_PAD_ID
*PadId
,
479 IN EFI_IPSEC_PAD_DATA
*Data
,
487 // ADDR:10.23.17.34/15
488 // IDEv1 PreSharedSecret IKE-ID
492 Print (L
"%d.", (*EntryIndex
)++);
494 if (PadId
->PeerIdValid
) {
495 Print (L
"ID:%s", PadId
->Id
.PeerId
);
498 DumpAddressInfo (&PadId
->Id
.IpAddress
);
503 String1
= MapIntegerToString (Data
->AuthProtocol
, mMapAuthProto
);
504 String2
= MapIntegerToString (Data
->AuthMethod
, mMapAuthMethod
);
511 if (Data
->IkeIdFlag
) {
517 if (Data
->AuthData
!= NULL
) {
518 DumpAsciiString (Data
->AuthData
, Data
->AuthDataSize
);
522 if (Data
->RevocationData
!= NULL
) {
523 Print (L
" %s\n", Data
->RevocationData
);
530 VISIT_POLICY_ENTRY mDumpPolicyEntry
[] = {
531 (VISIT_POLICY_ENTRY
) DumpSpdEntry
,
532 (VISIT_POLICY_ENTRY
) DumpSadEntry
,
533 (VISIT_POLICY_ENTRY
) DumpPadEntry
537 Print all entry information in the database according to datatype.
539 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
540 @param[in] ParamPackage The pointer to the ParamPackage list.
542 @retval EFI_SUCCESS Dump all information successfully.
543 @retval Others Some mistaken case.
547 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType
,
548 IN LIST_ENTRY
*ParamPackage
554 return ForeachPolicyEntry (DataType
, mDumpPolicyEntry
[DataType
], &EntryIndex
);